xref: /linux/net/wireless/nl80211.c (revision 10a708c24a31ae1be1ea23d1c38da2691d1fd65c) 
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * This is the new netlink-based wireless configuration interface.
4  *
5  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
6  * Copyright 2013-2014  Intel Mobile Communications GmbH
7  * Copyright 2015-2017	Intel Deutschland GmbH
8  * Copyright (C) 2018-2019 Intel Corporation
9  */
10 
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <net/net_namespace.h>
24 #include <net/genetlink.h>
25 #include <net/cfg80211.h>
26 #include <net/sock.h>
27 #include <net/inet_connection_sock.h>
28 #include "core.h"
29 #include "nl80211.h"
30 #include "reg.h"
31 #include "rdev-ops.h"
32 
33 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
34 				   struct genl_info *info,
35 				   struct cfg80211_crypto_settings *settings,
36 				   int cipher_limit);
37 
38 /* the netlink family */
39 static struct genl_family nl80211_fam;
40 
41 /* multicast groups */
42 enum nl80211_multicast_groups {
43 	NL80211_MCGRP_CONFIG,
44 	NL80211_MCGRP_SCAN,
45 	NL80211_MCGRP_REGULATORY,
46 	NL80211_MCGRP_MLME,
47 	NL80211_MCGRP_VENDOR,
48 	NL80211_MCGRP_NAN,
49 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
50 };
51 
52 static const struct genl_multicast_group nl80211_mcgrps[] = {
53 	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
54 	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
55 	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
56 	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
57 	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
58 	[NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
59 #ifdef CONFIG_NL80211_TESTMODE
60 	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
61 #endif
62 };
63 
64 /* returns ERR_PTR values */
65 static struct wireless_dev *
66 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
67 {
68 	struct cfg80211_registered_device *rdev;
69 	struct wireless_dev *result = NULL;
70 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
71 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
72 	u64 wdev_id;
73 	int wiphy_idx = -1;
74 	int ifidx = -1;
75 
76 	ASSERT_RTNL();
77 
78 	if (!have_ifidx && !have_wdev_id)
79 		return ERR_PTR(-EINVAL);
80 
81 	if (have_ifidx)
82 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
83 	if (have_wdev_id) {
84 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
85 		wiphy_idx = wdev_id >> 32;
86 	}
87 
88 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
89 		struct wireless_dev *wdev;
90 
91 		if (wiphy_net(&rdev->wiphy) != netns)
92 			continue;
93 
94 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
95 			continue;
96 
97 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
98 			if (have_ifidx && wdev->netdev &&
99 			    wdev->netdev->ifindex == ifidx) {
100 				result = wdev;
101 				break;
102 			}
103 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
104 				result = wdev;
105 				break;
106 			}
107 		}
108 
109 		if (result)
110 			break;
111 	}
112 
113 	if (result)
114 		return result;
115 	return ERR_PTR(-ENODEV);
116 }
117 
118 static struct cfg80211_registered_device *
119 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
120 {
121 	struct cfg80211_registered_device *rdev = NULL, *tmp;
122 	struct net_device *netdev;
123 
124 	ASSERT_RTNL();
125 
126 	if (!attrs[NL80211_ATTR_WIPHY] &&
127 	    !attrs[NL80211_ATTR_IFINDEX] &&
128 	    !attrs[NL80211_ATTR_WDEV])
129 		return ERR_PTR(-EINVAL);
130 
131 	if (attrs[NL80211_ATTR_WIPHY])
132 		rdev = cfg80211_rdev_by_wiphy_idx(
133 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
134 
135 	if (attrs[NL80211_ATTR_WDEV]) {
136 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
137 		struct wireless_dev *wdev;
138 		bool found = false;
139 
140 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
141 		if (tmp) {
142 			/* make sure wdev exists */
143 			list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
144 				if (wdev->identifier != (u32)wdev_id)
145 					continue;
146 				found = true;
147 				break;
148 			}
149 
150 			if (!found)
151 				tmp = NULL;
152 
153 			if (rdev && tmp != rdev)
154 				return ERR_PTR(-EINVAL);
155 			rdev = tmp;
156 		}
157 	}
158 
159 	if (attrs[NL80211_ATTR_IFINDEX]) {
160 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
161 
162 		netdev = __dev_get_by_index(netns, ifindex);
163 		if (netdev) {
164 			if (netdev->ieee80211_ptr)
165 				tmp = wiphy_to_rdev(
166 					netdev->ieee80211_ptr->wiphy);
167 			else
168 				tmp = NULL;
169 
170 			/* not wireless device -- return error */
171 			if (!tmp)
172 				return ERR_PTR(-EINVAL);
173 
174 			/* mismatch -- return error */
175 			if (rdev && tmp != rdev)
176 				return ERR_PTR(-EINVAL);
177 
178 			rdev = tmp;
179 		}
180 	}
181 
182 	if (!rdev)
183 		return ERR_PTR(-ENODEV);
184 
185 	if (netns != wiphy_net(&rdev->wiphy))
186 		return ERR_PTR(-ENODEV);
187 
188 	return rdev;
189 }
190 
191 /*
192  * This function returns a pointer to the driver
193  * that the genl_info item that is passed refers to.
194  *
195  * The result of this can be a PTR_ERR and hence must
196  * be checked with IS_ERR() for errors.
197  */
198 static struct cfg80211_registered_device *
199 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
200 {
201 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
202 }
203 
204 static int validate_ie_attr(const struct nlattr *attr,
205 			    struct netlink_ext_ack *extack)
206 {
207 	const u8 *data = nla_data(attr);
208 	unsigned int len = nla_len(attr);
209 	const struct element *elem;
210 
211 	for_each_element(elem, data, len) {
212 		/* nothing */
213 	}
214 
215 	if (for_each_element_completed(elem, data, len))
216 		return 0;
217 
218 	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
219 	return -EINVAL;
220 }
221 
222 /* policy for the attributes */
223 static const struct nla_policy
224 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
225 	[NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
226 	[NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
227 					.len = U8_MAX },
228 	[NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
229 					     .len = U8_MAX },
230 };
231 
232 static const struct nla_policy
233 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
234 	[NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
235 	[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
236 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
237 		NLA_POLICY_MAX(NLA_U8, 15),
238 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
239 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
240 		NLA_POLICY_MAX(NLA_U8, 15),
241 	[NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
242 		NLA_POLICY_MAX(NLA_U8, 31),
243 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
244 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
245 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
246 };
247 
248 static const struct nla_policy
249 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
250 	[NL80211_PMSR_TYPE_FTM] =
251 		NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
252 };
253 
254 static const struct nla_policy
255 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
256 	[NL80211_PMSR_REQ_ATTR_DATA] =
257 		NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
258 	[NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
259 };
260 
261 static const struct nla_policy
262 nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
263 	[NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
264 	/*
265 	 * we could specify this again to be the top-level policy,
266 	 * but that would open us up to recursion problems ...
267 	 */
268 	[NL80211_PMSR_PEER_ATTR_CHAN] = { .type = NLA_NESTED },
269 	[NL80211_PMSR_PEER_ATTR_REQ] =
270 		NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
271 	[NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
272 };
273 
274 static const struct nla_policy
275 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
276 	[NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
277 	[NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
278 	[NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
279 	[NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
280 	[NL80211_PMSR_ATTR_PEERS] =
281 		NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
282 };
283 
284 static const struct nla_policy
285 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
286 	[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
287 		NLA_POLICY_RANGE(NLA_U8, 1, 20),
288 	[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
289 		NLA_POLICY_RANGE(NLA_U8, 1, 20),
290 };
291 
292 const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
293 	[0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
294 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
295 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
296 				      .len = 20-1 },
297 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
298 
299 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
300 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
301 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
302 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
303 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
304 
305 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
306 	[NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
307 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
308 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
309 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
310 	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
311 
312 	[NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
313 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
314 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
315 
316 	[NL80211_ATTR_MAC] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
317 	[NL80211_ATTR_PREV_BSSID] = {
318 		.type = NLA_EXACT_LEN_WARN,
319 		.len = ETH_ALEN
320 	},
321 
322 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
323 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
324 				    .len = WLAN_MAX_KEY_LEN },
325 	[NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 5),
326 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
327 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
328 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
329 	[NL80211_ATTR_KEY_TYPE] =
330 		NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
331 
332 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
333 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
334 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
335 				       .len = IEEE80211_MAX_DATA_LEN },
336 	[NL80211_ATTR_BEACON_TAIL] =
337 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
338 				       IEEE80211_MAX_DATA_LEN),
339 	[NL80211_ATTR_STA_AID] =
340 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
341 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
342 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
343 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
344 					       .len = NL80211_MAX_SUPP_RATES },
345 	[NL80211_ATTR_STA_PLINK_ACTION] =
346 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
347 	[NL80211_ATTR_STA_TX_POWER_SETTING] =
348 		NLA_POLICY_RANGE(NLA_U8,
349 				 NL80211_TX_POWER_AUTOMATIC,
350 				 NL80211_TX_POWER_FIXED),
351 	[NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
352 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
353 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
354 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
355 				   .len = IEEE80211_MAX_MESH_ID_LEN },
356 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
357 
358 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
359 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
360 
361 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
362 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
363 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
364 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
365 					   .len = NL80211_MAX_SUPP_RATES },
366 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
367 
368 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
369 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
370 
371 	[NL80211_ATTR_HT_CAPABILITY] = {
372 		.type = NLA_EXACT_LEN_WARN,
373 		.len = NL80211_HT_CAPABILITY_LEN
374 	},
375 
376 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
377 	[NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
378 						   validate_ie_attr,
379 						   IEEE80211_MAX_DATA_LEN),
380 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
381 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
382 
383 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
384 				.len = IEEE80211_MAX_SSID_LEN },
385 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
386 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
387 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
388 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
389 	[NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
390 						  NL80211_MFP_NO,
391 						  NL80211_MFP_OPTIONAL),
392 	[NL80211_ATTR_STA_FLAGS2] = {
393 		.len = sizeof(struct nl80211_sta_flag_update),
394 	},
395 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
396 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
397 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
398 	[NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
399 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
400 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
401 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
402 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
403 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
404 	[NL80211_ATTR_PMKID] = {
405 		.type = NLA_EXACT_LEN_WARN,
406 		.len = WLAN_PMKID_LEN
407 	},
408 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
409 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
410 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
411 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
412 				 .len = IEEE80211_MAX_DATA_LEN },
413 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
414 	[NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
415 						   NL80211_PS_DISABLED,
416 						   NL80211_PS_ENABLED),
417 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
418 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
419 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
420 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
421 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
422 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
423 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
424 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
425 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
426 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
427 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
428 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
429 	[NL80211_ATTR_STA_PLINK_STATE] =
430 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
431 	[NL80211_ATTR_MESH_PEER_AID] =
432 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
433 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
434 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
435 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
436 	[NL80211_ATTR_HIDDEN_SSID] =
437 		NLA_POLICY_RANGE(NLA_U32,
438 				 NL80211_HIDDEN_SSID_NOT_IN_USE,
439 				 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
440 	[NL80211_ATTR_IE_PROBE_RESP] =
441 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
442 				       IEEE80211_MAX_DATA_LEN),
443 	[NL80211_ATTR_IE_ASSOC_RESP] =
444 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
445 				       IEEE80211_MAX_DATA_LEN),
446 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
447 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
448 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
449 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
450 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
451 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
452 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
453 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
454 	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
455 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
456 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
457 				      .len = IEEE80211_MAX_DATA_LEN },
458 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
459 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
460 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
461 		.len = NL80211_HT_CAPABILITY_LEN
462 	},
463 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
464 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
465 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
466 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
467 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
468 	[NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
469 	[NL80211_ATTR_VHT_CAPABILITY] = {
470 		.type = NLA_EXACT_LEN_WARN,
471 		.len = NL80211_VHT_CAPABILITY_LEN
472 	},
473 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
474 	[NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
475 	[NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
476 	[NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
477 		NLA_POLICY_RANGE(NLA_U32,
478 				 NL80211_MESH_POWER_UNKNOWN + 1,
479 				 NL80211_MESH_POWER_MAX),
480 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
481 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
482 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
483 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
484 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
485 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
486 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
487 		.len = NL80211_VHT_CAPABILITY_LEN,
488 	},
489 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
490 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
491 				  .len = IEEE80211_MAX_DATA_LEN },
492 	[NL80211_ATTR_PEER_AID] =
493 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
494 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
495 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
496 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
497 	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
498 	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
499 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
500 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
501 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
502 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
503 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
504 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
505 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
506 	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
507 				   .len = IEEE80211_QOS_MAP_LEN_MAX },
508 	[NL80211_ATTR_MAC_HINT] = {
509 		.type = NLA_EXACT_LEN_WARN,
510 		.len = ETH_ALEN
511 	},
512 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
513 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
514 	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
515 	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
516 	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
517 	[NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
518 	[NL80211_ATTR_USER_PRIO] =
519 		NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
520 	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
521 	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
522 	[NL80211_ATTR_MAC_MASK] = {
523 		.type = NLA_EXACT_LEN_WARN,
524 		.len = ETH_ALEN
525 	},
526 	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
527 	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
528 	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
529 	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
530 	[NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
531 	[NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
532 	[NL80211_ATTR_STA_SUPPORT_P2P_PS] =
533 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
534 	[NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
535 		.len = VHT_MUMIMO_GROUPS_DATA_LEN
536 	},
537 	[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = {
538 		.type = NLA_EXACT_LEN_WARN,
539 		.len = ETH_ALEN
540 	},
541 	[NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
542 	[NL80211_ATTR_BANDS] = { .type = NLA_U32 },
543 	[NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
544 	[NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
545 				    .len = FILS_MAX_KEK_LEN },
546 	[NL80211_ATTR_FILS_NONCES] = {
547 		.type = NLA_EXACT_LEN_WARN,
548 		.len = 2 * FILS_NONCE_LEN
549 	},
550 	[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
551 	[NL80211_ATTR_BSSID] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
552 	[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
553 	[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
554 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
555 	},
556 	[NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
557 	[NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
558 					     .len = FILS_ERP_MAX_USERNAME_LEN },
559 	[NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
560 					  .len = FILS_ERP_MAX_REALM_LEN },
561 	[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
562 	[NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
563 					.len = FILS_ERP_MAX_RRK_LEN },
564 	[NL80211_ATTR_FILS_CACHE_ID] = { .type = NLA_EXACT_LEN_WARN, .len = 2 },
565 	[NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
566 	[NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
567 	[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
568 
569 	[NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
570 	[NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
571 	[NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
572 	[NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
573 					 .len = NL80211_HE_MAX_CAPABILITY_LEN },
574 
575 	[NL80211_ATTR_FTM_RESPONDER] = {
576 		.type = NLA_NESTED,
577 		.validation_data = nl80211_ftm_responder_policy,
578 	},
579 	[NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
580 	[NL80211_ATTR_PEER_MEASUREMENTS] =
581 		NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
582 	[NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
583 	[NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
584 					.len = SAE_PASSWORD_MAX_LEN },
585 	[NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
586 	[NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
587 };
588 
589 /* policy for the key attributes */
590 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
591 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
592 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
593 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
594 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
595 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
596 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
597 	[NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
598 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
599 	[NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
600 };
601 
602 /* policy for the key default flags */
603 static const struct nla_policy
604 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
605 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
606 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
607 };
608 
609 #ifdef CONFIG_PM
610 /* policy for WoWLAN attributes */
611 static const struct nla_policy
612 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
613 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
614 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
615 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
616 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
617 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
618 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
619 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
620 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
621 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
622 	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
623 };
624 
625 static const struct nla_policy
626 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
627 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
628 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
629 	[NL80211_WOWLAN_TCP_DST_MAC] = {
630 		.type = NLA_EXACT_LEN_WARN,
631 		.len = ETH_ALEN
632 	},
633 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
634 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
635 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
636 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
637 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
638 	},
639 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
640 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
641 	},
642 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
643 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
644 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .type = NLA_MIN_LEN, .len = 1 },
645 };
646 #endif /* CONFIG_PM */
647 
648 /* policy for coalesce rule attributes */
649 static const struct nla_policy
650 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
651 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
652 	[NL80211_ATTR_COALESCE_RULE_CONDITION] =
653 		NLA_POLICY_RANGE(NLA_U32,
654 				 NL80211_COALESCE_CONDITION_MATCH,
655 				 NL80211_COALESCE_CONDITION_NO_MATCH),
656 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
657 };
658 
659 /* policy for GTK rekey offload attributes */
660 static const struct nla_policy
661 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
662 	[NL80211_REKEY_DATA_KEK] = {
663 		.type = NLA_EXACT_LEN_WARN,
664 		.len = NL80211_KEK_LEN,
665 	},
666 	[NL80211_REKEY_DATA_KCK] = {
667 		.type = NLA_EXACT_LEN_WARN,
668 		.len = NL80211_KCK_LEN,
669 	},
670 	[NL80211_REKEY_DATA_REPLAY_CTR] = {
671 		.type = NLA_EXACT_LEN_WARN,
672 		.len = NL80211_REPLAY_CTR_LEN
673 	},
674 };
675 
676 static const struct nla_policy
677 nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
678 	[NL80211_BAND_2GHZ] = { .type = NLA_S32 },
679 	[NL80211_BAND_5GHZ] = { .type = NLA_S32 },
680 	[NL80211_BAND_60GHZ] = { .type = NLA_S32 },
681 };
682 
683 static const struct nla_policy
684 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
685 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
686 						 .len = IEEE80211_MAX_SSID_LEN },
687 	[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = {
688 		.type = NLA_EXACT_LEN_WARN,
689 		.len = ETH_ALEN
690 	},
691 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
692 	[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
693 		NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
694 };
695 
696 static const struct nla_policy
697 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
698 	[NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
699 	[NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
700 };
701 
702 static const struct nla_policy
703 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
704 	[NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
705 	[NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
706 	[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
707 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
708 	},
709 };
710 
711 /* policy for NAN function attributes */
712 static const struct nla_policy
713 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
714 	[NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
715 	[NL80211_NAN_FUNC_SERVICE_ID] = {
716 				    .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
717 	[NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
718 	[NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
719 	[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
720 	[NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
721 	[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
722 	[NL80211_NAN_FUNC_FOLLOW_UP_DEST] = {
723 		.type = NLA_EXACT_LEN_WARN,
724 		.len = ETH_ALEN
725 	},
726 	[NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
727 	[NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
728 	[NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
729 			.len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
730 	[NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
731 	[NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
732 	[NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
733 	[NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
734 	[NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
735 };
736 
737 /* policy for Service Response Filter attributes */
738 static const struct nla_policy
739 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
740 	[NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
741 	[NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
742 				 .len =  NL80211_NAN_FUNC_SRF_MAX_LEN },
743 	[NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
744 	[NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
745 };
746 
747 /* policy for packet pattern attributes */
748 static const struct nla_policy
749 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
750 	[NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
751 	[NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
752 	[NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
753 };
754 
755 int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
756 			      struct cfg80211_registered_device **rdev,
757 			      struct wireless_dev **wdev)
758 {
759 	int err;
760 
761 	if (!cb->args[0]) {
762 		struct nlattr **attrbuf;
763 
764 		attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
765 				  GFP_KERNEL);
766 		if (!attrbuf)
767 			return -ENOMEM;
768 
769 		err = nlmsg_parse_deprecated(cb->nlh,
770 					     GENL_HDRLEN + nl80211_fam.hdrsize,
771 					     attrbuf, nl80211_fam.maxattr,
772 					     nl80211_policy, NULL);
773 		if (err) {
774 			kfree(attrbuf);
775 			return err;
776 		}
777 
778 		*wdev = __cfg80211_wdev_from_attrs(sock_net(cb->skb->sk),
779 						   attrbuf);
780 		kfree(attrbuf);
781 		if (IS_ERR(*wdev))
782 			return PTR_ERR(*wdev);
783 		*rdev = wiphy_to_rdev((*wdev)->wiphy);
784 		/* 0 is the first index - add 1 to parse only once */
785 		cb->args[0] = (*rdev)->wiphy_idx + 1;
786 		cb->args[1] = (*wdev)->identifier;
787 	} else {
788 		/* subtract the 1 again here */
789 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
790 		struct wireless_dev *tmp;
791 
792 		if (!wiphy)
793 			return -ENODEV;
794 		*rdev = wiphy_to_rdev(wiphy);
795 		*wdev = NULL;
796 
797 		list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
798 			if (tmp->identifier == cb->args[1]) {
799 				*wdev = tmp;
800 				break;
801 			}
802 		}
803 
804 		if (!*wdev)
805 			return -ENODEV;
806 	}
807 
808 	return 0;
809 }
810 
811 /* message building helper */
812 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
813 		     int flags, u8 cmd)
814 {
815 	/* since there is no private header just add the generic one */
816 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
817 }
818 
819 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
820 				     const struct ieee80211_reg_rule *rule)
821 {
822 	int j;
823 	struct nlattr *nl_wmm_rules =
824 		nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
825 
826 	if (!nl_wmm_rules)
827 		goto nla_put_failure;
828 
829 	for (j = 0; j < IEEE80211_NUM_ACS; j++) {
830 		struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
831 
832 		if (!nl_wmm_rule)
833 			goto nla_put_failure;
834 
835 		if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
836 				rule->wmm_rule.client[j].cw_min) ||
837 		    nla_put_u16(msg, NL80211_WMMR_CW_MAX,
838 				rule->wmm_rule.client[j].cw_max) ||
839 		    nla_put_u8(msg, NL80211_WMMR_AIFSN,
840 			       rule->wmm_rule.client[j].aifsn) ||
841 		    nla_put_u16(msg, NL80211_WMMR_TXOP,
842 			        rule->wmm_rule.client[j].cot))
843 			goto nla_put_failure;
844 
845 		nla_nest_end(msg, nl_wmm_rule);
846 	}
847 	nla_nest_end(msg, nl_wmm_rules);
848 
849 	return 0;
850 
851 nla_put_failure:
852 	return -ENOBUFS;
853 }
854 
855 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
856 				   struct ieee80211_channel *chan,
857 				   bool large)
858 {
859 	/* Some channels must be completely excluded from the
860 	 * list to protect old user-space tools from breaking
861 	 */
862 	if (!large && chan->flags &
863 	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
864 		return 0;
865 
866 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
867 			chan->center_freq))
868 		goto nla_put_failure;
869 
870 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
871 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
872 		goto nla_put_failure;
873 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
874 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
875 			goto nla_put_failure;
876 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
877 			goto nla_put_failure;
878 	}
879 	if (chan->flags & IEEE80211_CHAN_RADAR) {
880 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
881 			goto nla_put_failure;
882 		if (large) {
883 			u32 time;
884 
885 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
886 
887 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
888 					chan->dfs_state))
889 				goto nla_put_failure;
890 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
891 					time))
892 				goto nla_put_failure;
893 			if (nla_put_u32(msg,
894 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
895 					chan->dfs_cac_ms))
896 				goto nla_put_failure;
897 		}
898 	}
899 
900 	if (large) {
901 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
902 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
903 			goto nla_put_failure;
904 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
905 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
906 			goto nla_put_failure;
907 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
908 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
909 			goto nla_put_failure;
910 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
911 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
912 			goto nla_put_failure;
913 		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
914 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
915 			goto nla_put_failure;
916 		if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
917 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
918 			goto nla_put_failure;
919 		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
920 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
921 			goto nla_put_failure;
922 		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
923 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
924 			goto nla_put_failure;
925 	}
926 
927 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
928 			DBM_TO_MBM(chan->max_power)))
929 		goto nla_put_failure;
930 
931 	if (large) {
932 		const struct ieee80211_reg_rule *rule =
933 			freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
934 
935 		if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
936 			if (nl80211_msg_put_wmm_rules(msg, rule))
937 				goto nla_put_failure;
938 		}
939 	}
940 
941 	return 0;
942 
943  nla_put_failure:
944 	return -ENOBUFS;
945 }
946 
947 static bool nl80211_put_txq_stats(struct sk_buff *msg,
948 				  struct cfg80211_txq_stats *txqstats,
949 				  int attrtype)
950 {
951 	struct nlattr *txqattr;
952 
953 #define PUT_TXQVAL_U32(attr, memb) do {					  \
954 	if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) &&	  \
955 	    nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
956 		return false;						  \
957 	} while (0)
958 
959 	txqattr = nla_nest_start_noflag(msg, attrtype);
960 	if (!txqattr)
961 		return false;
962 
963 	PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
964 	PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
965 	PUT_TXQVAL_U32(FLOWS, flows);
966 	PUT_TXQVAL_U32(DROPS, drops);
967 	PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
968 	PUT_TXQVAL_U32(OVERLIMIT, overlimit);
969 	PUT_TXQVAL_U32(OVERMEMORY, overmemory);
970 	PUT_TXQVAL_U32(COLLISIONS, collisions);
971 	PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
972 	PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
973 	PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
974 	nla_nest_end(msg, txqattr);
975 
976 #undef PUT_TXQVAL_U32
977 	return true;
978 }
979 
980 /* netlink command implementations */
981 
982 struct key_parse {
983 	struct key_params p;
984 	int idx;
985 	int type;
986 	bool def, defmgmt;
987 	bool def_uni, def_multi;
988 };
989 
990 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
991 				 struct key_parse *k)
992 {
993 	struct nlattr *tb[NL80211_KEY_MAX + 1];
994 	int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
995 					      nl80211_key_policy,
996 					      info->extack);
997 	if (err)
998 		return err;
999 
1000 	k->def = !!tb[NL80211_KEY_DEFAULT];
1001 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1002 
1003 	if (k->def) {
1004 		k->def_uni = true;
1005 		k->def_multi = true;
1006 	}
1007 	if (k->defmgmt)
1008 		k->def_multi = true;
1009 
1010 	if (tb[NL80211_KEY_IDX])
1011 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1012 
1013 	if (tb[NL80211_KEY_DATA]) {
1014 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1015 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1016 	}
1017 
1018 	if (tb[NL80211_KEY_SEQ]) {
1019 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1020 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1021 	}
1022 
1023 	if (tb[NL80211_KEY_CIPHER])
1024 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1025 
1026 	if (tb[NL80211_KEY_TYPE])
1027 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1028 
1029 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1030 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1031 
1032 		err = nla_parse_nested_deprecated(kdt,
1033 						  NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1034 						  tb[NL80211_KEY_DEFAULT_TYPES],
1035 						  nl80211_key_default_policy,
1036 						  info->extack);
1037 		if (err)
1038 			return err;
1039 
1040 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1041 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1042 	}
1043 
1044 	if (tb[NL80211_KEY_MODE])
1045 		k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1046 
1047 	return 0;
1048 }
1049 
1050 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1051 {
1052 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1053 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1054 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1055 	}
1056 
1057 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1058 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1059 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1060 	}
1061 
1062 	if (info->attrs[NL80211_ATTR_KEY_IDX])
1063 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1064 
1065 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1066 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1067 
1068 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1069 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1070 
1071 	if (k->def) {
1072 		k->def_uni = true;
1073 		k->def_multi = true;
1074 	}
1075 	if (k->defmgmt)
1076 		k->def_multi = true;
1077 
1078 	if (info->attrs[NL80211_ATTR_KEY_TYPE])
1079 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1080 
1081 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1082 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1083 		int err = nla_parse_nested_deprecated(kdt,
1084 						      NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1085 						      info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1086 						      nl80211_key_default_policy,
1087 						      info->extack);
1088 		if (err)
1089 			return err;
1090 
1091 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1092 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1093 	}
1094 
1095 	return 0;
1096 }
1097 
1098 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1099 {
1100 	int err;
1101 
1102 	memset(k, 0, sizeof(*k));
1103 	k->idx = -1;
1104 	k->type = -1;
1105 
1106 	if (info->attrs[NL80211_ATTR_KEY])
1107 		err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1108 	else
1109 		err = nl80211_parse_key_old(info, k);
1110 
1111 	if (err)
1112 		return err;
1113 
1114 	if (k->def && k->defmgmt) {
1115 		GENL_SET_ERR_MSG(info, "key with def && defmgmt is invalid");
1116 		return -EINVAL;
1117 	}
1118 
1119 	if (k->defmgmt) {
1120 		if (k->def_uni || !k->def_multi) {
1121 			GENL_SET_ERR_MSG(info, "defmgmt key must be mcast");
1122 			return -EINVAL;
1123 		}
1124 	}
1125 
1126 	if (k->idx != -1) {
1127 		if (k->defmgmt) {
1128 			if (k->idx < 4 || k->idx > 5) {
1129 				GENL_SET_ERR_MSG(info,
1130 						 "defmgmt key idx not 4 or 5");
1131 				return -EINVAL;
1132 			}
1133 		} else if (k->def) {
1134 			if (k->idx < 0 || k->idx > 3) {
1135 				GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1136 				return -EINVAL;
1137 			}
1138 		} else {
1139 			if (k->idx < 0 || k->idx > 5) {
1140 				GENL_SET_ERR_MSG(info, "key idx not 0-5");
1141 				return -EINVAL;
1142 			}
1143 		}
1144 	}
1145 
1146 	return 0;
1147 }
1148 
1149 static struct cfg80211_cached_keys *
1150 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1151 		       struct genl_info *info, bool *no_ht)
1152 {
1153 	struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1154 	struct key_parse parse;
1155 	struct nlattr *key;
1156 	struct cfg80211_cached_keys *result;
1157 	int rem, err, def = 0;
1158 	bool have_key = false;
1159 
1160 	nla_for_each_nested(key, keys, rem) {
1161 		have_key = true;
1162 		break;
1163 	}
1164 
1165 	if (!have_key)
1166 		return NULL;
1167 
1168 	result = kzalloc(sizeof(*result), GFP_KERNEL);
1169 	if (!result)
1170 		return ERR_PTR(-ENOMEM);
1171 
1172 	result->def = -1;
1173 
1174 	nla_for_each_nested(key, keys, rem) {
1175 		memset(&parse, 0, sizeof(parse));
1176 		parse.idx = -1;
1177 
1178 		err = nl80211_parse_key_new(info, key, &parse);
1179 		if (err)
1180 			goto error;
1181 		err = -EINVAL;
1182 		if (!parse.p.key)
1183 			goto error;
1184 		if (parse.idx < 0 || parse.idx > 3) {
1185 			GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1186 			goto error;
1187 		}
1188 		if (parse.def) {
1189 			if (def) {
1190 				GENL_SET_ERR_MSG(info,
1191 						 "only one key can be default");
1192 				goto error;
1193 			}
1194 			def = 1;
1195 			result->def = parse.idx;
1196 			if (!parse.def_uni || !parse.def_multi)
1197 				goto error;
1198 		} else if (parse.defmgmt)
1199 			goto error;
1200 		err = cfg80211_validate_key_settings(rdev, &parse.p,
1201 						     parse.idx, false, NULL);
1202 		if (err)
1203 			goto error;
1204 		if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1205 		    parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1206 			GENL_SET_ERR_MSG(info, "connect key must be WEP");
1207 			err = -EINVAL;
1208 			goto error;
1209 		}
1210 		result->params[parse.idx].cipher = parse.p.cipher;
1211 		result->params[parse.idx].key_len = parse.p.key_len;
1212 		result->params[parse.idx].key = result->data[parse.idx];
1213 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1214 
1215 		/* must be WEP key if we got here */
1216 		if (no_ht)
1217 			*no_ht = true;
1218 	}
1219 
1220 	if (result->def < 0) {
1221 		err = -EINVAL;
1222 		GENL_SET_ERR_MSG(info, "need a default/TX key");
1223 		goto error;
1224 	}
1225 
1226 	return result;
1227  error:
1228 	kfree(result);
1229 	return ERR_PTR(err);
1230 }
1231 
1232 static int nl80211_key_allowed(struct wireless_dev *wdev)
1233 {
1234 	ASSERT_WDEV_LOCK(wdev);
1235 
1236 	switch (wdev->iftype) {
1237 	case NL80211_IFTYPE_AP:
1238 	case NL80211_IFTYPE_AP_VLAN:
1239 	case NL80211_IFTYPE_P2P_GO:
1240 	case NL80211_IFTYPE_MESH_POINT:
1241 		break;
1242 	case NL80211_IFTYPE_ADHOC:
1243 	case NL80211_IFTYPE_STATION:
1244 	case NL80211_IFTYPE_P2P_CLIENT:
1245 		if (!wdev->current_bss)
1246 			return -ENOLINK;
1247 		break;
1248 	case NL80211_IFTYPE_UNSPECIFIED:
1249 	case NL80211_IFTYPE_OCB:
1250 	case NL80211_IFTYPE_MONITOR:
1251 	case NL80211_IFTYPE_NAN:
1252 	case NL80211_IFTYPE_P2P_DEVICE:
1253 	case NL80211_IFTYPE_WDS:
1254 	case NUM_NL80211_IFTYPES:
1255 		return -EINVAL;
1256 	}
1257 
1258 	return 0;
1259 }
1260 
1261 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1262 							struct nlattr *tb)
1263 {
1264 	struct ieee80211_channel *chan;
1265 
1266 	if (tb == NULL)
1267 		return NULL;
1268 	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1269 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1270 		return NULL;
1271 	return chan;
1272 }
1273 
1274 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1275 {
1276 	struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1277 	int i;
1278 
1279 	if (!nl_modes)
1280 		goto nla_put_failure;
1281 
1282 	i = 0;
1283 	while (ifmodes) {
1284 		if ((ifmodes & 1) && nla_put_flag(msg, i))
1285 			goto nla_put_failure;
1286 		ifmodes >>= 1;
1287 		i++;
1288 	}
1289 
1290 	nla_nest_end(msg, nl_modes);
1291 	return 0;
1292 
1293 nla_put_failure:
1294 	return -ENOBUFS;
1295 }
1296 
1297 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1298 					  struct sk_buff *msg,
1299 					  bool large)
1300 {
1301 	struct nlattr *nl_combis;
1302 	int i, j;
1303 
1304 	nl_combis = nla_nest_start_noflag(msg,
1305 					  NL80211_ATTR_INTERFACE_COMBINATIONS);
1306 	if (!nl_combis)
1307 		goto nla_put_failure;
1308 
1309 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
1310 		const struct ieee80211_iface_combination *c;
1311 		struct nlattr *nl_combi, *nl_limits;
1312 
1313 		c = &wiphy->iface_combinations[i];
1314 
1315 		nl_combi = nla_nest_start_noflag(msg, i + 1);
1316 		if (!nl_combi)
1317 			goto nla_put_failure;
1318 
1319 		nl_limits = nla_nest_start_noflag(msg,
1320 						  NL80211_IFACE_COMB_LIMITS);
1321 		if (!nl_limits)
1322 			goto nla_put_failure;
1323 
1324 		for (j = 0; j < c->n_limits; j++) {
1325 			struct nlattr *nl_limit;
1326 
1327 			nl_limit = nla_nest_start_noflag(msg, j + 1);
1328 			if (!nl_limit)
1329 				goto nla_put_failure;
1330 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1331 					c->limits[j].max))
1332 				goto nla_put_failure;
1333 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1334 						c->limits[j].types))
1335 				goto nla_put_failure;
1336 			nla_nest_end(msg, nl_limit);
1337 		}
1338 
1339 		nla_nest_end(msg, nl_limits);
1340 
1341 		if (c->beacon_int_infra_match &&
1342 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1343 			goto nla_put_failure;
1344 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1345 				c->num_different_channels) ||
1346 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1347 				c->max_interfaces))
1348 			goto nla_put_failure;
1349 		if (large &&
1350 		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1351 				c->radar_detect_widths) ||
1352 		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1353 				c->radar_detect_regions)))
1354 			goto nla_put_failure;
1355 		if (c->beacon_int_min_gcd &&
1356 		    nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1357 				c->beacon_int_min_gcd))
1358 			goto nla_put_failure;
1359 
1360 		nla_nest_end(msg, nl_combi);
1361 	}
1362 
1363 	nla_nest_end(msg, nl_combis);
1364 
1365 	return 0;
1366 nla_put_failure:
1367 	return -ENOBUFS;
1368 }
1369 
1370 #ifdef CONFIG_PM
1371 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1372 					struct sk_buff *msg)
1373 {
1374 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1375 	struct nlattr *nl_tcp;
1376 
1377 	if (!tcp)
1378 		return 0;
1379 
1380 	nl_tcp = nla_nest_start_noflag(msg,
1381 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1382 	if (!nl_tcp)
1383 		return -ENOBUFS;
1384 
1385 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1386 			tcp->data_payload_max))
1387 		return -ENOBUFS;
1388 
1389 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1390 			tcp->data_payload_max))
1391 		return -ENOBUFS;
1392 
1393 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1394 		return -ENOBUFS;
1395 
1396 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1397 				sizeof(*tcp->tok), tcp->tok))
1398 		return -ENOBUFS;
1399 
1400 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1401 			tcp->data_interval_max))
1402 		return -ENOBUFS;
1403 
1404 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1405 			tcp->wake_payload_max))
1406 		return -ENOBUFS;
1407 
1408 	nla_nest_end(msg, nl_tcp);
1409 	return 0;
1410 }
1411 
1412 static int nl80211_send_wowlan(struct sk_buff *msg,
1413 			       struct cfg80211_registered_device *rdev,
1414 			       bool large)
1415 {
1416 	struct nlattr *nl_wowlan;
1417 
1418 	if (!rdev->wiphy.wowlan)
1419 		return 0;
1420 
1421 	nl_wowlan = nla_nest_start_noflag(msg,
1422 					  NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1423 	if (!nl_wowlan)
1424 		return -ENOBUFS;
1425 
1426 	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1427 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1428 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1429 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1430 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1431 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1432 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1433 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1434 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1435 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1436 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1437 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1438 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1439 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1440 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1441 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1442 		return -ENOBUFS;
1443 
1444 	if (rdev->wiphy.wowlan->n_patterns) {
1445 		struct nl80211_pattern_support pat = {
1446 			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1447 			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1448 			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1449 			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1450 		};
1451 
1452 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1453 			    sizeof(pat), &pat))
1454 			return -ENOBUFS;
1455 	}
1456 
1457 	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1458 	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1459 			rdev->wiphy.wowlan->max_nd_match_sets))
1460 		return -ENOBUFS;
1461 
1462 	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1463 		return -ENOBUFS;
1464 
1465 	nla_nest_end(msg, nl_wowlan);
1466 
1467 	return 0;
1468 }
1469 #endif
1470 
1471 static int nl80211_send_coalesce(struct sk_buff *msg,
1472 				 struct cfg80211_registered_device *rdev)
1473 {
1474 	struct nl80211_coalesce_rule_support rule;
1475 
1476 	if (!rdev->wiphy.coalesce)
1477 		return 0;
1478 
1479 	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1480 	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1481 	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1482 	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1483 	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1484 	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1485 
1486 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1487 		return -ENOBUFS;
1488 
1489 	return 0;
1490 }
1491 
1492 static int
1493 nl80211_send_iftype_data(struct sk_buff *msg,
1494 			 const struct ieee80211_sband_iftype_data *iftdata)
1495 {
1496 	const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1497 
1498 	if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1499 				iftdata->types_mask))
1500 		return -ENOBUFS;
1501 
1502 	if (he_cap->has_he) {
1503 		if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1504 			    sizeof(he_cap->he_cap_elem.mac_cap_info),
1505 			    he_cap->he_cap_elem.mac_cap_info) ||
1506 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1507 			    sizeof(he_cap->he_cap_elem.phy_cap_info),
1508 			    he_cap->he_cap_elem.phy_cap_info) ||
1509 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1510 			    sizeof(he_cap->he_mcs_nss_supp),
1511 			    &he_cap->he_mcs_nss_supp) ||
1512 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1513 			    sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1514 			return -ENOBUFS;
1515 	}
1516 
1517 	return 0;
1518 }
1519 
1520 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1521 				      struct ieee80211_supported_band *sband)
1522 {
1523 	struct nlattr *nl_rates, *nl_rate;
1524 	struct ieee80211_rate *rate;
1525 	int i;
1526 
1527 	/* add HT info */
1528 	if (sband->ht_cap.ht_supported &&
1529 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1530 		     sizeof(sband->ht_cap.mcs),
1531 		     &sband->ht_cap.mcs) ||
1532 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1533 			 sband->ht_cap.cap) ||
1534 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1535 			sband->ht_cap.ampdu_factor) ||
1536 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1537 			sband->ht_cap.ampdu_density)))
1538 		return -ENOBUFS;
1539 
1540 	/* add VHT info */
1541 	if (sband->vht_cap.vht_supported &&
1542 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1543 		     sizeof(sband->vht_cap.vht_mcs),
1544 		     &sband->vht_cap.vht_mcs) ||
1545 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1546 			 sband->vht_cap.cap)))
1547 		return -ENOBUFS;
1548 
1549 	if (sband->n_iftype_data) {
1550 		struct nlattr *nl_iftype_data =
1551 			nla_nest_start_noflag(msg,
1552 					      NL80211_BAND_ATTR_IFTYPE_DATA);
1553 		int err;
1554 
1555 		if (!nl_iftype_data)
1556 			return -ENOBUFS;
1557 
1558 		for (i = 0; i < sband->n_iftype_data; i++) {
1559 			struct nlattr *iftdata;
1560 
1561 			iftdata = nla_nest_start_noflag(msg, i + 1);
1562 			if (!iftdata)
1563 				return -ENOBUFS;
1564 
1565 			err = nl80211_send_iftype_data(msg,
1566 						       &sband->iftype_data[i]);
1567 			if (err)
1568 				return err;
1569 
1570 			nla_nest_end(msg, iftdata);
1571 		}
1572 
1573 		nla_nest_end(msg, nl_iftype_data);
1574 	}
1575 
1576 	/* add bitrates */
1577 	nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1578 	if (!nl_rates)
1579 		return -ENOBUFS;
1580 
1581 	for (i = 0; i < sband->n_bitrates; i++) {
1582 		nl_rate = nla_nest_start_noflag(msg, i);
1583 		if (!nl_rate)
1584 			return -ENOBUFS;
1585 
1586 		rate = &sband->bitrates[i];
1587 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1588 				rate->bitrate))
1589 			return -ENOBUFS;
1590 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1591 		    nla_put_flag(msg,
1592 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1593 			return -ENOBUFS;
1594 
1595 		nla_nest_end(msg, nl_rate);
1596 	}
1597 
1598 	nla_nest_end(msg, nl_rates);
1599 
1600 	return 0;
1601 }
1602 
1603 static int
1604 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1605 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1606 {
1607 	u16 stypes;
1608 	struct nlattr *nl_ftypes, *nl_ifs;
1609 	enum nl80211_iftype ift;
1610 	int i;
1611 
1612 	if (!mgmt_stypes)
1613 		return 0;
1614 
1615 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1616 	if (!nl_ifs)
1617 		return -ENOBUFS;
1618 
1619 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1620 		nl_ftypes = nla_nest_start_noflag(msg, ift);
1621 		if (!nl_ftypes)
1622 			return -ENOBUFS;
1623 		i = 0;
1624 		stypes = mgmt_stypes[ift].tx;
1625 		while (stypes) {
1626 			if ((stypes & 1) &&
1627 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1628 					(i << 4) | IEEE80211_FTYPE_MGMT))
1629 				return -ENOBUFS;
1630 			stypes >>= 1;
1631 			i++;
1632 		}
1633 		nla_nest_end(msg, nl_ftypes);
1634 	}
1635 
1636 	nla_nest_end(msg, nl_ifs);
1637 
1638 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1639 	if (!nl_ifs)
1640 		return -ENOBUFS;
1641 
1642 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1643 		nl_ftypes = nla_nest_start_noflag(msg, ift);
1644 		if (!nl_ftypes)
1645 			return -ENOBUFS;
1646 		i = 0;
1647 		stypes = mgmt_stypes[ift].rx;
1648 		while (stypes) {
1649 			if ((stypes & 1) &&
1650 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1651 					(i << 4) | IEEE80211_FTYPE_MGMT))
1652 				return -ENOBUFS;
1653 			stypes >>= 1;
1654 			i++;
1655 		}
1656 		nla_nest_end(msg, nl_ftypes);
1657 	}
1658 	nla_nest_end(msg, nl_ifs);
1659 
1660 	return 0;
1661 }
1662 
1663 #define CMD(op, n)							\
1664 	 do {								\
1665 		if (rdev->ops->op) {					\
1666 			i++;						\
1667 			if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) 	\
1668 				goto nla_put_failure;			\
1669 		}							\
1670 	} while (0)
1671 
1672 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1673 					struct sk_buff *msg)
1674 {
1675 	int i = 0;
1676 
1677 	/*
1678 	 * do *NOT* add anything into this function, new things need to be
1679 	 * advertised only to new versions of userspace that can deal with
1680 	 * the split (and they can't possibly care about new features...
1681 	 */
1682 	CMD(add_virtual_intf, NEW_INTERFACE);
1683 	CMD(change_virtual_intf, SET_INTERFACE);
1684 	CMD(add_key, NEW_KEY);
1685 	CMD(start_ap, START_AP);
1686 	CMD(add_station, NEW_STATION);
1687 	CMD(add_mpath, NEW_MPATH);
1688 	CMD(update_mesh_config, SET_MESH_CONFIG);
1689 	CMD(change_bss, SET_BSS);
1690 	CMD(auth, AUTHENTICATE);
1691 	CMD(assoc, ASSOCIATE);
1692 	CMD(deauth, DEAUTHENTICATE);
1693 	CMD(disassoc, DISASSOCIATE);
1694 	CMD(join_ibss, JOIN_IBSS);
1695 	CMD(join_mesh, JOIN_MESH);
1696 	CMD(set_pmksa, SET_PMKSA);
1697 	CMD(del_pmksa, DEL_PMKSA);
1698 	CMD(flush_pmksa, FLUSH_PMKSA);
1699 	if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1700 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1701 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1702 	CMD(mgmt_tx, FRAME);
1703 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1704 	if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1705 		i++;
1706 		if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1707 			goto nla_put_failure;
1708 	}
1709 	if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1710 	    rdev->ops->join_mesh) {
1711 		i++;
1712 		if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1713 			goto nla_put_failure;
1714 	}
1715 	CMD(set_wds_peer, SET_WDS_PEER);
1716 	if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1717 		CMD(tdls_mgmt, TDLS_MGMT);
1718 		CMD(tdls_oper, TDLS_OPER);
1719 	}
1720 	if (rdev->wiphy.max_sched_scan_reqs)
1721 		CMD(sched_scan_start, START_SCHED_SCAN);
1722 	CMD(probe_client, PROBE_CLIENT);
1723 	CMD(set_noack_map, SET_NOACK_MAP);
1724 	if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1725 		i++;
1726 		if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1727 			goto nla_put_failure;
1728 	}
1729 	CMD(start_p2p_device, START_P2P_DEVICE);
1730 	CMD(set_mcast_rate, SET_MCAST_RATE);
1731 #ifdef CONFIG_NL80211_TESTMODE
1732 	CMD(testmode_cmd, TESTMODE);
1733 #endif
1734 
1735 	if (rdev->ops->connect || rdev->ops->auth) {
1736 		i++;
1737 		if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1738 			goto nla_put_failure;
1739 	}
1740 
1741 	if (rdev->ops->disconnect || rdev->ops->deauth) {
1742 		i++;
1743 		if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1744 			goto nla_put_failure;
1745 	}
1746 
1747 	return i;
1748  nla_put_failure:
1749 	return -ENOBUFS;
1750 }
1751 
1752 static int
1753 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1754 			   struct sk_buff *msg)
1755 {
1756 	struct nlattr *ftm;
1757 
1758 	if (!cap->ftm.supported)
1759 		return 0;
1760 
1761 	ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1762 	if (!ftm)
1763 		return -ENOBUFS;
1764 
1765 	if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1766 		return -ENOBUFS;
1767 	if (cap->ftm.non_asap &&
1768 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
1769 		return -ENOBUFS;
1770 	if (cap->ftm.request_lci &&
1771 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
1772 		return -ENOBUFS;
1773 	if (cap->ftm.request_civicloc &&
1774 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
1775 		return -ENOBUFS;
1776 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
1777 			cap->ftm.preambles))
1778 		return -ENOBUFS;
1779 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
1780 			cap->ftm.bandwidths))
1781 		return -ENOBUFS;
1782 	if (cap->ftm.max_bursts_exponent >= 0 &&
1783 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
1784 			cap->ftm.max_bursts_exponent))
1785 		return -ENOBUFS;
1786 	if (cap->ftm.max_ftms_per_burst &&
1787 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
1788 			cap->ftm.max_ftms_per_burst))
1789 		return -ENOBUFS;
1790 
1791 	nla_nest_end(msg, ftm);
1792 	return 0;
1793 }
1794 
1795 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
1796 				  struct sk_buff *msg)
1797 {
1798 	const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
1799 	struct nlattr *pmsr, *caps;
1800 
1801 	if (!cap)
1802 		return 0;
1803 
1804 	/*
1805 	 * we don't need to clean up anything here since the caller
1806 	 * will genlmsg_cancel() if we fail
1807 	 */
1808 
1809 	pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
1810 	if (!pmsr)
1811 		return -ENOBUFS;
1812 
1813 	if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
1814 		return -ENOBUFS;
1815 
1816 	if (cap->report_ap_tsf &&
1817 	    nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
1818 		return -ENOBUFS;
1819 
1820 	if (cap->randomize_mac_addr &&
1821 	    nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
1822 		return -ENOBUFS;
1823 
1824 	caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
1825 	if (!caps)
1826 		return -ENOBUFS;
1827 
1828 	if (nl80211_send_pmsr_ftm_capa(cap, msg))
1829 		return -ENOBUFS;
1830 
1831 	nla_nest_end(msg, caps);
1832 	nla_nest_end(msg, pmsr);
1833 
1834 	return 0;
1835 }
1836 
1837 struct nl80211_dump_wiphy_state {
1838 	s64 filter_wiphy;
1839 	long start;
1840 	long split_start, band_start, chan_start, capa_start;
1841 	bool split;
1842 };
1843 
1844 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1845 			      enum nl80211_commands cmd,
1846 			      struct sk_buff *msg, u32 portid, u32 seq,
1847 			      int flags, struct nl80211_dump_wiphy_state *state)
1848 {
1849 	void *hdr;
1850 	struct nlattr *nl_bands, *nl_band;
1851 	struct nlattr *nl_freqs, *nl_freq;
1852 	struct nlattr *nl_cmds;
1853 	enum nl80211_band band;
1854 	struct ieee80211_channel *chan;
1855 	int i;
1856 	const struct ieee80211_txrx_stypes *mgmt_stypes =
1857 				rdev->wiphy.mgmt_stypes;
1858 	u32 features;
1859 
1860 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1861 	if (!hdr)
1862 		return -ENOBUFS;
1863 
1864 	if (WARN_ON(!state))
1865 		return -EINVAL;
1866 
1867 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1868 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1869 			   wiphy_name(&rdev->wiphy)) ||
1870 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1871 			cfg80211_rdev_list_generation))
1872 		goto nla_put_failure;
1873 
1874 	if (cmd != NL80211_CMD_NEW_WIPHY)
1875 		goto finish;
1876 
1877 	switch (state->split_start) {
1878 	case 0:
1879 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1880 			       rdev->wiphy.retry_short) ||
1881 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1882 			       rdev->wiphy.retry_long) ||
1883 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1884 				rdev->wiphy.frag_threshold) ||
1885 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1886 				rdev->wiphy.rts_threshold) ||
1887 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1888 			       rdev->wiphy.coverage_class) ||
1889 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1890 			       rdev->wiphy.max_scan_ssids) ||
1891 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1892 			       rdev->wiphy.max_sched_scan_ssids) ||
1893 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1894 				rdev->wiphy.max_scan_ie_len) ||
1895 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1896 				rdev->wiphy.max_sched_scan_ie_len) ||
1897 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1898 			       rdev->wiphy.max_match_sets) ||
1899 		    nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1900 				rdev->wiphy.max_sched_scan_plans) ||
1901 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1902 				rdev->wiphy.max_sched_scan_plan_interval) ||
1903 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1904 				rdev->wiphy.max_sched_scan_plan_iterations))
1905 			goto nla_put_failure;
1906 
1907 		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1908 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1909 			goto nla_put_failure;
1910 		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1911 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1912 			goto nla_put_failure;
1913 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1914 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1915 			goto nla_put_failure;
1916 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1917 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1918 			goto nla_put_failure;
1919 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1920 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1921 			goto nla_put_failure;
1922 		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1923 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1924 			goto nla_put_failure;
1925 		state->split_start++;
1926 		if (state->split)
1927 			break;
1928 		/* fall through */
1929 	case 1:
1930 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1931 			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
1932 			    rdev->wiphy.cipher_suites))
1933 			goto nla_put_failure;
1934 
1935 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1936 			       rdev->wiphy.max_num_pmkids))
1937 			goto nla_put_failure;
1938 
1939 		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1940 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1941 			goto nla_put_failure;
1942 
1943 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1944 				rdev->wiphy.available_antennas_tx) ||
1945 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1946 				rdev->wiphy.available_antennas_rx))
1947 			goto nla_put_failure;
1948 
1949 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1950 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1951 				rdev->wiphy.probe_resp_offload))
1952 			goto nla_put_failure;
1953 
1954 		if ((rdev->wiphy.available_antennas_tx ||
1955 		     rdev->wiphy.available_antennas_rx) &&
1956 		    rdev->ops->get_antenna) {
1957 			u32 tx_ant = 0, rx_ant = 0;
1958 			int res;
1959 
1960 			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1961 			if (!res) {
1962 				if (nla_put_u32(msg,
1963 						NL80211_ATTR_WIPHY_ANTENNA_TX,
1964 						tx_ant) ||
1965 				    nla_put_u32(msg,
1966 						NL80211_ATTR_WIPHY_ANTENNA_RX,
1967 						rx_ant))
1968 					goto nla_put_failure;
1969 			}
1970 		}
1971 
1972 		state->split_start++;
1973 		if (state->split)
1974 			break;
1975 		/* fall through */
1976 	case 2:
1977 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1978 					rdev->wiphy.interface_modes))
1979 				goto nla_put_failure;
1980 		state->split_start++;
1981 		if (state->split)
1982 			break;
1983 		/* fall through */
1984 	case 3:
1985 		nl_bands = nla_nest_start_noflag(msg,
1986 						 NL80211_ATTR_WIPHY_BANDS);
1987 		if (!nl_bands)
1988 			goto nla_put_failure;
1989 
1990 		for (band = state->band_start;
1991 		     band < NUM_NL80211_BANDS; band++) {
1992 			struct ieee80211_supported_band *sband;
1993 
1994 			sband = rdev->wiphy.bands[band];
1995 
1996 			if (!sband)
1997 				continue;
1998 
1999 			nl_band = nla_nest_start_noflag(msg, band);
2000 			if (!nl_band)
2001 				goto nla_put_failure;
2002 
2003 			switch (state->chan_start) {
2004 			case 0:
2005 				if (nl80211_send_band_rateinfo(msg, sband))
2006 					goto nla_put_failure;
2007 				state->chan_start++;
2008 				if (state->split)
2009 					break;
2010 				/* fall through */
2011 			default:
2012 				/* add frequencies */
2013 				nl_freqs = nla_nest_start_noflag(msg,
2014 								 NL80211_BAND_ATTR_FREQS);
2015 				if (!nl_freqs)
2016 					goto nla_put_failure;
2017 
2018 				for (i = state->chan_start - 1;
2019 				     i < sband->n_channels;
2020 				     i++) {
2021 					nl_freq = nla_nest_start_noflag(msg,
2022 									i);
2023 					if (!nl_freq)
2024 						goto nla_put_failure;
2025 
2026 					chan = &sband->channels[i];
2027 
2028 					if (nl80211_msg_put_channel(
2029 							msg, &rdev->wiphy, chan,
2030 							state->split))
2031 						goto nla_put_failure;
2032 
2033 					nla_nest_end(msg, nl_freq);
2034 					if (state->split)
2035 						break;
2036 				}
2037 				if (i < sband->n_channels)
2038 					state->chan_start = i + 2;
2039 				else
2040 					state->chan_start = 0;
2041 				nla_nest_end(msg, nl_freqs);
2042 			}
2043 
2044 			nla_nest_end(msg, nl_band);
2045 
2046 			if (state->split) {
2047 				/* start again here */
2048 				if (state->chan_start)
2049 					band--;
2050 				break;
2051 			}
2052 		}
2053 		nla_nest_end(msg, nl_bands);
2054 
2055 		if (band < NUM_NL80211_BANDS)
2056 			state->band_start = band + 1;
2057 		else
2058 			state->band_start = 0;
2059 
2060 		/* if bands & channels are done, continue outside */
2061 		if (state->band_start == 0 && state->chan_start == 0)
2062 			state->split_start++;
2063 		if (state->split)
2064 			break;
2065 		/* fall through */
2066 	case 4:
2067 		nl_cmds = nla_nest_start_noflag(msg,
2068 						NL80211_ATTR_SUPPORTED_COMMANDS);
2069 		if (!nl_cmds)
2070 			goto nla_put_failure;
2071 
2072 		i = nl80211_add_commands_unsplit(rdev, msg);
2073 		if (i < 0)
2074 			goto nla_put_failure;
2075 		if (state->split) {
2076 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
2077 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2078 			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2079 				CMD(channel_switch, CHANNEL_SWITCH);
2080 			CMD(set_qos_map, SET_QOS_MAP);
2081 			if (rdev->wiphy.features &
2082 					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2083 				CMD(add_tx_ts, ADD_TX_TS);
2084 			CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2085 			CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2086 		}
2087 #undef CMD
2088 
2089 		nla_nest_end(msg, nl_cmds);
2090 		state->split_start++;
2091 		if (state->split)
2092 			break;
2093 		/* fall through */
2094 	case 5:
2095 		if (rdev->ops->remain_on_channel &&
2096 		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2097 		    nla_put_u32(msg,
2098 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2099 				rdev->wiphy.max_remain_on_channel_duration))
2100 			goto nla_put_failure;
2101 
2102 		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2103 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2104 			goto nla_put_failure;
2105 
2106 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2107 			goto nla_put_failure;
2108 		state->split_start++;
2109 		if (state->split)
2110 			break;
2111 		/* fall through */
2112 	case 6:
2113 #ifdef CONFIG_PM
2114 		if (nl80211_send_wowlan(msg, rdev, state->split))
2115 			goto nla_put_failure;
2116 		state->split_start++;
2117 		if (state->split)
2118 			break;
2119 #else
2120 		state->split_start++;
2121 #endif
2122 		/* fall through */
2123 	case 7:
2124 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2125 					rdev->wiphy.software_iftypes))
2126 			goto nla_put_failure;
2127 
2128 		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2129 						   state->split))
2130 			goto nla_put_failure;
2131 
2132 		state->split_start++;
2133 		if (state->split)
2134 			break;
2135 		/* fall through */
2136 	case 8:
2137 		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2138 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2139 				rdev->wiphy.ap_sme_capa))
2140 			goto nla_put_failure;
2141 
2142 		features = rdev->wiphy.features;
2143 		/*
2144 		 * We can only add the per-channel limit information if the
2145 		 * dump is split, otherwise it makes it too big. Therefore
2146 		 * only advertise it in that case.
