xref: /linux/net/wireless/nl80211.c (revision 26b0d14106954ae46d2f4f7eec3481828a210f7d)
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  */
6 
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include "core.h"
23 #include "nl80211.h"
24 #include "reg.h"
25 
26 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type);
27 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
28 				   struct genl_info *info,
29 				   struct cfg80211_crypto_settings *settings,
30 				   int cipher_limit);
31 
32 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
33 			    struct genl_info *info);
34 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
35 			      struct genl_info *info);
36 
37 /* the netlink family */
38 static struct genl_family nl80211_fam = {
39 	.id = GENL_ID_GENERATE,	/* don't bother with a hardcoded ID */
40 	.name = "nl80211",	/* have users key off the name instead */
41 	.hdrsize = 0,		/* no private header */
42 	.version = 1,		/* no particular meaning now */
43 	.maxattr = NL80211_ATTR_MAX,
44 	.netnsok = true,
45 	.pre_doit = nl80211_pre_doit,
46 	.post_doit = nl80211_post_doit,
47 };
48 
49 /* internal helper: get rdev and dev */
50 static int get_rdev_dev_by_ifindex(struct net *netns, struct nlattr **attrs,
51 				   struct cfg80211_registered_device **rdev,
52 				   struct net_device **dev)
53 {
54 	int ifindex;
55 
56 	if (!attrs[NL80211_ATTR_IFINDEX])
57 		return -EINVAL;
58 
59 	ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
60 	*dev = dev_get_by_index(netns, ifindex);
61 	if (!*dev)
62 		return -ENODEV;
63 
64 	*rdev = cfg80211_get_dev_from_ifindex(netns, ifindex);
65 	if (IS_ERR(*rdev)) {
66 		dev_put(*dev);
67 		return PTR_ERR(*rdev);
68 	}
69 
70 	return 0;
71 }
72 
73 /* policy for the attributes */
74 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
75 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
76 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
77 				      .len = 20-1 },
78 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
79 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
80 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
81 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
82 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
83 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
84 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
85 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
86 
87 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
88 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
89 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
90 
91 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
92 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
93 
94 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
95 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
96 				    .len = WLAN_MAX_KEY_LEN },
97 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
98 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
99 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
100 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
101 	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
102 
103 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
104 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
105 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
106 				       .len = IEEE80211_MAX_DATA_LEN },
107 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
108 				       .len = IEEE80211_MAX_DATA_LEN },
109 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
110 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
111 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
112 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
113 					       .len = NL80211_MAX_SUPP_RATES },
114 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
115 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
116 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
117 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
118 				.len = IEEE80211_MAX_MESH_ID_LEN },
119 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
120 
121 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
122 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
123 
124 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
125 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
126 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
127 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
128 					   .len = NL80211_MAX_SUPP_RATES },
129 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
130 
131 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
132 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
133 
134 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
135 
136 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
137 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
138 			      .len = IEEE80211_MAX_DATA_LEN },
139 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
140 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
141 
142 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
143 				.len = IEEE80211_MAX_SSID_LEN },
144 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
145 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
146 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
147 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
148 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
149 	[NL80211_ATTR_STA_FLAGS2] = {
150 		.len = sizeof(struct nl80211_sta_flag_update),
151 	},
152 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
153 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
154 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
155 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
156 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
157 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
158 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
159 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
160 	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
161 				 .len = WLAN_PMKID_LEN },
162 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
163 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
164 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
165 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
166 				 .len = IEEE80211_MAX_DATA_LEN },
167 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
168 	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
169 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
170 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
171 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
172 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
173 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
174 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
175 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
176 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
177 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
178 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
179 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
180 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
181 	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
182 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
183 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
184 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
185 	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
186 	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
187 					 .len = IEEE80211_MAX_DATA_LEN },
188 	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
189 					 .len = IEEE80211_MAX_DATA_LEN },
190 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
191 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
192 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
193 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
194 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
195 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
196 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
197 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
198 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
199 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
200 				      .len = IEEE80211_MAX_DATA_LEN },
201 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
202 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
203 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
204 		.len = NL80211_HT_CAPABILITY_LEN
205 	},
206 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
207 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
208 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
209 };
210 
211 /* policy for the key attributes */
212 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
213 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
214 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
215 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
216 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
217 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
218 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
219 	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
220 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
221 };
222 
223 /* policy for the key default flags */
224 static const struct nla_policy
225 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
226 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
227 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
228 };
229 
230 /* policy for WoWLAN attributes */
231 static const struct nla_policy
232 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
233 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
234 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
235 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
236 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
237 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
238 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
239 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
240 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
241 };
242 
243 /* policy for GTK rekey offload attributes */
244 static const struct nla_policy
245 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
246 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
247 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
248 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
249 };
250 
251 static const struct nla_policy
252 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
253 	[NL80211_ATTR_SCHED_SCAN_MATCH_SSID] = { .type = NLA_BINARY,
254 						 .len = IEEE80211_MAX_SSID_LEN },
255 };
256 
257 /* ifidx get helper */
258 static int nl80211_get_ifidx(struct netlink_callback *cb)
259 {
260 	int res;
261 
262 	res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
263 			  nl80211_fam.attrbuf, nl80211_fam.maxattr,
264 			  nl80211_policy);
265 	if (res)
266 		return res;
267 
268 	if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
269 		return -EINVAL;
270 
271 	res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
272 	if (!res)
273 		return -EINVAL;
274 	return res;
275 }
276 
277 static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
278 				       struct netlink_callback *cb,
279 				       struct cfg80211_registered_device **rdev,
280 				       struct net_device **dev)
281 {
282 	int ifidx = cb->args[0];
283 	int err;
284 
285 	if (!ifidx)
286 		ifidx = nl80211_get_ifidx(cb);
287 	if (ifidx < 0)
288 		return ifidx;
289 
290 	cb->args[0] = ifidx;
291 
292 	rtnl_lock();
293 
294 	*dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
295 	if (!*dev) {
296 		err = -ENODEV;
297 		goto out_rtnl;
298 	}
299 
300 	*rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
301 	if (IS_ERR(*rdev)) {
302 		err = PTR_ERR(*rdev);
303 		goto out_rtnl;
304 	}
305 
306 	return 0;
307  out_rtnl:
308 	rtnl_unlock();
309 	return err;
310 }
311 
312 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
313 {
314 	cfg80211_unlock_rdev(rdev);
315 	rtnl_unlock();
316 }
317 
318 /* IE validation */
319 static bool is_valid_ie_attr(const struct nlattr *attr)
320 {
321 	const u8 *pos;
322 	int len;
323 
324 	if (!attr)
325 		return true;
326 
327 	pos = nla_data(attr);
328 	len = nla_len(attr);
329 
330 	while (len) {
331 		u8 elemlen;
332 
333 		if (len < 2)
334 			return false;
335 		len -= 2;
336 
337 		elemlen = pos[1];
338 		if (elemlen > len)
339 			return false;
340 
341 		len -= elemlen;
342 		pos += 2 + elemlen;
343 	}
344 
345 	return true;
346 }
347 
348 /* message building helper */
349 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
350 				   int flags, u8 cmd)
351 {
352 	/* since there is no private header just add the generic one */
353 	return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
354 }
355 
356 static int nl80211_msg_put_channel(struct sk_buff *msg,
357 				   struct ieee80211_channel *chan)
358 {
359 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
360 			chan->center_freq))
361 		goto nla_put_failure;
362 
363 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
364 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
365 		goto nla_put_failure;
366 	if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
367 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN))
368 		goto nla_put_failure;
369 	if ((chan->flags & IEEE80211_CHAN_NO_IBSS) &&
370 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS))
371 		goto nla_put_failure;
372 	if ((chan->flags & IEEE80211_CHAN_RADAR) &&
373 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
374 		goto nla_put_failure;
375 
376 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
377 			DBM_TO_MBM(chan->max_power)))
378 		goto nla_put_failure;
379 
380 	return 0;
381 
382  nla_put_failure:
383 	return -ENOBUFS;
384 }
385 
386 /* netlink command implementations */
387 
388 struct key_parse {
389 	struct key_params p;
390 	int idx;
391 	int type;
392 	bool def, defmgmt;
393 	bool def_uni, def_multi;
394 };
395 
396 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
397 {
398 	struct nlattr *tb[NL80211_KEY_MAX + 1];
399 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
400 				   nl80211_key_policy);
401 	if (err)
402 		return err;
403 
404 	k->def = !!tb[NL80211_KEY_DEFAULT];
405 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
406 
407 	if (k->def) {
408 		k->def_uni = true;
409 		k->def_multi = true;
410 	}
411 	if (k->defmgmt)
412 		k->def_multi = true;
413 
414 	if (tb[NL80211_KEY_IDX])
415 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
416 
417 	if (tb[NL80211_KEY_DATA]) {
418 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
419 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
420 	}
421 
422 	if (tb[NL80211_KEY_SEQ]) {
423 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
424 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
425 	}
426 
427 	if (tb[NL80211_KEY_CIPHER])
428 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
429 
430 	if (tb[NL80211_KEY_TYPE]) {
431 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
432 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
433 			return -EINVAL;
434 	}
435 
436 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
437 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
438 		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
439 				       tb[NL80211_KEY_DEFAULT_TYPES],
440 				       nl80211_key_default_policy);
441 		if (err)
442 			return err;
443 
444 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
445 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
446 	}
447 
448 	return 0;
449 }
450 
451 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
452 {
453 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
454 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
455 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
456 	}
457 
458 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
459 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
460 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
461 	}
462 
463 	if (info->attrs[NL80211_ATTR_KEY_IDX])
464 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
465 
466 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
467 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
468 
469 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
470 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
471 
472 	if (k->def) {
473 		k->def_uni = true;
474 		k->def_multi = true;
475 	}
476 	if (k->defmgmt)
477 		k->def_multi = true;
478 
479 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
480 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
481 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
482 			return -EINVAL;
483 	}
484 
485 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
486 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
487 		int err = nla_parse_nested(
488 				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
489 				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
490 				nl80211_key_default_policy);
491 		if (err)
492 			return err;
493 
494 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
495 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
496 	}
497 
498 	return 0;
499 }
500 
501 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
502 {
503 	int err;
504 
505 	memset(k, 0, sizeof(*k));
506 	k->idx = -1;
507 	k->type = -1;
508 
509 	if (info->attrs[NL80211_ATTR_KEY])
510 		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
511 	else
512 		err = nl80211_parse_key_old(info, k);
513 
514 	if (err)
515 		return err;
516 
517 	if (k->def && k->defmgmt)
518 		return -EINVAL;
519 
520 	if (k->defmgmt) {
521 		if (k->def_uni || !k->def_multi)
522 			return -EINVAL;
523 	}
524 
525 	if (k->idx != -1) {
526 		if (k->defmgmt) {
527 			if (k->idx < 4 || k->idx > 5)
528 				return -EINVAL;
529 		} else if (k->def) {
530 			if (k->idx < 0 || k->idx > 3)
531 				return -EINVAL;
532 		} else {
533 			if (k->idx < 0 || k->idx > 5)
534 				return -EINVAL;
535 		}
536 	}
537 
538 	return 0;
539 }
540 
541 static struct cfg80211_cached_keys *
542 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
543 		       struct nlattr *keys)
544 {
545 	struct key_parse parse;
546 	struct nlattr *key;
547 	struct cfg80211_cached_keys *result;
548 	int rem, err, def = 0;
549 
550 	result = kzalloc(sizeof(*result), GFP_KERNEL);
551 	if (!result)
552 		return ERR_PTR(-ENOMEM);
553 
554 	result->def = -1;
555 	result->defmgmt = -1;
556 
557 	nla_for_each_nested(key, keys, rem) {
558 		memset(&parse, 0, sizeof(parse));
559 		parse.idx = -1;
560 
561 		err = nl80211_parse_key_new(key, &parse);
562 		if (err)
563 			goto error;
564 		err = -EINVAL;
565 		if (!parse.p.key)
566 			goto error;
567 		if (parse.idx < 0 || parse.idx > 4)
568 			goto error;
569 		if (parse.def) {
570 			if (def)
571 				goto error;
572 			def = 1;
573 			result->def = parse.idx;
574 			if (!parse.def_uni || !parse.def_multi)
575 				goto error;
576 		} else if (parse.defmgmt)
577 			goto error;
578 		err = cfg80211_validate_key_settings(rdev, &parse.p,
579 						     parse.idx, false, NULL);
580 		if (err)
581 			goto error;
582 		result->params[parse.idx].cipher = parse.p.cipher;
583 		result->params[parse.idx].key_len = parse.p.key_len;
584 		result->params[parse.idx].key = result->data[parse.idx];
585 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
586 	}
587 
588 	return result;
589  error:
590 	kfree(result);
591 	return ERR_PTR(err);
592 }
593 
594 static int nl80211_key_allowed(struct wireless_dev *wdev)
595 {
596 	ASSERT_WDEV_LOCK(wdev);
597 
598 	switch (wdev->iftype) {
599 	case NL80211_IFTYPE_AP:
600 	case NL80211_IFTYPE_AP_VLAN:
601 	case NL80211_IFTYPE_P2P_GO:
602 	case NL80211_IFTYPE_MESH_POINT:
603 		break;
604 	case NL80211_IFTYPE_ADHOC:
605 		if (!wdev->current_bss)
606 			return -ENOLINK;
607 		break;
608 	case NL80211_IFTYPE_STATION:
609 	case NL80211_IFTYPE_P2P_CLIENT:
610 		if (wdev->sme_state != CFG80211_SME_CONNECTED)
611 			return -ENOLINK;
612 		break;
613 	default:
614 		return -EINVAL;
615 	}
616 
617 	return 0;
618 }
619 
620 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
621 {
622 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
623 	int i;
624 
625 	if (!nl_modes)
626 		goto nla_put_failure;
627 
628 	i = 0;
629 	while (ifmodes) {
630 		if ((ifmodes & 1) && nla_put_flag(msg, i))
631 			goto nla_put_failure;
632 		ifmodes >>= 1;
633 		i++;
634 	}
635 
636 	nla_nest_end(msg, nl_modes);
637 	return 0;
638 
639 nla_put_failure:
640 	return -ENOBUFS;
641 }
642 
643 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
644 					  struct sk_buff *msg)
645 {
646 	struct nlattr *nl_combis;
647 	int i, j;
648 
649 	nl_combis = nla_nest_start(msg,
650 				NL80211_ATTR_INTERFACE_COMBINATIONS);
651 	if (!nl_combis)
652 		goto nla_put_failure;
653 
654 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
655 		const struct ieee80211_iface_combination *c;
656 		struct nlattr *nl_combi, *nl_limits;
657 
658 		c = &wiphy->iface_combinations[i];
659 
660 		nl_combi = nla_nest_start(msg, i + 1);
661 		if (!nl_combi)
662 			goto nla_put_failure;
663 
664 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
665 		if (!nl_limits)
666 			goto nla_put_failure;
667 
668 		for (j = 0; j < c->n_limits; j++) {
669 			struct nlattr *nl_limit;
670 
671 			nl_limit = nla_nest_start(msg, j + 1);
672 			if (!nl_limit)
673 				goto nla_put_failure;
674 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
675 					c->limits[j].max))
676 				goto nla_put_failure;
677 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
678 						c->limits[j].types))
679 				goto nla_put_failure;
680 			nla_nest_end(msg, nl_limit);
681 		}
682 
683 		nla_nest_end(msg, nl_limits);
684 
685 		if (c->beacon_int_infra_match &&
686 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
687 			goto nla_put_failure;
688 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
689 				c->num_different_channels) ||
690 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
691 				c->max_interfaces))
692 			goto nla_put_failure;
693 
694 		nla_nest_end(msg, nl_combi);
695 	}
696 
697 	nla_nest_end(msg, nl_combis);
698 
699 	return 0;
700 nla_put_failure:
701 	return -ENOBUFS;
702 }
703 
704 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
705 			      struct cfg80211_registered_device *dev)
706 {
707 	void *hdr;
708 	struct nlattr *nl_bands, *nl_band;
709 	struct nlattr *nl_freqs, *nl_freq;
710 	struct nlattr *nl_rates, *nl_rate;
711 	struct nlattr *nl_cmds;
712 	enum ieee80211_band band;
713 	struct ieee80211_channel *chan;
714 	struct ieee80211_rate *rate;
715 	int i;
716 	const struct ieee80211_txrx_stypes *mgmt_stypes =
717 				dev->wiphy.mgmt_stypes;
718 
719 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
720 	if (!hdr)
721 		return -1;
722 
723 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
724 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) ||
725 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
726 			cfg80211_rdev_list_generation) ||
727 	    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
728 		       dev->wiphy.retry_short) ||
729 	    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
730 		       dev->wiphy.retry_long) ||
731 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
732 			dev->wiphy.frag_threshold) ||
733 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
734 			dev->wiphy.rts_threshold) ||
735 	    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
736 		       dev->wiphy.coverage_class) ||
737 	    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
738 		       dev->wiphy.max_scan_ssids) ||
739 	    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
740 		       dev->wiphy.max_sched_scan_ssids) ||
741 	    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
742 			dev->wiphy.max_scan_ie_len) ||
743 	    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
744 			dev->wiphy.max_sched_scan_ie_len) ||
745 	    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
746 		       dev->wiphy.max_match_sets))
747 		goto nla_put_failure;
748 
749 	if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
750 	    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
751 		goto nla_put_failure;
752 	if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
753 	    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
754 		goto nla_put_failure;
755 	if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
756 	    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
757 		goto nla_put_failure;
758 	if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
759 	    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
760 		goto nla_put_failure;
761 	if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
762 	    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
763 		goto nla_put_failure;
764 	if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
765 	    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
766 		goto nla_put_failure;
767 
768 	if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
769 		    sizeof(u32) * dev->wiphy.n_cipher_suites,
770 		    dev->wiphy.cipher_suites))
771 		goto nla_put_failure;
772 
773 	if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
774 		       dev->wiphy.max_num_pmkids))
775 		goto nla_put_failure;
776 
777 	if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
778 	    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
779 		goto nla_put_failure;
780 
781 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
782 			dev->wiphy.available_antennas_tx) ||
783 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
784 			dev->wiphy.available_antennas_rx))
785 		goto nla_put_failure;
786 
787 	if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
788 	    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
789 			dev->wiphy.probe_resp_offload))
790 		goto nla_put_failure;
791 
792 	if ((dev->wiphy.available_antennas_tx ||
793 	     dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
794 		u32 tx_ant = 0, rx_ant = 0;
795 		int res;
796 		res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant);
797 		if (!res) {
798 			if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX,
799 					tx_ant) ||
800 			    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX,
801 					rx_ant))
802 				goto nla_put_failure;
803 		}
804 	}
805 
806 	if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
807 				dev->wiphy.interface_modes))
808 		goto nla_put_failure;
809 
810 	nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
811 	if (!nl_bands)
812 		goto nla_put_failure;
813 
814 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
815 		if (!dev->wiphy.bands[band])
816 			continue;
817 
818 		nl_band = nla_nest_start(msg, band);
819 		if (!nl_band)
820 			goto nla_put_failure;
821 
822 		/* add HT info */
823 		if (dev->wiphy.bands[band]->ht_cap.ht_supported &&
824 		    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
825 			     sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
826 			     &dev->wiphy.bands[band]->ht_cap.mcs) ||
827 		     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
828 				 dev->wiphy.bands[band]->ht_cap.cap) ||
829 		     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
830 				dev->wiphy.bands[band]->ht_cap.ampdu_factor) ||
831 		     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
832 				dev->wiphy.bands[band]->ht_cap.ampdu_density)))
833 			goto nla_put_failure;
834 
835 		/* add frequencies */
836 		nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
837 		if (!nl_freqs)
838 			goto nla_put_failure;
839 
840 		for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
841 			nl_freq = nla_nest_start(msg, i);
842 			if (!nl_freq)
843 				goto nla_put_failure;
844 
845 			chan = &dev->wiphy.bands[band]->channels[i];
846 
847 			if (nl80211_msg_put_channel(msg, chan))
848 				goto nla_put_failure;
849 
850 			nla_nest_end(msg, nl_freq);
851 		}
852 
853 		nla_nest_end(msg, nl_freqs);
854 
855 		/* add bitrates */
856 		nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
857 		if (!nl_rates)
858 			goto nla_put_failure;
859 
860 		for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
861 			nl_rate = nla_nest_start(msg, i);
862 			if (!nl_rate)
863 				goto nla_put_failure;
864 
865 			rate = &dev->wiphy.bands[band]->bitrates[i];
866 			if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
867 					rate->bitrate))
868 				goto nla_put_failure;
869 			if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
870 			    nla_put_flag(msg,
871 					 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
872 				goto nla_put_failure;
873 
874 			nla_nest_end(msg, nl_rate);
875 		}
876 
877 		nla_nest_end(msg, nl_rates);
878 
879 		nla_nest_end(msg, nl_band);
880 	}
881 	nla_nest_end(msg, nl_bands);
882 
883 	nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
884 	if (!nl_cmds)
885 		goto nla_put_failure;
886 
887 	i = 0;
888 #define CMD(op, n)						\
889 	 do {							\
890 		if (dev->ops->op) {				\
891 			i++;					\
892 			if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
893 				goto nla_put_failure;		\
894 		}						\
895 	} while (0)
896 
897 	CMD(add_virtual_intf, NEW_INTERFACE);
898 	CMD(change_virtual_intf, SET_INTERFACE);
899 	CMD(add_key, NEW_KEY);
900 	CMD(start_ap, START_AP);
901 	CMD(add_station, NEW_STATION);
902 	CMD(add_mpath, NEW_MPATH);
903 	CMD(update_mesh_config, SET_MESH_CONFIG);
904 	CMD(change_bss, SET_BSS);
905 	CMD(auth, AUTHENTICATE);
906 	CMD(assoc, ASSOCIATE);
907 	CMD(deauth, DEAUTHENTICATE);
908 	CMD(disassoc, DISASSOCIATE);
909 	CMD(join_ibss, JOIN_IBSS);
910 	CMD(join_mesh, JOIN_MESH);
911 	CMD(set_pmksa, SET_PMKSA);
912 	CMD(del_pmksa, DEL_PMKSA);
913 	CMD(flush_pmksa, FLUSH_PMKSA);
914 	if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
915 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
916 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
917 	CMD(mgmt_tx, FRAME);
918 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
919 	if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
920 		i++;
921 		if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
922 			goto nla_put_failure;
923 	}
924 	CMD(set_channel, SET_CHANNEL);
925 	CMD(set_wds_peer, SET_WDS_PEER);
926 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
927 		CMD(tdls_mgmt, TDLS_MGMT);
928 		CMD(tdls_oper, TDLS_OPER);
929 	}
930 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
931 		CMD(sched_scan_start, START_SCHED_SCAN);
932 	CMD(probe_client, PROBE_CLIENT);
933 	CMD(set_noack_map, SET_NOACK_MAP);
934 	if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
935 		i++;
936 		if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
937 			goto nla_put_failure;
938 	}
939 
940 #ifdef CONFIG_NL80211_TESTMODE
941 	CMD(testmode_cmd, TESTMODE);
942 #endif
943 
944 #undef CMD
945 
946 	if (dev->ops->connect || dev->ops->auth) {
947 		i++;
948 		if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
949 			goto nla_put_failure;
950 	}
951 
952 	if (dev->ops->disconnect || dev->ops->deauth) {
953 		i++;
954 		if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
955 			goto nla_put_failure;
956 	}
957 
958 	nla_nest_end(msg, nl_cmds);
959 
960 	if (dev->ops->remain_on_channel &&
961 	    (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
962 	    nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
963 			dev->wiphy.max_remain_on_channel_duration))
964 		goto nla_put_failure;
965 
966 	if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
967 	    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
968 		goto nla_put_failure;
969 
970 	if (mgmt_stypes) {
971 		u16 stypes;
972 		struct nlattr *nl_ftypes, *nl_ifs;
973 		enum nl80211_iftype ift;
974 
975 		nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
976 		if (!nl_ifs)
977 			goto nla_put_failure;
978 
979 		for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
980 			nl_ftypes = nla_nest_start(msg, ift);
981 			if (!nl_ftypes)
982 				goto nla_put_failure;
983 			i = 0;
984 			stypes = mgmt_stypes[ift].tx;
985 			while (stypes) {
986 				if ((stypes & 1) &&
987 				    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
988 						(i << 4) | IEEE80211_FTYPE_MGMT))
989 					goto nla_put_failure;
990 				stypes >>= 1;
991 				i++;
992 			}
993 			nla_nest_end(msg, nl_ftypes);
994 		}
995 
996 		nla_nest_end(msg, nl_ifs);
997 
998 		nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
999 		if (!nl_ifs)
1000 			goto nla_put_failure;
1001 
1002 		for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1003 			nl_ftypes = nla_nest_start(msg, ift);
1004 			if (!nl_ftypes)
1005 				goto nla_put_failure;
1006 			i = 0;
1007 			stypes = mgmt_stypes[ift].rx;
1008 			while (stypes) {
1009 				if ((stypes & 1) &&
1010 				    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1011 						(i << 4) | IEEE80211_FTYPE_MGMT))
1012 					goto nla_put_failure;
1013 				stypes >>= 1;
1014 				i++;
1015 			}
1016 			nla_nest_end(msg, nl_ftypes);
1017 		}
1018 		nla_nest_end(msg, nl_ifs);
1019 	}
1020 
1021 	if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
1022 		struct nlattr *nl_wowlan;
1023 
1024 		nl_wowlan = nla_nest_start(msg,
1025 				NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1026 		if (!nl_wowlan)
1027 			goto nla_put_failure;
1028 
1029 		if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) &&
1030 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1031 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) &&
1032 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1033 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1034 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1035 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1036 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1037 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1038 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1039 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1040 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1041 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1042 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1043 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1044 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1045 		    goto nla_put_failure;
1046 		if (dev->wiphy.wowlan.n_patterns) {
1047 			struct nl80211_wowlan_pattern_support pat = {
1048 				.max_patterns = dev->wiphy.wowlan.n_patterns,
1049 				.min_pattern_len =
1050 					dev->wiphy.wowlan.pattern_min_len,
1051 				.max_pattern_len =
1052 					dev->wiphy.wowlan.pattern_max_len,
1053 			};
1054 			if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1055 				    sizeof(pat), &pat))
1056 				goto nla_put_failure;
1057 		}
1058 
1059 		nla_nest_end(msg, nl_wowlan);
1060 	}
1061 
1062 	if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1063 				dev->wiphy.software_iftypes))
1064 		goto nla_put_failure;
1065 
1066 	if (nl80211_put_iface_combinations(&dev->wiphy, msg))
1067 		goto nla_put_failure;
1068 
1069 	if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1070 	    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1071 			dev->wiphy.ap_sme_capa))
1072 		goto nla_put_failure;
1073 
1074 	if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS,
1075 			dev->wiphy.features))
1076 		goto nla_put_failure;
1077 
1078 	if (dev->wiphy.ht_capa_mod_mask &&
1079 	    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1080 		    sizeof(*dev->wiphy.ht_capa_mod_mask),
1081 		    dev->wiphy.ht_capa_mod_mask))
1082 		goto nla_put_failure;
1083 
1084 	return genlmsg_end(msg, hdr);
1085 
1086  nla_put_failure:
1087 	genlmsg_cancel(msg, hdr);
1088 	return -EMSGSIZE;
1089 }
1090 
1091 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1092 {
1093 	int idx = 0;
1094 	int start = cb->args[0];
1095 	struct cfg80211_registered_device *dev;
1096 
1097 	mutex_lock(&cfg80211_mutex);
1098 	list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1099 		if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1100 			continue;
1101 		if (++idx <= start)
1102 			continue;
1103 		if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
1104 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
1105 				       dev) < 0) {
1106 			idx--;
1107 			break;
1108 		}
1109 	}
1110 	mutex_unlock(&cfg80211_mutex);
1111 
1112 	cb->args[0] = idx;
1113 
1114 	return skb->len;
1115 }
1116 
1117 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1118 {
1119 	struct sk_buff *msg;
1120 	struct cfg80211_registered_device *dev = info->user_ptr[0];
1121 
1122 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1123 	if (!msg)
1124 		return -ENOMEM;
1125 
1126 	if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) {
1127 		nlmsg_free(msg);
1128 		return -ENOBUFS;
1129 	}
1130 
1131 	return genlmsg_reply(msg, info);
1132 }
1133 
1134 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1135 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1136 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1137 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1138 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1139 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1140 };
1141 
1142 static int parse_txq_params(struct nlattr *tb[],
1143 			    struct ieee80211_txq_params *txq_params)
1144 {
1145 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1146 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1147 	    !tb[NL80211_TXQ_ATTR_AIFS])
1148 		return -EINVAL;
1149 
1150 	txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1151 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1152 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1153 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1154 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1155 
1156 	if (txq_params->ac >= NL80211_NUM_ACS)
1157 		return -EINVAL;
1158 
1159 	return 0;
1160 }
1161 
1162 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1163 {
1164 	/*
1165 	 * You can only set the channel explicitly for AP, mesh
1166 	 * and WDS type interfaces; all others have their channel
1167 	 * managed via their respective "establish a connection"
1168 	 * command (connect, join, ...)
