xref: /linux/net/wireless/nl80211.c (revision 4201c9260a8d3c4ef238e51692a7e9b4e1e29efe) 
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * This is the new netlink-based wireless configuration interface.
4  *
5  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
6  * Copyright 2013-2014  Intel Mobile Communications GmbH
7  * Copyright 2015-2017	Intel Deutschland GmbH
8  * Copyright (C) 2018-2019 Intel Corporation
9  */
10 
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <net/net_namespace.h>
24 #include <net/genetlink.h>
25 #include <net/cfg80211.h>
26 #include <net/sock.h>
27 #include <net/inet_connection_sock.h>
28 #include "core.h"
29 #include "nl80211.h"
30 #include "reg.h"
31 #include "rdev-ops.h"
32 
33 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
34 				   struct genl_info *info,
35 				   struct cfg80211_crypto_settings *settings,
36 				   int cipher_limit);
37 
38 /* the netlink family */
39 static struct genl_family nl80211_fam;
40 
41 /* multicast groups */
42 enum nl80211_multicast_groups {
43 	NL80211_MCGRP_CONFIG,
44 	NL80211_MCGRP_SCAN,
45 	NL80211_MCGRP_REGULATORY,
46 	NL80211_MCGRP_MLME,
47 	NL80211_MCGRP_VENDOR,
48 	NL80211_MCGRP_NAN,
49 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
50 };
51 
52 static const struct genl_multicast_group nl80211_mcgrps[] = {
53 	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
54 	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
55 	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
56 	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
57 	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
58 	[NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
59 #ifdef CONFIG_NL80211_TESTMODE
60 	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
61 #endif
62 };
63 
64 /* returns ERR_PTR values */
65 static struct wireless_dev *
66 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
67 {
68 	struct cfg80211_registered_device *rdev;
69 	struct wireless_dev *result = NULL;
70 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
71 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
72 	u64 wdev_id;
73 	int wiphy_idx = -1;
74 	int ifidx = -1;
75 
76 	ASSERT_RTNL();
77 
78 	if (!have_ifidx && !have_wdev_id)
79 		return ERR_PTR(-EINVAL);
80 
81 	if (have_ifidx)
82 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
83 	if (have_wdev_id) {
84 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
85 		wiphy_idx = wdev_id >> 32;
86 	}
87 
88 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
89 		struct wireless_dev *wdev;
90 
91 		if (wiphy_net(&rdev->wiphy) != netns)
92 			continue;
93 
94 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
95 			continue;
96 
97 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
98 			if (have_ifidx && wdev->netdev &&
99 			    wdev->netdev->ifindex == ifidx) {
100 				result = wdev;
101 				break;
102 			}
103 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
104 				result = wdev;
105 				break;
106 			}
107 		}
108 
109 		if (result)
110 			break;
111 	}
112 
113 	if (result)
114 		return result;
115 	return ERR_PTR(-ENODEV);
116 }
117 
118 static struct cfg80211_registered_device *
119 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
120 {
121 	struct cfg80211_registered_device *rdev = NULL, *tmp;
122 	struct net_device *netdev;
123 
124 	ASSERT_RTNL();
125 
126 	if (!attrs[NL80211_ATTR_WIPHY] &&
127 	    !attrs[NL80211_ATTR_IFINDEX] &&
128 	    !attrs[NL80211_ATTR_WDEV])
129 		return ERR_PTR(-EINVAL);
130 
131 	if (attrs[NL80211_ATTR_WIPHY])
132 		rdev = cfg80211_rdev_by_wiphy_idx(
133 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
134 
135 	if (attrs[NL80211_ATTR_WDEV]) {
136 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
137 		struct wireless_dev *wdev;
138 		bool found = false;
139 
140 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
141 		if (tmp) {
142 			/* make sure wdev exists */
143 			list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
144 				if (wdev->identifier != (u32)wdev_id)
145 					continue;
146 				found = true;
147 				break;
148 			}
149 
150 			if (!found)
151 				tmp = NULL;
152 
153 			if (rdev && tmp != rdev)
154 				return ERR_PTR(-EINVAL);
155 			rdev = tmp;
156 		}
157 	}
158 
159 	if (attrs[NL80211_ATTR_IFINDEX]) {
160 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
161 
162 		netdev = __dev_get_by_index(netns, ifindex);
163 		if (netdev) {
164 			if (netdev->ieee80211_ptr)
165 				tmp = wiphy_to_rdev(
166 					netdev->ieee80211_ptr->wiphy);
167 			else
168 				tmp = NULL;
169 
170 			/* not wireless device -- return error */
171 			if (!tmp)
172 				return ERR_PTR(-EINVAL);
173 
174 			/* mismatch -- return error */
175 			if (rdev && tmp != rdev)
176 				return ERR_PTR(-EINVAL);
177 
178 			rdev = tmp;
179 		}
180 	}
181 
182 	if (!rdev)
183 		return ERR_PTR(-ENODEV);
184 
185 	if (netns != wiphy_net(&rdev->wiphy))
186 		return ERR_PTR(-ENODEV);
187 
188 	return rdev;
189 }
190 
191 /*
192  * This function returns a pointer to the driver
193  * that the genl_info item that is passed refers to.
194  *
195  * The result of this can be a PTR_ERR and hence must
196  * be checked with IS_ERR() for errors.
197  */
198 static struct cfg80211_registered_device *
199 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
200 {
201 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
202 }
203 
204 static int validate_ie_attr(const struct nlattr *attr,
205 			    struct netlink_ext_ack *extack)
206 {
207 	const u8 *data = nla_data(attr);
208 	unsigned int len = nla_len(attr);
209 	const struct element *elem;
210 
211 	for_each_element(elem, data, len) {
212 		/* nothing */
213 	}
214 
215 	if (for_each_element_completed(elem, data, len))
216 		return 0;
217 
218 	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
219 	return -EINVAL;
220 }
221 
222 /* policy for the attributes */
223 static const struct nla_policy
224 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
225 	[NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
226 	[NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
227 					.len = U8_MAX },
228 	[NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
229 					     .len = U8_MAX },
230 };
231 
232 static const struct nla_policy
233 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
234 	[NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
235 	[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
236 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
237 		NLA_POLICY_MAX(NLA_U8, 15),
238 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
239 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
240 		NLA_POLICY_MAX(NLA_U8, 15),
241 	[NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
242 		NLA_POLICY_MAX(NLA_U8, 31),
243 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
244 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
245 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
246 };
247 
248 static const struct nla_policy
249 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
250 	[NL80211_PMSR_TYPE_FTM] =
251 		NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
252 };
253 
254 static const struct nla_policy
255 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
256 	[NL80211_PMSR_REQ_ATTR_DATA] =
257 		NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
258 	[NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
259 };
260 
261 static const struct nla_policy
262 nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
263 	[NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
264 	/*
265 	 * we could specify this again to be the top-level policy,
266 	 * but that would open us up to recursion problems ...
267 	 */
268 	[NL80211_PMSR_PEER_ATTR_CHAN] = { .type = NLA_NESTED },
269 	[NL80211_PMSR_PEER_ATTR_REQ] =
270 		NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
271 	[NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
272 };
273 
274 static const struct nla_policy
275 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
276 	[NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
277 	[NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
278 	[NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
279 	[NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
280 	[NL80211_PMSR_ATTR_PEERS] =
281 		NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
282 };
283 
284 const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
285 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
286 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
287 				      .len = 20-1 },
288 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
289 
290 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
291 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
292 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
293 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
294 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
295 
296 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
297 	[NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
298 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
299 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
300 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
301 	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
302 
303 	[NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
304 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
305 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
306 
307 	[NL80211_ATTR_MAC] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
308 	[NL80211_ATTR_PREV_BSSID] = {
309 		.type = NLA_EXACT_LEN_WARN,
310 		.len = ETH_ALEN
311 	},
312 
313 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
314 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
315 				    .len = WLAN_MAX_KEY_LEN },
316 	[NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 5),
317 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
318 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
319 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
320 	[NL80211_ATTR_KEY_TYPE] =
321 		NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
322 
323 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
324 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
325 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
326 				       .len = IEEE80211_MAX_DATA_LEN },
327 	[NL80211_ATTR_BEACON_TAIL] =
328 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
329 				       IEEE80211_MAX_DATA_LEN),
330 	[NL80211_ATTR_STA_AID] =
331 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
332 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
333 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
334 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
335 					       .len = NL80211_MAX_SUPP_RATES },
336 	[NL80211_ATTR_STA_PLINK_ACTION] =
337 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
338 	[NL80211_ATTR_STA_TX_POWER_SETTING] =
339 		NLA_POLICY_RANGE(NLA_U8,
340 				 NL80211_TX_POWER_AUTOMATIC,
341 				 NL80211_TX_POWER_FIXED),
342 	[NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
343 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
344 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
345 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
346 				   .len = IEEE80211_MAX_MESH_ID_LEN },
347 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
348 
349 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
350 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
351 
352 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
353 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
354 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
355 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
356 					   .len = NL80211_MAX_SUPP_RATES },
357 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
358 
359 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
360 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
361 
362 	[NL80211_ATTR_HT_CAPABILITY] = {
363 		.type = NLA_EXACT_LEN_WARN,
364 		.len = NL80211_HT_CAPABILITY_LEN
365 	},
366 
367 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
368 	[NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
369 						   validate_ie_attr,
370 						   IEEE80211_MAX_DATA_LEN),
371 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
372 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
373 
374 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
375 				.len = IEEE80211_MAX_SSID_LEN },
376 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
377 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
378 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
379 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
380 	[NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
381 						  NL80211_MFP_NO,
382 						  NL80211_MFP_OPTIONAL),
383 	[NL80211_ATTR_STA_FLAGS2] = {
384 		.len = sizeof(struct nl80211_sta_flag_update),
385 	},
386 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
387 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
388 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
389 	[NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
390 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
391 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
392 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
393 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
394 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
395 	[NL80211_ATTR_PMKID] = {
396 		.type = NLA_EXACT_LEN_WARN,
397 		.len = WLAN_PMKID_LEN
398 	},
399 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
400 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
401 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
402 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
403 				 .len = IEEE80211_MAX_DATA_LEN },
404 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
405 	[NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
406 						   NL80211_PS_DISABLED,
407 						   NL80211_PS_ENABLED),
408 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
409 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
410 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
411 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
412 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
413 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
414 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
415 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
416 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
417 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
418 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
419 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
420 	[NL80211_ATTR_STA_PLINK_STATE] =
421 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
422 	[NL80211_ATTR_MESH_PEER_AID] =
423 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
424 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
425 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
426 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
427 	[NL80211_ATTR_HIDDEN_SSID] =
428 		NLA_POLICY_RANGE(NLA_U32,
429 				 NL80211_HIDDEN_SSID_NOT_IN_USE,
430 				 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
431 	[NL80211_ATTR_IE_PROBE_RESP] =
432 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
433 				       IEEE80211_MAX_DATA_LEN),
434 	[NL80211_ATTR_IE_ASSOC_RESP] =
435 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
436 				       IEEE80211_MAX_DATA_LEN),
437 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
438 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
439 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
440 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
441 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
442 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
443 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
444 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
445 	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
446 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
447 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
448 				      .len = IEEE80211_MAX_DATA_LEN },
449 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
450 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
451 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
452 		.len = NL80211_HT_CAPABILITY_LEN
453 	},
454 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
455 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
456 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
457 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
458 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
459 	[NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
460 	[NL80211_ATTR_VHT_CAPABILITY] = {
461 		.type = NLA_EXACT_LEN_WARN,
462 		.len = NL80211_VHT_CAPABILITY_LEN
463 	},
464 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
465 	[NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
466 	[NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
467 	[NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
468 		NLA_POLICY_RANGE(NLA_U32,
469 				 NL80211_MESH_POWER_UNKNOWN + 1,
470 				 NL80211_MESH_POWER_MAX),
471 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
472 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
473 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
474 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
475 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
476 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
477 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
478 		.len = NL80211_VHT_CAPABILITY_LEN,
479 	},
480 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
481 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
482 				  .len = IEEE80211_MAX_DATA_LEN },
483 	[NL80211_ATTR_PEER_AID] =
484 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
485 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
486 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
487 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
488 	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
489 	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
490 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
491 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
492 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
493 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
494 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
495 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
496 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
497 	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
498 				   .len = IEEE80211_QOS_MAP_LEN_MAX },
499 	[NL80211_ATTR_MAC_HINT] = {
500 		.type = NLA_EXACT_LEN_WARN,
501 		.len = ETH_ALEN
502 	},
503 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
504 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
505 	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
506 	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
507 	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
508 	[NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
509 	[NL80211_ATTR_USER_PRIO] =
510 		NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
511 	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
512 	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
513 	[NL80211_ATTR_MAC_MASK] = {
514 		.type = NLA_EXACT_LEN_WARN,
515 		.len = ETH_ALEN
516 	},
517 	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
518 	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
519 	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
520 	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
521 	[NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
522 	[NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
523 	[NL80211_ATTR_STA_SUPPORT_P2P_PS] =
524 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
525 	[NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
526 		.len = VHT_MUMIMO_GROUPS_DATA_LEN
527 	},
528 	[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = {
529 		.type = NLA_EXACT_LEN_WARN,
530 		.len = ETH_ALEN
531 	},
532 	[NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
533 	[NL80211_ATTR_BANDS] = { .type = NLA_U32 },
534 	[NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
535 	[NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
536 				    .len = FILS_MAX_KEK_LEN },
537 	[NL80211_ATTR_FILS_NONCES] = {
538 		.type = NLA_EXACT_LEN_WARN,
539 		.len = 2 * FILS_NONCE_LEN
540 	},
541 	[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