2147 		 */
2148 		if (state->split)
2149 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2150 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2151 			goto nla_put_failure;
2152 
2153 		if (rdev->wiphy.ht_capa_mod_mask &&
2154 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2155 			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
2156 			    rdev->wiphy.ht_capa_mod_mask))
2157 			goto nla_put_failure;
2158 
2159 		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2160 		    rdev->wiphy.max_acl_mac_addrs &&
2161 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2162 				rdev->wiphy.max_acl_mac_addrs))
2163 			goto nla_put_failure;
2164 
2165 		/*
2166 		 * Any information below this point is only available to
2167 		 * applications that can deal with it being split. This
2168 		 * helps ensure that newly added capabilities don't break
2169 		 * older tools by overrunning their buffers.
2170 		 *
2171 		 * We still increment split_start so that in the split
2172 		 * case we'll continue with more data in the next round,
2173 		 * but break unconditionally so unsplit data stops here.
2174 		 */
2175 		state->split_start++;
2176 		break;
2177 	case 9:
2178 		if (rdev->wiphy.extended_capabilities &&
2179 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2180 			     rdev->wiphy.extended_capabilities_len,
2181 			     rdev->wiphy.extended_capabilities) ||
2182 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2183 			     rdev->wiphy.extended_capabilities_len,
2184 			     rdev->wiphy.extended_capabilities_mask)))
2185 			goto nla_put_failure;
2186 
2187 		if (rdev->wiphy.vht_capa_mod_mask &&
2188 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2189 			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
2190 			    rdev->wiphy.vht_capa_mod_mask))
2191 			goto nla_put_failure;
2192 
2193 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2194 			    rdev->wiphy.perm_addr))
2195 			goto nla_put_failure;
2196 
2197 		if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2198 		    nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2199 			    rdev->wiphy.addr_mask))
2200 			goto nla_put_failure;
2201 
2202 		if (rdev->wiphy.n_addresses > 1) {
2203 			void *attr;
2204 
2205 			attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2206 			if (!attr)
2207 				goto nla_put_failure;
2208 
2209 			for (i = 0; i < rdev->wiphy.n_addresses; i++)
2210 				if (nla_put(msg, i + 1, ETH_ALEN,
2211 					    rdev->wiphy.addresses[i].addr))
2212 					goto nla_put_failure;
2213 
2214 			nla_nest_end(msg, attr);
2215 		}
2216 
2217 		state->split_start++;
2218 		break;
2219 	case 10:
2220 		if (nl80211_send_coalesce(msg, rdev))
2221 			goto nla_put_failure;
2222 
2223 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2224 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2225 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2226 			goto nla_put_failure;
2227 
2228 		if (rdev->wiphy.max_ap_assoc_sta &&
2229 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2230 				rdev->wiphy.max_ap_assoc_sta))
2231 			goto nla_put_failure;
2232 
2233 		state->split_start++;
2234 		break;
2235 	case 11:
2236 		if (rdev->wiphy.n_vendor_commands) {
2237 			const struct nl80211_vendor_cmd_info *info;
2238 			struct nlattr *nested;
2239 
2240 			nested = nla_nest_start_noflag(msg,
2241 						       NL80211_ATTR_VENDOR_DATA);
2242 			if (!nested)
2243 				goto nla_put_failure;
2244 
2245 			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2246 				info = &rdev->wiphy.vendor_commands[i].info;
2247 				if (nla_put(msg, i + 1, sizeof(*info), info))
2248 					goto nla_put_failure;
2249 			}
2250 			nla_nest_end(msg, nested);
2251 		}
2252 
2253 		if (rdev->wiphy.n_vendor_events) {
2254 			const struct nl80211_vendor_cmd_info *info;
2255 			struct nlattr *nested;
2256 
2257 			nested = nla_nest_start_noflag(msg,
2258 						       NL80211_ATTR_VENDOR_EVENTS);
2259 			if (!nested)
2260 				goto nla_put_failure;
2261 
2262 			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2263 				info = &rdev->wiphy.vendor_events[i];
2264 				if (nla_put(msg, i + 1, sizeof(*info), info))
2265 					goto nla_put_failure;
2266 			}
2267 			nla_nest_end(msg, nested);
2268 		}
2269 		state->split_start++;
2270 		break;
2271 	case 12:
2272 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2273 		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2274 			       rdev->wiphy.max_num_csa_counters))
2275 			goto nla_put_failure;
2276 
2277 		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2278 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2279 			goto nla_put_failure;
2280 
2281 		if (rdev->wiphy.max_sched_scan_reqs &&
2282 		    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2283 				rdev->wiphy.max_sched_scan_reqs))
2284 			goto nla_put_failure;
2285 
2286 		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2287 			    sizeof(rdev->wiphy.ext_features),
2288 			    rdev->wiphy.ext_features))
2289 			goto nla_put_failure;
2290 
2291 		if (rdev->wiphy.bss_select_support) {
2292 			struct nlattr *nested;
2293 			u32 bss_select_support = rdev->wiphy.bss_select_support;
2294 
2295 			nested = nla_nest_start_noflag(msg,
2296 						       NL80211_ATTR_BSS_SELECT);
2297 			if (!nested)
2298 				goto nla_put_failure;
2299 
2300 			i = 0;
2301 			while (bss_select_support) {
2302 				if ((bss_select_support & 1) &&
2303 				    nla_put_flag(msg, i))
2304 					goto nla_put_failure;
2305 				i++;
2306 				bss_select_support >>= 1;
2307 			}
2308 			nla_nest_end(msg, nested);
2309 		}
2310 
2311 		state->split_start++;
2312 		break;
2313 	case 13:
2314 		if (rdev->wiphy.num_iftype_ext_capab &&
2315 		    rdev->wiphy.iftype_ext_capab) {
2316 			struct nlattr *nested_ext_capab, *nested;
2317 
2318 			nested = nla_nest_start_noflag(msg,
2319 						       NL80211_ATTR_IFTYPE_EXT_CAPA);
2320 			if (!nested)
2321 				goto nla_put_failure;
2322 
2323 			for (i = state->capa_start;
2324 			     i < rdev->wiphy.num_iftype_ext_capab; i++) {
2325 				const struct wiphy_iftype_ext_capab *capab;
2326 
2327 				capab = &rdev->wiphy.iftype_ext_capab[i];
2328 
2329 				nested_ext_capab = nla_nest_start_noflag(msg,
2330 									 i);
2331 				if (!nested_ext_capab ||
2332 				    nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2333 						capab->iftype) ||
2334 				    nla_put(msg, NL80211_ATTR_EXT_CAPA,
2335 					    capab->extended_capabilities_len,
2336 					    capab->extended_capabilities) ||
2337 				    nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2338 					    capab->extended_capabilities_len,
2339 					    capab->extended_capabilities_mask))
2340 					goto nla_put_failure;
2341 
2342 				nla_nest_end(msg, nested_ext_capab);
2343 				if (state->split)
2344 					break;
2345 			}
2346 			nla_nest_end(msg, nested);
2347 			if (i < rdev->wiphy.num_iftype_ext_capab) {
2348 				state->capa_start = i + 1;
2349 				break;
2350 			}
2351 		}
2352 
2353 		if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2354 				rdev->wiphy.nan_supported_bands))
2355 			goto nla_put_failure;
2356 
2357 		if (wiphy_ext_feature_isset(&rdev->wiphy,
2358 					    NL80211_EXT_FEATURE_TXQS)) {
2359 			struct cfg80211_txq_stats txqstats = {};
2360 			int res;
2361 
2362 			res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2363 			if (!res &&
2364 			    !nl80211_put_txq_stats(msg, &txqstats,
2365 						   NL80211_ATTR_TXQ_STATS))
2366 				goto nla_put_failure;
2367 
2368 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2369 					rdev->wiphy.txq_limit))
2370 				goto nla_put_failure;
2371 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2372 					rdev->wiphy.txq_memory_limit))
2373 				goto nla_put_failure;
2374 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2375 					rdev->wiphy.txq_quantum))
2376 				goto nla_put_failure;
2377 		}
2378 
2379 		state->split_start++;
2380 		break;
2381 	case 14:
2382 		if (nl80211_send_pmsr_capa(rdev, msg))
2383 			goto nla_put_failure;
2384 
2385 		state->split_start++;
2386 		break;
2387 	case 15:
2388 		if (rdev->wiphy.akm_suites &&
2389 		    nla_put(msg, NL80211_ATTR_AKM_SUITES,
2390 			    sizeof(u32) * rdev->wiphy.n_akm_suites,
2391 			    rdev->wiphy.akm_suites))
2392 			goto nla_put_failure;
2393 
2394 		/* done */
2395 		state->split_start = 0;
2396 		break;
2397 	}
2398  finish:
2399 	genlmsg_end(msg, hdr);
2400 	return 0;
2401 
2402  nla_put_failure:
2403 	genlmsg_cancel(msg, hdr);
2404 	return -EMSGSIZE;
2405 }
2406 
2407 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2408 				    struct netlink_callback *cb,
2409 				    struct nl80211_dump_wiphy_state *state)
2410 {
2411 	struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
2412 	int ret;
2413 
2414 	if (!tb)
2415 		return -ENOMEM;
2416 
2417 	ret = nlmsg_parse_deprecated(cb->nlh,
2418 				     GENL_HDRLEN + nl80211_fam.hdrsize,
2419 				     tb, nl80211_fam.maxattr,
2420 				     nl80211_policy, NULL);
2421 	/* ignore parse errors for backward compatibility */
2422 	if (ret) {
2423 		ret = 0;
2424 		goto out;
2425 	}
2426 
2427 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2428 	if (tb[NL80211_ATTR_WIPHY])
2429 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2430 	if (tb[NL80211_ATTR_WDEV])
2431 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2432 	if (tb[NL80211_ATTR_IFINDEX]) {
2433 		struct net_device *netdev;
2434 		struct cfg80211_registered_device *rdev;
2435 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2436 
2437 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2438 		if (!netdev) {
2439 			ret = -ENODEV;
2440 			goto out;
2441 		}
2442 		if (netdev->ieee80211_ptr) {
2443 			rdev = wiphy_to_rdev(
2444 				netdev->ieee80211_ptr->wiphy);
2445 			state->filter_wiphy = rdev->wiphy_idx;
2446 		}
2447 	}
2448 
2449 	ret = 0;
2450 out:
2451 	kfree(tb);
2452 	return ret;
2453 }
2454 
2455 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2456 {
2457 	int idx = 0, ret;
2458 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2459 	struct cfg80211_registered_device *rdev;
2460 
2461 	rtnl_lock();
2462 	if (!state) {
2463 		state = kzalloc(sizeof(*state), GFP_KERNEL);
2464 		if (!state) {
2465 			rtnl_unlock();
2466 			return -ENOMEM;
2467 		}
2468 		state->filter_wiphy = -1;
2469 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
2470 		if (ret) {
2471 			kfree(state);
2472 			rtnl_unlock();
2473 			return ret;
2474 		}
2475 		cb->args[0] = (long)state;
2476 	}
2477 
2478 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2479 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2480 			continue;
2481 		if (++idx <= state->start)
2482 			continue;
2483 		if (state->filter_wiphy != -1 &&
2484 		    state->filter_wiphy != rdev->wiphy_idx)
2485 			continue;
2486 		/* attempt to fit multiple wiphy data chunks into the skb */
2487 		do {
2488 			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2489 						 skb,
2490 						 NETLINK_CB(cb->skb).portid,
2491 						 cb->nlh->nlmsg_seq,
2492 						 NLM_F_MULTI, state);
2493 			if (ret < 0) {
2494 				/*
2495 				 * If sending the wiphy data didn't fit (ENOBUFS
2496 				 * or EMSGSIZE returned), this SKB is still
2497 				 * empty (so it's not too big because another
2498 				 * wiphy dataset is already in the skb) and
2499 				 * we've not tried to adjust the dump allocation
2500 				 * yet ... then adjust the alloc size to be
2501 				 * bigger, and return 1 but with the empty skb.
2502 				 * This results in an empty message being RX'ed
2503 				 * in userspace, but that is ignored.
2504 				 *
2505 				 * We can then retry with the larger buffer.
2506 				 */
2507 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2508 				    !skb->len && !state->split &&
2509 				    cb->min_dump_alloc < 4096) {
2510 					cb->min_dump_alloc = 4096;
2511 					state->split_start = 0;
2512 					rtnl_unlock();
2513 					return 1;
2514 				}
2515 				idx--;
2516 				break;
2517 			}
2518 		} while (state->split_start > 0);
2519 		break;
2520 	}
2521 	rtnl_unlock();
2522 
2523 	state->start = idx;
2524 
2525 	return skb->len;
2526 }
2527 
2528 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2529 {
2530 	kfree((void *)cb->args[0]);
2531 	return 0;
2532 }
2533 
2534 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2535 {
2536 	struct sk_buff *msg;
2537 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2538 	struct nl80211_dump_wiphy_state state = {};
2539 
2540 	msg = nlmsg_new(4096, GFP_KERNEL);
2541 	if (!msg)
2542 		return -ENOMEM;
2543 
2544 	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2545 			       info->snd_portid, info->snd_seq, 0,
2546 			       &state) < 0) {
2547 		nlmsg_free(msg);
2548 		return -ENOBUFS;
2549 	}
2550 
2551 	return genlmsg_reply(msg, info);
2552 }
2553 
2554 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2555 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
2556 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
2557 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
2558 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
2559 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
2560 };
2561 
2562 static int parse_txq_params(struct nlattr *tb[],
2563 			    struct ieee80211_txq_params *txq_params)
2564 {
2565 	u8 ac;
2566 
2567 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2568 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2569 	    !tb[NL80211_TXQ_ATTR_AIFS])
2570 		return -EINVAL;
2571 
2572 	ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2573 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2574 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2575 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2576 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2577 
2578 	if (ac >= NL80211_NUM_ACS)
2579 		return -EINVAL;
2580 	txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2581 	return 0;
2582 }
2583 
2584 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2585 {
2586 	/*
2587 	 * You can only set the channel explicitly for WDS interfaces,
2588 	 * all others have their channel managed via their respective
2589 	 * "establish a connection" command (connect, join, ...)
2590 	 *
2591 	 * For AP/GO and mesh mode, the channel can be set with the
2592 	 * channel userspace API, but is only stored and passed to the
2593 	 * low-level driver when the AP starts or the mesh is joined.
2594 	 * This is for backward compatibility, userspace can also give
2595 	 * the channel in the start-ap or join-mesh commands instead.
2596 	 *
2597 	 * Monitors are special as they are normally slaved to
2598 	 * whatever else is going on, so they have their own special
2599 	 * operation to set the monitor channel if possible.
2600 	 */
2601 	return !wdev ||
2602 		wdev->iftype == NL80211_IFTYPE_AP ||
2603 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2604 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
2605 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
2606 }
2607 
2608 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2609 			  struct genl_info *info,
2610 			  struct cfg80211_chan_def *chandef)
2611 {
2612 	struct netlink_ext_ack *extack = info->extack;
2613 	struct nlattr **attrs = info->attrs;
2614 	u32 control_freq;
2615 
2616 	if (!attrs[NL80211_ATTR_WIPHY_FREQ])
2617 		return -EINVAL;
2618 
2619 	control_freq = nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]);
2620 
2621 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2622 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2623 	chandef->center_freq1 = control_freq;
2624 	chandef->center_freq2 = 0;
2625 
2626 	/* Primary channel not allowed */
2627 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
2628 		NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
2629 				    "Channel is disabled");
2630 		return -EINVAL;
2631 	}
2632 
2633 	if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2634 		enum nl80211_channel_type chantype;
2635 
2636 		chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2637 
2638 		switch (chantype) {
2639 		case NL80211_CHAN_NO_HT:
2640 		case NL80211_CHAN_HT20:
2641 		case NL80211_CHAN_HT40PLUS:
2642 		case NL80211_CHAN_HT40MINUS:
2643 			cfg80211_chandef_create(chandef, chandef->chan,
2644 						chantype);
2645 			/* user input for center_freq is incorrect */
2646 			if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
2647 			    chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
2648 				NL_SET_ERR_MSG_ATTR(extack,
2649 						    attrs[NL80211_ATTR_CENTER_FREQ1],
2650 						    "bad center frequency 1");
2651 				return -EINVAL;
2652 			}
2653 			/* center_freq2 must be zero */
2654 			if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
2655 			    nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
2656 				NL_SET_ERR_MSG_ATTR(extack,
2657 						    attrs[NL80211_ATTR_CENTER_FREQ2],
2658 						    "center frequency 2 can't be used");
2659 				return -EINVAL;
2660 			}
2661 			break;
2662 		default:
2663 			NL_SET_ERR_MSG_ATTR(extack,
2664 					    attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
2665 					    "invalid channel type");
2666 			return -EINVAL;
2667 		}
2668 	} else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2669 		chandef->width =
2670 			nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2671 		if (attrs[NL80211_ATTR_CENTER_FREQ1])
2672 			chandef->center_freq1 =
2673 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
2674 		if (attrs[NL80211_ATTR_CENTER_FREQ2])
2675 			chandef->center_freq2 =
2676 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
2677 	}
2678 
2679 	if (!cfg80211_chandef_valid(chandef)) {
2680 		NL_SET_ERR_MSG(extack, "invalid channel definition");
2681 		return -EINVAL;
2682 	}
2683 
2684 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2685 				     IEEE80211_CHAN_DISABLED)) {
2686 		NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
2687 		return -EINVAL;
2688 	}
2689 
2690 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2691 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
2692 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
2693 		NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
2694 		return -EINVAL;
2695 	}
2696 
2697 	return 0;
2698 }
2699 
2700 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2701 				 struct net_device *dev,
2702 				 struct genl_info *info)
2703 {
2704 	struct cfg80211_chan_def chandef;
2705 	int result;
2706 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2707 	struct wireless_dev *wdev = NULL;
2708 
2709 	if (dev)
2710 		wdev = dev->ieee80211_ptr;
2711 	if (!nl80211_can_set_dev_channel(wdev))
2712 		return -EOPNOTSUPP;
2713 	if (wdev)
2714 		iftype = wdev->iftype;
2715 
2716 	result = nl80211_parse_chandef(rdev, info, &chandef);
2717 	if (result)
2718 		return result;
2719 
2720 	switch (iftype) {
2721 	case NL80211_IFTYPE_AP:
2722 	case NL80211_IFTYPE_P2P_GO:
2723 		if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2724 						   iftype)) {
2725 			result = -EINVAL;
2726 			break;
2727 		}
2728 		if (wdev->beacon_interval) {
2729 			if (!dev || !rdev->ops->set_ap_chanwidth ||
2730 			    !(rdev->wiphy.features &
2731 			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2732 				result = -EBUSY;
2733 				break;
2734 			}
2735 
2736 			/* Only allow dynamic channel width changes */
2737 			if (chandef.chan != wdev->preset_chandef.chan) {
2738 				result = -EBUSY;
2739 				break;
2740 			}
2741 			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2742 			if (result)
2743 				break;
2744 		}
2745 		wdev->preset_chandef = chandef;
2746 		result = 0;
2747 		break;
2748 	case NL80211_IFTYPE_MESH_POINT:
2749 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2750 		break;
2751 	case NL80211_IFTYPE_MONITOR:
2752 		result = cfg80211_set_monitor_channel(rdev, &chandef);
2753 		break;
2754 	default:
2755 		result = -EINVAL;
2756 	}
2757 
2758 	return result;
2759 }
2760 
2761 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2762 {
2763 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2764 	struct net_device *netdev = info->user_ptr[1];
2765 
2766 	return __nl80211_set_channel(rdev, netdev, info);
2767 }
2768 
2769 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2770 {
2771 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2772 	struct net_device *dev = info->user_ptr[1];
2773 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2774 	const u8 *bssid;
2775 
2776 	if (!info->attrs[NL80211_ATTR_MAC])
2777 		return -EINVAL;
2778 
2779 	if (netif_running(dev))
2780 		return -EBUSY;
2781 
2782 	if (!rdev->ops->set_wds_peer)
2783 		return -EOPNOTSUPP;
2784 
2785 	if (wdev->iftype != NL80211_IFTYPE_WDS)
2786 		return -EOPNOTSUPP;
2787 
2788 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2789 	return rdev_set_wds_peer(rdev, dev, bssid);
2790 }
2791 
2792 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2793 {
2794 	struct cfg80211_registered_device *rdev;
2795 	struct net_device *netdev = NULL;
2796 	struct wireless_dev *wdev;
2797 	int result = 0, rem_txq_params = 0;
2798 	struct nlattr *nl_txq_params;
2799 	u32 changed;
2800 	u8 retry_short = 0, retry_long = 0;
2801 	u32 frag_threshold = 0, rts_threshold = 0;
2802 	u8 coverage_class = 0;
2803 	u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
2804 
2805 	ASSERT_RTNL();
2806 
2807 	/*
2808 	 * Try to find the wiphy and netdev. Normally this
2809 	 * function shouldn't need the netdev, but this is
2810 	 * done for backward compatibility -- previously
2811 	 * setting the channel was done per wiphy, but now
2812 	 * it is per netdev. Previous userland like hostapd
2813 	 * also passed a netdev to set_wiphy, so that it is
2814 	 * possible to let that go to the right netdev!
2815 	 */
2816 
2817 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
2818 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2819 
2820 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2821 		if (netdev && netdev->ieee80211_ptr)
2822 			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2823 		else
2824 			netdev = NULL;
2825 	}
2826 
2827 	if (!netdev) {
2828 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2829 						  info->attrs);
2830 		if (IS_ERR(rdev))
2831 			return PTR_ERR(rdev);
2832 		wdev = NULL;
2833 		netdev = NULL;
2834 		result = 0;
2835 	} else
2836 		wdev = netdev->ieee80211_ptr;
2837 
2838 	/*
2839 	 * end workaround code, by now the rdev is available
2840 	 * and locked, and wdev may or may not be NULL.
2841 	 */
2842 
2843 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2844 		result = cfg80211_dev_rename(
2845 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2846 
2847 	if (result)
2848 		return result;
2849 
2850 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2851 		struct ieee80211_txq_params txq_params;
2852 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2853 
2854 		if (!rdev->ops->set_txq_params)
2855 			return -EOPNOTSUPP;
2856 
2857 		if (!netdev)
2858 			return -EINVAL;
2859 
2860 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2861 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2862 			return -EINVAL;
2863 
2864 		if (!netif_running(netdev))
2865 			return -ENETDOWN;
2866 
2867 		nla_for_each_nested(nl_txq_params,
2868 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2869 				    rem_txq_params) {
2870 			result = nla_parse_nested_deprecated(tb,
2871 							     NL80211_TXQ_ATTR_MAX,
2872 							     nl_txq_params,
2873 							     txq_params_policy,
2874 							     info->extack);
2875 			if (result)
2876 				return result;
2877 			result = parse_txq_params(tb, &txq_params);
2878 			if (result)
2879 				return result;
2880 
2881 			result = rdev_set_txq_params(rdev, netdev,
2882 						     &txq_params);
2883 			if (result)
2884 				return result;
2885 		}
2886 	}
2887 
2888 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2889 		result = __nl80211_set_channel(
2890 			rdev,
2891 			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2892 			info);
2893 		if (result)
2894 			return result;
2895 	}
2896 
2897 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2898 		struct wireless_dev *txp_wdev = wdev;
2899 		enum nl80211_tx_power_setting type;
2900 		int idx, mbm = 0;
2901 
2902 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2903 			txp_wdev = NULL;
2904 
2905 		if (!rdev->ops->set_tx_power)
2906 			return -EOPNOTSUPP;
2907 
2908 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2909 		type = nla_get_u32(info->attrs[idx]);
2910 
2911 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2912 		    (type != NL80211_TX_POWER_AUTOMATIC))
2913 			return -EINVAL;
2914 
2915 		if (type != NL80211_TX_POWER_AUTOMATIC) {
2916 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2917 			mbm = nla_get_u32(info->attrs[idx]);
2918 		}
2919 
2920 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2921 		if (result)
2922 			return result;
2923 	}
2924 
2925 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2926 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2927 		u32 tx_ant, rx_ant;
2928 
2929 		if ((!rdev->wiphy.available_antennas_tx &&
2930 		     !rdev->wiphy.available_antennas_rx) ||
2931 		    !rdev->ops->set_antenna)
2932 			return -EOPNOTSUPP;
2933 
2934 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2935 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2936 
2937 		/* reject antenna configurations which don't match the
2938 		 * available antenna masks, except for the "all" mask */
2939 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2940 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2941 			return -EINVAL;
2942 
2943 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2944 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2945 
2946 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2947 		if (result)
2948 			return result;
2949 	}
2950 
2951 	changed = 0;
2952 
2953 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2954 		retry_short = nla_get_u8(
2955 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2956 
2957 		changed |= WIPHY_PARAM_RETRY_SHORT;
2958 	}
2959 
2960 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2961 		retry_long = nla_get_u8(
2962 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2963 
2964 		changed |= WIPHY_PARAM_RETRY_LONG;
2965 	}
2966 
2967 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2968 		frag_threshold = nla_get_u32(
2969 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2970 		if (frag_threshold < 256)
2971 			return -EINVAL;
2972 
2973 		if (frag_threshold != (u32) -1) {
2974 			/*
2975 			 * Fragments (apart from the last one) are required to
2976 			 * have even length. Make the fragmentation code
2977 			 * simpler by stripping LSB should someone try to use
2978 			 * odd threshold value.
2979 			 */
2980 			frag_threshold &= ~0x1;
2981 		}
2982 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2983 	}
2984 
2985 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2986 		rts_threshold = nla_get_u32(
2987 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2988 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2989 	}
2990 
2991 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2992 		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2993 			return -EINVAL;
2994 
2995 		coverage_class = nla_get_u8(
2996 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2997 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2998 	}
2999 
3000 	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3001 		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
3002 			return -EOPNOTSUPP;
3003 
3004 		changed |= WIPHY_PARAM_DYN_ACK;
3005 	}
3006 
3007 	if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3008 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3009 					     NL80211_EXT_FEATURE_TXQS))
3010 			return -EOPNOTSUPP;
3011 		txq_limit = nla_get_u32(
3012 			info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3013 		changed |= WIPHY_PARAM_TXQ_LIMIT;
3014 	}
3015 
3016 	if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3017 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3018 					     NL80211_EXT_FEATURE_TXQS))
3019 			return -EOPNOTSUPP;
3020 		txq_memory_limit = nla_get_u32(
3021 			info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3022 		changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3023 	}
3024 
3025 	if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3026 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3027 					     NL80211_EXT_FEATURE_TXQS))
3028 			return -EOPNOTSUPP;
3029 		txq_quantum = nla_get_u32(
3030 			info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3031 		changed |= WIPHY_PARAM_TXQ_QUANTUM;
3032 	}
3033 
3034 	if (changed) {
3035 		u8 old_retry_short, old_retry_long;
3036 		u32 old_frag_threshold, old_rts_threshold;
3037 		u8 old_coverage_class;
3038 		u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3039 
3040 		if (!rdev->ops->set_wiphy_params)
3041 			return -EOPNOTSUPP;
3042 
3043 		old_retry_short = rdev->wiphy.retry_short;
3044 		old_retry_long = rdev->wiphy.retry_long;
3045 		old_frag_threshold = rdev->wiphy.frag_threshold;
3046 		old_rts_threshold = rdev->wiphy.rts_threshold;
3047 		old_coverage_class = rdev->wiphy.coverage_class;
3048 		old_txq_limit = rdev->wiphy.txq_limit;
3049 		old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3050 		old_txq_quantum = rdev->wiphy.txq_quantum;
3051 
3052 		if (changed & WIPHY_PARAM_RETRY_SHORT)
3053 			rdev->wiphy.retry_short = retry_short;
3054 		if (changed & WIPHY_PARAM_RETRY_LONG)
3055 			rdev->wiphy.retry_long = retry_long;
3056 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3057 			rdev->wiphy.frag_threshold = frag_threshold;
3058 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3059 			rdev->wiphy.rts_threshold = rts_threshold;
3060 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3061 			rdev->wiphy.coverage_class = coverage_class;
3062 		if (changed & WIPHY_PARAM_TXQ_LIMIT)
3063 			rdev->wiphy.txq_limit = txq_limit;
3064 		if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3065 			rdev->wiphy.txq_memory_limit = txq_memory_limit;
3066 		if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3067 			rdev->wiphy.txq_quantum = txq_quantum;
3068 
3069 		result = rdev_set_wiphy_params(rdev, changed);
3070 		if (result) {
3071 			rdev->wiphy.retry_short = old_retry_short;
3072 			rdev->wiphy.retry_long = old_retry_long;
3073 			rdev->wiphy.frag_threshold = old_frag_threshold;
3074 			rdev->wiphy.rts_threshold = old_rts_threshold;
3075 			rdev->wiphy.coverage_class = old_coverage_class;
3076 			rdev->wiphy.txq_limit = old_txq_limit;
3077 			rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3078 			rdev->wiphy.txq_quantum = old_txq_quantum;
3079 			return result;
3080 		}
3081 	}
3082 	return 0;
3083 }
3084 
3085 static int nl80211_send_chandef(struct sk_buff *msg,
3086 				const struct cfg80211_chan_def *chandef)
3087 {
3088 	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3089 		return -EINVAL;
3090 
3091 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3092 			chandef->chan->center_freq))
3093 		return -ENOBUFS;
3094 	switch (chandef->width) {
3095 	case NL80211_CHAN_WIDTH_20_NOHT:
3096 	case NL80211_CHAN_WIDTH_20:
3097 	case NL80211_CHAN_WIDTH_40:
3098 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3099 				cfg80211_get_chandef_type(chandef)))
3100 			return -ENOBUFS;
3101 		break;
3102 	default:
3103 		break;
3104 	}
3105 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3106 		return -ENOBUFS;
3107 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3108 		return -ENOBUFS;
3109 	if (chandef->center_freq2 &&
3110 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3111 		return -ENOBUFS;
3112 	return 0;
3113 }
3114 
3115 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3116 			      struct cfg80211_registered_device *rdev,
3117 			      struct wireless_dev *wdev,
3118 			      enum nl80211_commands cmd)
3119 {
3120 	struct net_device *dev = wdev->netdev;
3121 	void *hdr;
3122 
3123 	WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3124 		cmd != NL80211_CMD_DEL_INTERFACE &&
3125 		cmd != NL80211_CMD_SET_INTERFACE);
3126 
3127 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3128 	if (!hdr)
3129 		return -1;
3130 
3131 	if (dev &&
3132 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3133 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3134 		goto nla_put_failure;
3135 
3136 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3137 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3138 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3139 			      NL80211_ATTR_PAD) ||
3140 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3141 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
3142 			rdev->devlist_generation ^
3143 			(cfg80211_rdev_list_generation << 2)) ||
3144 	    nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3145 		goto nla_put_failure;
3146 
3147 	if (rdev->ops->get_channel) {
3148 		int ret;
3149 		struct cfg80211_chan_def chandef;
3150 
3151 		ret = rdev_get_channel(rdev, wdev, &chandef);
3152 		if (ret == 0) {
3153 			if (nl80211_send_chandef(msg, &chandef))
3154 				goto nla_put_failure;
3155 		}
3156 	}
3157 
3158 	if (rdev->ops->get_tx_power) {
3159 		int dbm, ret;
3160 
3161 		ret = rdev_get_tx_power(rdev, wdev, &dbm);
3162 		if (ret == 0 &&
3163 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3164 				DBM_TO_MBM(dbm)))
3165 			goto nla_put_failure;
3166 	}
3167 
3168 	wdev_lock(wdev);
3169 	switch (wdev->iftype) {
3170 	case NL80211_IFTYPE_AP:
3171 		if (wdev->ssid_len &&
3172 		    nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3173 			goto nla_put_failure_locked;
3174 		break;
3175 	case NL80211_IFTYPE_STATION:
3176 	case NL80211_IFTYPE_P2P_CLIENT:
3177 	case NL80211_IFTYPE_ADHOC: {
3178 		const u8 *ssid_ie;
3179 		if (!wdev->current_bss)
3180 			break;
3181 		rcu_read_lock();
3182 		ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3183 					       WLAN_EID_SSID);
3184 		if (ssid_ie &&
3185 		    nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3186 			goto nla_put_failure_rcu_locked;
3187 		rcu_read_unlock();
3188 		break;
3189 		}
3190 	default:
3191 		/* nothing */
3192 		break;
3193 	}
3194 	wdev_unlock(wdev);
3195 
3196 	if (rdev->ops->get_txq_stats) {
3197 		struct cfg80211_txq_stats txqstats = {};
3198 		int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3199 
3200 		if (ret == 0 &&
3201 		    !nl80211_put_txq_stats(msg, &txqstats,
3202 					   NL80211_ATTR_TXQ_STATS))
3203 			goto nla_put_failure;
3204 	}
3205 
3206 	genlmsg_end(msg, hdr);
3207 	return 0;
3208 
3209  nla_put_failure_rcu_locked:
3210 	rcu_read_unlock();
3211  nla_put_failure_locked:
3212 	wdev_unlock(wdev);
3213  nla_put_failure:
3214 	genlmsg_cancel(msg, hdr);
3215 	return -EMSGSIZE;
3216 }
3217 
3218 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3219 {
3220 	int wp_idx = 0;
3221 	int if_idx = 0;
3222 	int wp_start = cb->args[0];
3223 	int if_start = cb->args[1];
3224 	int filter_wiphy = -1;
3225 	struct cfg80211_registered_device *rdev;
3226 	struct wireless_dev *wdev;
3227 	int ret;
3228 
3229 	rtnl_lock();
3230 	if (!cb->args[2]) {
3231 		struct nl80211_dump_wiphy_state state = {
3232 			.filter_wiphy = -1,
3233 		};
3234 
3235 		ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3236 		if (ret)
3237 			goto out_unlock;
3238 
3239 		filter_wiphy = state.filter_wiphy;
3240 
3241 		/*
3242 		 * if filtering, set cb->args[2] to +1 since 0 is the default
3243 		 * value needed to determine that parsing is necessary.
3244 		 */
3245 		if (filter_wiphy >= 0)
3246 			cb->args[2] = filter_wiphy + 1;
3247 		else
3248 			cb->args[2] = -1;
3249 	} else if (cb->args[2] > 0) {
3250 		filter_wiphy = cb->args[2] - 1;
3251 	}
3252 
3253 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3254 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3255 			continue;
3256 		if (wp_idx < wp_start) {
3257 			wp_idx++;
3258 			continue;
3259 		}
3260 
3261 		if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3262 			continue;
3263 
3264 		if_idx = 0;
3265 
3266 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3267 			if (if_idx < if_start) {
3268 				if_idx++;
3269 				continue;
3270 			}
3271 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3272 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
3273 					       rdev, wdev,
3274 					       NL80211_CMD_NEW_INTERFACE) < 0) {
3275 				goto out;
3276 			}
3277 			if_idx++;
3278 		}
3279 
3280 		wp_idx++;
3281 	}
3282  out:
3283 	cb->args[0] = wp_idx;
3284 	cb->args[1] = if_idx;
3285 
3286 	ret = skb->len;
3287  out_unlock:
3288 	rtnl_unlock();
3289 
3290 	return ret;
3291 }
3292 
3293 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3294 {
3295 	struct sk_buff *msg;
3296 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3297 	struct wireless_dev *wdev = info->user_ptr[1];
3298 
3299 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3300 	if (!msg)
3301 		return -ENOMEM;
3302 
3303 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3304 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3305 		nlmsg_free(msg);
3306 		return -ENOBUFS;
3307 	}
3308 
3309 	return genlmsg_reply(msg, info);
3310 }
3311 
3312 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3313 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3314 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3315 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3316 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3317 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3318 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3319 };
3320 
3321 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3322 {
3323 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3324 	int flag;
3325 
3326 	*mntrflags = 0;
3327 
3328 	if (!nla)
3329 		return -EINVAL;
3330 
3331 	if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3332 		return -EINVAL;
3333 
3334 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3335 		if (flags[flag])
3336 			*mntrflags |= (1<<flag);
3337 
3338 	*mntrflags |= MONITOR_FLAG_CHANGED;
3339 
3340 	return 0;
3341 }
3342 
3343 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3344 				     enum nl80211_iftype type,
3345 				     struct genl_info *info,
3346 				     struct vif_params *params)
3347 {
3348 	bool change = false;
3349 	int err;
3350 
3351 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3352 		if (type != NL80211_IFTYPE_MONITOR)
3353 			return -EINVAL;
3354 
3355 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3356 					  &params->flags);
3357 		if (err)
3358 			return err;
3359 
3360 		change = true;
3361 	}
3362 
3363 	if (params->flags & MONITOR_FLAG_ACTIVE &&
3364 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3365 		return -EOPNOTSUPP;
3366 
3367 	if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3368 		const u8 *mumimo_groups;
3369 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3370 
3371 		if (type != NL80211_IFTYPE_MONITOR)
3372 			return -EINVAL;
3373 
3374 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3375 			return -EOPNOTSUPP;
3376 
3377 		mumimo_groups =
3378 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3379 
3380 		/* bits 0 and 63 are reserved and must be zero */
3381 		if ((mumimo_groups[0] & BIT(0)) ||
3382 		    (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3383 			return -EINVAL;
3384 
3385 		params->vht_mumimo_groups = mumimo_groups;
3386 		change = true;
3387 	}
3388 
3389 	if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3390 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3391 
3392 		if (type != NL80211_IFTYPE_MONITOR)
3393 			return -EINVAL;
3394 
3395 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3396 			return -EOPNOTSUPP;
3397 
3398 		params->vht_mumimo_follow_addr =
3399 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3400 		change = true;
3401 	}
3402 
3403 	return change ? 1 : 0;
3404 }
3405 
3406 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3407 			       struct net_device *netdev, u8 use_4addr,
3408 			       enum nl80211_iftype iftype)
3409 {
3410 	if (!use_4addr) {
3411 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
3412 			return -EBUSY;
3413 		return 0;
3414 	}
3415 
3416 	switch (iftype) {
3417 	case NL80211_IFTYPE_AP_VLAN:
3418 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3419 			return 0;
3420 		break;
3421 	case NL80211_IFTYPE_STATION:
3422 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3423 			return 0;
3424 		break;
3425 	default:
3426 		break;
3427 	}
3428 
3429 	return -EOPNOTSUPP;
3430 }
3431 
3432 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3433 {
3434 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3435 	struct vif_params params;
3436 	int err;
3437 	enum nl80211_iftype otype, ntype;
3438 	struct net_device *dev = info->user_ptr[1];
3439 	bool change = false;
3440 
3441 	memset(&params, 0, sizeof(params));
3442 
3443 	otype = ntype = dev->ieee80211_ptr->iftype;
3444 
3445 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
3446 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3447 		if (otype != ntype)
3448 			change = true;
3449 	}
3450 
3451 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
3452 		struct wireless_dev *wdev = dev->ieee80211_ptr;
3453 
3454 		if (ntype != NL80211_IFTYPE_MESH_POINT)
3455 			return -EINVAL;
3456 		if (netif_running(dev))
3457 			return -EBUSY;
3458 
3459 		wdev_lock(wdev);
3460 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3461 			     IEEE80211_MAX_MESH_ID_LEN);
3462 		wdev->mesh_id_up_len =
3463 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3464 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3465 		       wdev->mesh_id_up_len);
3466 		wdev_unlock(wdev);
3467 	}
3468 
3469 	if (info->attrs[NL80211_ATTR_4ADDR]) {
3470 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3471 		change = true;
3472 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3473 		if (err)
3474 			return err;
3475 	} else {
3476 		params.use_4addr = -1;
3477 	}
3478 
3479 	err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3480 	if (err < 0)
3481 		return err;
3482 	if (err > 0)
3483 		change = true;
3484 
3485 	if (change)
3486 		err = cfg80211_change_iface(rdev, dev, ntype, &params);
3487 	else
3488 		err = 0;
3489 
3490 	if (!err && params.use_4addr != -1)
3491 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
3492 
3493 	if (change && !err) {
3494 		struct wireless_dev *wdev = dev->ieee80211_ptr;
3495 
3496 		nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3497 	}
3498 
3499 	return err;
3500 }
3501 
3502 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3503 {
3504 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3505 	struct vif_params params;
3506 	struct wireless_dev *wdev;
3507 	struct sk_buff *msg;
3508 	int err;
3509 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3510 
3511 	/* to avoid failing a new interface creation due to pending removal */
3512 	cfg80211_destroy_ifaces(rdev);
3513 
3514 	memset(&params, 0, sizeof(params));
3515 
3516 	if (!info->attrs[NL80211_ATTR_IFNAME])
3517 		return -EINVAL;
3518 
3519 	if (info->attrs[NL80211_ATTR_IFTYPE])
3520 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3521 
3522 	if (!rdev->ops->add_virtual_intf)
3523 		return -EOPNOTSUPP;
3524 
3525 	if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3526 	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3527 	    info->attrs[NL80211_ATTR_MAC]) {
3528 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3529 			   ETH_ALEN);
3530 		if (!is_valid_ether_addr(params.macaddr))
3531 			return -EADDRNOTAVAIL;
3532 	}
3533 
3534 	if (info->attrs[NL80211_ATTR_4ADDR]) {
3535 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3536 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3537 		if (err)
3538 			return err;
3539 	}
3540 
3541 	if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3542 		return -EOPNOTSUPP;
3543 
3544 	err = nl80211_parse_mon_options(rdev, type, info, &params);
3545 	if (err < 0)
3546 		return err;
3547 
3548 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3549 	if (!msg)
3550 		return -ENOMEM;
3551 
3552 	wdev = rdev_add_virtual_intf(rdev,
3553 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3554 				NET_NAME_USER, type, &params);
3555 	if (WARN_ON(!wdev)) {
3556 		nlmsg_free(msg);
3557 		return -EPROTO;
3558 	} else if (IS_ERR(wdev)) {
3559 		nlmsg_free(msg);
3560 		return PTR_ERR(wdev);
3561 	}
3562 
3563 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3564 		wdev->owner_nlportid = info->snd_portid;
3565 
3566 	switch (type) {
3567 	case NL80211_IFTYPE_MESH_POINT:
3568 		if (!info->attrs[NL80211_ATTR_MESH_ID])
3569 			break;
3570 		wdev_lock(wdev);
3571 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3572 			     IEEE80211_MAX_MESH_ID_LEN);
3573 		wdev->mesh_id_up_len =
3574 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3575 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3576 		       wdev->mesh_id_up_len);
3577 		wdev_unlock(wdev);
3578 		break;
3579 	case NL80211_IFTYPE_NAN:
3580 	case NL80211_IFTYPE_P2P_DEVICE:
3581 		/*
3582 		 * P2P Device and NAN do not have a netdev, so don't go
3583 		 * through the netdev notifier and must be added here
3584 		 */
3585 		cfg80211_init_wdev(rdev, wdev);
3586 		break;
3587 	default:
3588 		break;
3589 	}
3590 
3591 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3592 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3593 		nlmsg_free(msg);
3594 		return -ENOBUFS;
3595 	}
3596 
3597 	return genlmsg_reply(msg, info);
3598 }
3599 
3600 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3601 {
3602 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3603 	struct wireless_dev *wdev = info->user_ptr[1];
3604 
3605 	if (!rdev->ops->del_virtual_intf)
3606 		return -EOPNOTSUPP;
3607 
3608 	/*
3609 	 * If we remove a wireless device without a netdev then clear
3610 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
3611 	 * to check if it needs to do dev_put(). Otherwise it crashes
3612 	 * since the wdev has been freed, unlike with a netdev where
3613 	 * we need the dev_put() for the netdev to really be freed.
3614 	 */
3615 	if (!wdev->netdev)
3616 		info->user_ptr[1] = NULL;
3617 
3618 	return rdev_del_virtual_intf(rdev, wdev);
3619 }
3620 
3621 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3622 {
3623 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3624 	struct net_device *dev = info->user_ptr[1];
3625 	u16 noack_map;
3626 
3627 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3628 		return -EINVAL;
3629 
3630 	if (!rdev->ops->set_noack_map)
3631 		return -EOPNOTSUPP;
3632 
3633 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3634 
3635 	return rdev_set_noack_map(rdev, dev, noack_map);
3636 }
3637 
3638 struct get_key_cookie {
3639 	struct sk_buff *msg;
3640 	int error;
3641 	int idx;
3642 };
3643 
3644 static void get_key_callback(void *c, struct key_params *params)
3645 {
3646 	struct nlattr *key;
3647 	struct get_key_cookie *cookie = c;
3648 
3649 	if ((params->key &&
3650 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3651 		     params->key_len, params->key)) ||
3652 	    (params->seq &&
3653 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3654 		     params->seq_len, params->seq)) ||
3655 	    (params->cipher &&
3656 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3657 			 params->cipher)))
3658 		goto nla_put_failure;
3659 
3660 	key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
3661 	if (!key)
3662 		goto nla_put_failure;
3663 
3664 	if ((params->key &&
3665 	     nla_put(cookie->msg, NL80211_KEY_DATA,
3666 		     params->key_len, params->key)) ||
3667 	    (params->seq &&
3668 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
3669 		     params->seq_len, params->seq)) ||
3670 	    (params->cipher &&
3671 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3672 			 params->cipher)))
3673 		goto nla_put_failure;
3674 
3675 	if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
3676 		goto nla_put_failure;
3677 
3678 	nla_nest_end(cookie->msg, key);
3679 
3680 	return;
3681  nla_put_failure:
3682 	cookie->error = 1;
3683 }
3684 
3685 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3686 {
3687 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3688 	int err;
3689 	struct net_device *dev = info->user_ptr[1];
3690 	u8 key_idx = 0;
3691 	const u8 *mac_addr = NULL;
3692 	bool pairwise;
3693 	struct get_key_cookie cookie = {
3694 		.error = 0,
3695 	};
3696 	void *hdr;
3697 	struct sk_buff *msg;
3698 
3699 	if (info->attrs[NL80211_ATTR_KEY_IDX])
3700 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3701 
3702 	if (info->attrs[NL80211_ATTR_MAC])
3703 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3704 
3705 	pairwise = !!mac_addr;
3706 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3707 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3708 
3709 		if (kt != NL80211_KEYTYPE_GROUP &&
3710 		    kt != NL80211_KEYTYPE_PAIRWISE)
3711 			return -EINVAL;
3712 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3713 	}
3714 
3715 	if (!rdev->ops->get_key)
3716 		return -EOPNOTSUPP;
3717 
3718 	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3719 		return -ENOENT;
3720 
3721 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3722 	if (!msg)
3723 		return -ENOMEM;
3724 
3725 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3726 			     NL80211_CMD_NEW_KEY);
3727 	if (!hdr)
3728 		goto nla_put_failure;
3729 
3730 	cookie.msg = msg;
3731 	cookie.idx = key_idx;
3732 
3733 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3734 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3735 		goto nla_put_failure;
3736 	if (mac_addr &&
3737 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3738 		goto nla_put_failure;
3739 
3740 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3741 			   get_key_callback);
3742 
3743 	if (err)
3744 		goto free_msg;
3745 
3746 	if (cookie.error)
3747 		goto nla_put_failure;
3748 
3749 	genlmsg_end(msg, hdr);
3750 	return genlmsg_reply(msg, info);
3751 
3752  nla_put_failure:
3753 	err = -ENOBUFS;
3754  free_msg:
3755 	nlmsg_free(msg);
3756 	return err;
3757 }
3758 
3759 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3760 {
3761 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3762 	struct key_parse key;
3763 	int err;
3764 	struct net_device *dev = info->user_ptr[1];
3765 
3766 	err = nl80211_parse_key(info, &key);
3767 	if (err)
3768 		return err;
3769 
3770 	if (key.idx < 0)
3771 		return -EINVAL;
3772 
3773 	/* Only support setting default key and
3774 	 * Extended Key ID action NL80211_KEY_SET_TX.
3775 	 */
3776 	if (!key.def && !key.defmgmt &&
3777 	    !(key.p.mode == NL80211_KEY_SET_TX))
3778 		return -EINVAL;
3779 
3780 	wdev_lock(dev->ieee80211_ptr);
3781 
3782 	if (key.def) {
3783 		if (!rdev->ops->set_default_key) {
3784 			err = -EOPNOTSUPP;
3785 			goto out;
3786 		}
3787 
3788 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3789 		if (err)
3790 			goto out;
3791 
3792 		err = rdev_set_default_key(rdev, dev, key.idx,
3793 						 key.def_uni, key.def_multi);
3794 
3795 		if (err)
3796 			goto out;
3797 
3798 #ifdef CONFIG_CFG80211_WEXT
3799 		dev->ieee80211_ptr->wext.default_key = key.idx;
3800 #endif
3801 	} else if (key.defmgmt) {
3802 		if (key.def_uni || !key.def_multi) {
3803 			err = -EINVAL;
3804 			goto out;
3805 		}
3806 
3807 		if (!rdev->ops->set_default_mgmt_key) {
3808 			err = -EOPNOTSUPP;
3809 			goto out;
3810 		}
3811 
3812 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3813 		if (err)
3814 			goto out;
3815 
3816 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3817 		if (err)
3818 			goto out;
3819 
3820 #ifdef CONFIG_CFG80211_WEXT
3821 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3822 #endif
3823 	} else if (key.p.mode == NL80211_KEY_SET_TX &&
3824 		   wiphy_ext_feature_isset(&rdev->wiphy,
3825 					   NL80211_EXT_FEATURE_EXT_KEY_ID)) {
3826 		u8 *mac_addr = NULL;
3827 
3828 		if (info->attrs[NL80211_ATTR_MAC])
3829 			mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3830 
3831 		if (!mac_addr || key.idx < 0 || key.idx > 1) {
3832 			err = -EINVAL;
3833 			goto out;
3834 		}
3835 
3836 		err = rdev_add_key(rdev, dev, key.idx,
3837 				   NL80211_KEYTYPE_PAIRWISE,
3838 				   mac_addr, &key.p);
3839 	} else {
3840 		err = -EINVAL;
3841 	}
3842  out:
3843 	wdev_unlock(dev->ieee80211_ptr);
3844 
3845 	return err;
3846 }
3847 
3848 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3849 {
3850 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3851 	int err;
3852 	struct net_device *dev = info->user_ptr[1];
3853 	struct key_parse key;
3854 	const u8 *mac_addr = NULL;
3855 
3856 	err = nl80211_parse_key(info, &key);
3857 	if (err)
3858 		return err;
3859 
3860 	if (!key.p.key)
3861 		return -EINVAL;
3862 
3863 	if (info->attrs[NL80211_ATTR_MAC])
3864 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3865 
3866 	if (key.type == -1) {
3867 		if (mac_addr)
3868 			key.type = NL80211_KEYTYPE_PAIRWISE;
3869 		else
3870 			key.type = NL80211_KEYTYPE_GROUP;
3871 	}
3872 
3873 	/* for now */
3874 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3875 	    key.type != NL80211_KEYTYPE_GROUP)
3876 		return -EINVAL;
3877 
3878 	if (!rdev->ops->add_key)
3879 		return -EOPNOTSUPP;
3880 
3881 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3882 					   key.type == NL80211_KEYTYPE_PAIRWISE,
3883 					   mac_addr))
3884 		return -EINVAL;
3885 
3886 	wdev_lock(dev->ieee80211_ptr);
3887 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3888 	if (!err)
3889 		err = rdev_add_key(rdev, dev, key.idx,
3890 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3891 				    mac_addr, &key.p);
3892 	wdev_unlock(dev->ieee80211_ptr);
3893 
3894 	return err;
3895 }
3896 
3897 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3898 {
3899 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3900 	int err;
3901 	struct net_device *dev = info->user_ptr[1];
3902 	u8 *mac_addr = NULL;
3903 	struct key_parse key;
3904 
3905 	err = nl80211_parse_key(info, &key);
3906 	if (err)
3907 		return err;
3908 
3909 	if (info->attrs[NL80211_ATTR_MAC])
3910 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3911 
3912 	if (key.type == -1) {
3913 		if (mac_addr)
3914 			key.type = NL80211_KEYTYPE_PAIRWISE;
3915 		else
3916 			key.type = NL80211_KEYTYPE_GROUP;
3917 	}
3918 
3919 	/* for now */
3920 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3921 	    key.type != NL80211_KEYTYPE_GROUP)
3922 		return -EINVAL;
3923 
3924 	if (!rdev->ops->del_key)
3925 		return -EOPNOTSUPP;
3926 
3927 	wdev_lock(dev->ieee80211_ptr);
3928 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3929 
3930 	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3931 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3932 		err = -ENOENT;
3933 
3934 	if (!err)
3935 		err = rdev_del_key(rdev, dev, key.idx,
3936 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3937 				   mac_addr);
3938 
3939 #ifdef CONFIG_CFG80211_WEXT
3940 	if (!err) {
3941 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
3942 			dev->ieee80211_ptr->wext.default_key = -1;
3943 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3944 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3945 	}
3946 #endif
3947 	wdev_unlock(dev->ieee80211_ptr);
3948 
3949 	return err;
3950 }
3951 
3952 /* This function returns an error or the number of nested attributes */
3953 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3954 {
3955 	struct nlattr *attr;
3956 	int n_entries = 0, tmp;
3957 
3958 	nla_for_each_nested(attr, nl_attr, tmp) {
3959 		if (nla_len(attr) != ETH_ALEN)
3960 			return -EINVAL;
3961 
3962 		n_entries++;
3963 	}
3964 
3965 	return n_entries;
3966 }
3967 
3968 /*
3969  * This function parses ACL information and allocates memory for ACL data.
3970  * On successful return, the calling function is responsible to free the
3971  * ACL buffer returned by this function.
3972  */
3973 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3974 						struct genl_info *info)
3975 {
3976 	enum nl80211_acl_policy acl_policy;
3977 	struct nlattr *attr;
3978 	struct cfg80211_acl_data *acl;
3979 	int i = 0, n_entries, tmp;
3980 
3981 	if (!wiphy->max_acl_mac_addrs)
3982 		return ERR_PTR(-EOPNOTSUPP);
3983 
3984 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3985 		return ERR_PTR(-EINVAL);
3986 
3987 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3988 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3989 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3990 		return ERR_PTR(-EINVAL);
3991 
3992 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3993 		return ERR_PTR(-EINVAL);
3994 
3995 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3996 	if (n_entries < 0)
3997 		return ERR_PTR(n_entries);
3998 
3999 	if (n_entries > wiphy->max_acl_mac_addrs)
4000 		return ERR_PTR(-ENOTSUPP);
4001 
4002 	acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
4003 	if (!acl)
4004 		return ERR_PTR(-ENOMEM);
4005 
4006 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
4007 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
4008 		i++;
4009 	}
4010 
4011 	acl->n_acl_entries = n_entries;
4012 	acl->acl_policy = acl_policy;
4013 
4014 	return acl;
4015 }
4016 
4017 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
4018 {
4019 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4020 	struct net_device *dev = info->user_ptr[1];
4021 	struct cfg80211_acl_data *acl;
4022 	int err;
4023 
4024 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4025 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4026 		return -EOPNOTSUPP;
4027 
4028 	if (!dev->ieee80211_ptr->beacon_interval)
4029 		return -EINVAL;
4030 
4031 	acl = parse_acl_data(&rdev->wiphy, info);
4032 	if (IS_ERR(acl))
4033 		return PTR_ERR(acl);
4034 
4035 	err = rdev_set_mac_acl(rdev, dev, acl);
4036 
4037 	kfree(acl);
4038 
4039 	return err;
4040 }
4041 
4042 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4043 			   u8 *rates, u8 rates_len)
4044 {
4045 	u8 i;
4046 	u32 mask = 0;
4047 
4048 	for (i = 0; i < rates_len; i++) {
4049 		int rate = (rates[i] & 0x7f) * 5;
4050 		int ridx;
4051 
4052 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4053 			struct ieee80211_rate *srate =
4054 				&sband->bitrates[ridx];
4055 			if (rate == srate->bitrate) {
4056 				mask |= 1 << ridx;
4057 				break;
4058 			}
4059 		}
4060 		if (ridx == sband->n_bitrates)
4061 			return 0; /* rate not found */
4062 	}
4063 
4064 	return mask;
4065 }
4066 
4067 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4068 			       u8 *rates, u8 rates_len,
4069 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4070 {
4071 	u8 i;
4072 
4073 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4074 
4075 	for (i = 0; i < rates_len; i++) {
4076 		int ridx, rbit;
4077 
4078 		ridx = rates[i] / 8;
4079 		rbit = BIT(rates[i] % 8);
4080 
4081 		/* check validity */
4082 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4083 			return false;
4084 
4085 		/* check availability */
4086 		ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4087 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4088 			mcs[ridx] |= rbit;
4089 		else
4090 			return false;
4091 	}
4092 
4093 	return true;
4094 }
4095 
4096 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4097 {
4098 	u16 mcs_mask = 0;
4099 
4100 	switch (vht_mcs_map) {
4101 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4102 		break;
4103 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
4104 		mcs_mask = 0x00FF;
4105 		break;
4106 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
4107 		mcs_mask = 0x01FF;
4108 		break;
4109 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
4110 		mcs_mask = 0x03FF;
4111 		break;
4112 	default:
4113 		break;
4114 	}
4115 
4116 	return mcs_mask;
4117 }
4118 
4119 static void vht_build_mcs_mask(u16 vht_mcs_map,
4120 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4121 {
4122 	u8 nss;
4123 
4124 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4125 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4126 		vht_mcs_map >>= 2;
4127 	}
4128 }
4129 
4130 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4131 			     struct nl80211_txrate_vht *txrate,
4132 			     u16 mcs[NL80211_VHT_NSS_MAX])
4133 {
4134 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4135 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4136 	u8 i;
4137 
4138 	if (!sband->vht_cap.vht_supported)
4139 		return false;
4140 
4141 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4142 
4143 	/* Build vht_mcs_mask from VHT capabilities */
4144 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4145 
4146 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4147 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4148 			mcs[i] = txrate->mcs[i];
4149 		else
4150 			return false;
4151 	}
4152 
4153 	return true;
4154 }
4155 
4156 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4157 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4158 				    .len = NL80211_MAX_SUPP_RATES },
4159 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
4160 				.len = NL80211_MAX_SUPP_HT_RATES },
4161 	[NL80211_TXRATE_VHT] = {
4162 		.type = NLA_EXACT_LEN_WARN,
4163 		.len = sizeof(struct nl80211_txrate_vht),
4164 	},
4165 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
4166 };
4167 
4168 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4169 					 struct cfg80211_bitrate_mask *mask)
4170 {
4171 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4172 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4173 	int rem, i;
4174 	struct nlattr *tx_rates;
4175 	struct ieee80211_supported_band *sband;
4176 	u16 vht_tx_mcs_map;
4177 
4178 	memset(mask, 0, sizeof(*mask));
4179 	/* Default to all rates enabled */
4180 	for (i = 0; i < NUM_NL80211_BANDS; i++) {
4181 		sband = rdev->wiphy.bands[i];
4182 
4183 		if (!sband)
4184 			continue;
4185 
4186 		mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4187 		memcpy(mask->control[i].ht_mcs,
4188 		       sband->ht_cap.mcs.rx_mask,
4189 		       sizeof(mask->control[i].ht_mcs));
4190 
4191 		if (!sband->vht_cap.vht_supported)
4192 			continue;
4193 
4194 		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4195 		vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4196 	}
4197 
4198 	/* if no rates are given set it back to the defaults */
4199 	if (!info->attrs[NL80211_ATTR_TX_RATES])
4200 		goto out;
4201 
4202 	/* The nested attribute uses enum nl80211_band as the index. This maps
4203 	 * directly to the enum nl80211_band values used in cfg80211.