1169 	 *
1170 	 * Monitors are special as they are normally slaved to
1171 	 * whatever else is going on, so they behave as though
1172 	 * you tried setting the wiphy channel itself.
1173 	 */
1174 	return !wdev ||
1175 		wdev->iftype == NL80211_IFTYPE_AP ||
1176 		wdev->iftype == NL80211_IFTYPE_WDS ||
1177 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1178 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
1179 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1180 }
1181 
1182 static bool nl80211_valid_channel_type(struct genl_info *info,
1183 				       enum nl80211_channel_type *channel_type)
1184 {
1185 	enum nl80211_channel_type tmp;
1186 
1187 	if (!info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
1188 		return false;
1189 
1190 	tmp = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1191 	if (tmp != NL80211_CHAN_NO_HT &&
1192 	    tmp != NL80211_CHAN_HT20 &&
1193 	    tmp != NL80211_CHAN_HT40PLUS &&
1194 	    tmp != NL80211_CHAN_HT40MINUS)
1195 		return false;
1196 
1197 	if (channel_type)
1198 		*channel_type = tmp;
1199 
1200 	return true;
1201 }
1202 
1203 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1204 				 struct wireless_dev *wdev,
1205 				 struct genl_info *info)
1206 {
1207 	enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
1208 	u32 freq;
1209 	int result;
1210 
1211 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1212 		return -EINVAL;
1213 
1214 	if (!nl80211_can_set_dev_channel(wdev))
1215 		return -EOPNOTSUPP;
1216 
1217 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] &&
1218 	    !nl80211_valid_channel_type(info, &channel_type))
1219 		return -EINVAL;
1220 
1221 	freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1222 
1223 	mutex_lock(&rdev->devlist_mtx);
1224 	if (wdev) {
1225 		wdev_lock(wdev);
1226 		result = cfg80211_set_freq(rdev, wdev, freq, channel_type);
1227 		wdev_unlock(wdev);
1228 	} else {
1229 		result = cfg80211_set_freq(rdev, NULL, freq, channel_type);
1230 	}
1231 	mutex_unlock(&rdev->devlist_mtx);
1232 
1233 	return result;
1234 }
1235 
1236 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1237 {
1238 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1239 	struct net_device *netdev = info->user_ptr[1];
1240 
1241 	return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1242 }
1243 
1244 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1245 {
1246 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1247 	struct net_device *dev = info->user_ptr[1];
1248 	struct wireless_dev *wdev = dev->ieee80211_ptr;
1249 	const u8 *bssid;
1250 
1251 	if (!info->attrs[NL80211_ATTR_MAC])
1252 		return -EINVAL;
1253 
1254 	if (netif_running(dev))
1255 		return -EBUSY;
1256 
1257 	if (!rdev->ops->set_wds_peer)
1258 		return -EOPNOTSUPP;
1259 
1260 	if (wdev->iftype != NL80211_IFTYPE_WDS)
1261 		return -EOPNOTSUPP;
1262 
1263 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1264 	return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid);
1265 }
1266 
1267 
1268 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1269 {
1270 	struct cfg80211_registered_device *rdev;
1271 	struct net_device *netdev = NULL;
1272 	struct wireless_dev *wdev;
1273 	int result = 0, rem_txq_params = 0;
1274 	struct nlattr *nl_txq_params;
1275 	u32 changed;
1276 	u8 retry_short = 0, retry_long = 0;
1277 	u32 frag_threshold = 0, rts_threshold = 0;
1278 	u8 coverage_class = 0;
1279 
1280 	/*
1281 	 * Try to find the wiphy and netdev. Normally this
1282 	 * function shouldn't need the netdev, but this is
1283 	 * done for backward compatibility -- previously
1284 	 * setting the channel was done per wiphy, but now
1285 	 * it is per netdev. Previous userland like hostapd
1286 	 * also passed a netdev to set_wiphy, so that it is
1287 	 * possible to let that go to the right netdev!
1288 	 */
1289 	mutex_lock(&cfg80211_mutex);
1290 
1291 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
1292 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1293 
1294 		netdev = dev_get_by_index(genl_info_net(info), ifindex);
1295 		if (netdev && netdev->ieee80211_ptr) {
1296 			rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1297 			mutex_lock(&rdev->mtx);
1298 		} else
1299 			netdev = NULL;
1300 	}
1301 
1302 	if (!netdev) {
1303 		rdev = __cfg80211_rdev_from_info(info);
1304 		if (IS_ERR(rdev)) {
1305 			mutex_unlock(&cfg80211_mutex);
1306 			return PTR_ERR(rdev);
1307 		}
1308 		wdev = NULL;
1309 		netdev = NULL;
1310 		result = 0;
1311 
1312 		mutex_lock(&rdev->mtx);
1313 	} else if (netif_running(netdev) &&
1314 		   nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
1315 		wdev = netdev->ieee80211_ptr;
1316 	else
1317 		wdev = NULL;
1318 
1319 	/*
1320 	 * end workaround code, by now the rdev is available
1321 	 * and locked, and wdev may or may not be NULL.
1322 	 */
1323 
1324 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1325 		result = cfg80211_dev_rename(
1326 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1327 
1328 	mutex_unlock(&cfg80211_mutex);
1329 
1330 	if (result)
1331 		goto bad_res;
1332 
1333 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1334 		struct ieee80211_txq_params txq_params;
1335 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1336 
1337 		if (!rdev->ops->set_txq_params) {
1338 			result = -EOPNOTSUPP;
1339 			goto bad_res;
1340 		}
1341 
1342 		if (!netdev) {
1343 			result = -EINVAL;
1344 			goto bad_res;
1345 		}
1346 
1347 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1348 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1349 			result = -EINVAL;
1350 			goto bad_res;
1351 		}
1352 
1353 		if (!netif_running(netdev)) {
1354 			result = -ENETDOWN;
1355 			goto bad_res;
1356 		}
1357 
1358 		nla_for_each_nested(nl_txq_params,
1359 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1360 				    rem_txq_params) {
1361 			nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1362 				  nla_data(nl_txq_params),
1363 				  nla_len(nl_txq_params),
1364 				  txq_params_policy);
1365 			result = parse_txq_params(tb, &txq_params);
1366 			if (result)
1367 				goto bad_res;
1368 
1369 			result = rdev->ops->set_txq_params(&rdev->wiphy,
1370 							   netdev,
1371 							   &txq_params);
1372 			if (result)
1373 				goto bad_res;
1374 		}
1375 	}
1376 
1377 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1378 		result = __nl80211_set_channel(rdev, wdev, info);
1379 		if (result)
1380 			goto bad_res;
1381 	}
1382 
1383 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1384 		enum nl80211_tx_power_setting type;
1385 		int idx, mbm = 0;
1386 
1387 		if (!rdev->ops->set_tx_power) {
1388 			result = -EOPNOTSUPP;
1389 			goto bad_res;
1390 		}
1391 
1392 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1393 		type = nla_get_u32(info->attrs[idx]);
1394 
1395 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1396 		    (type != NL80211_TX_POWER_AUTOMATIC)) {
1397 			result = -EINVAL;
1398 			goto bad_res;
1399 		}
1400 
1401 		if (type != NL80211_TX_POWER_AUTOMATIC) {
1402 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1403 			mbm = nla_get_u32(info->attrs[idx]);
1404 		}
1405 
1406 		result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
1407 		if (result)
1408 			goto bad_res;
1409 	}
1410 
1411 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1412 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1413 		u32 tx_ant, rx_ant;
1414 		if ((!rdev->wiphy.available_antennas_tx &&
1415 		     !rdev->wiphy.available_antennas_rx) ||
1416 		    !rdev->ops->set_antenna) {
1417 			result = -EOPNOTSUPP;
1418 			goto bad_res;
1419 		}
1420 
1421 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
1422 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
1423 
1424 		/* reject antenna configurations which don't match the
1425 		 * available antenna masks, except for the "all" mask */
1426 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
1427 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
1428 			result = -EINVAL;
1429 			goto bad_res;
1430 		}
1431 
1432 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
1433 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
1434 
1435 		result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant);
1436 		if (result)
1437 			goto bad_res;
1438 	}
1439 
1440 	changed = 0;
1441 
1442 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
1443 		retry_short = nla_get_u8(
1444 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
1445 		if (retry_short == 0) {
1446 			result = -EINVAL;
1447 			goto bad_res;
1448 		}
1449 		changed |= WIPHY_PARAM_RETRY_SHORT;
1450 	}
1451 
1452 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
1453 		retry_long = nla_get_u8(
1454 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
1455 		if (retry_long == 0) {
1456 			result = -EINVAL;
1457 			goto bad_res;
1458 		}
1459 		changed |= WIPHY_PARAM_RETRY_LONG;
1460 	}
1461 
1462 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
1463 		frag_threshold = nla_get_u32(
1464 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
1465 		if (frag_threshold < 256) {
1466 			result = -EINVAL;
1467 			goto bad_res;
1468 		}
1469 		if (frag_threshold != (u32) -1) {
1470 			/*
1471 			 * Fragments (apart from the last one) are required to
1472 			 * have even length. Make the fragmentation code
1473 			 * simpler by stripping LSB should someone try to use
1474 			 * odd threshold value.
1475 			 */
1476 			frag_threshold &= ~0x1;
1477 		}
1478 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1479 	}
1480 
1481 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1482 		rts_threshold = nla_get_u32(
1483 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1484 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
1485 	}
1486 
1487 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1488 		coverage_class = nla_get_u8(
1489 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1490 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
1491 	}
1492 
1493 	if (changed) {
1494 		u8 old_retry_short, old_retry_long;
1495 		u32 old_frag_threshold, old_rts_threshold;
1496 		u8 old_coverage_class;
1497 
1498 		if (!rdev->ops->set_wiphy_params) {
1499 			result = -EOPNOTSUPP;
1500 			goto bad_res;
1501 		}
1502 
1503 		old_retry_short = rdev->wiphy.retry_short;
1504 		old_retry_long = rdev->wiphy.retry_long;
1505 		old_frag_threshold = rdev->wiphy.frag_threshold;
1506 		old_rts_threshold = rdev->wiphy.rts_threshold;
1507 		old_coverage_class = rdev->wiphy.coverage_class;
1508 
1509 		if (changed & WIPHY_PARAM_RETRY_SHORT)
1510 			rdev->wiphy.retry_short = retry_short;
1511 		if (changed & WIPHY_PARAM_RETRY_LONG)
1512 			rdev->wiphy.retry_long = retry_long;
1513 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1514 			rdev->wiphy.frag_threshold = frag_threshold;
1515 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1516 			rdev->wiphy.rts_threshold = rts_threshold;
1517 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1518 			rdev->wiphy.coverage_class = coverage_class;
1519 
1520 		result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
1521 		if (result) {
1522 			rdev->wiphy.retry_short = old_retry_short;
1523 			rdev->wiphy.retry_long = old_retry_long;
1524 			rdev->wiphy.frag_threshold = old_frag_threshold;
1525 			rdev->wiphy.rts_threshold = old_rts_threshold;
1526 			rdev->wiphy.coverage_class = old_coverage_class;
1527 		}
1528 	}
1529 
1530  bad_res:
1531 	mutex_unlock(&rdev->mtx);
1532 	if (netdev)
1533 		dev_put(netdev);
1534 	return result;
1535 }
1536 
1537 
1538 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1539 			      struct cfg80211_registered_device *rdev,
1540 			      struct net_device *dev)
1541 {
1542 	void *hdr;
1543 
1544 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1545 	if (!hdr)
1546 		return -1;
1547 
1548 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
1549 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1550 	    nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name) ||
1551 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE,
1552 			dev->ieee80211_ptr->iftype) ||
1553 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1554 			rdev->devlist_generation ^
1555 			(cfg80211_rdev_list_generation << 2)))
1556 		goto nla_put_failure;
1557 
1558 	if (rdev->ops->get_channel) {
1559 		struct ieee80211_channel *chan;
1560 		enum nl80211_channel_type channel_type;
1561 
1562 		chan = rdev->ops->get_channel(&rdev->wiphy, &channel_type);
1563 		if (chan &&
1564 		    (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
1565 				    chan->center_freq) ||
1566 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
1567 				    channel_type)))
1568 			goto nla_put_failure;
1569 	}
1570 
1571 	return genlmsg_end(msg, hdr);
1572 
1573  nla_put_failure:
1574 	genlmsg_cancel(msg, hdr);
1575 	return -EMSGSIZE;
1576 }
1577 
1578 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1579 {
1580 	int wp_idx = 0;
1581 	int if_idx = 0;
1582 	int wp_start = cb->args[0];
1583 	int if_start = cb->args[1];
1584 	struct cfg80211_registered_device *rdev;
1585 	struct wireless_dev *wdev;
1586 
1587 	mutex_lock(&cfg80211_mutex);
1588 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1589 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1590 			continue;
1591 		if (wp_idx < wp_start) {
1592 			wp_idx++;
1593 			continue;
1594 		}
1595 		if_idx = 0;
1596 
1597 		mutex_lock(&rdev->devlist_mtx);
1598 		list_for_each_entry(wdev, &rdev->netdev_list, list) {
1599 			if (if_idx < if_start) {
1600 				if_idx++;
1601 				continue;
1602 			}
1603 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
1604 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
1605 					       rdev, wdev->netdev) < 0) {
1606 				mutex_unlock(&rdev->devlist_mtx);
1607 				goto out;
1608 			}
1609 			if_idx++;
1610 		}
1611 		mutex_unlock(&rdev->devlist_mtx);
1612 
1613 		wp_idx++;
1614 	}
1615  out:
1616 	mutex_unlock(&cfg80211_mutex);
1617 
1618 	cb->args[0] = wp_idx;
1619 	cb->args[1] = if_idx;
1620 
1621 	return skb->len;
1622 }
1623 
1624 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1625 {
1626 	struct sk_buff *msg;
1627 	struct cfg80211_registered_device *dev = info->user_ptr[0];
1628 	struct net_device *netdev = info->user_ptr[1];
1629 
1630 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1631 	if (!msg)
1632 		return -ENOMEM;
1633 
1634 	if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
1635 			       dev, netdev) < 0) {
1636 		nlmsg_free(msg);
1637 		return -ENOBUFS;
1638 	}
1639 
1640 	return genlmsg_reply(msg, info);
1641 }
1642 
1643 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1644 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1645 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1646 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1647 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1648 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1649 };
1650 
1651 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1652 {
1653 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1654 	int flag;
1655 
1656 	*mntrflags = 0;
1657 
1658 	if (!nla)
1659 		return -EINVAL;
1660 
1661 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1662 			     nla, mntr_flags_policy))
1663 		return -EINVAL;
1664 
1665 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1666 		if (flags[flag])
1667 			*mntrflags |= (1<<flag);
1668 
1669 	return 0;
1670 }
1671 
1672 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1673 			       struct net_device *netdev, u8 use_4addr,
1674 			       enum nl80211_iftype iftype)
1675 {
1676 	if (!use_4addr) {
1677 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1678 			return -EBUSY;
1679 		return 0;
1680 	}
1681 
1682 	switch (iftype) {
1683 	case NL80211_IFTYPE_AP_VLAN:
1684 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1685 			return 0;
1686 		break;
1687 	case NL80211_IFTYPE_STATION:
1688 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1689 			return 0;
1690 		break;
1691 	default:
1692 		break;
1693 	}
1694 
1695 	return -EOPNOTSUPP;
1696 }
1697 
1698 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1699 {
1700 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1701 	struct vif_params params;
1702 	int err;
1703 	enum nl80211_iftype otype, ntype;
1704 	struct net_device *dev = info->user_ptr[1];
1705 	u32 _flags, *flags = NULL;
1706 	bool change = false;
1707 
1708 	memset(&params, 0, sizeof(params));
1709 
1710 	otype = ntype = dev->ieee80211_ptr->iftype;
1711 
1712 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
1713 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1714 		if (otype != ntype)
1715 			change = true;
1716 		if (ntype > NL80211_IFTYPE_MAX)
1717 			return -EINVAL;
1718 	}
1719 
1720 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
1721 		struct wireless_dev *wdev = dev->ieee80211_ptr;
1722 
1723 		if (ntype != NL80211_IFTYPE_MESH_POINT)
1724 			return -EINVAL;
1725 		if (netif_running(dev))
1726 			return -EBUSY;
1727 
1728 		wdev_lock(wdev);
1729 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1730 			     IEEE80211_MAX_MESH_ID_LEN);
1731 		wdev->mesh_id_up_len =
1732 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1733 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1734 		       wdev->mesh_id_up_len);
1735 		wdev_unlock(wdev);
1736 	}
1737 
1738 	if (info->attrs[NL80211_ATTR_4ADDR]) {
1739 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1740 		change = true;
1741 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1742 		if (err)
1743 			return err;
1744 	} else {
1745 		params.use_4addr = -1;
1746 	}
1747 
1748 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1749 		if (ntype != NL80211_IFTYPE_MONITOR)
1750 			return -EINVAL;
1751 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1752 					  &_flags);
1753 		if (err)
1754 			return err;
1755 
1756 		flags = &_flags;
1757 		change = true;
1758 	}
1759 
1760 	if (change)
1761 		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1762 	else
1763 		err = 0;
1764 
1765 	if (!err && params.use_4addr != -1)
1766 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
1767 
1768 	return err;
1769 }
1770 
1771 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1772 {
1773 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1774 	struct vif_params params;
1775 	struct net_device *dev;
1776 	int err;
1777 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1778 	u32 flags;
1779 
1780 	memset(&params, 0, sizeof(params));
1781 
1782 	if (!info->attrs[NL80211_ATTR_IFNAME])
1783 		return -EINVAL;
1784 
1785 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
1786 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1787 		if (type > NL80211_IFTYPE_MAX)
1788 			return -EINVAL;
1789 	}
1790 
1791 	if (!rdev->ops->add_virtual_intf ||
1792 	    !(rdev->wiphy.interface_modes & (1 << type)))
1793 		return -EOPNOTSUPP;
1794 
1795 	if (info->attrs[NL80211_ATTR_4ADDR]) {
1796 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1797 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1798 		if (err)
1799 			return err;
1800 	}
1801 
1802 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1803 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1804 				  &flags);
1805 	dev = rdev->ops->add_virtual_intf(&rdev->wiphy,
1806 		nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1807 		type, err ? NULL : &flags, &params);
1808 	if (IS_ERR(dev))
1809 		return PTR_ERR(dev);
1810 
1811 	if (type == NL80211_IFTYPE_MESH_POINT &&
1812 	    info->attrs[NL80211_ATTR_MESH_ID]) {
1813 		struct wireless_dev *wdev = dev->ieee80211_ptr;
1814 
1815 		wdev_lock(wdev);
1816 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1817 			     IEEE80211_MAX_MESH_ID_LEN);
1818 		wdev->mesh_id_up_len =
1819 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1820 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1821 		       wdev->mesh_id_up_len);
1822 		wdev_unlock(wdev);
1823 	}
1824 
1825 	return 0;
1826 }
1827 
1828 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1829 {
1830 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1831 	struct net_device *dev = info->user_ptr[1];
1832 
1833 	if (!rdev->ops->del_virtual_intf)
1834 		return -EOPNOTSUPP;
1835 
1836 	return rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1837 }
1838 
1839 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
1840 {
1841 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1842 	struct net_device *dev = info->user_ptr[1];
1843 	u16 noack_map;
1844 
1845 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
1846 		return -EINVAL;
1847 
1848 	if (!rdev->ops->set_noack_map)
1849 		return -EOPNOTSUPP;
1850 
1851 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
1852 
1853 	return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map);
1854 }
1855 
1856 struct get_key_cookie {
1857 	struct sk_buff *msg;
1858 	int error;
1859 	int idx;
1860 };
1861 
1862 static void get_key_callback(void *c, struct key_params *params)
1863 {
1864 	struct nlattr *key;
1865 	struct get_key_cookie *cookie = c;
1866 
1867 	if ((params->key &&
1868 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
1869 		     params->key_len, params->key)) ||
1870 	    (params->seq &&
1871 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
1872 		     params->seq_len, params->seq)) ||
1873 	    (params->cipher &&
1874 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1875 			 params->cipher)))
1876 		goto nla_put_failure;
1877 
1878 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1879 	if (!key)
1880 		goto nla_put_failure;
1881 
1882 	if ((params->key &&
1883 	     nla_put(cookie->msg, NL80211_KEY_DATA,
1884 		     params->key_len, params->key)) ||
1885 	    (params->seq &&
1886 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
1887 		     params->seq_len, params->seq)) ||
1888 	    (params->cipher &&
1889 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
1890 			 params->cipher)))
1891 		goto nla_put_failure;
1892 
1893 	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
1894 		goto nla_put_failure;
1895 
1896 	nla_nest_end(cookie->msg, key);
1897 
1898 	return;
1899  nla_put_failure:
1900 	cookie->error = 1;
1901 }
1902 
1903 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1904 {
1905 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1906 	int err;
1907 	struct net_device *dev = info->user_ptr[1];
1908 	u8 key_idx = 0;
1909 	const u8 *mac_addr = NULL;
1910 	bool pairwise;
1911 	struct get_key_cookie cookie = {
1912 		.error = 0,
1913 	};
1914 	void *hdr;
1915 	struct sk_buff *msg;
1916 
1917 	if (info->attrs[NL80211_ATTR_KEY_IDX])
1918 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1919 
1920 	if (key_idx > 5)
1921 		return -EINVAL;
1922 
1923 	if (info->attrs[NL80211_ATTR_MAC])
1924 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1925 
1926 	pairwise = !!mac_addr;
1927 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
1928 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1929 		if (kt >= NUM_NL80211_KEYTYPES)
1930 			return -EINVAL;
1931 		if (kt != NL80211_KEYTYPE_GROUP &&
1932 		    kt != NL80211_KEYTYPE_PAIRWISE)
1933 			return -EINVAL;
1934 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
1935 	}
1936 
1937 	if (!rdev->ops->get_key)
1938 		return -EOPNOTSUPP;
1939 
1940 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1941 	if (!msg)
1942 		return -ENOMEM;
1943 
1944 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1945 			     NL80211_CMD_NEW_KEY);
1946 	if (IS_ERR(hdr))
1947 		return PTR_ERR(hdr);
1948 
1949 	cookie.msg = msg;
1950 	cookie.idx = key_idx;
1951 
1952 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
1953 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
1954 		goto nla_put_failure;
1955 	if (mac_addr &&
1956 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
1957 		goto nla_put_failure;
1958 
1959 	if (pairwise && mac_addr &&
1960 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
1961 		return -ENOENT;
1962 
1963 	err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise,
1964 				 mac_addr, &cookie, get_key_callback);
1965 
1966 	if (err)
1967 		goto free_msg;
1968 
1969 	if (cookie.error)
1970 		goto nla_put_failure;
1971 
1972 	genlmsg_end(msg, hdr);
1973 	return genlmsg_reply(msg, info);
1974 
1975  nla_put_failure:
1976 	err = -ENOBUFS;
1977  free_msg:
1978 	nlmsg_free(msg);
1979 	return err;
1980 }
1981 
1982 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1983 {
1984 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1985 	struct key_parse key;
1986 	int err;
1987 	struct net_device *dev = info->user_ptr[1];
1988 
1989 	err = nl80211_parse_key(info, &key);
1990 	if (err)
1991 		return err;
1992 
1993 	if (key.idx < 0)
1994 		return -EINVAL;
1995 
1996 	/* only support setting default key */
1997 	if (!key.def && !key.defmgmt)
1998 		return -EINVAL;
1999 
2000 	wdev_lock(dev->ieee80211_ptr);
2001 
2002 	if (key.def) {
2003 		if (!rdev->ops->set_default_key) {
2004 			err = -EOPNOTSUPP;
2005 			goto out;
2006 		}
2007 
2008 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2009 		if (err)
2010 			goto out;
2011 
2012 		err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx,
2013 						 key.def_uni, key.def_multi);
2014 
2015 		if (err)
2016 			goto out;
2017 
2018 #ifdef CONFIG_CFG80211_WEXT
2019 		dev->ieee80211_ptr->wext.default_key = key.idx;
2020 #endif
2021 	} else {
2022 		if (key.def_uni || !key.def_multi) {
2023 			err = -EINVAL;
2024 			goto out;
2025 		}
2026 
2027 		if (!rdev->ops->set_default_mgmt_key) {
2028 			err = -EOPNOTSUPP;
2029 			goto out;
2030 		}
2031 
2032 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2033 		if (err)
2034 			goto out;
2035 
2036 		err = rdev->ops->set_default_mgmt_key(&rdev->wiphy,
2037 						      dev, key.idx);
2038 		if (err)
2039 			goto out;
2040 
2041 #ifdef CONFIG_CFG80211_WEXT
2042 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2043 #endif
2044 	}
2045 
2046  out:
2047 	wdev_unlock(dev->ieee80211_ptr);
2048 
2049 	return err;
2050 }
2051 
2052 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2053 {
2054 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2055 	int err;
2056 	struct net_device *dev = info->user_ptr[1];
2057 	struct key_parse key;
2058 	const u8 *mac_addr = NULL;
2059 
2060 	err = nl80211_parse_key(info, &key);
2061 	if (err)
2062 		return err;
2063 
2064 	if (!key.p.key)
2065 		return -EINVAL;
2066 
2067 	if (info->attrs[NL80211_ATTR_MAC])
2068 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2069 
2070 	if (key.type == -1) {
2071 		if (mac_addr)
2072 			key.type = NL80211_KEYTYPE_PAIRWISE;
2073 		else
2074 			key.type = NL80211_KEYTYPE_GROUP;
2075 	}
2076 
2077 	/* for now */
2078 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2079 	    key.type != NL80211_KEYTYPE_GROUP)
2080 		return -EINVAL;
2081 
2082 	if (!rdev->ops->add_key)
2083 		return -EOPNOTSUPP;
2084 
2085 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2086 					   key.type == NL80211_KEYTYPE_PAIRWISE,
2087 					   mac_addr))
2088 		return -EINVAL;
2089 
2090 	wdev_lock(dev->ieee80211_ptr);
2091 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2092 	if (!err)
2093 		err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
2094 					 key.type == NL80211_KEYTYPE_PAIRWISE,
2095 					 mac_addr, &key.p);
2096 	wdev_unlock(dev->ieee80211_ptr);
2097 
2098 	return err;
2099 }
2100 
2101 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2102 {
2103 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2104 	int err;
2105 	struct net_device *dev = info->user_ptr[1];
2106 	u8 *mac_addr = NULL;
2107 	struct key_parse key;
2108 
2109 	err = nl80211_parse_key(info, &key);
2110 	if (err)
2111 		return err;
2112 
2113 	if (info->attrs[NL80211_ATTR_MAC])
2114 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2115 
2116 	if (key.type == -1) {
2117 		if (mac_addr)
2118 			key.type = NL80211_KEYTYPE_PAIRWISE;
2119 		else
2120 			key.type = NL80211_KEYTYPE_GROUP;
2121 	}
2122 
2123 	/* for now */
2124 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2125 	    key.type != NL80211_KEYTYPE_GROUP)
2126 		return -EINVAL;
2127 
2128 	if (!rdev->ops->del_key)
2129 		return -EOPNOTSUPP;
2130 
2131 	wdev_lock(dev->ieee80211_ptr);
2132 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2133 
2134 	if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2135 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2136 		err = -ENOENT;
2137 
2138 	if (!err)
2139 		err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx,
2140 					 key.type == NL80211_KEYTYPE_PAIRWISE,
2141 					 mac_addr);
2142 
2143 #ifdef CONFIG_CFG80211_WEXT
2144 	if (!err) {
2145 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
2146 			dev->ieee80211_ptr->wext.default_key = -1;
2147 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2148 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2149 	}
2150 #endif
2151 	wdev_unlock(dev->ieee80211_ptr);
2152 
2153 	return err;
2154 }
2155 
2156 static int nl80211_parse_beacon(struct genl_info *info,
2157 				struct cfg80211_beacon_data *bcn)
2158 {
2159 	bool haveinfo = false;
2160 
2161 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) ||
2162 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) ||
2163 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
2164 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]))
2165 		return -EINVAL;
2166 
2167 	memset(bcn, 0, sizeof(*bcn));
2168 
2169 	if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
2170 		bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2171 		bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2172 		if (!bcn->head_len)
2173 			return -EINVAL;
2174 		haveinfo = true;
2175 	}
2176 
2177 	if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
2178 		bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2179 		bcn->tail_len =
2180 		    nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2181 		haveinfo = true;
2182 	}
2183 
2184 	if (!haveinfo)
2185 		return -EINVAL;
2186 
2187 	if (info->attrs[NL80211_ATTR_IE]) {
2188 		bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]);
2189 		bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2190 	}
2191 
2192 	if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) {
2193 		bcn->proberesp_ies =
2194 			nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2195 		bcn->proberesp_ies_len =
2196 			nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2197 	}
2198 
2199 	if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
2200 		bcn->assocresp_ies =
2201 			nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2202 		bcn->assocresp_ies_len =
2203 			nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2204 	}
2205 
2206 	if (info->attrs[NL80211_ATTR_PROBE_RESP]) {
2207 		bcn->probe_resp =
2208 			nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]);
2209 		bcn->probe_resp_len =
2210 			nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]);
2211 	}
2212 
2213 	return 0;
2214 }
2215 
2216 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
2217 {
2218 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2219 	struct net_device *dev = info->user_ptr[1];
2220 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2221 	struct cfg80211_ap_settings params;
2222 	int err;
2223 
2224 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2225 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2226 		return -EOPNOTSUPP;
2227 
2228 	if (!rdev->ops->start_ap)
2229 		return -EOPNOTSUPP;
2230 
2231 	if (wdev->beacon_interval)
2232 		return -EALREADY;
2233 
2234 	memset(&params, 0, sizeof(params));
2235 
2236 	/* these are required for START_AP */
2237 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
2238 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
2239 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
2240 		return -EINVAL;
2241 
2242 	err = nl80211_parse_beacon(info, &params.beacon);
2243 	if (err)
2244 		return err;
2245 
2246 	params.beacon_interval =
2247 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
2248 	params.dtim_period =
2249 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
2250 
2251 	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
2252 	if (err)
2253 		return err;
2254 
2255 	/*
2256 	 * In theory, some of these attributes should be required here
2257 	 * but since they were not used when the command was originally
2258 	 * added, keep them optional for old user space programs to let
2259 	 * them continue to work with drivers that do not need the
2260 	 * additional information -- drivers must check!