542 	[NL80211_ATTR_BSSID] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
543 	[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
544 	[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
545 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
546 	},
547 	[NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
548 	[NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
549 					     .len = FILS_ERP_MAX_USERNAME_LEN },
550 	[NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
551 					  .len = FILS_ERP_MAX_REALM_LEN },
552 	[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
553 	[NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
554 					.len = FILS_ERP_MAX_RRK_LEN },
555 	[NL80211_ATTR_FILS_CACHE_ID] = { .type = NLA_EXACT_LEN_WARN, .len = 2 },
556 	[NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
557 	[NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
558 	[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
559 
560 	[NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
561 	[NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
562 	[NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
563 	[NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
564 					 .len = NL80211_HE_MAX_CAPABILITY_LEN },
565 
566 	[NL80211_ATTR_FTM_RESPONDER] = {
567 		.type = NLA_NESTED,
568 		.validation_data = nl80211_ftm_responder_policy,
569 	},
570 	[NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
571 	[NL80211_ATTR_PEER_MEASUREMENTS] =
572 		NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
573 	[NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
574 	[NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
575 					.len = SAE_PASSWORD_MAX_LEN },
576 	[NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
577 };
578 
579 /* policy for the key attributes */
580 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
581 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
582 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
583 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
584 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
585 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
586 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
587 	[NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
588 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
589 	[NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
590 };
591 
592 /* policy for the key default flags */
593 static const struct nla_policy
594 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
595 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
596 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
597 };
598 
599 #ifdef CONFIG_PM
600 /* policy for WoWLAN attributes */
601 static const struct nla_policy
602 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
603 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
604 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
605 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
606 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
607 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
608 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
609 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
610 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
611 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
612 	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
613 };
614 
615 static const struct nla_policy
616 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
617 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
618 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
619 	[NL80211_WOWLAN_TCP_DST_MAC] = {
620 		.type = NLA_EXACT_LEN_WARN,
621 		.len = ETH_ALEN
622 	},
623 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
624 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
625 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
626 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
627 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
628 	},
629 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
630 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
631 	},
632 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
633 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
634 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .type = NLA_MIN_LEN, .len = 1 },
635 };
636 #endif /* CONFIG_PM */
637 
638 /* policy for coalesce rule attributes */
639 static const struct nla_policy
640 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
641 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
642 	[NL80211_ATTR_COALESCE_RULE_CONDITION] =
643 		NLA_POLICY_RANGE(NLA_U32,
644 				 NL80211_COALESCE_CONDITION_MATCH,
645 				 NL80211_COALESCE_CONDITION_NO_MATCH),
646 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
647 };
648 
649 /* policy for GTK rekey offload attributes */
650 static const struct nla_policy
651 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
652 	[NL80211_REKEY_DATA_KEK] = { .type = NLA_EXACT_LEN_WARN, .len = NL80211_KEK_LEN },
653 	[NL80211_REKEY_DATA_KCK] = { .type = NLA_EXACT_LEN_WARN, .len = NL80211_KCK_LEN },
654 	[NL80211_REKEY_DATA_REPLAY_CTR] = {
655 		.type = NLA_EXACT_LEN_WARN,
656 		.len = NL80211_REPLAY_CTR_LEN
657 	},
658 };
659 
660 static const struct nla_policy
661 nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
662 	[NL80211_BAND_2GHZ] = { .type = NLA_S32 },
663 	[NL80211_BAND_5GHZ] = { .type = NLA_S32 },
664 	[NL80211_BAND_60GHZ] = { .type = NLA_S32 },
665 };
666 
667 static const struct nla_policy
668 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
669 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
670 						 .len = IEEE80211_MAX_SSID_LEN },
671 	[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = {
672 		.type = NLA_EXACT_LEN_WARN,
673 		.len = ETH_ALEN
674 	},
675 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
676 	[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
677 		NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
678 };
679 
680 static const struct nla_policy
681 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
682 	[NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
683 	[NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
684 };
685 
686 static const struct nla_policy
687 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
688 	[NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
689 	[NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
690 	[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
691 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
692 	},
693 };
694 
695 /* policy for NAN function attributes */
696 static const struct nla_policy
697 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
698 	[NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
699 	[NL80211_NAN_FUNC_SERVICE_ID] = {
700 				    .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
701 	[NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
702 	[NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
703 	[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
704 	[NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
705 	[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
706 	[NL80211_NAN_FUNC_FOLLOW_UP_DEST] = {
707 		.type = NLA_EXACT_LEN_WARN,
708 		.len = ETH_ALEN
709 	},
710 	[NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
711 	[NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
712 	[NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
713 			.len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
714 	[NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
715 	[NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
716 	[NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
717 	[NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
718 	[NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
719 };
720 
721 /* policy for Service Response Filter attributes */
722 static const struct nla_policy
723 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
724 	[NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
725 	[NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
726 				 .len =  NL80211_NAN_FUNC_SRF_MAX_LEN },
727 	[NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
728 	[NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
729 };
730 
731 /* policy for packet pattern attributes */
732 static const struct nla_policy
733 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
734 	[NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
735 	[NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
736 	[NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
737 };
738 
739 int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
740 			      struct cfg80211_registered_device **rdev,
741 			      struct wireless_dev **wdev)
742 {
743 	int err;
744 
745 	if (!cb->args[0]) {
746 		err = nlmsg_parse_deprecated(cb->nlh,
747 					     GENL_HDRLEN + nl80211_fam.hdrsize,
748 					     genl_family_attrbuf(&nl80211_fam),
749 					     nl80211_fam.maxattr,
750 					     nl80211_policy, NULL);
751 		if (err)
752 			return err;
753 
754 		*wdev = __cfg80211_wdev_from_attrs(
755 					sock_net(cb->skb->sk),
756 					genl_family_attrbuf(&nl80211_fam));
757 		if (IS_ERR(*wdev))
758 			return PTR_ERR(*wdev);
759 		*rdev = wiphy_to_rdev((*wdev)->wiphy);
760 		/* 0 is the first index - add 1 to parse only once */
761 		cb->args[0] = (*rdev)->wiphy_idx + 1;
762 		cb->args[1] = (*wdev)->identifier;
763 	} else {
764 		/* subtract the 1 again here */
765 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
766 		struct wireless_dev *tmp;
767 
768 		if (!wiphy)
769 			return -ENODEV;
770 		*rdev = wiphy_to_rdev(wiphy);
771 		*wdev = NULL;
772 
773 		list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
774 			if (tmp->identifier == cb->args[1]) {
775 				*wdev = tmp;
776 				break;
777 			}
778 		}
779 
780 		if (!*wdev)
781 			return -ENODEV;
782 	}
783 
784 	return 0;
785 }
786 
787 /* message building helper */
788 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
789 		     int flags, u8 cmd)
790 {
791 	/* since there is no private header just add the generic one */
792 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
793 }
794 
795 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
796 				     const struct ieee80211_reg_rule *rule)
797 {
798 	int j;
799 	struct nlattr *nl_wmm_rules =
800 		nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
801 
802 	if (!nl_wmm_rules)
803 		goto nla_put_failure;
804 
805 	for (j = 0; j < IEEE80211_NUM_ACS; j++) {
806 		struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
807 
808 		if (!nl_wmm_rule)
809 			goto nla_put_failure;
810 
811 		if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
812 				rule->wmm_rule.client[j].cw_min) ||
813 		    nla_put_u16(msg, NL80211_WMMR_CW_MAX,
814 				rule->wmm_rule.client[j].cw_max) ||
815 		    nla_put_u8(msg, NL80211_WMMR_AIFSN,
816 			       rule->wmm_rule.client[j].aifsn) ||
817 		    nla_put_u16(msg, NL80211_WMMR_TXOP,
818 			        rule->wmm_rule.client[j].cot))
819 			goto nla_put_failure;
820 
821 		nla_nest_end(msg, nl_wmm_rule);
822 	}
823 	nla_nest_end(msg, nl_wmm_rules);
824 
825 	return 0;
826 
827 nla_put_failure:
828 	return -ENOBUFS;
829 }
830 
831 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
832 				   struct ieee80211_channel *chan,
833 				   bool large)
834 {
835 	/* Some channels must be completely excluded from the
836 	 * list to protect old user-space tools from breaking
837 	 */
838 	if (!large && chan->flags &
839 	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
840 		return 0;
841 
842 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
843 			chan->center_freq))
844 		goto nla_put_failure;
845 
846 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
847 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
848 		goto nla_put_failure;
849 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
850 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
851 			goto nla_put_failure;
852 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
853 			goto nla_put_failure;
854 	}
855 	if (chan->flags & IEEE80211_CHAN_RADAR) {
856 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
857 			goto nla_put_failure;
858 		if (large) {
859 			u32 time;
860 
861 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
862 
863 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
864 					chan->dfs_state))
865 				goto nla_put_failure;
866 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
867 					time))
868 				goto nla_put_failure;
869 			if (nla_put_u32(msg,
870 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
871 					chan->dfs_cac_ms))
872 				goto nla_put_failure;
873 		}
874 	}
875 
876 	if (large) {
877 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
878 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
879 			goto nla_put_failure;
880 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
881 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
882 			goto nla_put_failure;
883 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
884 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
885 			goto nla_put_failure;
886 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
887 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
888 			goto nla_put_failure;
889 		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
890 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
891 			goto nla_put_failure;
892 		if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
893 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
894 			goto nla_put_failure;
895 		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
896 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
897 			goto nla_put_failure;
898 		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
899 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
900 			goto nla_put_failure;
901 	}
902 
903 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
904 			DBM_TO_MBM(chan->max_power)))
905 		goto nla_put_failure;
906 
907 	if (large) {
908 		const struct ieee80211_reg_rule *rule =
909 			freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
910 
911 		if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
912 			if (nl80211_msg_put_wmm_rules(msg, rule))
913 				goto nla_put_failure;
914 		}
915 	}
916 
917 	return 0;
918 
919  nla_put_failure:
920 	return -ENOBUFS;
921 }
922 
923 static bool nl80211_put_txq_stats(struct sk_buff *msg,
924 				  struct cfg80211_txq_stats *txqstats,
925 				  int attrtype)
926 {
927 	struct nlattr *txqattr;
928 
929 #define PUT_TXQVAL_U32(attr, memb) do {					  \
930 	if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) &&	  \
931 	    nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
932 		return false;						  \
933 	} while (0)
934 
935 	txqattr = nla_nest_start_noflag(msg, attrtype);
936 	if (!txqattr)
937 		return false;
938 
939 	PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
940 	PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
941 	PUT_TXQVAL_U32(FLOWS, flows);
942 	PUT_TXQVAL_U32(DROPS, drops);
943 	PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
944 	PUT_TXQVAL_U32(OVERLIMIT, overlimit);
945 	PUT_TXQVAL_U32(OVERMEMORY, overmemory);
946 	PUT_TXQVAL_U32(COLLISIONS, collisions);
947 	PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
948 	PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
949 	PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
950 	nla_nest_end(msg, txqattr);
951 
952 #undef PUT_TXQVAL_U32
953 	return true;
954 }
955 
956 /* netlink command implementations */
957 
958 struct key_parse {
959 	struct key_params p;
960 	int idx;
961 	int type;
962 	bool def, defmgmt;
963 	bool def_uni, def_multi;
964 };
965 
966 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
967 				 struct key_parse *k)
968 {
969 	struct nlattr *tb[NL80211_KEY_MAX + 1];
970 	int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
971 					      nl80211_key_policy,
972 					      info->extack);
973 	if (err)
974 		return err;
975 
976 	k->def = !!tb[NL80211_KEY_DEFAULT];
977 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
978 
979 	if (k->def) {
980 		k->def_uni = true;
981 		k->def_multi = true;
982 	}
983 	if (k->defmgmt)
984 		k->def_multi = true;
985 
986 	if (tb[NL80211_KEY_IDX])
987 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
988 
989 	if (tb[NL80211_KEY_DATA]) {
990 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
991 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
992 	}
993 
994 	if (tb[NL80211_KEY_SEQ]) {
995 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
996 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
997 	}
998 
999 	if (tb[NL80211_KEY_CIPHER])
1000 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1001 
1002 	if (tb[NL80211_KEY_TYPE])
1003 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1004 
1005 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1006 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1007 
1008 		err = nla_parse_nested_deprecated(kdt,
1009 						  NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1010 						  tb[NL80211_KEY_DEFAULT_TYPES],
1011 						  nl80211_key_default_policy,
1012 						  info->extack);
1013 		if (err)
1014 			return err;
1015 
1016 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1017 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1018 	}
1019 
1020 	if (tb[NL80211_KEY_MODE])
1021 		k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1022 
1023 	return 0;
1024 }
1025 
1026 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1027 {
1028 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1029 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1030 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1031 	}
1032 
1033 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1034 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1035 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1036 	}
1037 
1038 	if (info->attrs[NL80211_ATTR_KEY_IDX])
1039 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1040 
1041 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1042 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1043 
1044 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1045 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1046 
1047 	if (k->def) {
1048 		k->def_uni = true;
1049 		k->def_multi = true;
1050 	}
1051 	if (k->defmgmt)
1052 		k->def_multi = true;
1053 
1054 	if (info->attrs[NL80211_ATTR_KEY_TYPE])
1055 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1056 
1057 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1058 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1059 		int err = nla_parse_nested_deprecated(kdt,
1060 						      NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1061 						      info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1062 						      nl80211_key_default_policy,
1063 						      info->extack);
1064 		if (err)
1065 			return err;
1066 
1067 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1068 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1069 	}
1070 
1071 	return 0;
1072 }
1073 
1074 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1075 {
1076 	int err;
1077 
1078 	memset(k, 0, sizeof(*k));
1079 	k->idx = -1;
1080 	k->type = -1;
1081 
1082 	if (info->attrs[NL80211_ATTR_KEY])
1083 		err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1084 	else
1085 		err = nl80211_parse_key_old(info, k);
1086 
1087 	if (err)
1088 		return err;
1089 
1090 	if (k->def && k->defmgmt) {
1091 		GENL_SET_ERR_MSG(info, "key with def && defmgmt is invalid");
1092 		return -EINVAL;
1093 	}
1094 
1095 	if (k->defmgmt) {
1096 		if (k->def_uni || !k->def_multi) {
1097 			GENL_SET_ERR_MSG(info, "defmgmt key must be mcast");
1098 			return -EINVAL;
1099 		}
1100 	}
1101 
1102 	if (k->idx != -1) {
1103 		if (k->defmgmt) {
1104 			if (k->idx < 4 || k->idx > 5) {
1105 				GENL_SET_ERR_MSG(info,
1106 						 "defmgmt key idx not 4 or 5");
1107 				return -EINVAL;
1108 			}
1109 		} else if (k->def) {
1110 			if (k->idx < 0 || k->idx > 3) {
1111 				GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1112 				return -EINVAL;
1113 			}
1114 		} else {
1115 			if (k->idx < 0 || k->idx > 5) {
1116 				GENL_SET_ERR_MSG(info, "key idx not 0-5");
1117 				return -EINVAL;
1118 			}
1119 		}
1120 	}
1121 
1122 	return 0;
1123 }
1124 
1125 static struct cfg80211_cached_keys *
1126 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1127 		       struct genl_info *info, bool *no_ht)
1128 {