4204 	 */
4205 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4206 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
4207 		enum nl80211_band band = nla_type(tx_rates);
4208 		int err;
4209 
4210 		if (band < 0 || band >= NUM_NL80211_BANDS)
4211 			return -EINVAL;
4212 		sband = rdev->wiphy.bands[band];
4213 		if (sband == NULL)
4214 			return -EINVAL;
4215 		err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4216 						  tx_rates,
4217 						  nl80211_txattr_policy,
4218 						  info->extack);
4219 		if (err)
4220 			return err;
4221 		if (tb[NL80211_TXRATE_LEGACY]) {
4222 			mask->control[band].legacy = rateset_to_mask(
4223 				sband,
4224 				nla_data(tb[NL80211_TXRATE_LEGACY]),
4225 				nla_len(tb[NL80211_TXRATE_LEGACY]));
4226 			if ((mask->control[band].legacy == 0) &&
4227 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
4228 				return -EINVAL;
4229 		}
4230 		if (tb[NL80211_TXRATE_HT]) {
4231 			if (!ht_rateset_to_mask(
4232 					sband,
4233 					nla_data(tb[NL80211_TXRATE_HT]),
4234 					nla_len(tb[NL80211_TXRATE_HT]),
4235 					mask->control[band].ht_mcs))
4236 				return -EINVAL;
4237 		}
4238 		if (tb[NL80211_TXRATE_VHT]) {
4239 			if (!vht_set_mcs_mask(
4240 					sband,
4241 					nla_data(tb[NL80211_TXRATE_VHT]),
4242 					mask->control[band].vht_mcs))
4243 				return -EINVAL;
4244 		}
4245 		if (tb[NL80211_TXRATE_GI]) {
4246 			mask->control[band].gi =
4247 				nla_get_u8(tb[NL80211_TXRATE_GI]);
4248 			if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4249 				return -EINVAL;
4250 		}
4251 
4252 		if (mask->control[band].legacy == 0) {
4253 			/* don't allow empty legacy rates if HT or VHT
4254 			 * are not even supported.
4255 			 */
4256 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4257 			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
4258 				return -EINVAL;
4259 
4260 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4261 				if (mask->control[band].ht_mcs[i])
4262 					goto out;
4263 
4264 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4265 				if (mask->control[band].vht_mcs[i])
4266 					goto out;
4267 
4268 			/* legacy and mcs rates may not be both empty */
4269 			return -EINVAL;
4270 		}
4271 	}
4272 
4273 out:
4274 	return 0;
4275 }
4276 
4277 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4278 				   enum nl80211_band band,
4279 				   struct cfg80211_bitrate_mask *beacon_rate)
4280 {
4281 	u32 count_ht, count_vht, i;
4282 	u32 rate = beacon_rate->control[band].legacy;
4283 
4284 	/* Allow only one rate */
4285 	if (hweight32(rate) > 1)
4286 		return -EINVAL;
4287 
4288 	count_ht = 0;
4289 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4290 		if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4291 			return -EINVAL;
4292 		} else if (beacon_rate->control[band].ht_mcs[i]) {
4293 			count_ht++;
4294 			if (count_ht > 1)
4295 				return -EINVAL;
4296 		}
4297 		if (count_ht && rate)
4298 			return -EINVAL;
4299 	}
4300 
4301 	count_vht = 0;
4302 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4303 		if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4304 			return -EINVAL;
4305 		} else if (beacon_rate->control[band].vht_mcs[i]) {
4306 			count_vht++;
4307 			if (count_vht > 1)
4308 				return -EINVAL;
4309 		}
4310 		if (count_vht && rate)
4311 			return -EINVAL;
4312 	}
4313 
4314 	if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
4315 		return -EINVAL;
4316 
4317 	if (rate &&
4318 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4319 				     NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4320 		return -EINVAL;
4321 	if (count_ht &&
4322 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4323 				     NL80211_EXT_FEATURE_BEACON_RATE_HT))
4324 		return -EINVAL;
4325 	if (count_vht &&
4326 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4327 				     NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4328 		return -EINVAL;
4329 
4330 	return 0;
4331 }
4332 
4333 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4334 				struct nlattr *attrs[],
4335 				struct cfg80211_beacon_data *bcn)
4336 {
4337 	bool haveinfo = false;
4338 	int err;
4339 
4340 	memset(bcn, 0, sizeof(*bcn));
4341 
4342 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4343 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4344 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4345 		if (!bcn->head_len)
4346 			return -EINVAL;
4347 		haveinfo = true;
4348 	}
4349 
4350 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4351 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4352 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4353 		haveinfo = true;
4354 	}
4355 
4356 	if (!haveinfo)
4357 		return -EINVAL;
4358 
4359 	if (attrs[NL80211_ATTR_IE]) {
4360 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
4361 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
4362 	}
4363 
4364 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
4365 		bcn->proberesp_ies =
4366 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4367 		bcn->proberesp_ies_len =
4368 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4369 	}
4370 
4371 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
4372 		bcn->assocresp_ies =
4373 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4374 		bcn->assocresp_ies_len =
4375 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4376 	}
4377 
4378 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
4379 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
4380 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
4381 	}
4382 
4383 	if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
4384 		struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
4385 
4386 		err = nla_parse_nested_deprecated(tb,
4387 						  NL80211_FTM_RESP_ATTR_MAX,
4388 						  attrs[NL80211_ATTR_FTM_RESPONDER],
4389 						  NULL, NULL);
4390 		if (err)
4391 			return err;
4392 
4393 		if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
4394 		    wiphy_ext_feature_isset(&rdev->wiphy,
4395 					    NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
4396 			bcn->ftm_responder = 1;
4397 		else
4398 			return -EOPNOTSUPP;
4399 
4400 		if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
4401 			bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
4402 			bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
4403 		}
4404 
4405 		if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
4406 			bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4407 			bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4408 		}
4409 	} else {
4410 		bcn->ftm_responder = -1;
4411 	}
4412 
4413 	return 0;
4414 }
4415 
4416 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
4417 				    struct ieee80211_he_obss_pd *he_obss_pd)
4418 {
4419 	struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
4420 	int err;
4421 
4422 	err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
4423 			       he_obss_pd_policy, NULL);
4424 	if (err)
4425 		return err;
4426 
4427 	if (!tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] ||
4428 	    !tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
4429 		return -EINVAL;
4430 
4431 	he_obss_pd->min_offset =
4432 		nla_get_u32(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
4433 	he_obss_pd->max_offset =
4434 		nla_get_u32(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
4435 
4436 	if (he_obss_pd->min_offset >= he_obss_pd->max_offset)
4437 		return -EINVAL;
4438 
4439 	he_obss_pd->enable = true;
4440 
4441 	return 0;
4442 }
4443 
4444 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
4445 					    const u8 *rates)
4446 {
4447 	int i;
4448 
4449 	if (!rates)
4450 		return;
4451 
4452 	for (i = 0; i < rates[1]; i++) {
4453 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
4454 			params->ht_required = true;
4455 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
4456 			params->vht_required = true;
4457 	}
4458 }
4459 
4460 /*
4461  * Since the nl80211 API didn't include, from the beginning, attributes about
4462  * HT/VHT requirements/capabilities, we parse them out of the IEs for the
4463  * benefit of drivers that rebuild IEs in the firmware.
4464  */
4465 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
4466 {
4467 	const struct cfg80211_beacon_data *bcn = &params->beacon;
4468 	size_t ies_len = bcn->tail_len;
4469 	const u8 *ies = bcn->tail;
4470 	const u8 *rates;
4471 	const u8 *cap;
4472 
4473 	rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
4474 	nl80211_check_ap_rate_selectors(params, rates);
4475 
4476 	rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
4477 	nl80211_check_ap_rate_selectors(params, rates);
4478 
4479 	cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
4480 	if (cap && cap[1] >= sizeof(*params->ht_cap))
4481 		params->ht_cap = (void *)(cap + 2);
4482 	cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
4483 	if (cap && cap[1] >= sizeof(*params->vht_cap))
4484 		params->vht_cap = (void *)(cap + 2);
4485 	cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
4486 	if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
4487 		params->he_cap = (void *)(cap + 3);
4488 }
4489 
4490 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
4491 				   struct cfg80211_ap_settings *params)
4492 {
4493 	struct wireless_dev *wdev;
4494 	bool ret = false;
4495 
4496 	list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4497 		if (wdev->iftype != NL80211_IFTYPE_AP &&
4498 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
4499 			continue;
4500 
4501 		if (!wdev->preset_chandef.chan)
4502 			continue;
4503 
4504 		params->chandef = wdev->preset_chandef;
4505 		ret = true;
4506 		break;
4507 	}
4508 
4509 	return ret;
4510 }
4511 
4512 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
4513 				    enum nl80211_auth_type auth_type,
4514 				    enum nl80211_commands cmd)
4515 {
4516 	if (auth_type > NL80211_AUTHTYPE_MAX)
4517 		return false;
4518 
4519 	switch (cmd) {
4520 	case NL80211_CMD_AUTHENTICATE:
4521 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4522 		    auth_type == NL80211_AUTHTYPE_SAE)
4523 			return false;
4524 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
4525 					     NL80211_EXT_FEATURE_FILS_STA) &&
4526 		    (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4527 		     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4528 		     auth_type == NL80211_AUTHTYPE_FILS_PK))
4529 			return false;
4530 		return true;
4531 	case NL80211_CMD_CONNECT:
4532 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4533 		    !wiphy_ext_feature_isset(&rdev->wiphy,
4534 					     NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
4535 		    auth_type == NL80211_AUTHTYPE_SAE)
4536 			return false;
4537 
4538 		/* FILS with SK PFS or PK not supported yet */
4539 		if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4540 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
4541 			return false;
4542 		if (!wiphy_ext_feature_isset(
4543 			    &rdev->wiphy,
4544 			    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
4545 		    auth_type == NL80211_AUTHTYPE_FILS_SK)
4546 			return false;
4547 		return true;
4548 	case NL80211_CMD_START_AP:
4549 		/* SAE not supported yet */
4550 		if (auth_type == NL80211_AUTHTYPE_SAE)
4551 			return false;
4552 		/* FILS not supported yet */
4553 		if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4554 		    auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4555 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
4556 			return false;
4557 		return true;
4558 	default:
4559 		return false;
4560 	}
4561 }
4562 
4563 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
4564 {
4565 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4566 	struct net_device *dev = info->user_ptr[1];
4567 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4568 	struct cfg80211_ap_settings params;
4569 	int err;
4570 
4571 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4572 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4573 		return -EOPNOTSUPP;
4574 
4575 	if (!rdev->ops->start_ap)
4576 		return -EOPNOTSUPP;
4577 
4578 	if (wdev->beacon_interval)
4579 		return -EALREADY;
4580 
4581 	memset(&params, 0, sizeof(params));
4582 
4583 	/* these are required for START_AP */
4584 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
4585 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
4586 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
4587 		return -EINVAL;
4588 
4589 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon);
4590 	if (err)
4591 		return err;
4592 
4593 	params.beacon_interval =
4594 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4595 	params.dtim_period =
4596 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
4597 
4598 	err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
4599 					   params.beacon_interval);
4600 	if (err)
4601 		return err;
4602 
4603 	/*
4604 	 * In theory, some of these attributes should be required here
4605 	 * but since they were not used when the command was originally
4606 	 * added, keep them optional for old user space programs to let
4607 	 * them continue to work with drivers that do not need the
4608 	 * additional information -- drivers must check!
4609 	 */
4610 	if (info->attrs[NL80211_ATTR_SSID]) {
4611 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4612 		params.ssid_len =
4613 			nla_len(info->attrs[NL80211_ATTR_SSID]);
4614 		if (params.ssid_len == 0 ||
4615 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
4616 			return -EINVAL;
4617 	}
4618 
4619 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
4620 		params.hidden_ssid = nla_get_u32(
4621 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4622 
4623 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4624 
4625 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4626 		params.auth_type = nla_get_u32(
4627 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
4628 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
4629 					     NL80211_CMD_START_AP))
4630 			return -EINVAL;
4631 	} else
4632 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4633 
4634 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
4635 				      NL80211_MAX_NR_CIPHER_SUITES);
4636 	if (err)
4637 		return err;
4638 
4639 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4640 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4641 			return -EOPNOTSUPP;
4642 		params.inactivity_timeout = nla_get_u16(
4643 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4644 	}
4645 
4646 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4647 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4648 			return -EINVAL;
4649 		params.p2p_ctwindow =
4650 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4651 		if (params.p2p_ctwindow != 0 &&
4652 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4653 			return -EINVAL;
4654 	}
4655 
4656 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4657 		u8 tmp;
4658 
4659 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4660 			return -EINVAL;
4661 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4662 		params.p2p_opp_ps = tmp;
4663 		if (params.p2p_opp_ps != 0 &&
4664 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4665 			return -EINVAL;
4666 	}
4667 
4668 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4669 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
4670 		if (err)
4671 			return err;
4672 	} else if (wdev->preset_chandef.chan) {
4673 		params.chandef = wdev->preset_chandef;
4674 	} else if (!nl80211_get_ap_channel(rdev, &params))
4675 		return -EINVAL;
4676 
4677 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
4678 					   wdev->iftype))
4679 		return -EINVAL;
4680 
4681 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
4682 		err = nl80211_parse_tx_bitrate_mask(info, &params.beacon_rate);
4683 		if (err)
4684 			return err;
4685 
4686 		err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4687 					      &params.beacon_rate);
4688 		if (err)
4689 			return err;
4690 	}
4691 
4692 	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4693 		params.smps_mode =
4694 			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4695 		switch (params.smps_mode) {
4696 		case NL80211_SMPS_OFF:
4697 			break;
4698 		case NL80211_SMPS_STATIC:
4699 			if (!(rdev->wiphy.features &
4700 			      NL80211_FEATURE_STATIC_SMPS))
4701 				return -EINVAL;
4702 			break;
4703 		case NL80211_SMPS_DYNAMIC:
4704 			if (!(rdev->wiphy.features &
4705 			      NL80211_FEATURE_DYNAMIC_SMPS))
4706 				return -EINVAL;
4707 			break;
4708 		default:
4709 			return -EINVAL;
4710 		}
4711 	} else {
4712 		params.smps_mode = NL80211_SMPS_OFF;
4713 	}
4714 
4715 	params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4716 	if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4717 		return -EOPNOTSUPP;
4718 
4719 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4720 		params.acl = parse_acl_data(&rdev->wiphy, info);
4721 		if (IS_ERR(params.acl))
4722 			return PTR_ERR(params.acl);
4723 	}
4724 
4725 	params.twt_responder =
4726 		    nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
4727 
4728 	if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
4729 		err = nl80211_parse_he_obss_pd(
4730 					info->attrs[NL80211_ATTR_HE_OBSS_PD],
4731 					&params.he_obss_pd);
4732 		if (err)
4733 			return err;
4734 	}
4735 
4736 	nl80211_calculate_ap_params(&params);
4737 
4738 	if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
4739 		params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
4740 
4741 	wdev_lock(wdev);
4742 	err = rdev_start_ap(rdev, dev, &params);
4743 	if (!err) {
4744 		wdev->preset_chandef = params.chandef;
4745 		wdev->beacon_interval = params.beacon_interval;
4746 		wdev->chandef = params.chandef;
4747 		wdev->ssid_len = params.ssid_len;
4748 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4749 
4750 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4751 			wdev->conn_owner_nlportid = info->snd_portid;
4752 	}
4753 	wdev_unlock(wdev);
4754 
4755 	kfree(params.acl);
4756 
4757 	return err;
4758 }
4759 
4760 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4761 {
4762 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4763 	struct net_device *dev = info->user_ptr[1];
4764 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4765 	struct cfg80211_beacon_data params;
4766 	int err;
4767 
4768 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4769 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4770 		return -EOPNOTSUPP;
4771 
4772 	if (!rdev->ops->change_beacon)
4773 		return -EOPNOTSUPP;
4774 
4775 	if (!wdev->beacon_interval)
4776 		return -EINVAL;
4777 
4778 	err = nl80211_parse_beacon(rdev, info->attrs, &params);
4779 	if (err)
4780 		return err;
4781 
4782 	wdev_lock(wdev);
4783 	err = rdev_change_beacon(rdev, dev, &params);
4784 	wdev_unlock(wdev);
4785 
4786 	return err;
4787 }
4788 
4789 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4790 {
4791 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4792 	struct net_device *dev = info->user_ptr[1];
4793 
4794 	return cfg80211_stop_ap(rdev, dev, false);
4795 }
4796 
4797 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4798 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4799 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4800 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4801 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4802 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4803 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4804 };
4805 
4806 static int parse_station_flags(struct genl_info *info,
4807 			       enum nl80211_iftype iftype,
4808 			       struct station_parameters *params)
4809 {
4810 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4811 	struct nlattr *nla;
4812 	int flag;
4813 
4814 	/*
4815 	 * Try parsing the new attribute first so userspace
4816 	 * can specify both for older kernels.
4817 	 */
4818 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4819 	if (nla) {
4820 		struct nl80211_sta_flag_update *sta_flags;
4821 
4822 		sta_flags = nla_data(nla);
4823 		params->sta_flags_mask = sta_flags->mask;
4824 		params->sta_flags_set = sta_flags->set;
4825 		params->sta_flags_set &= params->sta_flags_mask;
4826 		if ((params->sta_flags_mask |
4827 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4828 			return -EINVAL;
4829 		return 0;
4830 	}
4831 
4832 	/* if present, parse the old attribute */
4833 
4834 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4835 	if (!nla)
4836 		return 0;
4837 
4838 	if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
4839 		return -EINVAL;
4840 
4841 	/*
4842 	 * Only allow certain flags for interface types so that
4843 	 * other attributes are silently ignored. Remember that
4844 	 * this is backward compatibility code with old userspace
4845 	 * and shouldn't be hit in other cases anyway.
4846 	 */
4847 	switch (iftype) {
4848 	case NL80211_IFTYPE_AP:
4849 	case NL80211_IFTYPE_AP_VLAN:
4850 	case NL80211_IFTYPE_P2P_GO:
4851 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4852 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4853 					 BIT(NL80211_STA_FLAG_WME) |
4854 					 BIT(NL80211_STA_FLAG_MFP);
4855 		break;
4856 	case NL80211_IFTYPE_P2P_CLIENT:
4857 	case NL80211_IFTYPE_STATION:
4858 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4859 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
4860 		break;
4861 	case NL80211_IFTYPE_MESH_POINT:
4862 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4863 					 BIT(NL80211_STA_FLAG_MFP) |
4864 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
4865 		break;
4866 	default:
4867 		return -EINVAL;
4868 	}
4869 
4870 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4871 		if (flags[flag]) {
4872 			params->sta_flags_set |= (1<<flag);
4873 
4874 			/* no longer support new API additions in old API */
4875 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4876 				return -EINVAL;
4877 		}
4878 	}
4879 
4880 	return 0;
4881 }
4882 
4883 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
4884 {
4885 	struct nlattr *rate;
4886 	u32 bitrate;
4887 	u16 bitrate_compat;
4888 	enum nl80211_rate_info rate_flg;
4889 
4890 	rate = nla_nest_start_noflag(msg, attr);
4891 	if (!rate)
4892 		return false;
4893 
4894 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
4895 	bitrate = cfg80211_calculate_bitrate(info);
4896 	/* report 16-bit bitrate only if we can */
4897 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4898 	if (bitrate > 0 &&
4899 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4900 		return false;
4901 	if (bitrate_compat > 0 &&
4902 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4903 		return false;
4904 
4905 	switch (info->bw) {
4906 	case RATE_INFO_BW_5:
4907 		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4908 		break;
4909 	case RATE_INFO_BW_10:
4910 		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4911 		break;
4912 	default:
4913 		WARN_ON(1);
4914 		/* fall through */
4915 	case RATE_INFO_BW_20:
4916 		rate_flg = 0;
4917 		break;
4918 	case RATE_INFO_BW_40:
4919 		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4920 		break;
4921 	case RATE_INFO_BW_80:
4922 		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4923 		break;
4924 	case RATE_INFO_BW_160:
4925 		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4926 		break;
4927 	case RATE_INFO_BW_HE_RU:
4928 		rate_flg = 0;
4929 		WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
4930 	}
4931 
4932 	if (rate_flg && nla_put_flag(msg, rate_flg))
4933 		return false;
4934 
4935 	if (info->flags & RATE_INFO_FLAGS_MCS) {
4936 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
4937 			return false;
4938 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4939 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4940 			return false;
4941 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
4942 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
4943 			return false;
4944 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
4945 			return false;
4946 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4947 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4948 			return false;
4949 	} else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
4950 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
4951 			return false;
4952 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
4953 			return false;
4954 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
4955 			return false;
4956 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
4957 			return false;
4958 		if (info->bw == RATE_INFO_BW_HE_RU &&
4959 		    nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
4960 			       info->he_ru_alloc))
4961 			return false;
4962 	}
4963 
4964 	nla_nest_end(msg, rate);
4965 	return true;
4966 }
4967 
4968 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
4969 			       int id)
4970 {
4971 	void *attr;
4972 	int i = 0;
4973 
4974 	if (!mask)
4975 		return true;
4976 
4977 	attr = nla_nest_start_noflag(msg, id);
4978 	if (!attr)
4979 		return false;
4980 
4981 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
4982 		if (!(mask & BIT(i)))
4983 			continue;
4984 
4985 		if (nla_put_u8(msg, i, signal[i]))
4986 			return false;
4987 	}
4988 
4989 	nla_nest_end(msg, attr);
4990 
4991 	return true;
4992 }
4993 
4994 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
4995 				u32 seq, int flags,
4996 				struct cfg80211_registered_device *rdev,
4997 				struct net_device *dev,
4998 				const u8 *mac_addr, struct station_info *sinfo)
4999 {
5000 	void *hdr;
5001 	struct nlattr *sinfoattr, *bss_param;
5002 
5003 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
5004 	if (!hdr) {
5005 		cfg80211_sinfo_release_content(sinfo);
5006 		return -1;
5007 	}
5008 
5009 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5010 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
5011 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
5012 		goto nla_put_failure;
5013 
5014 	sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
5015 	if (!sinfoattr)
5016 		goto nla_put_failure;
5017 
5018 #define PUT_SINFO(attr, memb, type) do {				\
5019 	BUILD_BUG_ON(sizeof(type) == sizeof(u64));			\
5020 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
5021 	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
5022 			     sinfo->memb))				\
5023 		goto nla_put_failure;					\
5024 	} while (0)
5025 #define PUT_SINFO_U64(attr, memb) do {					\
5026 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
5027 	    nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr,		\
5028 			      sinfo->memb, NL80211_STA_INFO_PAD))	\
5029 		goto nla_put_failure;					\
5030 	} while (0)
5031 
5032 	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
5033 	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
5034 
5035 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
5036 			     BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
5037 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
5038 			(u32)sinfo->rx_bytes))
5039 		goto nla_put_failure;
5040 
5041 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
5042 			     BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
5043 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
5044 			(u32)sinfo->tx_bytes))
5045 		goto nla_put_failure;
5046 
5047 	PUT_SINFO_U64(RX_BYTES64, rx_bytes);
5048 	PUT_SINFO_U64(TX_BYTES64, tx_bytes);
5049 	PUT_SINFO(LLID, llid, u16);
5050 	PUT_SINFO(PLID, plid, u16);
5051 	PUT_SINFO(PLINK_STATE, plink_state, u8);
5052 	PUT_SINFO_U64(RX_DURATION, rx_duration);
5053 	PUT_SINFO_U64(TX_DURATION, tx_duration);
5054 
5055 	if (wiphy_ext_feature_isset(&rdev->wiphy,
5056 				    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5057 		PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
5058 
5059 	switch (rdev->wiphy.signal_type) {
5060 	case CFG80211_SIGNAL_TYPE_MBM:
5061 		PUT_SINFO(SIGNAL, signal, u8);
5062 		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
5063 		break;
5064 	default:
5065 		break;
5066 	}
5067 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
5068 		if (!nl80211_put_signal(msg, sinfo->chains,
5069 					sinfo->chain_signal,
5070 					NL80211_STA_INFO_CHAIN_SIGNAL))
5071 			goto nla_put_failure;
5072 	}
5073 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
5074 		if (!nl80211_put_signal(msg, sinfo->chains,
5075 					sinfo->chain_signal_avg,
5076 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
5077 			goto nla_put_failure;
5078 	}
5079 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
5080 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
5081 					  NL80211_STA_INFO_TX_BITRATE))
5082 			goto nla_put_failure;
5083 	}
5084 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
5085 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
5086 					  NL80211_STA_INFO_RX_BITRATE))
5087 			goto nla_put_failure;
5088 	}
5089 
5090 	PUT_SINFO(RX_PACKETS, rx_packets, u32);
5091 	PUT_SINFO(TX_PACKETS, tx_packets, u32);
5092 	PUT_SINFO(TX_RETRIES, tx_retries, u32);
5093 	PUT_SINFO(TX_FAILED, tx_failed, u32);
5094 	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
5095 	PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
5096 	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
5097 	PUT_SINFO(LOCAL_PM, local_pm, u32);
5098 	PUT_SINFO(PEER_PM, peer_pm, u32);
5099 	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
5100 	PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
5101 
5102 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5103 		bss_param = nla_nest_start_noflag(msg,
5104 						  NL80211_STA_INFO_BSS_PARAM);
5105 		if (!bss_param)
5106 			goto nla_put_failure;
5107 
5108 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5109 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5110 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5111 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5112 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5113 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5114 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5115 			       sinfo->bss_param.dtim_period) ||
5116 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5117 				sinfo->bss_param.beacon_interval))
5118 			goto nla_put_failure;
5119 
5120 		nla_nest_end(msg, bss_param);
5121 	}
5122 	if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5123 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5124 		    sizeof(struct nl80211_sta_flag_update),
5125 		    &sinfo->sta_flags))
5126 		goto nla_put_failure;
5127 
5128 	PUT_SINFO_U64(T_OFFSET, t_offset);
5129 	PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5130 	PUT_SINFO_U64(BEACON_RX, rx_beacon);
5131 	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5132 	PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5133 	PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5134 	if (wiphy_ext_feature_isset(&rdev->wiphy,
5135 				    NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5136 		PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5137 		PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5138 	}
5139 
5140 #undef PUT_SINFO
5141 #undef PUT_SINFO_U64
5142 
5143 	if (sinfo->pertid) {
5144 		struct nlattr *tidsattr;
5145 		int tid;
5146 
5147 		tidsattr = nla_nest_start_noflag(msg,
5148 						 NL80211_STA_INFO_TID_STATS);
5149 		if (!tidsattr)
5150 			goto nla_put_failure;
5151 
5152 		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5153 			struct cfg80211_tid_stats *tidstats;
5154 			struct nlattr *tidattr;
5155 
5156 			tidstats = &sinfo->pertid[tid];
5157 
5158 			if (!tidstats->filled)
5159 				continue;
5160 
5161 			tidattr = nla_nest_start_noflag(msg, tid + 1);
5162 			if (!tidattr)
5163 				goto nla_put_failure;
5164 
5165 #define PUT_TIDVAL_U64(attr, memb) do {					\
5166 	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
5167 	    nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr,		\
5168 			      tidstats->memb, NL80211_TID_STATS_PAD))	\
5169 		goto nla_put_failure;					\
5170 	} while (0)
5171 
5172 			PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5173 			PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5174 			PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5175 			PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5176 
5177 #undef PUT_TIDVAL_U64
5178 			if ((tidstats->filled &
5179 			     BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5180 			    !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5181 						   NL80211_TID_STATS_TXQ_STATS))
5182 				goto nla_put_failure;
5183 
5184 			nla_nest_end(msg, tidattr);
5185 		}
5186 
5187 		nla_nest_end(msg, tidsattr);
5188 	}
5189 
5190 	nla_nest_end(msg, sinfoattr);
5191 
5192 	if (sinfo->assoc_req_ies_len &&
5193 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5194 		    sinfo->assoc_req_ies))
5195 		goto nla_put_failure;
5196 
5197 	cfg80211_sinfo_release_content(sinfo);
5198 	genlmsg_end(msg, hdr);
5199 	return 0;
5200 
5201  nla_put_failure:
5202 	cfg80211_sinfo_release_content(sinfo);
5203 	genlmsg_cancel(msg, hdr);
5204 	return -EMSGSIZE;
5205 }
5206 
5207 static int nl80211_dump_station(struct sk_buff *skb,
5208 				struct netlink_callback *cb)
5209 {
5210 	struct station_info sinfo;
5211 	struct cfg80211_registered_device *rdev;
5212 	struct wireless_dev *wdev;
5213 	u8 mac_addr[ETH_ALEN];
5214 	int sta_idx = cb->args[2];
5215 	int err;
5216 
5217 	rtnl_lock();
5218 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5219 	if (err)
5220 		goto out_err;
5221 
5222 	if (!wdev->netdev) {
5223 		err = -EINVAL;
5224 		goto out_err;
5225 	}
5226 
5227 	if (!rdev->ops->dump_station) {
5228 		err = -EOPNOTSUPP;
5229 		goto out_err;
5230 	}
5231 
5232 	while (1) {
5233 		memset(&sinfo, 0, sizeof(sinfo));
5234 		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
5235 					mac_addr, &sinfo);
5236 		if (err == -ENOENT)
5237 			break;
5238 		if (err)
5239 			goto out_err;
5240 
5241 		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
5242 				NETLINK_CB(cb->skb).portid,
5243 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
5244 				rdev, wdev->netdev, mac_addr,
5245 				&sinfo) < 0)
5246 			goto out;
5247 
5248 		sta_idx++;
5249 	}
5250 
5251  out:
5252 	cb->args[2] = sta_idx;
5253 	err = skb->len;
5254  out_err:
5255 	rtnl_unlock();
5256 
5257 	return err;
5258 }
5259 
5260 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
5261 {
5262 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5263 	struct net_device *dev = info->user_ptr[1];
5264 	struct station_info sinfo;
5265 	struct sk_buff *msg;
5266 	u8 *mac_addr = NULL;
5267 	int err;
5268 
5269 	memset(&sinfo, 0, sizeof(sinfo));
5270 
5271 	if (!info->attrs[NL80211_ATTR_MAC])
5272 		return -EINVAL;
5273 
5274 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5275 
5276 	if (!rdev->ops->get_station)
5277 		return -EOPNOTSUPP;
5278 
5279 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
5280 	if (err)
5281 		return err;
5282 
5283 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5284 	if (!msg) {
5285 		cfg80211_sinfo_release_content(&sinfo);
5286 		return -ENOMEM;
5287 	}
5288 
5289 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
5290 				 info->snd_portid, info->snd_seq, 0,
5291 				 rdev, dev, mac_addr, &sinfo) < 0) {
5292 		nlmsg_free(msg);
5293 		return -ENOBUFS;
5294 	}
5295 
5296 	return genlmsg_reply(msg, info);
5297 }
5298 
5299 int cfg80211_check_station_change(struct wiphy *wiphy,
5300 				  struct station_parameters *params,
5301 				  enum cfg80211_station_type statype)
5302 {
5303 	if (params->listen_interval != -1 &&
5304 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5305 		return -EINVAL;
5306 
5307 	if (params->support_p2p_ps != -1 &&
5308 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5309 		return -EINVAL;
5310 
5311 	if (params->aid &&
5312 	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
5313 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5314 		return -EINVAL;
5315 
5316 	/* When you run into this, adjust the code below for the new flag */
5317 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5318 
5319 	switch (statype) {
5320 	case CFG80211_STA_MESH_PEER_KERNEL:
5321 	case CFG80211_STA_MESH_PEER_USER:
5322 		/*
5323 		 * No ignoring the TDLS flag here -- the userspace mesh
5324 		 * code doesn't have the bug of including TDLS in the
5325 		 * mask everywhere.
5326 		 */
5327 		if (params->sta_flags_mask &
5328 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5329 				  BIT(NL80211_STA_FLAG_MFP) |
5330 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
5331 			return -EINVAL;
5332 		break;
5333 	case CFG80211_STA_TDLS_PEER_SETUP:
5334 	case CFG80211_STA_TDLS_PEER_ACTIVE:
5335 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5336 			return -EINVAL;
5337 		/* ignore since it can't change */
5338 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5339 		break;
5340 	default:
5341 		/* disallow mesh-specific things */
5342 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
5343 			return -EINVAL;
5344 		if (params->local_pm)
5345 			return -EINVAL;
5346 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5347 			return -EINVAL;
5348 	}
5349 
5350 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5351 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
5352 		/* TDLS can't be set, ... */
5353 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
5354 			return -EINVAL;
5355 		/*
5356 		 * ... but don't bother the driver with it. This works around
5357 		 * a hostapd/wpa_supplicant issue -- it always includes the
5358 		 * TLDS_PEER flag in the mask even for AP mode.
5359 		 */
5360 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5361 	}
5362 
5363 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5364 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5365 		/* reject other things that can't change */
5366 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
5367 			return -EINVAL;
5368 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
5369 			return -EINVAL;
5370 		if (params->supported_rates)
5371 			return -EINVAL;
5372 		if (params->ext_capab || params->ht_capa || params->vht_capa ||
5373 		    params->he_capa)
5374 			return -EINVAL;
5375 	}
5376 
5377 	if (statype != CFG80211_STA_AP_CLIENT &&
5378 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5379 		if (params->vlan)
5380 			return -EINVAL;
5381 	}
5382 
5383 	switch (statype) {
5384 	case CFG80211_STA_AP_MLME_CLIENT:
5385 		/* Use this only for authorizing/unauthorizing a station */
5386 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5387 			return -EOPNOTSUPP;
5388 		break;
5389 	case CFG80211_STA_AP_CLIENT:
5390 	case CFG80211_STA_AP_CLIENT_UNASSOC:
5391 		/* accept only the listed bits */
5392 		if (params->sta_flags_mask &
5393 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5394 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5395 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
5396 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5397 				  BIT(NL80211_STA_FLAG_WME) |
5398 				  BIT(NL80211_STA_FLAG_MFP)))
5399 			return -EINVAL;
5400 
5401 		/* but authenticated/associated only if driver handles it */
5402 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5403 		    params->sta_flags_mask &
5404 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5405 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
5406 			return -EINVAL;
5407 		break;
5408 	case CFG80211_STA_IBSS:
5409 	case CFG80211_STA_AP_STA:
5410 		/* reject any changes other than AUTHORIZED */
5411 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
5412 			return -EINVAL;
5413 		break;
5414 	case CFG80211_STA_TDLS_PEER_SETUP:
5415 		/* reject any changes other than AUTHORIZED or WME */
5416 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5417 					       BIT(NL80211_STA_FLAG_WME)))
5418 			return -EINVAL;
5419 		/* force (at least) rates when authorizing */
5420 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
5421 		    !params->supported_rates)
5422 			return -EINVAL;
5423 		break;
5424 	case CFG80211_STA_TDLS_PEER_ACTIVE:
5425 		/* reject any changes */
5426 		return -EINVAL;
5427 	case CFG80211_STA_MESH_PEER_KERNEL:
5428 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5429 			return -EINVAL;
5430 		break;
5431 	case CFG80211_STA_MESH_PEER_USER:
5432 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
5433 		    params->plink_action != NL80211_PLINK_ACTION_BLOCK)
5434 			return -EINVAL;
5435 		break;
5436 	}
5437 
5438 	/*
5439 	 * Older kernel versions ignored this attribute entirely, so don't
5440 	 * reject attempts to update it but mark it as unused instead so the
5441 	 * driver won't look at the data.
5442 	 */
5443 	if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
5444 	    statype != CFG80211_STA_TDLS_PEER_SETUP)
5445 		params->opmode_notif_used = false;
5446 
5447 	return 0;
5448 }
5449 EXPORT_SYMBOL(cfg80211_check_station_change);
5450 
5451 /*
5452  * Get vlan interface making sure it is running and on the right wiphy.
5453  */
5454 static struct net_device *get_vlan(struct genl_info *info,
5455 				   struct cfg80211_registered_device *rdev)
5456 {
5457 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
5458 	struct net_device *v;
5459 	int ret;
5460 
5461 	if (!vlanattr)
5462 		return NULL;
5463 
5464 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
5465 	if (!v)
5466 		return ERR_PTR(-ENODEV);
5467 
5468 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
5469 		ret = -EINVAL;
5470 		goto error;
5471 	}
5472 
5473 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5474 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5475 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
5476 		ret = -EINVAL;
5477 		goto error;
5478 	}
5479 
5480 	if (!netif_running(v)) {
5481 		ret = -ENETDOWN;
5482 		goto error;
5483 	}
5484 
5485 	return v;
5486  error:
5487 	dev_put(v);
5488 	return ERR_PTR(ret);
5489 }
5490 
5491 static const struct nla_policy
5492 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
5493 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
5494 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
5495 };
5496 
5497 static int nl80211_parse_sta_wme(struct genl_info *info,
5498 				 struct station_parameters *params)
5499 {
5500 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
5501 	struct nlattr *nla;
5502 	int err;
5503 
5504 	/* parse WME attributes if present */
5505 	if (!info->attrs[NL80211_ATTR_STA_WME])
5506 		return 0;
5507 
5508 	nla = info->attrs[NL80211_ATTR_STA_WME];
5509 	err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
5510 					  nl80211_sta_wme_policy,
5511 					  info->extack);
5512 	if (err)
5513 		return err;
5514 
5515 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
5516 		params->uapsd_queues = nla_get_u8(
5517 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
5518 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
5519 		return -EINVAL;
5520 
5521 	if (tb[NL80211_STA_WME_MAX_SP])
5522 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
5523 
5524 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
5525 		return -EINVAL;
5526 
5527 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
5528 
5529 	return 0;
5530 }
5531 
5532 static int nl80211_parse_sta_channel_info(struct genl_info *info,
5533 				      struct station_parameters *params)
5534 {
5535 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
5536 		params->supported_channels =
5537 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5538 		params->supported_channels_len =
5539 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5540 		/*
5541 		 * Need to include at least one (first channel, number of
5542 		 * channels) tuple for each subband, and must have proper
5543 		 * tuples for the rest of the data as well.
5544 		 */
5545 		if (params->supported_channels_len < 2)
5546 			return -EINVAL;
5547 		if (params->supported_channels_len % 2)
5548 			return -EINVAL;
5549 	}
5550 
5551 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
5552 		params->supported_oper_classes =
5553 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5554 		params->supported_oper_classes_len =
5555 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5556 		/*
5557 		 * The value of the Length field of the Supported Operating
5558 		 * Classes element is between 2 and 253.
5559 		 */
5560 		if (params->supported_oper_classes_len < 2 ||
5561 		    params->supported_oper_classes_len > 253)
5562 			return -EINVAL;
5563 	}
5564 	return 0;
5565 }
5566 
5567 static int nl80211_set_station_tdls(struct genl_info *info,
5568 				    struct station_parameters *params)
5569 {
5570 	int err;
5571 	/* Dummy STA entry gets updated once the peer capabilities are known */
5572 	if (info->attrs[NL80211_ATTR_PEER_AID])
5573 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5574 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5575 		params->ht_capa =
5576 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5577 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5578 		params->vht_capa =
5579 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5580 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5581 		params->he_capa =
5582 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5583 		params->he_capa_len =
5584 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5585 
5586 		if (params->he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5587 			return -EINVAL;
5588 	}
5589 
5590 	err = nl80211_parse_sta_channel_info(info, params);
5591 	if (err)
5592 		return err;
5593 
5594 	return nl80211_parse_sta_wme(info, params);
5595 }
5596 
5597 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
5598 					     struct station_parameters *params)
5599 {
5600 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5601 	int idx;
5602 
5603 	if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
5604 		if (!rdev->ops->set_tx_power ||
5605 		    !wiphy_ext_feature_isset(&rdev->wiphy,
5606 					 NL80211_EXT_FEATURE_STA_TX_PWR))
5607 			return -EOPNOTSUPP;
5608 
5609 		idx = NL80211_ATTR_STA_TX_POWER_SETTING;
5610 		params->txpwr.type = nla_get_u8(info->attrs[idx]);
5611 
5612 		if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
5613 			idx = NL80211_ATTR_STA_TX_POWER;
5614 
5615 			if (info->attrs[idx])
5616 				params->txpwr.power =
5617 					nla_get_s16(info->attrs[idx]);
5618 			else
5619 				return -EINVAL;
5620 		}
5621 		params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
5622 	}
5623 
5624 	return 0;
5625 }
5626 
5627 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
5628 {
5629 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5630 	struct net_device *dev = info->user_ptr[1];
5631 	struct station_parameters params;
5632 	u8 *mac_addr;
5633 	int err;
5634 
5635 	memset(&params, 0, sizeof(params));
5636 
5637 	if (!rdev->ops->change_station)
5638 		return -EOPNOTSUPP;
5639 
5640 	/*
5641 	 * AID and listen_interval properties can be set only for unassociated
5642 	 * station. Include these parameters here and will check them in
5643 	 * cfg80211_check_station_change().
5644 	 */
5645 	if (info->attrs[NL80211_ATTR_STA_AID])
5646 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5647 
5648 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5649 		params.listen_interval =
5650 		     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5651 	else
5652 		params.listen_interval = -1;
5653 
5654 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
5655 		params.support_p2p_ps =
5656 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5657 	else
5658 		params.support_p2p_ps = -1;
5659 
5660 	if (!info->attrs[NL80211_ATTR_MAC])
5661 		return -EINVAL;
5662 
5663 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5664 
5665 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
5666 		params.supported_rates =
5667 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5668 		params.supported_rates_len =
5669 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5670 	}
5671 
5672 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5673 		params.capability =
5674 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5675 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5676 	}
5677 
5678 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5679 		params.ext_capab =
5680 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5681 		params.ext_capab_len =
5682 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5683 	}
5684 
5685 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5686 		return -EINVAL;
5687 
5688 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5689 		params.plink_action =
5690 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5691 
5692 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
5693 		params.plink_state =
5694 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
5695 		if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
5696 			params.peer_aid = nla_get_u16(
5697 				info->attrs[NL80211_ATTR_MESH_PEER_AID]);
5698 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
5699 	}
5700 
5701 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
5702 		params.local_pm = nla_get_u32(
5703 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5704 
5705 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5706 		params.opmode_notif_used = true;
5707 		params.opmode_notif =
5708 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5709 	}
5710 
5711 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5712 		params.airtime_weight =
5713 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5714 
5715 	if (params.airtime_weight &&
5716 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5717 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5718 		return -EOPNOTSUPP;
5719 
5720 	err = nl80211_parse_sta_txpower_setting(info, &params);
5721 	if (err)
5722 		return err;
5723 
5724 	/* Include parameters for TDLS peer (will check later) */
5725 	err = nl80211_set_station_tdls(info, &params);
5726 	if (err)
5727 		return err;
5728 
5729 	params.vlan = get_vlan(info, rdev);
5730 	if (IS_ERR(params.vlan))
5731 		return PTR_ERR(params.vlan);
5732 
5733 	switch (dev->ieee80211_ptr->iftype) {
5734 	case NL80211_IFTYPE_AP:
5735 	case NL80211_IFTYPE_AP_VLAN:
5736 	case NL80211_IFTYPE_P2P_GO:
5737 	case NL80211_IFTYPE_P2P_CLIENT:
5738 	case NL80211_IFTYPE_STATION:
5739 	case NL80211_IFTYPE_ADHOC:
5740 	case NL80211_IFTYPE_MESH_POINT:
5741 		break;
5742 	default:
5743 		err = -EOPNOTSUPP;
5744 		goto out_put_vlan;
5745 	}
5746 
5747 	/* driver will call cfg80211_check_station_change() */
5748 	err = rdev_change_station(rdev, dev, mac_addr, &params);
5749 
5750  out_put_vlan:
5751 	if (params.vlan)
5752 		dev_put(params.vlan);
5753 
5754 	return err;
5755 }
5756 
5757 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5758 {
5759 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5760 	int err;
5761 	struct net_device *dev = info->user_ptr[1];
5762 	struct station_parameters params;
5763 	u8 *mac_addr = NULL;
5764 	u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5765 			 BIT(NL80211_STA_FLAG_ASSOCIATED);
5766 
5767 	memset(&params, 0, sizeof(params));
5768 
5769 	if (!rdev->ops->add_station)
5770 		return -EOPNOTSUPP;
5771 
5772 	if (!info->attrs[NL80211_ATTR_MAC])
5773 		return -EINVAL;
5774 
5775 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5776 		return -EINVAL;
5777 
5778 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5779 		return -EINVAL;
5780 
5781 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
5782 	    !info->attrs[NL80211_ATTR_PEER_AID])
5783 		return -EINVAL;
5784 
5785 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5786 	params.supported_rates =
5787 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5788 	params.supported_rates_len =
5789 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5790 	params.listen_interval =
5791 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5792 
5793 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5794 		params.support_p2p_ps =
5795 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5796 	} else {
5797 		/*
5798 		 * if not specified, assume it's supported for P2P GO interface,
5799 		 * and is NOT supported for AP interface
5800 		 */
5801 		params.support_p2p_ps =
5802 			dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5803 	}
5804 
5805 	if (info->attrs[NL80211_ATTR_PEER_AID])
5806 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5807 	else
5808 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5809 
5810 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5811 		params.capability =
5812 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5813 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5814 	}
5815 
5816 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5817 		params.ext_capab =
5818 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5819 		params.ext_capab_len =
5820 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5821 	}
5822 
5823 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5824 		params.ht_capa =
5825 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5826 
5827 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5828 		params.vht_capa =
5829 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5830 
5831 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5832 		params.he_capa =
5833 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5834 		params.he_capa_len =
5835 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5836 
5837 		/* max len is validated in nla policy */
5838 		if (params.he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5839 			return -EINVAL;
5840 	}
5841 
5842 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5843 		params.opmode_notif_used = true;
5844 		params.opmode_notif =
5845 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5846 	}
5847 
5848 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5849 		params.plink_action =
5850 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5851 
5852 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5853 		params.airtime_weight =
5854 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5855 
5856 	if (params.airtime_weight &&
5857 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5858 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5859 		return -EOPNOTSUPP;
5860 
5861 	err = nl80211_parse_sta_txpower_setting(info, &params);
5862 	if (err)
5863 		return err;
5864 
5865 	err = nl80211_parse_sta_channel_info(info, &params);
5866 	if (err)
5867 		return err;
5868 
5869 	err = nl80211_parse_sta_wme(info, &params);
5870 	if (err)
5871 		return err;
5872 
5873 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5874 		return -EINVAL;
5875 
5876 	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
5877 	 * as userspace might just pass through the capabilities from the IEs
5878 	 * directly, rather than enforcing this restriction and returning an
5879 	 * error in this case.
5880 	 */
5881 	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5882 		params.ht_capa = NULL;
5883 		params.vht_capa = NULL;
5884 
5885 		/* HE requires WME */
5886 		if (params.he_capa_len)
5887 			return -EINVAL;
5888 	}
5889 
5890 	/* When you run into this, adjust the code below for the new flag */
5891 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5892 
5893 	switch (dev->ieee80211_ptr->iftype) {
5894 	case NL80211_IFTYPE_AP:
5895 	case NL80211_IFTYPE_AP_VLAN:
5896 	case NL80211_IFTYPE_P2P_GO:
5897 		/* ignore WME attributes if iface/sta is not capable */
5898 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5899 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5900 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5901 
5902 		/* TDLS peers cannot be added */
5903 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5904 		    info->attrs[NL80211_ATTR_PEER_AID])
5905 			return -EINVAL;
5906 		/* but don't bother the driver with it */
5907 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5908 
5909 		/* allow authenticated/associated only if driver handles it */
5910 		if (!(rdev->wiphy.features &
5911 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5912 		    params.sta_flags_mask & auth_assoc)
5913 			return -EINVAL;
5914 
5915 		/* Older userspace, or userspace wanting to be compatible with
5916 		 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
5917 		 * and assoc flags in the mask, but assumes the station will be
5918 		 * added as associated anyway since this was the required driver
5919 		 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
5920 		 * introduced.
5921 		 * In order to not bother drivers with this quirk in the API
5922 		 * set the flags in both the mask and set for new stations in
5923 		 * this case.
5924 		 */
5925 		if (!(params.sta_flags_mask & auth_assoc)) {
5926 			params.sta_flags_mask |= auth_assoc;
5927 			params.sta_flags_set |= auth_assoc;
5928 		}
5929 
5930 		/* must be last in here for error handling */
5931 		params.vlan = get_vlan(info, rdev);
5932 		if (IS_ERR(params.vlan))
5933 			return PTR_ERR(params.vlan);
5934 		break;
5935 	case NL80211_IFTYPE_MESH_POINT:
5936 		/* ignore uAPSD data */
5937 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5938 
5939 		/* associated is disallowed */
5940 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
5941 			return -EINVAL;
5942 		/* TDLS peers cannot be added */
5943 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5944 		    info->attrs[NL80211_ATTR_PEER_AID])
5945 			return -EINVAL;
5946 		break;
5947 	case NL80211_IFTYPE_STATION:
5948 	case NL80211_IFTYPE_P2P_CLIENT:
5949 		/* ignore uAPSD data */
5950 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5951 
5952 		/* these are disallowed */
5953 		if (params.sta_flags_mask &
5954 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
5955 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
5956 			return -EINVAL;
5957 		/* Only TDLS peers can be added */
5958 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5959 			return -EINVAL;
5960 		/* Can only add if TDLS ... */
5961 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
5962 			return -EOPNOTSUPP;
5963 		/* ... with external setup is supported */
5964 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
5965 			return -EOPNOTSUPP;
5966 		/*
5967 		 * Older wpa_supplicant versions always mark the TDLS peer
5968 		 * as authorized, but it shouldn't yet be.
5969 		 */
5970 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
5971 		break;
5972 	default:
5973 		return -EOPNOTSUPP;
5974 	}
5975 
5976 	/* be aware of params.vlan when changing code here */
5977 
5978 	err = rdev_add_station(rdev, dev, mac_addr, &params);
5979 
5980 	if (params.vlan)
5981 		dev_put(params.vlan);
5982 	return err;
5983 }
5984 
5985 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
5986 {
5987 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5988 	struct net_device *dev = info->user_ptr[1];
5989 	struct station_del_parameters params;
5990 
5991 	memset(&params, 0, sizeof(params));
5992 
5993 	if (info->attrs[NL80211_ATTR_MAC])
5994 		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
5995 
5996 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5997 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5998 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5999 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6000 		return -EINVAL;
6001 
6002 	if (!rdev->ops->del_station)
6003 		return -EOPNOTSUPP;
6004 
6005 	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
6006 		params.subtype =
6007 			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
6008 		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
6009 		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
6010 			return -EINVAL;
6011 	} else {
6012 		/* Default to Deauthentication frame */
6013 		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
6014 	}
6015 
6016 	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
6017 		params.reason_code =
6018 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6019 		if (params.reason_code == 0)
6020 			return -EINVAL; /* 0 is reserved */
6021 	} else {
6022 		/* Default to reason code 2 */
6023 		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
6024 	}
6025 
6026 	return rdev_del_station(rdev, dev, &params);
6027 }
6028 
6029 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
6030 				int flags, struct net_device *dev,
6031 				u8 *dst, u8 *next_hop,
6032 				struct mpath_info *pinfo)
6033 {
6034 	void *hdr;
6035 	struct nlattr *pinfoattr;
6036 
6037 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
6038 	if (!hdr)
6039 		return -1;
6040 
6041 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6042 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
6043 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
6044 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
6045 		goto nla_put_failure;
6046 
6047 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
6048 	if (!pinfoattr)
6049 		goto nla_put_failure;
6050 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
6051 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
6052 			pinfo->frame_qlen))
6053 		goto nla_put_failure;
6054 	if (((pinfo->filled & MPATH_INFO_SN) &&
6055 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
6056 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
6057 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
6058 			 pinfo->metric)) ||
6059 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
6060 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
6061 			 pinfo->exptime)) ||
6062 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
6063 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
6064 			pinfo->flags)) ||
6065 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
6066 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
6067 			 pinfo->discovery_timeout)) ||
6068 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
6069 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
6070 			pinfo->discovery_retries)) ||
6071 	    ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
6072 	     nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
6073 			pinfo->hop_count)) ||
6074 	    ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
6075 	     nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
6076 			 pinfo->path_change_count)))
6077 		goto nla_put_failure;
6078 
6079 	nla_nest_end(msg, pinfoattr);
6080 
6081 	genlmsg_end(msg, hdr);
6082 	return 0;
6083 
6084  nla_put_failure:
6085 	genlmsg_cancel(msg, hdr);
6086 	return -EMSGSIZE;
6087 }
6088 
6089 static int nl80211_dump_mpath(struct sk_buff *skb,
6090 			      struct netlink_callback *cb)
6091 {
6092 	struct mpath_info pinfo;
6093 	struct cfg80211_registered_device *rdev;
6094 	struct wireless_dev *wdev;
6095 	u8 dst[ETH_ALEN];
6096 	u8 next_hop[ETH_ALEN];
6097 	int path_idx = cb->args[2];
6098 	int err;
6099 
6100 	rtnl_lock();
6101 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6102 	if (err)
6103 		goto out_err;
6104 
6105 	if (!rdev->ops->dump_mpath) {
6106 		err = -EOPNOTSUPP;
6107 		goto out_err;
6108 	}
6109 
6110 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6111 		err = -EOPNOTSUPP;
6112 		goto out_err;
6113 	}
6114 
6115 	while (1) {
6116 		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6117 				      next_hop, &pinfo);
6118 		if (err == -ENOENT)
6119 			break;
6120 		if (err)
6121 			goto out_err;
6122 
6123 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6124 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
6125 				       wdev->netdev, dst, next_hop,
6126 				       &pinfo) < 0)
6127 			goto out;
6128 
6129 		path_idx++;
6130 	}
6131 
6132  out:
6133 	cb->args[2] = path_idx;
6134 	err = skb->len;
6135  out_err:
6136 	rtnl_unlock();
6137 	return err;
6138 }
6139 
6140 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6141 {
6142 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6143 	int err;
6144 	struct net_device *dev = info->user_ptr[1];
6145 	struct mpath_info pinfo;
6146 	struct sk_buff *msg;
6147 	u8 *dst = NULL;
6148 	u8 next_hop[ETH_ALEN];
6149 
6150 	memset(&pinfo, 0, sizeof(pinfo));
6151 
6152 	if (!info->attrs[NL80211_ATTR_MAC])
6153 		return -EINVAL;
6154 
6155 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6156 
6157 	if (!rdev->ops->get_mpath)
6158 		return -EOPNOTSUPP;
6159 
6160 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6161 		return -EOPNOTSUPP;
6162 
6163 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6164 	if (err)
6165 		return err;
6166 
6167 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6168 	if (!msg)
6169 		return -ENOMEM;
6170 
6171 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6172 				 dev, dst, next_hop, &pinfo) < 0) {
6173 		nlmsg_free(msg);
6174 		return -ENOBUFS;
6175 	}
6176 
6177 	return genlmsg_reply(msg, info);
6178 }
6179 
6180 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6181 {
6182 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6183 	struct net_device *dev = info->user_ptr[1];
6184 	u8 *dst = NULL;
6185 	u8 *next_hop = NULL;
6186 
6187 	if (!info->attrs[NL80211_ATTR_MAC])
6188 		return -EINVAL;
6189 
6190 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6191 		return -EINVAL;
6192 
6193 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6194 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6195 
6196 	if (!rdev->ops->change_mpath)
6197 		return -EOPNOTSUPP;
6198 
6199 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6200 		return -EOPNOTSUPP;
6201 
6202 	return rdev_change_mpath(rdev, dev, dst, next_hop);
6203 }
6204 
6205 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
6206 {
6207 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6208 	struct net_device *dev = info->user_ptr[1];
6209 	u8 *dst = NULL;
6210 	u8 *next_hop = NULL;
6211 
6212 	if (!info->attrs[NL80211_ATTR_MAC])
6213 		return -EINVAL;
6214 
6215 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6216 		return -EINVAL;
6217 
6218 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6219 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6220 
6221 	if (!rdev->ops->add_mpath)
6222 		return -EOPNOTSUPP;
6223 
6224 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6225 		return -EOPNOTSUPP;
6226 
6227 	return rdev_add_mpath(rdev, dev, dst, next_hop);
6228 }
6229 
6230 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
6231 {
6232 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6233 	struct net_device *dev = info->user_ptr[1];
6234 	u8 *dst = NULL;
6235 
6236 	if (info->attrs[NL80211_ATTR_MAC])
6237 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6238 
6239 	if (!rdev->ops->del_mpath)
6240 		return -EOPNOTSUPP;
6241 
6242 	return rdev_del_mpath(rdev, dev, dst);
6243 }
6244 
6245 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
6246 {
6247 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6248 	int err;
6249 	struct net_device *dev = info->user_ptr[1];
6250 	struct mpath_info pinfo;
6251 	struct sk_buff *msg;
6252 	u8 *dst = NULL;
6253 	u8 mpp[ETH_ALEN];
6254 
6255 	memset(&pinfo, 0, sizeof(pinfo));
6256 
6257 	if (!info->attrs[NL80211_ATTR_MAC])
6258 		return -EINVAL;
6259 
6260 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6261 
6262 	if (!rdev->ops->get_mpp)
6263 		return -EOPNOTSUPP;
6264 
6265 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6266 		return -EOPNOTSUPP;
6267 
6268 	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
6269 	if (err)
6270 		return err;
6271 
6272 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6273 	if (!msg)
6274 		return -ENOMEM;
6275 
6276 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6277 			       dev, dst, mpp, &pinfo) < 0) {
6278 		nlmsg_free(msg);
6279 		return -ENOBUFS;
6280 	}
6281 
6282 	return genlmsg_reply(msg, info);
6283 }
6284 
6285 static int nl80211_dump_mpp(struct sk_buff *skb,
6286 			    struct netlink_callback *cb)
6287 {
6288 	struct mpath_info pinfo;
6289 	struct cfg80211_registered_device *rdev;
6290 	struct wireless_dev *wdev;
6291 	u8 dst[ETH_ALEN];
6292 	u8 mpp[ETH_ALEN];
6293 	int path_idx = cb->args[2];
6294 	int err;
6295 
6296 	rtnl_lock();
6297 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6298 	if (err)
6299 		goto out_err;
6300 
6301 	if (!rdev->ops->dump_mpp) {
6302 		err = -EOPNOTSUPP;
6303 		goto out_err;
6304 	}
6305 
6306 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6307 		err = -EOPNOTSUPP;
6308 		goto out_err;
6309 	}
6310 
6311 	while (1) {
6312 		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
6313 				    mpp, &pinfo);
6314 		if (err == -ENOENT)
6315 			break;
6316 		if (err)
6317 			goto out_err;
6318 
6319 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6320 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
6321 				       wdev->netdev, dst, mpp,
6322 				       &pinfo) < 0)
6323 			goto out;
6324 
6325 		path_idx++;
6326 	}
6327 
6328  out:
6329 	cb->args[2] = path_idx;
6330 	err = skb->len;
6331  out_err:
6332 	rtnl_unlock();
6333 	return err;
6334 }
6335 
6336 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
6337 {
6338 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6339 	struct net_device *dev = info->user_ptr[1];
6340 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6341 	struct bss_parameters params;
6342 	int err;
6343 
6344 	memset(&params, 0, sizeof(params));
6345 	/* default to not changing parameters */
6346 	params.use_cts_prot = -1;
6347 	params.use_short_preamble = -1;
6348 	params.use_short_slot_time = -1;
6349 	params.ap_isolate = -1;
6350 	params.ht_opmode = -1;
6351 	params.p2p_ctwindow = -1;
6352 	params.p2p_opp_ps = -1;
6353 
6354 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
6355 		params.use_cts_prot =
6356 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
6357 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
6358 		params.use_short_preamble =
6359 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
6360 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
6361 		params.use_short_slot_time =
6362 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
6363 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6364 		params.basic_rates =
6365 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6366 		params.basic_rates_len =
6367 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6368 	}
6369 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
6370 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
6371 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
6372 		params.ht_opmode =
6373 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
6374 
6375 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6376 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6377 			return -EINVAL;
6378 		params.p2p_ctwindow =
6379 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6380 		if (params.p2p_ctwindow != 0 &&
6381 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
6382 			return -EINVAL;
6383 	}
6384 
6385 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6386 		u8 tmp;
6387 
6388 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6389 			return -EINVAL;
6390 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6391 		params.p2p_opp_ps = tmp;
6392 		if (params.p2p_opp_ps &&
6393 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
6394 			return -EINVAL;
6395 	}
6396 
6397 	if (!rdev->ops->change_bss)
6398 		return -EOPNOTSUPP;
6399 
6400 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6401 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6402 		return -EOPNOTSUPP;
6403 
6404 	wdev_lock(wdev);
6405 	err = rdev_change_bss(rdev, dev, &params);
6406 	wdev_unlock(wdev);
6407 
6408 	return err;
6409 }
6410 
6411 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
6412 {
6413 	char *data = NULL;
6414 	bool is_indoor;
6415 	enum nl80211_user_reg_hint_type user_reg_hint_type;
6416 	u32 owner_nlportid;
6417 
6418 	/*
6419 	 * You should only get this when cfg80211 hasn't yet initialized
6420 	 * completely when built-in to the kernel right between the time
6421 	 * window between nl80211_init() and regulatory_init(), if that is
6422 	 * even possible.