2261 	 */
2262 	if (info->attrs[NL80211_ATTR_SSID]) {
2263 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
2264 		params.ssid_len =
2265 			nla_len(info->attrs[NL80211_ATTR_SSID]);
2266 		if (params.ssid_len == 0 ||
2267 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
2268 			return -EINVAL;
2269 	}
2270 
2271 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
2272 		params.hidden_ssid = nla_get_u32(
2273 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
2274 		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
2275 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
2276 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
2277 			return -EINVAL;
2278 	}
2279 
2280 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
2281 
2282 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
2283 		params.auth_type = nla_get_u32(
2284 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
2285 		if (!nl80211_valid_auth_type(params.auth_type))
2286 			return -EINVAL;
2287 	} else
2288 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
2289 
2290 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
2291 				      NL80211_MAX_NR_CIPHER_SUITES);
2292 	if (err)
2293 		return err;
2294 
2295 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
2296 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
2297 			return -EOPNOTSUPP;
2298 		params.inactivity_timeout = nla_get_u16(
2299 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
2300 	}
2301 
2302 	err = rdev->ops->start_ap(&rdev->wiphy, dev, &params);
2303 	if (!err)
2304 		wdev->beacon_interval = params.beacon_interval;
2305 	return err;
2306 }
2307 
2308 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
2309 {
2310 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2311 	struct net_device *dev = info->user_ptr[1];
2312 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2313 	struct cfg80211_beacon_data params;
2314 	int err;
2315 
2316 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2317 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2318 		return -EOPNOTSUPP;
2319 
2320 	if (!rdev->ops->change_beacon)
2321 		return -EOPNOTSUPP;
2322 
2323 	if (!wdev->beacon_interval)
2324 		return -EINVAL;
2325 
2326 	err = nl80211_parse_beacon(info, &params);
2327 	if (err)
2328 		return err;
2329 
2330 	return rdev->ops->change_beacon(&rdev->wiphy, dev, &params);
2331 }
2332 
2333 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
2334 {
2335 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2336 	struct net_device *dev = info->user_ptr[1];
2337 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2338 	int err;
2339 
2340 	if (!rdev->ops->stop_ap)
2341 		return -EOPNOTSUPP;
2342 
2343 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2344 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2345 		return -EOPNOTSUPP;
2346 
2347 	if (!wdev->beacon_interval)
2348 		return -ENOENT;
2349 
2350 	err = rdev->ops->stop_ap(&rdev->wiphy, dev);
2351 	if (!err)
2352 		wdev->beacon_interval = 0;
2353 	return err;
2354 }
2355 
2356 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
2357 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
2358 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
2359 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
2360 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
2361 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
2362 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
2363 };
2364 
2365 static int parse_station_flags(struct genl_info *info,
2366 			       enum nl80211_iftype iftype,
2367 			       struct station_parameters *params)
2368 {
2369 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
2370 	struct nlattr *nla;
2371 	int flag;
2372 
2373 	/*
2374 	 * Try parsing the new attribute first so userspace
2375 	 * can specify both for older kernels.
2376 	 */
2377 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
2378 	if (nla) {
2379 		struct nl80211_sta_flag_update *sta_flags;
2380 
2381 		sta_flags = nla_data(nla);
2382 		params->sta_flags_mask = sta_flags->mask;
2383 		params->sta_flags_set = sta_flags->set;
2384 		if ((params->sta_flags_mask |
2385 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
2386 			return -EINVAL;
2387 		return 0;
2388 	}
2389 
2390 	/* if present, parse the old attribute */
2391 
2392 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
2393 	if (!nla)
2394 		return 0;
2395 
2396 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
2397 			     nla, sta_flags_policy))
2398 		return -EINVAL;
2399 
2400 	/*
2401 	 * Only allow certain flags for interface types so that
2402 	 * other attributes are silently ignored. Remember that
2403 	 * this is backward compatibility code with old userspace
2404 	 * and shouldn't be hit in other cases anyway.
2405 	 */
2406 	switch (iftype) {
2407 	case NL80211_IFTYPE_AP:
2408 	case NL80211_IFTYPE_AP_VLAN:
2409 	case NL80211_IFTYPE_P2P_GO:
2410 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2411 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2412 					 BIT(NL80211_STA_FLAG_WME) |
2413 					 BIT(NL80211_STA_FLAG_MFP);
2414 		break;
2415 	case NL80211_IFTYPE_P2P_CLIENT:
2416 	case NL80211_IFTYPE_STATION:
2417 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2418 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
2419 		break;
2420 	case NL80211_IFTYPE_MESH_POINT:
2421 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2422 					 BIT(NL80211_STA_FLAG_MFP) |
2423 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
2424 	default:
2425 		return -EINVAL;
2426 	}
2427 
2428 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
2429 		if (flags[flag]) {
2430 			params->sta_flags_set |= (1<<flag);
2431 
2432 			/* no longer support new API additions in old API */
2433 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
2434 				return -EINVAL;
2435 		}
2436 	}
2437 
2438 	return 0;
2439 }
2440 
2441 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
2442 				 int attr)
2443 {
2444 	struct nlattr *rate;
2445 	u16 bitrate;
2446 
2447 	rate = nla_nest_start(msg, attr);
2448 	if (!rate)
2449 		goto nla_put_failure;
2450 
2451 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
2452 	bitrate = cfg80211_calculate_bitrate(info);
2453 	if ((bitrate > 0 &&
2454 	     nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate)) ||
2455 	    ((info->flags & RATE_INFO_FLAGS_MCS) &&
2456 	     nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) ||
2457 	    ((info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) &&
2458 	     nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) ||
2459 	    ((info->flags & RATE_INFO_FLAGS_SHORT_GI) &&
2460 	     nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)))
2461 		goto nla_put_failure;
2462 
2463 	nla_nest_end(msg, rate);
2464 	return true;
2465 
2466 nla_put_failure:
2467 	return false;
2468 }
2469 
2470 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2471 				int flags,
2472 				struct cfg80211_registered_device *rdev,
2473 				struct net_device *dev,
2474 				const u8 *mac_addr, struct station_info *sinfo)
2475 {
2476 	void *hdr;
2477 	struct nlattr *sinfoattr, *bss_param;
2478 
2479 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2480 	if (!hdr)
2481 		return -1;
2482 
2483 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2484 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
2485 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
2486 		goto nla_put_failure;
2487 
2488 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2489 	if (!sinfoattr)
2490 		goto nla_put_failure;
2491 	if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
2492 	    nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2493 			sinfo->connected_time))
2494 		goto nla_put_failure;
2495 	if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
2496 	    nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2497 			sinfo->inactive_time))
2498 		goto nla_put_failure;
2499 	if ((sinfo->filled & STATION_INFO_RX_BYTES) &&
2500 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
2501 			sinfo->rx_bytes))
2502 		goto nla_put_failure;
2503 	if ((sinfo->filled & STATION_INFO_TX_BYTES) &&
2504 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
2505 			sinfo->tx_bytes))
2506 		goto nla_put_failure;
2507 	if ((sinfo->filled & STATION_INFO_LLID) &&
2508 	    nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
2509 		goto nla_put_failure;
2510 	if ((sinfo->filled & STATION_INFO_PLID) &&
2511 	    nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
2512 		goto nla_put_failure;
2513 	if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
2514 	    nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
2515 		       sinfo->plink_state))
2516 		goto nla_put_failure;
2517 	switch (rdev->wiphy.signal_type) {
2518 	case CFG80211_SIGNAL_TYPE_MBM:
2519 		if ((sinfo->filled & STATION_INFO_SIGNAL) &&
2520 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
2521 			       sinfo->signal))
2522 			goto nla_put_failure;
2523 		if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
2524 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
2525 			       sinfo->signal_avg))
2526 			goto nla_put_failure;
2527 		break;
2528 	default:
2529 		break;
2530 	}
2531 	if (sinfo->filled & STATION_INFO_TX_BITRATE) {
2532 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
2533 					  NL80211_STA_INFO_TX_BITRATE))
2534 			goto nla_put_failure;
2535 	}
2536 	if (sinfo->filled & STATION_INFO_RX_BITRATE) {
2537 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
2538 					  NL80211_STA_INFO_RX_BITRATE))
2539 			goto nla_put_failure;
2540 	}
2541 	if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
2542 	    nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
2543 			sinfo->rx_packets))
2544 		goto nla_put_failure;
2545 	if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
2546 	    nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
2547 			sinfo->tx_packets))
2548 		goto nla_put_failure;
2549 	if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
2550 	    nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
2551 			sinfo->tx_retries))
2552 		goto nla_put_failure;
2553 	if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
2554 	    nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
2555 			sinfo->tx_failed))
2556 		goto nla_put_failure;
2557 	if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
2558 	    nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
2559 			sinfo->beacon_loss_count))
2560 		goto nla_put_failure;
2561 	if (sinfo->filled & STATION_INFO_BSS_PARAM) {
2562 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
2563 		if (!bss_param)
2564 			goto nla_put_failure;
2565 
2566 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
2567 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
2568 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
2569 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
2570 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
2571 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
2572 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
2573 			       sinfo->bss_param.dtim_period) ||
2574 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
2575 				sinfo->bss_param.beacon_interval))
2576 			goto nla_put_failure;
2577 
2578 		nla_nest_end(msg, bss_param);
2579 	}
2580 	if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
2581 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
2582 		    sizeof(struct nl80211_sta_flag_update),
2583 		    &sinfo->sta_flags))
2584 		goto nla_put_failure;
2585 	if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
2586 		nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
2587 			    sinfo->t_offset))
2588 		goto nla_put_failure;
2589 	nla_nest_end(msg, sinfoattr);
2590 
2591 	if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
2592 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
2593 		    sinfo->assoc_req_ies))
2594 		goto nla_put_failure;
2595 
2596 	return genlmsg_end(msg, hdr);
2597 
2598  nla_put_failure:
2599 	genlmsg_cancel(msg, hdr);
2600 	return -EMSGSIZE;
2601 }
2602 
2603 static int nl80211_dump_station(struct sk_buff *skb,
2604 				struct netlink_callback *cb)
2605 {
2606 	struct station_info sinfo;
2607 	struct cfg80211_registered_device *dev;
2608 	struct net_device *netdev;
2609 	u8 mac_addr[ETH_ALEN];
2610 	int sta_idx = cb->args[1];
2611 	int err;
2612 
2613 	err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2614 	if (err)
2615 		return err;
2616 
2617 	if (!dev->ops->dump_station) {
2618 		err = -EOPNOTSUPP;
2619 		goto out_err;
2620 	}
2621 
2622 	while (1) {
2623 		memset(&sinfo, 0, sizeof(sinfo));
2624 		err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
2625 					     mac_addr, &sinfo);
2626 		if (err == -ENOENT)
2627 			break;
2628 		if (err)
2629 			goto out_err;
2630 
2631 		if (nl80211_send_station(skb,
2632 				NETLINK_CB(cb->skb).pid,
2633 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
2634 				dev, netdev, mac_addr,
2635 				&sinfo) < 0)
2636 			goto out;
2637 
2638 		sta_idx++;
2639 	}
2640 
2641 
2642  out:
2643 	cb->args[1] = sta_idx;
2644 	err = skb->len;
2645  out_err:
2646 	nl80211_finish_netdev_dump(dev);
2647 
2648 	return err;
2649 }
2650 
2651 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
2652 {
2653 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2654 	struct net_device *dev = info->user_ptr[1];
2655 	struct station_info sinfo;
2656 	struct sk_buff *msg;
2657 	u8 *mac_addr = NULL;
2658 	int err;
2659 
2660 	memset(&sinfo, 0, sizeof(sinfo));
2661 
2662 	if (!info->attrs[NL80211_ATTR_MAC])
2663 		return -EINVAL;
2664 
2665 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2666 
2667 	if (!rdev->ops->get_station)
2668 		return -EOPNOTSUPP;
2669 
2670 	err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
2671 	if (err)
2672 		return err;
2673 
2674 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2675 	if (!msg)
2676 		return -ENOMEM;
2677 
2678 	if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
2679 				 rdev, dev, mac_addr, &sinfo) < 0) {
2680 		nlmsg_free(msg);
2681 		return -ENOBUFS;
2682 	}
2683 
2684 	return genlmsg_reply(msg, info);
2685 }
2686 
2687 /*
2688  * Get vlan interface making sure it is running and on the right wiphy.
2689  */
2690 static struct net_device *get_vlan(struct genl_info *info,
2691 				   struct cfg80211_registered_device *rdev)
2692 {
2693 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
2694 	struct net_device *v;
2695 	int ret;
2696 
2697 	if (!vlanattr)
2698 		return NULL;
2699 
2700 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
2701 	if (!v)
2702 		return ERR_PTR(-ENODEV);
2703 
2704 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
2705 		ret = -EINVAL;
2706 		goto error;
2707 	}
2708 
2709 	if (!netif_running(v)) {
2710 		ret = -ENETDOWN;
2711 		goto error;
2712 	}
2713 
2714 	return v;
2715  error:
2716 	dev_put(v);
2717 	return ERR_PTR(ret);
2718 }
2719 
2720 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
2721 {
2722 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2723 	int err;
2724 	struct net_device *dev = info->user_ptr[1];
2725 	struct station_parameters params;
2726 	u8 *mac_addr = NULL;
2727 
2728 	memset(&params, 0, sizeof(params));
2729 
2730 	params.listen_interval = -1;
2731 	params.plink_state = -1;
2732 
2733 	if (info->attrs[NL80211_ATTR_STA_AID])
2734 		return -EINVAL;
2735 
2736 	if (!info->attrs[NL80211_ATTR_MAC])
2737 		return -EINVAL;
2738 
2739 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2740 
2741 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
2742 		params.supported_rates =
2743 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2744 		params.supported_rates_len =
2745 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2746 	}
2747 
2748 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2749 		params.listen_interval =
2750 		    nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2751 
2752 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2753 		params.ht_capa =
2754 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2755 
2756 	if (!rdev->ops->change_station)
2757 		return -EOPNOTSUPP;
2758 
2759 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
2760 		return -EINVAL;
2761 
2762 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2763 		params.plink_action =
2764 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2765 
2766 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE])
2767 		params.plink_state =
2768 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
2769 
2770 	switch (dev->ieee80211_ptr->iftype) {
2771 	case NL80211_IFTYPE_AP:
2772 	case NL80211_IFTYPE_AP_VLAN:
2773 	case NL80211_IFTYPE_P2P_GO:
2774 		/* disallow mesh-specific things */
2775 		if (params.plink_action)
2776 			return -EINVAL;
2777 
2778 		/* TDLS can't be set, ... */
2779 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2780 			return -EINVAL;
2781 		/*
2782 		 * ... but don't bother the driver with it. This works around
2783 		 * a hostapd/wpa_supplicant issue -- it always includes the
2784 		 * TLDS_PEER flag in the mask even for AP mode.
2785 		 */
2786 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2787 
2788 		/* accept only the listed bits */
2789 		if (params.sta_flags_mask &
2790 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
2791 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2792 				  BIT(NL80211_STA_FLAG_WME) |
2793 				  BIT(NL80211_STA_FLAG_MFP)))
2794 			return -EINVAL;
2795 
2796 		/* must be last in here for error handling */
2797 		params.vlan = get_vlan(info, rdev);
2798 		if (IS_ERR(params.vlan))
2799 			return PTR_ERR(params.vlan);
2800 		break;
2801 	case NL80211_IFTYPE_P2P_CLIENT:
2802 	case NL80211_IFTYPE_STATION:
2803 		/*
2804 		 * Don't allow userspace to change the TDLS_PEER flag,
2805 		 * but silently ignore attempts to change it since we
2806 		 * don't have state here to verify that it doesn't try
2807 		 * to change the flag.
2808 		 */
2809 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2810 		/* fall through */
2811 	case NL80211_IFTYPE_ADHOC:
2812 		/* disallow things sta doesn't support */
2813 		if (params.plink_action)
2814 			return -EINVAL;
2815 		if (params.ht_capa)
2816 			return -EINVAL;
2817 		if (params.listen_interval >= 0)
2818 			return -EINVAL;
2819 		/* reject any changes other than AUTHORIZED */
2820 		if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
2821 			return -EINVAL;
2822 		break;
2823 	case NL80211_IFTYPE_MESH_POINT:
2824 		/* disallow things mesh doesn't support */
2825 		if (params.vlan)
2826 			return -EINVAL;
2827 		if (params.ht_capa)
2828 			return -EINVAL;
2829 		if (params.listen_interval >= 0)
2830 			return -EINVAL;
2831 		/*
2832 		 * No special handling for TDLS here -- the userspace
2833 		 * mesh code doesn't have this bug.
2834 		 */
2835 		if (params.sta_flags_mask &
2836 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2837 				  BIT(NL80211_STA_FLAG_MFP) |
2838 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
2839 			return -EINVAL;
2840 		break;
2841 	default:
2842 		return -EOPNOTSUPP;
2843 	}
2844 
2845 	/* be aware of params.vlan when changing code here */
2846 
2847 	err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
2848 
2849 	if (params.vlan)
2850 		dev_put(params.vlan);
2851 
2852 	return err;
2853 }
2854 
2855 static struct nla_policy
2856 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
2857 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
2858 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
2859 };
2860 
2861 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2862 {
2863 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2864 	int err;
2865 	struct net_device *dev = info->user_ptr[1];
2866 	struct station_parameters params;
2867 	u8 *mac_addr = NULL;
2868 
2869 	memset(&params, 0, sizeof(params));
2870 
2871 	if (!info->attrs[NL80211_ATTR_MAC])
2872 		return -EINVAL;
2873 
2874 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2875 		return -EINVAL;
2876 
2877 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
2878 		return -EINVAL;
2879 
2880 	if (!info->attrs[NL80211_ATTR_STA_AID])
2881 		return -EINVAL;
2882 
2883 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2884 	params.supported_rates =
2885 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2886 	params.supported_rates_len =
2887 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2888 	params.listen_interval =
2889 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2890 
2891 	params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
2892 	if (!params.aid || params.aid > IEEE80211_MAX_AID)
2893 		return -EINVAL;
2894 
2895 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2896 		params.ht_capa =
2897 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2898 
2899 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2900 		params.plink_action =
2901 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2902 
2903 	if (!rdev->ops->add_station)
2904 		return -EOPNOTSUPP;
2905 
2906 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
2907 		return -EINVAL;
2908 
2909 	switch (dev->ieee80211_ptr->iftype) {
2910 	case NL80211_IFTYPE_AP:
2911 	case NL80211_IFTYPE_AP_VLAN:
2912 	case NL80211_IFTYPE_P2P_GO:
2913 		/* parse WME attributes if sta is WME capable */
2914 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2915 		    (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) &&
2916 		    info->attrs[NL80211_ATTR_STA_WME]) {
2917 			struct nlattr *tb[NL80211_STA_WME_MAX + 1];
2918 			struct nlattr *nla;
2919 
2920 			nla = info->attrs[NL80211_ATTR_STA_WME];
2921 			err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
2922 					       nl80211_sta_wme_policy);
2923 			if (err)
2924 				return err;
2925 
2926 			if (tb[NL80211_STA_WME_UAPSD_QUEUES])
2927 				params.uapsd_queues =
2928 				     nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]);
2929 			if (params.uapsd_queues &
2930 					~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
2931 				return -EINVAL;
2932 
2933 			if (tb[NL80211_STA_WME_MAX_SP])
2934 				params.max_sp =
2935 				     nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
2936 
2937 			if (params.max_sp &
2938 					~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
2939 				return -EINVAL;
2940 
2941 			params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
2942 		}
2943 		/* TDLS peers cannot be added */
2944 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2945 			return -EINVAL;
2946 		/* but don't bother the driver with it */
2947 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2948 
2949 		/* must be last in here for error handling */
2950 		params.vlan = get_vlan(info, rdev);
2951 		if (IS_ERR(params.vlan))
2952 			return PTR_ERR(params.vlan);
2953 		break;
2954 	case NL80211_IFTYPE_MESH_POINT:
2955 		/* TDLS peers cannot be added */
2956 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2957 			return -EINVAL;
2958 		break;
2959 	case NL80211_IFTYPE_STATION:
2960 		/* Only TDLS peers can be added */
2961 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
2962 			return -EINVAL;
2963 		/* Can only add if TDLS ... */
2964 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
2965 			return -EOPNOTSUPP;
2966 		/* ... with external setup is supported */
2967 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
2968 			return -EOPNOTSUPP;
2969 		break;
2970 	default:
2971 		return -EOPNOTSUPP;
2972 	}
2973 
2974 	/* be aware of params.vlan when changing code here */
2975 
2976 	err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
2977 
2978 	if (params.vlan)
2979 		dev_put(params.vlan);
2980 	return err;
2981 }
2982 
2983 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2984 {
2985 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2986 	struct net_device *dev = info->user_ptr[1];
2987 	u8 *mac_addr = NULL;
2988 
2989 	if (info->attrs[NL80211_ATTR_MAC])
2990 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2991 
2992 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2993 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2994 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2995 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2996 		return -EINVAL;
2997 
2998 	if (!rdev->ops->del_station)
2999 		return -EOPNOTSUPP;
3000 
3001 	return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
3002 }
3003 
3004 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
3005 				int flags, struct net_device *dev,
3006 				u8 *dst, u8 *next_hop,
3007 				struct mpath_info *pinfo)
3008 {
3009 	void *hdr;
3010 	struct nlattr *pinfoattr;
3011 
3012 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
3013 	if (!hdr)
3014 		return -1;
3015 
3016 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3017 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
3018 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
3019 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
3020 		goto nla_put_failure;
3021 
3022 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
3023 	if (!pinfoattr)
3024 		goto nla_put_failure;
3025 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
3026 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
3027 			pinfo->frame_qlen))
3028 		goto nla_put_failure;
3029 	if (((pinfo->filled & MPATH_INFO_SN) &&
3030 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
3031 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
3032 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
3033 			 pinfo->metric)) ||
3034 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
3035 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
3036 			 pinfo->exptime)) ||
3037 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
3038 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
3039 			pinfo->flags)) ||
3040 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
3041 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
3042 			 pinfo->discovery_timeout)) ||
3043 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
3044 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
3045 			pinfo->discovery_retries)))
3046 		goto nla_put_failure;
3047 
3048 	nla_nest_end(msg, pinfoattr);
3049 
3050 	return genlmsg_end(msg, hdr);
3051 
3052  nla_put_failure:
3053 	genlmsg_cancel(msg, hdr);
3054 	return -EMSGSIZE;
3055 }
3056 
3057 static int nl80211_dump_mpath(struct sk_buff *skb,
3058 			      struct netlink_callback *cb)
3059 {
3060 	struct mpath_info pinfo;
3061 	struct cfg80211_registered_device *dev;
3062 	struct net_device *netdev;
3063 	u8 dst[ETH_ALEN];
3064 	u8 next_hop[ETH_ALEN];
3065 	int path_idx = cb->args[1];
3066 	int err;
3067 
3068 	err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
3069 	if (err)
3070 		return err;
3071 
3072 	if (!dev->ops->dump_mpath) {
3073 		err = -EOPNOTSUPP;
3074 		goto out_err;
3075 	}
3076 
3077 	if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
3078 		err = -EOPNOTSUPP;
3079 		goto out_err;
3080 	}
3081 
3082 	while (1) {
3083 		err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
3084 					   dst, next_hop, &pinfo);
3085 		if (err == -ENOENT)
3086 			break;
3087 		if (err)
3088 			goto out_err;
3089 
3090 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
3091 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
3092 				       netdev, dst, next_hop,
3093 				       &pinfo) < 0)
3094 			goto out;
3095 
3096 		path_idx++;
3097 	}
3098 
3099 
3100  out:
3101 	cb->args[1] = path_idx;
3102 	err = skb->len;
3103  out_err:
3104 	nl80211_finish_netdev_dump(dev);
3105 	return err;
3106 }
3107 
3108 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
3109 {
3110 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3111 	int err;
3112 	struct net_device *dev = info->user_ptr[1];
3113 	struct mpath_info pinfo;
3114 	struct sk_buff *msg;
3115 	u8 *dst = NULL;
3116 	u8 next_hop[ETH_ALEN];
3117 
3118 	memset(&pinfo, 0, sizeof(pinfo));
3119 
3120 	if (!info->attrs[NL80211_ATTR_MAC])
3121 		return -EINVAL;
3122 
3123 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3124 
3125 	if (!rdev->ops->get_mpath)
3126 		return -EOPNOTSUPP;
3127 
3128 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3129 		return -EOPNOTSUPP;
3130 
3131 	err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
3132 	if (err)
3133 		return err;
3134 
3135 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3136 	if (!msg)
3137 		return -ENOMEM;
3138 
3139 	if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
3140 				 dev, dst, next_hop, &pinfo) < 0) {
3141 		nlmsg_free(msg);
3142 		return -ENOBUFS;
3143 	}
3144 
3145 	return genlmsg_reply(msg, info);
3146 }
3147 
3148 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
3149 {
3150 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3151 	struct net_device *dev = info->user_ptr[1];
3152 	u8 *dst = NULL;
3153 	u8 *next_hop = NULL;
3154 
3155 	if (!info->attrs[NL80211_ATTR_MAC])
3156 		return -EINVAL;
3157 
3158 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3159 		return -EINVAL;
3160 
3161 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3162 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3163 
3164 	if (!rdev->ops->change_mpath)
3165 		return -EOPNOTSUPP;
3166 
3167 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3168 		return -EOPNOTSUPP;
3169 
3170 	return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
3171 }
3172 
3173 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
3174 {
3175 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3176 	struct net_device *dev = info->user_ptr[1];
3177 	u8 *dst = NULL;
3178 	u8 *next_hop = NULL;
3179 
3180 	if (!info->attrs[NL80211_ATTR_MAC])
3181 		return -EINVAL;
3182 
3183 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3184 		return -EINVAL;
3185 
3186 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3187 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3188 
3189 	if (!rdev->ops->add_mpath)
3190 		return -EOPNOTSUPP;
3191 
3192 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3193 		return -EOPNOTSUPP;
3194 
3195 	return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
3196 }
3197 
3198 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
3199 {
3200 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3201 	struct net_device *dev = info->user_ptr[1];
3202 	u8 *dst = NULL;
3203 
3204 	if (info->attrs[NL80211_ATTR_MAC])
3205 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3206 
3207 	if (!rdev->ops->del_mpath)
3208 		return -EOPNOTSUPP;
3209 
3210 	return rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
3211 }
3212 
3213 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
3214 {
3215 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3216 	struct net_device *dev = info->user_ptr[1];
3217 	struct bss_parameters params;
3218 
3219 	memset(&params, 0, sizeof(params));
3220 	/* default to not changing parameters */
3221 	params.use_cts_prot = -1;
3222 	params.use_short_preamble = -1;
3223 	params.use_short_slot_time = -1;
3224 	params.ap_isolate = -1;
3225 	params.ht_opmode = -1;
3226 
3227 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
3228 		params.use_cts_prot =
3229 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
3230 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
3231 		params.use_short_preamble =
3232 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
3233 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
3234 		params.use_short_slot_time =
3235 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
3236 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
3237 		params.basic_rates =
3238 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3239 		params.basic_rates_len =
3240 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3241 	}
3242 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
3243 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
3244 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
3245 		params.ht_opmode =
3246 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
3247 
3248 	if (!rdev->ops->change_bss)
3249 		return -EOPNOTSUPP;
3250 
3251 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3252 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3253 		return -EOPNOTSUPP;
3254 
3255 	return rdev->ops->change_bss(&rdev->wiphy, dev, &params);
3256 }
3257 
3258 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
3259 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
3260 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
3261 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
3262 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
3263 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
3264 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
3265 };
3266 
3267 static int parse_reg_rule(struct nlattr *tb[],
3268 	struct ieee80211_reg_rule *reg_rule)
3269 {
3270 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
3271 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
3272 
3273 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
3274 		return -EINVAL;
3275 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
3276 		return -EINVAL;
3277 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
3278 		return -EINVAL;
3279 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
3280 		return -EINVAL;
3281 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
3282 		return -EINVAL;
3283 
3284 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
3285 
3286 	freq_range->start_freq_khz =
3287 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
3288 	freq_range->end_freq_khz =
3289 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
3290 	freq_range->max_bandwidth_khz =
3291 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
3292 
3293 	power_rule->max_eirp =
3294 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
3295 
3296 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
3297 		power_rule->max_antenna_gain =
3298 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
3299 
3300 	return 0;
3301 }
3302 
3303 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
3304 {
3305 	int r;
3306 	char *data = NULL;
3307 
3308 	/*
3309 	 * You should only get this when cfg80211 hasn't yet initialized
3310 	 * completely when built-in to the kernel right between the time
3311 	 * window between nl80211_init() and regulatory_init(), if that is
3312 	 * even possible.