1129 	struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1130 	struct key_parse parse;
1131 	struct nlattr *key;
1132 	struct cfg80211_cached_keys *result;
1133 	int rem, err, def = 0;
1134 	bool have_key = false;
1135 
1136 	nla_for_each_nested(key, keys, rem) {
1137 		have_key = true;
1138 		break;
1139 	}
1140 
1141 	if (!have_key)
1142 		return NULL;
1143 
1144 	result = kzalloc(sizeof(*result), GFP_KERNEL);
1145 	if (!result)
1146 		return ERR_PTR(-ENOMEM);
1147 
1148 	result->def = -1;
1149 
1150 	nla_for_each_nested(key, keys, rem) {
1151 		memset(&parse, 0, sizeof(parse));
1152 		parse.idx = -1;
1153 
1154 		err = nl80211_parse_key_new(info, key, &parse);
1155 		if (err)
1156 			goto error;
1157 		err = -EINVAL;
1158 		if (!parse.p.key)
1159 			goto error;
1160 		if (parse.idx < 0 || parse.idx > 3) {
1161 			GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1162 			goto error;
1163 		}
1164 		if (parse.def) {
1165 			if (def) {
1166 				GENL_SET_ERR_MSG(info,
1167 						 "only one key can be default");
1168 				goto error;
1169 			}
1170 			def = 1;
1171 			result->def = parse.idx;
1172 			if (!parse.def_uni || !parse.def_multi)
1173 				goto error;
1174 		} else if (parse.defmgmt)
1175 			goto error;
1176 		err = cfg80211_validate_key_settings(rdev, &parse.p,
1177 						     parse.idx, false, NULL);
1178 		if (err)
1179 			goto error;
1180 		if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1181 		    parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1182 			GENL_SET_ERR_MSG(info, "connect key must be WEP");
1183 			err = -EINVAL;
1184 			goto error;
1185 		}
1186 		result->params[parse.idx].cipher = parse.p.cipher;
1187 		result->params[parse.idx].key_len = parse.p.key_len;
1188 		result->params[parse.idx].key = result->data[parse.idx];
1189 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1190 
1191 		/* must be WEP key if we got here */
1192 		if (no_ht)
1193 			*no_ht = true;
1194 	}
1195 
1196 	if (result->def < 0) {
1197 		err = -EINVAL;
1198 		GENL_SET_ERR_MSG(info, "need a default/TX key");
1199 		goto error;
1200 	}
1201 
1202 	return result;
1203  error:
1204 	kfree(result);
1205 	return ERR_PTR(err);
1206 }
1207 
1208 static int nl80211_key_allowed(struct wireless_dev *wdev)
1209 {
1210 	ASSERT_WDEV_LOCK(wdev);
1211 
1212 	switch (wdev->iftype) {
1213 	case NL80211_IFTYPE_AP:
1214 	case NL80211_IFTYPE_AP_VLAN:
1215 	case NL80211_IFTYPE_P2P_GO:
1216 	case NL80211_IFTYPE_MESH_POINT:
1217 		break;
1218 	case NL80211_IFTYPE_ADHOC:
1219 	case NL80211_IFTYPE_STATION:
1220 	case NL80211_IFTYPE_P2P_CLIENT:
1221 		if (!wdev->current_bss)
1222 			return -ENOLINK;
1223 		break;
1224 	case NL80211_IFTYPE_UNSPECIFIED:
1225 	case NL80211_IFTYPE_OCB:
1226 	case NL80211_IFTYPE_MONITOR:
1227 	case NL80211_IFTYPE_NAN:
1228 	case NL80211_IFTYPE_P2P_DEVICE:
1229 	case NL80211_IFTYPE_WDS:
1230 	case NUM_NL80211_IFTYPES:
1231 		return -EINVAL;
1232 	}
1233 
1234 	return 0;
1235 }
1236 
1237 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1238 							struct nlattr *tb)
1239 {
1240 	struct ieee80211_channel *chan;
1241 
1242 	if (tb == NULL)
1243 		return NULL;
1244 	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1245 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1246 		return NULL;
1247 	return chan;
1248 }
1249 
1250 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1251 {
1252 	struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1253 	int i;
1254 
1255 	if (!nl_modes)
1256 		goto nla_put_failure;
1257 
1258 	i = 0;
1259 	while (ifmodes) {
1260 		if ((ifmodes & 1) && nla_put_flag(msg, i))
1261 			goto nla_put_failure;
1262 		ifmodes >>= 1;
1263 		i++;
1264 	}
1265 
1266 	nla_nest_end(msg, nl_modes);
1267 	return 0;
1268 
1269 nla_put_failure:
1270 	return -ENOBUFS;
1271 }
1272 
1273 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1274 					  struct sk_buff *msg,
1275 					  bool large)
1276 {
1277 	struct nlattr *nl_combis;
1278 	int i, j;
1279 
1280 	nl_combis = nla_nest_start_noflag(msg,
1281 					  NL80211_ATTR_INTERFACE_COMBINATIONS);
1282 	if (!nl_combis)
1283 		goto nla_put_failure;
1284 
1285 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
1286 		const struct ieee80211_iface_combination *c;
1287 		struct nlattr *nl_combi, *nl_limits;
1288 
1289 		c = &wiphy->iface_combinations[i];
1290 
1291 		nl_combi = nla_nest_start_noflag(msg, i + 1);
1292 		if (!nl_combi)
1293 			goto nla_put_failure;
1294 
1295 		nl_limits = nla_nest_start_noflag(msg,
1296 						  NL80211_IFACE_COMB_LIMITS);
1297 		if (!nl_limits)
1298 			goto nla_put_failure;
1299 
1300 		for (j = 0; j < c->n_limits; j++) {
1301 			struct nlattr *nl_limit;
1302 
1303 			nl_limit = nla_nest_start_noflag(msg, j + 1);
1304 			if (!nl_limit)
1305 				goto nla_put_failure;
1306 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1307 					c->limits[j].max))
1308 				goto nla_put_failure;
1309 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1310 						c->limits[j].types))
1311 				goto nla_put_failure;
1312 			nla_nest_end(msg, nl_limit);
1313 		}
1314 
1315 		nla_nest_end(msg, nl_limits);
1316 
1317 		if (c->beacon_int_infra_match &&
1318 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1319 			goto nla_put_failure;
1320 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1321 				c->num_different_channels) ||
1322 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1323 				c->max_interfaces))
1324 			goto nla_put_failure;
1325 		if (large &&
1326 		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1327 				c->radar_detect_widths) ||
1328 		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1329 				c->radar_detect_regions)))
1330 			goto nla_put_failure;
1331 		if (c->beacon_int_min_gcd &&
1332 		    nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1333 				c->beacon_int_min_gcd))
1334 			goto nla_put_failure;
1335 
1336 		nla_nest_end(msg, nl_combi);
1337 	}
1338 
1339 	nla_nest_end(msg, nl_combis);
1340 
1341 	return 0;
1342 nla_put_failure:
1343 	return -ENOBUFS;
1344 }
1345 
1346 #ifdef CONFIG_PM
1347 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1348 					struct sk_buff *msg)
1349 {
1350 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1351 	struct nlattr *nl_tcp;
1352 
1353 	if (!tcp)
1354 		return 0;
1355 
1356 	nl_tcp = nla_nest_start_noflag(msg,
1357 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1358 	if (!nl_tcp)
1359 		return -ENOBUFS;
1360 
1361 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1362 			tcp->data_payload_max))
1363 		return -ENOBUFS;
1364 
1365 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1366 			tcp->data_payload_max))
1367 		return -ENOBUFS;
1368 
1369 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1370 		return -ENOBUFS;
1371 
1372 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1373 				sizeof(*tcp->tok), tcp->tok))
1374 		return -ENOBUFS;
1375 
1376 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1377 			tcp->data_interval_max))
1378 		return -ENOBUFS;
1379 
1380 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1381 			tcp->wake_payload_max))
1382 		return -ENOBUFS;
1383 
1384 	nla_nest_end(msg, nl_tcp);
1385 	return 0;
1386 }
1387 
1388 static int nl80211_send_wowlan(struct sk_buff *msg,
1389 			       struct cfg80211_registered_device *rdev,
1390 			       bool large)
1391 {
1392 	struct nlattr *nl_wowlan;
1393 
1394 	if (!rdev->wiphy.wowlan)
1395 		return 0;
1396 
1397 	nl_wowlan = nla_nest_start_noflag(msg,
1398 					  NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1399 	if (!nl_wowlan)
1400 		return -ENOBUFS;
1401 
1402 	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1403 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1404 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1405 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1406 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1407 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1408 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1409 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1410 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1411 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1412 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1413 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1414 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1415 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1416 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1417 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1418 		return -ENOBUFS;
1419 
1420 	if (rdev->wiphy.wowlan->n_patterns) {
1421 		struct nl80211_pattern_support pat = {
1422 			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1423 			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1424 			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1425 			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1426 		};
1427 
1428 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1429 			    sizeof(pat), &pat))
1430 			return -ENOBUFS;
1431 	}
1432 
1433 	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1434 	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1435 			rdev->wiphy.wowlan->max_nd_match_sets))
1436 		return -ENOBUFS;
1437 
1438 	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1439 		return -ENOBUFS;
1440 
1441 	nla_nest_end(msg, nl_wowlan);
1442 
1443 	return 0;
1444 }
1445 #endif
1446 
1447 static int nl80211_send_coalesce(struct sk_buff *msg,
1448 				 struct cfg80211_registered_device *rdev)
1449 {
1450 	struct nl80211_coalesce_rule_support rule;
1451 
1452 	if (!rdev->wiphy.coalesce)
1453 		return 0;
1454 
1455 	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1456 	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1457 	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1458 	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1459 	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1460 	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1461 
1462 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1463 		return -ENOBUFS;
1464 
1465 	return 0;
1466 }
1467 
1468 static int
1469 nl80211_send_iftype_data(struct sk_buff *msg,
1470 			 const struct ieee80211_sband_iftype_data *iftdata)
1471 {
1472 	const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1473 
1474 	if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1475 				iftdata->types_mask))
1476 		return -ENOBUFS;
1477 
1478 	if (he_cap->has_he) {
1479 		if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1480 			    sizeof(he_cap->he_cap_elem.mac_cap_info),
1481 			    he_cap->he_cap_elem.mac_cap_info) ||
1482 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1483 			    sizeof(he_cap->he_cap_elem.phy_cap_info),
1484 			    he_cap->he_cap_elem.phy_cap_info) ||
1485 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1486 			    sizeof(he_cap->he_mcs_nss_supp),
1487 			    &he_cap->he_mcs_nss_supp) ||
1488 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1489 			    sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1490 			return -ENOBUFS;
1491 	}
1492 
1493 	return 0;
1494 }
1495 
1496 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1497 				      struct ieee80211_supported_band *sband)
1498 {
1499 	struct nlattr *nl_rates, *nl_rate;
1500 	struct ieee80211_rate *rate;
1501 	int i;
1502 
1503 	/* add HT info */
1504 	if (sband->ht_cap.ht_supported &&
1505 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1506 		     sizeof(sband->ht_cap.mcs),
1507 		     &sband->ht_cap.mcs) ||
1508 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1509 			 sband->ht_cap.cap) ||
1510 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1511 			sband->ht_cap.ampdu_factor) ||
1512 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1513 			sband->ht_cap.ampdu_density)))
1514 		return -ENOBUFS;
1515 
1516 	/* add VHT info */
1517 	if (sband->vht_cap.vht_supported &&
1518 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1519 		     sizeof(sband->vht_cap.vht_mcs),
1520 		     &sband->vht_cap.vht_mcs) ||
1521 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1522 			 sband->vht_cap.cap)))
1523 		return -ENOBUFS;
1524 
1525 	if (sband->n_iftype_data) {
1526 		struct nlattr *nl_iftype_data =
1527 			nla_nest_start_noflag(msg,
1528 					      NL80211_BAND_ATTR_IFTYPE_DATA);
1529 		int err;
1530 
1531 		if (!nl_iftype_data)
1532 			return -ENOBUFS;
1533 
1534 		for (i = 0; i < sband->n_iftype_data; i++) {
1535 			struct nlattr *iftdata;
1536 
1537 			iftdata = nla_nest_start_noflag(msg, i + 1);
1538 			if (!iftdata)
1539 				return -ENOBUFS;
1540 
1541 			err = nl80211_send_iftype_data(msg,
1542 						       &sband->iftype_data[i]);
1543 			if (err)
1544 				return err;
1545 
1546 			nla_nest_end(msg, iftdata);
1547 		}
1548 
1549 		nla_nest_end(msg, nl_iftype_data);
1550 	}
1551 
1552 	/* add bitrates */
1553 	nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1554 	if (!nl_rates)
1555 		return -ENOBUFS;
1556 
1557 	for (i = 0; i < sband->n_bitrates; i++) {
1558 		nl_rate = nla_nest_start_noflag(msg, i);
1559 		if (!nl_rate)
1560 			return -ENOBUFS;
1561 
1562 		rate = &sband->bitrates[i];
1563 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1564 				rate->bitrate))
1565 			return -ENOBUFS;
1566 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1567 		    nla_put_flag(msg,
1568 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1569 			return -ENOBUFS;
1570 
1571 		nla_nest_end(msg, nl_rate);
1572 	}
1573 
1574 	nla_nest_end(msg, nl_rates);
1575 
1576 	return 0;
1577 }
1578 
1579 static int
1580 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1581 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1582 {
1583 	u16 stypes;
1584 	struct nlattr *nl_ftypes, *nl_ifs;
1585 	enum nl80211_iftype ift;
1586 	int i;
1587 
1588 	if (!mgmt_stypes)
1589 		return 0;
1590 
1591 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1592 	if (!nl_ifs)
1593 		return -ENOBUFS;
1594 
1595 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1596 		nl_ftypes = nla_nest_start_noflag(msg, ift);
1597 		if (!nl_ftypes)
1598 			return -ENOBUFS;
1599 		i = 0;
1600 		stypes = mgmt_stypes[ift].tx;
1601 		while (stypes) {
1602 			if ((stypes & 1) &&
1603 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1604 					(i << 4) | IEEE80211_FTYPE_MGMT))
1605 				return -ENOBUFS;
1606 			stypes >>= 1;
1607 			i++;
1608 		}
1609 		nla_nest_end(msg, nl_ftypes);
1610 	}
1611 
1612 	nla_nest_end(msg, nl_ifs);
1613 
1614 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1615 	if (!nl_ifs)
1616 		return -ENOBUFS;
1617 
1618 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1619 		nl_ftypes = nla_nest_start_noflag(msg, ift);
1620 		if (!nl_ftypes)
1621 			return -ENOBUFS;
1622 		i = 0;
1623 		stypes = mgmt_stypes[ift].rx;
1624 		while (stypes) {
1625 			if ((stypes & 1) &&
1626 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1627 					(i << 4) | IEEE80211_FTYPE_MGMT))
1628 				return -ENOBUFS;
1629 			stypes >>= 1;
1630 			i++;
1631 		}
1632 		nla_nest_end(msg, nl_ftypes);
1633 	}
1634 	nla_nest_end(msg, nl_ifs);
1635 
1636 	return 0;
1637 }
1638 
1639 #define CMD(op, n)							\
1640 	 do {								\
1641 		if (rdev->ops->op) {					\
1642 			i++;						\
1643 			if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) 	\
1644 				goto nla_put_failure;			\
1645 		}							\
1646 	} while (0)
1647 
1648 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1649 					struct sk_buff *msg)
1650 {
1651 	int i = 0;
1652 
1653 	/*
1654 	 * do *NOT* add anything into this function, new things need to be
1655 	 * advertised only to new versions of userspace that can deal with
1656 	 * the split (and they can't possibly care about new features...
1657 	 */
1658 	CMD(add_virtual_intf, NEW_INTERFACE);
1659 	CMD(change_virtual_intf, SET_INTERFACE);
1660 	CMD(add_key, NEW_KEY);
1661 	CMD(start_ap, START_AP);
1662 	CMD(add_station, NEW_STATION);
1663 	CMD(add_mpath, NEW_MPATH);
1664 	CMD(update_mesh_config, SET_MESH_CONFIG);
1665 	CMD(change_bss, SET_BSS);
1666 	CMD(auth, AUTHENTICATE);
1667 	CMD(assoc, ASSOCIATE);
1668 	CMD(deauth, DEAUTHENTICATE);
1669 	CMD(disassoc, DISASSOCIATE);
1670 	CMD(join_ibss, JOIN_IBSS);
1671 	CMD(join_mesh, JOIN_MESH);
1672 	CMD(set_pmksa, SET_PMKSA);
1673 	CMD(del_pmksa, DEL_PMKSA);
1674 	CMD(flush_pmksa, FLUSH_PMKSA);
1675 	if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1676 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1677 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1678 	CMD(mgmt_tx, FRAME);
1679 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1680 	if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1681 		i++;
1682 		if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1683 			goto nla_put_failure;
1684 	}
1685 	if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1686 	    rdev->ops->join_mesh) {
1687 		i++;
1688 		if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1689 			goto nla_put_failure;
1690 	}
1691 	CMD(set_wds_peer, SET_WDS_PEER);
1692 	if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1693 		CMD(tdls_mgmt, TDLS_MGMT);
1694 		CMD(tdls_oper, TDLS_OPER);
1695 	}
1696 	if (rdev->wiphy.max_sched_scan_reqs)
1697 		CMD(sched_scan_start, START_SCHED_SCAN);
1698 	CMD(probe_client, PROBE_CLIENT);
1699 	CMD(set_noack_map, SET_NOACK_MAP);
1700 	if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1701 		i++;
1702 		if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1703 			goto nla_put_failure;
1704 	}
1705 	CMD(start_p2p_device, START_P2P_DEVICE);
1706 	CMD(set_mcast_rate, SET_MCAST_RATE);
1707 #ifdef CONFIG_NL80211_TESTMODE
1708 	CMD(testmode_cmd, TESTMODE);
1709 #endif
1710 
1711 	if (rdev->ops->connect || rdev->ops->auth) {
1712 		i++;
1713 		if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1714 			goto nla_put_failure;
1715 	}
1716 
1717 	if (rdev->ops->disconnect || rdev->ops->deauth) {
1718 		i++;
1719 		if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1720 			goto nla_put_failure;
1721 	}
1722 
1723 	return i;
1724  nla_put_failure:
1725 	return -ENOBUFS;
1726 }
1727 
1728 static int
1729 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1730 			   struct sk_buff *msg)
1731 {
1732 	struct nlattr *ftm;
1733 
1734 	if (!cap->ftm.supported)
1735 		return 0;
1736 
1737 	ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1738 	if (!ftm)
1739 		return -ENOBUFS;
1740 
1741 	if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1742 		return -ENOBUFS;
1743 	if (cap->ftm.non_asap &&
1744 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
1745 		return -ENOBUFS;
1746 	if (cap->ftm.request_lci &&
1747 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
1748 		return -ENOBUFS;
1749 	if (cap->ftm.request_civicloc &&
1750 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
1751 		return -ENOBUFS;
1752 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
1753 			cap->ftm.preambles))
1754 		return -ENOBUFS;
1755 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
1756 			cap->ftm.bandwidths))
1757 		return -ENOBUFS;
1758 	if (cap->ftm.max_bursts_exponent >= 0 &&
1759 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
1760 			cap->ftm.max_bursts_exponent))
1761 		return -ENOBUFS;
1762 	if (cap->ftm.max_ftms_per_burst &&
1763 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
1764 			cap->ftm.max_ftms_per_burst))
1765 		return -ENOBUFS;
1766 
1767 	nla_nest_end(msg, ftm);
1768 	return 0;
1769 }
1770 
1771 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
1772 				  struct sk_buff *msg)
1773 {
1774 	const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
1775 	struct nlattr *pmsr, *caps;
1776 
1777 	if (!cap)
1778 		return 0;
1779 
1780 	/*
1781 	 * we don't need to clean up anything here since the caller
1782 	 * will genlmsg_cancel() if we fail
1783 	 */
1784 
1785 	pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
1786 	if (!pmsr)
1787 		return -ENOBUFS;
1788 
1789 	if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
1790 		return -ENOBUFS;
1791 
1792 	if (cap->report_ap_tsf &&
1793 	    nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
1794 		return -ENOBUFS;
1795 
1796 	if (cap->randomize_mac_addr &&
1797 	    nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
1798 		return -ENOBUFS;
1799 
1800 	caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
1801 	if (!caps)
1802 		return -ENOBUFS;
1803 
1804 	if (nl80211_send_pmsr_ftm_capa(cap, msg))
1805 		return -ENOBUFS;
1806 
1807 	nla_nest_end(msg, caps);
1808 	nla_nest_end(msg, pmsr);
1809 
1810 	return 0;
1811 }
1812 
1813 struct nl80211_dump_wiphy_state {
1814 	s64 filter_wiphy;
1815 	long start;
1816 	long split_start, band_start, chan_start, capa_start;
1817 	bool split;