6423 	 */
6424 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
6425 		return -EINPROGRESS;
6426 
6427 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
6428 		user_reg_hint_type =
6429 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
6430 	else
6431 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
6432 
6433 	switch (user_reg_hint_type) {
6434 	case NL80211_USER_REG_HINT_USER:
6435 	case NL80211_USER_REG_HINT_CELL_BASE:
6436 		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6437 			return -EINVAL;
6438 
6439 		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6440 		return regulatory_hint_user(data, user_reg_hint_type);
6441 	case NL80211_USER_REG_HINT_INDOOR:
6442 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
6443 			owner_nlportid = info->snd_portid;
6444 			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
6445 		} else {
6446 			owner_nlportid = 0;
6447 			is_indoor = true;
6448 		}
6449 
6450 		return regulatory_hint_indoor(is_indoor, owner_nlportid);
6451 	default:
6452 		return -EINVAL;
6453 	}
6454 }
6455 
6456 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
6457 {
6458 	return reg_reload_regdb();
6459 }
6460 
6461 static int nl80211_get_mesh_config(struct sk_buff *skb,
6462 				   struct genl_info *info)
6463 {
6464 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6465 	struct net_device *dev = info->user_ptr[1];
6466 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6467 	struct mesh_config cur_params;
6468 	int err = 0;
6469 	void *hdr;
6470 	struct nlattr *pinfoattr;
6471 	struct sk_buff *msg;
6472 
6473 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6474 		return -EOPNOTSUPP;
6475 
6476 	if (!rdev->ops->get_mesh_config)
6477 		return -EOPNOTSUPP;
6478 
6479 	wdev_lock(wdev);
6480 	/* If not connected, get default parameters */
6481 	if (!wdev->mesh_id_len)
6482 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
6483 	else
6484 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
6485 	wdev_unlock(wdev);
6486 
6487 	if (err)
6488 		return err;
6489 
6490 	/* Draw up a netlink message to send back */
6491 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6492 	if (!msg)
6493 		return -ENOMEM;
6494 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6495 			     NL80211_CMD_GET_MESH_CONFIG);
6496 	if (!hdr)
6497 		goto out;
6498 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
6499 	if (!pinfoattr)
6500 		goto nla_put_failure;
6501 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6502 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
6503 			cur_params.dot11MeshRetryTimeout) ||
6504 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
6505 			cur_params.dot11MeshConfirmTimeout) ||
6506 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
6507 			cur_params.dot11MeshHoldingTimeout) ||
6508 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
6509 			cur_params.dot11MeshMaxPeerLinks) ||
6510 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
6511 		       cur_params.dot11MeshMaxRetries) ||
6512 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
6513 		       cur_params.dot11MeshTTL) ||
6514 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
6515 		       cur_params.element_ttl) ||
6516 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6517 		       cur_params.auto_open_plinks) ||
6518 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6519 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
6520 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6521 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
6522 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
6523 			cur_params.path_refresh_time) ||
6524 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6525 			cur_params.min_discovery_timeout) ||
6526 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6527 			cur_params.dot11MeshHWMPactivePathTimeout) ||
6528 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6529 			cur_params.dot11MeshHWMPpreqMinInterval) ||
6530 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6531 			cur_params.dot11MeshHWMPperrMinInterval) ||
6532 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6533 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
6534 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
6535 		       cur_params.dot11MeshHWMPRootMode) ||
6536 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6537 			cur_params.dot11MeshHWMPRannInterval) ||
6538 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6539 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
6540 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
6541 		       cur_params.dot11MeshForwarding) ||
6542 	    nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
6543 			cur_params.rssi_threshold) ||
6544 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
6545 			cur_params.ht_opmode) ||
6546 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6547 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
6548 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6549 			cur_params.dot11MeshHWMProotInterval) ||
6550 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6551 			cur_params.dot11MeshHWMPconfirmationInterval) ||
6552 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
6553 			cur_params.power_mode) ||
6554 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
6555 			cur_params.dot11MeshAwakeWindowDuration) ||
6556 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
6557 			cur_params.plink_timeout) ||
6558 	    nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
6559 		       cur_params.dot11MeshConnectedToMeshGate))
6560 		goto nla_put_failure;
6561 	nla_nest_end(msg, pinfoattr);
6562 	genlmsg_end(msg, hdr);
6563 	return genlmsg_reply(msg, info);
6564 
6565  nla_put_failure:
6566  out:
6567 	nlmsg_free(msg);
6568 	return -ENOBUFS;
6569 }
6570 
6571 static const struct nla_policy
6572 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
6573 	[NL80211_MESHCONF_RETRY_TIMEOUT] =
6574 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6575 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] =
6576 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6577 	[NL80211_MESHCONF_HOLDING_TIMEOUT] =
6578 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6579 	[NL80211_MESHCONF_MAX_PEER_LINKS] =
6580 		NLA_POLICY_RANGE(NLA_U16, 0, 255),
6581 	[NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
6582 	[NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6583 	[NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6584 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
6585 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
6586 		NLA_POLICY_RANGE(NLA_U32, 1, 255),
6587 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
6588 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
6589 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
6590 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
6591 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
6592 		NLA_POLICY_MIN(NLA_U16, 1),
6593 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
6594 		NLA_POLICY_MIN(NLA_U16, 1),
6595 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
6596 		NLA_POLICY_MIN(NLA_U16, 1),
6597 	[NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
6598 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
6599 		NLA_POLICY_MIN(NLA_U16, 1),
6600 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
6601 	[NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
6602 	[NL80211_MESHCONF_RSSI_THRESHOLD] =
6603 		NLA_POLICY_RANGE(NLA_S32, -255, 0),
6604 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
6605 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
6606 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
6607 		NLA_POLICY_MIN(NLA_U16, 1),
6608 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
6609 		NLA_POLICY_MIN(NLA_U16, 1),
6610 	[NL80211_MESHCONF_POWER_MODE] =
6611 		NLA_POLICY_RANGE(NLA_U32,
6612 				 NL80211_MESH_POWER_ACTIVE,
6613 				 NL80211_MESH_POWER_MAX),
6614 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
6615 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
6616 	[NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
6617 };
6618 
6619 static const struct nla_policy
6620 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
6621 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
6622 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
6623 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
6624 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
6625 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
6626 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
6627 	[NL80211_MESH_SETUP_IE] =
6628 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
6629 				       IEEE80211_MAX_DATA_LEN),
6630 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
6631 };
6632 
6633 static int nl80211_parse_mesh_config(struct genl_info *info,
6634 				     struct mesh_config *cfg,
6635 				     u32 *mask_out)
6636 {
6637 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
6638 	u32 mask = 0;
6639 	u16 ht_opmode;
6640 
6641 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn)	\
6642 do {									\
6643 	if (tb[attr]) {							\
6644 		cfg->param = fn(tb[attr]);				\
6645 		mask |= BIT((attr) - 1);				\
6646 	}								\
6647 } while (0)
6648 
6649 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
6650 		return -EINVAL;
6651 	if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
6652 		return -EINVAL;
6653 
6654 	/* This makes sure that there aren't more than 32 mesh config
6655 	 * parameters (otherwise our bitfield scheme would not work.) */
6656 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
6657 
6658 	/* Fill in the params struct */
6659 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
6660 				  NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
6661 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
6662 				  NL80211_MESHCONF_CONFIRM_TIMEOUT,
6663 				  nla_get_u16);
6664 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
6665 				  NL80211_MESHCONF_HOLDING_TIMEOUT,
6666 				  nla_get_u16);
6667 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
6668 				  NL80211_MESHCONF_MAX_PEER_LINKS,
6669 				  nla_get_u16);
6670 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
6671 				  NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
6672 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
6673 				  NL80211_MESHCONF_TTL, nla_get_u8);
6674 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
6675 				  NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
6676 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
6677 				  NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6678 				  nla_get_u8);
6679 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
6680 				  mask,
6681 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6682 				  nla_get_u32);
6683 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
6684 				  NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6685 				  nla_get_u8);
6686 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
6687 				  NL80211_MESHCONF_PATH_REFRESH_TIME,
6688 				  nla_get_u32);
6689 	if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
6690 	    (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
6691 		return -EINVAL;
6692 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
6693 				  NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6694 				  nla_get_u16);
6695 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6696 				  mask,
6697 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6698 				  nla_get_u32);
6699 	if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
6700 	    (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
6701 	     cfg->dot11MeshHWMPactivePathTimeout > 65535))
6702 		return -EINVAL;
6703 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
6704 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6705 				  nla_get_u16);
6706 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
6707 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6708 				  nla_get_u16);
6709 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6710 				  dot11MeshHWMPnetDiameterTraversalTime, mask,
6711 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6712 				  nla_get_u16);
6713 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
6714 				  NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
6715 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
6716 				  NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6717 				  nla_get_u16);
6718 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
6719 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6720 				  nla_get_u8);
6721 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
6722 				  NL80211_MESHCONF_FORWARDING, nla_get_u8);
6723 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
6724 				  NL80211_MESHCONF_RSSI_THRESHOLD,
6725 				  nla_get_s32);
6726 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
6727 				  NL80211_MESHCONF_CONNECTED_TO_GATE,
6728 				  nla_get_u8);
6729 	/*
6730 	 * Check HT operation mode based on
6731 	 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
6732 	 */
6733 	if (tb[NL80211_MESHCONF_HT_OPMODE]) {
6734 		ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
6735 
6736 		if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
6737 				  IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
6738 				  IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6739 			return -EINVAL;
6740 
6741 		/* NON_HT_STA bit is reserved, but some programs set it */
6742 		ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
6743 
6744 		cfg->ht_opmode = ht_opmode;
6745 		mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6746 	}
6747 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6748 				  dot11MeshHWMPactivePathToRootTimeout, mask,
6749 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6750 				  nla_get_u32);
6751 	if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
6752 	    (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
6753 	     cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
6754 		return -EINVAL;
6755 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
6756 				  NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6757 				  nla_get_u16);
6758 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
6759 				  mask,
6760 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6761 				  nla_get_u16);
6762 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
6763 				  NL80211_MESHCONF_POWER_MODE, nla_get_u32);
6764 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
6765 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
6766 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
6767 				  NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
6768 	if (mask_out)
6769 		*mask_out = mask;
6770 
6771 	return 0;
6772 
6773 #undef FILL_IN_MESH_PARAM_IF_SET
6774 }
6775 
6776 static int nl80211_parse_mesh_setup(struct genl_info *info,
6777 				     struct mesh_setup *setup)
6778 {
6779 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6780 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6781 
6782 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6783 		return -EINVAL;
6784 	if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
6785 		return -EINVAL;
6786 
6787 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6788 		setup->sync_method =
6789 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6790 		 IEEE80211_SYNC_METHOD_VENDOR :
6791 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6792 
6793 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6794 		setup->path_sel_proto =
6795 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6796 		 IEEE80211_PATH_PROTOCOL_VENDOR :
6797 		 IEEE80211_PATH_PROTOCOL_HWMP;
6798 
6799 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6800 		setup->path_metric =
6801 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6802 		 IEEE80211_PATH_METRIC_VENDOR :
6803 		 IEEE80211_PATH_METRIC_AIRTIME;
6804 
6805 	if (tb[NL80211_MESH_SETUP_IE]) {
6806 		struct nlattr *ieattr =
6807 			tb[NL80211_MESH_SETUP_IE];
6808 		setup->ie = nla_data(ieattr);
6809 		setup->ie_len = nla_len(ieattr);
6810 	}
6811 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6812 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6813 		return -EINVAL;
6814 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6815 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6816 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6817 	if (setup->is_secure)
6818 		setup->user_mpm = true;
6819 
6820 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6821 		if (!setup->user_mpm)
6822 			return -EINVAL;
6823 		setup->auth_id =
6824 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6825 	}
6826 
6827 	return 0;
6828 }
6829 
6830 static int nl80211_update_mesh_config(struct sk_buff *skb,
6831 				      struct genl_info *info)
6832 {
6833 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6834 	struct net_device *dev = info->user_ptr[1];
6835 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6836 	struct mesh_config cfg;
6837 	u32 mask;
6838 	int err;
6839 
6840 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6841 		return -EOPNOTSUPP;
6842 
6843 	if (!rdev->ops->update_mesh_config)
6844 		return -EOPNOTSUPP;
6845 
6846 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
6847 	if (err)
6848 		return err;
6849 
6850 	wdev_lock(wdev);
6851 	if (!wdev->mesh_id_len)
6852 		err = -ENOLINK;
6853 
6854 	if (!err)
6855 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6856 
6857 	wdev_unlock(wdev);
6858 
6859 	return err;
6860 }
6861 
6862 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6863 			      struct sk_buff *msg)
6864 {
6865 	struct nlattr *nl_reg_rules;
6866 	unsigned int i;
6867 
6868 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6869 	    (regdom->dfs_region &&
6870 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6871 		goto nla_put_failure;
6872 
6873 	nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
6874 	if (!nl_reg_rules)
6875 		goto nla_put_failure;
6876 
6877 	for (i = 0; i < regdom->n_reg_rules; i++) {
6878 		struct nlattr *nl_reg_rule;
6879 		const struct ieee80211_reg_rule *reg_rule;
6880 		const struct ieee80211_freq_range *freq_range;
6881 		const struct ieee80211_power_rule *power_rule;
6882 		unsigned int max_bandwidth_khz;
6883 
6884 		reg_rule = &regdom->reg_rules[i];
6885 		freq_range = &reg_rule->freq_range;
6886 		power_rule = &reg_rule->power_rule;
6887 
6888 		nl_reg_rule = nla_nest_start_noflag(msg, i);
6889 		if (!nl_reg_rule)
6890 			goto nla_put_failure;
6891 
6892 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
6893 		if (!max_bandwidth_khz)
6894 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6895 								  reg_rule);
6896 
6897 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6898 				reg_rule->flags) ||
6899 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6900 				freq_range->start_freq_khz) ||
6901 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6902 				freq_range->end_freq_khz) ||
6903 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6904 				max_bandwidth_khz) ||
6905 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6906 				power_rule->max_antenna_gain) ||
6907 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6908 				power_rule->max_eirp) ||
6909 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6910 				reg_rule->dfs_cac_ms))
6911 			goto nla_put_failure;
6912 
6913 		nla_nest_end(msg, nl_reg_rule);
6914 	}
6915 
6916 	nla_nest_end(msg, nl_reg_rules);
6917 	return 0;
6918 
6919 nla_put_failure:
6920 	return -EMSGSIZE;
6921 }
6922 
6923 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
6924 {
6925 	const struct ieee80211_regdomain *regdom = NULL;
6926 	struct cfg80211_registered_device *rdev;
6927 	struct wiphy *wiphy = NULL;
6928 	struct sk_buff *msg;
6929 	void *hdr;
6930 
6931 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6932 	if (!msg)
6933 		return -ENOBUFS;
6934 
6935 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6936 			     NL80211_CMD_GET_REG);
6937 	if (!hdr)
6938 		goto put_failure;
6939 
6940 	if (info->attrs[NL80211_ATTR_WIPHY]) {
6941 		bool self_managed;
6942 
6943 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
6944 		if (IS_ERR(rdev)) {
6945 			nlmsg_free(msg);
6946 			return PTR_ERR(rdev);
6947 		}
6948 
6949 		wiphy = &rdev->wiphy;
6950 		self_managed = wiphy->regulatory_flags &
6951 			       REGULATORY_WIPHY_SELF_MANAGED;
6952 		regdom = get_wiphy_regdom(wiphy);
6953 
6954 		/* a self-managed-reg device must have a private regdom */
6955 		if (WARN_ON(!regdom && self_managed)) {
6956 			nlmsg_free(msg);
6957 			return -EINVAL;
6958 		}
6959 
6960 		if (regdom &&
6961 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6962 			goto nla_put_failure;
6963 	}
6964 
6965 	if (!wiphy && reg_last_request_cell_base() &&
6966 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6967 			NL80211_USER_REG_HINT_CELL_BASE))
6968 		goto nla_put_failure;
6969 
6970 	rcu_read_lock();
6971 
6972 	if (!regdom)
6973 		regdom = rcu_dereference(cfg80211_regdomain);
6974 
6975 	if (nl80211_put_regdom(regdom, msg))
6976 		goto nla_put_failure_rcu;
6977 
6978 	rcu_read_unlock();
6979 
6980 	genlmsg_end(msg, hdr);
6981 	return genlmsg_reply(msg, info);
6982 
6983 nla_put_failure_rcu:
6984 	rcu_read_unlock();
6985 nla_put_failure:
6986 put_failure:
6987 	nlmsg_free(msg);
6988 	return -EMSGSIZE;
6989 }
6990 
6991 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
6992 			       u32 seq, int flags, struct wiphy *wiphy,
6993 			       const struct ieee80211_regdomain *regdom)
6994 {
6995 	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6996 				   NL80211_CMD_GET_REG);
6997 
6998 	if (!hdr)
6999 		return -1;
7000 
7001 	genl_dump_check_consistent(cb, hdr);
7002 
7003 	if (nl80211_put_regdom(regdom, msg))
7004 		goto nla_put_failure;
7005 
7006 	if (!wiphy && reg_last_request_cell_base() &&
7007 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7008 			NL80211_USER_REG_HINT_CELL_BASE))
7009 		goto nla_put_failure;
7010 
7011 	if (wiphy &&
7012 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7013 		goto nla_put_failure;
7014 
7015 	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
7016 	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
7017 		goto nla_put_failure;
7018 
7019 	genlmsg_end(msg, hdr);
7020 	return 0;
7021 
7022 nla_put_failure:
7023 	genlmsg_cancel(msg, hdr);
7024 	return -EMSGSIZE;
7025 }
7026 
7027 static int nl80211_get_reg_dump(struct sk_buff *skb,
7028 				struct netlink_callback *cb)
7029 {
7030 	const struct ieee80211_regdomain *regdom = NULL;
7031 	struct cfg80211_registered_device *rdev;
7032 	int err, reg_idx, start = cb->args[2];
7033 
7034 	rtnl_lock();
7035 
7036 	if (cfg80211_regdomain && start == 0) {
7037 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7038 					  NLM_F_MULTI, NULL,
7039 					  rtnl_dereference(cfg80211_regdomain));
7040 		if (err < 0)
7041 			goto out_err;
7042 	}
7043 
7044 	/* the global regdom is idx 0 */
7045 	reg_idx = 1;
7046 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
7047 		regdom = get_wiphy_regdom(&rdev->wiphy);
7048 		if (!regdom)
7049 			continue;
7050 
7051 		if (++reg_idx <= start)
7052 			continue;
7053 
7054 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7055 					  NLM_F_MULTI, &rdev->wiphy, regdom);
7056 		if (err < 0) {
7057 			reg_idx--;
7058 			break;
7059 		}
7060 	}
7061 
7062 	cb->args[2] = reg_idx;
7063 	err = skb->len;
7064 out_err:
7065 	rtnl_unlock();
7066 	return err;
7067 }
7068 
7069 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
7070 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
7071 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
7072 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
7073 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
7074 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
7075 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
7076 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
7077 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
7078 };
7079 
7080 static int parse_reg_rule(struct nlattr *tb[],
7081 	struct ieee80211_reg_rule *reg_rule)
7082 {
7083 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
7084 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
7085 
7086 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
7087 		return -EINVAL;
7088 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
7089 		return -EINVAL;
7090 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
7091 		return -EINVAL;
7092 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
7093 		return -EINVAL;
7094 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
7095 		return -EINVAL;
7096 
7097 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
7098 
7099 	freq_range->start_freq_khz =
7100 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
7101 	freq_range->end_freq_khz =
7102 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7103 	freq_range->max_bandwidth_khz =
7104 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7105 
7106 	power_rule->max_eirp =
7107 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7108 
7109 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7110 		power_rule->max_antenna_gain =
7111 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7112 
7113 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
7114 		reg_rule->dfs_cac_ms =
7115 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7116 
7117 	return 0;
7118 }
7119 
7120 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7121 {
7122 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7123 	struct nlattr *nl_reg_rule;
7124 	char *alpha2;
7125 	int rem_reg_rules, r;
7126 	u32 num_rules = 0, rule_idx = 0;
7127 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7128 	struct ieee80211_regdomain *rd;
7129 
7130 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7131 		return -EINVAL;
7132 
7133 	if (!info->attrs[NL80211_ATTR_REG_RULES])
7134 		return -EINVAL;
7135 
7136 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7137 
7138 	if (info->attrs[NL80211_ATTR_DFS_REGION])
7139 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7140 
7141 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7142 			    rem_reg_rules) {
7143 		num_rules++;
7144 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7145 			return -EINVAL;
7146 	}
7147 
7148 	if (!reg_is_valid_request(alpha2))
7149 		return -EINVAL;
7150 
7151 	rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7152 	if (!rd)
7153 		return -ENOMEM;
7154 
7155 	rd->n_reg_rules = num_rules;
7156 	rd->alpha2[0] = alpha2[0];
7157 	rd->alpha2[1] = alpha2[1];
7158 
7159 	/*
7160 	 * Disable DFS master mode if the DFS region was
7161 	 * not supported or known on this kernel.
7162 	 */
7163 	if (reg_supported_dfs_region(dfs_region))
7164 		rd->dfs_region = dfs_region;
7165 
7166 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7167 			    rem_reg_rules) {
7168 		r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7169 						nl_reg_rule, reg_rule_policy,
7170 						info->extack);
7171 		if (r)
7172 			goto bad_reg;
7173 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
7174 		if (r)
7175 			goto bad_reg;
7176 
7177 		rule_idx++;
7178 
7179 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
7180 			r = -EINVAL;
7181 			goto bad_reg;
7182 		}
7183 	}
7184 
7185 	/* set_regdom takes ownership of rd */
7186 	return set_regdom(rd, REGD_SOURCE_CRDA);
7187  bad_reg:
7188 	kfree(rd);
7189 	return r;
7190 }
7191 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
7192 
7193 static int validate_scan_freqs(struct nlattr *freqs)
7194 {
7195 	struct nlattr *attr1, *attr2;
7196 	int n_channels = 0, tmp1, tmp2;
7197 
7198 	nla_for_each_nested(attr1, freqs, tmp1)
7199 		if (nla_len(attr1) != sizeof(u32))
7200 			return 0;
7201 
7202 	nla_for_each_nested(attr1, freqs, tmp1) {
7203 		n_channels++;
7204 		/*
7205 		 * Some hardware has a limited channel list for
7206 		 * scanning, and it is pretty much nonsensical
7207 		 * to scan for a channel twice, so disallow that
7208 		 * and don't require drivers to check that the
7209 		 * channel list they get isn't longer than what
7210 		 * they can scan, as long as they can scan all
7211 		 * the channels they registered at once.
7212 		 */
7213 		nla_for_each_nested(attr2, freqs, tmp2)
7214 			if (attr1 != attr2 &&
7215 			    nla_get_u32(attr1) == nla_get_u32(attr2))
7216 				return 0;
7217 	}
7218 
7219 	return n_channels;
7220 }
7221 
7222 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
7223 {
7224 	return b < NUM_NL80211_BANDS && wiphy->bands[b];
7225 }
7226 
7227 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
7228 			    struct cfg80211_bss_selection *bss_select)
7229 {
7230 	struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
7231 	struct nlattr *nest;
7232 	int err;
7233 	bool found = false;
7234 	int i;
7235 
7236 	/* only process one nested attribute */
7237 	nest = nla_data(nla);
7238 	if (!nla_ok(nest, nla_len(nest)))
7239 		return -EINVAL;
7240 
7241 	err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
7242 					  nest, nl80211_bss_select_policy,
7243 					  NULL);
7244 	if (err)
7245 		return err;
7246 
7247 	/* only one attribute may be given */
7248 	for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
7249 		if (attr[i]) {
7250 			if (found)
7251 				return -EINVAL;
7252 			found = true;
7253 		}
7254 	}
7255 
7256 	bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
7257 
7258 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
7259 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
7260 
7261 	if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
7262 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
7263 		bss_select->param.band_pref =
7264 			nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
7265 		if (!is_band_valid(wiphy, bss_select->param.band_pref))
7266 			return -EINVAL;
7267 	}
7268 
7269 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
7270 		struct nl80211_bss_select_rssi_adjust *adj_param;
7271 
7272 		adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
7273 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
7274 		bss_select->param.adjust.band = adj_param->band;
7275 		bss_select->param.adjust.delta = adj_param->delta;
7276 		if (!is_band_valid(wiphy, bss_select->param.adjust.band))
7277 			return -EINVAL;
7278 	}
7279 
7280 	/* user-space did not provide behaviour attribute */
7281 	if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
7282 		return -EINVAL;
7283 
7284 	if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
7285 		return -EINVAL;
7286 
7287 	return 0;
7288 }
7289 
7290 int nl80211_parse_random_mac(struct nlattr **attrs,
7291 			     u8 *mac_addr, u8 *mac_addr_mask)
7292 {
7293 	int i;
7294 
7295 	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
7296 		eth_zero_addr(mac_addr);
7297 		eth_zero_addr(mac_addr_mask);
7298 		mac_addr[0] = 0x2;
7299 		mac_addr_mask[0] = 0x3;
7300 
7301 		return 0;
7302 	}
7303 
7304 	/* need both or none */
7305 	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
7306 		return -EINVAL;
7307 
7308 	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
7309 	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
7310 
7311 	/* don't allow or configure an mcast address */
7312 	if (!is_multicast_ether_addr(mac_addr_mask) ||
7313 	    is_multicast_ether_addr(mac_addr))
7314 		return -EINVAL;
7315 
7316 	/*
7317 	 * allow users to pass a MAC address that has bits set outside
7318 	 * of the mask, but don't bother drivers with having to deal
7319 	 * with such bits
7320 	 */
7321 	for (i = 0; i < ETH_ALEN; i++)
7322 		mac_addr[i] &= mac_addr_mask[i];
7323 
7324 	return 0;
7325 }
7326 
7327 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
7328 {
7329 	ASSERT_WDEV_LOCK(wdev);
7330 
7331 	if (!cfg80211_beaconing_iface_active(wdev))
7332 		return true;
7333 
7334 	if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
7335 		return true;
7336 
7337 	return regulatory_pre_cac_allowed(wdev->wiphy);
7338 }
7339 
7340 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
7341 				    enum nl80211_ext_feature_index feat)
7342 {
7343 	if (!(flags & flag))
7344 		return true;
7345 	if (wiphy_ext_feature_isset(wiphy, feat))
7346 		return true;
7347 	return false;
7348 }
7349 
7350 static int
7351 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
7352 			 void *request, struct nlattr **attrs,
7353 			 bool is_sched_scan)
7354 {
7355 	u8 *mac_addr, *mac_addr_mask;
7356 	u32 *flags;
7357 	enum nl80211_feature_flags randomness_flag;
7358 
7359 	if (!attrs[NL80211_ATTR_SCAN_FLAGS])
7360 		return 0;
7361 
7362 	if (is_sched_scan) {
7363 		struct cfg80211_sched_scan_request *req = request;
7364 
7365 		randomness_flag = wdev ?
7366 				  NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
7367 				  NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7368 		flags = &req->flags;
7369 		mac_addr = req->mac_addr;
7370 		mac_addr_mask = req->mac_addr_mask;
7371 	} else {
7372 		struct cfg80211_scan_request *req = request;
7373 
7374 		randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
7375 		flags = &req->flags;
7376 		mac_addr = req->mac_addr;
7377 		mac_addr_mask = req->mac_addr_mask;
7378 	}
7379 
7380 	*flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
7381 
7382 	if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7383 	     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
7384 	    !nl80211_check_scan_feat(wiphy, *flags,
7385 				     NL80211_SCAN_FLAG_LOW_SPAN,
7386 				     NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
7387 	    !nl80211_check_scan_feat(wiphy, *flags,
7388 				     NL80211_SCAN_FLAG_LOW_POWER,
7389 				     NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
7390 	    !nl80211_check_scan_feat(wiphy, *flags,
7391 				     NL80211_SCAN_FLAG_HIGH_ACCURACY,
7392 				     NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
7393 	    !nl80211_check_scan_feat(wiphy, *flags,
7394 				     NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
7395 				     NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
7396 	    !nl80211_check_scan_feat(wiphy, *flags,
7397 				     NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
7398 				     NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
7399 	    !nl80211_check_scan_feat(wiphy, *flags,
7400 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
7401 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
7402 	    !nl80211_check_scan_feat(wiphy, *flags,
7403 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
7404 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
7405 	    !nl80211_check_scan_feat(wiphy, *flags,
7406 				     NL80211_SCAN_FLAG_RANDOM_SN,
7407 				     NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
7408 	    !nl80211_check_scan_feat(wiphy, *flags,
7409 				     NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
7410 				     NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
7411 		return -EOPNOTSUPP;
7412 
7413 	if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7414 		int err;
7415 
7416 		if (!(wiphy->features & randomness_flag) ||
7417 		    (wdev && wdev->current_bss))
7418 			return -EOPNOTSUPP;
7419 
7420 		err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
7421 		if (err)
7422 			return err;
7423 	}
7424 
7425 	return 0;
7426 }
7427 
7428 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
7429 {
7430 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7431 	struct wireless_dev *wdev = info->user_ptr[1];
7432 	struct cfg80211_scan_request *request;
7433 	struct nlattr *attr;
7434 	struct wiphy *wiphy;
7435 	int err, tmp, n_ssids = 0, n_channels, i;
7436 	size_t ie_len;
7437 
7438 	wiphy = &rdev->wiphy;
7439 
7440 	if (wdev->iftype == NL80211_IFTYPE_NAN)
7441 		return -EOPNOTSUPP;
7442 
7443 	if (!rdev->ops->scan)
7444 		return -EOPNOTSUPP;
7445 
7446 	if (rdev->scan_req || rdev->scan_msg) {
7447 		err = -EBUSY;
7448 		goto unlock;
7449 	}
7450 
7451 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7452 		n_channels = validate_scan_freqs(
7453 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7454 		if (!n_channels) {
7455 			err = -EINVAL;
7456 			goto unlock;
7457 		}
7458 	} else {
7459 		n_channels = ieee80211_get_num_supported_channels(wiphy);
7460 	}
7461 
7462 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
7463 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
7464 			n_ssids++;
7465 
7466 	if (n_ssids > wiphy->max_scan_ssids) {
7467 		err = -EINVAL;
7468 		goto unlock;
7469 	}
7470 
7471 	if (info->attrs[NL80211_ATTR_IE])
7472 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7473 	else
7474 		ie_len = 0;
7475 
7476 	if (ie_len > wiphy->max_scan_ie_len) {
7477 		err = -EINVAL;
7478 		goto unlock;
7479 	}
7480 
7481 	request = kzalloc(sizeof(*request)
7482 			+ sizeof(*request->ssids) * n_ssids
7483 			+ sizeof(*request->channels) * n_channels
7484 			+ ie_len, GFP_KERNEL);
7485 	if (!request) {
7486 		err = -ENOMEM;
7487 		goto unlock;
7488 	}
7489 
7490 	if (n_ssids)
7491 		request->ssids = (void *)&request->channels[n_channels];
7492 	request->n_ssids = n_ssids;
7493 	if (ie_len) {
7494 		if (n_ssids)
7495 			request->ie = (void *)(request->ssids + n_ssids);
7496 		else
7497 			request->ie = (void *)(request->channels + n_channels);
7498 	}
7499 
7500 	i = 0;
7501 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7502 		/* user specified, bail out if channel not found */
7503 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
7504 			struct ieee80211_channel *chan;
7505 
7506 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7507 
7508 			if (!chan) {
7509 				err = -EINVAL;
7510 				goto out_free;
7511 			}
7512 
7513 			/* ignore disabled channels */
7514 			if (chan->flags & IEEE80211_CHAN_DISABLED)
7515 				continue;
7516 
7517 			request->channels[i] = chan;
7518 			i++;
7519 		}
7520 	} else {
7521 		enum nl80211_band band;
7522 
7523 		/* all channels */
7524 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
7525 			int j;
7526 
7527 			if (!wiphy->bands[band])
7528 				continue;
7529 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7530 				struct ieee80211_channel *chan;
7531 
7532 				chan = &wiphy->bands[band]->channels[j];
7533 
7534 				if (chan->flags & IEEE80211_CHAN_DISABLED)
7535 					continue;
7536 
7537 				request->channels[i] = chan;
7538 				i++;
7539 			}
7540 		}
7541 	}
7542 
7543 	if (!i) {
7544 		err = -EINVAL;
7545 		goto out_free;
7546 	}
7547 
7548 	request->n_channels = i;
7549 
7550 	wdev_lock(wdev);
7551 	if (!cfg80211_off_channel_oper_allowed(wdev)) {
7552 		struct ieee80211_channel *chan;
7553 
7554 		if (request->n_channels != 1) {
7555 			wdev_unlock(wdev);
7556 			err = -EBUSY;
7557 			goto out_free;
7558 		}
7559 
7560 		chan = request->channels[0];
7561 		if (chan->center_freq != wdev->chandef.chan->center_freq) {
7562 			wdev_unlock(wdev);
7563 			err = -EBUSY;
7564 			goto out_free;
7565 		}
7566 	}
7567 	wdev_unlock(wdev);
7568 
7569 	i = 0;
7570 	if (n_ssids) {
7571 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
7572 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7573 				err = -EINVAL;
7574 				goto out_free;
7575 			}
7576 			request->ssids[i].ssid_len = nla_len(attr);
7577 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
7578 			i++;
7579 		}
7580 	}
7581 
7582 	if (info->attrs[NL80211_ATTR_IE]) {
7583 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7584 		memcpy((void *)request->ie,
7585 		       nla_data(info->attrs[NL80211_ATTR_IE]),
7586 		       request->ie_len);
7587 	}
7588 
7589 	for (i = 0; i < NUM_NL80211_BANDS; i++)
7590 		if (wiphy->bands[i])
7591 			request->rates[i] =
7592 				(1 << wiphy->bands[i]->n_bitrates) - 1;
7593 
7594 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
7595 		nla_for_each_nested(attr,
7596 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
7597 				    tmp) {
7598 			enum nl80211_band band = nla_type(attr);
7599 
7600 			if (band < 0 || band >= NUM_NL80211_BANDS) {
7601 				err = -EINVAL;
7602 				goto out_free;
7603 			}
7604 
7605 			if (!wiphy->bands[band])
7606 				continue;
7607 
7608 			err = ieee80211_get_ratemask(wiphy->bands[band],
7609 						     nla_data(attr),
7610 						     nla_len(attr),
7611 						     &request->rates[band]);
7612 			if (err)
7613 				goto out_free;
7614 		}
7615 	}
7616 
7617 	if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
7618 		if (!wiphy_ext_feature_isset(wiphy,
7619 					NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
7620 			err = -EOPNOTSUPP;
7621 			goto out_free;
7622 		}
7623 
7624 		request->duration =
7625 			nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
7626 		request->duration_mandatory =
7627 			nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
7628 	}
7629 
7630 	err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
7631 				       false);
7632 	if (err)
7633 		goto out_free;
7634 
7635 	request->no_cck =
7636 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7637 
7638 	/* Initial implementation used NL80211_ATTR_MAC to set the specific
7639 	 * BSSID to scan for. This was problematic because that same attribute
7640 	 * was already used for another purpose (local random MAC address). The
7641 	 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
7642 	 * compatibility with older userspace components, also use the
7643 	 * NL80211_ATTR_MAC value here if it can be determined to be used for
7644 	 * the specific BSSID use case instead of the random MAC address
7645 	 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
7646 	 */
7647 	if (info->attrs[NL80211_ATTR_BSSID])
7648 		memcpy(request->bssid,
7649 		       nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
7650 	else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
7651 		 info->attrs[NL80211_ATTR_MAC])
7652 		memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
7653 		       ETH_ALEN);
7654 	else
7655 		eth_broadcast_addr(request->bssid);
7656 
7657 	request->wdev = wdev;
7658 	request->wiphy = &rdev->wiphy;
7659 	request->scan_start = jiffies;
7660 
7661 	rdev->scan_req = request;
7662 	err = rdev_scan(rdev, request);
7663 
7664 	if (!err) {
7665 		nl80211_send_scan_start(rdev, wdev);
7666 		if (wdev->netdev)
7667 			dev_hold(wdev->netdev);
7668 	} else {
7669  out_free:
7670 		rdev->scan_req = NULL;
7671 		kfree(request);
7672 	}
7673 
7674  unlock:
7675 	return err;
7676 }
7677 
7678 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
7679 {
7680 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7681 	struct wireless_dev *wdev = info->user_ptr[1];
7682 
7683 	if (!rdev->ops->abort_scan)
7684 		return -EOPNOTSUPP;
7685 
7686 	if (rdev->scan_msg)
7687 		return 0;
7688 
7689 	if (!rdev->scan_req)
7690 		return -ENOENT;
7691 
7692 	rdev_abort_scan(rdev, wdev);
7693 	return 0;
7694 }
7695 
7696 static int
7697 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
7698 			       struct cfg80211_sched_scan_request *request,
7699 			       struct nlattr **attrs)
7700 {
7701 	int tmp, err, i = 0;
7702 	struct nlattr *attr;
7703 
7704 	if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7705 		u32 interval;
7706 
7707 		/*
7708 		 * If scan plans are not specified,
7709 		 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
7710 		 * case one scan plan will be set with the specified scan
7711 		 * interval and infinite number of iterations.
7712 		 */
7713 		interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
7714 		if (!interval)
7715 			return -EINVAL;
7716 
7717 		request->scan_plans[0].interval =
7718 			DIV_ROUND_UP(interval, MSEC_PER_SEC);
7719 		if (!request->scan_plans[0].interval)
7720 			return -EINVAL;
7721 
7722 		if (request->scan_plans[0].interval >
7723 		    wiphy->max_sched_scan_plan_interval)
7724 			request->scan_plans[0].interval =
7725 				wiphy->max_sched_scan_plan_interval;
7726 
7727 		return 0;
7728 	}
7729 
7730 	nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
7731 		struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
7732 
7733 		if (WARN_ON(i >= n_plans))
7734 			return -EINVAL;
7735 
7736 		err = nla_parse_nested_deprecated(plan,
7737 						  NL80211_SCHED_SCAN_PLAN_MAX,
7738 						  attr, nl80211_plan_policy,
7739 						  NULL);
7740 		if (err)
7741 			return err;
7742 
7743 		if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
7744 			return -EINVAL;
7745 
7746 		request->scan_plans[i].interval =
7747 			nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
7748 		if (!request->scan_plans[i].interval ||
7749 		    request->scan_plans[i].interval >
7750 		    wiphy->max_sched_scan_plan_interval)
7751 			return -EINVAL;
7752 
7753 		if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
7754 			request->scan_plans[i].iterations =
7755 				nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
7756 			if (!request->scan_plans[i].iterations ||
7757 			    (request->scan_plans[i].iterations >
7758 			     wiphy->max_sched_scan_plan_iterations))
7759 				return -EINVAL;
7760 		} else if (i < n_plans - 1) {
7761 			/*
7762 			 * All scan plans but the last one must specify
7763 			 * a finite number of iterations
7764 			 */
7765 			return -EINVAL;
7766 		}
7767 
7768 		i++;
7769 	}
7770 
7771 	/*
7772 	 * The last scan plan must not specify the number of
7773 	 * iterations, it is supposed to run infinitely
7774 	 */
7775 	if (request->scan_plans[n_plans - 1].iterations)
7776 		return  -EINVAL;
7777 
7778 	return 0;
7779 }
7780 
7781 static int
7782 nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
7783 				       struct cfg80211_match_set *match_sets,
7784 				       struct nlattr *tb_band_rssi,
7785 				       s32 rssi_thold)
7786 {
7787 	struct nlattr *attr;
7788 	int i, tmp, ret = 0;
7789 
7790 	if (!wiphy_ext_feature_isset(wiphy,
7791 		    NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
7792 		if (tb_band_rssi)
7793 			ret = -EOPNOTSUPP;
7794 		else
7795 			for (i = 0; i < NUM_NL80211_BANDS; i++)
7796 				match_sets->per_band_rssi_thold[i] =
7797 					NL80211_SCAN_RSSI_THOLD_OFF;
7798 		return ret;
7799 	}
7800 
7801 	for (i = 0; i < NUM_NL80211_BANDS; i++)
7802 		match_sets->per_band_rssi_thold[i] = rssi_thold;
7803 
7804 	nla_for_each_nested(attr, tb_band_rssi, tmp) {
7805 		enum nl80211_band band = nla_type(attr);
7806 
7807 		if (band < 0 || band >= NUM_NL80211_BANDS)
7808 			return -EINVAL;
7809 
7810 		match_sets->per_band_rssi_thold[band] =	nla_get_s32(attr);
7811 	}
7812 
7813 	return 0;
7814 }
7815 
7816 static struct cfg80211_sched_scan_request *
7817 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
7818 			 struct nlattr **attrs, int max_match_sets)
7819 {
7820 	struct cfg80211_sched_scan_request *request;
7821 	struct nlattr *attr;
7822 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7823 	enum nl80211_band band;
7824 	size_t ie_len;
7825 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7826 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7827 
7828 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7829 		n_channels = validate_scan_freqs(
7830 				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7831 		if (!n_channels)
7832 			return ERR_PTR(-EINVAL);
7833 	} else {
7834 		n_channels = ieee80211_get_num_supported_channels(wiphy);
7835 	}
7836 
7837 	if (attrs[NL80211_ATTR_SCAN_SSIDS])
7838 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7839 				    tmp)
7840 			n_ssids++;
7841 
7842 	if (n_ssids > wiphy->max_sched_scan_ssids)
7843 		return ERR_PTR(-EINVAL);
7844 
7845 	/*
7846 	 * First, count the number of 'real' matchsets. Due to an issue with
7847 	 * the old implementation, matchsets containing only the RSSI attribute
7848 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
7849 	 * RSSI for all matchsets, rather than their own matchset for reporting
7850 	 * all APs with a strong RSSI. This is needed to be compatible with
7851 	 * older userspace that treated a matchset with only the RSSI as the
7852 	 * global RSSI for all other matchsets - if there are other matchsets.
7853 	 */
7854 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7855 		nla_for_each_nested(attr,
7856 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7857 				    tmp) {
7858 			struct nlattr *rssi;
7859 
7860 			err = nla_parse_nested_deprecated(tb,
7861 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7862 							  attr,
7863 							  nl80211_match_policy,
7864 							  NULL);
7865 			if (err)
7866 				return ERR_PTR(err);
7867 
7868 			/* SSID and BSSID are mutually exclusive */
7869 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7870 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7871 				return ERR_PTR(-EINVAL);
7872 
7873 			/* add other standalone attributes here */
7874 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7875 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7876 				n_match_sets++;
7877 				continue;
7878 			}
7879 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7880 			if (rssi)
7881 				default_match_rssi = nla_get_s32(rssi);
7882 		}
7883 	}
7884 
7885 	/* However, if there's no other matchset, add the RSSI one */
7886 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7887 		n_match_sets = 1;
7888 
7889 	if (n_match_sets > max_match_sets)
7890 		return ERR_PTR(-EINVAL);
7891 
7892 	if (attrs[NL80211_ATTR_IE])
7893 		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7894 	else
7895 		ie_len = 0;
7896 
7897 	if (ie_len > wiphy->max_sched_scan_ie_len)
7898 		return ERR_PTR(-EINVAL);
7899 
7900 	if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7901 		/*
7902 		 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
7903 		 * each scan plan already specifies its own interval
7904 		 */
7905 		if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7906 			return ERR_PTR(-EINVAL);
7907 
7908 		nla_for_each_nested(attr,
7909 				    attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7910 			n_plans++;
7911 	} else {
7912 		/*
7913 		 * The scan interval attribute is kept for backward
7914 		 * compatibility. If no scan plans are specified and sched scan
7915 		 * interval is specified, one scan plan will be set with this
7916 		 * scan interval and infinite number of iterations.
7917 		 */
7918 		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7919 			return ERR_PTR(-EINVAL);
7920 
7921 		n_plans = 1;
7922 	}
7923 
7924 	if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
7925 		return ERR_PTR(-EINVAL);
7926 
7927 	if (!wiphy_ext_feature_isset(
7928 		    wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
7929 	    (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
7930 	     attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
7931 		return ERR_PTR(-EINVAL);
7932 
7933 	request = kzalloc(sizeof(*request)
7934 			+ sizeof(*request->ssids) * n_ssids
7935 			+ sizeof(*request->match_sets) * n_match_sets
7936 			+ sizeof(*request->scan_plans) * n_plans
7937 			+ sizeof(*request->channels) * n_channels
7938 			+ ie_len, GFP_KERNEL);
7939 	if (!request)
7940 		return ERR_PTR(-ENOMEM);
7941 
7942 	if (n_ssids)
7943 		request->ssids = (void *)&request->channels[n_channels];
7944 	request->n_ssids = n_ssids;
7945 	if (ie_len) {
7946 		if (n_ssids)
7947 			request->ie = (void *)(request->ssids + n_ssids);
7948 		else
7949 			request->ie = (void *)(request->channels + n_channels);
7950 	}
7951 
7952 	if (n_match_sets) {
7953 		if (request->ie)
7954 			request->match_sets = (void *)(request->ie + ie_len);
7955 		else if (n_ssids)
7956 			request->match_sets =
7957 				(void *)(request->ssids + n_ssids);
7958 		else
7959 			request->match_sets =
7960 				(void *)(request->channels + n_channels);
7961 	}
7962 	request->n_match_sets = n_match_sets;
7963 
7964 	if (n_match_sets)
7965 		request->scan_plans = (void *)(request->match_sets +
7966 					       n_match_sets);
7967 	else if (request->ie)
7968 		request->scan_plans = (void *)(request->ie + ie_len);
7969 	else if (n_ssids)
7970 		request->scan_plans = (void *)(request->ssids + n_ssids);
7971 	else
7972 		request->scan_plans = (void *)(request->channels + n_channels);
7973 
7974 	request->n_scan_plans = n_plans;
7975 
7976 	i = 0;
7977 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7978 		/* user specified, bail out if channel not found */
7979 		nla_for_each_nested(attr,
7980 				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
7981 				    tmp) {
7982 			struct ieee80211_channel *chan;
7983 
7984 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7985 
7986 			if (!chan) {
7987 				err = -EINVAL;
7988 				goto out_free;
7989 			}
7990 
7991 			/* ignore disabled channels */
7992 			if (chan->flags & IEEE80211_CHAN_DISABLED)
7993 				continue;
7994 
7995 			request->channels[i] = chan;
7996 			i++;
7997 		}
7998 	} else {
7999 		/* all channels */
8000 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
8001 			int j;
8002 
8003 			if (!wiphy->bands[band])
8004 				continue;
8005 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8006 				struct ieee80211_channel *chan;
8007 
8008 				chan = &wiphy->bands[band]->channels[j];
8009 
8010 				if (chan->flags & IEEE80211_CHAN_DISABLED)
8011 					continue;
8012 
8013 				request->channels[i] = chan;
8014 				i++;
8015 			}
8016 		}
8017 	}
8018 
8019 	if (!i) {
8020 		err = -EINVAL;
8021 		goto out_free;
8022 	}
8023 
8024 	request->n_channels = i;
8025 
8026 	i = 0;
8027 	if (n_ssids) {
8028 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8029 				    tmp) {
8030 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8031 				err = -EINVAL;
8032 				goto out_free;
8033 			}
8034 			request->ssids[i].ssid_len = nla_len(attr);
8035 			memcpy(request->ssids[i].ssid, nla_data(attr),
8036 			       nla_len(attr));
8037 			i++;
8038 		}
8039 	}
8040 
8041 	i = 0;
8042 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8043 		nla_for_each_nested(attr,
8044 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8045 				    tmp) {
8046 			struct nlattr *ssid, *bssid, *rssi;
8047 
8048 			err = nla_parse_nested_deprecated(tb,
8049 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8050 							  attr,
8051 							  nl80211_match_policy,
8052 							  NULL);
8053 			if (err)
8054 				goto out_free;
8055 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
8056 			bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
8057 
8058 			if (!ssid && !bssid) {
8059 				i++;
8060 				continue;
8061 			}
8062 
8063 			if (WARN_ON(i >= n_match_sets)) {
8064 				/* this indicates a programming error,
8065 				 * the loop above should have verified
8066 				 * things properly
8067 				 */
8068 				err = -EINVAL;
8069 				goto out_free;
8070 			}
8071 
8072 			if (ssid) {
8073 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
8074 					err = -EINVAL;
8075 					goto out_free;
8076 				}
8077 				memcpy(request->match_sets[i].ssid.ssid,
8078 				       nla_data(ssid), nla_len(ssid));
8079 				request->match_sets[i].ssid.ssid_len =
8080 					nla_len(ssid);
8081 			}
8082 			if (bssid) {
8083 				if (nla_len(bssid) != ETH_ALEN) {
8084 					err = -EINVAL;
8085 					goto out_free;
8086 				}
8087 				memcpy(request->match_sets[i].bssid,
8088 				       nla_data(bssid), ETH_ALEN);
8089 			}
8090 
8091 			/* special attribute - old implementation w/a */
8092 			request->match_sets[i].rssi_thold = default_match_rssi;
8093 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8094 			if (rssi)
8095 				request->match_sets[i].rssi_thold =
8096 					nla_get_s32(rssi);
8097 
8098 			/* Parse per band RSSI attribute */
8099 			err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
8100 				&request->match_sets[i],
8101 				tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
8102 				request->match_sets[i].rssi_thold);
8103 			if (err)
8104 				goto out_free;
8105 
8106 			i++;
8107 		}
8108 
8109 		/* there was no other matchset, so the RSSI one is alone */
8110 		if (i == 0 && n_match_sets)
8111 			request->match_sets[0].rssi_thold = default_match_rssi;
8112 
8113 		request->min_rssi_thold = INT_MAX;
8114 		for (i = 0; i < n_match_sets; i++)
8115 			request->min_rssi_thold =
8116 				min(request->match_sets[i].rssi_thold,
8117 				    request->min_rssi_thold);
8118 	} else {
8119 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8120 	}
8121 
8122 	if (ie_len) {
8123 		request->ie_len = ie_len;
8124 		memcpy((void *)request->ie,
8125 		       nla_data(attrs[NL80211_ATTR_IE]),
8126 		       request->ie_len);
8127 	}
8128 
8129 	err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8130 	if (err)
8131 		goto out_free;
8132 
8133 	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8134 		request->delay =
8135 			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8136 
8137 	if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8138 		request->relative_rssi = nla_get_s8(
8139 			attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8140 		request->relative_rssi_set = true;
8141 	}
8142 
8143 	if (request->relative_rssi_set &&
8144 	    attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8145 		struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8146 
8147 		rssi_adjust = nla_data(
8148 			attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8149 		request->rssi_adjust.band = rssi_adjust->band;
8150 		request->rssi_adjust.delta = rssi_adjust->delta;
8151 		if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8152 			err = -EINVAL;
8153 			goto out_free;
8154 		}
8155 	}
8156 
8157 	err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8158 	if (err)
8159 		goto out_free;
8160 
8161 	request->scan_start = jiffies;
8162 
8163 	return request;
8164 
8165 out_free:
8166 	kfree(request);
8167 	return ERR_PTR(err);
8168 }
8169 
8170 static int nl80211_start_sched_scan(struct sk_buff *skb,
8171 				    struct genl_info *info)
8172 {
8173 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8174 	struct net_device *dev = info->user_ptr[1];
8175 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8176 	struct cfg80211_sched_scan_request *sched_scan_req;
8177 	bool want_multi;
8178 	int err;
8179 
8180 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8181 		return -EOPNOTSUPP;
8182 
8183 	want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
8184 	err = cfg80211_sched_scan_req_possible(rdev, want_multi);
8185 	if (err)
8186 		return err;
8187 
8188 	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
8189 						  info->attrs,
8190 						  rdev->wiphy.max_match_sets);
8191 
8192 	err = PTR_ERR_OR_ZERO(sched_scan_req);
8193 	if (err)
8194 		goto out_err;
8195 
8196 	/* leave request id zero for legacy request
8197 	 * or if driver does not support multi-scheduled scan
8198 	 */
8199 	if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
8200 		while (!sched_scan_req->reqid)
8201 			sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
8202 	}
8203 
8204 	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
8205 	if (err)
8206 		goto out_free;
8207 
8208 	sched_scan_req->dev = dev;
8209 	sched_scan_req->wiphy = &rdev->wiphy;
8210 
8211 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
8212 		sched_scan_req->owner_nlportid = info->snd_portid;
8213 
8214 	cfg80211_add_sched_scan_req(rdev, sched_scan_req);
8215 
8216 	nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
8217 	return 0;
8218 
8219 out_free:
8220 	kfree(sched_scan_req);
8221 out_err:
8222 	return err;
8223 }
8224 
8225 static int nl80211_stop_sched_scan(struct sk_buff *skb,
8226 				   struct genl_info *info)
8227 {
8228 	struct cfg80211_sched_scan_request *req;
8229 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8230 	u64 cookie;
8231 
8232 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
8233 		return -EOPNOTSUPP;
8234 
8235 	if (info->attrs[NL80211_ATTR_COOKIE]) {
8236 		cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8237 		return __cfg80211_stop_sched_scan(rdev, cookie, false);
8238 	}
8239 
8240 	req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
8241 				     struct cfg80211_sched_scan_request,
8242 				     list);
8243 	if (!req || req->reqid ||
8244 	    (req->owner_nlportid &&
8245 	     req->owner_nlportid != info->snd_portid))
8246 		return -ENOENT;
8247 
8248 	return cfg80211_stop_sched_scan_req(rdev, req, false);
8249 }
8250 
8251 static int nl80211_start_radar_detection(struct sk_buff *skb,
8252 					 struct genl_info *info)
8253 {
8254 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8255 	struct net_device *dev = info->user_ptr[1];
8256 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8257 	struct wiphy *wiphy = wdev->wiphy;
8258 	struct cfg80211_chan_def chandef;
8259 	enum nl80211_dfs_regions dfs_region;
8260 	unsigned int cac_time_ms;
8261 	int err;
8262 
8263 	dfs_region = reg_get_dfs_region(wiphy);
8264 	if (dfs_region == NL80211_DFS_UNSET)
8265 		return -EINVAL;
8266 
8267 	err = nl80211_parse_chandef(rdev, info, &chandef);
8268 	if (err)
8269 		return err;
8270 
8271 	if (netif_carrier_ok(dev))
8272 		return -EBUSY;
8273 
8274 	if (wdev->cac_started)
8275 		return -EBUSY;
8276 
8277 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8278 	if (err < 0)
8279 		return err;
8280 
8281 	if (err == 0)
8282 		return -EINVAL;
8283 
8284 	if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
8285 		return -EINVAL;
8286 
8287 	/* CAC start is offloaded to HW and can't be started manually */
8288 	if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
8289 		return -EOPNOTSUPP;
8290 
8291 	if (!rdev->ops->start_radar_detection)
8292 		return -EOPNOTSUPP;
8293 
8294 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
8295 	if (WARN_ON(!cac_time_ms))
8296 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
8297 
8298 	err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
8299 	if (!err) {
8300 		wdev->chandef = chandef;
8301 		wdev->cac_started = true;
8302 		wdev->cac_start_time = jiffies;
8303 		wdev->cac_time_ms = cac_time_ms;
8304 	}
8305 	return err;
8306 }
8307 
8308 static int nl80211_notify_radar_detection(struct sk_buff *skb,
8309 					  struct genl_info *info)
8310 {
8311 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8312 	struct net_device *dev = info->user_ptr[1];
8313 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8314 	struct wiphy *wiphy = wdev->wiphy;
8315 	struct cfg80211_chan_def chandef;
8316 	enum nl80211_dfs_regions dfs_region;
8317 	int err;
8318 
8319 	dfs_region = reg_get_dfs_region(wiphy);
8320 	if (dfs_region == NL80211_DFS_UNSET) {
8321 		GENL_SET_ERR_MSG(info,
8322 				 "DFS Region is not set. Unexpected Radar indication");
8323 		return -EINVAL;
8324 	}
8325 
8326 	err = nl80211_parse_chandef(rdev, info, &chandef);
8327 	if (err) {
8328 		GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
8329 		return err;
8330 	}
8331 
8332 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8333 	if (err < 0) {
8334 		GENL_SET_ERR_MSG(info, "chandef is invalid");
8335 		return err;
8336 	}
8337 
8338 	if (err == 0) {
8339 		GENL_SET_ERR_MSG(info,
8340 				 "Unexpected Radar indication for chandef/iftype");
8341 		return -EINVAL;
8342 	}
8343 
8344 	/* Do not process this notification if radar is already detected
8345 	 * by kernel on this channel, and return success.
8346 	 */
8347 	if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
8348 		return 0;
8349 
8350 	cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
8351 
8352 	cfg80211_sched_dfs_chan_update(rdev);
8353 
8354 	rdev->radar_chandef = chandef;
8355 
8356 	/* Propagate this notification to other radios as well */
8357 	queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
8358 
8359 	return 0;
8360 }
8361 
8362 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
8363 {
8364 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8365 	struct net_device *dev = info->user_ptr[1];
8366 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8367 	struct cfg80211_csa_settings params;
8368 	/* csa_attrs is defined static to avoid waste of stack size - this
8369 	 * function is called under RTNL lock, so this should not be a problem.
8370 	 */
8371 	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
8372 	int err;
8373 	bool need_new_beacon = false;
8374 	bool need_handle_dfs_flag = true;
8375 	int len, i;
8376 	u32 cs_count;
8377 
8378 	if (!rdev->ops->channel_switch ||
8379 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
8380 		return -EOPNOTSUPP;
8381 
8382 	switch (dev->ieee80211_ptr->iftype) {
8383 	case NL80211_IFTYPE_AP:
8384 	case NL80211_IFTYPE_P2P_GO:
8385 		need_new_beacon = true;
8386 		/* For all modes except AP the handle_dfs flag needs to be
8387 		 * supplied to tell the kernel that userspace will handle radar
8388 		 * events when they happen. Otherwise a switch to a channel
8389 		 * requiring DFS will be rejected.