3313 	 */
3314 	mutex_lock(&cfg80211_mutex);
3315 	if (unlikely(!cfg80211_regdomain)) {
3316 		mutex_unlock(&cfg80211_mutex);
3317 		return -EINPROGRESS;
3318 	}
3319 	mutex_unlock(&cfg80211_mutex);
3320 
3321 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3322 		return -EINVAL;
3323 
3324 	data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3325 
3326 	r = regulatory_hint_user(data);
3327 
3328 	return r;
3329 }
3330 
3331 static int nl80211_get_mesh_config(struct sk_buff *skb,
3332 				   struct genl_info *info)
3333 {
3334 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3335 	struct net_device *dev = info->user_ptr[1];
3336 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3337 	struct mesh_config cur_params;
3338 	int err = 0;
3339 	void *hdr;
3340 	struct nlattr *pinfoattr;
3341 	struct sk_buff *msg;
3342 
3343 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3344 		return -EOPNOTSUPP;
3345 
3346 	if (!rdev->ops->get_mesh_config)
3347 		return -EOPNOTSUPP;
3348 
3349 	wdev_lock(wdev);
3350 	/* If not connected, get default parameters */
3351 	if (!wdev->mesh_id_len)
3352 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
3353 	else
3354 		err = rdev->ops->get_mesh_config(&rdev->wiphy, dev,
3355 						 &cur_params);
3356 	wdev_unlock(wdev);
3357 
3358 	if (err)
3359 		return err;
3360 
3361 	/* Draw up a netlink message to send back */
3362 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3363 	if (!msg)
3364 		return -ENOMEM;
3365 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3366 			     NL80211_CMD_GET_MESH_CONFIG);
3367 	if (!hdr)
3368 		goto out;
3369 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
3370 	if (!pinfoattr)
3371 		goto nla_put_failure;
3372 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3373 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
3374 			cur_params.dot11MeshRetryTimeout) ||
3375 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
3376 			cur_params.dot11MeshConfirmTimeout) ||
3377 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
3378 			cur_params.dot11MeshHoldingTimeout) ||
3379 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
3380 			cur_params.dot11MeshMaxPeerLinks) ||
3381 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
3382 		       cur_params.dot11MeshMaxRetries) ||
3383 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
3384 		       cur_params.dot11MeshTTL) ||
3385 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
3386 		       cur_params.element_ttl) ||
3387 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
3388 		       cur_params.auto_open_plinks) ||
3389 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
3390 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
3391 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3392 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
3393 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
3394 			cur_params.path_refresh_time) ||
3395 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3396 			cur_params.min_discovery_timeout) ||
3397 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3398 			cur_params.dot11MeshHWMPactivePathTimeout) ||
3399 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3400 			cur_params.dot11MeshHWMPpreqMinInterval) ||
3401 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3402 			cur_params.dot11MeshHWMPperrMinInterval) ||
3403 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3404 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
3405 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
3406 		       cur_params.dot11MeshHWMPRootMode) ||
3407 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3408 			cur_params.dot11MeshHWMPRannInterval) ||
3409 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3410 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
3411 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
3412 		       cur_params.dot11MeshForwarding) ||
3413 	    nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
3414 			cur_params.rssi_threshold) ||
3415 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
3416 			cur_params.ht_opmode))
3417 		goto nla_put_failure;
3418 	nla_nest_end(msg, pinfoattr);
3419 	genlmsg_end(msg, hdr);
3420 	return genlmsg_reply(msg, info);
3421 
3422  nla_put_failure:
3423 	genlmsg_cancel(msg, hdr);
3424  out:
3425 	nlmsg_free(msg);
3426 	return -ENOBUFS;
3427 }
3428 
3429 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
3430 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
3431 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
3432 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
3433 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
3434 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
3435 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
3436 	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
3437 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
3438 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
3439 
3440 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
3441 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
3442 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
3443 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
3444 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
3445 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
3446 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
3447 	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
3448 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
3449 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
3450 	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
3451 	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32},
3452 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16},
3453 };
3454 
3455 static const struct nla_policy
3456 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
3457 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
3458 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
3459 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
3460 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
3461 	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
3462 		.len = IEEE80211_MAX_DATA_LEN },
3463 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
3464 };
3465 
3466 static int nl80211_parse_mesh_config(struct genl_info *info,
3467 				     struct mesh_config *cfg,
3468 				     u32 *mask_out)
3469 {
3470 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
3471 	u32 mask = 0;
3472 
3473 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
3474 do {\
3475 	if (table[attr_num]) {\
3476 		cfg->param = nla_fn(table[attr_num]); \
3477 		mask |= (1 << (attr_num - 1)); \
3478 	} \
3479 } while (0);\
3480 
3481 
3482 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
3483 		return -EINVAL;
3484 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
3485 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
3486 			     nl80211_meshconf_params_policy))
3487 		return -EINVAL;
3488 
3489 	/* This makes sure that there aren't more than 32 mesh config
3490 	 * parameters (otherwise our bitfield scheme would not work.) */
3491 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
3492 
3493 	/* Fill in the params struct */
3494 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
3495 			mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
3496 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
3497 			mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
3498 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
3499 			mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
3500 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
3501 			mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
3502 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
3503 			mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
3504 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
3505 			mask, NL80211_MESHCONF_TTL, nla_get_u8);
3506 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl,
3507 			mask, NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
3508 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
3509 			mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
3510 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
3511 			mask, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
3512 			nla_get_u32);
3513 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
3514 			mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3515 			nla_get_u8);
3516 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
3517 			mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
3518 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
3519 			mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3520 			nla_get_u16);
3521 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
3522 			mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3523 			nla_get_u32);
3524 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
3525 			mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3526 			nla_get_u16);
3527 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
3528 			mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3529 			nla_get_u16);
3530 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3531 			dot11MeshHWMPnetDiameterTraversalTime,
3532 			mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3533 			nla_get_u16);
3534 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3535 			dot11MeshHWMPRootMode, mask,
3536 			NL80211_MESHCONF_HWMP_ROOTMODE,
3537 			nla_get_u8);
3538 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3539 			dot11MeshHWMPRannInterval, mask,
3540 			NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3541 			nla_get_u16);
3542 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3543 			dot11MeshGateAnnouncementProtocol, mask,
3544 			NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3545 			nla_get_u8);
3546 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding,
3547 			mask, NL80211_MESHCONF_FORWARDING, nla_get_u8);
3548 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold,
3549 			mask, NL80211_MESHCONF_RSSI_THRESHOLD, nla_get_u32);
3550 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode,
3551 			mask, NL80211_MESHCONF_HT_OPMODE, nla_get_u16);
3552 	if (mask_out)
3553 		*mask_out = mask;
3554 
3555 	return 0;
3556 
3557 #undef FILL_IN_MESH_PARAM_IF_SET
3558 }
3559 
3560 static int nl80211_parse_mesh_setup(struct genl_info *info,
3561 				     struct mesh_setup *setup)
3562 {
3563 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
3564 
3565 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
3566 		return -EINVAL;
3567 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
3568 			     info->attrs[NL80211_ATTR_MESH_SETUP],
3569 			     nl80211_mesh_setup_params_policy))
3570 		return -EINVAL;
3571 
3572 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
3573 		setup->sync_method =
3574 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
3575 		 IEEE80211_SYNC_METHOD_VENDOR :
3576 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
3577 
3578 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
3579 		setup->path_sel_proto =
3580 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
3581 		 IEEE80211_PATH_PROTOCOL_VENDOR :
3582 		 IEEE80211_PATH_PROTOCOL_HWMP;
3583 
3584 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
3585 		setup->path_metric =
3586 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
3587 		 IEEE80211_PATH_METRIC_VENDOR :
3588 		 IEEE80211_PATH_METRIC_AIRTIME;
3589 
3590 
3591 	if (tb[NL80211_MESH_SETUP_IE]) {
3592 		struct nlattr *ieattr =
3593 			tb[NL80211_MESH_SETUP_IE];
3594 		if (!is_valid_ie_attr(ieattr))
3595 			return -EINVAL;
3596 		setup->ie = nla_data(ieattr);
3597 		setup->ie_len = nla_len(ieattr);
3598 	}
3599 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
3600 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
3601 
3602 	return 0;
3603 }
3604 
3605 static int nl80211_update_mesh_config(struct sk_buff *skb,
3606 				      struct genl_info *info)
3607 {
3608 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3609 	struct net_device *dev = info->user_ptr[1];
3610 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3611 	struct mesh_config cfg;
3612 	u32 mask;
3613 	int err;
3614 
3615 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3616 		return -EOPNOTSUPP;
3617 
3618 	if (!rdev->ops->update_mesh_config)
3619 		return -EOPNOTSUPP;
3620 
3621 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
3622 	if (err)
3623 		return err;
3624 
3625 	wdev_lock(wdev);
3626 	if (!wdev->mesh_id_len)
3627 		err = -ENOLINK;
3628 
3629 	if (!err)
3630 		err = rdev->ops->update_mesh_config(&rdev->wiphy, dev,
3631 						    mask, &cfg);
3632 
3633 	wdev_unlock(wdev);
3634 
3635 	return err;
3636 }
3637 
3638 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3639 {
3640 	struct sk_buff *msg;
3641 	void *hdr = NULL;
3642 	struct nlattr *nl_reg_rules;
3643 	unsigned int i;
3644 	int err = -EINVAL;
3645 
3646 	mutex_lock(&cfg80211_mutex);
3647 
3648 	if (!cfg80211_regdomain)
3649 		goto out;
3650 
3651 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3652 	if (!msg) {
3653 		err = -ENOBUFS;
3654 		goto out;
3655 	}
3656 
3657 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3658 			     NL80211_CMD_GET_REG);
3659 	if (!hdr)
3660 		goto put_failure;
3661 
3662 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
3663 			   cfg80211_regdomain->alpha2) ||
3664 	    (cfg80211_regdomain->dfs_region &&
3665 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION,
3666 			cfg80211_regdomain->dfs_region)))
3667 		goto nla_put_failure;
3668 
3669 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
3670 	if (!nl_reg_rules)
3671 		goto nla_put_failure;
3672 
3673 	for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
3674 		struct nlattr *nl_reg_rule;
3675 		const struct ieee80211_reg_rule *reg_rule;
3676 		const struct ieee80211_freq_range *freq_range;
3677 		const struct ieee80211_power_rule *power_rule;
3678 
3679 		reg_rule = &cfg80211_regdomain->reg_rules[i];
3680 		freq_range = &reg_rule->freq_range;
3681 		power_rule = &reg_rule->power_rule;
3682 
3683 		nl_reg_rule = nla_nest_start(msg, i);
3684 		if (!nl_reg_rule)
3685 			goto nla_put_failure;
3686 
3687 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
3688 				reg_rule->flags) ||
3689 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
3690 				freq_range->start_freq_khz) ||
3691 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
3692 				freq_range->end_freq_khz) ||
3693 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
3694 				freq_range->max_bandwidth_khz) ||
3695 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
3696 				power_rule->max_antenna_gain) ||
3697 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
3698 				power_rule->max_eirp))
3699 			goto nla_put_failure;
3700 
3701 		nla_nest_end(msg, nl_reg_rule);
3702 	}
3703 
3704 	nla_nest_end(msg, nl_reg_rules);
3705 
3706 	genlmsg_end(msg, hdr);
3707 	err = genlmsg_reply(msg, info);
3708 	goto out;
3709 
3710 nla_put_failure:
3711 	genlmsg_cancel(msg, hdr);
3712 put_failure:
3713 	nlmsg_free(msg);
3714 	err = -EMSGSIZE;
3715 out:
3716 	mutex_unlock(&cfg80211_mutex);
3717 	return err;
3718 }
3719 
3720 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
3721 {
3722 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
3723 	struct nlattr *nl_reg_rule;
3724 	char *alpha2 = NULL;
3725 	int rem_reg_rules = 0, r = 0;
3726 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
3727 	u8 dfs_region = 0;
3728 	struct ieee80211_regdomain *rd = NULL;
3729 
3730 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3731 		return -EINVAL;
3732 
3733 	if (!info->attrs[NL80211_ATTR_REG_RULES])
3734 		return -EINVAL;
3735 
3736 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3737 
3738 	if (info->attrs[NL80211_ATTR_DFS_REGION])
3739 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
3740 
3741 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3742 			rem_reg_rules) {
3743 		num_rules++;
3744 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
3745 			return -EINVAL;
3746 	}
3747 
3748 	mutex_lock(&cfg80211_mutex);
3749 
3750 	if (!reg_is_valid_request(alpha2)) {
3751 		r = -EINVAL;
3752 		goto bad_reg;
3753 	}
3754 
3755 	size_of_regd = sizeof(struct ieee80211_regdomain) +
3756 		(num_rules * sizeof(struct ieee80211_reg_rule));
3757 
3758 	rd = kzalloc(size_of_regd, GFP_KERNEL);
3759 	if (!rd) {
3760 		r = -ENOMEM;
3761 		goto bad_reg;
3762 	}
3763 
3764 	rd->n_reg_rules = num_rules;
3765 	rd->alpha2[0] = alpha2[0];
3766 	rd->alpha2[1] = alpha2[1];
3767 
3768 	/*
3769 	 * Disable DFS master mode if the DFS region was
3770 	 * not supported or known on this kernel.
3771 	 */
3772 	if (reg_supported_dfs_region(dfs_region))
3773 		rd->dfs_region = dfs_region;
3774 
3775 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3776 			rem_reg_rules) {
3777 		nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
3778 			nla_data(nl_reg_rule), nla_len(nl_reg_rule),
3779 			reg_rule_policy);
3780 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
3781 		if (r)
3782 			goto bad_reg;
3783 
3784 		rule_idx++;
3785 
3786 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
3787 			r = -EINVAL;
3788 			goto bad_reg;
3789 		}
3790 	}
3791 
3792 	BUG_ON(rule_idx != num_rules);
3793 
3794 	r = set_regdom(rd);
3795 
3796 	mutex_unlock(&cfg80211_mutex);
3797 
3798 	return r;
3799 
3800  bad_reg:
3801 	mutex_unlock(&cfg80211_mutex);
3802 	kfree(rd);
3803 	return r;
3804 }
3805 
3806 static int validate_scan_freqs(struct nlattr *freqs)
3807 {
3808 	struct nlattr *attr1, *attr2;
3809 	int n_channels = 0, tmp1, tmp2;
3810 
3811 	nla_for_each_nested(attr1, freqs, tmp1) {
3812 		n_channels++;
3813 		/*
3814 		 * Some hardware has a limited channel list for
3815 		 * scanning, and it is pretty much nonsensical
3816 		 * to scan for a channel twice, so disallow that
3817 		 * and don't require drivers to check that the
3818 		 * channel list they get isn't longer than what
3819 		 * they can scan, as long as they can scan all
3820 		 * the channels they registered at once.
3821 		 */
3822 		nla_for_each_nested(attr2, freqs, tmp2)
3823 			if (attr1 != attr2 &&
3824 			    nla_get_u32(attr1) == nla_get_u32(attr2))
3825 				return 0;
3826 	}
3827 
3828 	return n_channels;
3829 }
3830 
3831 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
3832 {
3833 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3834 	struct net_device *dev = info->user_ptr[1];
3835 	struct cfg80211_scan_request *request;
3836 	struct nlattr *attr;
3837 	struct wiphy *wiphy;
3838 	int err, tmp, n_ssids = 0, n_channels, i;
3839 	size_t ie_len;
3840 
3841 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3842 		return -EINVAL;
3843 
3844 	wiphy = &rdev->wiphy;
3845 
3846 	if (!rdev->ops->scan)
3847 		return -EOPNOTSUPP;
3848 
3849 	if (rdev->scan_req)
3850 		return -EBUSY;
3851 
3852 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3853 		n_channels = validate_scan_freqs(
3854 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3855 		if (!n_channels)
3856 			return -EINVAL;
3857 	} else {
3858 		enum ieee80211_band band;
3859 		n_channels = 0;
3860 
3861 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3862 			if (wiphy->bands[band])
3863 				n_channels += wiphy->bands[band]->n_channels;
3864 	}
3865 
3866 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3867 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
3868 			n_ssids++;
3869 
3870 	if (n_ssids > wiphy->max_scan_ssids)
3871 		return -EINVAL;
3872 
3873 	if (info->attrs[NL80211_ATTR_IE])
3874 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3875 	else
3876 		ie_len = 0;
3877 
3878 	if (ie_len > wiphy->max_scan_ie_len)
3879 		return -EINVAL;
3880 
3881 	request = kzalloc(sizeof(*request)
3882 			+ sizeof(*request->ssids) * n_ssids
3883 			+ sizeof(*request->channels) * n_channels
3884 			+ ie_len, GFP_KERNEL);
3885 	if (!request)
3886 		return -ENOMEM;
3887 
3888 	if (n_ssids)
3889 		request->ssids = (void *)&request->channels[n_channels];
3890 	request->n_ssids = n_ssids;
3891 	if (ie_len) {
3892 		if (request->ssids)
3893 			request->ie = (void *)(request->ssids + n_ssids);
3894 		else
3895 			request->ie = (void *)(request->channels + n_channels);
3896 	}
3897 
3898 	i = 0;
3899 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3900 		/* user specified, bail out if channel not found */
3901 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3902 			struct ieee80211_channel *chan;
3903 
3904 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3905 
3906 			if (!chan) {
3907 				err = -EINVAL;
3908 				goto out_free;
3909 			}
3910 
3911 			/* ignore disabled channels */
3912 			if (chan->flags & IEEE80211_CHAN_DISABLED)
3913 				continue;
3914 
3915 			request->channels[i] = chan;
3916 			i++;
3917 		}
3918 	} else {
3919 		enum ieee80211_band band;
3920 
3921 		/* all channels */
3922 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3923 			int j;
3924 			if (!wiphy->bands[band])
3925 				continue;
3926 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3927 				struct ieee80211_channel *chan;
3928 
3929 				chan = &wiphy->bands[band]->channels[j];
3930 
3931 				if (chan->flags & IEEE80211_CHAN_DISABLED)
3932 					continue;
3933 
3934 				request->channels[i] = chan;
3935 				i++;
3936 			}
3937 		}
3938 	}
3939 
3940 	if (!i) {
3941 		err = -EINVAL;
3942 		goto out_free;
3943 	}
3944 
3945 	request->n_channels = i;
3946 
3947 	i = 0;
3948 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3949 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3950 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
3951 				err = -EINVAL;
3952 				goto out_free;
3953 			}
3954 			request->ssids[i].ssid_len = nla_len(attr);
3955 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3956 			i++;
3957 		}
3958 	}
3959 
3960 	if (info->attrs[NL80211_ATTR_IE]) {
3961 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3962 		memcpy((void *)request->ie,
3963 		       nla_data(info->attrs[NL80211_ATTR_IE]),
3964 		       request->ie_len);
3965 	}
3966 
3967 	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
3968 		if (wiphy->bands[i])
3969 			request->rates[i] =
3970 				(1 << wiphy->bands[i]->n_bitrates) - 1;
3971 
3972 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
3973 		nla_for_each_nested(attr,
3974 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
3975 				    tmp) {
3976 			enum ieee80211_band band = nla_type(attr);
3977 
3978 			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
3979 				err = -EINVAL;
3980 				goto out_free;
3981 			}
3982 			err = ieee80211_get_ratemask(wiphy->bands[band],
3983 						     nla_data(attr),
3984 						     nla_len(attr),
3985 						     &request->rates[band]);
3986 			if (err)
3987 				goto out_free;
3988 		}
3989 	}
3990 
3991 	request->no_cck =
3992 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
3993 
3994 	request->dev = dev;
3995 	request->wiphy = &rdev->wiphy;
3996 
3997 	rdev->scan_req = request;
3998 	err = rdev->ops->scan(&rdev->wiphy, dev, request);
3999 
4000 	if (!err) {
4001 		nl80211_send_scan_start(rdev, dev);
4002 		dev_hold(dev);
4003 	} else {
4004  out_free:
4005 		rdev->scan_req = NULL;
4006 		kfree(request);
4007 	}
4008 
4009 	return err;
4010 }
4011 
4012 static int nl80211_start_sched_scan(struct sk_buff *skb,
4013 				    struct genl_info *info)
4014 {
4015 	struct cfg80211_sched_scan_request *request;
4016 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4017 	struct net_device *dev = info->user_ptr[1];
4018 	struct nlattr *attr;
4019 	struct wiphy *wiphy;
4020 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
4021 	u32 interval;
4022 	enum ieee80211_band band;
4023 	size_t ie_len;
4024 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
4025 
4026 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
4027 	    !rdev->ops->sched_scan_start)
4028 		return -EOPNOTSUPP;
4029 
4030 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4031 		return -EINVAL;
4032 
4033 	if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
4034 		return -EINVAL;
4035 
4036 	interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
4037 	if (interval == 0)
4038 		return -EINVAL;
4039 
4040 	wiphy = &rdev->wiphy;
4041 
4042 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4043 		n_channels = validate_scan_freqs(
4044 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
4045 		if (!n_channels)
4046 			return -EINVAL;
4047 	} else {
4048 		n_channels = 0;
4049 
4050 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
4051 			if (wiphy->bands[band])
4052 				n_channels += wiphy->bands[band]->n_channels;
4053 	}
4054 
4055 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
4056 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
4057 				    tmp)
4058 			n_ssids++;
4059 
4060 	if (n_ssids > wiphy->max_sched_scan_ssids)
4061 		return -EINVAL;
4062 
4063 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
4064 		nla_for_each_nested(attr,
4065 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
4066 				    tmp)
4067 			n_match_sets++;
4068 
4069 	if (n_match_sets > wiphy->max_match_sets)
4070 		return -EINVAL;
4071 
4072 	if (info->attrs[NL80211_ATTR_IE])
4073 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4074 	else
4075 		ie_len = 0;
4076 
4077 	if (ie_len > wiphy->max_sched_scan_ie_len)
4078 		return -EINVAL;
4079 
4080 	mutex_lock(&rdev->sched_scan_mtx);
4081 
4082 	if (rdev->sched_scan_req) {
4083 		err = -EINPROGRESS;
4084 		goto out;
4085 	}
4086 
4087 	request = kzalloc(sizeof(*request)
4088 			+ sizeof(*request->ssids) * n_ssids
4089 			+ sizeof(*request->match_sets) * n_match_sets
4090 			+ sizeof(*request->channels) * n_channels
4091 			+ ie_len, GFP_KERNEL);
4092 	if (!request) {
4093 		err = -ENOMEM;
4094 		goto out;
4095 	}
4096 
4097 	if (n_ssids)
4098 		request->ssids = (void *)&request->channels[n_channels];
4099 	request->n_ssids = n_ssids;
4100 	if (ie_len) {
4101 		if (request->ssids)
4102 			request->ie = (void *)(request->ssids + n_ssids);
4103 		else
4104 			request->ie = (void *)(request->channels + n_channels);
4105 	}
4106 
4107 	if (n_match_sets) {
4108 		if (request->ie)
4109 			request->match_sets = (void *)(request->ie + ie_len);
4110 		else if (request->ssids)
4111 			request->match_sets =
4112 				(void *)(request->ssids + n_ssids);
4113 		else
4114 			request->match_sets =
4115 				(void *)(request->channels + n_channels);
4116 	}
4117 	request->n_match_sets = n_match_sets;
4118 
4119 	i = 0;
4120 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4121 		/* user specified, bail out if channel not found */
4122 		nla_for_each_nested(attr,
4123 				    info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
4124 				    tmp) {
4125 			struct ieee80211_channel *chan;
4126 
4127 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
4128 
4129 			if (!chan) {
4130 				err = -EINVAL;
4131 				goto out_free;
4132 			}
4133 
4134 			/* ignore disabled channels */
4135 			if (chan->flags & IEEE80211_CHAN_DISABLED)
4136 				continue;
4137 
4138 			request->channels[i] = chan;
4139 			i++;
4140 		}
4141 	} else {
4142 		/* all channels */
4143 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4144 			int j;
4145 			if (!wiphy->bands[band])
4146 				continue;
4147 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
4148 				struct ieee80211_channel *chan;
4149 
4150 				chan = &wiphy->bands[band]->channels[j];
4151 
4152 				if (chan->flags & IEEE80211_CHAN_DISABLED)
4153 					continue;
4154 
4155 				request->channels[i] = chan;
4156 				i++;
4157 			}
4158 		}
4159 	}
4160 
4161 	if (!i) {
4162 		err = -EINVAL;
4163 		goto out_free;
4164 	}
4165 
4166 	request->n_channels = i;
4167 
4168 	i = 0;
4169 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
4170 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
4171 				    tmp) {
4172 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
4173 				err = -EINVAL;
4174 				goto out_free;
4175 			}
4176 			request->ssids[i].ssid_len = nla_len(attr);
4177 			memcpy(request->ssids[i].ssid, nla_data(attr),
4178 			       nla_len(attr));
4179 			i++;
4180 		}
4181 	}
4182 
4183 	i = 0;
4184 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
4185 		nla_for_each_nested(attr,
4186 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
4187 				    tmp) {
4188 			struct nlattr *ssid;
4189 
4190 			nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
4191 				  nla_data(attr), nla_len(attr),
4192 				  nl80211_match_policy);
4193 			ssid = tb[NL80211_ATTR_SCHED_SCAN_MATCH_SSID];
4194 			if (ssid) {
4195 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
4196 					err = -EINVAL;
4197 					goto out_free;
4198 				}
4199 				memcpy(request->match_sets[i].ssid.ssid,
4200 				       nla_data(ssid), nla_len(ssid));
4201 				request->match_sets[i].ssid.ssid_len =
4202 					nla_len(ssid);
4203 			}
4204 			i++;
4205 		}
4206 	}
4207 
4208 	if (info->attrs[NL80211_ATTR_IE]) {
4209 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4210 		memcpy((void *)request->ie,
4211 		       nla_data(info->attrs[NL80211_ATTR_IE]),
4212 		       request->ie_len);
4213 	}
4214 
4215 	request->dev = dev;
4216 	request->wiphy = &rdev->wiphy;
4217 	request->interval = interval;
4218 
4219 	err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request);
4220 	if (!err) {
4221 		rdev->sched_scan_req = request;
4222 		nl80211_send_sched_scan(rdev, dev,
4223 					NL80211_CMD_START_SCHED_SCAN);
4224 		goto out;
4225 	}
4226 
4227 out_free:
4228 	kfree(request);
4229 out:
4230 	mutex_unlock(&rdev->sched_scan_mtx);
4231 	return err;
4232 }
4233 
4234 static int nl80211_stop_sched_scan(struct sk_buff *skb,
4235 				   struct genl_info *info)
4236 {
4237 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4238 	int err;
4239 
4240 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
4241 	    !rdev->ops->sched_scan_stop)
4242 		return -EOPNOTSUPP;
4243 
4244 	mutex_lock(&rdev->sched_scan_mtx);
4245 	err = __cfg80211_stop_sched_scan(rdev, false);
4246 	mutex_unlock(&rdev->sched_scan_mtx);
4247 
4248 	return err;
4249 }
4250 
4251 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
4252 			    u32 seq, int flags,
4253 			    struct cfg80211_registered_device *rdev,
4254 			    struct wireless_dev *wdev,
4255 			    struct cfg80211_internal_bss *intbss)
4256 {
4257 	struct cfg80211_bss *res = &intbss->pub;
4258 	void *hdr;
4259 	struct nlattr *bss;
4260 
4261 	ASSERT_WDEV_LOCK(wdev);
4262 
4263 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags,
4264 			     NL80211_CMD_NEW_SCAN_RESULTS);
4265 	if (!hdr)
4266 		return -1;
4267 
4268 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
4269 
4270 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) ||
4271 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
4272 		goto nla_put_failure;
4273 
4274 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
4275 	if (!bss)
4276 		goto nla_put_failure;
4277 	if ((!is_zero_ether_addr(res->bssid) &&
4278 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)) ||
4279 	    (res->information_elements && res->len_information_elements &&
4280 	     nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
4281 		     res->len_information_elements,
4282 		     res->information_elements)) ||
4283 	    (res->beacon_ies && res->len_beacon_ies &&
4284 	     res->beacon_ies != res->information_elements &&
4285 	     nla_put(msg, NL80211_BSS_BEACON_IES,
4286 		     res->len_beacon_ies, res->beacon_ies)))
4287 		goto nla_put_failure;
4288 	if (res->tsf &&
4289 	    nla_put_u64(msg, NL80211_BSS_TSF, res->tsf))
4290 		goto nla_put_failure;
4291 	if (res->beacon_interval &&
4292 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
4293 		goto nla_put_failure;
4294 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
4295 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
4296 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
4297 			jiffies_to_msecs(jiffies - intbss->ts)))
4298 		goto nla_put_failure;
4299 
4300 	switch (rdev->wiphy.signal_type) {
4301 	case CFG80211_SIGNAL_TYPE_MBM:
4302 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
4303 			goto nla_put_failure;
4304 		break;
4305 	case CFG80211_SIGNAL_TYPE_UNSPEC:
4306 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
4307 			goto nla_put_failure;
4308 		break;
4309 	default:
4310 		break;
4311 	}
4312 
4313 	switch (wdev->iftype) {
4314 	case NL80211_IFTYPE_P2P_CLIENT:
4315 	case NL80211_IFTYPE_STATION:
4316 		if (intbss == wdev->current_bss &&
4317 		    nla_put_u32(msg, NL80211_BSS_STATUS,
4318 				NL80211_BSS_STATUS_ASSOCIATED))
4319 			goto nla_put_failure;
4320 		break;
4321 	case NL80211_IFTYPE_ADHOC:
4322 		if (intbss == wdev->current_bss &&
4323 		    nla_put_u32(msg, NL80211_BSS_STATUS,
4324 				NL80211_BSS_STATUS_IBSS_JOINED))
4325 			goto nla_put_failure;
4326 		break;
4327 	default:
4328 		break;
4329 	}
4330 
4331 	nla_nest_end(msg, bss);
4332 
4333 	return genlmsg_end(msg, hdr);
4334 
4335  nla_put_failure:
4336 	genlmsg_cancel(msg, hdr);
4337 	return -EMSGSIZE;
4338 }
4339 
4340 static int nl80211_dump_scan(struct sk_buff *skb,
4341 			     struct netlink_callback *cb)
4342 {
4343 	struct cfg80211_registered_device *rdev;
4344 	struct net_device *dev;
4345 	struct cfg80211_internal_bss *scan;
4346 	struct wireless_dev *wdev;
4347 	int start = cb->args[1], idx = 0;
4348 	int err;
4349 
4350 	err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
4351 	if (err)
4352 		return err;
4353 
4354 	wdev = dev->ieee80211_ptr;
4355 
4356 	wdev_lock(wdev);
4357 	spin_lock_bh(&rdev->bss_lock);
4358 	cfg80211_bss_expire(rdev);
4359 
4360 	cb->seq = rdev->bss_generation;
4361 
4362 	list_for_each_entry(scan, &rdev->bss_list, list) {
4363 		if (++idx <= start)
4364 			continue;
4365 		if (nl80211_send_bss(skb, cb,
4366 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
4367 				rdev, wdev, scan) < 0) {
4368 			idx--;
4369 			break;
4370 		}
4371 	}
4372 
4373 	spin_unlock_bh(&rdev->bss_lock);
4374 	wdev_unlock(wdev);
4375 
4376 	cb->args[1] = idx;
4377 	nl80211_finish_netdev_dump(rdev);
4378 
4379 	return skb->len;
4380 }
4381 