1818 };
1819 
1820 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1821 			      enum nl80211_commands cmd,
1822 			      struct sk_buff *msg, u32 portid, u32 seq,
1823 			      int flags, struct nl80211_dump_wiphy_state *state)
1824 {
1825 	void *hdr;
1826 	struct nlattr *nl_bands, *nl_band;
1827 	struct nlattr *nl_freqs, *nl_freq;
1828 	struct nlattr *nl_cmds;
1829 	enum nl80211_band band;
1830 	struct ieee80211_channel *chan;
1831 	int i;
1832 	const struct ieee80211_txrx_stypes *mgmt_stypes =
1833 				rdev->wiphy.mgmt_stypes;
1834 	u32 features;
1835 
1836 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1837 	if (!hdr)
1838 		return -ENOBUFS;
1839 
1840 	if (WARN_ON(!state))
1841 		return -EINVAL;
1842 
1843 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1844 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1845 			   wiphy_name(&rdev->wiphy)) ||
1846 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1847 			cfg80211_rdev_list_generation))
1848 		goto nla_put_failure;
1849 
1850 	if (cmd != NL80211_CMD_NEW_WIPHY)
1851 		goto finish;
1852 
1853 	switch (state->split_start) {
1854 	case 0:
1855 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1856 			       rdev->wiphy.retry_short) ||
1857 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1858 			       rdev->wiphy.retry_long) ||
1859 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1860 				rdev->wiphy.frag_threshold) ||
1861 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1862 				rdev->wiphy.rts_threshold) ||
1863 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1864 			       rdev->wiphy.coverage_class) ||
1865 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1866 			       rdev->wiphy.max_scan_ssids) ||
1867 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1868 			       rdev->wiphy.max_sched_scan_ssids) ||
1869 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1870 				rdev->wiphy.max_scan_ie_len) ||
1871 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1872 				rdev->wiphy.max_sched_scan_ie_len) ||
1873 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1874 			       rdev->wiphy.max_match_sets) ||
1875 		    nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1876 				rdev->wiphy.max_sched_scan_plans) ||
1877 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1878 				rdev->wiphy.max_sched_scan_plan_interval) ||
1879 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1880 				rdev->wiphy.max_sched_scan_plan_iterations))
1881 			goto nla_put_failure;
1882 
1883 		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1884 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1885 			goto nla_put_failure;
1886 		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1887 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1888 			goto nla_put_failure;
1889 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1890 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1891 			goto nla_put_failure;
1892 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1893 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1894 			goto nla_put_failure;
1895 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1896 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1897 			goto nla_put_failure;
1898 		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1899 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1900 			goto nla_put_failure;
1901 		state->split_start++;
1902 		if (state->split)
1903 			break;
1904 		/* fall through */
1905 	case 1:
1906 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1907 			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
1908 			    rdev->wiphy.cipher_suites))
1909 			goto nla_put_failure;
1910 
1911 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1912 			       rdev->wiphy.max_num_pmkids))
1913 			goto nla_put_failure;
1914 
1915 		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1916 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1917 			goto nla_put_failure;
1918 
1919 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1920 				rdev->wiphy.available_antennas_tx) ||
1921 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1922 				rdev->wiphy.available_antennas_rx))
1923 			goto nla_put_failure;
1924 
1925 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1926 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1927 				rdev->wiphy.probe_resp_offload))
1928 			goto nla_put_failure;
1929 
1930 		if ((rdev->wiphy.available_antennas_tx ||
1931 		     rdev->wiphy.available_antennas_rx) &&
1932 		    rdev->ops->get_antenna) {
1933 			u32 tx_ant = 0, rx_ant = 0;
1934 			int res;
1935 
1936 			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1937 			if (!res) {
1938 				if (nla_put_u32(msg,
1939 						NL80211_ATTR_WIPHY_ANTENNA_TX,
1940 						tx_ant) ||
1941 				    nla_put_u32(msg,
1942 						NL80211_ATTR_WIPHY_ANTENNA_RX,
1943 						rx_ant))
1944 					goto nla_put_failure;
1945 			}
1946 		}
1947 
1948 		state->split_start++;
1949 		if (state->split)
1950 			break;
1951 		/* fall through */
1952 	case 2:
1953 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1954 					rdev->wiphy.interface_modes))
1955 				goto nla_put_failure;
1956 		state->split_start++;
1957 		if (state->split)
1958 			break;
1959 		/* fall through */
1960 	case 3:
1961 		nl_bands = nla_nest_start_noflag(msg,
1962 						 NL80211_ATTR_WIPHY_BANDS);
1963 		if (!nl_bands)
1964 			goto nla_put_failure;
1965 
1966 		for (band = state->band_start;
1967 		     band < NUM_NL80211_BANDS; band++) {
1968 			struct ieee80211_supported_band *sband;
1969 
1970 			sband = rdev->wiphy.bands[band];
1971 
1972 			if (!sband)
1973 				continue;
1974 
1975 			nl_band = nla_nest_start_noflag(msg, band);
1976 			if (!nl_band)
1977 				goto nla_put_failure;
1978 
1979 			switch (state->chan_start) {
1980 			case 0:
1981 				if (nl80211_send_band_rateinfo(msg, sband))
1982 					goto nla_put_failure;
1983 				state->chan_start++;
1984 				if (state->split)
1985 					break;
1986 				/* fall through */
1987 			default:
1988 				/* add frequencies */
1989 				nl_freqs = nla_nest_start_noflag(msg,
1990 								 NL80211_BAND_ATTR_FREQS);
1991 				if (!nl_freqs)
1992 					goto nla_put_failure;
1993 
1994 				for (i = state->chan_start - 1;
1995 				     i < sband->n_channels;
1996 				     i++) {
1997 					nl_freq = nla_nest_start_noflag(msg,
1998 									i);
1999 					if (!nl_freq)
2000 						goto nla_put_failure;
2001 
2002 					chan = &sband->channels[i];
2003 
2004 					if (nl80211_msg_put_channel(
2005 							msg, &rdev->wiphy, chan,
2006 							state->split))
2007 						goto nla_put_failure;
2008 
2009 					nla_nest_end(msg, nl_freq);
2010 					if (state->split)
2011 						break;
2012 				}
2013 				if (i < sband->n_channels)
2014 					state->chan_start = i + 2;
2015 				else
2016 					state->chan_start = 0;
2017 				nla_nest_end(msg, nl_freqs);
2018 			}
2019 
2020 			nla_nest_end(msg, nl_band);
2021 
2022 			if (state->split) {
2023 				/* start again here */
2024 				if (state->chan_start)
2025 					band--;
2026 				break;
2027 			}
2028 		}
2029 		nla_nest_end(msg, nl_bands);
2030 
2031 		if (band < NUM_NL80211_BANDS)
2032 			state->band_start = band + 1;
2033 		else
2034 			state->band_start = 0;
2035 
2036 		/* if bands & channels are done, continue outside */
2037 		if (state->band_start == 0 && state->chan_start == 0)
2038 			state->split_start++;
2039 		if (state->split)
2040 			break;
2041 		/* fall through */
2042 	case 4:
2043 		nl_cmds = nla_nest_start_noflag(msg,
2044 						NL80211_ATTR_SUPPORTED_COMMANDS);
2045 		if (!nl_cmds)
2046 			goto nla_put_failure;
2047 
2048 		i = nl80211_add_commands_unsplit(rdev, msg);
2049 		if (i < 0)
2050 			goto nla_put_failure;
2051 		if (state->split) {
2052 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
2053 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2054 			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2055 				CMD(channel_switch, CHANNEL_SWITCH);
2056 			CMD(set_qos_map, SET_QOS_MAP);
2057 			if (rdev->wiphy.features &
2058 					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2059 				CMD(add_tx_ts, ADD_TX_TS);
2060 			CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2061 			CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2062 		}
2063 #undef CMD
2064 
2065 		nla_nest_end(msg, nl_cmds);
2066 		state->split_start++;
2067 		if (state->split)
2068 			break;
2069 		/* fall through */
2070 	case 5:
2071 		if (rdev->ops->remain_on_channel &&
2072 		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2073 		    nla_put_u32(msg,
2074 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2075 				rdev->wiphy.max_remain_on_channel_duration))
2076 			goto nla_put_failure;
2077 
2078 		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2079 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2080 			goto nla_put_failure;
2081 
2082 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2083 			goto nla_put_failure;
2084 		state->split_start++;
2085 		if (state->split)
2086 			break;
2087 		/* fall through */
2088 	case 6:
2089 #ifdef CONFIG_PM
2090 		if (nl80211_send_wowlan(msg, rdev, state->split))
2091 			goto nla_put_failure;
2092 		state->split_start++;
2093 		if (state->split)
2094 			break;
2095 #else
2096 		state->split_start++;
2097 #endif
2098 		/* fall through */
2099 	case 7:
2100 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2101 					rdev->wiphy.software_iftypes))
2102 			goto nla_put_failure;
2103 
2104 		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2105 						   state->split))
2106 			goto nla_put_failure;
2107 
2108 		state->split_start++;
2109 		if (state->split)
2110 			break;
2111 		/* fall through */
2112 	case 8:
2113 		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2114 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2115 				rdev->wiphy.ap_sme_capa))
2116 			goto nla_put_failure;
2117 
2118 		features = rdev->wiphy.features;
2119 		/*
2120 		 * We can only add the per-channel limit information if the
2121 		 * dump is split, otherwise it makes it too big. Therefore
2122 		 * only advertise it in that case.
2123 		 */
2124 		if (state->split)
2125 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2126 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2127 			goto nla_put_failure;
2128 
2129 		if (rdev->wiphy.ht_capa_mod_mask &&
2130 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2131 			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
2132 			    rdev->wiphy.ht_capa_mod_mask))
2133 			goto nla_put_failure;
2134 
2135 		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2136 		    rdev->wiphy.max_acl_mac_addrs &&
2137 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2138 				rdev->wiphy.max_acl_mac_addrs))
2139 			goto nla_put_failure;
2140 
2141 		/*
2142 		 * Any information below this point is only available to
2143 		 * applications that can deal with it being split. This
2144 		 * helps ensure that newly added capabilities don't break
2145 		 * older tools by overrunning their buffers.
2146 		 *
2147 		 * We still increment split_start so that in the split
2148 		 * case we'll continue with more data in the next round,
2149 		 * but break unconditionally so unsplit data stops here.
2150 		 */
2151 		state->split_start++;
2152 		break;
2153 	case 9:
2154 		if (rdev->wiphy.extended_capabilities &&
2155 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2156 			     rdev->wiphy.extended_capabilities_len,
2157 			     rdev->wiphy.extended_capabilities) ||
2158 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2159 			     rdev->wiphy.extended_capabilities_len,
2160 			     rdev->wiphy.extended_capabilities_mask)))
2161 			goto nla_put_failure;
2162 
2163 		if (rdev->wiphy.vht_capa_mod_mask &&
2164 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2165 			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
2166 			    rdev->wiphy.vht_capa_mod_mask))
2167 			goto nla_put_failure;
2168 
2169 		state->split_start++;
2170 		break;
2171 	case 10:
2172 		if (nl80211_send_coalesce(msg, rdev))
2173 			goto nla_put_failure;
2174 
2175 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2176 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2177 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2178 			goto nla_put_failure;
2179 
2180 		if (rdev->wiphy.max_ap_assoc_sta &&
2181 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2182 				rdev->wiphy.max_ap_assoc_sta))
2183 			goto nla_put_failure;
2184 
2185 		state->split_start++;
2186 		break;
2187 	case 11:
2188 		if (rdev->wiphy.n_vendor_commands) {
2189 			const struct nl80211_vendor_cmd_info *info;
2190 			struct nlattr *nested;
2191 
2192 			nested = nla_nest_start_noflag(msg,
2193 						       NL80211_ATTR_VENDOR_DATA);
2194 			if (!nested)
2195 				goto nla_put_failure;
2196 
2197 			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2198 				info = &rdev->wiphy.vendor_commands[i].info;
2199 				if (nla_put(msg, i + 1, sizeof(*info), info))
2200 					goto nla_put_failure;
2201 			}
2202 			nla_nest_end(msg, nested);
2203 		}
2204 
2205 		if (rdev->wiphy.n_vendor_events) {
2206 			const struct nl80211_vendor_cmd_info *info;
2207 			struct nlattr *nested;
2208 
2209 			nested = nla_nest_start_noflag(msg,
2210 						       NL80211_ATTR_VENDOR_EVENTS);
2211 			if (!nested)
2212 				goto nla_put_failure;
2213 
2214 			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2215 				info = &rdev->wiphy.vendor_events[i];
2216 				if (nla_put(msg, i + 1, sizeof(*info), info))
2217 					goto nla_put_failure;
2218 			}
2219 			nla_nest_end(msg, nested);
2220 		}
2221 		state->split_start++;
2222 		break;
2223 	case 12:
2224 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2225 		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2226 			       rdev->wiphy.max_num_csa_counters))
2227 			goto nla_put_failure;
2228 
2229 		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2230 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2231 			goto nla_put_failure;
2232 
2233 		if (rdev->wiphy.max_sched_scan_reqs &&
2234 		    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2235 				rdev->wiphy.max_sched_scan_reqs))
2236 			goto nla_put_failure;
2237 
2238 		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2239 			    sizeof(rdev->wiphy.ext_features),
2240 			    rdev->wiphy.ext_features))
2241 			goto nla_put_failure;
2242 
2243 		if (rdev->wiphy.bss_select_support) {
2244 			struct nlattr *nested;
2245 			u32 bss_select_support = rdev->wiphy.bss_select_support;
2246 
2247 			nested = nla_nest_start_noflag(msg,
2248 						       NL80211_ATTR_BSS_SELECT);
2249 			if (!nested)
2250 				goto nla_put_failure;
2251 
2252 			i = 0;
2253 			while (bss_select_support) {
2254 				if ((bss_select_support & 1) &&
2255 				    nla_put_flag(msg, i))
2256 					goto nla_put_failure;
2257 				i++;
2258 				bss_select_support >>= 1;
2259 			}
2260 			nla_nest_end(msg, nested);
2261 		}
2262 
2263 		state->split_start++;
2264 		break;
2265 	case 13:
2266 		if (rdev->wiphy.num_iftype_ext_capab &&
2267 		    rdev->wiphy.iftype_ext_capab) {
2268 			struct nlattr *nested_ext_capab, *nested;
2269 
2270 			nested = nla_nest_start_noflag(msg,
2271 						       NL80211_ATTR_IFTYPE_EXT_CAPA);
2272 			if (!nested)
2273 				goto nla_put_failure;
2274 
2275 			for (i = state->capa_start;
2276 			     i < rdev->wiphy.num_iftype_ext_capab; i++) {
2277 				const struct wiphy_iftype_ext_capab *capab;
2278 
2279 				capab = &rdev->wiphy.iftype_ext_capab[i];
2280 
2281 				nested_ext_capab = nla_nest_start_noflag(msg,
2282 									 i);
2283 				if (!nested_ext_capab ||
2284 				    nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2285 						capab->iftype) ||
2286 				    nla_put(msg, NL80211_ATTR_EXT_CAPA,
2287 					    capab->extended_capabilities_len,
2288 					    capab->extended_capabilities) ||
2289 				    nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2290 					    capab->extended_capabilities_len,
2291 					    capab->extended_capabilities_mask))
2292 					goto nla_put_failure;
2293 
2294 				nla_nest_end(msg, nested_ext_capab);
2295 				if (state->split)
2296 					break;
2297 			}
2298 			nla_nest_end(msg, nested);
2299 			if (i < rdev->wiphy.num_iftype_ext_capab) {
2300 				state->capa_start = i + 1;
2301 				break;
2302 			}
2303 		}
2304 
2305 		if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2306 				rdev->wiphy.nan_supported_bands))
2307 			goto nla_put_failure;
2308 
2309 		if (wiphy_ext_feature_isset(&rdev->wiphy,
2310 					    NL80211_EXT_FEATURE_TXQS)) {
2311 			struct cfg80211_txq_stats txqstats = {};
2312 			int res;
2313 
2314 			res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2315 			if (!res &&
2316 			    !nl80211_put_txq_stats(msg, &txqstats,
2317 						   NL80211_ATTR_TXQ_STATS))
2318 				goto nla_put_failure;
2319 
2320 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2321 					rdev->wiphy.txq_limit))
2322 				goto nla_put_failure;
2323 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2324 					rdev->wiphy.txq_memory_limit))
2325 				goto nla_put_failure;
2326 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2327 					rdev->wiphy.txq_quantum))
2328 				goto nla_put_failure;
2329 		}
2330 
2331 		state->split_start++;
2332 		break;
2333 	case 14:
2334 		if (nl80211_send_pmsr_capa(rdev, msg))
2335 			goto nla_put_failure;
2336 
2337 		state->split_start++;
2338 		break;
2339 	case 15:
2340 		if (rdev->wiphy.akm_suites &&
2341 		    nla_put(msg, NL80211_ATTR_AKM_SUITES,
2342 			    sizeof(u32) * rdev->wiphy.n_akm_suites,
2343 			    rdev->wiphy.akm_suites))
2344 			goto nla_put_failure;
2345 
2346 		/* done */
2347 		state->split_start = 0;
2348 		break;
2349 	}
2350  finish:
2351 	genlmsg_end(msg, hdr);
2352 	return 0;
2353 
2354  nla_put_failure:
2355 	genlmsg_cancel(msg, hdr);
2356 	return -EMSGSIZE;
2357 }
2358 
2359 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2360 				    struct netlink_callback *cb,
2361 				    struct nl80211_dump_wiphy_state *state)
2362 {
2363 	struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
2364 	int ret = nlmsg_parse_deprecated(cb->nlh,
2365 					 GENL_HDRLEN + nl80211_fam.hdrsize,
2366 					 tb, nl80211_fam.maxattr,
2367 					 nl80211_policy, NULL);
2368 	/* ignore parse errors for backward compatibility */
2369 	if (ret)
2370 		return 0;
2371 
2372 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2373 	if (tb[NL80211_ATTR_WIPHY])
2374 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2375 	if (tb[NL80211_ATTR_WDEV])
2376 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2377 	if (tb[NL80211_ATTR_IFINDEX]) {
2378 		struct net_device *netdev;
2379 		struct cfg80211_registered_device *rdev;
2380 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2381 
2382 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2383 		if (!netdev)
2384 			return -ENODEV;
2385 		if (netdev->ieee80211_ptr) {
2386 			rdev = wiphy_to_rdev(
2387 				netdev->ieee80211_ptr->wiphy);
2388 			state->filter_wiphy = rdev->wiphy_idx;
2389 		}
2390 	}
2391 
2392 	return 0;
2393 }
2394 
2395 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2396 {
2397 	int idx = 0, ret;
2398 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2399 	struct cfg80211_registered_device *rdev;
2400 
2401 	rtnl_lock();
2402 	if (!state) {
2403 		state = kzalloc(sizeof(*state), GFP_KERNEL);
2404 		if (!state) {
2405 			rtnl_unlock();
2406 			return -ENOMEM;
2407 		}
2408 		state->filter_wiphy = -1;
2409 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
2410 		if (ret) {
2411 			kfree(state);
2412 			rtnl_unlock();
2413 			return ret;
2414 		}
2415 		cb->args[0] = (long)state;
2416 	}
2417 
2418 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2419 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2420 			continue;
2421 		if (++idx <= state->start)
2422 			continue;
2423 		if (state->filter_wiphy != -1 &&
2424 		    state->filter_wiphy != rdev->wiphy_idx)
2425 			continue;
2426 		/* attempt to fit multiple wiphy data chunks into the skb */
2427 		do {
2428 			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2429 						 skb,
2430 						 NETLINK_CB(cb->skb).portid,
2431 						 cb->nlh->nlmsg_seq,
2432 						 NLM_F_MULTI, state);
2433 			if (ret < 0) {
2434 				/*
2435 				 * If sending the wiphy data didn't fit (ENOBUFS
2436 				 * or EMSGSIZE returned), this SKB is still
2437 				 * empty (so it's not too big because another
2438 				 * wiphy dataset is already in the skb) and
2439 				 * we've not tried to adjust the dump allocation
2440 				 * yet ... then adjust the alloc size to be
2441 				 * bigger, and return 1 but with the empty skb.