8390 		 */
8391 		need_handle_dfs_flag = false;
8392 
8393 		/* useless if AP is not running */
8394 		if (!wdev->beacon_interval)
8395 			return -ENOTCONN;
8396 		break;
8397 	case NL80211_IFTYPE_ADHOC:
8398 		if (!wdev->ssid_len)
8399 			return -ENOTCONN;
8400 		break;
8401 	case NL80211_IFTYPE_MESH_POINT:
8402 		if (!wdev->mesh_id_len)
8403 			return -ENOTCONN;
8404 		break;
8405 	default:
8406 		return -EOPNOTSUPP;
8407 	}
8408 
8409 	memset(&params, 0, sizeof(params));
8410 	params.beacon_csa.ftm_responder = -1;
8411 
8412 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8413 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
8414 		return -EINVAL;
8415 
8416 	/* only important for AP, IBSS and mesh create IEs internally */
8417 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
8418 		return -EINVAL;
8419 
8420 	/* Even though the attribute is u32, the specification says
8421 	 * u8, so let's make sure we don't overflow.
8422 	 */
8423 	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
8424 	if (cs_count > 255)
8425 		return -EINVAL;
8426 
8427 	params.count = cs_count;
8428 
8429 	if (!need_new_beacon)
8430 		goto skip_beacons;
8431 
8432 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after);
8433 	if (err)
8434 		return err;
8435 
8436 	err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
8437 					  info->attrs[NL80211_ATTR_CSA_IES],
8438 					  nl80211_policy, info->extack);
8439 	if (err)
8440 		return err;
8441 
8442 	err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa);
8443 	if (err)
8444 		return err;
8445 
8446 	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
8447 		return -EINVAL;
8448 
8449 	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8450 	if (!len || (len % sizeof(u16)))
8451 		return -EINVAL;
8452 
8453 	params.n_counter_offsets_beacon = len / sizeof(u16);
8454 	if (rdev->wiphy.max_num_csa_counters &&
8455 	    (params.n_counter_offsets_beacon >
8456 	     rdev->wiphy.max_num_csa_counters))
8457 		return -EINVAL;
8458 
8459 	params.counter_offsets_beacon =
8460 		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8461 
8462 	/* sanity checks - counters should fit and be the same */
8463 	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
8464 		u16 offset = params.counter_offsets_beacon[i];
8465 
8466 		if (offset >= params.beacon_csa.tail_len)
8467 			return -EINVAL;
8468 
8469 		if (params.beacon_csa.tail[offset] != params.count)
8470 			return -EINVAL;
8471 	}
8472 
8473 	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
8474 		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8475 		if (!len || (len % sizeof(u16)))
8476 			return -EINVAL;
8477 
8478 		params.n_counter_offsets_presp = len / sizeof(u16);
8479 		if (rdev->wiphy.max_num_csa_counters &&
8480 		    (params.n_counter_offsets_presp >
8481 		     rdev->wiphy.max_num_csa_counters))
8482 			return -EINVAL;
8483 
8484 		params.counter_offsets_presp =
8485 			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8486 
8487 		/* sanity checks - counters should fit and be the same */
8488 		for (i = 0; i < params.n_counter_offsets_presp; i++) {
8489 			u16 offset = params.counter_offsets_presp[i];
8490 
8491 			if (offset >= params.beacon_csa.probe_resp_len)
8492 				return -EINVAL;
8493 
8494 			if (params.beacon_csa.probe_resp[offset] !=
8495 			    params.count)
8496 				return -EINVAL;
8497 		}
8498 	}
8499 
8500 skip_beacons:
8501 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
8502 	if (err)
8503 		return err;
8504 
8505 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
8506 					   wdev->iftype))
8507 		return -EINVAL;
8508 
8509 	err = cfg80211_chandef_dfs_required(wdev->wiphy,
8510 					    &params.chandef,
8511 					    wdev->iftype);
8512 	if (err < 0)
8513 		return err;
8514 
8515 	if (err > 0) {
8516 		params.radar_required = true;
8517 		if (need_handle_dfs_flag &&
8518 		    !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
8519 			return -EINVAL;
8520 		}
8521 	}
8522 
8523 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
8524 		params.block_tx = true;
8525 
8526 	wdev_lock(wdev);
8527 	err = rdev_channel_switch(rdev, dev, &params);
8528 	wdev_unlock(wdev);
8529 
8530 	return err;
8531 }
8532 
8533 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
8534 			    u32 seq, int flags,
8535 			    struct cfg80211_registered_device *rdev,
8536 			    struct wireless_dev *wdev,
8537 			    struct cfg80211_internal_bss *intbss)
8538 {
8539 	struct cfg80211_bss *res = &intbss->pub;
8540 	const struct cfg80211_bss_ies *ies;
8541 	void *hdr;
8542 	struct nlattr *bss;
8543 
8544 	ASSERT_WDEV_LOCK(wdev);
8545 
8546 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8547 			     NL80211_CMD_NEW_SCAN_RESULTS);
8548 	if (!hdr)
8549 		return -1;
8550 
8551 	genl_dump_check_consistent(cb, hdr);
8552 
8553 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
8554 		goto nla_put_failure;
8555 	if (wdev->netdev &&
8556 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
8557 		goto nla_put_failure;
8558 	if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
8559 			      NL80211_ATTR_PAD))
8560 		goto nla_put_failure;
8561 
8562 	bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
8563 	if (!bss)
8564 		goto nla_put_failure;
8565 	if ((!is_zero_ether_addr(res->bssid) &&
8566 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
8567 		goto nla_put_failure;
8568 
8569 	rcu_read_lock();
8570 	/* indicate whether we have probe response data or not */
8571 	if (rcu_access_pointer(res->proberesp_ies) &&
8572 	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
8573 		goto fail_unlock_rcu;
8574 
8575 	/* this pointer prefers to be pointed to probe response data
8576 	 * but is always valid
8577 	 */
8578 	ies = rcu_dereference(res->ies);
8579 	if (ies) {
8580 		if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
8581 				      NL80211_BSS_PAD))
8582 			goto fail_unlock_rcu;
8583 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
8584 					ies->len, ies->data))
8585 			goto fail_unlock_rcu;
8586 	}
8587 
8588 	/* and this pointer is always (unless driver didn't know) beacon data */
8589 	ies = rcu_dereference(res->beacon_ies);
8590 	if (ies && ies->from_beacon) {
8591 		if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
8592 				      NL80211_BSS_PAD))
8593 			goto fail_unlock_rcu;
8594 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
8595 					ies->len, ies->data))
8596 			goto fail_unlock_rcu;
8597 	}
8598 	rcu_read_unlock();
8599 
8600 	if (res->beacon_interval &&
8601 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
8602 		goto nla_put_failure;
8603 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
8604 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
8605 	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
8606 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
8607 			jiffies_to_msecs(jiffies - intbss->ts)))
8608 		goto nla_put_failure;
8609 
8610 	if (intbss->parent_tsf &&
8611 	    (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
8612 			       intbss->parent_tsf, NL80211_BSS_PAD) ||
8613 	     nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
8614 		     intbss->parent_bssid)))
8615 		goto nla_put_failure;
8616 
8617 	if (intbss->ts_boottime &&
8618 	    nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
8619 			      intbss->ts_boottime, NL80211_BSS_PAD))
8620 		goto nla_put_failure;
8621 
8622 	if (!nl80211_put_signal(msg, intbss->pub.chains,
8623 				intbss->pub.chain_signal,
8624 				NL80211_BSS_CHAIN_SIGNAL))
8625 		goto nla_put_failure;
8626 
8627 	switch (rdev->wiphy.signal_type) {
8628 	case CFG80211_SIGNAL_TYPE_MBM:
8629 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
8630 			goto nla_put_failure;
8631 		break;
8632 	case CFG80211_SIGNAL_TYPE_UNSPEC:
8633 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
8634 			goto nla_put_failure;
8635 		break;
8636 	default:
8637 		break;
8638 	}
8639 
8640 	switch (wdev->iftype) {
8641 	case NL80211_IFTYPE_P2P_CLIENT:
8642 	case NL80211_IFTYPE_STATION:
8643 		if (intbss == wdev->current_bss &&
8644 		    nla_put_u32(msg, NL80211_BSS_STATUS,
8645 				NL80211_BSS_STATUS_ASSOCIATED))
8646 			goto nla_put_failure;
8647 		break;
8648 	case NL80211_IFTYPE_ADHOC:
8649 		if (intbss == wdev->current_bss &&
8650 		    nla_put_u32(msg, NL80211_BSS_STATUS,
8651 				NL80211_BSS_STATUS_IBSS_JOINED))
8652 			goto nla_put_failure;
8653 		break;
8654 	default:
8655 		break;
8656 	}
8657 
8658 	nla_nest_end(msg, bss);
8659 
8660 	genlmsg_end(msg, hdr);
8661 	return 0;
8662 
8663  fail_unlock_rcu:
8664 	rcu_read_unlock();
8665  nla_put_failure:
8666 	genlmsg_cancel(msg, hdr);
8667 	return -EMSGSIZE;
8668 }
8669 
8670 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
8671 {
8672 	struct cfg80211_registered_device *rdev;
8673 	struct cfg80211_internal_bss *scan;
8674 	struct wireless_dev *wdev;
8675 	int start = cb->args[2], idx = 0;
8676 	int err;
8677 
8678 	rtnl_lock();
8679 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8680 	if (err) {
8681 		rtnl_unlock();
8682 		return err;
8683 	}
8684 
8685 	wdev_lock(wdev);
8686 	spin_lock_bh(&rdev->bss_lock);
8687 
8688 	/*
8689 	 * dump_scan will be called multiple times to break up the scan results
8690 	 * into multiple messages.  It is unlikely that any more bss-es will be
8691 	 * expired after the first call, so only call only call this on the
8692 	 * first dump_scan invocation.
8693 	 */
8694 	if (start == 0)
8695 		cfg80211_bss_expire(rdev);
8696 
8697 	cb->seq = rdev->bss_generation;
8698 
8699 	list_for_each_entry(scan, &rdev->bss_list, list) {
8700 		if (++idx <= start)
8701 			continue;
8702 		if (nl80211_send_bss(skb, cb,
8703 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
8704 				rdev, wdev, scan) < 0) {
8705 			idx--;
8706 			break;
8707 		}
8708 	}
8709 
8710 	spin_unlock_bh(&rdev->bss_lock);
8711 	wdev_unlock(wdev);
8712 
8713 	cb->args[2] = idx;
8714 	rtnl_unlock();
8715 
8716 	return skb->len;
8717 }
8718 
8719 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
8720 			       int flags, struct net_device *dev,
8721 			       bool allow_radio_stats,
8722 			       struct survey_info *survey)
8723 {
8724 	void *hdr;
8725 	struct nlattr *infoattr;
8726 
8727 	/* skip radio stats if userspace didn't request them */
8728 	if (!survey->channel && !allow_radio_stats)
8729 		return 0;
8730 
8731 	hdr = nl80211hdr_put(msg, portid, seq, flags,
8732 			     NL80211_CMD_NEW_SURVEY_RESULTS);
8733 	if (!hdr)
8734 		return -ENOMEM;
8735 
8736 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
8737 		goto nla_put_failure;
8738 
8739 	infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
8740 	if (!infoattr)
8741 		goto nla_put_failure;
8742 
8743 	if (survey->channel &&
8744 	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
8745 			survey->channel->center_freq))
8746 		goto nla_put_failure;
8747 
8748 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
8749 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
8750 		goto nla_put_failure;
8751 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
8752 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
8753 		goto nla_put_failure;
8754 	if ((survey->filled & SURVEY_INFO_TIME) &&
8755 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
8756 			survey->time, NL80211_SURVEY_INFO_PAD))
8757 		goto nla_put_failure;
8758 	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
8759 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
8760 			      survey->time_busy, NL80211_SURVEY_INFO_PAD))
8761 		goto nla_put_failure;
8762 	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
8763 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
8764 			      survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
8765 		goto nla_put_failure;
8766 	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
8767 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
8768 			      survey->time_rx, NL80211_SURVEY_INFO_PAD))
8769 		goto nla_put_failure;
8770 	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
8771 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
8772 			      survey->time_tx, NL80211_SURVEY_INFO_PAD))
8773 		goto nla_put_failure;
8774 	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
8775 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
8776 			      survey->time_scan, NL80211_SURVEY_INFO_PAD))
8777 		goto nla_put_failure;
8778 
8779 	nla_nest_end(msg, infoattr);
8780 
8781 	genlmsg_end(msg, hdr);
8782 	return 0;
8783 
8784  nla_put_failure:
8785 	genlmsg_cancel(msg, hdr);
8786 	return -EMSGSIZE;
8787 }
8788 
8789 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
8790 {
8791 	struct nlattr **attrbuf;
8792 	struct survey_info survey;
8793 	struct cfg80211_registered_device *rdev;
8794 	struct wireless_dev *wdev;
8795 	int survey_idx = cb->args[2];
8796 	int res;
8797 	bool radio_stats;
8798 
8799 	attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
8800 	if (!attrbuf)
8801 		return -ENOMEM;
8802 
8803 	rtnl_lock();
8804 	res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8805 	if (res)
8806 		goto out_err;
8807 
8808 	/* prepare_wdev_dump parsed the attributes */
8809 	radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
8810 
8811 	if (!wdev->netdev) {
8812 		res = -EINVAL;
8813 		goto out_err;
8814 	}
8815 
8816 	if (!rdev->ops->dump_survey) {
8817 		res = -EOPNOTSUPP;
8818 		goto out_err;
8819 	}
8820 
8821 	while (1) {
8822 		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
8823 		if (res == -ENOENT)
8824 			break;
8825 		if (res)
8826 			goto out_err;
8827 
8828 		/* don't send disabled channels, but do send non-channel data */
8829 		if (survey.channel &&
8830 		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
8831 			survey_idx++;
8832 			continue;
8833 		}
8834 
8835 		if (nl80211_send_survey(skb,
8836 				NETLINK_CB(cb->skb).portid,
8837 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
8838 				wdev->netdev, radio_stats, &survey) < 0)
8839 			goto out;
8840 		survey_idx++;
8841 	}
8842 
8843  out:
8844 	cb->args[2] = survey_idx;
8845 	res = skb->len;
8846  out_err:
8847 	kfree(attrbuf);
8848 	rtnl_unlock();
8849 	return res;
8850 }
8851 
8852 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
8853 {
8854 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
8855 				  NL80211_WPA_VERSION_2 |
8856 				  NL80211_WPA_VERSION_3));
8857 }
8858 
8859 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
8860 {
8861 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8862 	struct net_device *dev = info->user_ptr[1];
8863 	struct ieee80211_channel *chan;
8864 	const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
8865 	int err, ssid_len, ie_len = 0, auth_data_len = 0;
8866 	enum nl80211_auth_type auth_type;
8867 	struct key_parse key;
8868 	bool local_state_change;
8869 
8870 	if (!info->attrs[NL80211_ATTR_MAC])
8871 		return -EINVAL;
8872 
8873 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
8874 		return -EINVAL;
8875 
8876 	if (!info->attrs[NL80211_ATTR_SSID])
8877 		return -EINVAL;
8878 
8879 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8880 		return -EINVAL;
8881 
8882 	err = nl80211_parse_key(info, &key);
8883 	if (err)
8884 		return err;
8885 
8886 	if (key.idx >= 0) {
8887 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8888 			return -EINVAL;
8889 		if (!key.p.key || !key.p.key_len)
8890 			return -EINVAL;
8891 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8892 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8893 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8894 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
8895 			return -EINVAL;
8896 		if (key.idx > 3)
8897 			return -EINVAL;
8898 	} else {
8899 		key.p.key_len = 0;
8900 		key.p.key = NULL;
8901 	}
8902 
8903 	if (key.idx >= 0) {
8904 		int i;
8905 		bool ok = false;
8906 
8907 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8908 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8909 				ok = true;
8910 				break;
8911 			}
8912 		}
8913 		if (!ok)
8914 			return -EINVAL;
8915 	}
8916 
8917 	if (!rdev->ops->auth)
8918 		return -EOPNOTSUPP;
8919 
8920 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8921 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8922 		return -EOPNOTSUPP;
8923 
8924 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8925 	chan = nl80211_get_valid_chan(&rdev->wiphy,
8926 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8927 	if (!chan)
8928 		return -EINVAL;
8929 
8930 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8931 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8932 
8933 	if (info->attrs[NL80211_ATTR_IE]) {
8934 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8935 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8936 	}
8937 
8938 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8939 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
8940 		return -EINVAL;
8941 
8942 	if ((auth_type == NL80211_AUTHTYPE_SAE ||
8943 	     auth_type == NL80211_AUTHTYPE_FILS_SK ||
8944 	     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
8945 	     auth_type == NL80211_AUTHTYPE_FILS_PK) &&
8946 	    !info->attrs[NL80211_ATTR_AUTH_DATA])
8947 		return -EINVAL;
8948 
8949 	if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
8950 		if (auth_type != NL80211_AUTHTYPE_SAE &&
8951 		    auth_type != NL80211_AUTHTYPE_FILS_SK &&
8952 		    auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
8953 		    auth_type != NL80211_AUTHTYPE_FILS_PK)
8954 			return -EINVAL;
8955 		auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
8956 		auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
8957 		/* need to include at least Auth Transaction and Status Code */
8958 		if (auth_data_len < 4)
8959 			return -EINVAL;
8960 	}
8961 
8962 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8963 
8964 	/*
8965 	 * Since we no longer track auth state, ignore
8966 	 * requests to only change local state.
8967 	 */
8968 	if (local_state_change)
8969 		return 0;
8970 
8971 	wdev_lock(dev->ieee80211_ptr);
8972 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
8973 				 ssid, ssid_len, ie, ie_len,
8974 				 key.p.key, key.p.key_len, key.idx,
8975 				 auth_data, auth_data_len);
8976 	wdev_unlock(dev->ieee80211_ptr);
8977 	return err;
8978 }
8979 
8980 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
8981 				     struct genl_info *info)
8982 {
8983 	if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8984 		GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
8985 		return -EINVAL;
8986 	}
8987 
8988 	if (!rdev->ops->tx_control_port ||
8989 	    !wiphy_ext_feature_isset(&rdev->wiphy,
8990 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
8991 		return -EOPNOTSUPP;
8992 
8993 	return 0;
8994 }
8995 
8996 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
8997 				   struct genl_info *info,
8998 				   struct cfg80211_crypto_settings *settings,
8999 				   int cipher_limit)
9000 {
9001 	memset(settings, 0, sizeof(*settings));
9002 
9003 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
9004 
9005 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
9006 		u16 proto;
9007 
9008 		proto = nla_get_u16(
9009 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
9010 		settings->control_port_ethertype = cpu_to_be16(proto);
9011 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
9012 		    proto != ETH_P_PAE)
9013 			return -EINVAL;
9014 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
9015 			settings->control_port_no_encrypt = true;
9016 	} else
9017 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
9018 
9019 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9020 		int r = validate_pae_over_nl80211(rdev, info);
9021 
9022 		if (r < 0)
9023 			return r;
9024 
9025 		settings->control_port_over_nl80211 = true;
9026 	}
9027 
9028 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
9029 		void *data;
9030 		int len, i;
9031 
9032 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9033 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9034 		settings->n_ciphers_pairwise = len / sizeof(u32);
9035 
9036 		if (len % sizeof(u32))
9037 			return -EINVAL;
9038 
9039 		if (settings->n_ciphers_pairwise > cipher_limit)
9040 			return -EINVAL;
9041 
9042 		memcpy(settings->ciphers_pairwise, data, len);
9043 
9044 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
9045 			if (!cfg80211_supported_cipher_suite(
9046 					&rdev->wiphy,
9047 					settings->ciphers_pairwise[i]))
9048 				return -EINVAL;
9049 	}
9050 
9051 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
9052 		settings->cipher_group =
9053 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
9054 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
9055 						     settings->cipher_group))
9056 			return -EINVAL;
9057 	}
9058 
9059 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
9060 		settings->wpa_versions =
9061 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
9062 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
9063 			return -EINVAL;
9064 	}
9065 
9066 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
9067 		void *data;
9068 		int len;
9069 
9070 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
9071 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
9072 		settings->n_akm_suites = len / sizeof(u32);
9073 
9074 		if (len % sizeof(u32))
9075 			return -EINVAL;
9076 
9077 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
9078 			return -EINVAL;
9079 
9080 		memcpy(settings->akm_suites, data, len);
9081 	}
9082 
9083 	if (info->attrs[NL80211_ATTR_PMK]) {
9084 		if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
9085 			return -EINVAL;
9086 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9087 					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
9088 			return -EINVAL;
9089 		settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9090 	}
9091 
9092 	if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
9093 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9094 					     NL80211_EXT_FEATURE_SAE_OFFLOAD))
9095 			return -EINVAL;
9096 		settings->sae_pwd =
9097 			nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9098 		settings->sae_pwd_len =
9099 			nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9100 	}
9101 
9102 	return 0;
9103 }
9104 
9105 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
9106 {
9107 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9108 	struct net_device *dev = info->user_ptr[1];
9109 	struct ieee80211_channel *chan;
9110 	struct cfg80211_assoc_request req = {};
9111 	const u8 *bssid, *ssid;
9112 	int err, ssid_len = 0;
9113 
9114 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9115 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9116 		return -EPERM;
9117 
9118 	if (!info->attrs[NL80211_ATTR_MAC] ||
9119 	    !info->attrs[NL80211_ATTR_SSID] ||
9120 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9121 		return -EINVAL;
9122 
9123 	if (!rdev->ops->assoc)
9124 		return -EOPNOTSUPP;
9125 
9126 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9127 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9128 		return -EOPNOTSUPP;
9129 
9130 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9131 
9132 	chan = nl80211_get_valid_chan(&rdev->wiphy,
9133 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9134 	if (!chan)
9135 		return -EINVAL;
9136 
9137 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9138 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9139 
9140 	if (info->attrs[NL80211_ATTR_IE]) {
9141 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9142 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9143 	}
9144 
9145 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
9146 		enum nl80211_mfp mfp =
9147 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9148 		if (mfp == NL80211_MFP_REQUIRED)
9149 			req.use_mfp = true;
9150 		else if (mfp != NL80211_MFP_NO)
9151 			return -EINVAL;
9152 	}
9153 
9154 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
9155 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9156 
9157 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9158 		req.flags |= ASSOC_REQ_DISABLE_HT;
9159 
9160 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9161 		memcpy(&req.ht_capa_mask,
9162 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9163 		       sizeof(req.ht_capa_mask));
9164 
9165 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9166 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9167 			return -EINVAL;
9168 		memcpy(&req.ht_capa,
9169 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9170 		       sizeof(req.ht_capa));
9171 	}
9172 
9173 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9174 		req.flags |= ASSOC_REQ_DISABLE_VHT;
9175 
9176 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9177 		memcpy(&req.vht_capa_mask,
9178 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9179 		       sizeof(req.vht_capa_mask));
9180 
9181 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9182 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9183 			return -EINVAL;
9184 		memcpy(&req.vht_capa,
9185 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9186 		       sizeof(req.vht_capa));
9187 	}
9188 
9189 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9190 		if (!((rdev->wiphy.features &
9191 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9192 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9193 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9194 					     NL80211_EXT_FEATURE_RRM))
9195 			return -EINVAL;
9196 		req.flags |= ASSOC_REQ_USE_RRM;
9197 	}
9198 
9199 	if (info->attrs[NL80211_ATTR_FILS_KEK]) {
9200 		req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
9201 		req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
9202 		if (!info->attrs[NL80211_ATTR_FILS_NONCES])
9203 			return -EINVAL;
9204 		req.fils_nonces =
9205 			nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
9206 	}
9207 
9208 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
9209 	if (!err) {
9210 		wdev_lock(dev->ieee80211_ptr);
9211 
9212 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
9213 					  ssid, ssid_len, &req);
9214 
9215 		if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9216 			dev->ieee80211_ptr->conn_owner_nlportid =
9217 				info->snd_portid;
9218 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
9219 			       bssid, ETH_ALEN);
9220 		}
9221 
9222 		wdev_unlock(dev->ieee80211_ptr);
9223 	}
9224 
9225 	return err;
9226 }
9227 
9228 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
9229 {
9230 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9231 	struct net_device *dev = info->user_ptr[1];
9232 	const u8 *ie = NULL, *bssid;
9233 	int ie_len = 0, err;
9234 	u16 reason_code;
9235 	bool local_state_change;
9236 
9237 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9238 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9239 		return -EPERM;
9240 
9241 	if (!info->attrs[NL80211_ATTR_MAC])
9242 		return -EINVAL;
9243 
9244 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
9245 		return -EINVAL;
9246 
9247 	if (!rdev->ops->deauth)
9248 		return -EOPNOTSUPP;
9249 
9250 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9251 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9252 		return -EOPNOTSUPP;
9253 
9254 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9255 
9256 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9257 	if (reason_code == 0) {
9258 		/* Reason Code 0 is reserved */
9259 		return -EINVAL;
9260 	}
9261 
9262 	if (info->attrs[NL80211_ATTR_IE]) {
9263 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9264 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9265 	}
9266 
9267 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9268 
9269 	wdev_lock(dev->ieee80211_ptr);
9270 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
9271 				   local_state_change);
9272 	wdev_unlock(dev->ieee80211_ptr);
9273 	return err;
9274 }
9275 
9276 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
9277 {
9278 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9279 	struct net_device *dev = info->user_ptr[1];
9280 	const u8 *ie = NULL, *bssid;
9281 	int ie_len = 0, err;
9282 	u16 reason_code;
9283 	bool local_state_change;
9284 
9285 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9286 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9287 		return -EPERM;
9288 
9289 	if (!info->attrs[NL80211_ATTR_MAC])
9290 		return -EINVAL;
9291 
9292 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
9293 		return -EINVAL;
9294 
9295 	if (!rdev->ops->disassoc)
9296 		return -EOPNOTSUPP;
9297 
9298 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9299 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9300 		return -EOPNOTSUPP;
9301 
9302 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9303 
9304 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9305 	if (reason_code == 0) {
9306 		/* Reason Code 0 is reserved */
9307 		return -EINVAL;
9308 	}
9309 
9310 	if (info->attrs[NL80211_ATTR_IE]) {
9311 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9312 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9313 	}
9314 
9315 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9316 
9317 	wdev_lock(dev->ieee80211_ptr);
9318 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
9319 				     local_state_change);
9320 	wdev_unlock(dev->ieee80211_ptr);
9321 	return err;
9322 }
9323 
9324 static bool
9325 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
9326 			 int mcast_rate[NUM_NL80211_BANDS],
9327 			 int rateval)
9328 {
9329 	struct wiphy *wiphy = &rdev->wiphy;
9330 	bool found = false;
9331 	int band, i;
9332 
9333 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
9334 		struct ieee80211_supported_band *sband;
9335 
9336 		sband = wiphy->bands[band];
9337 		if (!sband)
9338 			continue;
9339 
9340 		for (i = 0; i < sband->n_bitrates; i++) {
9341 			if (sband->bitrates[i].bitrate == rateval) {
9342 				mcast_rate[band] = i + 1;
9343 				found = true;
9344 				break;
9345 			}
9346 		}
9347 	}
9348 
9349 	return found;
9350 }
9351 
9352 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
9353 {
9354 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9355 	struct net_device *dev = info->user_ptr[1];
9356 	struct cfg80211_ibss_params ibss;
9357 	struct wiphy *wiphy;
9358 	struct cfg80211_cached_keys *connkeys = NULL;
9359 	int err;
9360 
9361 	memset(&ibss, 0, sizeof(ibss));
9362 
9363 	if (!info->attrs[NL80211_ATTR_SSID] ||
9364 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
9365 		return -EINVAL;
9366 
9367 	ibss.beacon_interval = 100;
9368 
9369 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
9370 		ibss.beacon_interval =
9371 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9372 
9373 	err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
9374 					   ibss.beacon_interval);
9375 	if (err)
9376 		return err;
9377 
9378 	if (!rdev->ops->join_ibss)
9379 		return -EOPNOTSUPP;
9380 
9381 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9382 		return -EOPNOTSUPP;
9383 
9384 	wiphy = &rdev->wiphy;
9385 
9386 	if (info->attrs[NL80211_ATTR_MAC]) {
9387 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9388 
9389 		if (!is_valid_ether_addr(ibss.bssid))
9390 			return -EINVAL;
9391 	}
9392 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9393 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9394 
9395 	if (info->attrs[NL80211_ATTR_IE]) {
9396 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9397 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9398 	}
9399 
9400 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
9401 	if (err)
9402 		return err;
9403 
9404 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
9405 				     NL80211_IFTYPE_ADHOC))
9406 		return -EINVAL;
9407 
9408 	switch (ibss.chandef.width) {
9409 	case NL80211_CHAN_WIDTH_5:
9410 	case NL80211_CHAN_WIDTH_10:
9411 	case NL80211_CHAN_WIDTH_20_NOHT:
9412 		break;
9413 	case NL80211_CHAN_WIDTH_20:
9414 	case NL80211_CHAN_WIDTH_40:
9415 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9416 			return -EINVAL;
9417 		break;
9418 	case NL80211_CHAN_WIDTH_80:
9419 	case NL80211_CHAN_WIDTH_80P80:
9420 	case NL80211_CHAN_WIDTH_160:
9421 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9422 			return -EINVAL;
9423 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9424 					     NL80211_EXT_FEATURE_VHT_IBSS))
9425 			return -EINVAL;
9426 		break;
9427 	default:
9428 		return -EINVAL;
9429 	}
9430 
9431 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
9432 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
9433 
9434 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9435 		u8 *rates =
9436 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9437 		int n_rates =
9438 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9439 		struct ieee80211_supported_band *sband =
9440 			wiphy->bands[ibss.chandef.chan->band];
9441 
9442 		err = ieee80211_get_ratemask(sband, rates, n_rates,
9443 					     &ibss.basic_rates);
9444 		if (err)
9445 			return err;
9446 	}
9447 
9448 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9449 		memcpy(&ibss.ht_capa_mask,
9450 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9451 		       sizeof(ibss.ht_capa_mask));
9452 
9453 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9454 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9455 			return -EINVAL;
9456 		memcpy(&ibss.ht_capa,
9457 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9458 		       sizeof(ibss.ht_capa));
9459 	}
9460 
9461 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9462 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
9463 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9464 		return -EINVAL;
9465 
9466 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9467 		bool no_ht = false;
9468 
9469 		connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
9470 		if (IS_ERR(connkeys))
9471 			return PTR_ERR(connkeys);
9472 
9473 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
9474 		    no_ht) {
9475 			kzfree(connkeys);
9476 			return -EINVAL;
9477 		}
9478 	}
9479 
9480 	ibss.control_port =
9481 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
9482 
9483 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9484 		int r = validate_pae_over_nl80211(rdev, info);
9485 
9486 		if (r < 0) {
9487 			kzfree(connkeys);
9488 			return r;
9489 		}
9490 
9491 		ibss.control_port_over_nl80211 = true;
9492 	}
9493 
9494 	ibss.userspace_handles_dfs =
9495 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
9496 
9497 	wdev_lock(dev->ieee80211_ptr);
9498 	err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
9499 	if (err)
9500 		kzfree(connkeys);
9501 	else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9502 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9503 	wdev_unlock(dev->ieee80211_ptr);
9504 
9505 	return err;
9506 }
9507 
9508 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
9509 {
9510 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9511 	struct net_device *dev = info->user_ptr[1];
9512 
9513 	if (!rdev->ops->leave_ibss)
9514 		return -EOPNOTSUPP;
9515 
9516 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9517 		return -EOPNOTSUPP;
9518 
9519 	return cfg80211_leave_ibss(rdev, dev, false);
9520 }
9521 
9522 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
9523 {
9524 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9525 	struct net_device *dev = info->user_ptr[1];
9526 	int mcast_rate[NUM_NL80211_BANDS];
9527 	u32 nla_rate;
9528 	int err;
9529 
9530 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
9531 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
9532 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
9533 		return -EOPNOTSUPP;
9534 
9535 	if (!rdev->ops->set_mcast_rate)
9536 		return -EOPNOTSUPP;
9537 
9538 	memset(mcast_rate, 0, sizeof(mcast_rate));
9539 
9540 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
9541 		return -EINVAL;
9542 
9543 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
9544 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
9545 		return -EINVAL;
9546 
9547 	err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
9548 
9549 	return err;
9550 }
9551 
9552 static struct sk_buff *
9553 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
9554 			    struct wireless_dev *wdev, int approxlen,
9555 			    u32 portid, u32 seq, enum nl80211_commands cmd,
9556 			    enum nl80211_attrs attr,
9557 			    const struct nl80211_vendor_cmd_info *info,
9558 			    gfp_t gfp)
9559 {
9560 	struct sk_buff *skb;
9561 	void *hdr;
9562 	struct nlattr *data;
9563 
9564 	skb = nlmsg_new(approxlen + 100, gfp);
9565 	if (!skb)
9566 		return NULL;
9567 
9568 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
9569 	if (!hdr) {
9570 		kfree_skb(skb);
9571 		return NULL;
9572 	}
9573 
9574 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
9575 		goto nla_put_failure;
9576 
9577 	if (info) {
9578 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
9579 				info->vendor_id))
9580 			goto nla_put_failure;
9581 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
9582 				info->subcmd))
9583 			goto nla_put_failure;
9584 	}
9585 
9586 	if (wdev) {
9587 		if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
9588 				      wdev_id(wdev), NL80211_ATTR_PAD))
9589 			goto nla_put_failure;
9590 		if (wdev->netdev &&
9591 		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
9592 				wdev->netdev->ifindex))
9593 			goto nla_put_failure;
9594 	}
9595 
9596 	data = nla_nest_start_noflag(skb, attr);
9597 	if (!data)
9598 		goto nla_put_failure;
9599 
9600 	((void **)skb->cb)[0] = rdev;
9601 	((void **)skb->cb)[1] = hdr;
9602 	((void **)skb->cb)[2] = data;
9603 
9604 	return skb;
9605 
9606  nla_put_failure:
9607 	kfree_skb(skb);
9608 	return NULL;
9609 }
9610 
9611 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
9612 					   struct wireless_dev *wdev,
9613 					   enum nl80211_commands cmd,
9614 					   enum nl80211_attrs attr,
9615 					   unsigned int portid,
9616 					   int vendor_event_idx,
9617 					   int approxlen, gfp_t gfp)
9618 {
9619 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9620 	const struct nl80211_vendor_cmd_info *info;
9621 
9622 	switch (cmd) {
9623 	case NL80211_CMD_TESTMODE:
9624 		if (WARN_ON(vendor_event_idx != -1))
9625 			return NULL;
9626 		info = NULL;
9627 		break;
9628 	case NL80211_CMD_VENDOR:
9629 		if (WARN_ON(vendor_event_idx < 0 ||
9630 			    vendor_event_idx >= wiphy->n_vendor_events))
9631 			return NULL;
9632 		info = &wiphy->vendor_events[vendor_event_idx];
9633 		break;
9634 	default:
9635 		WARN_ON(1);
9636 		return NULL;
9637 	}
9638 
9639 	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
9640 					   cmd, attr, info, gfp);
9641 }
9642 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
9643 
9644 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
9645 {
9646 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9647 	void *hdr = ((void **)skb->cb)[1];
9648 	struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
9649 	struct nlattr *data = ((void **)skb->cb)[2];
9650 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
9651 
9652 	/* clear CB data for netlink core to own from now on */
9653 	memset(skb->cb, 0, sizeof(skb->cb));
9654 
9655 	nla_nest_end(skb, data);
9656 	genlmsg_end(skb, hdr);
9657 
9658 	if (nlhdr->nlmsg_pid) {
9659 		genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
9660 				nlhdr->nlmsg_pid);
9661 	} else {
9662 		if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
9663 			mcgrp = NL80211_MCGRP_VENDOR;
9664 
9665 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
9666 					skb, 0, mcgrp, gfp);
9667 	}
9668 }
9669 EXPORT_SYMBOL(__cfg80211_send_event_skb);
9670 
9671 #ifdef CONFIG_NL80211_TESTMODE
9672 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
9673 {
9674 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9675 	struct wireless_dev *wdev =
9676 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9677 	int err;
9678 
9679 	if (!rdev->ops->testmode_cmd)
9680 		return -EOPNOTSUPP;
9681 
9682 	if (IS_ERR(wdev)) {
9683 		err = PTR_ERR(wdev);
9684 		if (err != -EINVAL)
9685 			return err;
9686 		wdev = NULL;
9687 	} else if (wdev->wiphy != &rdev->wiphy) {
9688 		return -EINVAL;
9689 	}
9690 
9691 	if (!info->attrs[NL80211_ATTR_TESTDATA])
9692 		return -EINVAL;
9693 
9694 	rdev->cur_cmd_info = info;
9695 	err = rdev_testmode_cmd(rdev, wdev,
9696 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
9697 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
9698 	rdev->cur_cmd_info = NULL;
9699 
9700 	return err;
9701 }
9702 
9703 static int nl80211_testmode_dump(struct sk_buff *skb,
9704 				 struct netlink_callback *cb)
9705 {
9706 	struct cfg80211_registered_device *rdev;
9707 	struct nlattr **attrbuf = NULL;
9708 	int err;
9709 	long phy_idx;
9710 	void *data = NULL;
9711 	int data_len = 0;
9712 
9713 	rtnl_lock();
9714 
9715 	if (cb->args[0]) {
9716 		/*
9717 		 * 0 is a valid index, but not valid for args[0],
9718 		 * so we need to offset by 1.
9719 		 */
9720 		phy_idx = cb->args[0] - 1;
9721 
9722 		rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
9723 		if (!rdev) {
9724 			err = -ENOENT;
9725 			goto out_err;
9726 		}
9727 	} else {
9728 		attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
9729 				  GFP_KERNEL);
9730 		if (!attrbuf) {
9731 			err = -ENOMEM;
9732 			goto out_err;
9733 		}
9734 
9735 		err = nlmsg_parse_deprecated(cb->nlh,
9736 					     GENL_HDRLEN + nl80211_fam.hdrsize,
9737 					     attrbuf, nl80211_fam.maxattr,
9738 					     nl80211_policy, NULL);
9739 		if (err)
9740 			goto out_err;
9741 
9742 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
9743 		if (IS_ERR(rdev)) {
9744 			err = PTR_ERR(rdev);
9745 			goto out_err;
9746 		}
9747 		phy_idx = rdev->wiphy_idx;
9748 
9749 		if (attrbuf[NL80211_ATTR_TESTDATA])
9750 			cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
9751 	}
9752 
9753 	if (cb->args[1]) {
9754 		data = nla_data((void *)cb->args[1]);
9755 		data_len = nla_len((void *)cb->args[1]);
9756 	}
9757 
9758 	if (!rdev->ops->testmode_dump) {
9759 		err = -EOPNOTSUPP;
9760 		goto out_err;
9761 	}
9762 
9763 	while (1) {
9764 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
9765 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
9766 					   NL80211_CMD_TESTMODE);
9767 		struct nlattr *tmdata;
9768 
9769 		if (!hdr)
9770 			break;
9771 
9772 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
9773 			genlmsg_cancel(skb, hdr);
9774 			break;
9775 		}
9776 
9777 		tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
9778 		if (!tmdata) {
9779 			genlmsg_cancel(skb, hdr);
9780 			break;
9781 		}
9782 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
9783 		nla_nest_end(skb, tmdata);
9784 
9785 		if (err == -ENOBUFS || err == -ENOENT) {
9786 			genlmsg_cancel(skb, hdr);
9787 			break;
9788 		} else if (err) {
9789 			genlmsg_cancel(skb, hdr);
9790 			goto out_err;
9791 		}
9792 
9793 		genlmsg_end(skb, hdr);
9794 	}
9795 
9796 	err = skb->len;
9797 	/* see above */
9798 	cb->args[0] = phy_idx + 1;
9799  out_err:
9800 	kfree(attrbuf);
9801 	rtnl_unlock();
9802 	return err;
9803 }
9804 #endif
9805 
9806 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
9807 {
9808 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9809 	struct net_device *dev = info->user_ptr[1];
9810 	struct cfg80211_connect_params connect;
9811 	struct wiphy *wiphy;
9812 	struct cfg80211_cached_keys *connkeys = NULL;
9813 	int err;
9814 
9815 	memset(&connect, 0, sizeof(connect));
9816 
9817 	if (!info->attrs[NL80211_ATTR_SSID] ||
9818 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
9819 		return -EINVAL;
9820 
9821 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
9822 		connect.auth_type =
9823 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9824 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
9825 					     NL80211_CMD_CONNECT))
9826 			return -EINVAL;
9827 	} else
9828 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
9829 
9830 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
9831 
9832 	if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
9833 	    !wiphy_ext_feature_isset(&rdev->wiphy,
9834 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
9835 		return -EINVAL;
9836 	connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
9837 
9838 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
9839 				      NL80211_MAX_NR_CIPHER_SUITES);
9840 	if (err)
9841 		return err;
9842 
9843 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9844 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9845 		return -EOPNOTSUPP;
9846 
9847 	wiphy = &rdev->wiphy;
9848 
9849 	connect.bg_scan_period = -1;
9850 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
9851 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
9852 		connect.bg_scan_period =
9853 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
9854 	}
9855 
9856 	if (info->attrs[NL80211_ATTR_MAC])
9857 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9858 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
9859 		connect.bssid_hint =
9860 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
9861 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9862 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9863 
9864 	if (info->attrs[NL80211_ATTR_IE]) {
9865 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9866 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9867 	}
9868 
9869 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
9870 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9871 		if (connect.mfp == NL80211_MFP_OPTIONAL &&
9872 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9873 					     NL80211_EXT_FEATURE_MFP_OPTIONAL))
9874 			return -EOPNOTSUPP;
9875 	} else {
9876 		connect.mfp = NL80211_MFP_NO;
9877 	}
9878 
9879 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
9880 		connect.prev_bssid =
9881 			nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9882 
9883 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9884 		connect.channel = nl80211_get_valid_chan(
9885 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9886 		if (!connect.channel)
9887 			return -EINVAL;
9888 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
9889 		connect.channel_hint = nl80211_get_valid_chan(
9890 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
9891 		if (!connect.channel_hint)
9892 			return -EINVAL;
9893 	}
9894 
9895 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9896 		connkeys = nl80211_parse_connkeys(rdev, info, NULL);
9897 		if (IS_ERR(connkeys))
9898 			return PTR_ERR(connkeys);
9899 	}
9900 
9901 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9902 		connect.flags |= ASSOC_REQ_DISABLE_HT;
9903 
9904 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9905 		memcpy(&connect.ht_capa_mask,
9906 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9907 		       sizeof(connect.ht_capa_mask));
9908 
9909 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9910 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
9911 			kzfree(connkeys);
9912 			return -EINVAL;
9913 		}
9914 		memcpy(&connect.ht_capa,
9915 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9916 		       sizeof(connect.ht_capa));
9917 	}
9918 
9919 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9920 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
9921 
9922 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9923 		memcpy(&connect.vht_capa_mask,
9924 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9925 		       sizeof(connect.vht_capa_mask));
9926 
9927 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9928 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
9929 			kzfree(connkeys);
9930 			return -EINVAL;
9931 		}
9932 		memcpy(&connect.vht_capa,
9933 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9934 		       sizeof(connect.vht_capa));
9935 	}
9936 
9937 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9938 		if (!((rdev->wiphy.features &
9939 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9940 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9941 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9942 					     NL80211_EXT_FEATURE_RRM)) {
9943 			kzfree(connkeys);
9944 			return -EINVAL;
9945 		}
9946 		connect.flags |= ASSOC_REQ_USE_RRM;
9947 	}
9948 
9949 	connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
9950 	if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
9951 		kzfree(connkeys);
9952 		return -EOPNOTSUPP;
9953 	}
9954 
9955 	if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
9956 		/* bss selection makes no sense if bssid is set */
9957 		if (connect.bssid) {
9958 			kzfree(connkeys);
9959 			return -EINVAL;
9960 		}
9961 
9962 		err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
9963 				       wiphy, &connect.bss_select);
9964 		if (err) {
9965 			kzfree(connkeys);
9966 			return err;
9967 		}
9968 	}
9969 
9970 	if (wiphy_ext_feature_isset(&rdev->wiphy,
9971 				    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
9972 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9973 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9974 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9975 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9976 		connect.fils_erp_username =
9977 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9978 		connect.fils_erp_username_len =
9979 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9980 		connect.fils_erp_realm =
9981 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9982 		connect.fils_erp_realm_len =
9983 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9984 		connect.fils_erp_next_seq_num =
9985 			nla_get_u16(
9986 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9987 		connect.fils_erp_rrk =
9988 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9989 		connect.fils_erp_rrk_len =
9990 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9991 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9992 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9993 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9994 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9995 		kzfree(connkeys);
9996 		return -EINVAL;
9997 	}
9998 
9999 	if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
10000 		if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10001 			kzfree(connkeys);
10002 			GENL_SET_ERR_MSG(info,
10003 					 "external auth requires connection ownership");
10004 			return -EINVAL;
10005 		}
10006 		connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
10007 	}
10008 
10009 	wdev_lock(dev->ieee80211_ptr);
10010 
10011 	err = cfg80211_connect(rdev, dev, &connect, connkeys,
10012 			       connect.prev_bssid);
10013 	if (err)
10014 		kzfree(connkeys);
10015 
10016 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10017 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10018 		if (connect.bssid)
10019 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
10020 			       connect.bssid, ETH_ALEN);
10021 		else
10022 			memset(dev->ieee80211_ptr->disconnect_bssid,
10023 			       0, ETH_ALEN);
10024 	}
10025 
10026 	wdev_unlock(dev->ieee80211_ptr);
10027 
10028 	return err;
10029 }
10030 
10031 static int nl80211_update_connect_params(struct sk_buff *skb,
10032 					 struct genl_info *info)
10033 {
10034 	struct cfg80211_connect_params connect = {};
10035 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10036 	struct net_device *dev = info->user_ptr[1];
10037 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10038 	bool fils_sk_offload;
10039 	u32 auth_type;
10040 	u32 changed = 0;
10041 	int ret;
10042 
10043 	if (!rdev->ops->update_connect_params)
10044 		return -EOPNOTSUPP;
10045 
10046 	if (info->attrs[NL80211_ATTR_IE]) {
10047 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10048 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10049 		changed |= UPDATE_ASSOC_IES;
10050 	}
10051 
10052 	fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
10053 						  NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
10054 
10055 	/*
10056 	 * when driver supports fils-sk offload all attributes must be
10057 	 * provided. So the else covers "fils-sk-not-all" and
10058 	 * "no-fils-sk-any".
10059 	 */
10060 	if (fils_sk_offload &&
10061 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10062 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10063 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10064 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10065 		connect.fils_erp_username =
10066 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10067 		connect.fils_erp_username_len =
10068 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10069 		connect.fils_erp_realm =
10070 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10071 		connect.fils_erp_realm_len =
10072 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10073 		connect.fils_erp_next_seq_num =
10074 			nla_get_u16(
10075 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10076 		connect.fils_erp_rrk =
10077 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10078 		connect.fils_erp_rrk_len =
10079 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10080 		changed |= UPDATE_FILS_ERP_INFO;
10081 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10082 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10083 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10084 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10085 		return -EINVAL;
10086 	}
10087 
10088 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10089 		auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10090 		if (!nl80211_valid_auth_type(rdev, auth_type,
10091 					     NL80211_CMD_CONNECT))
10092 			return -EINVAL;
10093 
10094 		if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
10095 		    fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
10096 			return -EINVAL;
10097 
10098 		connect.auth_type = auth_type;
10099 		changed |= UPDATE_AUTH_TYPE;
10100 	}
10101 
10102 	wdev_lock(dev->ieee80211_ptr);
10103 	if (!wdev->current_bss)
10104 		ret = -ENOLINK;
10105 	else
10106 		ret = rdev_update_connect_params(rdev, dev, &connect, changed);
10107 	wdev_unlock(dev->ieee80211_ptr);
10108 
10109 	return ret;
10110 }
10111 
10112 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
10113 {
10114 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10115 	struct net_device *dev = info->user_ptr[1];
10116 	u16 reason;
10117 	int ret;
10118 
10119 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
10120 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10121 		return -EPERM;
10122 
10123 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
10124 		reason = WLAN_REASON_DEAUTH_LEAVING;
10125 	else
10126 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10127 
10128 	if (reason == 0)
10129 		return -EINVAL;
10130 
10131 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10132 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10133 		return -EOPNOTSUPP;
10134 
10135 	wdev_lock(dev->ieee80211_ptr);
10136 	ret = cfg80211_disconnect(rdev, dev, reason, true);
10137 	wdev_unlock(dev->ieee80211_ptr);
10138 	return ret;
10139 }
10140 
10141 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
10142 {
10143 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10144 	struct net *net;
10145 	int err;
10146 
10147 	if (info->attrs[NL80211_ATTR_PID]) {
10148 		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
10149 
10150 		net = get_net_ns_by_pid(pid);
10151 	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
10152 		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
10153 
10154 		net = get_net_ns_by_fd(fd);
10155 	} else {
10156 		return -EINVAL;
10157 	}
10158 
10159 	if (IS_ERR(net))
10160 		return PTR_ERR(net);
10161 
10162 	err = 0;
10163 
10164 	/* check if anything to do */
10165 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
10166 		err = cfg80211_switch_netns(rdev, net);
10167 
10168 	put_net(net);
10169 	return err;
10170 }
10171 
10172 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
10173 {
10174 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10175 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
10176 			struct cfg80211_pmksa *pmksa) = NULL;
10177 	struct net_device *dev = info->user_ptr[1];
10178 	struct cfg80211_pmksa pmksa;
10179 
10180 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
10181 
10182 	if (!info->attrs[NL80211_ATTR_PMKID])
10183 		return -EINVAL;
10184 
10185 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
10186 
10187 	if (info->attrs[NL80211_ATTR_MAC]) {
10188 		pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10189 	} else if (info->attrs[NL80211_ATTR_SSID] &&
10190 		   info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
10191 		   (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
10192 		    info->attrs[NL80211_ATTR_PMK])) {
10193 		pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10194 		pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10195 		pmksa.cache_id =
10196 			nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
10197 	} else {
10198 		return -EINVAL;
10199 	}
10200 	if (info->attrs[NL80211_ATTR_PMK]) {
10201 		pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
10202 		pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
10203 	}
10204 
10205 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10206 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
10207 	    !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
10208 	      wiphy_ext_feature_isset(&rdev->wiphy,
10209 				      NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
10210 		return -EOPNOTSUPP;
10211 
10212 	switch (info->genlhdr->cmd) {
10213 	case NL80211_CMD_SET_PMKSA:
10214 		rdev_ops = rdev->ops->set_pmksa;
10215 		break;
10216 	case NL80211_CMD_DEL_PMKSA:
10217 		rdev_ops = rdev->ops->del_pmksa;
10218 		break;
10219 	default:
10220 		WARN_ON(1);
10221 		break;
10222 	}
10223 
10224 	if (!rdev_ops)
10225 		return -EOPNOTSUPP;
10226 
10227 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
10228 }
10229 
10230 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
10231 {
10232 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10233 	struct net_device *dev = info->user_ptr[1];
10234 
10235 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10236 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10237 		return -EOPNOTSUPP;
10238 
10239 	if (!rdev->ops->flush_pmksa)
10240 		return -EOPNOTSUPP;
10241 
10242 	return rdev_flush_pmksa(rdev, dev);
10243 }
10244 
10245 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
10246 {
10247 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10248 	struct net_device *dev = info->user_ptr[1];
10249 	u8 action_code, dialog_token;
10250 	u32 peer_capability = 0;
10251 	u16 status_code;
10252 	u8 *peer;
10253 	bool initiator;
10254 
10255 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10256 	    !rdev->ops->tdls_mgmt)
10257 		return -EOPNOTSUPP;
10258 
10259 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
10260 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
10261 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
10262 	    !info->attrs[NL80211_ATTR_IE] ||
10263 	    !info->attrs[NL80211_ATTR_MAC])
10264 		return -EINVAL;
10265 
10266 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10267 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
10268 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
10269 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
10270 	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
10271 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
10272 		peer_capability =
10273 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
10274 
10275 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
10276 			      dialog_token, status_code, peer_capability,
10277 			      initiator,
10278 			      nla_data(info->attrs[NL80211_ATTR_IE]),
10279 			      nla_len(info->attrs[NL80211_ATTR_IE]));
10280 }
10281 
10282 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
10283 {
10284 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10285 	struct net_device *dev = info->user_ptr[1];
10286 	enum nl80211_tdls_operation operation;
10287 	u8 *peer;
10288 
10289 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10290 	    !rdev->ops->tdls_oper)
10291 		return -EOPNOTSUPP;
10292 
10293 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
10294 	    !info->attrs[NL80211_ATTR_MAC])
10295 		return -EINVAL;
10296 
10297 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
10298 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10299 
10300 	return rdev_tdls_oper(rdev, dev, peer, operation);
10301 }
10302 
10303 static int nl80211_remain_on_channel(struct sk_buff *skb,
10304 				     struct genl_info *info)
10305 {
10306 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10307 	struct wireless_dev *wdev = info->user_ptr[1];
10308 	struct cfg80211_chan_def chandef;
10309 	const struct cfg80211_chan_def *compat_chandef;
10310 	struct sk_buff *msg;
10311 	void *hdr;
10312 	u64 cookie;
10313 	u32 duration;
10314 	int err;
10315 
10316 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10317 	    !info->attrs[NL80211_ATTR_DURATION])
10318 		return -EINVAL;
10319 
10320 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10321 
10322 	if (!rdev->ops->remain_on_channel ||
10323 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
10324 		return -EOPNOTSUPP;
10325 
10326 	/*
10327 	 * We should be on that channel for at least a minimum amount of
10328 	 * time (10ms) but no longer than the driver supports.
10329 	 */
10330 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10331 	    duration > rdev->wiphy.max_remain_on_channel_duration)
10332 		return -EINVAL;
10333 
10334 	err = nl80211_parse_chandef(rdev, info, &chandef);
10335 	if (err)
10336 		return err;
10337 
10338 	wdev_lock(wdev);
10339 	if (!cfg80211_off_channel_oper_allowed(wdev) &&
10340 	    !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
10341 		compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
10342 							     &chandef);
10343 		if (compat_chandef != &chandef) {
10344 			wdev_unlock(wdev);
10345 			return -EBUSY;
10346 		}
10347 	}
10348 	wdev_unlock(wdev);
10349 
10350 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10351 	if (!msg)
10352 		return -ENOMEM;
10353 
10354 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10355 			     NL80211_CMD_REMAIN_ON_CHANNEL);
10356 	if (!hdr) {
10357 		err = -ENOBUFS;
10358 		goto free_msg;
10359 	}
10360 
10361 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
10362 				     duration, &cookie);
10363 
10364 	if (err)
10365 		goto free_msg;
10366 
10367 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10368 			      NL80211_ATTR_PAD))
10369 		goto nla_put_failure;
10370 
10371 	genlmsg_end(msg, hdr);
10372 
10373 	return genlmsg_reply(msg, info);
10374 
10375  nla_put_failure:
10376 	err = -ENOBUFS;
10377  free_msg:
10378 	nlmsg_free(msg);
10379 	return err;
10380 }
10381 
10382 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
10383 					    struct genl_info *info)
10384 {
10385 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10386 	struct wireless_dev *wdev = info->user_ptr[1];
10387 	u64 cookie;
10388 
10389 	if (!info->attrs[NL80211_ATTR_COOKIE])
10390 		return -EINVAL;
10391 
10392 	if (!rdev->ops->cancel_remain_on_channel)
10393 		return -EOPNOTSUPP;
10394 
10395 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10396 
10397 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
10398 }
10399 
10400 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
10401 				       struct genl_info *info)
10402 {
10403 	struct cfg80211_bitrate_mask mask;
10404 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10405 	struct net_device *dev = info->user_ptr[1];
10406 	int err;
10407 
10408 	if (!rdev->ops->set_bitrate_mask)
10409 		return -EOPNOTSUPP;
10410 
10411 	err = nl80211_parse_tx_bitrate_mask(info, &mask);
10412 	if (err)
10413 		return err;
10414 
10415 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
10416 }
10417 
10418 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
10419 {
10420 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10421 	struct wireless_dev *wdev = info->user_ptr[1];
10422 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
10423 
10424 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
10425 		return -EINVAL;
10426 
10427 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
10428 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
10429 
10430 	switch (wdev->iftype) {
10431 	case NL80211_IFTYPE_STATION:
10432 	case NL80211_IFTYPE_ADHOC:
10433 	case NL80211_IFTYPE_P2P_CLIENT:
10434 	case NL80211_IFTYPE_AP:
10435 	case NL80211_IFTYPE_AP_VLAN:
10436 	case NL80211_IFTYPE_MESH_POINT:
10437 	case NL80211_IFTYPE_P2P_GO:
10438 	case NL80211_IFTYPE_P2P_DEVICE:
10439 		break;
10440 	case NL80211_IFTYPE_NAN:
10441 	default:
10442 		return -EOPNOTSUPP;
10443 	}
10444 
10445 	/* not much point in registering if we can't reply */
10446 	if (!rdev->ops->mgmt_tx)
10447 		return -EOPNOTSUPP;
10448 
10449 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
10450 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10451 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
10452 }
10453 
10454 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
10455 {
10456 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10457 	struct wireless_dev *wdev = info->user_ptr[1];
10458 	struct cfg80211_chan_def chandef;
10459 	int err;
10460 	void *hdr = NULL;
10461 	u64 cookie;
10462 	struct sk_buff *msg = NULL;
10463 	struct cfg80211_mgmt_tx_params params = {
10464 		.dont_wait_for_ack =
10465 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
10466 	};
10467 
10468 	if (!info->attrs[NL80211_ATTR_FRAME])
10469 		return -EINVAL;
10470 
10471 	if (!rdev->ops->mgmt_tx)
10472 		return -EOPNOTSUPP;
10473 
10474 	switch (wdev->iftype) {
10475 	case NL80211_IFTYPE_P2P_DEVICE:
10476 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10477 			return -EINVAL;
10478 	case NL80211_IFTYPE_STATION:
10479 	case NL80211_IFTYPE_ADHOC:
10480 	case NL80211_IFTYPE_P2P_CLIENT:
10481 	case NL80211_IFTYPE_AP:
10482 	case NL80211_IFTYPE_AP_VLAN:
10483 	case NL80211_IFTYPE_MESH_POINT:
10484 	case NL80211_IFTYPE_P2P_GO:
10485 		break;
10486 	case NL80211_IFTYPE_NAN:
10487 	default:
10488 		return -EOPNOTSUPP;
10489 	}
10490 
10491 	if (info->attrs[NL80211_ATTR_DURATION]) {
10492 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10493 			return -EINVAL;
10494 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10495 
10496 		/*
10497 		 * We should wait on the channel for at least a minimum amount
10498 		 * of time (10ms) but no longer than the driver supports.