4382 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
4383 				int flags, struct net_device *dev,
4384 				struct survey_info *survey)
4385 {
4386 	void *hdr;
4387 	struct nlattr *infoattr;
4388 
4389 	hdr = nl80211hdr_put(msg, pid, seq, flags,
4390 			     NL80211_CMD_NEW_SURVEY_RESULTS);
4391 	if (!hdr)
4392 		return -ENOMEM;
4393 
4394 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
4395 		goto nla_put_failure;
4396 
4397 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
4398 	if (!infoattr)
4399 		goto nla_put_failure;
4400 
4401 	if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
4402 			survey->channel->center_freq))
4403 		goto nla_put_failure;
4404 
4405 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
4406 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
4407 		goto nla_put_failure;
4408 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
4409 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
4410 		goto nla_put_failure;
4411 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
4412 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
4413 			survey->channel_time))
4414 		goto nla_put_failure;
4415 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
4416 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
4417 			survey->channel_time_busy))
4418 		goto nla_put_failure;
4419 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
4420 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
4421 			survey->channel_time_ext_busy))
4422 		goto nla_put_failure;
4423 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
4424 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
4425 			survey->channel_time_rx))
4426 		goto nla_put_failure;
4427 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
4428 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
4429 			survey->channel_time_tx))
4430 		goto nla_put_failure;
4431 
4432 	nla_nest_end(msg, infoattr);
4433 
4434 	return genlmsg_end(msg, hdr);
4435 
4436  nla_put_failure:
4437 	genlmsg_cancel(msg, hdr);
4438 	return -EMSGSIZE;
4439 }
4440 
4441 static int nl80211_dump_survey(struct sk_buff *skb,
4442 			struct netlink_callback *cb)
4443 {
4444 	struct survey_info survey;
4445 	struct cfg80211_registered_device *dev;
4446 	struct net_device *netdev;
4447 	int survey_idx = cb->args[1];
4448 	int res;
4449 
4450 	res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
4451 	if (res)
4452 		return res;
4453 
4454 	if (!dev->ops->dump_survey) {
4455 		res = -EOPNOTSUPP;
4456 		goto out_err;
4457 	}
4458 
4459 	while (1) {
4460 		struct ieee80211_channel *chan;
4461 
4462 		res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
4463 					    &survey);
4464 		if (res == -ENOENT)
4465 			break;
4466 		if (res)
4467 			goto out_err;
4468 
4469 		/* Survey without a channel doesn't make sense */
4470 		if (!survey.channel) {
4471 			res = -EINVAL;
4472 			goto out;
4473 		}
4474 
4475 		chan = ieee80211_get_channel(&dev->wiphy,
4476 					     survey.channel->center_freq);
4477 		if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
4478 			survey_idx++;
4479 			continue;
4480 		}
4481 
4482 		if (nl80211_send_survey(skb,
4483 				NETLINK_CB(cb->skb).pid,
4484 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
4485 				netdev,
4486 				&survey) < 0)
4487 			goto out;
4488 		survey_idx++;
4489 	}
4490 
4491  out:
4492 	cb->args[1] = survey_idx;
4493 	res = skb->len;
4494  out_err:
4495 	nl80211_finish_netdev_dump(dev);
4496 	return res;
4497 }
4498 
4499 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
4500 {
4501 	return auth_type <= NL80211_AUTHTYPE_MAX;
4502 }
4503 
4504 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
4505 {
4506 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
4507 				  NL80211_WPA_VERSION_2));
4508 }
4509 
4510 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
4511 {
4512 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4513 	struct net_device *dev = info->user_ptr[1];
4514 	struct ieee80211_channel *chan;
4515 	const u8 *bssid, *ssid, *ie = NULL;
4516 	int err, ssid_len, ie_len = 0;
4517 	enum nl80211_auth_type auth_type;
4518 	struct key_parse key;
4519 	bool local_state_change;
4520 
4521 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4522 		return -EINVAL;
4523 
4524 	if (!info->attrs[NL80211_ATTR_MAC])
4525 		return -EINVAL;
4526 
4527 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
4528 		return -EINVAL;
4529 
4530 	if (!info->attrs[NL80211_ATTR_SSID])
4531 		return -EINVAL;
4532 
4533 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
4534 		return -EINVAL;
4535 
4536 	err = nl80211_parse_key(info, &key);
4537 	if (err)
4538 		return err;
4539 
4540 	if (key.idx >= 0) {
4541 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
4542 			return -EINVAL;
4543 		if (!key.p.key || !key.p.key_len)
4544 			return -EINVAL;
4545 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
4546 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
4547 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
4548 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
4549 			return -EINVAL;
4550 		if (key.idx > 4)
4551 			return -EINVAL;
4552 	} else {
4553 		key.p.key_len = 0;
4554 		key.p.key = NULL;
4555 	}
4556 
4557 	if (key.idx >= 0) {
4558 		int i;
4559 		bool ok = false;
4560 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
4561 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
4562 				ok = true;
4563 				break;
4564 			}
4565 		}
4566 		if (!ok)
4567 			return -EINVAL;
4568 	}
4569 
4570 	if (!rdev->ops->auth)
4571 		return -EOPNOTSUPP;
4572 
4573 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4574 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4575 		return -EOPNOTSUPP;
4576 
4577 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4578 	chan = ieee80211_get_channel(&rdev->wiphy,
4579 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4580 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4581 		return -EINVAL;
4582 
4583 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4584 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4585 
4586 	if (info->attrs[NL80211_ATTR_IE]) {
4587 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4588 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4589 	}
4590 
4591 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4592 	if (!nl80211_valid_auth_type(auth_type))
4593 		return -EINVAL;
4594 
4595 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4596 
4597 	/*
4598 	 * Since we no longer track auth state, ignore
4599 	 * requests to only change local state.
4600 	 */
4601 	if (local_state_change)
4602 		return 0;
4603 
4604 	return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
4605 				  ssid, ssid_len, ie, ie_len,
4606 				  key.p.key, key.p.key_len, key.idx);
4607 }
4608 
4609 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
4610 				   struct genl_info *info,
4611 				   struct cfg80211_crypto_settings *settings,
4612 				   int cipher_limit)
4613 {
4614 	memset(settings, 0, sizeof(*settings));
4615 
4616 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
4617 
4618 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
4619 		u16 proto;
4620 		proto = nla_get_u16(
4621 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
4622 		settings->control_port_ethertype = cpu_to_be16(proto);
4623 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
4624 		    proto != ETH_P_PAE)
4625 			return -EINVAL;
4626 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
4627 			settings->control_port_no_encrypt = true;
4628 	} else
4629 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
4630 
4631 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
4632 		void *data;
4633 		int len, i;
4634 
4635 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4636 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4637 		settings->n_ciphers_pairwise = len / sizeof(u32);
4638 
4639 		if (len % sizeof(u32))
4640 			return -EINVAL;
4641 
4642 		if (settings->n_ciphers_pairwise > cipher_limit)
4643 			return -EINVAL;
4644 
4645 		memcpy(settings->ciphers_pairwise, data, len);
4646 
4647 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
4648 			if (!cfg80211_supported_cipher_suite(
4649 					&rdev->wiphy,
4650 					settings->ciphers_pairwise[i]))
4651 				return -EINVAL;
4652 	}
4653 
4654 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
4655 		settings->cipher_group =
4656 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
4657 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
4658 						     settings->cipher_group))
4659 			return -EINVAL;
4660 	}
4661 
4662 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
4663 		settings->wpa_versions =
4664 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
4665 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
4666 			return -EINVAL;
4667 	}
4668 
4669 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
4670 		void *data;
4671 		int len;
4672 
4673 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
4674 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
4675 		settings->n_akm_suites = len / sizeof(u32);
4676 
4677 		if (len % sizeof(u32))
4678 			return -EINVAL;
4679 
4680 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
4681 			return -EINVAL;
4682 
4683 		memcpy(settings->akm_suites, data, len);
4684 	}
4685 
4686 	return 0;
4687 }
4688 
4689 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
4690 {
4691 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4692 	struct net_device *dev = info->user_ptr[1];
4693 	struct cfg80211_crypto_settings crypto;
4694 	struct ieee80211_channel *chan;
4695 	const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
4696 	int err, ssid_len, ie_len = 0;
4697 	bool use_mfp = false;
4698 	u32 flags = 0;
4699 	struct ieee80211_ht_cap *ht_capa = NULL;
4700 	struct ieee80211_ht_cap *ht_capa_mask = NULL;
4701 
4702 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4703 		return -EINVAL;
4704 
4705 	if (!info->attrs[NL80211_ATTR_MAC] ||
4706 	    !info->attrs[NL80211_ATTR_SSID] ||
4707 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4708 		return -EINVAL;
4709 
4710 	if (!rdev->ops->assoc)
4711 		return -EOPNOTSUPP;
4712 
4713 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4714 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4715 		return -EOPNOTSUPP;
4716 
4717 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4718 
4719 	chan = ieee80211_get_channel(&rdev->wiphy,
4720 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4721 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4722 		return -EINVAL;
4723 
4724 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4725 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4726 
4727 	if (info->attrs[NL80211_ATTR_IE]) {
4728 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4729 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4730 	}
4731 
4732 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
4733 		enum nl80211_mfp mfp =
4734 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
4735 		if (mfp == NL80211_MFP_REQUIRED)
4736 			use_mfp = true;
4737 		else if (mfp != NL80211_MFP_NO)
4738 			return -EINVAL;
4739 	}
4740 
4741 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
4742 		prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
4743 
4744 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
4745 		flags |= ASSOC_REQ_DISABLE_HT;
4746 
4747 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
4748 		ht_capa_mask =
4749 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]);
4750 
4751 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
4752 		if (!ht_capa_mask)
4753 			return -EINVAL;
4754 		ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4755 	}
4756 
4757 	err = nl80211_crypto_settings(rdev, info, &crypto, 1);
4758 	if (!err)
4759 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
4760 					  ssid, ssid_len, ie, ie_len, use_mfp,
4761 					  &crypto, flags, ht_capa,
4762 					  ht_capa_mask);
4763 
4764 	return err;
4765 }
4766 
4767 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
4768 {
4769 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4770 	struct net_device *dev = info->user_ptr[1];
4771 	const u8 *ie = NULL, *bssid;
4772 	int ie_len = 0;
4773 	u16 reason_code;
4774 	bool local_state_change;
4775 
4776 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4777 		return -EINVAL;
4778 
4779 	if (!info->attrs[NL80211_ATTR_MAC])
4780 		return -EINVAL;
4781 
4782 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
4783 		return -EINVAL;
4784 
4785 	if (!rdev->ops->deauth)
4786 		return -EOPNOTSUPP;
4787 
4788 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4789 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4790 		return -EOPNOTSUPP;
4791 
4792 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4793 
4794 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4795 	if (reason_code == 0) {
4796 		/* Reason Code 0 is reserved */
4797 		return -EINVAL;
4798 	}
4799 
4800 	if (info->attrs[NL80211_ATTR_IE]) {
4801 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4802 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4803 	}
4804 
4805 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4806 
4807 	return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
4808 				    local_state_change);
4809 }
4810 
4811 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
4812 {
4813 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4814 	struct net_device *dev = info->user_ptr[1];
4815 	const u8 *ie = NULL, *bssid;
4816 	int ie_len = 0;
4817 	u16 reason_code;
4818 	bool local_state_change;
4819 
4820 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4821 		return -EINVAL;
4822 
4823 	if (!info->attrs[NL80211_ATTR_MAC])
4824 		return -EINVAL;
4825 
4826 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
4827 		return -EINVAL;
4828 
4829 	if (!rdev->ops->disassoc)
4830 		return -EOPNOTSUPP;
4831 
4832 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4833 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4834 		return -EOPNOTSUPP;
4835 
4836 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4837 
4838 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4839 	if (reason_code == 0) {
4840 		/* Reason Code 0 is reserved */
4841 		return -EINVAL;
4842 	}
4843 
4844 	if (info->attrs[NL80211_ATTR_IE]) {
4845 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4846 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4847 	}
4848 
4849 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4850 
4851 	return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
4852 				      local_state_change);
4853 }
4854 
4855 static bool
4856 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
4857 			 int mcast_rate[IEEE80211_NUM_BANDS],
4858 			 int rateval)
4859 {
4860 	struct wiphy *wiphy = &rdev->wiphy;
4861 	bool found = false;
4862 	int band, i;
4863 
4864 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4865 		struct ieee80211_supported_band *sband;
4866 
4867 		sband = wiphy->bands[band];
4868 		if (!sband)
4869 			continue;
4870 
4871 		for (i = 0; i < sband->n_bitrates; i++) {
4872 			if (sband->bitrates[i].bitrate == rateval) {
4873 				mcast_rate[band] = i + 1;
4874 				found = true;
4875 				break;
4876 			}
4877 		}
4878 	}
4879 
4880 	return found;
4881 }
4882 
4883 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
4884 {
4885 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4886 	struct net_device *dev = info->user_ptr[1];
4887 	struct cfg80211_ibss_params ibss;
4888 	struct wiphy *wiphy;
4889 	struct cfg80211_cached_keys *connkeys = NULL;
4890 	int err;
4891 
4892 	memset(&ibss, 0, sizeof(ibss));
4893 
4894 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4895 		return -EINVAL;
4896 
4897 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4898 	    !info->attrs[NL80211_ATTR_SSID] ||
4899 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
4900 		return -EINVAL;
4901 
4902 	ibss.beacon_interval = 100;
4903 
4904 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
4905 		ibss.beacon_interval =
4906 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4907 		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
4908 			return -EINVAL;
4909 	}
4910 
4911 	if (!rdev->ops->join_ibss)
4912 		return -EOPNOTSUPP;
4913 
4914 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4915 		return -EOPNOTSUPP;
4916 
4917 	wiphy = &rdev->wiphy;
4918 
4919 	if (info->attrs[NL80211_ATTR_MAC]) {
4920 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4921 
4922 		if (!is_valid_ether_addr(ibss.bssid))
4923 			return -EINVAL;
4924 	}
4925 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4926 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4927 
4928 	if (info->attrs[NL80211_ATTR_IE]) {
4929 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4930 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4931 	}
4932 
4933 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4934 		enum nl80211_channel_type channel_type;
4935 
4936 		if (!nl80211_valid_channel_type(info, &channel_type))
4937 			return -EINVAL;
4938 
4939 		if (channel_type != NL80211_CHAN_NO_HT &&
4940 		    !(wiphy->features & NL80211_FEATURE_HT_IBSS))
4941 			return -EINVAL;
4942 
4943 		ibss.channel_type = channel_type;
4944 	} else {
4945 		ibss.channel_type = NL80211_CHAN_NO_HT;
4946 	}
4947 
4948 	ibss.channel = rdev_freq_to_chan(rdev,
4949 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]),
4950 		ibss.channel_type);
4951 	if (!ibss.channel ||
4952 	    ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
4953 	    ibss.channel->flags & IEEE80211_CHAN_DISABLED)
4954 		return -EINVAL;
4955 
4956 	/* Both channels should be able to initiate communication */
4957 	if ((ibss.channel_type == NL80211_CHAN_HT40PLUS ||
4958 	     ibss.channel_type == NL80211_CHAN_HT40MINUS) &&
4959 	    !cfg80211_can_beacon_sec_chan(&rdev->wiphy, ibss.channel,
4960 					  ibss.channel_type))
4961 		return -EINVAL;
4962 
4963 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
4964 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4965 
4966 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4967 		u8 *rates =
4968 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4969 		int n_rates =
4970 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4971 		struct ieee80211_supported_band *sband =
4972 			wiphy->bands[ibss.channel->band];
4973 
4974 		err = ieee80211_get_ratemask(sband, rates, n_rates,
4975 					     &ibss.basic_rates);
4976 		if (err)
4977 			return err;
4978 	}
4979 
4980 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
4981 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
4982 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
4983 		return -EINVAL;
4984 
4985 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4986 		connkeys = nl80211_parse_connkeys(rdev,
4987 					info->attrs[NL80211_ATTR_KEYS]);
4988 		if (IS_ERR(connkeys))
4989 			return PTR_ERR(connkeys);
4990 	}
4991 
4992 	ibss.control_port =
4993 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
4994 
4995 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
4996 	if (err)
4997 		kfree(connkeys);
4998 	return err;
4999 }
5000 
5001 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
5002 {
5003 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5004 	struct net_device *dev = info->user_ptr[1];
5005 
5006 	if (!rdev->ops->leave_ibss)
5007 		return -EOPNOTSUPP;
5008 
5009 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
5010 		return -EOPNOTSUPP;
5011 
5012 	return cfg80211_leave_ibss(rdev, dev, false);
5013 }
5014 
5015 #ifdef CONFIG_NL80211_TESTMODE
5016 static struct genl_multicast_group nl80211_testmode_mcgrp = {
5017 	.name = "testmode",
5018 };
5019 
5020 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
5021 {
5022 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5023 	int err;
5024 
5025 	if (!info->attrs[NL80211_ATTR_TESTDATA])
5026 		return -EINVAL;
5027 
5028 	err = -EOPNOTSUPP;
5029 	if (rdev->ops->testmode_cmd) {
5030 		rdev->testmode_info = info;
5031 		err = rdev->ops->testmode_cmd(&rdev->wiphy,
5032 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
5033 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
5034 		rdev->testmode_info = NULL;
5035 	}
5036 
5037 	return err;
5038 }
5039 
5040 static int nl80211_testmode_dump(struct sk_buff *skb,
5041 				 struct netlink_callback *cb)
5042 {
5043 	struct cfg80211_registered_device *rdev;
5044 	int err;
5045 	long phy_idx;
5046 	void *data = NULL;
5047 	int data_len = 0;
5048 
5049 	if (cb->args[0]) {
5050 		/*
5051 		 * 0 is a valid index, but not valid for args[0],
5052 		 * so we need to offset by 1.
5053 		 */
5054 		phy_idx = cb->args[0] - 1;
5055 	} else {
5056 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
5057 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
5058 				  nl80211_policy);
5059 		if (err)
5060 			return err;
5061 		if (nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]) {
5062 			phy_idx = nla_get_u32(
5063 				nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]);
5064 		} else {
5065 			struct net_device *netdev;
5066 
5067 			err = get_rdev_dev_by_ifindex(sock_net(skb->sk),
5068 						      nl80211_fam.attrbuf,
5069 						      &rdev, &netdev);
5070 			if (err)
5071 				return err;
5072 			dev_put(netdev);
5073 			phy_idx = rdev->wiphy_idx;
5074 			cfg80211_unlock_rdev(rdev);
5075 		}
5076 		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
5077 			cb->args[1] =
5078 				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
5079 	}
5080 
5081 	if (cb->args[1]) {
5082 		data = nla_data((void *)cb->args[1]);
5083 		data_len = nla_len((void *)cb->args[1]);
5084 	}
5085 
5086 	mutex_lock(&cfg80211_mutex);
5087 	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
5088 	if (!rdev) {
5089 		mutex_unlock(&cfg80211_mutex);
5090 		return -ENOENT;
5091 	}
5092 	cfg80211_lock_rdev(rdev);
5093 	mutex_unlock(&cfg80211_mutex);
5094 
5095 	if (!rdev->ops->testmode_dump) {
5096 		err = -EOPNOTSUPP;
5097 		goto out_err;
5098 	}
5099 
5100 	while (1) {
5101 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid,
5102 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
5103 					   NL80211_CMD_TESTMODE);
5104 		struct nlattr *tmdata;
5105 
5106 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
5107 			genlmsg_cancel(skb, hdr);
5108 			break;
5109 		}
5110 
5111 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
5112 		if (!tmdata) {
5113 			genlmsg_cancel(skb, hdr);
5114 			break;
5115 		}
5116 		err = rdev->ops->testmode_dump(&rdev->wiphy, skb, cb,
5117 					       data, data_len);
5118 		nla_nest_end(skb, tmdata);
5119 
5120 		if (err == -ENOBUFS || err == -ENOENT) {
5121 			genlmsg_cancel(skb, hdr);
5122 			break;
5123 		} else if (err) {
5124 			genlmsg_cancel(skb, hdr);
5125 			goto out_err;
5126 		}
5127 
5128 		genlmsg_end(skb, hdr);
5129 	}
5130 
5131 	err = skb->len;
5132 	/* see above */
5133 	cb->args[0] = phy_idx + 1;
5134  out_err:
5135 	cfg80211_unlock_rdev(rdev);
5136 	return err;
5137 }
5138 
5139 static struct sk_buff *
5140 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
5141 			      int approxlen, u32 pid, u32 seq, gfp_t gfp)
5142 {
5143 	struct sk_buff *skb;
5144 	void *hdr;
5145 	struct nlattr *data;
5146 
5147 	skb = nlmsg_new(approxlen + 100, gfp);
5148 	if (!skb)
5149 		return NULL;
5150 
5151 	hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
5152 	if (!hdr) {
5153 		kfree_skb(skb);
5154 		return NULL;
5155 	}
5156 
5157 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
5158 		goto nla_put_failure;
5159 	data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
5160 
5161 	((void **)skb->cb)[0] = rdev;
5162 	((void **)skb->cb)[1] = hdr;
5163 	((void **)skb->cb)[2] = data;
5164 
5165 	return skb;
5166 
5167  nla_put_failure:
5168 	kfree_skb(skb);
5169 	return NULL;
5170 }
5171 
5172 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
5173 						  int approxlen)
5174 {
5175 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
5176 
5177 	if (WARN_ON(!rdev->testmode_info))
5178 		return NULL;
5179 
5180 	return __cfg80211_testmode_alloc_skb(rdev, approxlen,
5181 				rdev->testmode_info->snd_pid,
5182 				rdev->testmode_info->snd_seq,
5183 				GFP_KERNEL);
5184 }
5185 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
5186 
5187 int cfg80211_testmode_reply(struct sk_buff *skb)
5188 {
5189 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
5190 	void *hdr = ((void **)skb->cb)[1];
5191 	struct nlattr *data = ((void **)skb->cb)[2];
5192 
5193 	if (WARN_ON(!rdev->testmode_info)) {
5194 		kfree_skb(skb);
5195 		return -EINVAL;
5196 	}
5197 
5198 	nla_nest_end(skb, data);
5199 	genlmsg_end(skb, hdr);
5200 	return genlmsg_reply(skb, rdev->testmode_info);
5201 }
5202 EXPORT_SYMBOL(cfg80211_testmode_reply);
5203 
5204 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
5205 						  int approxlen, gfp_t gfp)
5206 {
5207 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
5208 
5209 	return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
5210 }
5211 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
5212 
5213 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
5214 {
5215 	void *hdr = ((void **)skb->cb)[1];
5216 	struct nlattr *data = ((void **)skb->cb)[2];
5217 
5218 	nla_nest_end(skb, data);
5219 	genlmsg_end(skb, hdr);
5220 	genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
5221 }
5222 EXPORT_SYMBOL(cfg80211_testmode_event);
5223 #endif
5224 
5225 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
5226 {
5227 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5228 	struct net_device *dev = info->user_ptr[1];
5229 	struct cfg80211_connect_params connect;
5230 	struct wiphy *wiphy;
5231 	struct cfg80211_cached_keys *connkeys = NULL;
5232 	int err;
5233 
5234 	memset(&connect, 0, sizeof(connect));
5235 
5236 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5237 		return -EINVAL;
5238 
5239 	if (!info->attrs[NL80211_ATTR_SSID] ||
5240 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
5241 		return -EINVAL;
5242 
5243 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
5244 		connect.auth_type =
5245 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
5246 		if (!nl80211_valid_auth_type(connect.auth_type))
5247 			return -EINVAL;
5248 	} else
5249 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
5250 
5251 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
5252 
5253 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
5254 				      NL80211_MAX_NR_CIPHER_SUITES);
5255 	if (err)
5256 		return err;
5257 
5258 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5259 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5260 		return -EOPNOTSUPP;
5261 
5262 	wiphy = &rdev->wiphy;
5263 
5264 	connect.bg_scan_period = -1;
5265 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
5266 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
5267 		connect.bg_scan_period =
5268 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
5269 	}
5270 
5271 	if (info->attrs[NL80211_ATTR_MAC])
5272 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5273 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5274 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
5275 
5276 	if (info->attrs[NL80211_ATTR_IE]) {
5277 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5278 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5279 	}
5280 
5281 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
5282 		connect.channel =
5283 			ieee80211_get_channel(wiphy,
5284 			    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
5285 		if (!connect.channel ||
5286 		    connect.channel->flags & IEEE80211_CHAN_DISABLED)
5287 			return -EINVAL;
5288 	}
5289 
5290 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
5291 		connkeys = nl80211_parse_connkeys(rdev,
5292 					info->attrs[NL80211_ATTR_KEYS]);
5293 		if (IS_ERR(connkeys))
5294 			return PTR_ERR(connkeys);
5295 	}
5296 
5297 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
5298 		connect.flags |= ASSOC_REQ_DISABLE_HT;
5299 
5300 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
5301 		memcpy(&connect.ht_capa_mask,
5302 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
5303 		       sizeof(connect.ht_capa_mask));
5304 
5305 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
5306 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
5307 			return -EINVAL;
5308 		memcpy(&connect.ht_capa,
5309 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
5310 		       sizeof(connect.ht_capa));
5311 	}
5312 
5313 	err = cfg80211_connect(rdev, dev, &connect, connkeys);
5314 	if (err)
5315 		kfree(connkeys);
5316 	return err;
5317 }
5318 
5319 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
5320 {
5321 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5322 	struct net_device *dev = info->user_ptr[1];
5323 	u16 reason;
5324 
5325 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
5326 		reason = WLAN_REASON_DEAUTH_LEAVING;
5327 	else
5328 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5329 
5330 	if (reason == 0)
5331 		return -EINVAL;
5332 
5333 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5334 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5335 		return -EOPNOTSUPP;
5336 
5337 	return cfg80211_disconnect(rdev, dev, reason, true);
5338 }
5339 
5340 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
5341 {
5342 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5343 	struct net *net;
5344 	int err;
5345 	u32 pid;
5346 
5347 	if (!info->attrs[NL80211_ATTR_PID])
5348 		return -EINVAL;
5349 
5350 	pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
5351 
5352 	net = get_net_ns_by_pid(pid);
5353 	if (IS_ERR(net))
5354 		return PTR_ERR(net);
5355 
5356 	err = 0;
5357 
5358 	/* check if anything to do */
5359 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
5360 		err = cfg80211_switch_netns(rdev, net);
5361 
5362 	put_net(net);
5363 	return err;
5364 }
5365 
5366 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
5367 {
5368 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5369 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
5370 			struct cfg80211_pmksa *pmksa) = NULL;
5371 	struct net_device *dev = info->user_ptr[1];
5372 	struct cfg80211_pmksa pmksa;
5373 
5374 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
5375 
5376 	if (!info->attrs[NL80211_ATTR_MAC])
5377 		return -EINVAL;
5378 
5379 	if (!info->attrs[NL80211_ATTR_PMKID])
5380 		return -EINVAL;
5381 
5382 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
5383 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5384 
5385 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5386 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5387 		return -EOPNOTSUPP;
5388 
5389 	switch (info->genlhdr->cmd) {
5390 	case NL80211_CMD_SET_PMKSA:
5391 		rdev_ops = rdev->ops->set_pmksa;
5392 		break;
5393 	case NL80211_CMD_DEL_PMKSA:
5394 		rdev_ops = rdev->ops->del_pmksa;
5395 		break;
5396 	default:
5397 		WARN_ON(1);
5398 		break;
5399 	}
5400 
5401 	if (!rdev_ops)
5402 		return -EOPNOTSUPP;
5403 
5404 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
5405 }
5406 
5407 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
5408 {
5409 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5410 	struct net_device *dev = info->user_ptr[1];
5411 
5412 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5413 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5414 		return -EOPNOTSUPP;
5415 
5416 	if (!rdev->ops->flush_pmksa)
5417 		return -EOPNOTSUPP;
5418 
5419 	return rdev->ops->flush_pmksa(&rdev->wiphy, dev);
5420 }
5421 
5422 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
5423 {
5424 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5425 	struct net_device *dev = info->user_ptr[1];
5426 	u8 action_code, dialog_token;
5427 	u16 status_code;
5428 	u8 *peer;
5429 
5430 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
5431 	    !rdev->ops->tdls_mgmt)
5432 		return -EOPNOTSUPP;
5433 
5434 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
5435 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
5436 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
5437 	    !info->attrs[NL80211_ATTR_IE] ||
5438 	    !info->attrs[NL80211_ATTR_MAC])
5439 		return -EINVAL;
5440 
5441 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
5442 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
5443 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
5444 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
5445 
5446 	return rdev->ops->tdls_mgmt(&rdev->wiphy, dev, peer, action_code,
5447 				    dialog_token, status_code,
5448 				    nla_data(info->attrs[NL80211_ATTR_IE]),
5449 				    nla_len(info->attrs[NL80211_ATTR_IE]));
5450 }
5451 
5452 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
5453 {
5454 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5455 	struct net_device *dev = info->user_ptr[1];
5456 	enum nl80211_tdls_operation operation;
5457 	u8 *peer;
5458 
5459 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
5460 	    !rdev->ops->tdls_oper)
5461 		return -EOPNOTSUPP;
5462 
5463 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
5464 	    !info->attrs[NL80211_ATTR_MAC])
5465 		return -EINVAL;
5466 
5467 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
5468 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
5469 
5470 	return rdev->ops->tdls_oper(&rdev->wiphy, dev, peer, operation);
5471 }
5472 
5473 static int nl80211_remain_on_channel(struct sk_buff *skb,
5474 				     struct genl_info *info)
5475 {
5476 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5477 	struct net_device *dev = info->user_ptr[1];
5478 	struct ieee80211_channel *chan;
5479 	struct sk_buff *msg;
5480 	void *hdr;
5481 	u64 cookie;
5482 	enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
5483 	u32 freq, duration;
5484 	int err;
5485 
5486 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
5487 	    !info->attrs[NL80211_ATTR_DURATION])
5488 		return -EINVAL;
5489 
5490 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
5491 
5492 	/*
5493 	 * We should be on that channel for at least one jiffie,
5494 	 * and more than 5 seconds seems excessive.