2442 				 * This results in an empty message being RX'ed
2443 				 * in userspace, but that is ignored.
2444 				 *
2445 				 * We can then retry with the larger buffer.
2446 				 */
2447 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2448 				    !skb->len && !state->split &&
2449 				    cb->min_dump_alloc < 4096) {
2450 					cb->min_dump_alloc = 4096;
2451 					state->split_start = 0;
2452 					rtnl_unlock();
2453 					return 1;
2454 				}
2455 				idx--;
2456 				break;
2457 			}
2458 		} while (state->split_start > 0);
2459 		break;
2460 	}
2461 	rtnl_unlock();
2462 
2463 	state->start = idx;
2464 
2465 	return skb->len;
2466 }
2467 
2468 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2469 {
2470 	kfree((void *)cb->args[0]);
2471 	return 0;
2472 }
2473 
2474 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2475 {
2476 	struct sk_buff *msg;
2477 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2478 	struct nl80211_dump_wiphy_state state = {};
2479 
2480 	msg = nlmsg_new(4096, GFP_KERNEL);
2481 	if (!msg)
2482 		return -ENOMEM;
2483 
2484 	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2485 			       info->snd_portid, info->snd_seq, 0,
2486 			       &state) < 0) {
2487 		nlmsg_free(msg);
2488 		return -ENOBUFS;
2489 	}
2490 
2491 	return genlmsg_reply(msg, info);
2492 }
2493 
2494 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2495 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
2496 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
2497 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
2498 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
2499 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
2500 };
2501 
2502 static int parse_txq_params(struct nlattr *tb[],
2503 			    struct ieee80211_txq_params *txq_params)
2504 {
2505 	u8 ac;
2506 
2507 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2508 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2509 	    !tb[NL80211_TXQ_ATTR_AIFS])
2510 		return -EINVAL;
2511 
2512 	ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2513 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2514 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2515 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2516 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2517 
2518 	if (ac >= NL80211_NUM_ACS)
2519 		return -EINVAL;
2520 	txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2521 	return 0;
2522 }
2523 
2524 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2525 {
2526 	/*
2527 	 * You can only set the channel explicitly for WDS interfaces,
2528 	 * all others have their channel managed via their respective
2529 	 * "establish a connection" command (connect, join, ...)
2530 	 *
2531 	 * For AP/GO and mesh mode, the channel can be set with the
2532 	 * channel userspace API, but is only stored and passed to the
2533 	 * low-level driver when the AP starts or the mesh is joined.
2534 	 * This is for backward compatibility, userspace can also give
2535 	 * the channel in the start-ap or join-mesh commands instead.
2536 	 *
2537 	 * Monitors are special as they are normally slaved to
2538 	 * whatever else is going on, so they have their own special
2539 	 * operation to set the monitor channel if possible.
2540 	 */
2541 	return !wdev ||
2542 		wdev->iftype == NL80211_IFTYPE_AP ||
2543 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2544 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
2545 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
2546 }
2547 
2548 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2549 			  struct genl_info *info,
2550 			  struct cfg80211_chan_def *chandef)
2551 {
2552 	struct netlink_ext_ack *extack = info->extack;
2553 	struct nlattr **attrs = info->attrs;
2554 	u32 control_freq;
2555 
2556 	if (!attrs[NL80211_ATTR_WIPHY_FREQ])
2557 		return -EINVAL;
2558 
2559 	control_freq = nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]);
2560 
2561 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2562 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2563 	chandef->center_freq1 = control_freq;
2564 	chandef->center_freq2 = 0;
2565 
2566 	/* Primary channel not allowed */
2567 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
2568 		NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
2569 				    "Channel is disabled");
2570 		return -EINVAL;
2571 	}
2572 
2573 	if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2574 		enum nl80211_channel_type chantype;
2575 
2576 		chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2577 
2578 		switch (chantype) {
2579 		case NL80211_CHAN_NO_HT:
2580 		case NL80211_CHAN_HT20:
2581 		case NL80211_CHAN_HT40PLUS:
2582 		case NL80211_CHAN_HT40MINUS:
2583 			cfg80211_chandef_create(chandef, chandef->chan,
2584 						chantype);
2585 			/* user input for center_freq is incorrect */
2586 			if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
2587 			    chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
2588 				NL_SET_ERR_MSG_ATTR(extack,
2589 						    attrs[NL80211_ATTR_CENTER_FREQ1],
2590 						    "bad center frequency 1");
2591 				return -EINVAL;
2592 			}
2593 			/* center_freq2 must be zero */
2594 			if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
2595 			    nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
2596 				NL_SET_ERR_MSG_ATTR(extack,
2597 						    attrs[NL80211_ATTR_CENTER_FREQ2],
2598 						    "center frequency 2 can't be used");
2599 				return -EINVAL;
2600 			}
2601 			break;
2602 		default:
2603 			NL_SET_ERR_MSG_ATTR(extack,
2604 					    attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
2605 					    "invalid channel type");
2606 			return -EINVAL;
2607 		}
2608 	} else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2609 		chandef->width =
2610 			nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2611 		if (attrs[NL80211_ATTR_CENTER_FREQ1])
2612 			chandef->center_freq1 =
2613 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
2614 		if (attrs[NL80211_ATTR_CENTER_FREQ2])
2615 			chandef->center_freq2 =
2616 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
2617 	}
2618 
2619 	if (!cfg80211_chandef_valid(chandef)) {
2620 		NL_SET_ERR_MSG(extack, "invalid channel definition");
2621 		return -EINVAL;
2622 	}
2623 
2624 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2625 				     IEEE80211_CHAN_DISABLED)) {
2626 		NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
2627 		return -EINVAL;
2628 	}
2629 
2630 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2631 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
2632 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
2633 		NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
2634 		return -EINVAL;
2635 	}
2636 
2637 	return 0;
2638 }
2639 
2640 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2641 				 struct net_device *dev,
2642 				 struct genl_info *info)
2643 {
2644 	struct cfg80211_chan_def chandef;
2645 	int result;
2646 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2647 	struct wireless_dev *wdev = NULL;
2648 
2649 	if (dev)
2650 		wdev = dev->ieee80211_ptr;
2651 	if (!nl80211_can_set_dev_channel(wdev))
2652 		return -EOPNOTSUPP;
2653 	if (wdev)
2654 		iftype = wdev->iftype;
2655 
2656 	result = nl80211_parse_chandef(rdev, info, &chandef);
2657 	if (result)
2658 		return result;
2659 
2660 	switch (iftype) {
2661 	case NL80211_IFTYPE_AP:
2662 	case NL80211_IFTYPE_P2P_GO:
2663 		if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2664 						   iftype)) {
2665 			result = -EINVAL;
2666 			break;
2667 		}
2668 		if (wdev->beacon_interval) {
2669 			if (!dev || !rdev->ops->set_ap_chanwidth ||
2670 			    !(rdev->wiphy.features &
2671 			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2672 				result = -EBUSY;
2673 				break;
2674 			}
2675 
2676 			/* Only allow dynamic channel width changes */
2677 			if (chandef.chan != wdev->preset_chandef.chan) {
2678 				result = -EBUSY;
2679 				break;
2680 			}
2681 			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2682 			if (result)
2683 				break;
2684 		}
2685 		wdev->preset_chandef = chandef;
2686 		result = 0;
2687 		break;
2688 	case NL80211_IFTYPE_MESH_POINT:
2689 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2690 		break;
2691 	case NL80211_IFTYPE_MONITOR:
2692 		result = cfg80211_set_monitor_channel(rdev, &chandef);
2693 		break;
2694 	default:
2695 		result = -EINVAL;
2696 	}
2697 
2698 	return result;
2699 }
2700 
2701 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2702 {
2703 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2704 	struct net_device *netdev = info->user_ptr[1];
2705 
2706 	return __nl80211_set_channel(rdev, netdev, info);
2707 }
2708 
2709 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2710 {
2711 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2712 	struct net_device *dev = info->user_ptr[1];
2713 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2714 	const u8 *bssid;
2715 
2716 	if (!info->attrs[NL80211_ATTR_MAC])
2717 		return -EINVAL;
2718 
2719 	if (netif_running(dev))
2720 		return -EBUSY;
2721 
2722 	if (!rdev->ops->set_wds_peer)
2723 		return -EOPNOTSUPP;
2724 
2725 	if (wdev->iftype != NL80211_IFTYPE_WDS)
2726 		return -EOPNOTSUPP;
2727 
2728 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2729 	return rdev_set_wds_peer(rdev, dev, bssid);
2730 }
2731 
2732 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2733 {
2734 	struct cfg80211_registered_device *rdev;
2735 	struct net_device *netdev = NULL;
2736 	struct wireless_dev *wdev;
2737 	int result = 0, rem_txq_params = 0;
2738 	struct nlattr *nl_txq_params;
2739 	u32 changed;
2740 	u8 retry_short = 0, retry_long = 0;
2741 	u32 frag_threshold = 0, rts_threshold = 0;
2742 	u8 coverage_class = 0;
2743 	u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
2744 
2745 	ASSERT_RTNL();
2746 
2747 	/*
2748 	 * Try to find the wiphy and netdev. Normally this
2749 	 * function shouldn't need the netdev, but this is
2750 	 * done for backward compatibility -- previously
2751 	 * setting the channel was done per wiphy, but now
2752 	 * it is per netdev. Previous userland like hostapd
2753 	 * also passed a netdev to set_wiphy, so that it is
2754 	 * possible to let that go to the right netdev!
2755 	 */
2756 
2757 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
2758 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2759 
2760 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2761 		if (netdev && netdev->ieee80211_ptr)
2762 			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2763 		else
2764 			netdev = NULL;
2765 	}
2766 
2767 	if (!netdev) {
2768 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2769 						  info->attrs);
2770 		if (IS_ERR(rdev))
2771 			return PTR_ERR(rdev);
2772 		wdev = NULL;
2773 		netdev = NULL;
2774 		result = 0;
2775 	} else
2776 		wdev = netdev->ieee80211_ptr;
2777 
2778 	/*
2779 	 * end workaround code, by now the rdev is available
2780 	 * and locked, and wdev may or may not be NULL.
2781 	 */
2782 
2783 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2784 		result = cfg80211_dev_rename(
2785 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2786 
2787 	if (result)
2788 		return result;
2789 
2790 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2791 		struct ieee80211_txq_params txq_params;
2792 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2793 
2794 		if (!rdev->ops->set_txq_params)
2795 			return -EOPNOTSUPP;
2796 
2797 		if (!netdev)
2798 			return -EINVAL;
2799 
2800 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2801 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2802 			return -EINVAL;
2803 
2804 		if (!netif_running(netdev))
2805 			return -ENETDOWN;
2806 
2807 		nla_for_each_nested(nl_txq_params,
2808 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2809 				    rem_txq_params) {
2810 			result = nla_parse_nested_deprecated(tb,
2811 							     NL80211_TXQ_ATTR_MAX,
2812 							     nl_txq_params,
2813 							     txq_params_policy,
2814 							     info->extack);
2815 			if (result)
2816 				return result;
2817 			result = parse_txq_params(tb, &txq_params);
2818 			if (result)
2819 				return result;
2820 
2821 			result = rdev_set_txq_params(rdev, netdev,
2822 						     &txq_params);
2823 			if (result)
2824 				return result;
2825 		}
2826 	}
2827 
2828 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2829 		result = __nl80211_set_channel(
2830 			rdev,
2831 			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2832 			info);
2833 		if (result)
2834 			return result;
2835 	}
2836 
2837 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2838 		struct wireless_dev *txp_wdev = wdev;
2839 		enum nl80211_tx_power_setting type;
2840 		int idx, mbm = 0;
2841 
2842 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2843 			txp_wdev = NULL;
2844 
2845 		if (!rdev->ops->set_tx_power)
2846 			return -EOPNOTSUPP;
2847 
2848 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2849 		type = nla_get_u32(info->attrs[idx]);
2850 
2851 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2852 		    (type != NL80211_TX_POWER_AUTOMATIC))
2853 			return -EINVAL;
2854 
2855 		if (type != NL80211_TX_POWER_AUTOMATIC) {
2856 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2857 			mbm = nla_get_u32(info->attrs[idx]);
2858 		}
2859 
2860 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2861 		if (result)
2862 			return result;
2863 	}
2864 
2865 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2866 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2867 		u32 tx_ant, rx_ant;
2868 
2869 		if ((!rdev->wiphy.available_antennas_tx &&
2870 		     !rdev->wiphy.available_antennas_rx) ||
2871 		    !rdev->ops->set_antenna)
2872 			return -EOPNOTSUPP;
2873 
2874 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2875 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2876 
2877 		/* reject antenna configurations which don't match the
2878 		 * available antenna masks, except for the "all" mask */
2879 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2880 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2881 			return -EINVAL;
2882 
2883 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2884 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2885 
2886 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2887 		if (result)
2888 			return result;
2889 	}
2890 
2891 	changed = 0;
2892 
2893 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2894 		retry_short = nla_get_u8(
2895 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2896 
2897 		changed |= WIPHY_PARAM_RETRY_SHORT;
2898 	}
2899 
2900 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2901 		retry_long = nla_get_u8(
2902 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2903 
2904 		changed |= WIPHY_PARAM_RETRY_LONG;
2905 	}
2906 
2907 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2908 		frag_threshold = nla_get_u32(
2909 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2910 		if (frag_threshold < 256)
2911 			return -EINVAL;
2912 
2913 		if (frag_threshold != (u32) -1) {
2914 			/*
2915 			 * Fragments (apart from the last one) are required to
2916 			 * have even length. Make the fragmentation code
2917 			 * simpler by stripping LSB should someone try to use
2918 			 * odd threshold value.