10499 		 */
10500 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10501 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
10502 			return -EINVAL;
10503 	}
10504 
10505 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
10506 
10507 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10508 		return -EINVAL;
10509 
10510 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
10511 
10512 	/* get the channel if any has been specified, otherwise pass NULL to
10513 	 * the driver. The latter will use the current one
10514 	 */
10515 	chandef.chan = NULL;
10516 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10517 		err = nl80211_parse_chandef(rdev, info, &chandef);
10518 		if (err)
10519 			return err;
10520 	}
10521 
10522 	if (!chandef.chan && params.offchan)
10523 		return -EINVAL;
10524 
10525 	wdev_lock(wdev);
10526 	if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
10527 		wdev_unlock(wdev);
10528 		return -EBUSY;
10529 	}
10530 	wdev_unlock(wdev);
10531 
10532 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
10533 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
10534 
10535 	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
10536 		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10537 		int i;
10538 
10539 		if (len % sizeof(u16))
10540 			return -EINVAL;
10541 
10542 		params.n_csa_offsets = len / sizeof(u16);
10543 		params.csa_offsets =
10544 			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10545 
10546 		/* check that all the offsets fit the frame */
10547 		for (i = 0; i < params.n_csa_offsets; i++) {
10548 			if (params.csa_offsets[i] >= params.len)
10549 				return -EINVAL;
10550 		}
10551 	}
10552 
10553 	if (!params.dont_wait_for_ack) {
10554 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10555 		if (!msg)
10556 			return -ENOMEM;
10557 
10558 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10559 				     NL80211_CMD_FRAME);
10560 		if (!hdr) {
10561 			err = -ENOBUFS;
10562 			goto free_msg;
10563 		}
10564 	}
10565 
10566 	params.chan = chandef.chan;
10567 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
10568 	if (err)
10569 		goto free_msg;
10570 
10571 	if (msg) {
10572 		if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10573 				      NL80211_ATTR_PAD))
10574 			goto nla_put_failure;
10575 
10576 		genlmsg_end(msg, hdr);
10577 		return genlmsg_reply(msg, info);
10578 	}
10579 
10580 	return 0;
10581 
10582  nla_put_failure:
10583 	err = -ENOBUFS;
10584  free_msg:
10585 	nlmsg_free(msg);
10586 	return err;
10587 }
10588 
10589 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
10590 {
10591 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10592 	struct wireless_dev *wdev = info->user_ptr[1];
10593 	u64 cookie;
10594 
10595 	if (!info->attrs[NL80211_ATTR_COOKIE])
10596 		return -EINVAL;
10597 
10598 	if (!rdev->ops->mgmt_tx_cancel_wait)
10599 		return -EOPNOTSUPP;
10600 
10601 	switch (wdev->iftype) {
10602 	case NL80211_IFTYPE_STATION:
10603 	case NL80211_IFTYPE_ADHOC:
10604 	case NL80211_IFTYPE_P2P_CLIENT:
10605 	case NL80211_IFTYPE_AP:
10606 	case NL80211_IFTYPE_AP_VLAN:
10607 	case NL80211_IFTYPE_P2P_GO:
10608 	case NL80211_IFTYPE_P2P_DEVICE:
10609 		break;
10610 	case NL80211_IFTYPE_NAN:
10611 	default:
10612 		return -EOPNOTSUPP;
10613 	}
10614 
10615 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10616 
10617 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
10618 }
10619 
10620 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
10621 {
10622 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10623 	struct wireless_dev *wdev;
10624 	struct net_device *dev = info->user_ptr[1];
10625 	u8 ps_state;
10626 	bool state;
10627 	int err;
10628 
10629 	if (!info->attrs[NL80211_ATTR_PS_STATE])
10630 		return -EINVAL;
10631 
10632 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
10633 
10634 	wdev = dev->ieee80211_ptr;
10635 
10636 	if (!rdev->ops->set_power_mgmt)
10637 		return -EOPNOTSUPP;
10638 
10639 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
10640 
10641 	if (state == wdev->ps)
10642 		return 0;
10643 
10644 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
10645 	if (!err)
10646 		wdev->ps = state;
10647 	return err;
10648 }
10649 
10650 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
10651 {
10652 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10653 	enum nl80211_ps_state ps_state;
10654 	struct wireless_dev *wdev;
10655 	struct net_device *dev = info->user_ptr[1];
10656 	struct sk_buff *msg;
10657 	void *hdr;
10658 	int err;
10659 
10660 	wdev = dev->ieee80211_ptr;
10661 
10662 	if (!rdev->ops->set_power_mgmt)
10663 		return -EOPNOTSUPP;
10664 
10665 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10666 	if (!msg)
10667 		return -ENOMEM;
10668 
10669 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10670 			     NL80211_CMD_GET_POWER_SAVE);
10671 	if (!hdr) {
10672 		err = -ENOBUFS;
10673 		goto free_msg;
10674 	}
10675 
10676 	if (wdev->ps)
10677 		ps_state = NL80211_PS_ENABLED;
10678 	else
10679 		ps_state = NL80211_PS_DISABLED;
10680 
10681 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
10682 		goto nla_put_failure;
10683 
10684 	genlmsg_end(msg, hdr);
10685 	return genlmsg_reply(msg, info);
10686 
10687  nla_put_failure:
10688 	err = -ENOBUFS;
10689  free_msg:
10690 	nlmsg_free(msg);
10691 	return err;
10692 }
10693 
10694 static const struct nla_policy
10695 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
10696 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
10697 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
10698 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
10699 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
10700 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
10701 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
10702 	[NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
10703 };
10704 
10705 static int nl80211_set_cqm_txe(struct genl_info *info,
10706 			       u32 rate, u32 pkts, u32 intvl)
10707 {
10708 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10709 	struct net_device *dev = info->user_ptr[1];
10710 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10711 
10712 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
10713 		return -EINVAL;
10714 
10715 	if (!rdev->ops->set_cqm_txe_config)
10716 		return -EOPNOTSUPP;
10717 
10718 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
10719 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10720 		return -EOPNOTSUPP;
10721 
10722 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
10723 }
10724 
10725 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
10726 				    struct net_device *dev)
10727 {
10728 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10729 	s32 last, low, high;
10730 	u32 hyst;
10731 	int i, n, low_index;
10732 	int err;
10733 
10734 	/* RSSI reporting disabled? */
10735 	if (!wdev->cqm_config)
10736 		return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
10737 
10738 	/*
10739 	 * Obtain current RSSI value if possible, if not and no RSSI threshold
10740 	 * event has been received yet, we should receive an event after a
10741 	 * connection is established and enough beacons received to calculate
10742 	 * the average.
10743 	 */
10744 	if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
10745 	    rdev->ops->get_station) {
10746 		struct station_info sinfo = {};
10747 		u8 *mac_addr;
10748 
10749 		mac_addr = wdev->current_bss->pub.bssid;
10750 
10751 		err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
10752 		if (err)
10753 			return err;
10754 
10755 		if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
10756 			wdev->cqm_config->last_rssi_event_value =
10757 				(s8) sinfo.rx_beacon_signal_avg;
10758 	}
10759 
10760 	last = wdev->cqm_config->last_rssi_event_value;
10761 	hyst = wdev->cqm_config->rssi_hyst;
10762 	n = wdev->cqm_config->n_rssi_thresholds;
10763 
10764 	for (i = 0; i < n; i++)
10765 		if (last < wdev->cqm_config->rssi_thresholds[i])
10766 			break;
10767 
10768 	low_index = i - 1;
10769 	if (low_index >= 0) {
10770 		low_index = array_index_nospec(low_index, n);
10771 		low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
10772 	} else {
10773 		low = S32_MIN;
10774 	}
10775 	if (i < n) {
10776 		i = array_index_nospec(i, n);
10777 		high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
10778 	} else {
10779 		high = S32_MAX;
10780 	}
10781 
10782 	return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
10783 }
10784 
10785 static int nl80211_set_cqm_rssi(struct genl_info *info,
10786 				const s32 *thresholds, int n_thresholds,
10787 				u32 hysteresis)
10788 {
10789 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10790 	struct net_device *dev = info->user_ptr[1];
10791 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10792 	int i, err;
10793 	s32 prev = S32_MIN;
10794 
10795 	/* Check all values negative and sorted */
10796 	for (i = 0; i < n_thresholds; i++) {
10797 		if (thresholds[i] > 0 || thresholds[i] <= prev)
10798 			return -EINVAL;
10799 
10800 		prev = thresholds[i];
10801 	}
10802 
10803 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
10804 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10805 		return -EOPNOTSUPP;
10806 
10807 	wdev_lock(wdev);
10808 	cfg80211_cqm_config_free(wdev);
10809 	wdev_unlock(wdev);
10810 
10811 	if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
10812 		if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
10813 			return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
10814 
10815 		return rdev_set_cqm_rssi_config(rdev, dev,
10816 						thresholds[0], hysteresis);
10817 	}
10818 
10819 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
10820 				     NL80211_EXT_FEATURE_CQM_RSSI_LIST))
10821 		return -EOPNOTSUPP;
10822 
10823 	if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
10824 		n_thresholds = 0;
10825 
10826 	wdev_lock(wdev);
10827 	if (n_thresholds) {
10828 		struct cfg80211_cqm_config *cqm_config;
10829 
10830 		cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
10831 				     n_thresholds * sizeof(s32), GFP_KERNEL);
10832 		if (!cqm_config) {
10833 			err = -ENOMEM;
10834 			goto unlock;
10835 		}
10836 
10837 		cqm_config->rssi_hyst = hysteresis;
10838 		cqm_config->n_rssi_thresholds = n_thresholds;
10839 		memcpy(cqm_config->rssi_thresholds, thresholds,
10840 		       n_thresholds * sizeof(s32));
10841 
10842 		wdev->cqm_config = cqm_config;
10843 	}
10844 
10845 	err = cfg80211_cqm_rssi_update(rdev, dev);
10846 
10847 unlock:
10848 	wdev_unlock(wdev);
10849 
10850 	return err;
10851 }
10852 
10853 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
10854 {
10855 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
10856 	struct nlattr *cqm;
10857 	int err;
10858 
10859 	cqm = info->attrs[NL80211_ATTR_CQM];
10860 	if (!cqm)
10861 		return -EINVAL;
10862 
10863 	err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
10864 					  nl80211_attr_cqm_policy,
10865 					  info->extack);
10866 	if (err)
10867 		return err;
10868 
10869 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
10870 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
10871 		const s32 *thresholds =
10872 			nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10873 		int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10874 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
10875 
10876 		if (len % 4)
10877 			return -EINVAL;
10878 
10879 		return nl80211_set_cqm_rssi(info, thresholds, len / 4,
10880 					    hysteresis);
10881 	}
10882 
10883 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
10884 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
10885 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
10886 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
10887 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
10888 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
10889 
10890 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
10891 	}
10892 
10893 	return -EINVAL;
10894 }
10895 
10896 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
10897 {
10898 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10899 	struct net_device *dev = info->user_ptr[1];
10900 	struct ocb_setup setup = {};
10901 	int err;
10902 
10903 	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10904 	if (err)
10905 		return err;
10906 
10907 	return cfg80211_join_ocb(rdev, dev, &setup);
10908 }
10909 
10910 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
10911 {
10912 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10913 	struct net_device *dev = info->user_ptr[1];
10914 
10915 	return cfg80211_leave_ocb(rdev, dev);
10916 }
10917 
10918 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
10919 {
10920 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10921 	struct net_device *dev = info->user_ptr[1];
10922 	struct mesh_config cfg;
10923 	struct mesh_setup setup;
10924 	int err;
10925 
10926 	/* start with default */
10927 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
10928 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
10929 
10930 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
10931 		/* and parse parameters if given */
10932 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
10933 		if (err)
10934 			return err;
10935 	}
10936 
10937 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
10938 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
10939 		return -EINVAL;
10940 
10941 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
10942 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
10943 
10944 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
10945 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
10946 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10947 			return -EINVAL;
10948 
10949 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
10950 		setup.beacon_interval =
10951 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10952 
10953 		err = cfg80211_validate_beacon_int(rdev,
10954 						   NL80211_IFTYPE_MESH_POINT,
10955 						   setup.beacon_interval);
10956 		if (err)
10957 			return err;
10958 	}
10959 
10960 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
10961 		setup.dtim_period =
10962 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
10963 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
10964 			return -EINVAL;
10965 	}
10966 
10967 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
10968 		/* parse additional setup parameters if given */
10969 		err = nl80211_parse_mesh_setup(info, &setup);
10970 		if (err)
10971 			return err;
10972 	}
10973 
10974 	if (setup.user_mpm)
10975 		cfg.auto_open_plinks = false;
10976 
10977 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10978 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10979 		if (err)
10980 			return err;
10981 	} else {
10982 		/* __cfg80211_join_mesh() will sort it out */
10983 		setup.chandef.chan = NULL;
10984 	}
10985 
10986 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10987 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10988 		int n_rates =
10989 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10990 		struct ieee80211_supported_band *sband;
10991 
10992 		if (!setup.chandef.chan)
10993 			return -EINVAL;
10994 
10995 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
10996 
10997 		err = ieee80211_get_ratemask(sband, rates, n_rates,
10998 					     &setup.basic_rates);
10999 		if (err)
11000 			return err;
11001 	}
11002 
11003 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
11004 		err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
11005 		if (err)
11006 			return err;
11007 
11008 		if (!setup.chandef.chan)
11009 			return -EINVAL;
11010 
11011 		err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
11012 					      &setup.beacon_rate);
11013 		if (err)
11014 			return err;
11015 	}
11016 
11017 	setup.userspace_handles_dfs =
11018 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11019 
11020 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11021 		int r = validate_pae_over_nl80211(rdev, info);
11022 
11023 		if (r < 0)
11024 			return r;
11025 
11026 		setup.control_port_over_nl80211 = true;
11027 	}
11028 
11029 	wdev_lock(dev->ieee80211_ptr);
11030 	err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
11031 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
11032 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11033 	wdev_unlock(dev->ieee80211_ptr);
11034 
11035 	return err;
11036 }
11037 
11038 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
11039 {
11040 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11041 	struct net_device *dev = info->user_ptr[1];
11042 
11043 	return cfg80211_leave_mesh(rdev, dev);
11044 }
11045 
11046 #ifdef CONFIG_PM
11047 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
11048 					struct cfg80211_registered_device *rdev)
11049 {
11050 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
11051 	struct nlattr *nl_pats, *nl_pat;
11052 	int i, pat_len;
11053 
11054 	if (!wowlan->n_patterns)
11055 		return 0;
11056 
11057 	nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
11058 	if (!nl_pats)
11059 		return -ENOBUFS;
11060 
11061 	for (i = 0; i < wowlan->n_patterns; i++) {
11062 		nl_pat = nla_nest_start_noflag(msg, i + 1);
11063 		if (!nl_pat)
11064 			return -ENOBUFS;
11065 		pat_len = wowlan->patterns[i].pattern_len;
11066 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
11067 			    wowlan->patterns[i].mask) ||
11068 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11069 			    wowlan->patterns[i].pattern) ||
11070 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11071 				wowlan->patterns[i].pkt_offset))
11072 			return -ENOBUFS;
11073 		nla_nest_end(msg, nl_pat);
11074 	}
11075 	nla_nest_end(msg, nl_pats);
11076 
11077 	return 0;
11078 }
11079 
11080 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
11081 				   struct cfg80211_wowlan_tcp *tcp)
11082 {
11083 	struct nlattr *nl_tcp;
11084 
11085 	if (!tcp)
11086 		return 0;
11087 
11088 	nl_tcp = nla_nest_start_noflag(msg,
11089 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
11090 	if (!nl_tcp)
11091 		return -ENOBUFS;
11092 
11093 	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
11094 	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
11095 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
11096 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
11097 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
11098 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
11099 		    tcp->payload_len, tcp->payload) ||
11100 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
11101 			tcp->data_interval) ||
11102 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
11103 		    tcp->wake_len, tcp->wake_data) ||
11104 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
11105 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
11106 		return -ENOBUFS;
11107 
11108 	if (tcp->payload_seq.len &&
11109 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
11110 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
11111 		return -ENOBUFS;
11112 
11113 	if (tcp->payload_tok.len &&
11114 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
11115 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
11116 		    &tcp->payload_tok))
11117 		return -ENOBUFS;
11118 
11119 	nla_nest_end(msg, nl_tcp);
11120 
11121 	return 0;
11122 }
11123 
11124 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
11125 				  struct cfg80211_sched_scan_request *req)
11126 {
11127 	struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
11128 	int i;
11129 
11130 	if (!req)
11131 		return 0;
11132 
11133 	nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
11134 	if (!nd)
11135 		return -ENOBUFS;
11136 
11137 	if (req->n_scan_plans == 1 &&
11138 	    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
11139 			req->scan_plans[0].interval * 1000))
11140 		return -ENOBUFS;
11141 
11142 	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
11143 		return -ENOBUFS;
11144 
11145 	if (req->relative_rssi_set) {
11146 		struct nl80211_bss_select_rssi_adjust rssi_adjust;
11147 
11148 		if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
11149 			       req->relative_rssi))
11150 			return -ENOBUFS;
11151 
11152 		rssi_adjust.band = req->rssi_adjust.band;
11153 		rssi_adjust.delta = req->rssi_adjust.delta;
11154 		if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
11155 			    sizeof(rssi_adjust), &rssi_adjust))
11156 			return -ENOBUFS;
11157 	}
11158 
11159 	freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11160 	if (!freqs)
11161 		return -ENOBUFS;
11162 
11163 	for (i = 0; i < req->n_channels; i++) {
11164 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11165 			return -ENOBUFS;
11166 	}
11167 
11168 	nla_nest_end(msg, freqs);
11169 
11170 	if (req->n_match_sets) {
11171 		matches = nla_nest_start_noflag(msg,
11172 						NL80211_ATTR_SCHED_SCAN_MATCH);
11173 		if (!matches)
11174 			return -ENOBUFS;
11175 
11176 		for (i = 0; i < req->n_match_sets; i++) {
11177 			match = nla_nest_start_noflag(msg, i);
11178 			if (!match)
11179 				return -ENOBUFS;
11180 
11181 			if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
11182 				    req->match_sets[i].ssid.ssid_len,
11183 				    req->match_sets[i].ssid.ssid))
11184 				return -ENOBUFS;
11185 			nla_nest_end(msg, match);
11186 		}
11187 		nla_nest_end(msg, matches);
11188 	}
11189 
11190 	scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
11191 	if (!scan_plans)
11192 		return -ENOBUFS;
11193 
11194 	for (i = 0; i < req->n_scan_plans; i++) {
11195 		scan_plan = nla_nest_start_noflag(msg, i + 1);
11196 		if (!scan_plan)
11197 			return -ENOBUFS;
11198 
11199 		if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
11200 				req->scan_plans[i].interval) ||
11201 		    (req->scan_plans[i].iterations &&
11202 		     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
11203 				 req->scan_plans[i].iterations)))
11204 			return -ENOBUFS;
11205 		nla_nest_end(msg, scan_plan);
11206 	}
11207 	nla_nest_end(msg, scan_plans);
11208 
11209 	nla_nest_end(msg, nd);
11210 
11211 	return 0;
11212 }
11213 
11214 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
11215 {
11216 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11217 	struct sk_buff *msg;
11218 	void *hdr;
11219 	u32 size = NLMSG_DEFAULT_SIZE;
11220 
11221 	if (!rdev->wiphy.wowlan)
11222 		return -EOPNOTSUPP;
11223 
11224 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
11225 		/* adjust size to have room for all the data */
11226 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
11227 			rdev->wiphy.wowlan_config->tcp->payload_len +
11228 			rdev->wiphy.wowlan_config->tcp->wake_len +
11229 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
11230 	}
11231 
11232 	msg = nlmsg_new(size, GFP_KERNEL);
11233 	if (!msg)
11234 		return -ENOMEM;
11235 
11236 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11237 			     NL80211_CMD_GET_WOWLAN);
11238 	if (!hdr)
11239 		goto nla_put_failure;
11240 
11241 	if (rdev->wiphy.wowlan_config) {
11242 		struct nlattr *nl_wowlan;
11243 
11244 		nl_wowlan = nla_nest_start_noflag(msg,
11245 						  NL80211_ATTR_WOWLAN_TRIGGERS);
11246 		if (!nl_wowlan)
11247 			goto nla_put_failure;
11248 
11249 		if ((rdev->wiphy.wowlan_config->any &&
11250 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
11251 		    (rdev->wiphy.wowlan_config->disconnect &&
11252 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
11253 		    (rdev->wiphy.wowlan_config->magic_pkt &&
11254 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
11255 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
11256 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
11257 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
11258 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
11259 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
11260 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
11261 		    (rdev->wiphy.wowlan_config->rfkill_release &&
11262 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
11263 			goto nla_put_failure;
11264 
11265 		if (nl80211_send_wowlan_patterns(msg, rdev))
11266 			goto nla_put_failure;
11267 
11268 		if (nl80211_send_wowlan_tcp(msg,
11269 					    rdev->wiphy.wowlan_config->tcp))
11270 			goto nla_put_failure;
11271 
11272 		if (nl80211_send_wowlan_nd(
11273 			    msg,
11274 			    rdev->wiphy.wowlan_config->nd_config))
11275 			goto nla_put_failure;
11276 
11277 		nla_nest_end(msg, nl_wowlan);
11278 	}
11279 
11280 	genlmsg_end(msg, hdr);
11281 	return genlmsg_reply(msg, info);
11282 
11283 nla_put_failure:
11284 	nlmsg_free(msg);
11285 	return -ENOBUFS;
11286 }
11287 
11288 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
11289 				    struct nlattr *attr,
11290 				    struct cfg80211_wowlan *trig)
11291 {
11292 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
11293 	struct cfg80211_wowlan_tcp *cfg;
11294 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
11295 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
11296 	u32 size;
11297 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
11298 	int err, port;
11299 
11300 	if (!rdev->wiphy.wowlan->tcp)
11301 		return -EINVAL;
11302 
11303 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
11304 					  nl80211_wowlan_tcp_policy, NULL);
11305 	if (err)
11306 		return err;
11307 
11308 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
11309 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
11310 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
11311 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
11312 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
11313 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
11314 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
11315 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
11316 		return -EINVAL;
11317 
11318 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
11319 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
11320 		return -EINVAL;
11321 
11322 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
11323 			rdev->wiphy.wowlan->tcp->data_interval_max ||
11324 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
11325 		return -EINVAL;
11326 
11327 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
11328 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
11329 		return -EINVAL;
11330 
11331 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
11332 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
11333 		return -EINVAL;
11334 
11335 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
11336 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11337 
11338 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11339 		tokens_size = tokln - sizeof(*tok);
11340 
11341 		if (!tok->len || tokens_size % tok->len)
11342 			return -EINVAL;
11343 		if (!rdev->wiphy.wowlan->tcp->tok)
11344 			return -EINVAL;
11345 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
11346 			return -EINVAL;
11347 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
11348 			return -EINVAL;
11349 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
11350 			return -EINVAL;
11351 		if (tok->offset + tok->len > data_size)
11352 			return -EINVAL;
11353 	}
11354 
11355 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
11356 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
11357 		if (!rdev->wiphy.wowlan->tcp->seq)
11358 			return -EINVAL;
11359 		if (seq->len == 0 || seq->len > 4)
11360 			return -EINVAL;
11361 		if (seq->len + seq->offset > data_size)
11362 			return -EINVAL;
11363 	}
11364 
11365 	size = sizeof(*cfg);
11366 	size += data_size;
11367 	size += wake_size + wake_mask_size;
11368 	size += tokens_size;
11369 
11370 	cfg = kzalloc(size, GFP_KERNEL);
11371 	if (!cfg)
11372 		return -ENOMEM;
11373 	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
11374 	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
11375 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
11376 	       ETH_ALEN);
11377 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
11378 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
11379 	else
11380 		port = 0;
11381 #ifdef CONFIG_INET
11382 	/* allocate a socket and port for it and use it */
11383 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
11384 			    IPPROTO_TCP, &cfg->sock, 1);
11385 	if (err) {
11386 		kfree(cfg);
11387 		return err;
11388 	}
11389 	if (inet_csk_get_port(cfg->sock->sk, port)) {
11390 		sock_release(cfg->sock);
11391 		kfree(cfg);
11392 		return -EADDRINUSE;
11393 	}
11394 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
11395 #else
11396 	if (!port) {
11397 		kfree(cfg);
11398 		return -EINVAL;
11399 	}
11400 	cfg->src_port = port;
11401 #endif
11402 
11403 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
11404 	cfg->payload_len = data_size;
11405 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
11406 	memcpy((void *)cfg->payload,
11407 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
11408 	       data_size);
11409 	if (seq)
11410 		cfg->payload_seq = *seq;
11411 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
11412 	cfg->wake_len = wake_size;
11413 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
11414 	memcpy((void *)cfg->wake_data,
11415 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
11416 	       wake_size);
11417 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
11418 			 data_size + wake_size;
11419 	memcpy((void *)cfg->wake_mask,
11420 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
11421 	       wake_mask_size);
11422 	if (tok) {
11423 		cfg->tokens_size = tokens_size;
11424 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
11425 	}
11426 
11427 	trig->tcp = cfg;
11428 
11429 	return 0;
11430 }
11431 
11432 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
11433 				   const struct wiphy_wowlan_support *wowlan,
11434 				   struct nlattr *attr,
11435 				   struct cfg80211_wowlan *trig)
11436 {
11437 	struct nlattr **tb;
11438 	int err;
11439 
11440 	tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
11441 	if (!tb)
11442 		return -ENOMEM;
11443 
11444 	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
11445 		err = -EOPNOTSUPP;
11446 		goto out;
11447 	}
11448 
11449 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
11450 					  nl80211_policy, NULL);
11451 	if (err)
11452 		goto out;
11453 
11454 	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
11455 						   wowlan->max_nd_match_sets);
11456 	err = PTR_ERR_OR_ZERO(trig->nd_config);
11457 	if (err)
11458 		trig->nd_config = NULL;
11459 
11460 out:
11461 	kfree(tb);
11462 	return err;
11463 }
11464 
11465 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
11466 {
11467 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11468 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
11469 	struct cfg80211_wowlan new_triggers = {};
11470 	struct cfg80211_wowlan *ntrig;
11471 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
11472 	int err, i;
11473 	bool prev_enabled = rdev->wiphy.wowlan_config;
11474 	bool regular = false;
11475 
11476 	if (!wowlan)
11477 		return -EOPNOTSUPP;
11478 
11479 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
11480 		cfg80211_rdev_free_wowlan(rdev);
11481 		rdev->wiphy.wowlan_config = NULL;
11482 		goto set_wakeup;
11483 	}
11484 
11485 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
11486 					  info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
11487 					  nl80211_wowlan_policy, info->extack);
11488 	if (err)
11489 		return err;
11490 
11491 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
11492 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
11493 			return -EINVAL;
11494 		new_triggers.any = true;
11495 	}
11496 
11497 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
11498 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
11499 			return -EINVAL;
11500 		new_triggers.disconnect = true;
11501 		regular = true;
11502 	}
11503 
11504 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
11505 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
11506 			return -EINVAL;
11507 		new_triggers.magic_pkt = true;
11508 		regular = true;
11509 	}
11510 
11511 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
11512 		return -EINVAL;
11513 
11514 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
11515 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
11516 			return -EINVAL;
11517 		new_triggers.gtk_rekey_failure = true;
11518 		regular = true;
11519 	}
11520 
11521 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
11522 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
11523 			return -EINVAL;
11524 		new_triggers.eap_identity_req = true;
11525 		regular = true;
11526 	}
11527 
11528 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
11529 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
11530 			return -EINVAL;
11531 		new_triggers.four_way_handshake = true;
11532 		regular = true;
11533 	}
11534 
11535 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
11536 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
11537 			return -EINVAL;
11538 		new_triggers.rfkill_release = true;
11539 		regular = true;
11540 	}
11541 
11542 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
11543 		struct nlattr *pat;
11544 		int n_patterns = 0;
11545 		int rem, pat_len, mask_len, pkt_offset;
11546 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11547 
11548 		regular = true;
11549 
11550 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11551 				    rem)
11552 			n_patterns++;
11553 		if (n_patterns > wowlan->n_patterns)
11554 			return -EINVAL;
11555 
11556 		new_triggers.patterns = kcalloc(n_patterns,
11557 						sizeof(new_triggers.patterns[0]),
11558 						GFP_KERNEL);
11559 		if (!new_triggers.patterns)
11560 			return -ENOMEM;
11561 
11562 		new_triggers.n_patterns = n_patterns;
11563 		i = 0;
11564 
11565 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11566 				    rem) {
11567 			u8 *mask_pat;
11568 
11569 			err = nla_parse_nested_deprecated(pat_tb,
11570 							  MAX_NL80211_PKTPAT,
11571 							  pat,
11572 							  nl80211_packet_pattern_policy,
11573 							  info->extack);
11574 			if (err)
11575 				goto error;
11576 
11577 			err = -EINVAL;
11578 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
11579 			    !pat_tb[NL80211_PKTPAT_PATTERN])
11580 				goto error;
11581 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11582 			mask_len = DIV_ROUND_UP(pat_len, 8);
11583 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11584 				goto error;
11585 			if (pat_len > wowlan->pattern_max_len ||
11586 			    pat_len < wowlan->pattern_min_len)
11587 				goto error;
11588 
11589 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
11590 				pkt_offset = 0;
11591 			else
11592 				pkt_offset = nla_get_u32(
11593 					pat_tb[NL80211_PKTPAT_OFFSET]);
11594 			if (pkt_offset > wowlan->max_pkt_offset)
11595 				goto error;
11596 			new_triggers.patterns[i].pkt_offset = pkt_offset;
11597 
11598 			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11599 			if (!mask_pat) {
11600 				err = -ENOMEM;
11601 				goto error;
11602 			}
11603 			new_triggers.patterns[i].mask = mask_pat;
11604 			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11605 			       mask_len);
11606 			mask_pat += mask_len;
11607 			new_triggers.patterns[i].pattern = mask_pat;
11608 			new_triggers.patterns[i].pattern_len = pat_len;
11609 			memcpy(mask_pat,
11610 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11611 			       pat_len);
11612 			i++;
11613 		}
11614 	}
11615 
11616 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
11617 		regular = true;
11618 		err = nl80211_parse_wowlan_tcp(
11619 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
11620 			&new_triggers);
11621 		if (err)
11622 			goto error;
11623 	}
11624 
11625 	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
11626 		regular = true;
11627 		err = nl80211_parse_wowlan_nd(
11628 			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
11629 			&new_triggers);
11630 		if (err)
11631 			goto error;
11632 	}
11633 
11634 	/* The 'any' trigger means the device continues operating more or less
11635 	 * as in its normal operation mode and wakes up the host on most of the
11636 	 * normal interrupts (like packet RX, ...)
11637 	 * It therefore makes little sense to combine with the more constrained
11638 	 * wakeup trigger modes.
11639 	 */
11640 	if (new_triggers.any && regular) {
11641 		err = -EINVAL;
11642 		goto error;
11643 	}
11644 
11645 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
11646 	if (!ntrig) {
11647 		err = -ENOMEM;
11648 		goto error;
11649 	}
11650 	cfg80211_rdev_free_wowlan(rdev);
11651 	rdev->wiphy.wowlan_config = ntrig;
11652 
11653  set_wakeup:
11654 	if (rdev->ops->set_wakeup &&
11655 	    prev_enabled != !!rdev->wiphy.wowlan_config)
11656 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
11657 
11658 	return 0;
11659  error:
11660 	for (i = 0; i < new_triggers.n_patterns; i++)
11661 		kfree(new_triggers.patterns[i].mask);
11662 	kfree(new_triggers.patterns);
11663 	if (new_triggers.tcp && new_triggers.tcp->sock)
11664 		sock_release(new_triggers.tcp->sock);
11665 	kfree(new_triggers.tcp);
11666 	kfree(new_triggers.nd_config);
11667 	return err;
11668 }
11669 #endif
11670 
11671 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
11672 				       struct cfg80211_registered_device *rdev)
11673 {
11674 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
11675 	int i, j, pat_len;
11676 	struct cfg80211_coalesce_rules *rule;
11677 
11678 	if (!rdev->coalesce->n_rules)
11679 		return 0;
11680 
11681 	nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
11682 	if (!nl_rules)
11683 		return -ENOBUFS;
11684 
11685 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
11686 		nl_rule = nla_nest_start_noflag(msg, i + 1);
11687 		if (!nl_rule)
11688 			return -ENOBUFS;
11689 
11690 		rule = &rdev->coalesce->rules[i];
11691 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
11692 				rule->delay))
11693 			return -ENOBUFS;
11694 
11695 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
11696 				rule->condition))
11697 			return -ENOBUFS;
11698 
11699 		nl_pats = nla_nest_start_noflag(msg,
11700 						NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
11701 		if (!nl_pats)
11702 			return -ENOBUFS;
11703 
11704 		for (j = 0; j < rule->n_patterns; j++) {
11705 			nl_pat = nla_nest_start_noflag(msg, j + 1);
11706 			if (!nl_pat)
11707 				return -ENOBUFS;
11708 			pat_len = rule->patterns[j].pattern_len;
11709 			if (nla_put(msg, NL80211_PKTPAT_MASK,
11710 				    DIV_ROUND_UP(pat_len, 8),
11711 				    rule->patterns[j].mask) ||
11712 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11713 				    rule->patterns[j].pattern) ||
11714 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11715 					rule->patterns[j].pkt_offset))
11716 				return -ENOBUFS;
11717 			nla_nest_end(msg, nl_pat);
11718 		}
11719 		nla_nest_end(msg, nl_pats);
11720 		nla_nest_end(msg, nl_rule);
11721 	}
11722 	nla_nest_end(msg, nl_rules);
11723 
11724 	return 0;
11725 }
11726 
11727 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
11728 {
11729 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11730 	struct sk_buff *msg;
11731 	void *hdr;
11732 
11733 	if (!rdev->wiphy.coalesce)
11734 		return -EOPNOTSUPP;
11735 
11736 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11737 	if (!msg)
11738 		return -ENOMEM;
11739 
11740 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11741 			     NL80211_CMD_GET_COALESCE);
11742 	if (!hdr)
11743 		goto nla_put_failure;
11744 
11745 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
11746 		goto nla_put_failure;
11747 
11748 	genlmsg_end(msg, hdr);
11749 	return genlmsg_reply(msg, info);
11750 
11751 nla_put_failure:
11752 	nlmsg_free(msg);
11753 	return -ENOBUFS;
11754 }
11755 
11756 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
11757 {
11758 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
11759 	int i, j;
11760 	struct cfg80211_coalesce_rules *rule;
11761 
11762 	if (!coalesce)
11763 		return;
11764 
11765 	for (i = 0; i < coalesce->n_rules; i++) {
11766 		rule = &coalesce->rules[i];
11767 		for (j = 0; j < rule->n_patterns; j++)
11768 			kfree(rule->patterns[j].mask);
11769 		kfree(rule->patterns);
11770 	}
11771 	kfree(coalesce->rules);
11772 	kfree(coalesce);
11773 	rdev->coalesce = NULL;
11774 }
11775 
11776 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
11777 				       struct nlattr *rule,
11778 				       struct cfg80211_coalesce_rules *new_rule)
11779 {
11780 	int err, i;
11781 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11782 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
11783 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
11784 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11785 
11786 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
11787 					  rule, nl80211_coalesce_policy, NULL);
11788 	if (err)
11789 		return err;
11790 
11791 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
11792 		new_rule->delay =
11793 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
11794 	if (new_rule->delay > coalesce->max_delay)
11795 		return -EINVAL;
11796 
11797 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
11798 		new_rule->condition =
11799 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
11800 
11801 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
11802 		return -EINVAL;
11803 
11804 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11805 			    rem)
11806 		n_patterns++;
11807 	if (n_patterns > coalesce->n_patterns)
11808 		return -EINVAL;
11809 
11810 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
11811 				     GFP_KERNEL);
11812 	if (!new_rule->patterns)
11813 		return -ENOMEM;
11814 
11815 	new_rule->n_patterns = n_patterns;
11816 	i = 0;
11817 
11818 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11819 			    rem) {
11820 		u8 *mask_pat;
11821 
11822 		err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
11823 						  pat,
11824 						  nl80211_packet_pattern_policy,
11825 						  NULL);
11826 		if (err)
11827 			return err;
11828 
11829 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
11830 		    !pat_tb[NL80211_PKTPAT_PATTERN])
11831 			return -EINVAL;
11832 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11833 		mask_len = DIV_ROUND_UP(pat_len, 8);
11834 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11835 			return -EINVAL;
11836 		if (pat_len > coalesce->pattern_max_len ||
11837 		    pat_len < coalesce->pattern_min_len)
11838 			return -EINVAL;
11839 
11840 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
11841 			pkt_offset = 0;
11842 		else
11843 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
11844 		if (pkt_offset > coalesce->max_pkt_offset)
11845 			return -EINVAL;
11846 		new_rule->patterns[i].pkt_offset = pkt_offset;
11847 
11848 		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11849 		if (!mask_pat)
11850 			return -ENOMEM;
11851 
11852 		new_rule->patterns[i].mask = mask_pat;
11853 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11854 		       mask_len);
11855 
11856 		mask_pat += mask_len;
11857 		new_rule->patterns[i].pattern = mask_pat;
11858 		new_rule->patterns[i].pattern_len = pat_len;
11859 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11860 		       pat_len);
11861 		i++;
11862 	}
11863 
11864 	return 0;
11865 }
11866 
11867 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
11868 {
11869 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11870 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11871 	struct cfg80211_coalesce new_coalesce = {};
11872 	struct cfg80211_coalesce *n_coalesce;
11873 	int err, rem_rule, n_rules = 0, i, j;
11874 	struct nlattr *rule;
11875 	struct cfg80211_coalesce_rules *tmp_rule;
11876 
11877 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
11878 		return -EOPNOTSUPP;
11879 
11880 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
11881 		cfg80211_rdev_free_coalesce(rdev);
11882 		rdev_set_coalesce(rdev, NULL);
11883 		return 0;
11884 	}
11885 
11886 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11887 			    rem_rule)
11888 		n_rules++;
11889 	if (n_rules > coalesce->n_rules)
11890 		return -EINVAL;
11891 
11892 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
11893 				     GFP_KERNEL);
11894 	if (!new_coalesce.rules)
11895 		return -ENOMEM;
11896 
11897 	new_coalesce.n_rules = n_rules;
11898 	i = 0;
11899 
11900 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11901 			    rem_rule) {
11902 		err = nl80211_parse_coalesce_rule(rdev, rule,
11903 						  &new_coalesce.rules[i]);
11904 		if (err)
11905 			goto error;
11906 
11907 		i++;
11908 	}
11909 
11910 	err = rdev_set_coalesce(rdev, &new_coalesce);
11911 	if (err)
11912 		goto error;
11913 
11914 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
11915 	if (!n_coalesce) {
11916 		err = -ENOMEM;
11917 		goto error;
11918 	}
11919 	cfg80211_rdev_free_coalesce(rdev);
11920 	rdev->coalesce = n_coalesce;
11921 
11922 	return 0;
11923 error:
11924 	for (i = 0; i < new_coalesce.n_rules; i++) {
11925 		tmp_rule = &new_coalesce.rules[i];
11926 		for (j = 0; j < tmp_rule->n_patterns; j++)
11927 			kfree(tmp_rule->patterns[j].mask);
11928 		kfree(tmp_rule->patterns);
11929 	}
11930 	kfree(new_coalesce.rules);
11931 
11932 	return err;
11933 }
11934 
11935 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
11936 {
11937 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11938 	struct net_device *dev = info->user_ptr[1];
11939 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11940 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
11941 	struct cfg80211_gtk_rekey_data rekey_data;
11942 	int err;
11943 
11944 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
11945 		return -EINVAL;
11946 
11947 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
11948 					  info->attrs[NL80211_ATTR_REKEY_DATA],
11949 					  nl80211_rekey_policy, info->extack);
11950 	if (err)
11951 		return err;
11952 
11953 	if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
11954 	    !tb[NL80211_REKEY_DATA_KCK])
11955 		return -EINVAL;
11956 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
11957 		return -ERANGE;
11958 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
11959 		return -ERANGE;
11960 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
11961 		return -ERANGE;
11962 
11963 	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
11964 	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
11965 	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
11966 
11967 	wdev_lock(wdev);
11968 	if (!wdev->current_bss) {
11969 		err = -ENOTCONN;
11970 		goto out;
11971 	}
11972 
11973 	if (!rdev->ops->set_rekey_data) {
11974 		err = -EOPNOTSUPP;
11975 		goto out;
11976 	}
11977 
11978 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
11979  out:
11980 	wdev_unlock(wdev);
11981 	return err;
11982 }
11983 
11984 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
11985 					     struct genl_info *info)
11986 {
11987 	struct net_device *dev = info->user_ptr[1];
11988 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11989 
11990 	if (wdev->iftype != NL80211_IFTYPE_AP &&
11991 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
11992 		return -EINVAL;
11993 
11994 	if (wdev->ap_unexpected_nlportid)
11995 		return -EBUSY;
11996 
11997 	wdev->ap_unexpected_nlportid = info->snd_portid;
11998 	return 0;
11999 }
12000 
12001 static int nl80211_probe_client(struct sk_buff *skb,
12002 				struct genl_info *info)
12003 {
12004 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12005 	struct net_device *dev = info->user_ptr[1];
12006 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12007 	struct sk_buff *msg;
12008 	void *hdr;
12009 	const u8 *addr;
12010 	u64 cookie;
12011 	int err;
12012 
12013 	if (wdev->iftype != NL80211_IFTYPE_AP &&
12014 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
12015 		return -EOPNOTSUPP;
12016 
12017 	if (!info->attrs[NL80211_ATTR_MAC])
12018 		return -EINVAL;
12019 
12020 	if (!rdev->ops->probe_client)
12021 		return -EOPNOTSUPP;
12022 
12023 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12024 	if (!msg)
12025 		return -ENOMEM;
12026 
12027 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12028 			     NL80211_CMD_PROBE_CLIENT);
12029 	if (!hdr) {
12030 		err = -ENOBUFS;
12031 		goto free_msg;
12032 	}
12033 
12034 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12035 
12036 	err = rdev_probe_client(rdev, dev, addr, &cookie);
12037 	if (err)
12038 		goto free_msg;
12039 
12040 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12041 			      NL80211_ATTR_PAD))
12042 		goto nla_put_failure;
12043 
12044 	genlmsg_end(msg, hdr);
12045 
12046 	return genlmsg_reply(msg, info);
12047 
12048  nla_put_failure:
12049 	err = -ENOBUFS;
12050  free_msg:
12051 	nlmsg_free(msg);
12052 	return err;
12053 }
12054 
12055 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
12056 {
12057 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12058 	struct cfg80211_beacon_registration *reg, *nreg;
12059 	int rv;
12060 
12061 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
12062 		return -EOPNOTSUPP;
12063 
12064 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
12065 	if (!nreg)
12066 		return -ENOMEM;
12067 
12068 	/* First, check if already registered. */
12069 	spin_lock_bh(&rdev->beacon_registrations_lock);
12070 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
12071 		if (reg->nlportid == info->snd_portid) {
12072 			rv = -EALREADY;
12073 			goto out_err;
12074 		}
12075 	}
12076 	/* Add it to the list */
12077 	nreg->nlportid = info->snd_portid;
12078 	list_add(&nreg->list, &rdev->beacon_registrations);
12079 
12080 	spin_unlock_bh(&rdev->beacon_registrations_lock);
12081 
12082 	return 0;
12083 out_err:
12084 	spin_unlock_bh(&rdev->beacon_registrations_lock);
12085 	kfree(nreg);
12086 	return rv;
12087 }
12088 
12089 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
12090 {
12091 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12092 	struct wireless_dev *wdev = info->user_ptr[1];
12093 	int err;
12094 
12095 	if (!rdev->ops->start_p2p_device)
12096 		return -EOPNOTSUPP;
12097 
12098 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12099 		return -EOPNOTSUPP;
12100 
12101 	if (wdev_running(wdev))
12102 		return 0;
12103 
12104 	if (rfkill_blocked(rdev->rfkill))
12105 		return -ERFKILL;
12106 
12107 	err = rdev_start_p2p_device(rdev, wdev);
12108 	if (err)
12109 		return err;
12110 
12111 	wdev->is_running = true;
12112 	rdev->opencount++;
12113 
12114 	return 0;
12115 }
12116 
12117 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
12118 {
12119 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12120 	struct wireless_dev *wdev = info->user_ptr[1];
12121 
12122 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12123 		return -EOPNOTSUPP;
12124 
12125 	if (!rdev->ops->stop_p2p_device)
12126 		return -EOPNOTSUPP;
12127 
12128 	cfg80211_stop_p2p_device(rdev, wdev);
12129 
12130 	return 0;
12131 }
12132 
12133 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
12134 {
12135 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12136 	struct wireless_dev *wdev = info->user_ptr[1];
12137 	struct cfg80211_nan_conf conf = {};
12138 	int err;
12139 
12140 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12141 		return -EOPNOTSUPP;
12142 
12143 	if (wdev_running(wdev))
12144 		return -EEXIST;
12145 
12146 	if (rfkill_blocked(rdev->rfkill))
12147 		return -ERFKILL;
12148 
12149 	if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
12150 		return -EINVAL;
12151 
12152 	conf.master_pref =
12153 		nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12154 
12155 	if (info->attrs[NL80211_ATTR_BANDS]) {
12156 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12157 
12158 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12159 			return -EOPNOTSUPP;
12160 
12161 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12162 			return -EINVAL;
12163 
12164 		conf.bands = bands;
12165 	}
12166 
12167 	err = rdev_start_nan(rdev, wdev, &conf);
12168 	if (err)
12169 		return err;
12170 
12171 	wdev->is_running = true;
12172 	rdev->opencount++;
12173 
12174 	return 0;
12175 }
12176 
12177 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
12178 {
12179 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12180 	struct wireless_dev *wdev = info->user_ptr[1];
12181 
12182 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12183 		return -EOPNOTSUPP;
12184 
12185 	cfg80211_stop_nan(rdev, wdev);
12186 
12187 	return 0;
12188 }
12189 
12190 static int validate_nan_filter(struct nlattr *filter_attr)
12191 {
12192 	struct nlattr *attr;
12193 	int len = 0, n_entries = 0, rem;
12194 
12195 	nla_for_each_nested(attr, filter_attr, rem) {
12196 		len += nla_len(attr);
12197 		n_entries++;
12198 	}
12199 
12200 	if (len >= U8_MAX)
12201 		return -EINVAL;
12202 
12203 	return n_entries;
12204 }
12205 
12206 static int handle_nan_filter(struct nlattr *attr_filter,
12207 			     struct cfg80211_nan_func *func,
12208 			     bool tx)
12209 {
12210 	struct nlattr *attr;
12211 	int n_entries, rem, i;
12212 	struct cfg80211_nan_func_filter *filter;
12213 
12214 	n_entries = validate_nan_filter(attr_filter);
12215 	if (n_entries < 0)
12216 		return n_entries;
12217 
12218 	BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
12219 
12220 	filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
12221 	if (!filter)
12222 		return -ENOMEM;
12223 
12224 	i = 0;
12225 	nla_for_each_nested(attr, attr_filter, rem) {
12226 		filter[i].filter = nla_memdup(attr, GFP_KERNEL);
12227 		filter[i].len = nla_len(attr);
12228 		i++;
12229 	}
12230 	if (tx) {
12231 		func->num_tx_filters = n_entries;
12232 		func->tx_filters = filter;
12233 	} else {
12234 		func->num_rx_filters = n_entries;
12235 		func->rx_filters = filter;
12236 	}
12237 
12238 	return 0;
12239 }
12240 
12241 static int nl80211_nan_add_func(struct sk_buff *skb,
12242 				struct genl_info *info)
12243 {
12244 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12245 	struct wireless_dev *wdev = info->user_ptr[1];
12246 	struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
12247 	struct cfg80211_nan_func *func;
12248 	struct sk_buff *msg = NULL;
12249 	void *hdr = NULL;
12250 	int err = 0;
12251 
12252 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12253 		return -EOPNOTSUPP;
12254 
12255 	if (!wdev_running(wdev))
12256 		return -ENOTCONN;
12257 
12258 	if (!info->attrs[NL80211_ATTR_NAN_FUNC])
12259 		return -EINVAL;
12260 
12261 	err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
12262 					  info->attrs[NL80211_ATTR_NAN_FUNC],
12263 					  nl80211_nan_func_policy,
12264 					  info->extack);
12265 	if (err)
12266 		return err;
12267 
12268 	func = kzalloc(sizeof(*func), GFP_KERNEL);
12269 	if (!func)
12270 		return -ENOMEM;
12271 
12272 	func->cookie = cfg80211_assign_cookie(rdev);
12273 
12274 	if (!tb[NL80211_NAN_FUNC_TYPE] ||
12275 	    nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
12276 		err = -EINVAL;
12277 		goto out;
12278 	}
12279 
12280 
12281 	func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
12282 
12283 	if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
12284 		err = -EINVAL;
12285 		goto out;
12286 	}
12287 
12288 	memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
12289 	       sizeof(func->service_id));
12290 
12291 	func->close_range =
12292 		nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
12293 
12294 	if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
12295 		func->serv_spec_info_len =
12296 			nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
12297 		func->serv_spec_info =
12298 			kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
12299 				func->serv_spec_info_len,
12300 				GFP_KERNEL);
12301 		if (!func->serv_spec_info) {
12302 			err = -ENOMEM;
12303 			goto out;
12304 		}
12305 	}
12306 
12307 	if (tb[NL80211_NAN_FUNC_TTL])
12308 		func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
12309 
12310 	switch (func->type) {
12311 	case NL80211_NAN_FUNC_PUBLISH:
12312 		if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
12313 			err = -EINVAL;
12314 			goto out;
12315 		}
12316 
12317 		func->publish_type =
12318 			nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
12319 		func->publish_bcast =
12320 			nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
12321 
12322 		if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
12323 			func->publish_bcast) {
12324 			err = -EINVAL;
12325 			goto out;
12326 		}
12327 		break;
12328 	case NL80211_NAN_FUNC_SUBSCRIBE:
12329 		func->subscribe_active =
12330 			nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
12331 		break;
12332 	case NL80211_NAN_FUNC_FOLLOW_UP:
12333 		if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
12334 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
12335 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
12336 			err = -EINVAL;
12337 			goto out;
12338 		}
12339 
12340 		func->followup_id =
12341 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
12342 		func->followup_reqid =
12343 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
12344 		memcpy(func->followup_dest.addr,
12345 		       nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
12346 		       sizeof(func->followup_dest.addr));
12347 		if (func->ttl) {
12348 			err = -EINVAL;
12349 			goto out;
12350 		}
12351 		break;
12352 	default:
12353 		err = -EINVAL;
12354 		goto out;
12355 	}
12356 
12357 	if (tb[NL80211_NAN_FUNC_SRF]) {
12358 		struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
12359 
12360 		err = nla_parse_nested_deprecated(srf_tb,
12361 						  NL80211_NAN_SRF_ATTR_MAX,
12362 						  tb[NL80211_NAN_FUNC_SRF],
12363 						  nl80211_nan_srf_policy,
12364 						  info->extack);
12365 		if (err)
12366 			goto out;
12367 
12368 		func->srf_include =
12369 			nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
12370 
12371 		if (srf_tb[NL80211_NAN_SRF_BF]) {
12372 			if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
12373 			    !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
12374 				err = -EINVAL;
12375 				goto out;
12376 			}
12377 
12378 			func->srf_bf_len =
12379 				nla_len(srf_tb[NL80211_NAN_SRF_BF]);
12380 			func->srf_bf =
12381 				kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
12382 					func->srf_bf_len, GFP_KERNEL);
12383 			if (!func->srf_bf) {
12384 				err = -ENOMEM;
12385 				goto out;
12386 			}
12387 
12388 			func->srf_bf_idx =
12389 				nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
12390 		} else {
12391 			struct nlattr *attr, *mac_attr =
12392 				srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
12393 			int n_entries, rem, i = 0;
12394 
12395 			if (!mac_attr) {
12396 				err = -EINVAL;
12397 				goto out;
12398 			}
12399 
12400 			n_entries = validate_acl_mac_addrs(mac_attr);
12401 			if (n_entries <= 0) {
12402 				err = -EINVAL;
12403 				goto out;
12404 			}
12405 
12406 			func->srf_num_macs = n_entries;
12407 			func->srf_macs =
12408 				kcalloc(n_entries, sizeof(*func->srf_macs),
12409 					GFP_KERNEL);
12410 			if (!func->srf_macs) {
12411 				err = -ENOMEM;
12412 				goto out;
12413 			}
12414 
12415 			nla_for_each_nested(attr, mac_attr, rem)
12416 				memcpy(func->srf_macs[i++].addr, nla_data(attr),
12417 				       sizeof(*func->srf_macs));
12418 		}
12419 	}
12420 
12421 	if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
12422 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
12423 					func, true);
12424 		if (err)
12425 			goto out;
12426 	}
12427 
12428 	if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
12429 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
12430 					func, false);
12431 		if (err)
12432 			goto out;
12433 	}
12434 
12435 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12436 	if (!msg) {
12437 		err = -ENOMEM;
12438 		goto out;
12439 	}
12440 
12441 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12442 			     NL80211_CMD_ADD_NAN_FUNCTION);
12443 	/* This can't really happen - we just allocated 4KB */
12444 	if (WARN_ON(!hdr)) {
12445 		err = -ENOMEM;
12446 		goto out;
12447 	}
12448 
12449 	err = rdev_add_nan_func(rdev, wdev, func);
12450 out:
12451 	if (err < 0) {
12452 		cfg80211_free_nan_func(func);
12453 		nlmsg_free(msg);
12454 		return err;
12455 	}
12456 
12457 	/* propagate the instance id and cookie to userspace  */
12458 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
12459 			      NL80211_ATTR_PAD))
12460 		goto nla_put_failure;
12461 
12462 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12463 	if (!func_attr)
12464 		goto nla_put_failure;
12465 
12466 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
12467 		       func->instance_id))
12468 		goto nla_put_failure;
12469 
12470 	nla_nest_end(msg, func_attr);
12471 
12472 	genlmsg_end(msg, hdr);
12473 	return genlmsg_reply(msg, info);
12474 
12475 nla_put_failure:
12476 	nlmsg_free(msg);
12477 	return -ENOBUFS;
12478 }
12479 
12480 static int nl80211_nan_del_func(struct sk_buff *skb,
12481 			       struct genl_info *info)
12482 {
12483 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12484 	struct wireless_dev *wdev = info->user_ptr[1];
12485 	u64 cookie;
12486 
12487 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12488 		return -EOPNOTSUPP;
12489 
12490 	if (!wdev_running(wdev))
12491 		return -ENOTCONN;
12492 
12493 	if (!info->attrs[NL80211_ATTR_COOKIE])
12494 		return -EINVAL;
12495 
12496 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12497 
12498 	rdev_del_nan_func(rdev, wdev, cookie);
12499 
12500 	return 0;
12501 }
12502 
12503 static int nl80211_nan_change_config(struct sk_buff *skb,
12504 				     struct genl_info *info)
12505 {
12506 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12507 	struct wireless_dev *wdev = info->user_ptr[1];
12508 	struct cfg80211_nan_conf conf = {};
12509 	u32 changed = 0;
12510 
12511 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12512 		return -EOPNOTSUPP;
12513 
12514 	if (!wdev_running(wdev))
12515 		return -ENOTCONN;
12516 
12517 	if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
12518 		conf.master_pref =
12519 			nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12520 		if (conf.master_pref <= 1 || conf.master_pref == 255)
12521 			return -EINVAL;
12522 
12523 		changed |= CFG80211_NAN_CONF_CHANGED_PREF;
12524 	}
12525 
12526 	if (info->attrs[NL80211_ATTR_BANDS]) {
12527 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12528 
12529 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12530 			return -EOPNOTSUPP;
12531 
12532 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12533 			return -EINVAL;
12534 
12535 		conf.bands = bands;
12536 		changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
12537 	}
12538 
12539 	if (!changed)
12540 		return -EINVAL;
12541 
12542 	return rdev_nan_change_conf(rdev, wdev, &conf, changed);
12543 }
12544 
12545 void cfg80211_nan_match(struct wireless_dev *wdev,
12546 			struct cfg80211_nan_match_params *match, gfp_t gfp)
12547 {
12548 	struct wiphy *wiphy = wdev->wiphy;
12549 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12550 	struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
12551 	struct sk_buff *msg;
12552 	void *hdr;
12553 
12554 	if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
12555 		return;
12556 
12557 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12558 	if (!msg)
12559 		return;
12560 
12561 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
12562 	if (!hdr) {
12563 		nlmsg_free(msg);
12564 		return;
12565 	}
12566 
12567 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12568 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12569 					 wdev->netdev->ifindex)) ||
12570 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12571 			      NL80211_ATTR_PAD))
12572 		goto nla_put_failure;
12573 
12574 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
12575 			      NL80211_ATTR_PAD) ||
12576 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
12577 		goto nla_put_failure;
12578 
12579 	match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
12580 	if (!match_attr)
12581 		goto nla_put_failure;
12582 
12583 	local_func_attr = nla_nest_start_noflag(msg,
12584 						NL80211_NAN_MATCH_FUNC_LOCAL);
12585 	if (!local_func_attr)
12586 		goto nla_put_failure;
12587 
12588 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
12589 		goto nla_put_failure;
12590 
12591 	nla_nest_end(msg, local_func_attr);
12592 
12593 	peer_func_attr = nla_nest_start_noflag(msg,
12594 					       NL80211_NAN_MATCH_FUNC_PEER);
12595 	if (!peer_func_attr)
12596 		goto nla_put_failure;
12597 
12598 	if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
12599 	    nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
12600 		goto nla_put_failure;
12601 
12602 	if (match->info && match->info_len &&
12603 	    nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
12604 		    match->info))
12605 		goto nla_put_failure;
12606 
12607 	nla_nest_end(msg, peer_func_attr);
12608 	nla_nest_end(msg, match_attr);
12609 	genlmsg_end(msg, hdr);
12610 
12611 	if (!wdev->owner_nlportid)
12612 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12613 					msg, 0, NL80211_MCGRP_NAN, gfp);
12614 	else
12615 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12616 				wdev->owner_nlportid);
12617 
12618 	return;
12619 
12620 nla_put_failure:
12621 	nlmsg_free(msg);
12622 }
12623 EXPORT_SYMBOL(cfg80211_nan_match);
12624 
12625 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
12626 				  u8 inst_id,
12627 				  enum nl80211_nan_func_term_reason reason,
12628 				  u64 cookie, gfp_t gfp)
12629 {
12630 	struct wiphy *wiphy = wdev->wiphy;
12631 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12632 	struct sk_buff *msg;
12633 	struct nlattr *func_attr;
12634 	void *hdr;
12635 
12636 	if (WARN_ON(!inst_id))
12637 		return;
12638 
12639 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12640 	if (!msg)
12641 		return;
12642 
12643 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
12644 	if (!hdr) {
12645 		nlmsg_free(msg);
12646 		return;
12647 	}
12648 
12649 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12650 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12651 					 wdev->netdev->ifindex)) ||
12652 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12653 			      NL80211_ATTR_PAD))
12654 		goto nla_put_failure;
12655 
12656 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12657 			      NL80211_ATTR_PAD))
12658 		goto nla_put_failure;
12659 
12660 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12661 	if (!func_attr)
12662 		goto nla_put_failure;
12663 
12664 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
12665 	    nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
12666 		goto nla_put_failure;
12667 
12668 	nla_nest_end(msg, func_attr);
12669 	genlmsg_end(msg, hdr);
12670 
12671 	if (!wdev->owner_nlportid)
12672 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12673 					msg, 0, NL80211_MCGRP_NAN, gfp);
12674 	else
12675 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12676 				wdev->owner_nlportid);
12677 
12678 	return;
12679 
12680 nla_put_failure:
12681 	nlmsg_free(msg);
12682 }
12683 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
12684 
12685 static int nl80211_get_protocol_features(struct sk_buff *skb,
12686 					 struct genl_info *info)
12687 {
12688 	void *hdr;
12689 	struct sk_buff *msg;
12690 
12691 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12692 	if (!msg)
12693 		return -ENOMEM;
12694 
12695 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12696 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
12697 	if (!hdr)
12698 		goto nla_put_failure;
12699 
12700 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
12701 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
12702 		goto nla_put_failure;
12703 
12704 	genlmsg_end(msg, hdr);
12705 	return genlmsg_reply(msg, info);
12706 
12707  nla_put_failure:
12708 	kfree_skb(msg);
12709 	return -ENOBUFS;
12710 }
12711 
12712 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
12713 {
12714 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12715 	struct cfg80211_update_ft_ies_params ft_params;
12716 	struct net_device *dev = info->user_ptr[1];
12717 
12718 	if (!rdev->ops->update_ft_ies)
12719 		return -EOPNOTSUPP;
12720 
12721 	if (!info->attrs[NL80211_ATTR_MDID] ||
12722 	    !info->attrs[NL80211_ATTR_IE])
12723 		return -EINVAL;
12724 
12725 	memset(&ft_params, 0, sizeof(ft_params));
12726 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
12727 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12728 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12729 
12730 	return rdev_update_ft_ies(rdev, dev, &ft_params);
12731 }
12732 
12733 static int nl80211_crit_protocol_start(struct sk_buff *skb,
12734 				       struct genl_info *info)
12735 {
12736 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12737 	struct wireless_dev *wdev = info->user_ptr[1];
12738 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
12739 	u16 duration;
12740 	int ret;
12741 
12742 	if (!rdev->ops->crit_proto_start)
12743 		return -EOPNOTSUPP;
12744 
12745 	if (WARN_ON(!rdev->ops->crit_proto_stop))
12746 		return -EINVAL;
12747 
12748 	if (rdev->crit_proto_nlportid)
12749 		return -EBUSY;
12750 
12751 	/* determine protocol if provided */
12752 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
12753 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
12754 
12755 	if (proto >= NUM_NL80211_CRIT_PROTO)
12756 		return -EINVAL;
12757 
12758 	/* timeout must be provided */
12759 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
12760 		return -EINVAL;
12761 
12762 	duration =
12763 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
12764 
12765 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
12766 		return -ERANGE;
12767 
12768 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
12769 	if (!ret)
12770 		rdev->crit_proto_nlportid = info->snd_portid;
12771 
12772 	return ret;
12773 }
12774 
12775 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
12776 				      struct genl_info *info)
12777 {
12778 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12779 	struct wireless_dev *wdev = info->user_ptr[1];
12780 
12781 	if (!rdev->ops->crit_proto_stop)
12782 		return -EOPNOTSUPP;
12783 
12784 	if (rdev->crit_proto_nlportid) {
12785 		rdev->crit_proto_nlportid = 0;
12786 		rdev_crit_proto_stop(rdev, wdev);
12787 	}
12788 	return 0;
12789 }
12790 
12791 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
12792 				       struct nlattr *attr,
12793 				       struct netlink_ext_ack *extack)
12794 {
12795 	if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
12796 		if (attr->nla_type & NLA_F_NESTED) {
12797 			NL_SET_ERR_MSG_ATTR(extack, attr,
12798 					    "unexpected nested data");
12799 			return -EINVAL;
12800 		}
12801 
12802 		return 0;
12803 	}
12804 
12805 	if (!(attr->nla_type & NLA_F_NESTED)) {
12806 		NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
12807 		return -EINVAL;
12808 	}
12809 
12810 	return nl80211_validate_nested(attr, vcmd->maxattr, vcmd->policy,
12811 				       extack);
12812 }
12813 
12814 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
12815 {
12816 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12817 	struct wireless_dev *wdev =
12818 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
12819 	int i, err;
12820 	u32 vid, subcmd;
12821 
12822 	if (!rdev->wiphy.vendor_commands)
12823 		return -EOPNOTSUPP;
12824 
12825 	if (IS_ERR(wdev)) {
12826 		err = PTR_ERR(wdev);
12827 		if (err != -EINVAL)
12828 			return err;
12829 		wdev = NULL;
12830 	} else if (wdev->wiphy != &rdev->wiphy) {
12831 		return -EINVAL;
12832 	}
12833 
12834 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
12835 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
12836 		return -EINVAL;
12837 
12838 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
12839 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
12840 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
12841 		const struct wiphy_vendor_command *vcmd;
12842 		void *data = NULL;
12843 		int len = 0;
12844 
12845 		vcmd = &rdev->wiphy.vendor_commands[i];
12846 
12847 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12848 			continue;
12849 
12850 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12851 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12852 			if (!wdev)
12853 				return -EINVAL;
12854 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12855 			    !wdev->netdev)
12856 				return -EINVAL;
12857 
12858 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12859 				if (!wdev_running(wdev))
12860 					return -ENETDOWN;
12861 			}
12862 
12863 			if (!vcmd->doit)
12864 				return -EOPNOTSUPP;
12865 		} else {
12866 			wdev = NULL;
12867 		}
12868 
12869 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
12870 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12871 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12872 
12873 			err = nl80211_vendor_check_policy(vcmd,
12874 					info->attrs[NL80211_ATTR_VENDOR_DATA],
12875 					info->extack);
12876 			if (err)
12877 				return err;
12878 		}
12879 
12880 		rdev->cur_cmd_info = info;
12881 		err = vcmd->doit(&rdev->wiphy, wdev, data, len);
12882 		rdev->cur_cmd_info = NULL;
12883 		return err;
12884 	}
12885 
12886 	return -EOPNOTSUPP;
12887 }
12888 
12889 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
12890 				       struct netlink_callback *cb,
12891 				       struct cfg80211_registered_device **rdev,
12892 				       struct wireless_dev **wdev)
12893 {
12894 	struct nlattr **attrbuf;
12895 	u32 vid, subcmd;
12896 	unsigned int i;
12897 	int vcmd_idx = -1;
12898 	int err;
12899 	void *data = NULL;
12900 	unsigned int data_len = 0;
12901 
12902 	if (cb->args[0]) {
12903 		/* subtract the 1 again here */
12904 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
12905 		struct wireless_dev *tmp;
12906 
12907 		if (!wiphy)
12908 			return -ENODEV;
12909 		*rdev = wiphy_to_rdev(wiphy);
12910 		*wdev = NULL;
12911 
12912 		if (cb->args[1]) {
12913 			list_for_each_entry(tmp, &wiphy->wdev_list, list) {
12914 				if (tmp->identifier == cb->args[1] - 1) {
12915 					*wdev = tmp;
12916 					break;
12917 				}
12918 			}
12919 		}
12920 
12921 		/* keep rtnl locked in successful case */
12922 		return 0;
12923 	}
12924 
12925 	attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
12926 	if (!attrbuf)
12927 		return -ENOMEM;
12928 
12929 	err = nlmsg_parse_deprecated(cb->nlh,
12930 				     GENL_HDRLEN + nl80211_fam.hdrsize,
12931 				     attrbuf, nl80211_fam.maxattr,
12932 				     nl80211_policy, NULL);
12933 	if (err)
12934 		goto out;
12935 
12936 	if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
12937 	    !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
12938 		err = -EINVAL;
12939 		goto out;
12940 	}
12941 
12942 	*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
12943 	if (IS_ERR(*wdev))
12944 		*wdev = NULL;
12945 
12946 	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
12947 	if (IS_ERR(*rdev)) {
12948 		err = PTR_ERR(*rdev);
12949 		goto out;
12950 	}
12951 
12952 	vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
12953 	subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
12954 
12955 	for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
12956 		const struct wiphy_vendor_command *vcmd;
12957 
12958 		vcmd = &(*rdev)->wiphy.vendor_commands[i];
12959 
12960 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12961 			continue;
12962 
12963 		if (!vcmd->dumpit) {
12964 			err = -EOPNOTSUPP;
12965 			goto out;
12966 		}
12967 
12968 		vcmd_idx = i;
12969 		break;
12970 	}
12971 
12972 	if (vcmd_idx < 0) {
12973 		err = -EOPNOTSUPP;
12974 		goto out;
12975 	}
12976 
12977 	if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
12978 		data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12979 		data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12980 
12981 		err = nl80211_vendor_check_policy(
12982 				&(*rdev)->wiphy.vendor_commands[vcmd_idx],
12983 				attrbuf[NL80211_ATTR_VENDOR_DATA],
12984 				cb->extack);
12985 		if (err)
12986 			goto out;
12987 	}
12988 
12989 	/* 0 is the first index - add 1 to parse only once */
12990 	cb->args[0] = (*rdev)->wiphy_idx + 1;
12991 	/* add 1 to know if it was NULL */
12992 	cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
12993 	cb->args[2] = vcmd_idx;
12994 	cb->args[3] = (unsigned long)data;
12995 	cb->args[4] = data_len;
12996 
12997 	/* keep rtnl locked in successful case */
12998 	err = 0;
12999 out:
13000 	kfree(attrbuf);
13001 	return err;
13002 }
13003 
13004 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
13005 				   struct netlink_callback *cb)
13006 {
13007 	struct cfg80211_registered_device *rdev;
13008 	struct wireless_dev *wdev;
13009 	unsigned int vcmd_idx;
13010 	const struct wiphy_vendor_command *vcmd;
13011 	void *data;
13012 	int data_len;
13013 	int err;
13014 	struct nlattr *vendor_data;
13015 
13016 	rtnl_lock();
13017 	err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
13018 	if (err)
13019 		goto out;
13020 
13021 	vcmd_idx = cb->args[2];
13022 	data = (void *)cb->args[3];
13023 	data_len = cb->args[4];
13024 	vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
13025 
13026 	if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13027 			   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13028 		if (!wdev) {
13029 			err = -EINVAL;
13030 			goto out;
13031 		}
13032 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13033 		    !wdev->netdev) {
13034 			err = -EINVAL;
13035 			goto out;
13036 		}
13037 
13038 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13039 			if (!wdev_running(wdev)) {
13040 				err = -ENETDOWN;
13041 				goto out;
13042 			}
13043 		}
13044 	}
13045 
13046 	while (1) {
13047 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13048 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
13049 					   NL80211_CMD_VENDOR);
13050 		if (!hdr)
13051 			break;
13052 
13053 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13054 		    (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
13055 					       wdev_id(wdev),
13056 					       NL80211_ATTR_PAD))) {
13057 			genlmsg_cancel(skb, hdr);
13058 			break;
13059 		}
13060 
13061 		vendor_data = nla_nest_start_noflag(skb,
13062 						    NL80211_ATTR_VENDOR_DATA);
13063 		if (!vendor_data) {
13064 			genlmsg_cancel(skb, hdr);
13065 			break;
13066 		}
13067 
13068 		err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
13069 				   (unsigned long *)&cb->args[5]);
13070 		nla_nest_end(skb, vendor_data);
13071 
13072 		if (err == -ENOBUFS || err == -ENOENT) {
13073 			genlmsg_cancel(skb, hdr);
13074 			break;
13075 		} else if (err) {
13076 			genlmsg_cancel(skb, hdr);
13077 			goto out;
13078 		}
13079 
13080 		genlmsg_end(skb, hdr);
13081 	}
13082 
13083 	err = skb->len;
13084  out:
13085 	rtnl_unlock();
13086 	return err;
13087 }
13088 
13089 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
13090 					   enum nl80211_commands cmd,
13091 					   enum nl80211_attrs attr,
13092 					   int approxlen)
13093 {
13094 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13095 
13096 	if (WARN_ON(!rdev->cur_cmd_info))
13097 		return NULL;
13098 
13099 	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
13100 					   rdev->cur_cmd_info->snd_portid,
13101 					   rdev->cur_cmd_info->snd_seq,
13102 					   cmd, attr, NULL, GFP_KERNEL);
13103 }
13104 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
13105 
13106 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
13107 {
13108 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
13109 	void *hdr = ((void **)skb->cb)[1];
13110 	struct nlattr *data = ((void **)skb->cb)[2];
13111 
13112 	/* clear CB data for netlink core to own from now on */
13113 	memset(skb->cb, 0, sizeof(skb->cb));
13114 
13115 	if (WARN_ON(!rdev->cur_cmd_info)) {
13116 		kfree_skb(skb);
13117 		return -EINVAL;
13118 	}
13119 
13120 	nla_nest_end(skb, data);
13121 	genlmsg_end(skb, hdr);
13122 	return genlmsg_reply(skb, rdev->cur_cmd_info);
13123 }
13124 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
13125 
13126 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
13127 {
13128 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13129 
13130 	if (WARN_ON(!rdev->cur_cmd_info))
13131 		return 0;
13132 
13133 	return rdev->cur_cmd_info->snd_portid;
13134 }
13135 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
13136 
13137 static int nl80211_set_qos_map(struct sk_buff *skb,
13138 			       struct genl_info *info)
13139 {
13140 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13141 	struct cfg80211_qos_map *qos_map = NULL;
13142 	struct net_device *dev = info->user_ptr[1];
13143 	u8 *pos, len, num_des, des_len, des;
13144 	int ret;
13145 
13146 	if (!rdev->ops->set_qos_map)
13147 		return -EOPNOTSUPP;
13148 
13149 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
13150 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
13151 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
13152 
13153 		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
13154 		    len > IEEE80211_QOS_MAP_LEN_MAX)
13155 			return -EINVAL;
13156 
13157 		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
13158 		if (!qos_map)
13159 			return -ENOMEM;
13160 
13161 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
13162 		if (num_des) {
13163 			des_len = num_des *
13164 				sizeof(struct cfg80211_dscp_exception);
13165 			memcpy(qos_map->dscp_exception, pos, des_len);
13166 			qos_map->num_des = num_des;
13167 			for (des = 0; des < num_des; des++) {
13168 				if (qos_map->dscp_exception[des].up > 7) {
13169 					kfree(qos_map);
13170 					return -EINVAL;
13171 				}
13172 			}
13173 			pos += des_len;
13174 		}
13175 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
13176 	}
13177 
13178 	wdev_lock(dev->ieee80211_ptr);
13179 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
13180 	if (!ret)
13181 		ret = rdev_set_qos_map(rdev, dev, qos_map);
13182 	wdev_unlock(dev->ieee80211_ptr);
13183 
13184 	kfree(qos_map);
13185 	return ret;
13186 }
13187 
13188 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
13189 {
13190 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13191 	struct net_device *dev = info->user_ptr[1];
13192 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13193 	const u8 *peer;
13194 	u8 tsid, up;
13195 	u16 admitted_time = 0;
13196 	int err;
13197 
13198 	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
13199 		return -EOPNOTSUPP;
13200 
13201 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
13202 	    !info->attrs[NL80211_ATTR_USER_PRIO])
13203 		return -EINVAL;
13204 
13205 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13206 	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
13207 
13208 	/* WMM uses TIDs 0-7 even for TSPEC */
13209 	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
13210 		/* TODO: handle 802.11 TSPEC/admission control
13211 		 * need more attributes for that (e.g. BA session requirement);
13212 		 * change the WMM adminssion test above to allow both then
13213 		 */
13214 		return -EINVAL;
13215 	}
13216 
13217 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13218 
13219 	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
13220 		admitted_time =
13221 			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
13222 		if (!admitted_time)
13223 			return -EINVAL;
13224 	}
13225 
13226 	wdev_lock(wdev);
13227 	switch (wdev->iftype) {
13228 	case NL80211_IFTYPE_STATION:
13229 	case NL80211_IFTYPE_P2P_CLIENT:
13230 		if (wdev->current_bss)
13231 			break;
13232 		err = -ENOTCONN;
13233 		goto out;
13234 	default:
13235 		err = -EOPNOTSUPP;
13236 		goto out;
13237 	}
13238 
13239 	err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
13240 
13241  out:
13242 	wdev_unlock(wdev);
13243 	return err;
13244 }
13245 
13246 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
13247 {
13248 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13249 	struct net_device *dev = info->user_ptr[1];
13250 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13251 	const u8 *peer;
13252 	u8 tsid;
13253 	int err;
13254 
13255 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
13256 		return -EINVAL;
13257 
13258 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13259 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13260 
13261 	wdev_lock(wdev);
13262 	err = rdev_del_tx_ts(rdev, dev, tsid, peer);
13263 	wdev_unlock(wdev);
13264 
13265 	return err;
13266 }
13267 
13268 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
13269 				       struct genl_info *info)
13270 {
13271 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13272 	struct net_device *dev = info->user_ptr[1];
13273 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13274 	struct cfg80211_chan_def chandef = {};
13275 	const u8 *addr;
13276 	u8 oper_class;
13277 	int err;
13278 
13279 	if (!rdev->ops->tdls_channel_switch ||
13280 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13281 		return -EOPNOTSUPP;
13282 
13283 	switch (dev->ieee80211_ptr->iftype) {
13284 	case NL80211_IFTYPE_STATION:
13285 	case NL80211_IFTYPE_P2P_CLIENT:
13286 		break;
13287 	default:
13288 		return -EOPNOTSUPP;
13289 	}
13290 
13291 	if (!info->attrs[NL80211_ATTR_MAC] ||
13292 	    !info->attrs[NL80211_ATTR_OPER_CLASS])
13293 		return -EINVAL;
13294 
13295 	err = nl80211_parse_chandef(rdev, info, &chandef);
13296 	if (err)
13297 		return err;
13298 
13299 	/*
13300 	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
13301 	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
13302 	 * specification is not defined for them.