5495 	 */
5496 	if (!duration || !msecs_to_jiffies(duration) ||
5497 	    duration > rdev->wiphy.max_remain_on_channel_duration)
5498 		return -EINVAL;
5499 
5500 	if (!rdev->ops->remain_on_channel ||
5501 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
5502 		return -EOPNOTSUPP;
5503 
5504 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] &&
5505 	    !nl80211_valid_channel_type(info, &channel_type))
5506 		return -EINVAL;
5507 
5508 	freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
5509 	chan = rdev_freq_to_chan(rdev, freq, channel_type);
5510 	if (chan == NULL)
5511 		return -EINVAL;
5512 
5513 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5514 	if (!msg)
5515 		return -ENOMEM;
5516 
5517 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5518 			     NL80211_CMD_REMAIN_ON_CHANNEL);
5519 
5520 	if (IS_ERR(hdr)) {
5521 		err = PTR_ERR(hdr);
5522 		goto free_msg;
5523 	}
5524 
5525 	err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan,
5526 					   channel_type, duration, &cookie);
5527 
5528 	if (err)
5529 		goto free_msg;
5530 
5531 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
5532 		goto nla_put_failure;
5533 
5534 	genlmsg_end(msg, hdr);
5535 
5536 	return genlmsg_reply(msg, info);
5537 
5538  nla_put_failure:
5539 	err = -ENOBUFS;
5540  free_msg:
5541 	nlmsg_free(msg);
5542 	return err;
5543 }
5544 
5545 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
5546 					    struct genl_info *info)
5547 {
5548 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5549 	struct net_device *dev = info->user_ptr[1];
5550 	u64 cookie;
5551 
5552 	if (!info->attrs[NL80211_ATTR_COOKIE])
5553 		return -EINVAL;
5554 
5555 	if (!rdev->ops->cancel_remain_on_channel)
5556 		return -EOPNOTSUPP;
5557 
5558 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5559 
5560 	return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie);
5561 }
5562 
5563 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
5564 			   u8 *rates, u8 rates_len)
5565 {
5566 	u8 i;
5567 	u32 mask = 0;
5568 
5569 	for (i = 0; i < rates_len; i++) {
5570 		int rate = (rates[i] & 0x7f) * 5;
5571 		int ridx;
5572 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
5573 			struct ieee80211_rate *srate =
5574 				&sband->bitrates[ridx];
5575 			if (rate == srate->bitrate) {
5576 				mask |= 1 << ridx;
5577 				break;
5578 			}
5579 		}
5580 		if (ridx == sband->n_bitrates)
5581 			return 0; /* rate not found */
5582 	}
5583 
5584 	return mask;
5585 }
5586 
5587 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
5588 			       u8 *rates, u8 rates_len,
5589 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
5590 {
5591 	u8 i;
5592 
5593 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
5594 
5595 	for (i = 0; i < rates_len; i++) {
5596 		int ridx, rbit;
5597 
5598 		ridx = rates[i] / 8;
5599 		rbit = BIT(rates[i] % 8);
5600 
5601 		/* check validity */
5602 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
5603 			return false;
5604 
5605 		/* check availability */
5606 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
5607 			mcs[ridx] |= rbit;
5608 		else
5609 			return false;
5610 	}
5611 
5612 	return true;
5613 }
5614 
5615 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
5616 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
5617 				    .len = NL80211_MAX_SUPP_RATES },
5618 	[NL80211_TXRATE_MCS] = { .type = NLA_BINARY,
5619 				 .len = NL80211_MAX_SUPP_HT_RATES },
5620 };
5621 
5622 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
5623 				       struct genl_info *info)
5624 {
5625 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
5626 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5627 	struct cfg80211_bitrate_mask mask;
5628 	int rem, i;
5629 	struct net_device *dev = info->user_ptr[1];
5630 	struct nlattr *tx_rates;
5631 	struct ieee80211_supported_band *sband;
5632 
5633 	if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
5634 		return -EINVAL;
5635 
5636 	if (!rdev->ops->set_bitrate_mask)
5637 		return -EOPNOTSUPP;
5638 
5639 	memset(&mask, 0, sizeof(mask));
5640 	/* Default to all rates enabled */
5641 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
5642 		sband = rdev->wiphy.bands[i];
5643 		mask.control[i].legacy =
5644 			sband ? (1 << sband->n_bitrates) - 1 : 0;
5645 		if (sband)
5646 			memcpy(mask.control[i].mcs,
5647 			       sband->ht_cap.mcs.rx_mask,
5648 			       sizeof(mask.control[i].mcs));
5649 		else
5650 			memset(mask.control[i].mcs, 0,
5651 			       sizeof(mask.control[i].mcs));
5652 	}
5653 
5654 	/*
5655 	 * The nested attribute uses enum nl80211_band as the index. This maps
5656 	 * directly to the enum ieee80211_band values used in cfg80211.
5657 	 */
5658 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
5659 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
5660 	{
5661 		enum ieee80211_band band = nla_type(tx_rates);
5662 		if (band < 0 || band >= IEEE80211_NUM_BANDS)
5663 			return -EINVAL;
5664 		sband = rdev->wiphy.bands[band];
5665 		if (sband == NULL)
5666 			return -EINVAL;
5667 		nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
5668 			  nla_len(tx_rates), nl80211_txattr_policy);
5669 		if (tb[NL80211_TXRATE_LEGACY]) {
5670 			mask.control[band].legacy = rateset_to_mask(
5671 				sband,
5672 				nla_data(tb[NL80211_TXRATE_LEGACY]),
5673 				nla_len(tb[NL80211_TXRATE_LEGACY]));
5674 			if ((mask.control[band].legacy == 0) &&
5675 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
5676 				return -EINVAL;
5677 		}
5678 		if (tb[NL80211_TXRATE_MCS]) {
5679 			if (!ht_rateset_to_mask(
5680 					sband,
5681 					nla_data(tb[NL80211_TXRATE_MCS]),
5682 					nla_len(tb[NL80211_TXRATE_MCS]),
5683 					mask.control[band].mcs))
5684 				return -EINVAL;
5685 		}
5686 
5687 		if (mask.control[band].legacy == 0) {
5688 			/* don't allow empty legacy rates if HT
5689 			 * is not even supported. */
5690 			if (!rdev->wiphy.bands[band]->ht_cap.ht_supported)
5691 				return -EINVAL;
5692 
5693 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
5694 				if (mask.control[band].mcs[i])
5695 					break;
5696 
5697 			/* legacy and mcs rates may not be both empty */
5698 			if (i == IEEE80211_HT_MCS_MASK_LEN)
5699 				return -EINVAL;
5700 		}
5701 	}
5702 
5703 	return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask);
5704 }
5705 
5706 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
5707 {
5708 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5709 	struct net_device *dev = info->user_ptr[1];
5710 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
5711 
5712 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
5713 		return -EINVAL;
5714 
5715 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
5716 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
5717 
5718 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5719 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5720 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5721 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5722 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5723 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5724 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5725 		return -EOPNOTSUPP;
5726 
5727 	/* not much point in registering if we can't reply */
5728 	if (!rdev->ops->mgmt_tx)
5729 		return -EOPNOTSUPP;
5730 
5731 	return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid,
5732 			frame_type,
5733 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
5734 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
5735 }
5736 
5737 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
5738 {
5739 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5740 	struct net_device *dev = info->user_ptr[1];
5741 	struct ieee80211_channel *chan;
5742 	enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
5743 	bool channel_type_valid = false;
5744 	u32 freq;
5745 	int err;
5746 	void *hdr = NULL;
5747 	u64 cookie;
5748 	struct sk_buff *msg = NULL;
5749 	unsigned int wait = 0;
5750 	bool offchan, no_cck, dont_wait_for_ack;
5751 
5752 	dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
5753 
5754 	if (!info->attrs[NL80211_ATTR_FRAME] ||
5755 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
5756 		return -EINVAL;
5757 
5758 	if (!rdev->ops->mgmt_tx)
5759 		return -EOPNOTSUPP;
5760 
5761 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5762 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5763 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5764 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5765 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5766 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5767 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5768 		return -EOPNOTSUPP;
5769 
5770 	if (info->attrs[NL80211_ATTR_DURATION]) {
5771 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
5772 			return -EINVAL;
5773 		wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
5774 	}
5775 
5776 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
5777 		if (!nl80211_valid_channel_type(info, &channel_type))
5778 			return -EINVAL;
5779 		channel_type_valid = true;
5780 	}
5781 
5782 	offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
5783 
5784 	if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
5785 		return -EINVAL;
5786 
5787 	no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5788 
5789 	freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
5790 	chan = rdev_freq_to_chan(rdev, freq, channel_type);
5791 	if (chan == NULL)
5792 		return -EINVAL;
5793 
5794 	if (!dont_wait_for_ack) {
5795 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5796 		if (!msg)
5797 			return -ENOMEM;
5798 
5799 		hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5800 				     NL80211_CMD_FRAME);
5801 
5802 		if (IS_ERR(hdr)) {
5803 			err = PTR_ERR(hdr);
5804 			goto free_msg;
5805 		}
5806 	}
5807 
5808 	err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type,
5809 				    channel_type_valid, wait,
5810 				    nla_data(info->attrs[NL80211_ATTR_FRAME]),
5811 				    nla_len(info->attrs[NL80211_ATTR_FRAME]),
5812 				    no_cck, dont_wait_for_ack, &cookie);
5813 	if (err)
5814 		goto free_msg;
5815 
5816 	if (msg) {
5817 		if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
5818 			goto nla_put_failure;
5819 
5820 		genlmsg_end(msg, hdr);
5821 		return genlmsg_reply(msg, info);
5822 	}
5823 
5824 	return 0;
5825 
5826  nla_put_failure:
5827 	err = -ENOBUFS;
5828  free_msg:
5829 	nlmsg_free(msg);
5830 	return err;
5831 }
5832 
5833 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
5834 {
5835 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5836 	struct net_device *dev = info->user_ptr[1];
5837 	u64 cookie;
5838 
5839 	if (!info->attrs[NL80211_ATTR_COOKIE])
5840 		return -EINVAL;
5841 
5842 	if (!rdev->ops->mgmt_tx_cancel_wait)
5843 		return -EOPNOTSUPP;
5844 
5845 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5846 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5847 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5848 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5849 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5850 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5851 		return -EOPNOTSUPP;
5852 
5853 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5854 
5855 	return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie);
5856 }
5857 
5858 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
5859 {
5860 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5861 	struct wireless_dev *wdev;
5862 	struct net_device *dev = info->user_ptr[1];
5863 	u8 ps_state;
5864 	bool state;
5865 	int err;
5866 
5867 	if (!info->attrs[NL80211_ATTR_PS_STATE])
5868 		return -EINVAL;
5869 
5870 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
5871 
5872 	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
5873 		return -EINVAL;
5874 
5875 	wdev = dev->ieee80211_ptr;
5876 
5877 	if (!rdev->ops->set_power_mgmt)
5878 		return -EOPNOTSUPP;
5879 
5880 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
5881 
5882 	if (state == wdev->ps)
5883 		return 0;
5884 
5885 	err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state,
5886 					wdev->ps_timeout);
5887 	if (!err)
5888 		wdev->ps = state;
5889 	return err;
5890 }
5891 
5892 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
5893 {
5894 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5895 	enum nl80211_ps_state ps_state;
5896 	struct wireless_dev *wdev;
5897 	struct net_device *dev = info->user_ptr[1];
5898 	struct sk_buff *msg;
5899 	void *hdr;
5900 	int err;
5901 
5902 	wdev = dev->ieee80211_ptr;
5903 
5904 	if (!rdev->ops->set_power_mgmt)
5905 		return -EOPNOTSUPP;
5906 
5907 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5908 	if (!msg)
5909 		return -ENOMEM;
5910 
5911 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5912 			     NL80211_CMD_GET_POWER_SAVE);
5913 	if (!hdr) {
5914 		err = -ENOBUFS;
5915 		goto free_msg;
5916 	}
5917 
5918 	if (wdev->ps)
5919 		ps_state = NL80211_PS_ENABLED;
5920 	else
5921 		ps_state = NL80211_PS_DISABLED;
5922 
5923 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
5924 		goto nla_put_failure;
5925 
5926 	genlmsg_end(msg, hdr);
5927 	return genlmsg_reply(msg, info);
5928 
5929  nla_put_failure:
5930 	err = -ENOBUFS;
5931  free_msg:
5932 	nlmsg_free(msg);
5933 	return err;
5934 }
5935 
5936 static struct nla_policy
5937 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
5938 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
5939 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
5940 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
5941 };
5942 
5943 static int nl80211_set_cqm_rssi(struct genl_info *info,
5944 				s32 threshold, u32 hysteresis)
5945 {
5946 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5947 	struct wireless_dev *wdev;
5948 	struct net_device *dev = info->user_ptr[1];
5949 
5950 	if (threshold > 0)
5951 		return -EINVAL;
5952 
5953 	wdev = dev->ieee80211_ptr;
5954 
5955 	if (!rdev->ops->set_cqm_rssi_config)
5956 		return -EOPNOTSUPP;
5957 
5958 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
5959 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
5960 		return -EOPNOTSUPP;
5961 
5962 	return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev,
5963 					      threshold, hysteresis);
5964 }
5965 
5966 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
5967 {
5968 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
5969 	struct nlattr *cqm;
5970 	int err;
5971 
5972 	cqm = info->attrs[NL80211_ATTR_CQM];
5973 	if (!cqm) {
5974 		err = -EINVAL;
5975 		goto out;
5976 	}
5977 
5978 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
5979 			       nl80211_attr_cqm_policy);
5980 	if (err)
5981 		goto out;
5982 
5983 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
5984 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
5985 		s32 threshold;
5986 		u32 hysteresis;
5987 		threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
5988 		hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
5989 		err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
5990 	} else
5991 		err = -EINVAL;
5992 
5993 out:
5994 	return err;
5995 }
5996 
5997 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
5998 {
5999 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6000 	struct net_device *dev = info->user_ptr[1];
6001 	struct mesh_config cfg;
6002 	struct mesh_setup setup;
6003 	int err;
6004 
6005 	/* start with default */
6006 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
6007 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
6008 
6009 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
6010 		/* and parse parameters if given */
6011 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
6012 		if (err)
6013 			return err;
6014 	}
6015 
6016 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
6017 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
6018 		return -EINVAL;
6019 
6020 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
6021 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
6022 
6023 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
6024 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
6025 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
6026 			return -EINVAL;
6027 
6028 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
6029 		/* parse additional setup parameters if given */
6030 		err = nl80211_parse_mesh_setup(info, &setup);
6031 		if (err)
6032 			return err;
6033 	}
6034 
6035 	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
6036 }
6037 
6038 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
6039 {
6040 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6041 	struct net_device *dev = info->user_ptr[1];
6042 
6043 	return cfg80211_leave_mesh(rdev, dev);
6044 }
6045 
6046 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
6047 {
6048 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6049 	struct sk_buff *msg;
6050 	void *hdr;
6051 
6052 	if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
6053 		return -EOPNOTSUPP;
6054 
6055 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6056 	if (!msg)
6057 		return -ENOMEM;
6058 
6059 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
6060 			     NL80211_CMD_GET_WOWLAN);
6061 	if (!hdr)
6062 		goto nla_put_failure;
6063 
6064 	if (rdev->wowlan) {
6065 		struct nlattr *nl_wowlan;
6066 
6067 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
6068 		if (!nl_wowlan)
6069 			goto nla_put_failure;
6070 
6071 		if ((rdev->wowlan->any &&
6072 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
6073 		    (rdev->wowlan->disconnect &&
6074 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
6075 		    (rdev->wowlan->magic_pkt &&
6076 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
6077 		    (rdev->wowlan->gtk_rekey_failure &&
6078 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
6079 		    (rdev->wowlan->eap_identity_req &&
6080 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
6081 		    (rdev->wowlan->four_way_handshake &&
6082 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
6083 		    (rdev->wowlan->rfkill_release &&
6084 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
6085 			goto nla_put_failure;
6086 		if (rdev->wowlan->n_patterns) {
6087 			struct nlattr *nl_pats, *nl_pat;
6088 			int i, pat_len;
6089 
6090 			nl_pats = nla_nest_start(msg,
6091 					NL80211_WOWLAN_TRIG_PKT_PATTERN);
6092 			if (!nl_pats)
6093 				goto nla_put_failure;
6094 
6095 			for (i = 0; i < rdev->wowlan->n_patterns; i++) {
6096 				nl_pat = nla_nest_start(msg, i + 1);
6097 				if (!nl_pat)
6098 					goto nla_put_failure;
6099 				pat_len = rdev->wowlan->patterns[i].pattern_len;
6100 				if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK,
6101 					    DIV_ROUND_UP(pat_len, 8),
6102 					    rdev->wowlan->patterns[i].mask) ||
6103 				    nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
6104 					    pat_len,
6105 					    rdev->wowlan->patterns[i].pattern))
6106 					goto nla_put_failure;
6107 				nla_nest_end(msg, nl_pat);
6108 			}
6109 			nla_nest_end(msg, nl_pats);
6110 		}
6111 
6112 		nla_nest_end(msg, nl_wowlan);
6113 	}
6114 
6115 	genlmsg_end(msg, hdr);
6116 	return genlmsg_reply(msg, info);
6117 
6118 nla_put_failure:
6119 	nlmsg_free(msg);
6120 	return -ENOBUFS;
6121 }
6122 
6123 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
6124 {
6125 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6126 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
6127 	struct cfg80211_wowlan no_triggers = {};
6128 	struct cfg80211_wowlan new_triggers = {};
6129 	struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan;
6130 	int err, i;
6131 	bool prev_enabled = rdev->wowlan;
6132 
6133 	if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
6134 		return -EOPNOTSUPP;
6135 
6136 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS])
6137 		goto no_triggers;
6138 
6139 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
6140 			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
6141 			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
6142 			nl80211_wowlan_policy);
6143 	if (err)
6144 		return err;
6145 
6146 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
6147 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
6148 			return -EINVAL;
6149 		new_triggers.any = true;
6150 	}
6151 
6152 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
6153 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
6154 			return -EINVAL;
6155 		new_triggers.disconnect = true;
6156 	}
6157 
6158 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
6159 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
6160 			return -EINVAL;
6161 		new_triggers.magic_pkt = true;
6162 	}
6163 
6164 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
6165 		return -EINVAL;
6166 
6167 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
6168 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
6169 			return -EINVAL;
6170 		new_triggers.gtk_rekey_failure = true;
6171 	}
6172 
6173 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
6174 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
6175 			return -EINVAL;
6176 		new_triggers.eap_identity_req = true;
6177 	}
6178 
6179 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
6180 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
6181 			return -EINVAL;
6182 		new_triggers.four_way_handshake = true;
6183 	}
6184 
6185 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
6186 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
6187 			return -EINVAL;
6188 		new_triggers.rfkill_release = true;
6189 	}
6190 
6191 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
6192 		struct nlattr *pat;
6193 		int n_patterns = 0;
6194 		int rem, pat_len, mask_len;
6195 		struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
6196 
6197 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
6198 				    rem)
6199 			n_patterns++;
6200 		if (n_patterns > wowlan->n_patterns)
6201 			return -EINVAL;
6202 
6203 		new_triggers.patterns = kcalloc(n_patterns,
6204 						sizeof(new_triggers.patterns[0]),
6205 						GFP_KERNEL);
6206 		if (!new_triggers.patterns)
6207 			return -ENOMEM;
6208 
6209 		new_triggers.n_patterns = n_patterns;
6210 		i = 0;
6211 
6212 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
6213 				    rem) {
6214 			nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
6215 				  nla_data(pat), nla_len(pat), NULL);
6216 			err = -EINVAL;
6217 			if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
6218 			    !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
6219 				goto error;
6220 			pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
6221 			mask_len = DIV_ROUND_UP(pat_len, 8);
6222 			if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
6223 			    mask_len)
6224 				goto error;
6225 			if (pat_len > wowlan->pattern_max_len ||
6226 			    pat_len < wowlan->pattern_min_len)
6227 				goto error;
6228 
6229 			new_triggers.patterns[i].mask =
6230 				kmalloc(mask_len + pat_len, GFP_KERNEL);
6231 			if (!new_triggers.patterns[i].mask) {
6232 				err = -ENOMEM;
6233 				goto error;
6234 			}
6235 			new_triggers.patterns[i].pattern =
6236 				new_triggers.patterns[i].mask + mask_len;
6237 			memcpy(new_triggers.patterns[i].mask,
6238 			       nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
6239 			       mask_len);
6240 			new_triggers.patterns[i].pattern_len = pat_len;
6241 			memcpy(new_triggers.patterns[i].pattern,
6242 			       nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
6243 			       pat_len);
6244 			i++;
6245 		}
6246 	}
6247 
6248 	if (memcmp(&new_triggers, &no_triggers, sizeof(new_triggers))) {
6249 		struct cfg80211_wowlan *ntrig;
6250 		ntrig = kmemdup(&new_triggers, sizeof(new_triggers),
6251 				GFP_KERNEL);
6252 		if (!ntrig) {
6253 			err = -ENOMEM;
6254 			goto error;
6255 		}
6256 		cfg80211_rdev_free_wowlan(rdev);
6257 		rdev->wowlan = ntrig;
6258 	} else {
6259  no_triggers:
6260 		cfg80211_rdev_free_wowlan(rdev);
6261 		rdev->wowlan = NULL;
6262 	}
6263 
6264 	if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan)
6265 		rdev->ops->set_wakeup(&rdev->wiphy, rdev->wowlan);
6266 
6267 	return 0;
6268  error:
6269 	for (i = 0; i < new_triggers.n_patterns; i++)
6270 		kfree(new_triggers.patterns[i].mask);
6271 	kfree(new_triggers.patterns);
6272 	return err;
6273 }
6274 
6275 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
6276 {
6277 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6278 	struct net_device *dev = info->user_ptr[1];
6279 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6280 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
6281 	struct cfg80211_gtk_rekey_data rekey_data;
6282 	int err;
6283 
6284 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
6285 		return -EINVAL;
6286 
6287 	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
6288 			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
6289 			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
6290 			nl80211_rekey_policy);
6291 	if (err)
6292 		return err;
6293 
6294 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
6295 		return -ERANGE;
6296 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
6297 		return -ERANGE;
6298 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
6299 		return -ERANGE;
6300 
6301 	memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
6302 	       NL80211_KEK_LEN);
6303 	memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
6304 	       NL80211_KCK_LEN);
6305 	memcpy(rekey_data.replay_ctr,
6306 	       nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
6307 	       NL80211_REPLAY_CTR_LEN);
6308 
6309 	wdev_lock(wdev);
6310 	if (!wdev->current_bss) {
6311 		err = -ENOTCONN;
6312 		goto out;
6313 	}
6314 
6315 	if (!rdev->ops->set_rekey_data) {
6316 		err = -EOPNOTSUPP;
6317 		goto out;
6318 	}
6319 
6320 	err = rdev->ops->set_rekey_data(&rdev->wiphy, dev, &rekey_data);
6321  out:
6322 	wdev_unlock(wdev);
6323 	return err;
6324 }
6325 
6326 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
6327 					     struct genl_info *info)
6328 {
6329 	struct net_device *dev = info->user_ptr[1];
6330 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6331 
6332 	if (wdev->iftype != NL80211_IFTYPE_AP &&