2919 			 */
2920 			frag_threshold &= ~0x1;
2921 		}
2922 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2923 	}
2924 
2925 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2926 		rts_threshold = nla_get_u32(
2927 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2928 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2929 	}
2930 
2931 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2932 		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2933 			return -EINVAL;
2934 
2935 		coverage_class = nla_get_u8(
2936 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2937 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2938 	}
2939 
2940 	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2941 		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2942 			return -EOPNOTSUPP;
2943 
2944 		changed |= WIPHY_PARAM_DYN_ACK;
2945 	}
2946 
2947 	if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
2948 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
2949 					     NL80211_EXT_FEATURE_TXQS))
2950 			return -EOPNOTSUPP;
2951 		txq_limit = nla_get_u32(
2952 			info->attrs[NL80211_ATTR_TXQ_LIMIT]);
2953 		changed |= WIPHY_PARAM_TXQ_LIMIT;
2954 	}
2955 
2956 	if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
2957 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
2958 					     NL80211_EXT_FEATURE_TXQS))
2959 			return -EOPNOTSUPP;
2960 		txq_memory_limit = nla_get_u32(
2961 			info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
2962 		changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
2963 	}
2964 
2965 	if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
2966 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
2967 					     NL80211_EXT_FEATURE_TXQS))
2968 			return -EOPNOTSUPP;
2969 		txq_quantum = nla_get_u32(
2970 			info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
2971 		changed |= WIPHY_PARAM_TXQ_QUANTUM;
2972 	}
2973 
2974 	if (changed) {
2975 		u8 old_retry_short, old_retry_long;
2976 		u32 old_frag_threshold, old_rts_threshold;
2977 		u8 old_coverage_class;
2978 		u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
2979 
2980 		if (!rdev->ops->set_wiphy_params)
2981 			return -EOPNOTSUPP;
2982 
2983 		old_retry_short = rdev->wiphy.retry_short;
2984 		old_retry_long = rdev->wiphy.retry_long;
2985 		old_frag_threshold = rdev->wiphy.frag_threshold;
2986 		old_rts_threshold = rdev->wiphy.rts_threshold;
2987 		old_coverage_class = rdev->wiphy.coverage_class;
2988 		old_txq_limit = rdev->wiphy.txq_limit;
2989 		old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
2990 		old_txq_quantum = rdev->wiphy.txq_quantum;
2991 
2992 		if (changed & WIPHY_PARAM_RETRY_SHORT)
2993 			rdev->wiphy.retry_short = retry_short;
2994 		if (changed & WIPHY_PARAM_RETRY_LONG)
2995 			rdev->wiphy.retry_long = retry_long;
2996 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2997 			rdev->wiphy.frag_threshold = frag_threshold;
2998 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2999 			rdev->wiphy.rts_threshold = rts_threshold;
3000 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3001 			rdev->wiphy.coverage_class = coverage_class;
3002 		if (changed & WIPHY_PARAM_TXQ_LIMIT)
3003 			rdev->wiphy.txq_limit = txq_limit;
3004 		if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3005 			rdev->wiphy.txq_memory_limit = txq_memory_limit;
3006 		if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3007 			rdev->wiphy.txq_quantum = txq_quantum;
3008 
3009 		result = rdev_set_wiphy_params(rdev, changed);
3010 		if (result) {
3011 			rdev->wiphy.retry_short = old_retry_short;
3012 			rdev->wiphy.retry_long = old_retry_long;
3013 			rdev->wiphy.frag_threshold = old_frag_threshold;
3014 			rdev->wiphy.rts_threshold = old_rts_threshold;
3015 			rdev->wiphy.coverage_class = old_coverage_class;
3016 			rdev->wiphy.txq_limit = old_txq_limit;
3017 			rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3018 			rdev->wiphy.txq_quantum = old_txq_quantum;
3019 			return result;
3020 		}
3021 	}
3022 	return 0;
3023 }
3024 
3025 static int nl80211_send_chandef(struct sk_buff *msg,
3026 				const struct cfg80211_chan_def *chandef)
3027 {
3028 	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3029 		return -EINVAL;
3030 
3031 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3032 			chandef->chan->center_freq))
3033 		return -ENOBUFS;
3034 	switch (chandef->width) {
3035 	case NL80211_CHAN_WIDTH_20_NOHT:
3036 	case NL80211_CHAN_WIDTH_20:
3037 	case NL80211_CHAN_WIDTH_40:
3038 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3039 				cfg80211_get_chandef_type(chandef)))
3040 			return -ENOBUFS;
3041 		break;
3042 	default:
3043 		break;
3044 	}
3045 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3046 		return -ENOBUFS;
3047 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3048 		return -ENOBUFS;
3049 	if (chandef->center_freq2 &&
3050 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3051 		return -ENOBUFS;
3052 	return 0;
3053 }
3054 
3055 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3056 			      struct cfg80211_registered_device *rdev,
3057 			      struct wireless_dev *wdev,
3058 			      enum nl80211_commands cmd)
3059 {
3060 	struct net_device *dev = wdev->netdev;
3061 	void *hdr;
3062 
3063 	WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3064 		cmd != NL80211_CMD_DEL_INTERFACE &&
3065 		cmd != NL80211_CMD_SET_INTERFACE);
3066 
3067 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3068 	if (!hdr)
3069 		return -1;
3070 
3071 	if (dev &&
3072 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3073 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3074 		goto nla_put_failure;
3075 
3076 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3077 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3078 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3079 			      NL80211_ATTR_PAD) ||
3080 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3081 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
3082 			rdev->devlist_generation ^
3083 			(cfg80211_rdev_list_generation << 2)) ||
3084 	    nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3085 		goto nla_put_failure;
3086 
3087 	if (rdev->ops->get_channel) {
3088 		int ret;
3089 		struct cfg80211_chan_def chandef;
3090 
3091 		ret = rdev_get_channel(rdev, wdev, &chandef);
3092 		if (ret == 0) {
3093 			if (nl80211_send_chandef(msg, &chandef))
3094 				goto nla_put_failure;
3095 		}
3096 	}
3097 
3098 	if (rdev->ops->get_tx_power) {
3099 		int dbm, ret;
3100 
3101 		ret = rdev_get_tx_power(rdev, wdev, &dbm);
3102 		if (ret == 0 &&
3103 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3104 				DBM_TO_MBM(dbm)))
3105 			goto nla_put_failure;
3106 	}
3107 
3108 	wdev_lock(wdev);
3109 	switch (wdev->iftype) {
3110 	case NL80211_IFTYPE_AP:
3111 		if (wdev->ssid_len &&
3112 		    nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3113 			goto nla_put_failure_locked;
3114 		break;
3115 	case NL80211_IFTYPE_STATION:
3116 	case NL80211_IFTYPE_P2P_CLIENT:
3117 	case NL80211_IFTYPE_ADHOC: {
3118 		const u8 *ssid_ie;
3119 		if (!wdev->current_bss)
3120 			break;
3121 		rcu_read_lock();
3122 		ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3123 					       WLAN_EID_SSID);
3124 		if (ssid_ie &&
3125 		    nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3126 			goto nla_put_failure_rcu_locked;
3127 		rcu_read_unlock();
3128 		break;
3129 		}
3130 	default:
3131 		/* nothing */
3132 		break;
3133 	}
3134 	wdev_unlock(wdev);
3135 
3136 	if (rdev->ops->get_txq_stats) {
3137 		struct cfg80211_txq_stats txqstats = {};
3138 		int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3139 
3140 		if (ret == 0 &&
3141 		    !nl80211_put_txq_stats(msg, &txqstats,
3142 					   NL80211_ATTR_TXQ_STATS))
3143 			goto nla_put_failure;
3144 	}
3145 
3146 	genlmsg_end(msg, hdr);
3147 	return 0;
3148 
3149  nla_put_failure_rcu_locked:
3150 	rcu_read_unlock();
3151  nla_put_failure_locked:
3152 	wdev_unlock(wdev);
3153  nla_put_failure:
3154 	genlmsg_cancel(msg, hdr);
3155 	return -EMSGSIZE;
3156 }
3157 
3158 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3159 {
3160 	int wp_idx = 0;
3161 	int if_idx = 0;
3162 	int wp_start = cb->args[0];
3163 	int if_start = cb->args[1];
3164 	int filter_wiphy = -1;
3165 	struct cfg80211_registered_device *rdev;
3166 	struct wireless_dev *wdev;
3167 	int ret;
3168 
3169 	rtnl_lock();
3170 	if (!cb->args[2]) {
3171 		struct nl80211_dump_wiphy_state state = {
3172 			.filter_wiphy = -1,
3173 		};
3174 
3175 		ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3176 		if (ret)
3177 			goto out_unlock;
3178 
3179 		filter_wiphy = state.filter_wiphy;
3180 
3181 		/*
3182 		 * if filtering, set cb->args[2] to +1 since 0 is the default
3183 		 * value needed to determine that parsing is necessary.
3184 		 */
3185 		if (filter_wiphy >= 0)
3186 			cb->args[2] = filter_wiphy + 1;
3187 		else
3188 			cb->args[2] = -1;
3189 	} else if (cb->args[2] > 0) {
3190 		filter_wiphy = cb->args[2] - 1;
3191 	}
3192 
3193 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3194 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3195 			continue;
3196 		if (wp_idx < wp_start) {
3197 			wp_idx++;
3198 			continue;
3199 		}
3200 
3201 		if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3202 			continue;
3203 
3204 		if_idx = 0;
3205 
3206 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3207 			if (if_idx < if_start) {
3208 				if_idx++;
3209 				continue;
3210 			}
3211 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3212 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
3213 					       rdev, wdev,
3214 					       NL80211_CMD_NEW_INTERFACE) < 0) {
3215 				goto out;
3216 			}
3217 			if_idx++;
3218 		}
3219 
3220 		wp_idx++;
3221 	}
3222  out:
3223 	cb->args[0] = wp_idx;
3224 	cb->args[1] = if_idx;
3225 
3226 	ret = skb->len;
3227  out_unlock:
3228 	rtnl_unlock();
3229 
3230 	return ret;
3231 }
3232 
3233 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3234 {
3235 	struct sk_buff *msg;
3236 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3237 	struct wireless_dev *wdev = info->user_ptr[1];
3238 
3239 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3240 	if (!msg)
3241 		return -ENOMEM;
3242 
3243 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3244 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3245 		nlmsg_free(msg);
3246 		return -ENOBUFS;
3247 	}
3248 
3249 	return genlmsg_reply(msg, info);
3250 }
3251 
3252 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3253 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3254 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3255 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3256 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3257 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3258 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3259 };
3260 
3261 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3262 {
3263 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3264 	int flag;
3265 
3266 	*mntrflags = 0;
3267 
3268 	if (!nla)
3269 		return -EINVAL;
3270 
3271 	if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3272 		return -EINVAL;
3273 
3274 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3275 		if (flags[flag])
3276 			*mntrflags |= (1<<flag);
3277 
3278 	*mntrflags |= MONITOR_FLAG_CHANGED;
3279 
3280 	return 0;
3281 }
3282 
3283 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3284 				     enum nl80211_iftype type,
3285 				     struct genl_info *info,
3286 				     struct vif_params *params)
3287 {
3288 	bool change = false;
3289 	int err;
3290 
3291 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3292 		if (type != NL80211_IFTYPE_MONITOR)
3293 			return -EINVAL;
3294 
3295 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3296 					  &params->flags);
3297 		if (err)
3298 			return err;
3299 
3300 		change = true;
3301 	}
3302 
3303 	if (params->flags & MONITOR_FLAG_ACTIVE &&
3304 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3305 		return -EOPNOTSUPP;
3306 
3307 	if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3308 		const u8 *mumimo_groups;
3309 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3310 
3311 		if (type != NL80211_IFTYPE_MONITOR)
3312 			return -EINVAL;
3313 
3314 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3315 			return -EOPNOTSUPP;
3316 
3317 		mumimo_groups =
3318 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3319 
3320 		/* bits 0 and 63 are reserved and must be zero */
3321 		if ((mumimo_groups[0] & BIT(0)) ||
3322 		    (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3323 			return -EINVAL;
3324 
3325 		params->vht_mumimo_groups = mumimo_groups;
3326 		change = true;
3327 	}
3328 
3329 	if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3330 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3331 
3332 		if (type != NL80211_IFTYPE_MONITOR)
3333 			return -EINVAL;
3334 
3335 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3336 			return -EOPNOTSUPP;
3337 
3338 		params->vht_mumimo_follow_addr =
3339 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3340 		change = true;
3341 	}
3342 
3343 	return change ? 1 : 0;
3344 }
3345 
3346 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3347 			       struct net_device *netdev, u8 use_4addr,
3348 			       enum nl80211_iftype iftype)
3349 {
3350 	if (!use_4addr) {
3351 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
3352 			return -EBUSY;
3353 		return 0;
3354 	}
3355 
3356 	switch (iftype) {
3357 	case NL80211_IFTYPE_AP_VLAN:
3358 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3359 			return 0;
3360 		break;
3361 	case NL80211_IFTYPE_STATION:
3362 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3363 			return 0;
3364 		break;
3365 	default:
3366 		break;
3367 	}
3368 
3369 	return -EOPNOTSUPP;
3370 }
3371 
3372 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3373 {
3374 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3375 	struct vif_params params;
3376 	int err;
3377 	enum nl80211_iftype otype, ntype;
3378 	struct net_device *dev = info->user_ptr[1];
3379 	bool change = false;
3380 
3381 	memset(&params, 0, sizeof(params));
3382 
3383 	otype = ntype = dev->ieee80211_ptr->iftype;
3384 
3385 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
3386 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3387 		if (otype != ntype)
3388 			change = true;
3389 	}
3390 
3391 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
3392 		struct wireless_dev *wdev = dev->ieee80211_ptr;
3393 
3394 		if (ntype != NL80211_IFTYPE_MESH_POINT)
3395 			return -EINVAL;
3396 		if (netif_running(dev))
3397 			return -EBUSY;
3398 
3399 		wdev_lock(wdev);
3400 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3401 			     IEEE80211_MAX_MESH_ID_LEN);
3402 		wdev->mesh_id_up_len =
3403 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3404 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3405 		       wdev->mesh_id_up_len);
3406 		wdev_unlock(wdev);
3407 	}
3408 
3409 	if (info->attrs[NL80211_ATTR_4ADDR]) {
3410 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3411 		change = true;
3412 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3413 		if (err)
3414 			return err;
3415 	} else {
3416 		params.use_4addr = -1;
3417 	}
3418 
3419 	err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3420 	if (err < 0)
3421 		return err;
3422 	if (err > 0)
3423 		change = true;
3424 
3425 	if (change)
3426 		err = cfg80211_change_iface(rdev, dev, ntype, &params);
3427 	else
3428 		err = 0;
3429 
3430 	if (!err && params.use_4addr != -1)
3431 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
3432 
3433 	if (change && !err) {
3434 		struct wireless_dev *wdev = dev->ieee80211_ptr;
3435 
3436 		nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3437 	}
3438 
3439 	return err;
3440 }
3441 
3442 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3443 {
3444 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3445 	struct vif_params params;
3446 	struct wireless_dev *wdev;
3447 	struct sk_buff *msg;
3448 	int err;
3449 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3450 
3451 	/* to avoid failing a new interface creation due to pending removal */
3452 	cfg80211_destroy_ifaces(rdev);
3453 
3454 	memset(&params, 0, sizeof(params));
3455 
3456 	if (!info->attrs[NL80211_ATTR_IFNAME])
3457 		return -EINVAL;
3458 
3459 	if (info->attrs[NL80211_ATTR_IFTYPE])
3460 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3461 
3462 	if (!rdev->ops->add_virtual_intf ||
3463 	    !(rdev->wiphy.interface_modes & (1 << type)))
3464 		return -EOPNOTSUPP;
3465 
3466 	if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3467 	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3468 	    info->attrs[NL80211_ATTR_MAC]) {
3469 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3470 			   ETH_ALEN);
3471 		if (!is_valid_ether_addr(params.macaddr))
3472 			return -EADDRNOTAVAIL;
3473 	}
3474 
3475 	if (info->attrs[NL80211_ATTR_4ADDR]) {
3476 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3477 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3478 		if (err)
3479 			return err;
3480 	}
3481 
3482 	err = nl80211_parse_mon_options(rdev, type, info, &params);
3483 	if (err < 0)
3484 		return err;
3485 
3486 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3487 	if (!msg)
3488 		return -ENOMEM;
3489 
3490 	wdev = rdev_add_virtual_intf(rdev,
3491 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3492 				NET_NAME_USER, type, &params);
3493 	if (WARN_ON(!wdev)) {
3494 		nlmsg_free(msg);
3495 		return -EPROTO;
3496 	} else if (IS_ERR(wdev)) {
3497 		nlmsg_free(msg);
3498 		return PTR_ERR(wdev);
3499 	}
3500 
3501 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3502 		wdev->owner_nlportid = info->snd_portid;
3503 
3504 	switch (type) {
3505 	case NL80211_IFTYPE_MESH_POINT:
3506 		if (!info->attrs[NL80211_ATTR_MESH_ID])
3507 			break;
3508 		wdev_lock(wdev);
3509 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3510 			     IEEE80211_MAX_MESH_ID_LEN);
3511 		wdev->mesh_id_up_len =
3512 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3513 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3514 		       wdev->mesh_id_up_len);
3515 		wdev_unlock(wdev);
3516 		break;
3517 	case NL80211_IFTYPE_NAN:
3518 	case NL80211_IFTYPE_P2P_DEVICE:
3519 		/*
3520 		 * P2P Device and NAN do not have a netdev, so don't go
3521 		 * through the netdev notifier and must be added here
3522 		 */
3523 		cfg80211_init_wdev(rdev, wdev);
3524 		break;
3525 	default:
3526 		break;
3527 	}
3528 
3529 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3530 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3531 		nlmsg_free(msg);
3532 		return -ENOBUFS;
3533 	}
3534 
3535 	return genlmsg_reply(msg, info);
3536 }
3537 
3538 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3539 {
3540 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3541 	struct wireless_dev *wdev = info->user_ptr[1];
3542 
3543 	if (!rdev->ops->del_virtual_intf)
3544 		return -EOPNOTSUPP;
3545 
3546 	/*
3547 	 * If we remove a wireless device without a netdev then clear
3548 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
3549 	 * to check if it needs to do dev_put(). Otherwise it crashes
3550 	 * since the wdev has been freed, unlike with a netdev where
3551 	 * we need the dev_put() for the netdev to really be freed.