13303 	 */
13304 	if (chandef.chan->band == NL80211_BAND_2GHZ &&
13305 	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
13306 	    chandef.width != NL80211_CHAN_WIDTH_20)
13307 		return -EINVAL;
13308 
13309 	/* we will be active on the TDLS link */
13310 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
13311 					   wdev->iftype))
13312 		return -EINVAL;
13313 
13314 	/* don't allow switching to DFS channels */
13315 	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
13316 		return -EINVAL;
13317 
13318 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13319 	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
13320 
13321 	wdev_lock(wdev);
13322 	err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
13323 	wdev_unlock(wdev);
13324 
13325 	return err;
13326 }
13327 
13328 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
13329 					      struct genl_info *info)
13330 {
13331 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13332 	struct net_device *dev = info->user_ptr[1];
13333 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13334 	const u8 *addr;
13335 
13336 	if (!rdev->ops->tdls_channel_switch ||
13337 	    !rdev->ops->tdls_cancel_channel_switch ||
13338 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13339 		return -EOPNOTSUPP;
13340 
13341 	switch (dev->ieee80211_ptr->iftype) {
13342 	case NL80211_IFTYPE_STATION:
13343 	case NL80211_IFTYPE_P2P_CLIENT:
13344 		break;
13345 	default:
13346 		return -EOPNOTSUPP;
13347 	}
13348 
13349 	if (!info->attrs[NL80211_ATTR_MAC])
13350 		return -EINVAL;
13351 
13352 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13353 
13354 	wdev_lock(wdev);
13355 	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
13356 	wdev_unlock(wdev);
13357 
13358 	return 0;
13359 }
13360 
13361 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
13362 					    struct genl_info *info)
13363 {
13364 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13365 	struct net_device *dev = info->user_ptr[1];
13366 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13367 	const struct nlattr *nla;
13368 	bool enabled;
13369 
13370 	if (!rdev->ops->set_multicast_to_unicast)
13371 		return -EOPNOTSUPP;
13372 
13373 	if (wdev->iftype != NL80211_IFTYPE_AP &&
13374 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
13375 		return -EOPNOTSUPP;
13376 
13377 	nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
13378 	enabled = nla_get_flag(nla);
13379 
13380 	return rdev_set_multicast_to_unicast(rdev, dev, enabled);
13381 }
13382 
13383 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
13384 {
13385 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13386 	struct net_device *dev = info->user_ptr[1];
13387 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13388 	struct cfg80211_pmk_conf pmk_conf = {};
13389 	int ret;
13390 
13391 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
13392 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13393 		return -EOPNOTSUPP;
13394 
13395 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13396 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13397 		return -EOPNOTSUPP;
13398 
13399 	if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
13400 		return -EINVAL;
13401 
13402 	wdev_lock(wdev);
13403 	if (!wdev->current_bss) {
13404 		ret = -ENOTCONN;
13405 		goto out;
13406 	}
13407 
13408 	pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13409 	if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
13410 		ret = -EINVAL;
13411 		goto out;
13412 	}
13413 
13414 	pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
13415 	pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
13416 	if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
13417 	    pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
13418 		ret = -EINVAL;
13419 		goto out;
13420 	}
13421 
13422 	if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
13423 		int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13424 
13425 		if (r0_name_len != WLAN_PMK_NAME_LEN) {
13426 			ret = -EINVAL;
13427 			goto out;
13428 		}
13429 
13430 		pmk_conf.pmk_r0_name =
13431 			nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13432 	}
13433 
13434 	ret = rdev_set_pmk(rdev, dev, &pmk_conf);
13435 out:
13436 	wdev_unlock(wdev);
13437 	return ret;
13438 }
13439 
13440 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
13441 {
13442 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13443 	struct net_device *dev = info->user_ptr[1];
13444 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13445 	const u8 *aa;
13446 	int ret;
13447 
13448 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
13449 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13450 		return -EOPNOTSUPP;
13451 
13452 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13453 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13454 		return -EOPNOTSUPP;
13455 
13456 	if (!info->attrs[NL80211_ATTR_MAC])
13457 		return -EINVAL;
13458 
13459 	wdev_lock(wdev);
13460 	aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13461 	ret = rdev_del_pmk(rdev, dev, aa);
13462 	wdev_unlock(wdev);
13463 
13464 	return ret;
13465 }
13466 
13467 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
13468 {
13469 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13470 	struct net_device *dev = info->user_ptr[1];
13471 	struct cfg80211_external_auth_params params;
13472 
13473 	if (!rdev->ops->external_auth)
13474 		return -EOPNOTSUPP;
13475 
13476 	if (!info->attrs[NL80211_ATTR_SSID] &&
13477 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
13478 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
13479 		return -EINVAL;
13480 
13481 	if (!info->attrs[NL80211_ATTR_BSSID])
13482 		return -EINVAL;
13483 
13484 	if (!info->attrs[NL80211_ATTR_STATUS_CODE])
13485 		return -EINVAL;
13486 
13487 	memset(&params, 0, sizeof(params));
13488 
13489 	if (info->attrs[NL80211_ATTR_SSID]) {
13490 		params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13491 		if (params.ssid.ssid_len == 0 ||
13492 		    params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
13493 			return -EINVAL;
13494 		memcpy(params.ssid.ssid,
13495 		       nla_data(info->attrs[NL80211_ATTR_SSID]),
13496 		       params.ssid.ssid_len);
13497 	}
13498 
13499 	memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
13500 	       ETH_ALEN);
13501 
13502 	params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13503 
13504 	if (info->attrs[NL80211_ATTR_PMKID])
13505 		params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13506 
13507 	return rdev_external_auth(rdev, dev, &params);
13508 }
13509 
13510 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
13511 {
13512 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13513 	struct net_device *dev = info->user_ptr[1];
13514 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13515 	const u8 *buf;
13516 	size_t len;
13517 	u8 *dest;
13518 	u16 proto;
13519 	bool noencrypt;
13520 	int err;
13521 
13522 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13523 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
13524 		return -EOPNOTSUPP;
13525 
13526 	if (!rdev->ops->tx_control_port)
13527 		return -EOPNOTSUPP;
13528 
13529 	if (!info->attrs[NL80211_ATTR_FRAME] ||
13530 	    !info->attrs[NL80211_ATTR_MAC] ||
13531 	    !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
13532 		GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
13533 		return -EINVAL;
13534 	}
13535 
13536 	wdev_lock(wdev);
13537 
13538 	switch (wdev->iftype) {
13539 	case NL80211_IFTYPE_AP:
13540 	case NL80211_IFTYPE_P2P_GO:
13541 	case NL80211_IFTYPE_MESH_POINT:
13542 		break;
13543 	case NL80211_IFTYPE_ADHOC:
13544 	case NL80211_IFTYPE_STATION:
13545 	case NL80211_IFTYPE_P2P_CLIENT:
13546 		if (wdev->current_bss)
13547 			break;
13548 		err = -ENOTCONN;
13549 		goto out;
13550 	default:
13551 		err = -EOPNOTSUPP;
13552 		goto out;
13553 	}
13554 
13555 	wdev_unlock(wdev);
13556 
13557 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13558 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13559 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13560 	proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
13561 	noencrypt =
13562 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
13563 
13564 	return rdev_tx_control_port(rdev, dev, buf, len,
13565 				    dest, cpu_to_be16(proto), noencrypt);
13566 
13567  out:
13568 	wdev_unlock(wdev);
13569 	return err;
13570 }
13571 
13572 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
13573 					   struct genl_info *info)
13574 {
13575 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13576 	struct net_device *dev = info->user_ptr[1];
13577 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13578 	struct cfg80211_ftm_responder_stats ftm_stats = {};
13579 	struct sk_buff *msg;
13580 	void *hdr;
13581 	struct nlattr *ftm_stats_attr;
13582 	int err;
13583 
13584 	if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
13585 		return -EOPNOTSUPP;
13586 
13587 	err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
13588 	if (err)
13589 		return err;
13590 
13591 	if (!ftm_stats.filled)
13592 		return -ENODATA;
13593 
13594 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13595 	if (!msg)
13596 		return -ENOMEM;
13597 
13598 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13599 			     NL80211_CMD_GET_FTM_RESPONDER_STATS);
13600 	if (!hdr)
13601 		return -ENOBUFS;
13602 
13603 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
13604 		goto nla_put_failure;
13605 
13606 	ftm_stats_attr = nla_nest_start_noflag(msg,
13607 					       NL80211_ATTR_FTM_RESPONDER_STATS);
13608 	if (!ftm_stats_attr)
13609 		goto nla_put_failure;
13610 
13611 #define SET_FTM(field, name, type)					 \
13612 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13613 	    nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name,		 \
13614 			     ftm_stats.field))				 \
13615 		goto nla_put_failure; } while (0)
13616 #define SET_FTM_U64(field, name)					 \
13617 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13618 	    nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name,		 \
13619 			      ftm_stats.field, NL80211_FTM_STATS_PAD))	 \
13620 		goto nla_put_failure; } while (0)
13621 
13622 	SET_FTM(success_num, SUCCESS_NUM, u32);
13623 	SET_FTM(partial_num, PARTIAL_NUM, u32);
13624 	SET_FTM(failed_num, FAILED_NUM, u32);
13625 	SET_FTM(asap_num, ASAP_NUM, u32);
13626 	SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
13627 	SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
13628 	SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
13629 	SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
13630 	SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
13631 #undef SET_FTM
13632 
13633 	nla_nest_end(msg, ftm_stats_attr);
13634 
13635 	genlmsg_end(msg, hdr);
13636 	return genlmsg_reply(msg, info);
13637 
13638 nla_put_failure:
13639 	nlmsg_free(msg);
13640 	return -ENOBUFS;
13641 }
13642 
13643 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
13644 {
13645 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13646 	struct cfg80211_update_owe_info owe_info;
13647 	struct net_device *dev = info->user_ptr[1];
13648 
13649 	if (!rdev->ops->update_owe_info)
13650 		return -EOPNOTSUPP;
13651 
13652 	if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
13653 	    !info->attrs[NL80211_ATTR_MAC])
13654 		return -EINVAL;
13655 
13656 	memset(&owe_info, 0, sizeof(owe_info));
13657 	owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13658 	nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
13659 
13660 	if (info->attrs[NL80211_ATTR_IE]) {
13661 		owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13662 		owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13663 	}
13664 
13665 	return rdev_update_owe_info(rdev, dev, &owe_info);
13666 }
13667 
13668 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
13669 {
13670 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13671 	struct net_device *dev = info->user_ptr[1];
13672 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13673 	struct station_info sinfo = {};
13674 	const u8 *buf;
13675 	size_t len;
13676 	u8 *dest;
13677 	int err;
13678 
13679 	if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
13680 		return -EOPNOTSUPP;
13681 
13682 	if (!info->attrs[NL80211_ATTR_MAC] ||
13683 	    !info->attrs[NL80211_ATTR_FRAME]) {
13684 		GENL_SET_ERR_MSG(info, "Frame or MAC missing");
13685 		return -EINVAL;
13686 	}
13687 
13688 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
13689 		return -EOPNOTSUPP;
13690 
13691 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13692 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13693 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13694 
13695 	if (len < sizeof(struct ethhdr))
13696 		return -EINVAL;
13697 
13698 	if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
13699 	    !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
13700 		return -EINVAL;
13701 
13702 	err = rdev_get_station(rdev, dev, dest, &sinfo);
13703 	if (err)
13704 		return err;
13705 
13706 	return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
13707 }
13708 
13709 #define NL80211_FLAG_NEED_WIPHY		0x01
13710 #define NL80211_FLAG_NEED_NETDEV	0x02
13711 #define NL80211_FLAG_NEED_RTNL		0x04
13712 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
13713 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
13714 					 NL80211_FLAG_CHECK_NETDEV_UP)
13715 #define NL80211_FLAG_NEED_WDEV		0x10
13716 /* If a netdev is associated, it must be UP, P2P must be started */
13717 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
13718 					 NL80211_FLAG_CHECK_NETDEV_UP)
13719 #define NL80211_FLAG_CLEAR_SKB		0x20
13720 
13721 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
13722 			    struct genl_info *info)
13723 {
13724 	struct cfg80211_registered_device *rdev;
13725 	struct wireless_dev *wdev;
13726 	struct net_device *dev;
13727 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
13728 
13729 	if (rtnl)
13730 		rtnl_lock();
13731 
13732 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
13733 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
13734 		if (IS_ERR(rdev)) {
13735 			if (rtnl)
13736 				rtnl_unlock();
13737 			return PTR_ERR(rdev);
13738 		}
13739 		info->user_ptr[0] = rdev;
13740 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
13741 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13742 		ASSERT_RTNL();
13743 
13744 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
13745 						  info->attrs);
13746 		if (IS_ERR(wdev)) {
13747 			if (rtnl)
13748 				rtnl_unlock();
13749 			return PTR_ERR(wdev);
13750 		}
13751 
13752 		dev = wdev->netdev;
13753 		rdev = wiphy_to_rdev(wdev->wiphy);
13754 
13755 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
13756 			if (!dev) {
13757 				if (rtnl)
13758 					rtnl_unlock();
13759 				return -EINVAL;
13760 			}
13761 
13762 			info->user_ptr[1] = dev;
13763 		} else {
13764 			info->user_ptr[1] = wdev;
13765 		}
13766 
13767 		if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
13768 		    !wdev_running(wdev)) {
13769 			if (rtnl)
13770 				rtnl_unlock();
13771 			return -ENETDOWN;
13772 		}
13773 
13774 		if (dev)
13775 			dev_hold(dev);
13776 
13777 		info->user_ptr[0] = rdev;
13778 	}
13779 
13780 	return 0;
13781 }
13782 
13783 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
13784 			      struct genl_info *info)
13785 {
13786 	if (info->user_ptr[1]) {
13787 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13788 			struct wireless_dev *wdev = info->user_ptr[1];
13789 
13790 			if (wdev->netdev)
13791 				dev_put(wdev->netdev);
13792 		} else {
13793 			dev_put(info->user_ptr[1]);
13794 		}
13795 	}
13796 
13797 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
13798 		rtnl_unlock();
13799 
13800 	/* If needed, clear the netlink message payload from the SKB
13801 	 * as it might contain key data that shouldn't stick around on
13802 	 * the heap after the SKB is freed. The netlink message header
13803 	 * is still needed for further processing, so leave it intact.
13804 	 */
13805 	if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
13806 		struct nlmsghdr *nlh = nlmsg_hdr(skb);
13807 
13808 		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
13809 	}
13810 }
13811 
13812 static const struct genl_ops nl80211_ops[] = {
13813 	{
13814 		.cmd = NL80211_CMD_GET_WIPHY,
13815 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13816 		.doit = nl80211_get_wiphy,
13817 		.dumpit = nl80211_dump_wiphy,
13818 		.done = nl80211_dump_wiphy_done,
13819 		/* can be retrieved by unprivileged users */
13820 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13821 				  NL80211_FLAG_NEED_RTNL,
13822 	},
13823 	{
13824 		.cmd = NL80211_CMD_SET_WIPHY,
13825 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13826 		.doit = nl80211_set_wiphy,
13827 		.flags = GENL_UNS_ADMIN_PERM,
13828 		.internal_flags = NL80211_FLAG_NEED_RTNL,
13829 	},
13830 	{
13831 		.cmd = NL80211_CMD_GET_INTERFACE,
13832 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13833 		.doit = nl80211_get_interface,
13834 		.dumpit = nl80211_dump_interface,
13835 		/* can be retrieved by unprivileged users */
13836 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13837 				  NL80211_FLAG_NEED_RTNL,
13838 	},
13839 	{
13840 		.cmd = NL80211_CMD_SET_INTERFACE,
13841 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13842 		.doit = nl80211_set_interface,
13843 		.flags = GENL_UNS_ADMIN_PERM,
13844 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13845 				  NL80211_FLAG_NEED_RTNL,
13846 	},
13847 	{
13848 		.cmd = NL80211_CMD_NEW_INTERFACE,
13849 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13850 		.doit = nl80211_new_interface,
13851 		.flags = GENL_UNS_ADMIN_PERM,
13852 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13853 				  NL80211_FLAG_NEED_RTNL,
13854 	},
13855 	{
13856 		.cmd = NL80211_CMD_DEL_INTERFACE,
13857 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13858 		.doit = nl80211_del_interface,
13859 		.flags = GENL_UNS_ADMIN_PERM,
13860 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13861 				  NL80211_FLAG_NEED_RTNL,
13862 	},
13863 	{
13864 		.cmd = NL80211_CMD_GET_KEY,
13865 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13866 		.doit = nl80211_get_key,
13867 		.flags = GENL_UNS_ADMIN_PERM,
13868 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13869 				  NL80211_FLAG_NEED_RTNL,
13870 	},
13871 	{
13872 		.cmd = NL80211_CMD_SET_KEY,
13873 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13874 		.doit = nl80211_set_key,
13875 		.flags = GENL_UNS_ADMIN_PERM,
13876 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13877 				  NL80211_FLAG_NEED_RTNL |
13878 				  NL80211_FLAG_CLEAR_SKB,
13879 	},
13880 	{
13881 		.cmd = NL80211_CMD_NEW_KEY,
13882 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13883 		.doit = nl80211_new_key,
13884 		.flags = GENL_UNS_ADMIN_PERM,
13885 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13886 				  NL80211_FLAG_NEED_RTNL |
13887 				  NL80211_FLAG_CLEAR_SKB,
13888 	},
13889 	{
13890 		.cmd = NL80211_CMD_DEL_KEY,
13891 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13892 		.doit = nl80211_del_key,
13893 		.flags = GENL_UNS_ADMIN_PERM,
13894 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13895 				  NL80211_FLAG_NEED_RTNL,
13896 	},
13897 	{
13898 		.cmd = NL80211_CMD_SET_BEACON,
13899 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13900 		.flags = GENL_UNS_ADMIN_PERM,
13901 		.doit = nl80211_set_beacon,
13902 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13903 				  NL80211_FLAG_NEED_RTNL,
13904 	},
13905 	{
13906 		.cmd = NL80211_CMD_START_AP,
13907 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13908 		.flags = GENL_UNS_ADMIN_PERM,
13909 		.doit = nl80211_start_ap,
13910 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13911 				  NL80211_FLAG_NEED_RTNL,
13912 	},
13913 	{
13914 		.cmd = NL80211_CMD_STOP_AP,
13915 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13916 		.flags = GENL_UNS_ADMIN_PERM,
13917 		.doit = nl80211_stop_ap,
13918 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13919 				  NL80211_FLAG_NEED_RTNL,
13920 	},
13921 	{
13922 		.cmd = NL80211_CMD_GET_STATION,
13923 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13924 		.doit = nl80211_get_station,
13925 		.dumpit = nl80211_dump_station,
13926 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13927 				  NL80211_FLAG_NEED_RTNL,
13928 	},
13929 	{
13930 		.cmd = NL80211_CMD_SET_STATION,
13931 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13932 		.doit = nl80211_set_station,
13933 		.flags = GENL_UNS_ADMIN_PERM,
13934 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13935 				  NL80211_FLAG_NEED_RTNL,
13936 	},
13937 	{
13938 		.cmd = NL80211_CMD_NEW_STATION,
13939 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13940 		.doit = nl80211_new_station,
13941 		.flags = GENL_UNS_ADMIN_PERM,
13942 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13943 				  NL80211_FLAG_NEED_RTNL,
13944 	},
13945 	{
13946 		.cmd = NL80211_CMD_DEL_STATION,
13947 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13948 		.doit = nl80211_del_station,
13949 		.flags = GENL_UNS_ADMIN_PERM,
13950 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13951 				  NL80211_FLAG_NEED_RTNL,
13952 	},
13953 	{
13954 		.cmd = NL80211_CMD_GET_MPATH,
13955 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13956 		.doit = nl80211_get_mpath,
13957 		.dumpit = nl80211_dump_mpath,
13958 		.flags = GENL_UNS_ADMIN_PERM,
13959 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13960 				  NL80211_FLAG_NEED_RTNL,
13961 	},
13962 	{
13963 		.cmd = NL80211_CMD_GET_MPP,
13964 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13965 		.doit = nl80211_get_mpp,
13966 		.dumpit = nl80211_dump_mpp,
13967 		.flags = GENL_UNS_ADMIN_PERM,
13968 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13969 				  NL80211_FLAG_NEED_RTNL,
13970 	},
13971 	{
13972 		.cmd = NL80211_CMD_SET_MPATH,
13973 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13974 		.doit = nl80211_set_mpath,
13975 		.flags = GENL_UNS_ADMIN_PERM,
13976 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13977 				  NL80211_FLAG_NEED_RTNL,
13978 	},
13979 	{
13980 		.cmd = NL80211_CMD_NEW_MPATH,
13981 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13982 		.doit = nl80211_new_mpath,
13983 		.flags = GENL_UNS_ADMIN_PERM,
13984 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13985 				  NL80211_FLAG_NEED_RTNL,
13986 	},
13987 	{
13988 		.cmd = NL80211_CMD_DEL_MPATH,
13989 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13990 		.doit = nl80211_del_mpath,
13991 		.flags = GENL_UNS_ADMIN_PERM,
13992 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13993 				  NL80211_FLAG_NEED_RTNL,
13994 	},
13995 	{
13996 		.cmd = NL80211_CMD_SET_BSS,
13997 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13998 		.doit = nl80211_set_bss,
13999 		.flags = GENL_UNS_ADMIN_PERM,
14000 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14001 				  NL80211_FLAG_NEED_RTNL,
14002 	},
14003 	{
14004 		.cmd = NL80211_CMD_GET_REG,
14005 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14006 		.doit = nl80211_get_reg_do,
14007 		.dumpit = nl80211_get_reg_dump,
14008 		.internal_flags = NL80211_FLAG_NEED_RTNL,
14009 		/* can be retrieved by unprivileged users */
14010 	},
14011 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
14012 	{
14013 		.cmd = NL80211_CMD_SET_REG,
14014 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14015 		.doit = nl80211_set_reg,
14016 		.flags = GENL_ADMIN_PERM,
14017 		.internal_flags = NL80211_FLAG_NEED_RTNL,
14018 	},
14019 #endif
14020 	{
14021 		.cmd = NL80211_CMD_REQ_SET_REG,
14022 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14023 		.doit = nl80211_req_set_reg,
14024 		.flags = GENL_ADMIN_PERM,
14025 	},
14026 	{
14027 		.cmd = NL80211_CMD_RELOAD_REGDB,
14028 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14029 		.doit = nl80211_reload_regdb,
14030 		.flags = GENL_ADMIN_PERM,
14031 	},
14032 	{
14033 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
14034 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14035 		.doit = nl80211_get_mesh_config,
14036 		/* can be retrieved by unprivileged users */
14037 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14038 				  NL80211_FLAG_NEED_RTNL,
14039 	},
14040 	{
14041 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
14042 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14043 		.doit = nl80211_update_mesh_config,
14044 		.flags = GENL_UNS_ADMIN_PERM,
14045 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14046 				  NL80211_FLAG_NEED_RTNL,
14047 	},
14048 	{
14049 		.cmd = NL80211_CMD_TRIGGER_SCAN,
14050 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14051 		.doit = nl80211_trigger_scan,
14052 		.flags = GENL_UNS_ADMIN_PERM,
14053 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14054 				  NL80211_FLAG_NEED_RTNL,
14055 	},
14056 	{
14057 		.cmd = NL80211_CMD_ABORT_SCAN,
14058 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14059 		.doit = nl80211_abort_scan,
14060 		.flags = GENL_UNS_ADMIN_PERM,
14061 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14062 				  NL80211_FLAG_NEED_RTNL,
14063 	},
14064 	{
14065 		.cmd = NL80211_CMD_GET_SCAN,
14066 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14067 		.dumpit = nl80211_dump_scan,
14068 	},
14069 	{
14070 		.cmd = NL80211_CMD_START_SCHED_SCAN,
14071 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14072 		.doit = nl80211_start_sched_scan,
14073 		.flags = GENL_UNS_ADMIN_PERM,
14074 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14075 				  NL80211_FLAG_NEED_RTNL,
14076 	},
14077 	{
14078 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
14079 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14080 		.doit = nl80211_stop_sched_scan,
14081 		.flags = GENL_UNS_ADMIN_PERM,
14082 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14083 				  NL80211_FLAG_NEED_RTNL,
14084 	},
14085 	{
14086 		.cmd = NL80211_CMD_AUTHENTICATE,
14087 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14088 		.doit = nl80211_authenticate,
14089 		.flags = GENL_UNS_ADMIN_PERM,
14090 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14091 				  NL80211_FLAG_NEED_RTNL |
14092 				  NL80211_FLAG_CLEAR_SKB,
14093 	},
14094 	{
14095 		.cmd = NL80211_CMD_ASSOCIATE,
14096 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14097 		.doit = nl80211_associate,
14098 		.flags = GENL_UNS_ADMIN_PERM,
14099 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14100 				  NL80211_FLAG_NEED_RTNL |
14101 				  NL80211_FLAG_CLEAR_SKB,
14102 	},
14103 	{
14104 		.cmd = NL80211_CMD_DEAUTHENTICATE,
14105 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14106 		.doit = nl80211_deauthenticate,
14107 		.flags = GENL_UNS_ADMIN_PERM,
14108 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14109 				  NL80211_FLAG_NEED_RTNL,
14110 	},
14111 	{
14112 		.cmd = NL80211_CMD_DISASSOCIATE,
14113 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14114 		.doit = nl80211_disassociate,
14115 		.flags = GENL_UNS_ADMIN_PERM,
14116 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14117 				  NL80211_FLAG_NEED_RTNL,
14118 	},
14119 	{
14120 		.cmd = NL80211_CMD_JOIN_IBSS,
14121 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14122 		.doit = nl80211_join_ibss,
14123 		.flags = GENL_UNS_ADMIN_PERM,
14124 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14125 				  NL80211_FLAG_NEED_RTNL,
14126 	},
14127 	{
14128 		.cmd = NL80211_CMD_LEAVE_IBSS,
14129 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14130 		.doit = nl80211_leave_ibss,
14131 		.flags = GENL_UNS_ADMIN_PERM,
14132 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14133 				  NL80211_FLAG_NEED_RTNL,
14134 	},
14135 #ifdef CONFIG_NL80211_TESTMODE
14136 	{
14137 		.cmd = NL80211_CMD_TESTMODE,
14138 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14139 		.doit = nl80211_testmode_do,
14140 		.dumpit = nl80211_testmode_dump,
14141 		.flags = GENL_UNS_ADMIN_PERM,
14142 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14143 				  NL80211_FLAG_NEED_RTNL,
14144 	},
14145 #endif
14146 	{
14147 		.cmd = NL80211_CMD_CONNECT,
14148 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14149 		.doit = nl80211_connect,
14150 		.flags = GENL_UNS_ADMIN_PERM,
14151 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14152 				  NL80211_FLAG_NEED_RTNL |
14153 				  NL80211_FLAG_CLEAR_SKB,
14154 	},
14155 	{
14156 		.cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
14157 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14158 		.doit = nl80211_update_connect_params,
14159 		.flags = GENL_ADMIN_PERM,
14160 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14161 				  NL80211_FLAG_NEED_RTNL |
14162 				  NL80211_FLAG_CLEAR_SKB,
14163 	},
14164 	{
14165 		.cmd = NL80211_CMD_DISCONNECT,
14166 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14167 		.doit = nl80211_disconnect,
14168 		.flags = GENL_UNS_ADMIN_PERM,
14169 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14170 				  NL80211_FLAG_NEED_RTNL,
14171 	},
14172 	{
14173 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
14174 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14175 		.doit = nl80211_wiphy_netns,
14176 		.flags = GENL_UNS_ADMIN_PERM,
14177 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14178 				  NL80211_FLAG_NEED_RTNL,
14179 	},
14180 	{
14181 		.cmd = NL80211_CMD_GET_SURVEY,
14182 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14183 		.dumpit = nl80211_dump_survey,
14184 	},
14185 	{
14186 		.cmd = NL80211_CMD_SET_PMKSA,
14187 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14188 		.doit = nl80211_setdel_pmksa,
14189 		.flags = GENL_UNS_ADMIN_PERM,
14190 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14191 				  NL80211_FLAG_NEED_RTNL |
14192 				  NL80211_FLAG_CLEAR_SKB,
14193 	},
14194 	{
14195 		.cmd = NL80211_CMD_DEL_PMKSA,
14196 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14197 		.doit = nl80211_setdel_pmksa,
14198 		.flags = GENL_UNS_ADMIN_PERM,
14199 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14200 				  NL80211_FLAG_NEED_RTNL,
14201 	},
14202 	{
14203 		.cmd = NL80211_CMD_FLUSH_PMKSA,
14204 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14205 		.doit = nl80211_flush_pmksa,
14206 		.flags = GENL_UNS_ADMIN_PERM,
14207 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14208 				  NL80211_FLAG_NEED_RTNL,
14209 	},
14210 	{
14211 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
14212 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14213 		.doit = nl80211_remain_on_channel,
14214 		.flags = GENL_UNS_ADMIN_PERM,
14215 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14216 				  NL80211_FLAG_NEED_RTNL,
14217 	},
14218 	{
14219 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14220 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14221 		.doit = nl80211_cancel_remain_on_channel,
14222 		.flags = GENL_UNS_ADMIN_PERM,
14223 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14224 				  NL80211_FLAG_NEED_RTNL,
14225 	},
14226 	{
14227 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
14228 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14229 		.doit = nl80211_set_tx_bitrate_mask,
14230 		.flags = GENL_UNS_ADMIN_PERM,
14231 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14232 				  NL80211_FLAG_NEED_RTNL,
14233 	},
14234 	{
14235 		.cmd = NL80211_CMD_REGISTER_FRAME,
14236 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14237 		.doit = nl80211_register_mgmt,
14238 		.flags = GENL_UNS_ADMIN_PERM,
14239 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14240 				  NL80211_FLAG_NEED_RTNL,
14241 	},
14242 	{
14243 		.cmd = NL80211_CMD_FRAME,
14244 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14245 		.doit = nl80211_tx_mgmt,
14246 		.flags = GENL_UNS_ADMIN_PERM,
14247 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14248 				  NL80211_FLAG_NEED_RTNL,
14249 	},
14250 	{
14251 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
14252 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14253 		.doit = nl80211_tx_mgmt_cancel_wait,
14254 		.flags = GENL_UNS_ADMIN_PERM,
14255 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14256 				  NL80211_FLAG_NEED_RTNL,
14257 	},
14258 	{
14259 		.cmd = NL80211_CMD_SET_POWER_SAVE,
14260 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14261 		.doit = nl80211_set_power_save,
14262 		.flags = GENL_UNS_ADMIN_PERM,
14263 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14264 				  NL80211_FLAG_NEED_RTNL,
14265 	},
14266 	{
14267 		.cmd = NL80211_CMD_GET_POWER_SAVE,
14268 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14269 		.doit = nl80211_get_power_save,
14270 		/* can be retrieved by unprivileged users */
14271 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14272 				  NL80211_FLAG_NEED_RTNL,
14273 	},
14274 	{
14275 		.cmd = NL80211_CMD_SET_CQM,
14276 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14277 		.doit = nl80211_set_cqm,
14278 		.flags = GENL_UNS_ADMIN_PERM,
14279 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14280 				  NL80211_FLAG_NEED_RTNL,
14281 	},
14282 	{
14283 		.cmd = NL80211_CMD_SET_CHANNEL,
14284 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14285 		.doit = nl80211_set_channel,
14286 		.flags = GENL_UNS_ADMIN_PERM,
14287 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14288 				  NL80211_FLAG_NEED_RTNL,
14289 	},
14290 	{
14291 		.cmd = NL80211_CMD_SET_WDS_PEER,
14292 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14293 		.doit = nl80211_set_wds_peer,
14294 		.flags = GENL_UNS_ADMIN_PERM,
14295 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14296 				  NL80211_FLAG_NEED_RTNL,
14297 	},
14298 	{
14299 		.cmd = NL80211_CMD_JOIN_MESH,
14300 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14301 		.doit = nl80211_join_mesh,
14302 		.flags = GENL_UNS_ADMIN_PERM,
14303 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14304 				  NL80211_FLAG_NEED_RTNL,
14305 	},
14306 	{
14307 		.cmd = NL80211_CMD_LEAVE_MESH,
14308 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14309 		.doit = nl80211_leave_mesh,
14310 		.flags = GENL_UNS_ADMIN_PERM,
14311 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14312 				  NL80211_FLAG_NEED_RTNL,
14313 	},
14314 	{
14315 		.cmd = NL80211_CMD_JOIN_OCB,
14316 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14317 		.doit = nl80211_join_ocb,
14318 		.flags = GENL_UNS_ADMIN_PERM,
14319 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14320 				  NL80211_FLAG_NEED_RTNL,
14321 	},
14322 	{
14323 		.cmd = NL80211_CMD_LEAVE_OCB,
14324 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14325 		.doit = nl80211_leave_ocb,
14326 		.flags = GENL_UNS_ADMIN_PERM,
14327 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14328 				  NL80211_FLAG_NEED_RTNL,
14329 	},
14330 #ifdef CONFIG_PM
14331 	{
14332 		.cmd = NL80211_CMD_GET_WOWLAN,
14333 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14334 		.doit = nl80211_get_wowlan,
14335 		/* can be retrieved by unprivileged users */
14336 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14337 				  NL80211_FLAG_NEED_RTNL,
14338 	},
14339 	{
14340 		.cmd = NL80211_CMD_SET_WOWLAN,
14341 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14342 		.doit = nl80211_set_wowlan,
14343 		.flags = GENL_UNS_ADMIN_PERM,
14344 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14345 				  NL80211_FLAG_NEED_RTNL,
14346 	},
14347 #endif
14348 	{
14349 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
14350 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14351 		.doit = nl80211_set_rekey_data,
14352 		.flags = GENL_UNS_ADMIN_PERM,
14353 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14354 				  NL80211_FLAG_NEED_RTNL |
14355 				  NL80211_FLAG_CLEAR_SKB,
14356 	},
14357 	{
14358 		.cmd = NL80211_CMD_TDLS_MGMT,
14359 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14360 		.doit = nl80211_tdls_mgmt,
14361 		.flags = GENL_UNS_ADMIN_PERM,
14362 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14363 				  NL80211_FLAG_NEED_RTNL,
14364 	},
14365 	{
14366 		.cmd = NL80211_CMD_TDLS_OPER,
14367 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14368 		.doit = nl80211_tdls_oper,
14369 		.flags = GENL_UNS_ADMIN_PERM,
14370 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14371 				  NL80211_FLAG_NEED_RTNL,
14372 	},
14373 	{
14374 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
14375 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14376 		.doit = nl80211_register_unexpected_frame,
14377 		.flags = GENL_UNS_ADMIN_PERM,
14378 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14379 				  NL80211_FLAG_NEED_RTNL,
14380 	},
14381 	{
14382 		.cmd = NL80211_CMD_PROBE_CLIENT,
14383 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14384 		.doit = nl80211_probe_client,
14385 		.flags = GENL_UNS_ADMIN_PERM,
14386 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14387 				  NL80211_FLAG_NEED_RTNL,
14388 	},
14389 	{
14390 		.cmd = NL80211_CMD_REGISTER_BEACONS,
14391 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14392 		.doit = nl80211_register_beacons,
14393 		.flags = GENL_UNS_ADMIN_PERM,
14394 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14395 				  NL80211_FLAG_NEED_RTNL,
14396 	},
14397 	{
14398 		.cmd = NL80211_CMD_SET_NOACK_MAP,
14399 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14400 		.doit = nl80211_set_noack_map,
14401 		.flags = GENL_UNS_ADMIN_PERM,
14402 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14403 				  NL80211_FLAG_NEED_RTNL,
14404 	},
14405 	{
14406 		.cmd = NL80211_CMD_START_P2P_DEVICE,
14407 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14408 		.doit = nl80211_start_p2p_device,
14409 		.flags = GENL_UNS_ADMIN_PERM,
14410 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14411 				  NL80211_FLAG_NEED_RTNL,
14412 	},
14413 	{
14414 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
14415 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14416 		.doit = nl80211_stop_p2p_device,
14417 		.flags = GENL_UNS_ADMIN_PERM,
14418 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14419 				  NL80211_FLAG_NEED_RTNL,
14420 	},
14421 	{
14422 		.cmd = NL80211_CMD_START_NAN,
14423 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14424 		.doit = nl80211_start_nan,
14425 		.flags = GENL_ADMIN_PERM,
14426 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14427 				  NL80211_FLAG_NEED_RTNL,
14428 	},
14429 	{
14430 		.cmd = NL80211_CMD_STOP_NAN,
14431 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14432 		.doit = nl80211_stop_nan,
14433 		.flags = GENL_ADMIN_PERM,
14434 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14435 				  NL80211_FLAG_NEED_RTNL,
14436 	},
14437 	{
14438 		.cmd = NL80211_CMD_ADD_NAN_FUNCTION,
14439 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14440 		.doit = nl80211_nan_add_func,
14441 		.flags = GENL_ADMIN_PERM,
14442 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14443 				  NL80211_FLAG_NEED_RTNL,
14444 	},
14445 	{
14446 		.cmd = NL80211_CMD_DEL_NAN_FUNCTION,
14447 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14448 		.doit = nl80211_nan_del_func,
14449 		.flags = GENL_ADMIN_PERM,
14450 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14451 				  NL80211_FLAG_NEED_RTNL,
14452 	},
14453 	{
14454 		.cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
14455 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14456 		.doit = nl80211_nan_change_config,
14457 		.flags = GENL_ADMIN_PERM,
14458 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14459 				  NL80211_FLAG_NEED_RTNL,
14460 	},
14461 	{
14462 		.cmd = NL80211_CMD_SET_MCAST_RATE,
14463 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14464 		.doit = nl80211_set_mcast_rate,
14465 		.flags = GENL_UNS_ADMIN_PERM,
14466 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14467 				  NL80211_FLAG_NEED_RTNL,
14468 	},
14469 	{
14470 		.cmd = NL80211_CMD_SET_MAC_ACL,
14471 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14472 		.doit = nl80211_set_mac_acl,
14473 		.flags = GENL_UNS_ADMIN_PERM,
14474 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14475 				  NL80211_FLAG_NEED_RTNL,
14476 	},
14477 	{
14478 		.cmd = NL80211_CMD_RADAR_DETECT,
14479 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14480 		.doit = nl80211_start_radar_detection,
14481 		.flags = GENL_UNS_ADMIN_PERM,
14482 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14483 				  NL80211_FLAG_NEED_RTNL,
14484 	},
14485 	{
14486 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
14487 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14488 		.doit = nl80211_get_protocol_features,
14489 	},
14490 	{
14491 		.cmd = NL80211_CMD_UPDATE_FT_IES,
14492 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14493 		.doit = nl80211_update_ft_ies,
14494 		.flags = GENL_UNS_ADMIN_PERM,
14495 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14496 				  NL80211_FLAG_NEED_RTNL,
14497 	},
14498 	{
14499 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
14500 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14501 		.doit = nl80211_crit_protocol_start,
14502 		.flags = GENL_UNS_ADMIN_PERM,
14503 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14504 				  NL80211_FLAG_NEED_RTNL,
14505 	},
14506 	{
14507 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
14508 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14509 		.doit = nl80211_crit_protocol_stop,
14510 		.flags = GENL_UNS_ADMIN_PERM,
14511 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14512 				  NL80211_FLAG_NEED_RTNL,
14513 	},
14514 	{
14515 		.cmd = NL80211_CMD_GET_COALESCE,
14516 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14517 		.doit = nl80211_get_coalesce,
14518 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14519 				  NL80211_FLAG_NEED_RTNL,
14520 	},
14521 	{
14522 		.cmd = NL80211_CMD_SET_COALESCE,
14523 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14524 		.doit = nl80211_set_coalesce,
14525 		.flags = GENL_UNS_ADMIN_PERM,
14526 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14527 				  NL80211_FLAG_NEED_RTNL,
14528 	},
14529 	{
14530 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
14531 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14532 		.doit = nl80211_channel_switch,
14533 		.flags = GENL_UNS_ADMIN_PERM,
14534 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14535 				  NL80211_FLAG_NEED_RTNL,
14536 	},
14537 	{
14538 		.cmd = NL80211_CMD_VENDOR,
14539 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14540 		.doit = nl80211_vendor_cmd,
14541 		.dumpit = nl80211_vendor_cmd_dump,
14542 		.flags = GENL_UNS_ADMIN_PERM,
14543 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14544 				  NL80211_FLAG_NEED_RTNL |
14545 				  NL80211_FLAG_CLEAR_SKB,
14546 	},
14547 	{
14548 		.cmd = NL80211_CMD_SET_QOS_MAP,
14549 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14550 		.doit = nl80211_set_qos_map,
14551 		.flags = GENL_UNS_ADMIN_PERM,
14552 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14553 				  NL80211_FLAG_NEED_RTNL,
14554 	},
14555 	{
14556 		.cmd = NL80211_CMD_ADD_TX_TS,
14557 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14558 		.doit = nl80211_add_tx_ts,
14559 		.flags = GENL_UNS_ADMIN_PERM,
14560 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14561 				  NL80211_FLAG_NEED_RTNL,
14562 	},
14563 	{
14564 		.cmd = NL80211_CMD_DEL_TX_TS,
14565 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14566 		.doit = nl80211_del_tx_ts,
14567 		.flags = GENL_UNS_ADMIN_PERM,
14568 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14569 				  NL80211_FLAG_NEED_RTNL,
14570 	},
14571 	{
14572 		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
14573 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14574 		.doit = nl80211_tdls_channel_switch,
14575 		.flags = GENL_UNS_ADMIN_PERM,
14576 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14577 				  NL80211_FLAG_NEED_RTNL,
14578 	},
14579 	{
14580 		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
14581 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14582 		.doit = nl80211_tdls_cancel_channel_switch,
14583 		.flags = GENL_UNS_ADMIN_PERM,
14584 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14585 				  NL80211_FLAG_NEED_RTNL,
14586 	},
14587 	{
14588 		.cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
14589 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14590 		.doit = nl80211_set_multicast_to_unicast,
14591 		.flags = GENL_UNS_ADMIN_PERM,
14592 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14593 				  NL80211_FLAG_NEED_RTNL,
14594 	},
14595 	{
14596 		.cmd = NL80211_CMD_SET_PMK,
14597 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14598 		.doit = nl80211_set_pmk,
14599 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14600 				  NL80211_FLAG_NEED_RTNL |
14601 				  NL80211_FLAG_CLEAR_SKB,
14602 	},
14603 	{
14604 		.cmd = NL80211_CMD_DEL_PMK,
14605 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14606 		.doit = nl80211_del_pmk,
14607 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14608 				  NL80211_FLAG_NEED_RTNL,
14609 	},
14610 	{
14611 		.cmd = NL80211_CMD_EXTERNAL_AUTH,
14612 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14613 		.doit = nl80211_external_auth,
14614 		.flags = GENL_ADMIN_PERM,
14615 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14616 				  NL80211_FLAG_NEED_RTNL,
14617 	},
14618 	{
14619 		.cmd = NL80211_CMD_CONTROL_PORT_FRAME,
14620 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14621 		.doit = nl80211_tx_control_port,
14622 		.flags = GENL_UNS_ADMIN_PERM,
14623 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14624 				  NL80211_FLAG_NEED_RTNL,
14625 	},
14626 	{
14627 		.cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
14628 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14629 		.doit = nl80211_get_ftm_responder_stats,
14630 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14631 				  NL80211_FLAG_NEED_RTNL,
14632 	},
14633 	{
14634 		.cmd = NL80211_CMD_PEER_MEASUREMENT_START,
14635 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14636 		.doit = nl80211_pmsr_start,
14637 		.flags = GENL_UNS_ADMIN_PERM,
14638 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14639 				  NL80211_FLAG_NEED_RTNL,
14640 	},
14641 	{
14642 		.cmd = NL80211_CMD_NOTIFY_RADAR,
14643 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14644 		.doit = nl80211_notify_radar_detection,
14645 		.flags = GENL_UNS_ADMIN_PERM,
14646 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14647 				  NL80211_FLAG_NEED_RTNL,
14648 	},
14649 	{
14650 		.cmd = NL80211_CMD_UPDATE_OWE_INFO,
14651 		.doit = nl80211_update_owe_info,
14652 		.flags = GENL_ADMIN_PERM,
14653 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14654 				  NL80211_FLAG_NEED_RTNL,
14655 	},
14656 	{
14657 		.cmd = NL80211_CMD_PROBE_MESH_LINK,
14658 		.doit = nl80211_probe_mesh_link,
14659 		.flags = GENL_UNS_ADMIN_PERM,
14660 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14661 				  NL80211_FLAG_NEED_RTNL,
14662 	},
14663 };
14664 
14665 static struct genl_family nl80211_fam __ro_after_init = {
14666 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
14667 	.hdrsize = 0,			/* no private header */
14668 	.version = 1,			/* no particular meaning now */
14669 	.maxattr = NL80211_ATTR_MAX,
14670 	.policy = nl80211_policy,
14671 	.netnsok = true,
14672 	.pre_doit = nl80211_pre_doit,
14673 	.post_doit = nl80211_post_doit,
14674 	.module = THIS_MODULE,
14675 	.ops = nl80211_ops,
14676 	.n_ops = ARRAY_SIZE(nl80211_ops),
14677 	.mcgrps = nl80211_mcgrps,
14678 	.n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
14679 	.parallel_ops = true,
14680 };
14681 
14682 /* notification functions */
14683 
14684 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
14685 			  enum nl80211_commands cmd)
14686 {
14687 	struct sk_buff *msg;
14688 	struct nl80211_dump_wiphy_state state = {};
14689 
14690 	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
14691 		cmd != NL80211_CMD_DEL_WIPHY);
14692 
14693 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14694 	if (!msg)
14695 		return;
14696 
14697 	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
14698 		nlmsg_free(msg);
14699 		return;
14700 	}
14701 
14702 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14703 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
14704 }
14705 
14706 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
14707 				struct wireless_dev *wdev,
14708 				enum nl80211_commands cmd)
14709 {
14710 	struct sk_buff *msg;
14711 
14712 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14713 	if (!msg)
14714 		return;
14715 
14716 	if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
14717 		nlmsg_free(msg);
14718 		return;
14719 	}
14720 
14721 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14722 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
14723 }
14724 
14725 static int nl80211_add_scan_req(struct sk_buff *msg,
14726 				struct cfg80211_registered_device *rdev)
14727 {
14728 	struct cfg80211_scan_request *req = rdev->scan_req;
14729 	struct nlattr *nest;
14730 	int i;
14731 
14732 	if (WARN_ON(!req))
14733 		return 0;
14734 
14735 	nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
14736 	if (!nest)
14737 		goto nla_put_failure;
14738 	for (i = 0; i < req->n_ssids; i++) {
14739 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
14740 			goto nla_put_failure;
14741 	}
14742 	nla_nest_end(msg, nest);
14743 
14744 	nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
14745 	if (!nest)
14746 		goto nla_put_failure;
14747 	for (i = 0; i < req->n_channels; i++) {
14748 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
14749 			goto nla_put_failure;
14750 	}
14751 	nla_nest_end(msg, nest);
14752 
14753 	if (req->ie &&
14754 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
14755 		goto nla_put_failure;
14756 
14757 	if (req->flags &&
14758 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
14759 		goto nla_put_failure;
14760 
14761 	if (req->info.scan_start_tsf &&
14762 	    (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
14763 			       req->info.scan_start_tsf, NL80211_BSS_PAD) ||
14764 	     nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
14765 		     req->info.tsf_bssid)))
14766 		goto nla_put_failure;
14767 
14768 	return 0;
14769  nla_put_failure:
14770 	return -ENOBUFS;
14771 }
14772 
14773 static int nl80211_prep_scan_msg(struct sk_buff *msg,
14774 				 struct cfg80211_registered_device *rdev,
14775 				 struct wireless_dev *wdev,
14776 				 u32 portid, u32 seq, int flags,
14777 				 u32 cmd)
14778 {
14779 	void *hdr;
14780 
14781 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
14782 	if (!hdr)
14783 		return -1;
14784 
14785 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14786 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14787 					 wdev->netdev->ifindex)) ||
14788 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14789 			      NL80211_ATTR_PAD))
14790 		goto nla_put_failure;
14791 
14792 	/* ignore errors and send incomplete event anyway */
14793 	nl80211_add_scan_req(msg, rdev);
14794 
14795 	genlmsg_end(msg, hdr);
14796 	return 0;
14797 
14798  nla_put_failure:
14799 	genlmsg_cancel(msg, hdr);
14800 	return -EMSGSIZE;
14801 }
14802 
14803 static int
14804 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
14805 			    struct cfg80211_sched_scan_request *req, u32 cmd)
14806 {
14807 	void *hdr;
14808 
14809 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14810 	if (!hdr)
14811 		return -1;
14812 
14813 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
14814 			wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
14815 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
14816 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
14817 			      NL80211_ATTR_PAD))
14818 		goto nla_put_failure;
14819 
14820 	genlmsg_end(msg, hdr);
14821 	return 0;
14822 
14823  nla_put_failure:
14824 	genlmsg_cancel(msg, hdr);
14825 	return -EMSGSIZE;
14826 }
14827 
14828 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
14829 			     struct wireless_dev *wdev)
14830 {
14831 	struct sk_buff *msg;
14832 
14833 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14834 	if (!msg)
14835 		return;
14836 
14837 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14838 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
14839 		nlmsg_free(msg);
14840 		return;
14841 	}
14842 
14843 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14844 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14845 }
14846 
14847 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
14848 				       struct wireless_dev *wdev, bool aborted)
14849 {
14850 	struct sk_buff *msg;
14851 
14852 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14853 	if (!msg)
14854 		return NULL;
14855 
14856 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14857 				  aborted ? NL80211_CMD_SCAN_ABORTED :
14858 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
14859 		nlmsg_free(msg);
14860 		return NULL;
14861 	}
14862 
14863 	return msg;
14864 }
14865 
14866 /* send message created by nl80211_build_scan_msg() */
14867 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
14868 			   struct sk_buff *msg)
14869 {
14870 	if (!msg)
14871 		return;
14872 
14873 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14874 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14875 }
14876 
14877 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
14878 {
14879 	struct sk_buff *msg;
14880 
14881 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14882 	if (!msg)
14883 		return;
14884 
14885 	if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
14886 		nlmsg_free(msg);
14887 		return;
14888 	}
14889 
14890 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
14891 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14892 }
14893 
14894 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
14895 					  struct regulatory_request *request)
14896 {
14897 	/* Userspace can always count this one always being set */
14898 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
14899 		goto nla_put_failure;
14900 
14901 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
14902 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14903 			       NL80211_REGDOM_TYPE_WORLD))
14904 			goto nla_put_failure;
14905 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
14906 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14907 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
14908 			goto nla_put_failure;
14909 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
14910 		   request->intersect) {
14911 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14912 			       NL80211_REGDOM_TYPE_INTERSECTION))
14913 			goto nla_put_failure;
14914 	} else {
14915 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14916 			       NL80211_REGDOM_TYPE_COUNTRY) ||
14917 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
14918 				   request->alpha2))
14919 			goto nla_put_failure;
14920 	}
14921 
14922 	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
14923 		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
14924 
14925 		if (wiphy &&
14926 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
14927 			goto nla_put_failure;
14928 
14929 		if (wiphy &&
14930 		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
14931 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
14932 			goto nla_put_failure;
14933 	}
14934 
14935 	return true;
14936 
14937 nla_put_failure:
14938 	return false;
14939 }
14940 
14941 /*
14942  * This can happen on global regulatory changes or device specific settings
14943  * based on custom regulatory domains.