6333 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
6334 		return -EINVAL;
6335 
6336 	if (wdev->ap_unexpected_nlpid)
6337 		return -EBUSY;
6338 
6339 	wdev->ap_unexpected_nlpid = info->snd_pid;
6340 	return 0;
6341 }
6342 
6343 static int nl80211_probe_client(struct sk_buff *skb,
6344 				struct genl_info *info)
6345 {
6346 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6347 	struct net_device *dev = info->user_ptr[1];
6348 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6349 	struct sk_buff *msg;
6350 	void *hdr;
6351 	const u8 *addr;
6352 	u64 cookie;
6353 	int err;
6354 
6355 	if (wdev->iftype != NL80211_IFTYPE_AP &&
6356 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
6357 		return -EOPNOTSUPP;
6358 
6359 	if (!info->attrs[NL80211_ATTR_MAC])
6360 		return -EINVAL;
6361 
6362 	if (!rdev->ops->probe_client)
6363 		return -EOPNOTSUPP;
6364 
6365 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6366 	if (!msg)
6367 		return -ENOMEM;
6368 
6369 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
6370 			     NL80211_CMD_PROBE_CLIENT);
6371 
6372 	if (IS_ERR(hdr)) {
6373 		err = PTR_ERR(hdr);
6374 		goto free_msg;
6375 	}
6376 
6377 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6378 
6379 	err = rdev->ops->probe_client(&rdev->wiphy, dev, addr, &cookie);
6380 	if (err)
6381 		goto free_msg;
6382 
6383 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
6384 		goto nla_put_failure;
6385 
6386 	genlmsg_end(msg, hdr);
6387 
6388 	return genlmsg_reply(msg, info);
6389 
6390  nla_put_failure:
6391 	err = -ENOBUFS;
6392  free_msg:
6393 	nlmsg_free(msg);
6394 	return err;
6395 }
6396 
6397 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
6398 {
6399 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6400 
6401 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
6402 		return -EOPNOTSUPP;
6403 
6404 	if (rdev->ap_beacons_nlpid)
6405 		return -EBUSY;
6406 
6407 	rdev->ap_beacons_nlpid = info->snd_pid;
6408 
6409 	return 0;
6410 }
6411 
6412 #define NL80211_FLAG_NEED_WIPHY		0x01
6413 #define NL80211_FLAG_NEED_NETDEV	0x02
6414 #define NL80211_FLAG_NEED_RTNL		0x04
6415 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
6416 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
6417 					 NL80211_FLAG_CHECK_NETDEV_UP)
6418 
6419 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
6420 			    struct genl_info *info)
6421 {
6422 	struct cfg80211_registered_device *rdev;
6423 	struct net_device *dev;
6424 	int err;
6425 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
6426 
6427 	if (rtnl)
6428 		rtnl_lock();
6429 
6430 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
6431 		rdev = cfg80211_get_dev_from_info(info);
6432 		if (IS_ERR(rdev)) {
6433 			if (rtnl)
6434 				rtnl_unlock();
6435 			return PTR_ERR(rdev);
6436 		}
6437 		info->user_ptr[0] = rdev;
6438 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
6439 		err = get_rdev_dev_by_ifindex(genl_info_net(info), info->attrs,
6440 					      &rdev, &dev);
6441 		if (err) {
6442 			if (rtnl)
6443 				rtnl_unlock();
6444 			return err;
6445 		}
6446 		if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
6447 		    !netif_running(dev)) {
6448 			cfg80211_unlock_rdev(rdev);
6449 			dev_put(dev);
6450 			if (rtnl)
6451 				rtnl_unlock();
6452 			return -ENETDOWN;
6453 		}
6454 		info->user_ptr[0] = rdev;
6455 		info->user_ptr[1] = dev;
6456 	}
6457 
6458 	return 0;
6459 }
6460 
6461 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
6462 			      struct genl_info *info)
6463 {
6464 	if (info->user_ptr[0])
6465 		cfg80211_unlock_rdev(info->user_ptr[0]);
6466 	if (info->user_ptr[1])
6467 		dev_put(info->user_ptr[1]);
6468 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
6469 		rtnl_unlock();
6470 }
6471 
6472 static struct genl_ops nl80211_ops[] = {
6473 	{
6474 		.cmd = NL80211_CMD_GET_WIPHY,
6475 		.doit = nl80211_get_wiphy,
6476 		.dumpit = nl80211_dump_wiphy,
6477 		.policy = nl80211_policy,
6478 		/* can be retrieved by unprivileged users */
6479 		.internal_flags = NL80211_FLAG_NEED_WIPHY,
6480 	},
6481 	{
6482 		.cmd = NL80211_CMD_SET_WIPHY,
6483 		.doit = nl80211_set_wiphy,
6484 		.policy = nl80211_policy,
6485 		.flags = GENL_ADMIN_PERM,
6486 		.internal_flags = NL80211_FLAG_NEED_RTNL,
6487 	},
6488 	{
6489 		.cmd = NL80211_CMD_GET_INTERFACE,
6490 		.doit = nl80211_get_interface,
6491 		.dumpit = nl80211_dump_interface,
6492 		.policy = nl80211_policy,
6493 		/* can be retrieved by unprivileged users */
6494 		.internal_flags = NL80211_FLAG_NEED_NETDEV,
6495 	},
6496 	{
6497 		.cmd = NL80211_CMD_SET_INTERFACE,
6498 		.doit = nl80211_set_interface,
6499 		.policy = nl80211_policy,
6500 		.flags = GENL_ADMIN_PERM,
6501 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6502 				  NL80211_FLAG_NEED_RTNL,
6503 	},
6504 	{
6505 		.cmd = NL80211_CMD_NEW_INTERFACE,
6506 		.doit = nl80211_new_interface,
6507 		.policy = nl80211_policy,
6508 		.flags = GENL_ADMIN_PERM,
6509 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6510 				  NL80211_FLAG_NEED_RTNL,
6511 	},
6512 	{
6513 		.cmd = NL80211_CMD_DEL_INTERFACE,
6514 		.doit = nl80211_del_interface,
6515 		.policy = nl80211_policy,
6516 		.flags = GENL_ADMIN_PERM,
6517 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6518 				  NL80211_FLAG_NEED_RTNL,
6519 	},
6520 	{
6521 		.cmd = NL80211_CMD_GET_KEY,
6522 		.doit = nl80211_get_key,
6523 		.policy = nl80211_policy,
6524 		.flags = GENL_ADMIN_PERM,
6525 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6526 				  NL80211_FLAG_NEED_RTNL,
6527 	},
6528 	{
6529 		.cmd = NL80211_CMD_SET_KEY,
6530 		.doit = nl80211_set_key,
6531 		.policy = nl80211_policy,
6532 		.flags = GENL_ADMIN_PERM,
6533 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6534 				  NL80211_FLAG_NEED_RTNL,
6535 	},
6536 	{
6537 		.cmd = NL80211_CMD_NEW_KEY,
6538 		.doit = nl80211_new_key,
6539 		.policy = nl80211_policy,
6540 		.flags = GENL_ADMIN_PERM,
6541 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6542 				  NL80211_FLAG_NEED_RTNL,
6543 	},
6544 	{
6545 		.cmd = NL80211_CMD_DEL_KEY,
6546 		.doit = nl80211_del_key,
6547 		.policy = nl80211_policy,
6548 		.flags = GENL_ADMIN_PERM,
6549 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6550 				  NL80211_FLAG_NEED_RTNL,
6551 	},
6552 	{
6553 		.cmd = NL80211_CMD_SET_BEACON,
6554 		.policy = nl80211_policy,
6555 		.flags = GENL_ADMIN_PERM,
6556 		.doit = nl80211_set_beacon,
6557 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6558 				  NL80211_FLAG_NEED_RTNL,
6559 	},
6560 	{
6561 		.cmd = NL80211_CMD_START_AP,
6562 		.policy = nl80211_policy,
6563 		.flags = GENL_ADMIN_PERM,
6564 		.doit = nl80211_start_ap,
6565 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6566 				  NL80211_FLAG_NEED_RTNL,
6567 	},
6568 	{
6569 		.cmd = NL80211_CMD_STOP_AP,
6570 		.policy = nl80211_policy,
6571 		.flags = GENL_ADMIN_PERM,
6572 		.doit = nl80211_stop_ap,
6573 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6574 				  NL80211_FLAG_NEED_RTNL,
6575 	},
6576 	{
6577 		.cmd = NL80211_CMD_GET_STATION,
6578 		.doit = nl80211_get_station,
6579 		.dumpit = nl80211_dump_station,
6580 		.policy = nl80211_policy,
6581 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6582 				  NL80211_FLAG_NEED_RTNL,
6583 	},
6584 	{
6585 		.cmd = NL80211_CMD_SET_STATION,
6586 		.doit = nl80211_set_station,
6587 		.policy = nl80211_policy,
6588 		.flags = GENL_ADMIN_PERM,
6589 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6590 				  NL80211_FLAG_NEED_RTNL,
6591 	},
6592 	{
6593 		.cmd = NL80211_CMD_NEW_STATION,
6594 		.doit = nl80211_new_station,
6595 		.policy = nl80211_policy,
6596 		.flags = GENL_ADMIN_PERM,
6597 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6598 				  NL80211_FLAG_NEED_RTNL,
6599 	},
6600 	{
6601 		.cmd = NL80211_CMD_DEL_STATION,
6602 		.doit = nl80211_del_station,
6603 		.policy = nl80211_policy,
6604 		.flags = GENL_ADMIN_PERM,
6605 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6606 				  NL80211_FLAG_NEED_RTNL,
6607 	},
6608 	{
6609 		.cmd = NL80211_CMD_GET_MPATH,
6610 		.doit = nl80211_get_mpath,
6611 		.dumpit = nl80211_dump_mpath,
6612 		.policy = nl80211_policy,
6613 		.flags = GENL_ADMIN_PERM,
6614 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6615 				  NL80211_FLAG_NEED_RTNL,
6616 	},
6617 	{
6618 		.cmd = NL80211_CMD_SET_MPATH,
6619 		.doit = nl80211_set_mpath,
6620 		.policy = nl80211_policy,
6621 		.flags = GENL_ADMIN_PERM,
6622 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6623 				  NL80211_FLAG_NEED_RTNL,
6624 	},
6625 	{
6626 		.cmd = NL80211_CMD_NEW_MPATH,
6627 		.doit = nl80211_new_mpath,
6628 		.policy = nl80211_policy,
6629 		.flags = GENL_ADMIN_PERM,
6630 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6631 				  NL80211_FLAG_NEED_RTNL,
6632 	},
6633 	{
6634 		.cmd = NL80211_CMD_DEL_MPATH,
6635 		.doit = nl80211_del_mpath,
6636 		.policy = nl80211_policy,
6637 		.flags = GENL_ADMIN_PERM,
6638 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6639 				  NL80211_FLAG_NEED_RTNL,
6640 	},
6641 	{
6642 		.cmd = NL80211_CMD_SET_BSS,
6643 		.doit = nl80211_set_bss,
6644 		.policy = nl80211_policy,
6645 		.flags = GENL_ADMIN_PERM,
6646 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6647 				  NL80211_FLAG_NEED_RTNL,
6648 	},
6649 	{
6650 		.cmd = NL80211_CMD_GET_REG,
6651 		.doit = nl80211_get_reg,
6652 		.policy = nl80211_policy,
6653 		/* can be retrieved by unprivileged users */
6654 	},
6655 	{
6656 		.cmd = NL80211_CMD_SET_REG,
6657 		.doit = nl80211_set_reg,
6658 		.policy = nl80211_policy,
6659 		.flags = GENL_ADMIN_PERM,
6660 	},
6661 	{
6662 		.cmd = NL80211_CMD_REQ_SET_REG,
6663 		.doit = nl80211_req_set_reg,
6664 		.policy = nl80211_policy,
6665 		.flags = GENL_ADMIN_PERM,
6666 	},
6667 	{
6668 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
6669 		.doit = nl80211_get_mesh_config,
6670 		.policy = nl80211_policy,
6671 		/* can be retrieved by unprivileged users */
6672 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6673 				  NL80211_FLAG_NEED_RTNL,
6674 	},
6675 	{
6676 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
6677 		.doit = nl80211_update_mesh_config,
6678 		.policy = nl80211_policy,
6679 		.flags = GENL_ADMIN_PERM,
6680 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6681 				  NL80211_FLAG_NEED_RTNL,
6682 	},
6683 	{
6684 		.cmd = NL80211_CMD_TRIGGER_SCAN,
6685 		.doit = nl80211_trigger_scan,
6686 		.policy = nl80211_policy,
6687 		.flags = GENL_ADMIN_PERM,
6688 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6689 				  NL80211_FLAG_NEED_RTNL,
6690 	},
6691 	{
6692 		.cmd = NL80211_CMD_GET_SCAN,
6693 		.policy = nl80211_policy,
6694 		.dumpit = nl80211_dump_scan,
6695 	},
6696 	{
6697 		.cmd = NL80211_CMD_START_SCHED_SCAN,
6698 		.doit = nl80211_start_sched_scan,
6699 		.policy = nl80211_policy,
6700 		.flags = GENL_ADMIN_PERM,
6701 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6702 				  NL80211_FLAG_NEED_RTNL,
6703 	},
6704 	{
6705 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
6706 		.doit = nl80211_stop_sched_scan,
6707 		.policy = nl80211_policy,
6708 		.flags = GENL_ADMIN_PERM,
6709 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6710 				  NL80211_FLAG_NEED_RTNL,
6711 	},
6712 	{
6713 		.cmd = NL80211_CMD_AUTHENTICATE,
6714 		.doit = nl80211_authenticate,
6715 		.policy = nl80211_policy,
6716 		.flags = GENL_ADMIN_PERM,
6717 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6718 				  NL80211_FLAG_NEED_RTNL,
6719 	},
6720 	{
6721 		.cmd = NL80211_CMD_ASSOCIATE,
6722 		.doit = nl80211_associate,
6723 		.policy = nl80211_policy,
6724 		.flags = GENL_ADMIN_PERM,
6725 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6726 				  NL80211_FLAG_NEED_RTNL,
6727 	},
6728 	{
6729 		.cmd = NL80211_CMD_DEAUTHENTICATE,
6730 		.doit = nl80211_deauthenticate,
6731 		.policy = nl80211_policy,
6732 		.flags = GENL_ADMIN_PERM,
6733 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6734 				  NL80211_FLAG_NEED_RTNL,
6735 	},
6736 	{
6737 		.cmd = NL80211_CMD_DISASSOCIATE,
6738 		.doit = nl80211_disassociate,
6739 		.policy = nl80211_policy,
6740 		.flags = GENL_ADMIN_PERM,
6741 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6742 				  NL80211_FLAG_NEED_RTNL,
6743 	},
6744 	{
6745 		.cmd = NL80211_CMD_JOIN_IBSS,
6746 		.doit = nl80211_join_ibss,
6747 		.policy = nl80211_policy,
6748 		.flags = GENL_ADMIN_PERM,
6749 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6750 				  NL80211_FLAG_NEED_RTNL,
6751 	},
6752 	{
6753 		.cmd = NL80211_CMD_LEAVE_IBSS,
6754 		.doit = nl80211_leave_ibss,
6755 		.policy = nl80211_policy,
6756 		.flags = GENL_ADMIN_PERM,
6757 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6758 				  NL80211_FLAG_NEED_RTNL,
6759 	},
6760 #ifdef CONFIG_NL80211_TESTMODE
6761 	{
6762 		.cmd = NL80211_CMD_TESTMODE,
6763 		.doit = nl80211_testmode_do,
6764 		.dumpit = nl80211_testmode_dump,
6765 		.policy = nl80211_policy,
6766 		.flags = GENL_ADMIN_PERM,
6767 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6768 				  NL80211_FLAG_NEED_RTNL,
6769 	},
6770 #endif
6771 	{
6772 		.cmd = NL80211_CMD_CONNECT,
6773 		.doit = nl80211_connect,
6774 		.policy = nl80211_policy,
6775 		.flags = GENL_ADMIN_PERM,
6776 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6777 				  NL80211_FLAG_NEED_RTNL,
6778 	},
6779 	{
6780 		.cmd = NL80211_CMD_DISCONNECT,
6781 		.doit = nl80211_disconnect,
6782 		.policy = nl80211_policy,
6783 		.flags = GENL_ADMIN_PERM,
6784 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6785 				  NL80211_FLAG_NEED_RTNL,
6786 	},
6787 	{
6788 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
6789 		.doit = nl80211_wiphy_netns,
6790 		.policy = nl80211_policy,
6791 		.flags = GENL_ADMIN_PERM,
6792 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6793 				  NL80211_FLAG_NEED_RTNL,
6794 	},
6795 	{
6796 		.cmd = NL80211_CMD_GET_SURVEY,
6797 		.policy = nl80211_policy,
6798 		.dumpit = nl80211_dump_survey,
6799 	},
6800 	{
6801 		.cmd = NL80211_CMD_SET_PMKSA,
6802 		.doit = nl80211_setdel_pmksa,
6803 		.policy = nl80211_policy,
6804 		.flags = GENL_ADMIN_PERM,
6805 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6806 				  NL80211_FLAG_NEED_RTNL,
6807 	},
6808 	{
6809 		.cmd = NL80211_CMD_DEL_PMKSA,
6810 		.doit = nl80211_setdel_pmksa,
6811 		.policy = nl80211_policy,
6812 		.flags = GENL_ADMIN_PERM,
6813 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6814 				  NL80211_FLAG_NEED_RTNL,
6815 	},
6816 	{
6817 		.cmd = NL80211_CMD_FLUSH_PMKSA,
6818 		.doit = nl80211_flush_pmksa,
6819 		.policy = nl80211_policy,
6820 		.flags = GENL_ADMIN_PERM,
6821 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6822 				  NL80211_FLAG_NEED_RTNL,
6823 	},
6824 	{
6825 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
6826 		.doit = nl80211_remain_on_channel,
6827 		.policy = nl80211_policy,
6828 		.flags = GENL_ADMIN_PERM,
6829 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6830 				  NL80211_FLAG_NEED_RTNL,
6831 	},
6832 	{
6833 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
6834 		.doit = nl80211_cancel_remain_on_channel,
6835 		.policy = nl80211_policy,
6836 		.flags = GENL_ADMIN_PERM,
6837 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6838 				  NL80211_FLAG_NEED_RTNL,
6839 	},
6840 	{
6841 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
6842 		.doit = nl80211_set_tx_bitrate_mask,
6843 		.policy = nl80211_policy,
6844 		.flags = GENL_ADMIN_PERM,
6845 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6846 				  NL80211_FLAG_NEED_RTNL,
6847 	},
6848 	{
6849 		.cmd = NL80211_CMD_REGISTER_FRAME,
6850 		.doit = nl80211_register_mgmt,
6851 		.policy = nl80211_policy,
6852 		.flags = GENL_ADMIN_PERM,
6853 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6854 				  NL80211_FLAG_NEED_RTNL,
6855 	},
6856 	{
6857 		.cmd = NL80211_CMD_FRAME,
6858 		.doit = nl80211_tx_mgmt,
6859 		.policy = nl80211_policy,
6860 		.flags = GENL_ADMIN_PERM,
6861 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6862 				  NL80211_FLAG_NEED_RTNL,
6863 	},
6864 	{
6865 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
6866 		.doit = nl80211_tx_mgmt_cancel_wait,
6867 		.policy = nl80211_policy,
6868 		.flags = GENL_ADMIN_PERM,
6869 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6870 				  NL80211_FLAG_NEED_RTNL,
6871 	},
6872 	{
6873 		.cmd = NL80211_CMD_SET_POWER_SAVE,
6874 		.doit = nl80211_set_power_save,
6875 		.policy = nl80211_policy,
6876 		.flags = GENL_ADMIN_PERM,
6877 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6878 				  NL80211_FLAG_NEED_RTNL,
6879 	},
6880 	{
6881 		.cmd = NL80211_CMD_GET_POWER_SAVE,
6882 		.doit = nl80211_get_power_save,
6883 		.policy = nl80211_policy,
6884 		/* can be retrieved by unprivileged users */
6885 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6886 				  NL80211_FLAG_NEED_RTNL,
6887 	},
6888 	{
6889 		.cmd = NL80211_CMD_SET_CQM,
6890 		.doit = nl80211_set_cqm,
6891 		.policy = nl80211_policy,
6892 		.flags = GENL_ADMIN_PERM,
6893 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6894 				  NL80211_FLAG_NEED_RTNL,
6895 	},
6896 	{
6897 		.cmd = NL80211_CMD_SET_CHANNEL,
6898 		.doit = nl80211_set_channel,
6899 		.policy = nl80211_policy,
6900 		.flags = GENL_ADMIN_PERM,
6901 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6902 				  NL80211_FLAG_NEED_RTNL,
6903 	},
6904 	{
6905 		.cmd = NL80211_CMD_SET_WDS_PEER,
6906 		.doit = nl80211_set_wds_peer,
6907 		.policy = nl80211_policy,
6908 		.flags = GENL_ADMIN_PERM,
6909 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6910 				  NL80211_FLAG_NEED_RTNL,
6911 	},
6912 	{
6913 		.cmd = NL80211_CMD_JOIN_MESH,
6914 		.doit = nl80211_join_mesh,
6915 		.policy = nl80211_policy,
6916 		.flags = GENL_ADMIN_PERM,
6917 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6918 				  NL80211_FLAG_NEED_RTNL,
6919 	},
6920 	{
6921 		.cmd = NL80211_CMD_LEAVE_MESH,
6922 		.doit = nl80211_leave_mesh,
6923 		.policy = nl80211_policy,
6924 		.flags = GENL_ADMIN_PERM,
6925 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6926 				  NL80211_FLAG_NEED_RTNL,
6927 	},
6928 	{
6929 		.cmd = NL80211_CMD_GET_WOWLAN,
6930 		.doit = nl80211_get_wowlan,
6931 		.policy = nl80211_policy,
6932 		/* can be retrieved by unprivileged users */
6933 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6934 				  NL80211_FLAG_NEED_RTNL,
6935 	},
6936 	{
6937 		.cmd = NL80211_CMD_SET_WOWLAN,
6938 		.doit = nl80211_set_wowlan,
6939 		.policy = nl80211_policy,
6940 		.flags = GENL_ADMIN_PERM,
6941 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6942 				  NL80211_FLAG_NEED_RTNL,
6943 	},
6944 	{
6945 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
6946 		.doit = nl80211_set_rekey_data,
6947 		.policy = nl80211_policy,
6948 		.flags = GENL_ADMIN_PERM,
6949 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6950 				  NL80211_FLAG_NEED_RTNL,
6951 	},
6952 	{
6953 		.cmd = NL80211_CMD_TDLS_MGMT,
6954 		.doit = nl80211_tdls_mgmt,
6955 		.policy = nl80211_policy,
6956 		.flags = GENL_ADMIN_PERM,
6957 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6958 				  NL80211_FLAG_NEED_RTNL,
6959 	},
6960 	{
6961 		.cmd = NL80211_CMD_TDLS_OPER,
6962 		.doit = nl80211_tdls_oper,
6963 		.policy = nl80211_policy,
6964 		.flags = GENL_ADMIN_PERM,
6965 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6966 				  NL80211_FLAG_NEED_RTNL,
6967 	},
6968 	{
6969 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
6970 		.doit = nl80211_register_unexpected_frame,
6971 		.policy = nl80211_policy,
6972 		.flags = GENL_ADMIN_PERM,
6973 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6974 				  NL80211_FLAG_NEED_RTNL,
6975 	},
6976 	{
6977 		.cmd = NL80211_CMD_PROBE_CLIENT,
6978 		.doit = nl80211_probe_client,
6979 		.policy = nl80211_policy,
6980 		.flags = GENL_ADMIN_PERM,
6981 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6982 				  NL80211_FLAG_NEED_RTNL,
6983 	},
6984 	{
6985 		.cmd = NL80211_CMD_REGISTER_BEACONS,
6986 		.doit = nl80211_register_beacons,
6987 		.policy = nl80211_policy,
6988 		.flags = GENL_ADMIN_PERM,
6989 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6990 				  NL80211_FLAG_NEED_RTNL,
6991 	},
6992 	{
6993 		.cmd = NL80211_CMD_SET_NOACK_MAP,
6994 		.doit = nl80211_set_noack_map,
6995 		.policy = nl80211_policy,
6996 		.flags = GENL_ADMIN_PERM,
6997 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6998 				  NL80211_FLAG_NEED_RTNL,
6999 	},
7000 
7001 };
7002 
7003 static struct genl_multicast_group nl80211_mlme_mcgrp = {
7004 	.name = "mlme",
7005 };
7006 
7007 /* multicast groups */
7008 static struct genl_multicast_group nl80211_config_mcgrp = {
7009 	.name = "config",
7010 };
7011 static struct genl_multicast_group nl80211_scan_mcgrp = {
7012 	.name = "scan",
7013 };
7014 static struct genl_multicast_group nl80211_regulatory_mcgrp = {
7015 	.name = "regulatory",
7016 };
7017 
7018 /* notification functions */
7019 
7020 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
7021 {
7022 	struct sk_buff *msg;
7023 
7024 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7025 	if (!msg)
7026 		return;
7027 
7028 	if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
7029 		nlmsg_free(msg);
7030 		return;
7031 	}
7032 
7033 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7034 				nl80211_config_mcgrp.id, GFP_KERNEL);
7035 }
7036 
7037 static int nl80211_add_scan_req(struct sk_buff *msg,
7038 				struct cfg80211_registered_device *rdev)
7039 {
7040 	struct cfg80211_scan_request *req = rdev->scan_req;
7041 	struct nlattr *nest;
7042 	int i;
7043 
7044 	ASSERT_RDEV_LOCK(rdev);
7045 
7046 	if (WARN_ON(!req))
7047 		return 0;
7048 
7049 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
7050 	if (!nest)
7051 		goto nla_put_failure;
7052 	for (i = 0; i < req->n_ssids; i++) {
7053 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
7054 			goto nla_put_failure;
7055 	}
7056 	nla_nest_end(msg, nest);
7057 
7058 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
7059 	if (!nest)
7060 		goto nla_put_failure;
7061 	for (i = 0; i < req->n_channels; i++) {
7062 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
7063 			goto nla_put_failure;
7064 	}
7065 	nla_nest_end(msg, nest);
7066 
7067 	if (req->ie &&
7068 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
7069 		goto nla_put_failure;
7070 
7071 	return 0;
7072  nla_put_failure:
7073 	return -ENOBUFS;
7074 }
7075 
7076 static int nl80211_send_scan_msg(struct sk_buff *msg,
7077 				 struct cfg80211_registered_device *rdev,
7078 				 struct net_device *netdev,
7079 				 u32 pid, u32 seq, int flags,
7080 				 u32 cmd)
7081 {
7082 	void *hdr;
7083 
7084 	hdr = nl80211hdr_put(msg, pid, seq, flags, cmd);
7085 	if (!hdr)
7086 		return -1;
7087 
7088 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7089 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
7090 		goto nla_put_failure;
7091 
7092 	/* ignore errors and send incomplete event anyway */
7093 	nl80211_add_scan_req(msg, rdev);
7094 
7095 	return genlmsg_end(msg, hdr);
7096 
7097  nla_put_failure:
7098 	genlmsg_cancel(msg, hdr);
7099 	return -EMSGSIZE;
7100 }
7101 
7102 static int
7103 nl80211_send_sched_scan_msg(struct sk_buff *msg,
7104 			    struct cfg80211_registered_device *rdev,
7105 			    struct net_device *netdev,
7106 			    u32 pid, u32 seq, int flags, u32 cmd)
7107 {
7108 	void *hdr;
7109 
7110 	hdr = nl80211hdr_put(msg, pid, seq, flags, cmd);
7111 	if (!hdr)
7112 		return -1;
7113 
7114 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7115 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
7116 		goto nla_put_failure;
7117 
7118 	return genlmsg_end(msg, hdr);
7119 
7120  nla_put_failure:
7121 	genlmsg_cancel(msg, hdr);
7122 	return -EMSGSIZE;
7123 }
7124 
7125 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
7126 			     struct net_device *netdev)
7127 {
7128 	struct sk_buff *msg;
7129 
7130 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
7131 	if (!msg)
7132 		return;
7133 
7134 	if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
7135 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
7136 		nlmsg_free(msg);
7137 		return;
7138 	}
7139 
7140 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7141 				nl80211_scan_mcgrp.id, GFP_KERNEL);
7142 }
7143 
7144 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
7145 			    struct net_device *netdev)
7146 {
7147 	struct sk_buff *msg;
7148 
7149 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7150 	if (!msg)
7151 		return;
7152 
7153 	if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
7154 				  NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
7155 		nlmsg_free(msg);
7156 		return;
7157 	}
7158 
7159 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7160 				nl80211_scan_mcgrp.id, GFP_KERNEL);
7161 }
7162 
7163 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
7164 			       struct net_device *netdev)
7165 {
7166 	struct sk_buff *msg;
7167 
7168 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7169 	if (!msg)
7170 		return;
7171 
7172 	if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
7173 				  NL80211_CMD_SCAN_ABORTED) < 0) {
7174 		nlmsg_free(msg);
7175 		return;
7176 	}
7177 
7178 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7179 				nl80211_scan_mcgrp.id, GFP_KERNEL);
7180 }
7181 
7182 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
7183 				     struct net_device *netdev)
7184 {
7185 	struct sk_buff *msg;
7186 
7187 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7188 	if (!msg)
7189 		return;
7190 
7191 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
7192 					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
7193 		nlmsg_free(msg);
7194 		return;
7195 	}
7196 
7197 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7198 				nl80211_scan_mcgrp.id, GFP_KERNEL);
7199 }
7200 
7201 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
7202 			     struct net_device *netdev, u32 cmd)
7203 {
7204 	struct sk_buff *msg;
7205 
7206 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
7207 	if (!msg)
7208 		return;
7209 
7210 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
7211 		nlmsg_free(msg);
7212 		return;
7213 	}
7214 
7215 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7216 				nl80211_scan_mcgrp.id, GFP_KERNEL);
7217 }
7218 
7219 /*
7220  * This can happen on global regulatory changes or device specific settings
7221  * based on custom world regulatory domains.