3552 	 */
3553 	if (!wdev->netdev)
3554 		info->user_ptr[1] = NULL;
3555 
3556 	return rdev_del_virtual_intf(rdev, wdev);
3557 }
3558 
3559 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3560 {
3561 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3562 	struct net_device *dev = info->user_ptr[1];
3563 	u16 noack_map;
3564 
3565 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3566 		return -EINVAL;
3567 
3568 	if (!rdev->ops->set_noack_map)
3569 		return -EOPNOTSUPP;
3570 
3571 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3572 
3573 	return rdev_set_noack_map(rdev, dev, noack_map);
3574 }
3575 
3576 struct get_key_cookie {
3577 	struct sk_buff *msg;
3578 	int error;
3579 	int idx;
3580 };
3581 
3582 static void get_key_callback(void *c, struct key_params *params)
3583 {
3584 	struct nlattr *key;
3585 	struct get_key_cookie *cookie = c;
3586 
3587 	if ((params->key &&
3588 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3589 		     params->key_len, params->key)) ||
3590 	    (params->seq &&
3591 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3592 		     params->seq_len, params->seq)) ||
3593 	    (params->cipher &&
3594 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3595 			 params->cipher)))
3596 		goto nla_put_failure;
3597 
3598 	key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
3599 	if (!key)
3600 		goto nla_put_failure;
3601 
3602 	if ((params->key &&
3603 	     nla_put(cookie->msg, NL80211_KEY_DATA,
3604 		     params->key_len, params->key)) ||
3605 	    (params->seq &&
3606 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
3607 		     params->seq_len, params->seq)) ||
3608 	    (params->cipher &&
3609 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3610 			 params->cipher)))
3611 		goto nla_put_failure;
3612 
3613 	if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
3614 		goto nla_put_failure;
3615 
3616 	nla_nest_end(cookie->msg, key);
3617 
3618 	return;
3619  nla_put_failure:
3620 	cookie->error = 1;
3621 }
3622 
3623 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3624 {
3625 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3626 	int err;
3627 	struct net_device *dev = info->user_ptr[1];
3628 	u8 key_idx = 0;
3629 	const u8 *mac_addr = NULL;
3630 	bool pairwise;
3631 	struct get_key_cookie cookie = {
3632 		.error = 0,
3633 	};
3634 	void *hdr;
3635 	struct sk_buff *msg;
3636 
3637 	if (info->attrs[NL80211_ATTR_KEY_IDX])
3638 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3639 
3640 	if (info->attrs[NL80211_ATTR_MAC])
3641 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3642 
3643 	pairwise = !!mac_addr;
3644 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3645 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3646 
3647 		if (kt != NL80211_KEYTYPE_GROUP &&
3648 		    kt != NL80211_KEYTYPE_PAIRWISE)
3649 			return -EINVAL;
3650 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3651 	}
3652 
3653 	if (!rdev->ops->get_key)
3654 		return -EOPNOTSUPP;
3655 
3656 	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3657 		return -ENOENT;
3658 
3659 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3660 	if (!msg)
3661 		return -ENOMEM;
3662 
3663 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3664 			     NL80211_CMD_NEW_KEY);
3665 	if (!hdr)
3666 		goto nla_put_failure;
3667 
3668 	cookie.msg = msg;
3669 	cookie.idx = key_idx;
3670 
3671 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3672 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3673 		goto nla_put_failure;
3674 	if (mac_addr &&
3675 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3676 		goto nla_put_failure;
3677 
3678 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3679 			   get_key_callback);
3680 
3681 	if (err)
3682 		goto free_msg;
3683 
3684 	if (cookie.error)
3685 		goto nla_put_failure;
3686 
3687 	genlmsg_end(msg, hdr);
3688 	return genlmsg_reply(msg, info);
3689 
3690  nla_put_failure:
3691 	err = -ENOBUFS;
3692  free_msg:
3693 	nlmsg_free(msg);
3694 	return err;
3695 }
3696 
3697 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3698 {
3699 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3700 	struct key_parse key;
3701 	int err;
3702 	struct net_device *dev = info->user_ptr[1];
3703 
3704 	err = nl80211_parse_key(info, &key);
3705 	if (err)
3706 		return err;
3707 
3708 	if (key.idx < 0)
3709 		return -EINVAL;
3710 
3711 	/* Only support setting default key and
3712 	 * Extended Key ID action NL80211_KEY_SET_TX.
3713 	 */
3714 	if (!key.def && !key.defmgmt &&
3715 	    !(key.p.mode == NL80211_KEY_SET_TX))
3716 		return -EINVAL;
3717 
3718 	wdev_lock(dev->ieee80211_ptr);
3719 
3720 	if (key.def) {
3721 		if (!rdev->ops->set_default_key) {
3722 			err = -EOPNOTSUPP;
3723 			goto out;
3724 		}
3725 
3726 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3727 		if (err)
3728 			goto out;
3729 
3730 		err = rdev_set_default_key(rdev, dev, key.idx,
3731 						 key.def_uni, key.def_multi);
3732 
3733 		if (err)
3734 			goto out;
3735 
3736 #ifdef CONFIG_CFG80211_WEXT
3737 		dev->ieee80211_ptr->wext.default_key = key.idx;
3738 #endif
3739 	} else if (key.defmgmt) {
3740 		if (key.def_uni || !key.def_multi) {
3741 			err = -EINVAL;
3742 			goto out;
3743 		}
3744 
3745 		if (!rdev->ops->set_default_mgmt_key) {
3746 			err = -EOPNOTSUPP;
3747 			goto out;
3748 		}
3749 
3750 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3751 		if (err)
3752 			goto out;
3753 
3754 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3755 		if (err)
3756 			goto out;
3757 
3758 #ifdef CONFIG_CFG80211_WEXT
3759 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3760 #endif
3761 	} else if (key.p.mode == NL80211_KEY_SET_TX &&
3762 		   wiphy_ext_feature_isset(&rdev->wiphy,
3763 					   NL80211_EXT_FEATURE_EXT_KEY_ID)) {
3764 		u8 *mac_addr = NULL;
3765 
3766 		if (info->attrs[NL80211_ATTR_MAC])
3767 			mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3768 
3769 		if (!mac_addr || key.idx < 0 || key.idx > 1) {
3770 			err = -EINVAL;
3771 			goto out;
3772 		}
3773 
3774 		err = rdev_add_key(rdev, dev, key.idx,
3775 				   NL80211_KEYTYPE_PAIRWISE,
3776 				   mac_addr, &key.p);
3777 	} else {
3778 		err = -EINVAL;
3779 	}
3780  out:
3781 	wdev_unlock(dev->ieee80211_ptr);
3782 
3783 	return err;
3784 }
3785 
3786 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3787 {
3788 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3789 	int err;
3790 	struct net_device *dev = info->user_ptr[1];
3791 	struct key_parse key;
3792 	const u8 *mac_addr = NULL;
3793 
3794 	err = nl80211_parse_key(info, &key);
3795 	if (err)
3796 		return err;
3797 
3798 	if (!key.p.key)
3799 		return -EINVAL;
3800 
3801 	if (info->attrs[NL80211_ATTR_MAC])
3802 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3803 
3804 	if (key.type == -1) {
3805 		if (mac_addr)
3806 			key.type = NL80211_KEYTYPE_PAIRWISE;
3807 		else
3808 			key.type = NL80211_KEYTYPE_GROUP;
3809 	}
3810 
3811 	/* for now */
3812 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3813 	    key.type != NL80211_KEYTYPE_GROUP)
3814 		return -EINVAL;
3815 
3816 	if (!rdev->ops->add_key)
3817 		return -EOPNOTSUPP;
3818 
3819 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3820 					   key.type == NL80211_KEYTYPE_PAIRWISE,
3821 					   mac_addr))
3822 		return -EINVAL;
3823 
3824 	wdev_lock(dev->ieee80211_ptr);
3825 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3826 	if (!err)
3827 		err = rdev_add_key(rdev, dev, key.idx,
3828 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3829 				    mac_addr, &key.p);
3830 	wdev_unlock(dev->ieee80211_ptr);
3831 
3832 	return err;
3833 }
3834 
3835 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3836 {
3837 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3838 	int err;
3839 	struct net_device *dev = info->user_ptr[1];
3840 	u8 *mac_addr = NULL;
3841 	struct key_parse key;
3842 
3843 	err = nl80211_parse_key(info, &key);
3844 	if (err)
3845 		return err;
3846 
3847 	if (info->attrs[NL80211_ATTR_MAC])
3848 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3849 
3850 	if (key.type == -1) {
3851 		if (mac_addr)
3852 			key.type = NL80211_KEYTYPE_PAIRWISE;
3853 		else
3854 			key.type = NL80211_KEYTYPE_GROUP;
3855 	}
3856 
3857 	/* for now */
3858 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3859 	    key.type != NL80211_KEYTYPE_GROUP)
3860 		return -EINVAL;
3861 
3862 	if (!rdev->ops->del_key)
3863 		return -EOPNOTSUPP;
3864 
3865 	wdev_lock(dev->ieee80211_ptr);
3866 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3867 
3868 	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3869 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3870 		err = -ENOENT;
3871 
3872 	if (!err)
3873 		err = rdev_del_key(rdev, dev, key.idx,
3874 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3875 				   mac_addr);
3876 
3877 #ifdef CONFIG_CFG80211_WEXT
3878 	if (!err) {
3879 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
3880 			dev->ieee80211_ptr->wext.default_key = -1;
3881 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3882 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3883 	}
3884 #endif
3885 	wdev_unlock(dev->ieee80211_ptr);
3886 
3887 	return err;
3888 }
3889 
3890 /* This function returns an error or the number of nested attributes */
3891 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3892 {
3893 	struct nlattr *attr;
3894 	int n_entries = 0, tmp;
3895 
3896 	nla_for_each_nested(attr, nl_attr, tmp) {
3897 		if (nla_len(attr) != ETH_ALEN)
3898 			return -EINVAL;
3899 
3900 		n_entries++;
3901 	}
3902 
3903 	return n_entries;
3904 }
3905 
3906 /*
3907  * This function parses ACL information and allocates memory for ACL data.
3908  * On successful return, the calling function is responsible to free the
3909  * ACL buffer returned by this function.
3910  */
3911 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3912 						struct genl_info *info)
3913 {
3914 	enum nl80211_acl_policy acl_policy;
3915 	struct nlattr *attr;
3916 	struct cfg80211_acl_data *acl;
3917 	int i = 0, n_entries, tmp;
3918 
3919 	if (!wiphy->max_acl_mac_addrs)
3920 		return ERR_PTR(-EOPNOTSUPP);
3921 
3922 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3923 		return ERR_PTR(-EINVAL);
3924 
3925 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3926 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3927 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3928 		return ERR_PTR(-EINVAL);
3929 
3930 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3931 		return ERR_PTR(-EINVAL);
3932 
3933 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3934 	if (n_entries < 0)
3935 		return ERR_PTR(n_entries);
3936 
3937 	if (n_entries > wiphy->max_acl_mac_addrs)
3938 		return ERR_PTR(-ENOTSUPP);
3939 
3940 	acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
3941 	if (!acl)
3942 		return ERR_PTR(-ENOMEM);
3943 
3944 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3945 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3946 		i++;
3947 	}
3948 
3949 	acl->n_acl_entries = n_entries;
3950 	acl->acl_policy = acl_policy;
3951 
3952 	return acl;
3953 }
3954 
3955 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3956 {
3957 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3958 	struct net_device *dev = info->user_ptr[1];
3959 	struct cfg80211_acl_data *acl;
3960 	int err;
3961 
3962 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3963 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3964 		return -EOPNOTSUPP;
3965 
3966 	if (!dev->ieee80211_ptr->beacon_interval)
3967 		return -EINVAL;
3968 
3969 	acl = parse_acl_data(&rdev->wiphy, info);
3970 	if (IS_ERR(acl))
3971 		return PTR_ERR(acl);
3972 
3973 	err = rdev_set_mac_acl(rdev, dev, acl);
3974 
3975 	kfree(acl);
3976 
3977 	return err;
3978 }
3979 
3980 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
3981 			   u8 *rates, u8 rates_len)
3982 {
3983 	u8 i;
3984 	u32 mask = 0;
3985 
3986 	for (i = 0; i < rates_len; i++) {
3987 		int rate = (rates[i] & 0x7f) * 5;
3988 		int ridx;
3989 
3990 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
3991 			struct ieee80211_rate *srate =
3992 				&sband->bitrates[ridx];
3993 			if (rate == srate->bitrate) {
3994 				mask |= 1 << ridx;
3995 				break;
3996 			}
3997 		}
3998 		if (ridx == sband->n_bitrates)
3999 			return 0; /* rate not found */
4000 	}
4001 
4002 	return mask;
4003 }
4004 
4005 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4006 			       u8 *rates, u8 rates_len,
4007 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4008 {
4009 	u8 i;
4010 
4011 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4012 
4013 	for (i = 0; i < rates_len; i++) {
4014 		int ridx, rbit;
4015 
4016 		ridx = rates[i] / 8;
4017 		rbit = BIT(rates[i] % 8);
4018 
4019 		/* check validity */
4020 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4021 			return false;
4022 
4023 		/* check availability */
4024 		ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4025 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4026 			mcs[ridx] |= rbit;
4027 		else
4028 			return false;
4029 	}
4030 
4031 	return true;
4032 }
4033 
4034 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4035 {
4036 	u16 mcs_mask = 0;
4037 
4038 	switch (vht_mcs_map) {
4039 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4040 		break;
4041 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
4042 		mcs_mask = 0x00FF;
4043 		break;
4044 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
4045 		mcs_mask = 0x01FF;
4046 		break;
4047 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
4048 		mcs_mask = 0x03FF;
4049 		break;
4050 	default:
4051 		break;
4052 	}
4053 
4054 	return mcs_mask;
4055 }
4056 
4057 static void vht_build_mcs_mask(u16 vht_mcs_map,
4058 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4059 {
4060 	u8 nss;
4061 
4062 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4063 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4064 		vht_mcs_map >>= 2;
4065 	}
4066 }
4067 
4068 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4069 			     struct nl80211_txrate_vht *txrate,
4070 			     u16 mcs[NL80211_VHT_NSS_MAX])
4071 {
4072 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4073 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4074 	u8 i;
4075 
4076 	if (!sband->vht_cap.vht_supported)
4077 		return false;
4078 
4079 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4080 
4081 	/* Build vht_mcs_mask from VHT capabilities */
4082 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4083 
4084 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4085 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4086 			mcs[i] = txrate->mcs[i];
4087 		else
4088 			return false;
4089 	}
4090 
4091 	return true;
4092 }
4093 
4094 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4095 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4096 				    .len = NL80211_MAX_SUPP_RATES },
4097 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
4098 				.len = NL80211_MAX_SUPP_HT_RATES },
4099 	[NL80211_TXRATE_VHT] = { .type = NLA_EXACT_LEN_WARN, .len = sizeof(struct nl80211_txrate_vht)},
4100 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
4101 };
4102 
4103 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4104 					 struct cfg80211_bitrate_mask *mask)
4105 {
4106 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4107 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4108 	int rem, i;
4109 	struct nlattr *tx_rates;
4110 	struct ieee80211_supported_band *sband;
4111 	u16 vht_tx_mcs_map;
4112 
4113 	memset(mask, 0, sizeof(*mask));
4114 	/* Default to all rates enabled */
4115 	for (i = 0; i < NUM_NL80211_BANDS; i++) {
4116 		sband = rdev->wiphy.bands[i];
4117 
4118 		if (!sband)
4119 			continue;
4120 
4121 		mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4122 		memcpy(mask->control[i].ht_mcs,
4123 		       sband->ht_cap.mcs.rx_mask,
4124 		       sizeof(mask->control[i].ht_mcs));
4125 
4126 		if (!sband->vht_cap.vht_supported)
4127 			continue;
4128 
4129 		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4130 		vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4131 	}
4132 
4133 	/* if no rates are given set it back to the defaults */
4134 	if (!info->attrs[NL80211_ATTR_TX_RATES])
4135 		goto out;
4136 
4137 	/* The nested attribute uses enum nl80211_band as the index. This maps
4138 	 * directly to the enum nl80211_band values used in cfg80211.
4139 	 */
4140 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4141 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
4142 		enum nl80211_band band = nla_type(tx_rates);
4143 		int err;
4144 
4145 		if (band < 0 || band >= NUM_NL80211_BANDS)
4146 			return -EINVAL;
4147 		sband = rdev->wiphy.bands[band];
4148 		if (sband == NULL)
4149 			return -EINVAL;
4150 		err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4151 						  tx_rates,
4152 						  nl80211_txattr_policy,
4153 						  info->extack);
4154 		if (err)
4155 			return err;
4156 		if (tb[NL80211_TXRATE_LEGACY]) {
4157 			mask->control[band].legacy = rateset_to_mask(
4158 				sband,
4159 				nla_data(tb[NL80211_TXRATE_LEGACY]),
4160 				nla_len(tb[NL80211_TXRATE_LEGACY]));
4161 			if ((mask->control[band].legacy == 0) &&
4162 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
4163 				return -EINVAL;
4164 		}
4165 		if (tb[NL80211_TXRATE_HT]) {
4166 			if (!ht_rateset_to_mask(
4167 					sband,
4168 					nla_data(tb[NL80211_TXRATE_HT]),
4169 					nla_len(tb[NL80211_TXRATE_HT]),
4170 					mask->control[band].ht_mcs))
4171 				return -EINVAL;
4172 		}
4173 		if (tb[NL80211_TXRATE_VHT]) {
4174 			if (!vht_set_mcs_mask(
4175 					sband,
4176 					nla_data(tb[NL80211_TXRATE_VHT]),
4177 					mask->control[band].vht_mcs))
4178 				return -EINVAL;
4179 		}
4180 		if (tb[NL80211_TXRATE_GI]) {
4181 			mask->control[band].gi =
4182 				nla_get_u8(tb[NL80211_TXRATE_GI]);
4183 			if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4184 				return -EINVAL;
4185 		}
4186 
4187 		if (mask->control[band].legacy == 0) {
4188 			/* don't allow empty legacy rates if HT or VHT
4189 			 * are not even supported.