14944  */
14945 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
14946 				     struct regulatory_request *request)
14947 {
14948 	struct sk_buff *msg;
14949 	void *hdr;
14950 
14951 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14952 	if (!msg)
14953 		return;
14954 
14955 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
14956 	if (!hdr) {
14957 		nlmsg_free(msg);
14958 		return;
14959 	}
14960 
14961 	if (nl80211_reg_change_event_fill(msg, request) == false)
14962 		goto nla_put_failure;
14963 
14964 	genlmsg_end(msg, hdr);
14965 
14966 	rcu_read_lock();
14967 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14968 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
14969 	rcu_read_unlock();
14970 
14971 	return;
14972 
14973 nla_put_failure:
14974 	nlmsg_free(msg);
14975 }
14976 
14977 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
14978 				    struct net_device *netdev,
14979 				    const u8 *buf, size_t len,
14980 				    enum nl80211_commands cmd, gfp_t gfp,
14981 				    int uapsd_queues, const u8 *req_ies,
14982 				    size_t req_ies_len)
14983 {
14984 	struct sk_buff *msg;
14985 	void *hdr;
14986 
14987 	msg = nlmsg_new(100 + len + req_ies_len, gfp);
14988 	if (!msg)
14989 		return;
14990 
14991 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14992 	if (!hdr) {
14993 		nlmsg_free(msg);
14994 		return;
14995 	}
14996 
14997 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14998 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14999 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15000 	    (req_ies &&
15001 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
15002 		goto nla_put_failure;
15003 
15004 	if (uapsd_queues >= 0) {
15005 		struct nlattr *nla_wmm =
15006 			nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
15007 		if (!nla_wmm)
15008 			goto nla_put_failure;
15009 
15010 		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
15011 			       uapsd_queues))
15012 			goto nla_put_failure;
15013 
15014 		nla_nest_end(msg, nla_wmm);
15015 	}
15016 
15017 	genlmsg_end(msg, hdr);
15018 
15019 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15020 				NL80211_MCGRP_MLME, gfp);
15021 	return;
15022 
15023  nla_put_failure:
15024 	nlmsg_free(msg);
15025 }
15026 
15027 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
15028 			  struct net_device *netdev, const u8 *buf,
15029 			  size_t len, gfp_t gfp)
15030 {
15031 	nl80211_send_mlme_event(rdev, netdev, buf, len,
15032 				NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0);
15033 }
15034 
15035 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
15036 			   struct net_device *netdev, const u8 *buf,
15037 			   size_t len, gfp_t gfp, int uapsd_queues,
15038 			   const u8 *req_ies, size_t req_ies_len)
15039 {
15040 	nl80211_send_mlme_event(rdev, netdev, buf, len,
15041 				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
15042 				req_ies, req_ies_len);
15043 }
15044 
15045 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
15046 			 struct net_device *netdev, const u8 *buf,
15047 			 size_t len, gfp_t gfp)
15048 {
15049 	nl80211_send_mlme_event(rdev, netdev, buf, len,
15050 				NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0);
15051 }
15052 
15053 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
15054 			   struct net_device *netdev, const u8 *buf,
15055 			   size_t len, gfp_t gfp)
15056 {
15057 	nl80211_send_mlme_event(rdev, netdev, buf, len,
15058 				NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0);
15059 }
15060 
15061 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
15062 				  size_t len)
15063 {
15064 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15065 	struct wiphy *wiphy = wdev->wiphy;
15066 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15067 	const struct ieee80211_mgmt *mgmt = (void *)buf;
15068 	u32 cmd;
15069 
15070 	if (WARN_ON(len < 2))
15071 		return;
15072 
15073 	if (ieee80211_is_deauth(mgmt->frame_control))
15074 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
15075 	else
15076 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
15077 
15078 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
15079 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
15080 				NULL, 0);
15081 }
15082 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
15083 
15084 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
15085 				      struct net_device *netdev, int cmd,
15086 				      const u8 *addr, gfp_t gfp)
15087 {
15088 	struct sk_buff *msg;
15089 	void *hdr;
15090 
15091 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15092 	if (!msg)
15093 		return;
15094 
15095 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15096 	if (!hdr) {
15097 		nlmsg_free(msg);
15098 		return;
15099 	}
15100 
15101 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15102 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15103 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15104 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
15105 		goto nla_put_failure;
15106 
15107 	genlmsg_end(msg, hdr);
15108 
15109 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15110 				NL80211_MCGRP_MLME, gfp);
15111 	return;
15112 
15113  nla_put_failure:
15114 	nlmsg_free(msg);
15115 }
15116 
15117 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
15118 			       struct net_device *netdev, const u8 *addr,
15119 			       gfp_t gfp)
15120 {
15121 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
15122 				  addr, gfp);
15123 }
15124 
15125 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
15126 				struct net_device *netdev, const u8 *addr,
15127 				gfp_t gfp)
15128 {
15129 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
15130 				  addr, gfp);
15131 }
15132 
15133 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
15134 				 struct net_device *netdev,
15135 				 struct cfg80211_connect_resp_params *cr,
15136 				 gfp_t gfp)
15137 {
15138 	struct sk_buff *msg;
15139 	void *hdr;
15140 
15141 	msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
15142 			cr->fils.kek_len + cr->fils.pmk_len +
15143 			(cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15144 	if (!msg)
15145 		return;
15146 
15147 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
15148 	if (!hdr) {
15149 		nlmsg_free(msg);
15150 		return;
15151 	}
15152 
15153 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15154 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15155 	    (cr->bssid &&
15156 	     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
15157 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
15158 			cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
15159 			cr->status) ||
15160 	    (cr->status < 0 &&
15161 	     (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15162 	      nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
15163 			  cr->timeout_reason))) ||
15164 	    (cr->req_ie &&
15165 	     nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
15166 	    (cr->resp_ie &&
15167 	     nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
15168 		     cr->resp_ie)) ||
15169 	    (cr->fils.update_erp_next_seq_num &&
15170 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15171 			 cr->fils.erp_next_seq_num)) ||
15172 	    (cr->status == WLAN_STATUS_SUCCESS &&
15173 	     ((cr->fils.kek &&
15174 	       nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
15175 		       cr->fils.kek)) ||
15176 	      (cr->fils.pmk &&
15177 	       nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
15178 	      (cr->fils.pmkid &&
15179 	       nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
15180 		goto nla_put_failure;
15181 
15182 	genlmsg_end(msg, hdr);
15183 
15184 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15185 				NL80211_MCGRP_MLME, gfp);
15186 	return;
15187 
15188  nla_put_failure:
15189 	nlmsg_free(msg);
15190 }
15191 
15192 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
15193 			 struct net_device *netdev,
15194 			 struct cfg80211_roam_info *info, gfp_t gfp)
15195 {
15196 	struct sk_buff *msg;
15197 	void *hdr;
15198 	const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
15199 
15200 	msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
15201 			info->fils.kek_len + info->fils.pmk_len +
15202 			(info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15203 	if (!msg)
15204 		return;
15205 
15206 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
15207 	if (!hdr) {
15208 		nlmsg_free(msg);
15209 		return;
15210 	}
15211 
15212 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15213 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15214 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
15215 	    (info->req_ie &&
15216 	     nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
15217 		     info->req_ie)) ||
15218 	    (info->resp_ie &&
15219 	     nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
15220 		     info->resp_ie)) ||
15221 	    (info->fils.update_erp_next_seq_num &&
15222 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15223 			 info->fils.erp_next_seq_num)) ||
15224 	    (info->fils.kek &&
15225 	     nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
15226 		     info->fils.kek)) ||
15227 	    (info->fils.pmk &&
15228 	     nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
15229 	    (info->fils.pmkid &&
15230 	     nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
15231 		goto nla_put_failure;
15232 
15233 	genlmsg_end(msg, hdr);
15234 
15235 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15236 				NL80211_MCGRP_MLME, gfp);
15237 	return;
15238 
15239  nla_put_failure:
15240 	nlmsg_free(msg);
15241 }
15242 
15243 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
15244 				  struct net_device *netdev, const u8 *bssid)
15245 {
15246 	struct sk_buff *msg;
15247 	void *hdr;
15248 
15249 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15250 	if (!msg)
15251 		return;
15252 
15253 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
15254 	if (!hdr) {
15255 		nlmsg_free(msg);
15256 		return;
15257 	}
15258 
15259 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15260 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15261 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15262 		goto nla_put_failure;
15263 
15264 	genlmsg_end(msg, hdr);
15265 
15266 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15267 				NL80211_MCGRP_MLME, GFP_KERNEL);
15268 	return;
15269 
15270  nla_put_failure:
15271 	nlmsg_free(msg);
15272 }
15273 
15274 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
15275 			       struct net_device *netdev, u16 reason,
15276 			       const u8 *ie, size_t ie_len, bool from_ap)
15277 {
15278 	struct sk_buff *msg;
15279 	void *hdr;
15280 
15281 	msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
15282 	if (!msg)
15283 		return;
15284 
15285 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
15286 	if (!hdr) {
15287 		nlmsg_free(msg);
15288 		return;
15289 	}
15290 
15291 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15292 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15293 	    (reason &&
15294 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
15295 	    (from_ap &&
15296 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
15297 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
15298 		goto nla_put_failure;
15299 
15300 	genlmsg_end(msg, hdr);
15301 
15302 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15303 				NL80211_MCGRP_MLME, GFP_KERNEL);
15304 	return;
15305 
15306  nla_put_failure:
15307 	nlmsg_free(msg);
15308 }
15309 
15310 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
15311 			     struct net_device *netdev, const u8 *bssid,
15312 			     gfp_t gfp)
15313 {
15314 	struct sk_buff *msg;
15315 	void *hdr;
15316 
15317 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15318 	if (!msg)
15319 		return;
15320 
15321 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
15322 	if (!hdr) {
15323 		nlmsg_free(msg);
15324 		return;
15325 	}
15326 
15327 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15328 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15329 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15330 		goto nla_put_failure;
15331 
15332 	genlmsg_end(msg, hdr);
15333 
15334 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15335 				NL80211_MCGRP_MLME, gfp);
15336 	return;
15337 
15338  nla_put_failure:
15339 	nlmsg_free(msg);
15340 }
15341 
15342 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
15343 					const u8 *ie, u8 ie_len,
15344 					int sig_dbm, gfp_t gfp)
15345 {
15346 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15347 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15348 	struct sk_buff *msg;
15349 	void *hdr;
15350 
15351 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
15352 		return;
15353 
15354 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
15355 
15356 	msg = nlmsg_new(100 + ie_len, gfp);
15357 	if (!msg)
15358 		return;
15359 
15360 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
15361 	if (!hdr) {
15362 		nlmsg_free(msg);
15363 		return;
15364 	}
15365 
15366 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15367 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15368 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15369 	    (ie_len && ie &&
15370 	     nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
15371 	    (sig_dbm &&
15372 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
15373 		goto nla_put_failure;
15374 
15375 	genlmsg_end(msg, hdr);
15376 
15377 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15378 				NL80211_MCGRP_MLME, gfp);
15379 	return;
15380 
15381  nla_put_failure:
15382 	nlmsg_free(msg);
15383 }
15384 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
15385 
15386 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
15387 				 struct net_device *netdev, const u8 *addr,
15388 				 enum nl80211_key_type key_type, int key_id,
15389 				 const u8 *tsc, gfp_t gfp)
15390 {
15391 	struct sk_buff *msg;
15392 	void *hdr;
15393 
15394 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15395 	if (!msg)
15396 		return;
15397 
15398 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
15399 	if (!hdr) {
15400 		nlmsg_free(msg);
15401 		return;
15402 	}
15403 
15404 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15405 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15406 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
15407 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
15408 	    (key_id != -1 &&
15409 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
15410 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
15411 		goto nla_put_failure;
15412 
15413 	genlmsg_end(msg, hdr);
15414 
15415 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15416 				NL80211_MCGRP_MLME, gfp);
15417 	return;
15418 
15419  nla_put_failure:
15420 	nlmsg_free(msg);
15421 }
15422 
15423 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
15424 				    struct ieee80211_channel *channel_before,
15425 				    struct ieee80211_channel *channel_after)
15426 {
15427 	struct sk_buff *msg;
15428 	void *hdr;
15429 	struct nlattr *nl_freq;
15430 
15431 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
15432 	if (!msg)
15433 		return;
15434 
15435 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
15436 	if (!hdr) {
15437 		nlmsg_free(msg);
15438 		return;
15439 	}
15440 
15441 	/*
15442 	 * Since we are applying the beacon hint to a wiphy we know its
15443 	 * wiphy_idx is valid
15444 	 */
15445 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
15446 		goto nla_put_failure;
15447 
15448 	/* Before */
15449 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
15450 	if (!nl_freq)
15451 		goto nla_put_failure;
15452 
15453 	if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
15454 		goto nla_put_failure;
15455 	nla_nest_end(msg, nl_freq);
15456 
15457 	/* After */
15458 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
15459 	if (!nl_freq)
15460 		goto nla_put_failure;
15461 
15462 	if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
15463 		goto nla_put_failure;
15464 	nla_nest_end(msg, nl_freq);
15465 
15466 	genlmsg_end(msg, hdr);
15467 
15468 	rcu_read_lock();
15469 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15470 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15471 	rcu_read_unlock();
15472 
15473 	return;
15474 
15475 nla_put_failure:
15476 	nlmsg_free(msg);
15477 }
15478 
15479 static void nl80211_send_remain_on_chan_event(
15480 	int cmd, struct cfg80211_registered_device *rdev,
15481 	struct wireless_dev *wdev, u64 cookie,
15482 	struct ieee80211_channel *chan,
15483 	unsigned int duration, gfp_t gfp)
15484 {
15485 	struct sk_buff *msg;
15486 	void *hdr;
15487 
15488 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15489 	if (!msg)
15490 		return;
15491 
15492 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15493 	if (!hdr) {
15494 		nlmsg_free(msg);
15495 		return;
15496 	}
15497 
15498 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15499 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15500 					 wdev->netdev->ifindex)) ||
15501 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15502 			      NL80211_ATTR_PAD) ||
15503 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
15504 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
15505 			NL80211_CHAN_NO_HT) ||
15506 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15507 			      NL80211_ATTR_PAD))
15508 		goto nla_put_failure;
15509 
15510 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
15511 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
15512 		goto nla_put_failure;
15513 
15514 	genlmsg_end(msg, hdr);
15515 
15516 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15517 				NL80211_MCGRP_MLME, gfp);
15518 	return;
15519 
15520  nla_put_failure:
15521 	nlmsg_free(msg);
15522 }
15523 
15524 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
15525 			       struct ieee80211_channel *chan,
15526 			       unsigned int duration, gfp_t gfp)
15527 {
15528 	struct wiphy *wiphy = wdev->wiphy;
15529 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15530 
15531 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
15532 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
15533 					  rdev, wdev, cookie, chan,
15534 					  duration, gfp);
15535 }
15536 EXPORT_SYMBOL(cfg80211_ready_on_channel);
15537 
15538 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
15539 					struct ieee80211_channel *chan,
15540 					gfp_t gfp)
15541 {
15542 	struct wiphy *wiphy = wdev->wiphy;
15543 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15544 
15545 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
15546 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15547 					  rdev, wdev, cookie, chan, 0, gfp);
15548 }
15549 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
15550 
15551 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
15552 					struct ieee80211_channel *chan,
15553 					gfp_t gfp)
15554 {
15555 	struct wiphy *wiphy = wdev->wiphy;
15556 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15557 
15558 	trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
15559 	nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
15560 					  rdev, wdev, cookie, chan, 0, gfp);
15561 }
15562 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
15563 
15564 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
15565 		      struct station_info *sinfo, gfp_t gfp)
15566 {
15567 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15568 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15569 	struct sk_buff *msg;
15570 
15571 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
15572 
15573 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15574 	if (!msg)
15575 		return;
15576 
15577 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
15578 				 rdev, dev, mac_addr, sinfo) < 0) {
15579 		nlmsg_free(msg);
15580 		return;
15581 	}
15582 
15583 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15584 				NL80211_MCGRP_MLME, gfp);
15585 }
15586 EXPORT_SYMBOL(cfg80211_new_sta);
15587 
15588 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
15589 			    struct station_info *sinfo, gfp_t gfp)
15590 {
15591 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15592 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15593 	struct sk_buff *msg;
15594 	struct station_info empty_sinfo = {};
15595 
15596 	if (!sinfo)
15597 		sinfo = &empty_sinfo;
15598 
15599 	trace_cfg80211_del_sta(dev, mac_addr);
15600 
15601 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15602 	if (!msg) {
15603 		cfg80211_sinfo_release_content(sinfo);
15604 		return;
15605 	}
15606 
15607 	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
15608 				 rdev, dev, mac_addr, sinfo) < 0) {
15609 		nlmsg_free(msg);
15610 		return;
15611 	}
15612 
15613 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15614 				NL80211_MCGRP_MLME, gfp);
15615 }
15616 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
15617 
15618 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
15619 			  enum nl80211_connect_failed_reason reason,
15620 			  gfp_t gfp)
15621 {
15622 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15623 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15624 	struct sk_buff *msg;
15625 	void *hdr;
15626 
15627 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
15628 	if (!msg)
15629 		return;
15630 
15631 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
15632 	if (!hdr) {
15633 		nlmsg_free(msg);
15634 		return;
15635 	}
15636 
15637 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15638 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
15639 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
15640 		goto nla_put_failure;
15641 
15642 	genlmsg_end(msg, hdr);
15643 
15644 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15645 				NL80211_MCGRP_MLME, gfp);
15646 	return;
15647 
15648  nla_put_failure:
15649 	nlmsg_free(msg);
15650 }
15651 EXPORT_SYMBOL(cfg80211_conn_failed);
15652 
15653 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
15654 				       const u8 *addr, gfp_t gfp)
15655 {
15656 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15657 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15658 	struct sk_buff *msg;
15659 	void *hdr;
15660 	u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
15661 
15662 	if (!nlportid)
15663 		return false;
15664 
15665 	msg = nlmsg_new(100, gfp);
15666 	if (!msg)
15667 		return true;
15668 
15669 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15670 	if (!hdr) {
15671 		nlmsg_free(msg);
15672 		return true;
15673 	}
15674 
15675 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15676 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15677 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
15678 		goto nla_put_failure;
15679 
15680 	genlmsg_end(msg, hdr);
15681 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15682 	return true;
15683 
15684  nla_put_failure:
15685 	nlmsg_free(msg);
15686 	return true;
15687 }
15688 
15689 bool cfg80211_rx_spurious_frame(struct net_device *dev,
15690 				const u8 *addr, gfp_t gfp)
15691 {
15692 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15693 	bool ret;
15694 
15695 	trace_cfg80211_rx_spurious_frame(dev, addr);
15696 
15697 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15698 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
15699 		trace_cfg80211_return_bool(false);
15700 		return false;
15701 	}
15702 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
15703 					 addr, gfp);
15704 	trace_cfg80211_return_bool(ret);
15705 	return ret;
15706 }
15707 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
15708 
15709 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
15710 					const u8 *addr, gfp_t gfp)
15711 {
15712 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15713 	bool ret;
15714 
15715 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
15716 
15717 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15718 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
15719 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
15720 		trace_cfg80211_return_bool(false);
15721 		return false;
15722 	}
15723 	ret = __nl80211_unexpected_frame(dev,
15724 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
15725 					 addr, gfp);
15726 	trace_cfg80211_return_bool(ret);
15727 	return ret;
15728 }
15729 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
15730 
15731 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
15732 		      struct wireless_dev *wdev, u32 nlportid,
15733 		      int freq, int sig_dbm,
15734 		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
15735 {
15736 	struct net_device *netdev = wdev->netdev;
15737 	struct sk_buff *msg;
15738 	void *hdr;
15739 
15740 	msg = nlmsg_new(100 + len, gfp);
15741 	if (!msg)
15742 		return -ENOMEM;
15743 
15744 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
15745 	if (!hdr) {
15746 		nlmsg_free(msg);
15747 		return -ENOMEM;
15748 	}
15749 
15750 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15751 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15752 					netdev->ifindex)) ||
15753 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15754 			      NL80211_ATTR_PAD) ||
15755 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
15756 	    (sig_dbm &&
15757 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
15758 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15759 	    (flags &&
15760 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
15761 		goto nla_put_failure;
15762 
15763 	genlmsg_end(msg, hdr);
15764 
15765 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15766 
15767  nla_put_failure:
15768 	nlmsg_free(msg);
15769 	return -ENOBUFS;
15770 }
15771 
15772 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
15773 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
15774 {
15775 	struct wiphy *wiphy = wdev->wiphy;
15776 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15777 	struct net_device *netdev = wdev->netdev;
15778 	struct sk_buff *msg;
15779 	void *hdr;
15780 
15781 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
15782 
15783 	msg = nlmsg_new(100 + len, gfp);
15784 	if (!msg)
15785 		return;
15786 
15787 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
15788 	if (!hdr) {
15789 		nlmsg_free(msg);
15790 		return;
15791 	}
15792 
15793 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15794 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15795 				   netdev->ifindex)) ||
15796 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15797 			      NL80211_ATTR_PAD) ||
15798 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15799 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15800 			      NL80211_ATTR_PAD) ||
15801 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
15802 		goto nla_put_failure;
15803 
15804 	genlmsg_end(msg, hdr);
15805 
15806 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15807 				NL80211_MCGRP_MLME, gfp);
15808 	return;
15809 
15810  nla_put_failure:
15811 	nlmsg_free(msg);
15812 }
15813 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
15814 
15815 static int __nl80211_rx_control_port(struct net_device *dev,
15816 				     struct sk_buff *skb,
15817 				     bool unencrypted, gfp_t gfp)
15818 {
15819 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15820 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15821 	struct ethhdr *ehdr = eth_hdr(skb);
15822 	const u8 *addr = ehdr->h_source;
15823 	u16 proto = be16_to_cpu(skb->protocol);
15824 	struct sk_buff *msg;
15825 	void *hdr;
15826 	struct nlattr *frame;
15827 
15828 	u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
15829 
15830 	if (!nlportid)
15831 		return -ENOENT;
15832 
15833 	msg = nlmsg_new(100 + skb->len, gfp);
15834 	if (!msg)
15835 		return -ENOMEM;
15836 
15837 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
15838 	if (!hdr) {
15839 		nlmsg_free(msg);
15840 		return -ENOBUFS;
15841 	}
15842 
15843 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15844 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15845 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15846 			      NL80211_ATTR_PAD) ||
15847 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15848 	    nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
15849 	    (unencrypted && nla_put_flag(msg,
15850 					 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
15851 		goto nla_put_failure;
15852 
15853 	frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
15854 	if (!frame)
15855 		goto nla_put_failure;
15856 
15857 	skb_copy_bits(skb, 0, nla_data(frame), skb->len);
15858 	genlmsg_end(msg, hdr);
15859 
15860 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15861 
15862  nla_put_failure:
15863 	nlmsg_free(msg);
15864 	return -ENOBUFS;
15865 }
15866 
15867 bool cfg80211_rx_control_port(struct net_device *dev,
15868 			      struct sk_buff *skb, bool unencrypted)
15869 {
15870 	int ret;
15871 
15872 	trace_cfg80211_rx_control_port(dev, skb, unencrypted);
15873 	ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
15874 	trace_cfg80211_return_bool(ret == 0);
15875 	return ret == 0;
15876 }
15877 EXPORT_SYMBOL(cfg80211_rx_control_port);
15878 
15879 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
15880 					    const char *mac, gfp_t gfp)
15881 {
15882 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15883 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15884 	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15885 	void **cb;
15886 
15887 	if (!msg)
15888 		return NULL;
15889 
15890 	cb = (void **)msg->cb;
15891 
15892 	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
15893 	if (!cb[0]) {
15894 		nlmsg_free(msg);
15895 		return NULL;
15896 	}
15897 
15898 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15899 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15900 		goto nla_put_failure;
15901 
15902 	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
15903 		goto nla_put_failure;
15904 
15905 	cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
15906 	if (!cb[1])
15907 		goto nla_put_failure;
15908 
15909 	cb[2] = rdev;
15910 
15911 	return msg;
15912  nla_put_failure:
15913 	nlmsg_free(msg);
15914 	return NULL;
15915 }
15916 
15917 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
15918 {
15919 	void **cb = (void **)msg->cb;
15920 	struct cfg80211_registered_device *rdev = cb[2];
15921 
15922 	nla_nest_end(msg, cb[1]);
15923 	genlmsg_end(msg, cb[0]);
15924 
15925 	memset(msg->cb, 0, sizeof(msg->cb));
15926 
15927 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15928 				NL80211_MCGRP_MLME, gfp);
15929 }
15930 
15931 void cfg80211_cqm_rssi_notify(struct net_device *dev,
15932 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
15933 			      s32 rssi_level, gfp_t gfp)
15934 {
15935 	struct sk_buff *msg;
15936 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15937 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15938 
15939 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
15940 
15941 	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
15942 		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
15943 		return;
15944 
15945 	if (wdev->cqm_config) {
15946 		wdev->cqm_config->last_rssi_event_value = rssi_level;
15947 
15948 		cfg80211_cqm_rssi_update(rdev, dev);
15949 
15950 		if (rssi_level == 0)
15951 			rssi_level = wdev->cqm_config->last_rssi_event_value;
15952 	}
15953 
15954 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
15955 	if (!msg)
15956 		return;
15957 
15958 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
15959 			rssi_event))
15960 		goto nla_put_failure;
15961 
15962 	if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
15963 				      rssi_level))
15964 		goto nla_put_failure;
15965 
15966 	cfg80211_send_cqm(msg, gfp);
15967 
15968 	return;
15969 
15970  nla_put_failure:
15971 	nlmsg_free(msg);
15972 }
15973 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
15974 
15975 void cfg80211_cqm_txe_notify(struct net_device *dev,
15976 			     const u8 *peer, u32 num_packets,
15977 			     u32 rate, u32 intvl, gfp_t gfp)
15978 {
15979 	struct sk_buff *msg;
15980 
15981 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
15982 	if (!msg)
15983 		return;
15984 
15985 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
15986 		goto nla_put_failure;
15987 
15988 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
15989 		goto nla_put_failure;
15990 
15991 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
15992 		goto nla_put_failure;
15993 
15994 	cfg80211_send_cqm(msg, gfp);
15995 	return;
15996 
15997  nla_put_failure:
15998 	nlmsg_free(msg);
15999 }
16000 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
16001 
16002 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
16003 				 const u8 *peer, u32 num_packets, gfp_t gfp)
16004 {
16005 	struct sk_buff *msg;
16006 
16007 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
16008 
16009 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
16010 	if (!msg)
16011 		return;
16012 
16013 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
16014 		goto nla_put_failure;
16015 
16016 	cfg80211_send_cqm(msg, gfp);
16017 	return;
16018 
16019  nla_put_failure:
16020 	nlmsg_free(msg);
16021 }
16022 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
16023 
16024 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
16025 {
16026 	struct sk_buff *msg;
16027 
16028 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
16029 	if (!msg)
16030 		return;
16031 
16032 	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
16033 		goto nla_put_failure;
16034 
16035 	cfg80211_send_cqm(msg, gfp);
16036 	return;
16037 
16038  nla_put_failure:
16039 	nlmsg_free(msg);
16040 }
16041 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
16042 
16043 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
16044 				     struct net_device *netdev, const u8 *bssid,
16045 				     const u8 *replay_ctr, gfp_t gfp)
16046 {
16047 	struct sk_buff *msg;
16048 	struct nlattr *rekey_attr;
16049 	void *hdr;
16050 
16051 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16052 	if (!msg)
16053 		return;
16054 
16055 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
16056 	if (!hdr) {
16057 		nlmsg_free(msg);
16058 		return;
16059 	}
16060 
16061 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16062 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16063 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16064 		goto nla_put_failure;
16065 
16066 	rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
16067 	if (!rekey_attr)
16068 		goto nla_put_failure;
16069 
16070 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
16071 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
16072 		goto nla_put_failure;
16073 
16074 	nla_nest_end(msg, rekey_attr);
16075 
16076 	genlmsg_end(msg, hdr);
16077 
16078 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16079 				NL80211_MCGRP_MLME, gfp);
16080 	return;
16081 
16082  nla_put_failure:
16083 	nlmsg_free(msg);
16084 }
16085 
16086 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
16087 			       const u8 *replay_ctr, gfp_t gfp)
16088 {
16089 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16090 	struct wiphy *wiphy = wdev->wiphy;
16091 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16092 
16093 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
16094 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
16095 }
16096 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
16097 
16098 static void
16099 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
16100 			       struct net_device *netdev, int index,
16101 			       const u8 *bssid, bool preauth, gfp_t gfp)
16102 {
16103 	struct sk_buff *msg;
16104 	struct nlattr *attr;
16105 	void *hdr;
16106 
16107 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16108 	if (!msg)
16109 		return;
16110 
16111 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
16112 	if (!hdr) {
16113 		nlmsg_free(msg);
16114 		return;
16115 	}
16116 
16117 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16118 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16119 		goto nla_put_failure;
16120 
16121 	attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
16122 	if (!attr)
16123 		goto nla_put_failure;
16124 
16125 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
16126 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
16127 	    (preauth &&
16128 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
16129 		goto nla_put_failure;
16130 
16131 	nla_nest_end(msg, attr);
16132 
16133 	genlmsg_end(msg, hdr);
16134 
16135 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16136 				NL80211_MCGRP_MLME, gfp);
16137 	return;
16138 
16139  nla_put_failure:
16140 	nlmsg_free(msg);
16141 }
16142 
16143 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
16144 				     const u8 *bssid, bool preauth, gfp_t gfp)
16145 {
16146 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16147 	struct wiphy *wiphy = wdev->wiphy;
16148 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16149 
16150 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
16151 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
16152 }
16153 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
16154 
16155 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
16156 				     struct net_device *netdev,
16157 				     struct cfg80211_chan_def *chandef,
16158 				     gfp_t gfp,
16159 				     enum nl80211_commands notif,
16160 				     u8 count)
16161 {
16162 	struct sk_buff *msg;
16163 	void *hdr;
16164 
16165 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16166 	if (!msg)
16167 		return;
16168 
16169 	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
16170 	if (!hdr) {
16171 		nlmsg_free(msg);
16172 		return;
16173 	}
16174 
16175 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16176 		goto nla_put_failure;
16177 
16178 	if (nl80211_send_chandef(msg, chandef))
16179 		goto nla_put_failure;
16180 
16181 	if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
16182 	    (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
16183 			goto nla_put_failure;
16184 
16185 	genlmsg_end(msg, hdr);
16186 
16187 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16188 				NL80211_MCGRP_MLME, gfp);
16189 	return;
16190 
16191  nla_put_failure:
16192 	nlmsg_free(msg);
16193 }
16194 
16195 void cfg80211_ch_switch_notify(struct net_device *dev,
16196 			       struct cfg80211_chan_def *chandef)
16197 {
16198 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16199 	struct wiphy *wiphy = wdev->wiphy;
16200 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16201 
16202 	ASSERT_WDEV_LOCK(wdev);
16203 
16204 	trace_cfg80211_ch_switch_notify(dev, chandef);
16205 
16206 	wdev->chandef = *chandef;
16207 	wdev->preset_chandef = *chandef;
16208 
16209 	if (wdev->iftype == NL80211_IFTYPE_STATION &&
16210 	    !WARN_ON(!wdev->current_bss))
16211 		cfg80211_update_assoc_bss_entry(wdev, chandef->chan);
16212 
16213 	cfg80211_sched_dfs_chan_update(rdev);
16214 
16215 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16216 				 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
16217 }
16218 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
16219 
16220 void cfg80211_ch_switch_started_notify(struct net_device *dev,
16221 				       struct cfg80211_chan_def *chandef,
16222 				       u8 count)
16223 {
16224 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16225 	struct wiphy *wiphy = wdev->wiphy;
16226 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16227 
16228 	trace_cfg80211_ch_switch_started_notify(dev, chandef);
16229 
16230 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16231 				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
16232 }
16233 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
16234 
16235 void
16236 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
16237 		     const struct cfg80211_chan_def *chandef,
16238 		     enum nl80211_radar_event event,
16239 		     struct net_device *netdev, gfp_t gfp)
16240 {
16241 	struct sk_buff *msg;
16242 	void *hdr;
16243 
16244 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16245 	if (!msg)
16246 		return;
16247 
16248 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
16249 	if (!hdr) {
16250 		nlmsg_free(msg);
16251 		return;
16252 	}
16253 
16254 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16255 		goto nla_put_failure;
16256 
16257 	/* NOP and radar events don't need a netdev parameter */
16258 	if (netdev) {
16259 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
16260 
16261 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16262 		    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16263 				      NL80211_ATTR_PAD))
16264 			goto nla_put_failure;
16265 	}
16266 
16267 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
16268 		goto nla_put_failure;
16269 
16270 	if (nl80211_send_chandef(msg, chandef))
16271 		goto nla_put_failure;
16272 
16273 	genlmsg_end(msg, hdr);
16274 
16275 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16276 				NL80211_MCGRP_MLME, gfp);
16277 	return;
16278 
16279  nla_put_failure:
16280 	nlmsg_free(msg);
16281 }
16282 
16283 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
16284 				       struct sta_opmode_info *sta_opmode,
16285 				       gfp_t gfp)
16286 {
16287 	struct sk_buff *msg;
16288 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16289 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16290 	void *hdr;
16291 
16292 	if (WARN_ON(!mac))
16293 		return;
16294 
16295 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16296 	if (!msg)
16297 		return;
16298 
16299 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
16300 	if (!hdr) {
16301 		nlmsg_free(msg);
16302 		return;
16303 	}
16304 
16305 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16306 		goto nla_put_failure;
16307 
16308 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16309 		goto nla_put_failure;
16310 
16311 	if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
16312 		goto nla_put_failure;
16313 
16314 	if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
16315 	    nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
16316 		goto nla_put_failure;
16317 
16318 	if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
16319 	    nla_put_u8(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
16320 		goto nla_put_failure;
16321 
16322 	if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
16323 	    nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
16324 		goto nla_put_failure;
16325 
16326 	genlmsg_end(msg, hdr);
16327 
16328 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16329 				NL80211_MCGRP_MLME, gfp);
16330 
16331 	return;
16332 
16333 nla_put_failure:
16334 	nlmsg_free(msg);
16335 }
16336 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
16337 
16338 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
16339 			   u64 cookie, bool acked, s32 ack_signal,
16340 			   bool is_valid_ack_signal, gfp_t gfp)
16341 {
16342 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16343 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16344 	struct sk_buff *msg;
16345 	void *hdr;
16346 
16347 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
16348 
16349 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16350 
16351 	if (!msg)
16352 		return;
16353 
16354 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
16355 	if (!hdr) {
16356 		nlmsg_free(msg);
16357 		return;
16358 	}
16359 
16360 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16361 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16362 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16363 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16364 			      NL80211_ATTR_PAD) ||
16365 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
16366 	    (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
16367 						ack_signal)))
16368 		goto nla_put_failure;
16369 
16370 	genlmsg_end(msg, hdr);
16371 
16372 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16373 				NL80211_MCGRP_MLME, gfp);
16374 	return;
16375 
16376  nla_put_failure:
16377 	nlmsg_free(msg);
16378 }
16379 EXPORT_SYMBOL(cfg80211_probe_status);
16380 
16381 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
16382 				 const u8 *frame, size_t len,
16383 				 int freq, int sig_dbm)
16384 {
16385 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16386 	struct sk_buff *msg;
16387 	void *hdr;
16388 	struct cfg80211_beacon_registration *reg;
16389 
16390 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
16391 
16392 	spin_lock_bh(&rdev->beacon_registrations_lock);
16393 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
16394 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
16395 		if (!msg) {
16396 			spin_unlock_bh(&rdev->beacon_registrations_lock);
16397 			return;
16398 		}
16399 
16400 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16401 		if (!hdr)
16402 			goto nla_put_failure;
16403 
16404 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16405 		    (freq &&
16406 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
16407 		    (sig_dbm &&
16408 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16409 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
16410 			goto nla_put_failure;
16411 
16412 		genlmsg_end(msg, hdr);
16413 
16414 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
16415 	}
16416 	spin_unlock_bh(&rdev->beacon_registrations_lock);
16417 	return;
16418 
16419  nla_put_failure:
16420 	spin_unlock_bh(&rdev->beacon_registrations_lock);
16421 	nlmsg_free(msg);
16422 }
16423 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
16424 
16425 #ifdef CONFIG_PM
16426 static int cfg80211_net_detect_results(struct sk_buff *msg,
16427 				       struct cfg80211_wowlan_wakeup *wakeup)
16428 {
16429 	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
16430 	struct nlattr *nl_results, *nl_match, *nl_freqs;
16431 	int i, j;
16432 
16433 	nl_results = nla_nest_start_noflag(msg,
16434 					   NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
16435 	if (!nl_results)
16436 		return -EMSGSIZE;
16437 
16438 	for (i = 0; i < nd->n_matches; i++) {
16439 		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
16440 
16441 		nl_match = nla_nest_start_noflag(msg, i);
16442 		if (!nl_match)
16443 			break;
16444 
16445 		/* The SSID attribute is optional in nl80211, but for
16446 		 * simplicity reasons it's always present in the
16447 		 * cfg80211 structure.  If a driver can't pass the
16448 		 * SSID, that needs to be changed.  A zero length SSID
16449 		 * is still a valid SSID (wildcard), so it cannot be
16450 		 * used for this purpose.
16451 		 */
16452 		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
16453 			    match->ssid.ssid)) {
16454 			nla_nest_cancel(msg, nl_match);
16455 			goto out;
16456 		}
16457 
16458 		if (match->n_channels) {
16459 			nl_freqs = nla_nest_start_noflag(msg,
16460 							 NL80211_ATTR_SCAN_FREQUENCIES);
16461 			if (!nl_freqs) {
16462 				nla_nest_cancel(msg, nl_match);
16463 				goto out;
16464 			}
16465 
16466 			for (j = 0; j < match->n_channels; j++) {
16467 				if (nla_put_u32(msg, j, match->channels[j])) {
16468 					nla_nest_cancel(msg, nl_freqs);
16469 					nla_nest_cancel(msg, nl_match);
16470 					goto out;
16471 				}
16472 			}
16473 
16474 			nla_nest_end(msg, nl_freqs);
16475 		}
16476 
16477 		nla_nest_end(msg, nl_match);
16478 	}
16479 
16480 out:
16481 	nla_nest_end(msg, nl_results);
16482 	return 0;
16483 }
16484 
16485 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
16486 				   struct cfg80211_wowlan_wakeup *wakeup,
16487 				   gfp_t gfp)
16488 {
16489 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16490 	struct sk_buff *msg;
16491 	void *hdr;
16492 	int size = 200;
16493 
16494 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
16495 
16496 	if (wakeup)
16497 		size += wakeup->packet_present_len;
16498 
16499 	msg = nlmsg_new(size, gfp);
16500 	if (!msg)
16501 		return;
16502 
16503 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
16504 	if (!hdr)
16505 		goto free_msg;
16506 
16507 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16508 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16509 			      NL80211_ATTR_PAD))
16510 		goto free_msg;
16511 
16512 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16513 					wdev->netdev->ifindex))
16514 		goto free_msg;
16515 
16516 	if (wakeup) {
16517 		struct nlattr *reasons;
16518 
16519 		reasons = nla_nest_start_noflag(msg,
16520 						NL80211_ATTR_WOWLAN_TRIGGERS);
16521 		if (!reasons)
16522 			goto free_msg;
16523 
16524 		if (wakeup->disconnect &&
16525 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
16526 			goto free_msg;
16527 		if (wakeup->magic_pkt &&
16528 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
16529 			goto free_msg;
16530 		if (wakeup->gtk_rekey_failure &&
16531 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
16532 			goto free_msg;
16533 		if (wakeup->eap_identity_req &&
16534 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
16535 			goto free_msg;
16536 		if (wakeup->four_way_handshake &&
16537 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
16538 			goto free_msg;
16539 		if (wakeup->rfkill_release &&
16540 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
16541 			goto free_msg;
16542 
16543 		if (wakeup->pattern_idx >= 0 &&
16544 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
16545 				wakeup->pattern_idx))
16546 			goto free_msg;
16547 
16548 		if (wakeup->tcp_match &&
16549 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
16550 			goto free_msg;
16551 
16552 		if (wakeup->tcp_connlost &&
16553 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
16554 			goto free_msg;
16555 
16556 		if (wakeup->tcp_nomoretokens &&
16557 		    nla_put_flag(msg,
16558 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
16559 			goto free_msg;
16560 
16561 		if (wakeup->packet) {
16562 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
16563 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
16564 
16565 			if (!wakeup->packet_80211) {
16566 				pkt_attr =
16567 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
16568 				len_attr =
16569 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
16570 			}
16571 
16572 			if (wakeup->packet_len &&
16573 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
16574 				goto free_msg;
16575 
16576 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
16577 				    wakeup->packet))
16578 				goto free_msg;
16579 		}
16580 
16581 		if (wakeup->net_detect &&
16582 		    cfg80211_net_detect_results(msg, wakeup))
16583 				goto free_msg;
16584 
16585 		nla_nest_end(msg, reasons);
16586 	}
16587 
16588 	genlmsg_end(msg, hdr);
16589 
16590 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16591 				NL80211_MCGRP_MLME, gfp);
16592 	return;
16593 
16594  free_msg:
16595 	nlmsg_free(msg);
16596 }
16597 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
16598 #endif
16599 
16600 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
16601 				enum nl80211_tdls_operation oper,
16602 				u16 reason_code, gfp_t gfp)
16603 {
16604 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16605 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16606 	struct sk_buff *msg;
16607 	void *hdr;
16608 
16609 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
16610 					 reason_code);
16611 
16612 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16613 	if (!msg)
16614 		return;
16615 
16616 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
16617 	if (!hdr) {
16618 		nlmsg_free(msg);
16619 		return;
16620 	}
16621 
16622 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16623 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16624 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
16625 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
16626 	    (reason_code > 0 &&
16627 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
16628 		goto nla_put_failure;
16629 
16630 	genlmsg_end(msg, hdr);
16631 
16632 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16633 				NL80211_MCGRP_MLME, gfp);
16634 	return;
16635 
16636  nla_put_failure:
16637 	nlmsg_free(msg);
16638 }
16639 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
16640 
16641 static int nl80211_netlink_notify(struct notifier_block * nb,
16642 				  unsigned long state,
16643 				  void *_notify)
16644 {
16645 	struct netlink_notify *notify = _notify;
16646 	struct cfg80211_registered_device *rdev;
16647 	struct wireless_dev *wdev;
16648 	struct cfg80211_beacon_registration *reg, *tmp;
16649 
16650 	if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
16651 		return NOTIFY_DONE;
16652 
16653 	rcu_read_lock();
16654 
16655 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
16656 		struct cfg80211_sched_scan_request *sched_scan_req;
16657 
16658 		list_for_each_entry_rcu(sched_scan_req,
16659 					&rdev->sched_scan_req_list,
16660 					list) {
16661 			if (sched_scan_req->owner_nlportid == notify->portid) {
16662 				sched_scan_req->nl_owner_dead = true;
16663 				schedule_work(&rdev->sched_scan_stop_wk);
16664 			}
16665 		}
16666 
16667 		list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
16668 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
16669 
16670 			if (wdev->owner_nlportid == notify->portid) {
16671 				wdev->nl_owner_dead = true;
16672 				schedule_work(&rdev->destroy_work);
16673 			} else if (wdev->conn_owner_nlportid == notify->portid) {
16674 				schedule_work(&wdev->disconnect_wk);
16675 			}
16676 
16677 			cfg80211_release_pmsr(wdev, notify->portid);
16678 		}
16679 
16680 		spin_lock_bh(&rdev->beacon_registrations_lock);
16681 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
16682 					 list) {
16683 			if (reg->nlportid == notify->portid) {
16684 				list_del(&reg->list);
16685 				kfree(reg);
16686 				break;
16687 			}
16688 		}
16689 		spin_unlock_bh(&rdev->beacon_registrations_lock);
16690 	}
16691 
16692 	rcu_read_unlock();
16693 
16694 	/*
16695 	 * It is possible that the user space process that is controlling the
16696 	 * indoor setting disappeared, so notify the regulatory core.
16697 	 */
16698 	regulatory_netlink_notify(notify->portid);
16699 	return NOTIFY_OK;
16700 }
16701 
16702 static struct notifier_block nl80211_netlink_notifier = {
16703 	.notifier_call = nl80211_netlink_notify,
16704 };
16705 
16706 void cfg80211_ft_event(struct net_device *netdev,
16707 		       struct cfg80211_ft_event_params *ft_event)
16708 {
16709 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16710 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16711 	struct sk_buff *msg;
16712 	void *hdr;
16713 
16714 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
16715 
16716 	if (!ft_event->target_ap)
16717 		return;
16718 
16719 	msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
16720 			GFP_KERNEL);
16721 	if (!msg)
16722 		return;
16723 
16724 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
16725 	if (!hdr)
16726 		goto out;
16727 
16728 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16729 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16730 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
16731 		goto out;
16732 
16733 	if (ft_event->ies &&
16734 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
16735 		goto out;
16736 	if (ft_event->ric_ies &&
16737 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
16738 		    ft_event->ric_ies))
16739 		goto out;
16740 
16741 	genlmsg_end(msg, hdr);
16742 
16743 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16744 				NL80211_MCGRP_MLME, GFP_KERNEL);
16745 	return;
16746  out:
16747 	nlmsg_free(msg);
16748 }
16749 EXPORT_SYMBOL(cfg80211_ft_event);
16750 
16751 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
16752 {
16753 	struct cfg80211_registered_device *rdev;
16754 	struct sk_buff *msg;
16755 	void *hdr;
16756 	u32 nlportid;
16757 
16758 	rdev = wiphy_to_rdev(wdev->wiphy);
16759 	if (!rdev->crit_proto_nlportid)
16760 		return;
16761 
16762 	nlportid = rdev->crit_proto_nlportid;
16763 	rdev->crit_proto_nlportid = 0;
16764 
16765 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16766 	if (!msg)
16767 		return;
16768 
16769 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
16770 	if (!hdr)
16771 		goto nla_put_failure;
16772 
16773 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16774 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16775 			      NL80211_ATTR_PAD))
16776 		goto nla_put_failure;
16777 
16778 	genlmsg_end(msg, hdr);
16779 
16780 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16781 	return;
16782 
16783  nla_put_failure:
16784 	nlmsg_free(msg);
16785 }
16786 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
16787 
16788 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
16789 {
16790 	struct wiphy *wiphy = wdev->wiphy;
16791 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16792 	struct sk_buff *msg;
16793 	void *hdr;
16794 
16795 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16796 	if (!msg)
16797 		return;
16798 
16799 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
16800 	if (!hdr)
16801 		goto out;
16802 
16803 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16804 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
16805 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16806 			      NL80211_ATTR_PAD))
16807 		goto out;
16808 
16809 	genlmsg_end(msg, hdr);
16810 
16811 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
16812 				NL80211_MCGRP_MLME, GFP_KERNEL);
16813 	return;
16814  out:
16815 	nlmsg_free(msg);
16816 }
16817 
16818 int cfg80211_external_auth_request(struct net_device *dev,
16819 				   struct cfg80211_external_auth_params *params,
16820 				   gfp_t gfp)
16821 {
16822 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16823 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16824 	struct sk_buff *msg;
16825 	void *hdr;
16826 
16827 	if (!wdev->conn_owner_nlportid)
16828 		return -EINVAL;
16829 
16830 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16831 	if (!msg)
16832 		return -ENOMEM;
16833 
16834 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
16835 	if (!hdr)
16836 		goto nla_put_failure;
16837 
16838 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16839 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16840 	    nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
16841 	    nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
16842 			params->action) ||
16843 	    nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
16844 	    nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
16845 		    params->ssid.ssid))
16846 		goto nla_put_failure;
16847 
16848 	genlmsg_end(msg, hdr);
16849 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
16850 			wdev->conn_owner_nlportid);
16851 	return 0;
16852 
16853  nla_put_failure:
16854 	nlmsg_free(msg);
16855 	return -ENOBUFS;
16856 }
16857 EXPORT_SYMBOL(cfg80211_external_auth_request);
16858 
16859 void cfg80211_update_owe_info_event(struct net_device *netdev,
16860 				    struct cfg80211_update_owe_info *owe_info,
16861 				    gfp_t gfp)
16862 {
16863 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16864 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16865 	struct sk_buff *msg;
16866 	void *hdr;
16867 
16868 	trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
16869 
16870 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16871 	if (!msg)
16872 		return;
16873 
16874 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
16875 	if (!hdr)
16876 		goto nla_put_failure;
16877 
16878 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16879 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16880 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
16881 		goto nla_put_failure;
16882 
16883 	if (!owe_info->ie_len ||
16884 	    nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
16885 		goto nla_put_failure;
16886 
16887 	genlmsg_end(msg, hdr);
16888 
16889 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16890 				NL80211_MCGRP_MLME, gfp);
16891 	return;
16892 
16893 nla_put_failure:
16894 	genlmsg_cancel(msg, hdr);
16895 	nlmsg_free(msg);
16896 }
16897 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
16898 
16899 /* initialisation/exit functions */
16900 
16901 int __init nl80211_init(void)
16902 {
16903 	int err;
16904 
16905 	err = genl_register_family(&nl80211_fam);
16906 	if (err)
16907 		return err;
16908 
16909 	err = netlink_register_notifier(&nl80211_netlink_notifier);
16910 	if (err)
16911 		goto err_out;
16912 
16913 	return 0;
16914  err_out:
16915 	genl_unregister_family(&nl80211_fam);
16916 	return err;
16917 }
16918 
16919 void nl80211_exit(void)
16920 {
16921 	netlink_unregister_notifier(&nl80211_netlink_notifier);
16922 	genl_unregister_family(&nl80211_fam);
16923 }
16924