7222  */
7223 void nl80211_send_reg_change_event(struct regulatory_request *request)
7224 {
7225 	struct sk_buff *msg;
7226 	void *hdr;
7227 
7228 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7229 	if (!msg)
7230 		return;
7231 
7232 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
7233 	if (!hdr) {
7234 		nlmsg_free(msg);
7235 		return;
7236 	}
7237 
7238 	/* Userspace can always count this one always being set */
7239 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
7240 		goto nla_put_failure;
7241 
7242 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
7243 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
7244 			       NL80211_REGDOM_TYPE_WORLD))
7245 			goto nla_put_failure;
7246 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
7247 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
7248 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
7249 			goto nla_put_failure;
7250 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
7251 		   request->intersect) {
7252 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
7253 			       NL80211_REGDOM_TYPE_INTERSECTION))
7254 			goto nla_put_failure;
7255 	} else {
7256 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
7257 			       NL80211_REGDOM_TYPE_COUNTRY) ||
7258 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
7259 				   request->alpha2))
7260 			goto nla_put_failure;
7261 	}
7262 
7263 	if (wiphy_idx_valid(request->wiphy_idx) &&
7264 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
7265 		goto nla_put_failure;
7266 
7267 	genlmsg_end(msg, hdr);
7268 
7269 	rcu_read_lock();
7270 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
7271 				GFP_ATOMIC);
7272 	rcu_read_unlock();
7273 
7274 	return;
7275 
7276 nla_put_failure:
7277 	genlmsg_cancel(msg, hdr);
7278 	nlmsg_free(msg);
7279 }
7280 
7281 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
7282 				    struct net_device *netdev,
7283 				    const u8 *buf, size_t len,
7284 				    enum nl80211_commands cmd, gfp_t gfp)
7285 {
7286 	struct sk_buff *msg;
7287 	void *hdr;
7288 
7289 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7290 	if (!msg)
7291 		return;
7292 
7293 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
7294 	if (!hdr) {
7295 		nlmsg_free(msg);
7296 		return;
7297 	}
7298 
7299 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7300 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7301 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
7302 		goto nla_put_failure;
7303 
7304 	genlmsg_end(msg, hdr);
7305 
7306 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7307 				nl80211_mlme_mcgrp.id, gfp);
7308 	return;
7309 
7310  nla_put_failure:
7311 	genlmsg_cancel(msg, hdr);
7312 	nlmsg_free(msg);
7313 }
7314 
7315 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
7316 			  struct net_device *netdev, const u8 *buf,
7317 			  size_t len, gfp_t gfp)
7318 {
7319 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7320 				NL80211_CMD_AUTHENTICATE, gfp);
7321 }
7322 
7323 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
7324 			   struct net_device *netdev, const u8 *buf,
7325 			   size_t len, gfp_t gfp)
7326 {
7327 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7328 				NL80211_CMD_ASSOCIATE, gfp);
7329 }
7330 
7331 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
7332 			 struct net_device *netdev, const u8 *buf,
7333 			 size_t len, gfp_t gfp)
7334 {
7335 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7336 				NL80211_CMD_DEAUTHENTICATE, gfp);
7337 }
7338 
7339 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
7340 			   struct net_device *netdev, const u8 *buf,
7341 			   size_t len, gfp_t gfp)
7342 {
7343 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7344 				NL80211_CMD_DISASSOCIATE, gfp);
7345 }
7346 
7347 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev,
7348 				struct net_device *netdev, const u8 *buf,
7349 				size_t len, gfp_t gfp)
7350 {
7351 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7352 				NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp);
7353 }
7354 
7355 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev,
7356 				  struct net_device *netdev, const u8 *buf,
7357 				  size_t len, gfp_t gfp)
7358 {
7359 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7360 				NL80211_CMD_UNPROT_DISASSOCIATE, gfp);
7361 }
7362 
7363 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
7364 				      struct net_device *netdev, int cmd,
7365 				      const u8 *addr, gfp_t gfp)
7366 {
7367 	struct sk_buff *msg;
7368 	void *hdr;
7369 
7370 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7371 	if (!msg)
7372 		return;
7373 
7374 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
7375 	if (!hdr) {
7376 		nlmsg_free(msg);
7377 		return;
7378 	}
7379 
7380 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7381 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7382 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
7383 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
7384 		goto nla_put_failure;
7385 
7386 	genlmsg_end(msg, hdr);
7387 
7388 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7389 				nl80211_mlme_mcgrp.id, gfp);
7390 	return;
7391 
7392  nla_put_failure:
7393 	genlmsg_cancel(msg, hdr);
7394 	nlmsg_free(msg);
7395 }
7396 
7397 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
7398 			       struct net_device *netdev, const u8 *addr,
7399 			       gfp_t gfp)
7400 {
7401 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
7402 				  addr, gfp);
7403 }
7404 
7405 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
7406 				struct net_device *netdev, const u8 *addr,
7407 				gfp_t gfp)
7408 {
7409 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
7410 				  addr, gfp);
7411 }
7412 
7413 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
7414 				 struct net_device *netdev, const u8 *bssid,
7415 				 const u8 *req_ie, size_t req_ie_len,
7416 				 const u8 *resp_ie, size_t resp_ie_len,
7417 				 u16 status, gfp_t gfp)
7418 {
7419 	struct sk_buff *msg;
7420 	void *hdr;
7421 
7422 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7423 	if (!msg)
7424 		return;
7425 
7426 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
7427 	if (!hdr) {
7428 		nlmsg_free(msg);
7429 		return;
7430 	}
7431 
7432 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7433 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7434 	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
7435 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
7436 	    (req_ie &&
7437 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
7438 	    (resp_ie &&
7439 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
7440 		goto nla_put_failure;
7441 
7442 	genlmsg_end(msg, hdr);
7443 
7444 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7445 				nl80211_mlme_mcgrp.id, gfp);
7446 	return;
7447 
7448  nla_put_failure:
7449 	genlmsg_cancel(msg, hdr);
7450 	nlmsg_free(msg);
7451 
7452 }
7453 
7454 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
7455 			 struct net_device *netdev, const u8 *bssid,
7456 			 const u8 *req_ie, size_t req_ie_len,
7457 			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
7458 {
7459 	struct sk_buff *msg;
7460 	void *hdr;
7461 
7462 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7463 	if (!msg)
7464 		return;
7465 
7466 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
7467 	if (!hdr) {
7468 		nlmsg_free(msg);
7469 		return;
7470 	}
7471 
7472 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7473 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7474 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
7475 	    (req_ie &&
7476 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
7477 	    (resp_ie &&
7478 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
7479 		goto nla_put_failure;
7480 
7481 	genlmsg_end(msg, hdr);
7482 
7483 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7484 				nl80211_mlme_mcgrp.id, gfp);
7485 	return;
7486 
7487  nla_put_failure:
7488 	genlmsg_cancel(msg, hdr);
7489 	nlmsg_free(msg);
7490 
7491 }
7492 
7493 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
7494 			       struct net_device *netdev, u16 reason,
7495 			       const u8 *ie, size_t ie_len, bool from_ap)
7496 {
7497 	struct sk_buff *msg;
7498 	void *hdr;
7499 
7500 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
7501 	if (!msg)
7502 		return;
7503 
7504 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
7505 	if (!hdr) {
7506 		nlmsg_free(msg);
7507 		return;
7508 	}
7509 
7510 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7511 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7512 	    (from_ap && reason &&
7513 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
7514 	    (from_ap &&
7515 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
7516 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
7517 		goto nla_put_failure;
7518 
7519 	genlmsg_end(msg, hdr);
7520 
7521 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7522 				nl80211_mlme_mcgrp.id, GFP_KERNEL);
7523 	return;
7524 
7525  nla_put_failure:
7526 	genlmsg_cancel(msg, hdr);
7527 	nlmsg_free(msg);
7528 
7529 }
7530 
7531 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
7532 			     struct net_device *netdev, const u8 *bssid,
7533 			     gfp_t gfp)
7534 {
7535 	struct sk_buff *msg;
7536 	void *hdr;
7537 
7538 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7539 	if (!msg)
7540 		return;
7541 
7542 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
7543 	if (!hdr) {
7544 		nlmsg_free(msg);
7545 		return;
7546 	}
7547 
7548 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7549 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7550 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
7551 		goto nla_put_failure;
7552 
7553 	genlmsg_end(msg, hdr);
7554 
7555 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7556 				nl80211_mlme_mcgrp.id, gfp);
7557 	return;
7558 
7559  nla_put_failure:
7560 	genlmsg_cancel(msg, hdr);
7561 	nlmsg_free(msg);
7562 }
7563 
7564 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev,
7565 		struct net_device *netdev,
7566 		const u8 *macaddr, const u8* ie, u8 ie_len,
7567 		gfp_t gfp)
7568 {
7569 	struct sk_buff *msg;
7570 	void *hdr;
7571 
7572 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7573 	if (!msg)
7574 		return;
7575 
7576 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
7577 	if (!hdr) {
7578 		nlmsg_free(msg);
7579 		return;
7580 	}
7581 
7582 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7583 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7584 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr) ||
7585 	    (ie_len && ie &&
7586 	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
7587 		goto nla_put_failure;
7588 
7589 	genlmsg_end(msg, hdr);
7590 
7591 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7592 				nl80211_mlme_mcgrp.id, gfp);
7593 	return;
7594 
7595  nla_put_failure:
7596 	genlmsg_cancel(msg, hdr);
7597 	nlmsg_free(msg);
7598 }
7599 
7600 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
7601 				 struct net_device *netdev, const u8 *addr,
7602 				 enum nl80211_key_type key_type, int key_id,
7603 				 const u8 *tsc, gfp_t gfp)
7604 {
7605 	struct sk_buff *msg;
7606 	void *hdr;
7607 
7608 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7609 	if (!msg)
7610 		return;
7611 
7612 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
7613 	if (!hdr) {
7614 		nlmsg_free(msg);
7615 		return;
7616 	}
7617 
7618 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7619 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7620 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
7621 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
7622 	    (key_id != -1 &&
7623 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
7624 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
7625 		goto nla_put_failure;
7626 
7627 	genlmsg_end(msg, hdr);
7628 
7629 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7630 				nl80211_mlme_mcgrp.id, gfp);
7631 	return;
7632 
7633  nla_put_failure:
7634 	genlmsg_cancel(msg, hdr);
7635 	nlmsg_free(msg);
7636 }
7637 
7638 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
7639 				    struct ieee80211_channel *channel_before,
7640 				    struct ieee80211_channel *channel_after)
7641 {
7642 	struct sk_buff *msg;
7643 	void *hdr;
7644 	struct nlattr *nl_freq;
7645 
7646 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
7647 	if (!msg)
7648 		return;
7649 
7650 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
7651 	if (!hdr) {
7652 		nlmsg_free(msg);
7653 		return;
7654 	}
7655 
7656 	/*
7657 	 * Since we are applying the beacon hint to a wiphy we know its
7658 	 * wiphy_idx is valid
7659 	 */
7660 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7661 		goto nla_put_failure;
7662 
7663 	/* Before */
7664 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
7665 	if (!nl_freq)
7666 		goto nla_put_failure;
7667 	if (nl80211_msg_put_channel(msg, channel_before))
7668 		goto nla_put_failure;
7669 	nla_nest_end(msg, nl_freq);
7670 
7671 	/* After */
7672 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
7673 	if (!nl_freq)
7674 		goto nla_put_failure;
7675 	if (nl80211_msg_put_channel(msg, channel_after))
7676 		goto nla_put_failure;
7677 	nla_nest_end(msg, nl_freq);
7678 
7679 	genlmsg_end(msg, hdr);
7680 
7681 	rcu_read_lock();
7682 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
7683 				GFP_ATOMIC);
7684 	rcu_read_unlock();
7685 
7686 	return;
7687 
7688 nla_put_failure:
7689 	genlmsg_cancel(msg, hdr);
7690 	nlmsg_free(msg);
7691 }
7692 
7693 static void nl80211_send_remain_on_chan_event(
7694 	int cmd, struct cfg80211_registered_device *rdev,
7695 	struct net_device *netdev, u64 cookie,
7696 	struct ieee80211_channel *chan,
7697 	enum nl80211_channel_type channel_type,
7698 	unsigned int duration, gfp_t gfp)
7699 {
7700 	struct sk_buff *msg;
7701 	void *hdr;
7702 
7703 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7704 	if (!msg)
7705 		return;
7706 
7707 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
7708 	if (!hdr) {
7709 		nlmsg_free(msg);
7710 		return;
7711 	}
7712 
7713 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7714 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7715 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
7716 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type) ||
7717 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7718 		goto nla_put_failure;
7719 
7720 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
7721 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
7722 		goto nla_put_failure;
7723 
7724 	genlmsg_end(msg, hdr);
7725 
7726 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7727 				nl80211_mlme_mcgrp.id, gfp);
7728 	return;
7729 
7730  nla_put_failure:
7731 	genlmsg_cancel(msg, hdr);
7732 	nlmsg_free(msg);
7733 }
7734 
7735 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev,
7736 				    struct net_device *netdev, u64 cookie,
7737 				    struct ieee80211_channel *chan,
7738 				    enum nl80211_channel_type channel_type,
7739 				    unsigned int duration, gfp_t gfp)
7740 {
7741 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
7742 					  rdev, netdev, cookie, chan,
7743 					  channel_type, duration, gfp);
7744 }
7745 
7746 void nl80211_send_remain_on_channel_cancel(
7747 	struct cfg80211_registered_device *rdev, struct net_device *netdev,
7748 	u64 cookie, struct ieee80211_channel *chan,
7749 	enum nl80211_channel_type channel_type, gfp_t gfp)
7750 {
7751 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
7752 					  rdev, netdev, cookie, chan,
7753 					  channel_type, 0, gfp);
7754 }
7755 
7756 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev,
7757 			    struct net_device *dev, const u8 *mac_addr,
7758 			    struct station_info *sinfo, gfp_t gfp)
7759 {
7760 	struct sk_buff *msg;
7761 
7762 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7763 	if (!msg)
7764 		return;
7765 
7766 	if (nl80211_send_station(msg, 0, 0, 0,
7767 				 rdev, dev, mac_addr, sinfo) < 0) {
7768 		nlmsg_free(msg);
7769 		return;
7770 	}
7771 
7772 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7773 				nl80211_mlme_mcgrp.id, gfp);
7774 }
7775 
7776 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev,
7777 				struct net_device *dev, const u8 *mac_addr,
7778 				gfp_t gfp)
7779 {
7780 	struct sk_buff *msg;
7781 	void *hdr;
7782 
7783 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7784 	if (!msg)
7785 		return;
7786 
7787 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
7788 	if (!hdr) {
7789 		nlmsg_free(msg);
7790 		return;
7791 	}
7792 
7793 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7794 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
7795 		goto nla_put_failure;
7796 
7797 	genlmsg_end(msg, hdr);
7798 
7799 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7800 				nl80211_mlme_mcgrp.id, gfp);
7801 	return;
7802 
7803  nla_put_failure:
7804 	genlmsg_cancel(msg, hdr);
7805 	nlmsg_free(msg);
7806 }
7807 
7808 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
7809 				       const u8 *addr, gfp_t gfp)
7810 {
7811 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7812 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
7813 	struct sk_buff *msg;
7814 	void *hdr;
7815 	int err;
7816 	u32 nlpid = ACCESS_ONCE(wdev->ap_unexpected_nlpid);
7817 
7818 	if (!nlpid)
7819 		return false;
7820 
7821 	msg = nlmsg_new(100, gfp);
7822 	if (!msg)
7823 		return true;
7824 
7825 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
7826 	if (!hdr) {
7827 		nlmsg_free(msg);
7828 		return true;
7829 	}
7830 
7831 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7832 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7833 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
7834 		goto nla_put_failure;
7835 
7836 	err = genlmsg_end(msg, hdr);
7837 	if (err < 0) {
7838 		nlmsg_free(msg);
7839 		return true;
7840 	}
7841 
7842 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
7843 	return true;
7844 
7845  nla_put_failure:
7846 	genlmsg_cancel(msg, hdr);
7847 	nlmsg_free(msg);
7848 	return true;
7849 }
7850 
7851 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp)
7852 {
7853 	return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
7854 					  addr, gfp);
7855 }
7856 
7857 bool nl80211_unexpected_4addr_frame(struct net_device *dev,
7858 				    const u8 *addr, gfp_t gfp)
7859 {
7860 	return __nl80211_unexpected_frame(dev,
7861 					  NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
7862 					  addr, gfp);
7863 }
7864 
7865 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
7866 		      struct net_device *netdev, u32 nlpid,
7867 		      int freq, int sig_dbm,
7868 		      const u8 *buf, size_t len, gfp_t gfp)
7869 {
7870 	struct sk_buff *msg;
7871 	void *hdr;
7872 
7873 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7874 	if (!msg)
7875 		return -ENOMEM;
7876 
7877 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
7878 	if (!hdr) {
7879 		nlmsg_free(msg);
7880 		return -ENOMEM;
7881 	}
7882 
7883 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7884 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7885 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
7886 	    (sig_dbm &&
7887 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
7888 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
7889 		goto nla_put_failure;
7890 
7891 	genlmsg_end(msg, hdr);
7892 
7893 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
7894 
7895  nla_put_failure:
7896 	genlmsg_cancel(msg, hdr);
7897 	nlmsg_free(msg);
7898 	return -ENOBUFS;
7899 }
7900 
7901 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev,
7902 				 struct net_device *netdev, u64 cookie,
7903 				 const u8 *buf, size_t len, bool ack,
7904 				 gfp_t gfp)
7905 {
7906 	struct sk_buff *msg;
7907 	void *hdr;
7908 
7909 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7910 	if (!msg)
7911 		return;
7912 
7913 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
7914 	if (!hdr) {
7915 		nlmsg_free(msg);
7916 		return;
7917 	}
7918 
7919 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7920 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7921 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
7922 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
7923 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
7924 		goto nla_put_failure;
7925 
7926 	genlmsg_end(msg, hdr);
7927 
7928 	genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
7929 	return;
7930 
7931  nla_put_failure:
7932 	genlmsg_cancel(msg, hdr);
7933 	nlmsg_free(msg);
7934 }
7935 
7936 void
7937 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev,
7938 			     struct net_device *netdev,
7939 			     enum nl80211_cqm_rssi_threshold_event rssi_event,
7940 			     gfp_t gfp)
7941 {
7942 	struct sk_buff *msg;
7943 	struct nlattr *pinfoattr;
7944 	void *hdr;
7945 
7946 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7947 	if (!msg)
7948 		return;
7949 
7950 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
7951 	if (!hdr) {
7952 		nlmsg_free(msg);
7953 		return;
7954 	}
7955 
7956 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7957 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
7958 		goto nla_put_failure;
7959 
7960 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
7961 	if (!pinfoattr)
7962 		goto nla_put_failure;
7963 
7964 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
7965 			rssi_event))
7966 		goto nla_put_failure;
7967 
7968 	nla_nest_end(msg, pinfoattr);
7969 
7970 	genlmsg_end(msg, hdr);
7971 
7972 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7973 				nl80211_mlme_mcgrp.id, gfp);
7974 	return;
7975 
7976  nla_put_failure:
7977 	genlmsg_cancel(msg, hdr);
7978 	nlmsg_free(msg);
7979 }
7980 
7981 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
7982 			      struct net_device *netdev, const u8 *bssid,
7983 			      const u8 *replay_ctr, gfp_t gfp)
7984 {
7985 	struct sk_buff *msg;
7986 	struct nlattr *rekey_attr;
7987 	void *hdr;
7988 
7989 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7990 	if (!msg)
7991 		return;
7992 
7993 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
7994 	if (!hdr) {
7995 		nlmsg_free(msg);
7996 		return;
7997 	}
7998 
7999 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8000 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8001 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
8002 		goto nla_put_failure;
8003 
8004 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
8005 	if (!rekey_attr)
8006 		goto nla_put_failure;
8007 
8008 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
8009 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
8010 		goto nla_put_failure;
8011 
8012 	nla_nest_end(msg, rekey_attr);
8013 
8014 	genlmsg_end(msg, hdr);
8015 
8016 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8017 				nl80211_mlme_mcgrp.id, gfp);
8018 	return;
8019 
8020  nla_put_failure:
8021 	genlmsg_cancel(msg, hdr);
8022 	nlmsg_free(msg);
8023 }
8024 
8025 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
8026 				    struct net_device *netdev, int index,
8027 				    const u8 *bssid, bool preauth, gfp_t gfp)
8028 {
8029 	struct sk_buff *msg;
8030 	struct nlattr *attr;
8031 	void *hdr;
8032 
8033 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
8034 	if (!msg)
8035 		return;
8036 
8037 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
8038 	if (!hdr) {
8039 		nlmsg_free(msg);
8040 		return;
8041 	}
8042 
8043 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8044 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
8045 		goto nla_put_failure;
8046 
8047 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
8048 	if (!attr)
8049 		goto nla_put_failure;
8050 
8051 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
8052 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
8053 	    (preauth &&
8054 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
8055 		goto nla_put_failure;
8056 
8057 	nla_nest_end(msg, attr);
8058 
8059 	genlmsg_end(msg, hdr);
8060 
8061 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8062 				nl80211_mlme_mcgrp.id, gfp);
8063 	return;
8064 
8065  nla_put_failure:
8066 	genlmsg_cancel(msg, hdr);
8067 	nlmsg_free(msg);
8068 }
8069 
8070 void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
8071 			      struct net_device *netdev, int freq,
8072 			      enum nl80211_channel_type type, gfp_t gfp)
8073 {
8074 	struct sk_buff *msg;
8075 	void *hdr;
8076 
8077 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
8078 	if (!msg)
8079 		return;
8080 
8081 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY);
8082 	if (!hdr) {
8083 		nlmsg_free(msg);
8084 		return;
8085 	}
8086 
8087 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8088 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
8089 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, type))
8090 		goto nla_put_failure;
8091 
8092 	genlmsg_end(msg, hdr);
8093 
8094 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8095 				nl80211_mlme_mcgrp.id, gfp);
8096 	return;
8097 
8098  nla_put_failure:
8099 	genlmsg_cancel(msg, hdr);
8100 	nlmsg_free(msg);
8101 }
8102 
8103 void
8104 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev,
8105 				struct net_device *netdev, const u8 *peer,
8106 				u32 num_packets, gfp_t gfp)
8107 {
8108 	struct sk_buff *msg;
8109 	struct nlattr *pinfoattr;
8110 	void *hdr;
8111 
8112 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
8113 	if (!msg)
8114 		return;
8115 
8116 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
8117 	if (!hdr) {
8118 		nlmsg_free(msg);
8119 		return;
8120 	}
8121 
8122 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8123 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8124 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
8125 		goto nla_put_failure;
8126 
8127 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
8128 	if (!pinfoattr)
8129 		goto nla_put_failure;
8130 
8131 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
8132 		goto nla_put_failure;
8133 
8134 	nla_nest_end(msg, pinfoattr);
8135 
8136 	genlmsg_end(msg, hdr);
8137 
8138 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8139 				nl80211_mlme_mcgrp.id, gfp);
8140 	return;
8141 
8142  nla_put_failure:
8143 	genlmsg_cancel(msg, hdr);
8144 	nlmsg_free(msg);
8145 }
8146 
8147 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
8148 			   u64 cookie, bool acked, gfp_t gfp)
8149 {
8150 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8151 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
8152 	struct sk_buff *msg;
8153 	void *hdr;
8154 	int err;
8155 
8156 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
8157 	if (!msg)
8158 		return;
8159 
8160 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
8161 	if (!hdr) {
8162 		nlmsg_free(msg);
8163 		return;
8164 	}
8165 
8166 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8167 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
8168 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
8169 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
8170 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
8171 		goto nla_put_failure;
8172 
8173 	err = genlmsg_end(msg, hdr);
8174 	if (err < 0) {
8175 		nlmsg_free(msg);
8176 		return;
8177 	}
8178 
8179 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8180 				nl80211_mlme_mcgrp.id, gfp);
8181 	return;
8182 
8183  nla_put_failure:
8184 	genlmsg_cancel(msg, hdr);
8185 	nlmsg_free(msg);
8186 }
8187 EXPORT_SYMBOL(cfg80211_probe_status);
8188 
8189 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
8190 				 const u8 *frame, size_t len,
8191 				 int freq, int sig_dbm, gfp_t gfp)
8192 {
8193 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
8194 	struct sk_buff *msg;
8195 	void *hdr;
8196 	u32 nlpid = ACCESS_ONCE(rdev->ap_beacons_nlpid);
8197 
8198 	if (!nlpid)
8199 		return;
8200 
8201 	msg = nlmsg_new(len + 100, gfp);
8202 	if (!msg)
8203 		return;
8204 
8205 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
8206 	if (!hdr) {
8207 		nlmsg_free(msg);
8208 		return;
8209 	}
8210 
8211 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8212 	    (freq &&
8213 	     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
8214 	    (sig_dbm &&
8215 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
8216 	    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
8217 		goto nla_put_failure;
8218 
8219 	genlmsg_end(msg, hdr);
8220 
8221 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
8222 	return;
8223 
8224  nla_put_failure:
8225 	genlmsg_cancel(msg, hdr);
8226 	nlmsg_free(msg);
8227 }
8228 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
8229 
8230 static int nl80211_netlink_notify(struct notifier_block * nb,
8231 				  unsigned long state,
8232 				  void *_notify)
8233 {
8234 	struct netlink_notify *notify = _notify;
8235 	struct cfg80211_registered_device *rdev;
8236 	struct wireless_dev *wdev;
8237 
8238 	if (state != NETLINK_URELEASE)
8239 		return NOTIFY_DONE;
8240 
8241 	rcu_read_lock();
8242 
8243 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
8244 		list_for_each_entry_rcu(wdev, &rdev->netdev_list, list)
8245 			cfg80211_mlme_unregister_socket(wdev, notify->pid);
8246 		if (rdev->ap_beacons_nlpid == notify->pid)
8247 			rdev->ap_beacons_nlpid = 0;
8248 	}
8249 
8250 	rcu_read_unlock();
8251 
8252 	return NOTIFY_DONE;
8253 }
8254 
8255 static struct notifier_block nl80211_netlink_notifier = {
8256 	.notifier_call = nl80211_netlink_notify,
8257 };
8258 
8259 /* initialisation/exit functions */
8260 
8261 int nl80211_init(void)
8262 {
8263 	int err;
8264 
8265 	err = genl_register_family_with_ops(&nl80211_fam,
8266 		nl80211_ops, ARRAY_SIZE(nl80211_ops));
8267 	if (err)
8268 		return err;
8269 
8270 	err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
8271 	if (err)
8272 		goto err_out;
8273 
8274 	err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp);
8275 	if (err)
8276 		goto err_out;
8277 
8278 	err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp);
8279 	if (err)
8280 		goto err_out;
8281 
8282 	err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp);
8283 	if (err)
8284 		goto err_out;
8285 
8286 #ifdef CONFIG_NL80211_TESTMODE
8287 	err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp);
8288 	if (err)
8289 		goto err_out;
8290 #endif
8291 
8292 	err = netlink_register_notifier(&nl80211_netlink_notifier);
8293 	if (err)
8294 		goto err_out;
8295 
8296 	return 0;
8297  err_out:
8298 	genl_unregister_family(&nl80211_fam);
8299 	return err;
8300 }
8301 
8302 void nl80211_exit(void)
8303 {
8304 	netlink_unregister_notifier(&nl80211_netlink_notifier);
8305 	genl_unregister_family(&nl80211_fam);
8306 }
8307