4190 			 */
4191 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4192 			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
4193 				return -EINVAL;
4194 
4195 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4196 				if (mask->control[band].ht_mcs[i])
4197 					goto out;
4198 
4199 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4200 				if (mask->control[band].vht_mcs[i])
4201 					goto out;
4202 
4203 			/* legacy and mcs rates may not be both empty */
4204 			return -EINVAL;
4205 		}
4206 	}
4207 
4208 out:
4209 	return 0;
4210 }
4211 
4212 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4213 				   enum nl80211_band band,
4214 				   struct cfg80211_bitrate_mask *beacon_rate)
4215 {
4216 	u32 count_ht, count_vht, i;
4217 	u32 rate = beacon_rate->control[band].legacy;
4218 
4219 	/* Allow only one rate */
4220 	if (hweight32(rate) > 1)
4221 		return -EINVAL;
4222 
4223 	count_ht = 0;
4224 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4225 		if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4226 			return -EINVAL;
4227 		} else if (beacon_rate->control[band].ht_mcs[i]) {
4228 			count_ht++;
4229 			if (count_ht > 1)
4230 				return -EINVAL;
4231 		}
4232 		if (count_ht && rate)
4233 			return -EINVAL;
4234 	}
4235 
4236 	count_vht = 0;
4237 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4238 		if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4239 			return -EINVAL;
4240 		} else if (beacon_rate->control[band].vht_mcs[i]) {
4241 			count_vht++;
4242 			if (count_vht > 1)
4243 				return -EINVAL;
4244 		}
4245 		if (count_vht && rate)
4246 			return -EINVAL;
4247 	}
4248 
4249 	if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
4250 		return -EINVAL;
4251 
4252 	if (rate &&
4253 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4254 				     NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4255 		return -EINVAL;
4256 	if (count_ht &&
4257 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4258 				     NL80211_EXT_FEATURE_BEACON_RATE_HT))
4259 		return -EINVAL;
4260 	if (count_vht &&
4261 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4262 				     NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4263 		return -EINVAL;
4264 
4265 	return 0;
4266 }
4267 
4268 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4269 				struct nlattr *attrs[],
4270 				struct cfg80211_beacon_data *bcn)
4271 {
4272 	bool haveinfo = false;
4273 	int err;
4274 
4275 	memset(bcn, 0, sizeof(*bcn));
4276 
4277 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4278 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4279 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4280 		if (!bcn->head_len)
4281 			return -EINVAL;
4282 		haveinfo = true;
4283 	}
4284 
4285 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4286 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4287 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4288 		haveinfo = true;
4289 	}
4290 
4291 	if (!haveinfo)
4292 		return -EINVAL;
4293 
4294 	if (attrs[NL80211_ATTR_IE]) {
4295 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
4296 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
4297 	}
4298 
4299 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
4300 		bcn->proberesp_ies =
4301 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4302 		bcn->proberesp_ies_len =
4303 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4304 	}
4305 
4306 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
4307 		bcn->assocresp_ies =
4308 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4309 		bcn->assocresp_ies_len =
4310 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4311 	}
4312 
4313 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
4314 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
4315 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
4316 	}
4317 
4318 	if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
4319 		struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
4320 
4321 		err = nla_parse_nested_deprecated(tb,
4322 						  NL80211_FTM_RESP_ATTR_MAX,
4323 						  attrs[NL80211_ATTR_FTM_RESPONDER],
4324 						  NULL, NULL);
4325 		if (err)
4326 			return err;
4327 
4328 		if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
4329 		    wiphy_ext_feature_isset(&rdev->wiphy,
4330 					    NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
4331 			bcn->ftm_responder = 1;
4332 		else
4333 			return -EOPNOTSUPP;
4334 
4335 		if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
4336 			bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
4337 			bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
4338 		}
4339 
4340 		if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
4341 			bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4342 			bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4343 		}
4344 	} else {
4345 		bcn->ftm_responder = -1;
4346 	}
4347 
4348 	return 0;
4349 }
4350 
4351 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
4352 					    const u8 *rates)
4353 {
4354 	int i;
4355 
4356 	if (!rates)
4357 		return;
4358 
4359 	for (i = 0; i < rates[1]; i++) {
4360 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
4361 			params->ht_required = true;
4362 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
4363 			params->vht_required = true;
4364 	}
4365 }
4366 
4367 /*
4368  * Since the nl80211 API didn't include, from the beginning, attributes about
4369  * HT/VHT requirements/capabilities, we parse them out of the IEs for the
4370  * benefit of drivers that rebuild IEs in the firmware.
4371  */
4372 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
4373 {
4374 	const struct cfg80211_beacon_data *bcn = &params->beacon;
4375 	size_t ies_len = bcn->tail_len;
4376 	const u8 *ies = bcn->tail;
4377 	const u8 *rates;
4378 	const u8 *cap;
4379 
4380 	rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
4381 	nl80211_check_ap_rate_selectors(params, rates);
4382 
4383 	rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
4384 	nl80211_check_ap_rate_selectors(params, rates);
4385 
4386 	cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
4387 	if (cap && cap[1] >= sizeof(*params->ht_cap))
4388 		params->ht_cap = (void *)(cap + 2);
4389 	cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
4390 	if (cap && cap[1] >= sizeof(*params->vht_cap))
4391 		params->vht_cap = (void *)(cap + 2);
4392 	cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
4393 	if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
4394 		params->he_cap = (void *)(cap + 3);
4395 }
4396 
4397 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
4398 				   struct cfg80211_ap_settings *params)
4399 {
4400 	struct wireless_dev *wdev;
4401 	bool ret = false;
4402 
4403 	list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4404 		if (wdev->iftype != NL80211_IFTYPE_AP &&
4405 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
4406 			continue;
4407 
4408 		if (!wdev->preset_chandef.chan)
4409 			continue;
4410 
4411 		params->chandef = wdev->preset_chandef;
4412 		ret = true;
4413 		break;
4414 	}
4415 
4416 	return ret;
4417 }
4418 
4419 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
4420 				    enum nl80211_auth_type auth_type,
4421 				    enum nl80211_commands cmd)
4422 {
4423 	if (auth_type > NL80211_AUTHTYPE_MAX)
4424 		return false;
4425 
4426 	switch (cmd) {
4427 	case NL80211_CMD_AUTHENTICATE:
4428 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4429 		    auth_type == NL80211_AUTHTYPE_SAE)
4430 			return false;
4431 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
4432 					     NL80211_EXT_FEATURE_FILS_STA) &&
4433 		    (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4434 		     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4435 		     auth_type == NL80211_AUTHTYPE_FILS_PK))
4436 			return false;
4437 		return true;
4438 	case NL80211_CMD_CONNECT:
4439 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4440 		    !wiphy_ext_feature_isset(&rdev->wiphy,
4441 					     NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
4442 		    auth_type == NL80211_AUTHTYPE_SAE)
4443 			return false;
4444 
4445 		/* FILS with SK PFS or PK not supported yet */
4446 		if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4447 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
4448 			return false;
4449 		if (!wiphy_ext_feature_isset(
4450 			    &rdev->wiphy,
4451 			    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
4452 		    auth_type == NL80211_AUTHTYPE_FILS_SK)
4453 			return false;
4454 		return true;
4455 	case NL80211_CMD_START_AP:
4456 		/* SAE not supported yet */
4457 		if (auth_type == NL80211_AUTHTYPE_SAE)
4458 			return false;
4459 		/* FILS not supported yet */
4460 		if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4461 		    auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4462 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
4463 			return false;
4464 		return true;
4465 	default:
4466 		return false;
4467 	}
4468 }
4469 
4470 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
4471 {
4472 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4473 	struct net_device *dev = info->user_ptr[1];
4474 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4475 	struct cfg80211_ap_settings params;
4476 	int err;
4477 
4478 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4479 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4480 		return -EOPNOTSUPP;
4481 
4482 	if (!rdev->ops->start_ap)
4483 		return -EOPNOTSUPP;
4484 
4485 	if (wdev->beacon_interval)
4486 		return -EALREADY;
4487 
4488 	memset(&params, 0, sizeof(params));
4489 
4490 	/* these are required for START_AP */
4491 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
4492 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
4493 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
4494 		return -EINVAL;
4495 
4496 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon);
4497 	if (err)
4498 		return err;
4499 
4500 	params.beacon_interval =
4501 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4502 	params.dtim_period =
4503 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
4504 
4505 	err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
4506 					   params.beacon_interval);
4507 	if (err)
4508 		return err;
4509 
4510 	/*
4511 	 * In theory, some of these attributes should be required here
4512 	 * but since they were not used when the command was originally
4513 	 * added, keep them optional for old user space programs to let
4514 	 * them continue to work with drivers that do not need the
4515 	 * additional information -- drivers must check!
4516 	 */
4517 	if (info->attrs[NL80211_ATTR_SSID]) {
4518 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4519 		params.ssid_len =
4520 			nla_len(info->attrs[NL80211_ATTR_SSID]);
4521 		if (params.ssid_len == 0 ||
4522 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
4523 			return -EINVAL;
4524 	}
4525 
4526 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
4527 		params.hidden_ssid = nla_get_u32(
4528 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4529 
4530 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4531 
4532 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4533 		params.auth_type = nla_get_u32(
4534 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
4535 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
4536 					     NL80211_CMD_START_AP))
4537 			return -EINVAL;
4538 	} else
4539 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4540 
4541 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
4542 				      NL80211_MAX_NR_CIPHER_SUITES);
4543 	if (err)
4544 		return err;
4545 
4546 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4547 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4548 			return -EOPNOTSUPP;
4549 		params.inactivity_timeout = nla_get_u16(
4550 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4551 	}
4552 
4553 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4554 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4555 			return -EINVAL;
4556 		params.p2p_ctwindow =
4557 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4558 		if (params.p2p_ctwindow != 0 &&
4559 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4560 			return -EINVAL;
4561 	}
4562 
4563 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4564 		u8 tmp;
4565 
4566 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4567 			return -EINVAL;
4568 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4569 		params.p2p_opp_ps = tmp;
4570 		if (params.p2p_opp_ps != 0 &&
4571 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4572 			return -EINVAL;
4573 	}
4574 
4575 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4576 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
4577 		if (err)
4578 			return err;
4579 	} else if (wdev->preset_chandef.chan) {
4580 		params.chandef = wdev->preset_chandef;
4581 	} else if (!nl80211_get_ap_channel(rdev, &params))
4582 		return -EINVAL;
4583 
4584 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
4585 					   wdev->iftype))
4586 		return -EINVAL;
4587 
4588 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
4589 		err = nl80211_parse_tx_bitrate_mask(info, &params.beacon_rate);
4590 		if (err)
4591 			return err;
4592 
4593 		err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4594 					      &params.beacon_rate);
4595 		if (err)
4596 			return err;
4597 	}
4598 
4599 	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4600 		params.smps_mode =
4601 			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4602 		switch (params.smps_mode) {
4603 		case NL80211_SMPS_OFF:
4604 			break;
4605 		case NL80211_SMPS_STATIC:
4606 			if (!(rdev->wiphy.features &
4607 			      NL80211_FEATURE_STATIC_SMPS))
4608 				return -EINVAL;
4609 			break;
4610 		case NL80211_SMPS_DYNAMIC:
4611 			if (!(rdev->wiphy.features &
4612 			      NL80211_FEATURE_DYNAMIC_SMPS))
4613 				return -EINVAL;
4614 			break;
4615 		default:
4616 			return -EINVAL;
4617 		}
4618 	} else {
4619 		params.smps_mode = NL80211_SMPS_OFF;
4620 	}
4621 
4622 	params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4623 	if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4624 		return -EOPNOTSUPP;
4625 
4626 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4627 		params.acl = parse_acl_data(&rdev->wiphy, info);
4628 		if (IS_ERR(params.acl))
4629 			return PTR_ERR(params.acl);
4630 	}
4631 
4632 	params.twt_responder =
4633 		    nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
4634 
4635 	nl80211_calculate_ap_params(&params);
4636 
4637 	if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
4638 		params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
4639 
4640 	wdev_lock(wdev);
4641 	err = rdev_start_ap(rdev, dev, &params);
4642 	if (!err) {
4643 		wdev->preset_chandef = params.chandef;
4644 		wdev->beacon_interval = params.beacon_interval;
4645 		wdev->chandef = params.chandef;
4646 		wdev->ssid_len = params.ssid_len;
4647 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4648 
4649 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4650 			wdev->conn_owner_nlportid = info->snd_portid;
4651 	}
4652 	wdev_unlock(wdev);
4653 
4654 	kfree(params.acl);
4655 
4656 	return err;
4657 }
4658 
4659 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4660 {
4661 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4662 	struct net_device *dev = info->user_ptr[1];
4663 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4664 	struct cfg80211_beacon_data params;
4665 	int err;
4666 
4667 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4668 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4669 		return -EOPNOTSUPP;
4670 
4671 	if (!rdev->ops->change_beacon)
4672 		return -EOPNOTSUPP;
4673 
4674 	if (!wdev->beacon_interval)
4675 		return -EINVAL;
4676 
4677 	err = nl80211_parse_beacon(rdev, info->attrs, &params);
4678 	if (err)
4679 		return err;
4680 
4681 	wdev_lock(wdev);
4682 	err = rdev_change_beacon(rdev, dev, &params);
4683 	wdev_unlock(wdev);
4684 
4685 	return err;
4686 }
4687 
4688 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4689 {
4690 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4691 	struct net_device *dev = info->user_ptr[1];
4692 
4693 	return cfg80211_stop_ap(rdev, dev, false);
4694 }
4695 
4696 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4697 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4698 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4699 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4700 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4701 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4702 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4703 };
4704 
4705 static int parse_station_flags(struct genl_info *info,
4706 			       enum nl80211_iftype iftype,
4707 			       struct station_parameters *params)
4708 {
4709 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4710 	struct nlattr *nla;
4711 	int flag;
4712 
4713 	/*
4714 	 * Try parsing the new attribute first so userspace
4715 	 * can specify both for older kernels.
4716 	 */
4717 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4718 	if (nla) {
4719 		struct nl80211_sta_flag_update *sta_flags;
4720 
4721 		sta_flags = nla_data(nla);
4722 		params->sta_flags_mask = sta_flags->mask;
4723 		params->sta_flags_set = sta_flags->set;
4724 		params->sta_flags_set &= params->sta_flags_mask;
4725 		if ((params->sta_flags_mask |
4726 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4727 			return -EINVAL;
4728 		return 0;
4729 	}
4730 
4731 	/* if present, parse the old attribute */
4732 
4733 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4734 	if (!nla)
4735 		return 0;
4736 
4737 	if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
4738 		return -EINVAL;
4739 
4740 	/*
4741 	 * Only allow certain flags for interface types so that
4742 	 * other attributes are silently ignored. Remember that
4743 	 * this is backward compatibility code with old userspace
4744 	 * and shouldn't be hit in other cases anyway.
4745 	 */
4746 	switch (iftype) {
4747 	case NL80211_IFTYPE_AP:
4748 	case NL80211_IFTYPE_AP_VLAN:
4749 	case NL80211_IFTYPE_P2P_GO:
4750 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4751 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4752 					 BIT(NL80211_STA_FLAG_WME) |
4753 					 BIT(NL80211_STA_FLAG_MFP);
4754 		break;
4755 	case NL80211_IFTYPE_P2P_CLIENT:
4756 	case NL80211_IFTYPE_STATION:
4757 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4758 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
4759 		break;
4760 	case NL80211_IFTYPE_MESH_POINT:
4761 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4762 					 BIT(NL80211_STA_FLAG_MFP) |
4763 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
4764 		break;
4765 	default:
4766 		return -EINVAL;
4767 	}
4768 
4769 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4770 		if (flags[flag]) {
4771 			params->sta_flags_set |= (1<<flag);
4772 
4773 			/* no longer support new API additions in old API */
4774 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4775 				return -EINVAL;
4776 		}
4777 	}
4778 
4779 	return 0;
4780 }
4781 
4782 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
4783 {
4784 	struct nlattr *rate;
4785 	u32 bitrate;
4786 	u16 bitrate_compat;
4787 	enum nl80211_rate_info rate_flg;
4788 
4789 	rate = nla_nest_start_noflag(msg, attr);
4790 	if (!rate)
4791 		return false;
4792 
4793 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
4794 	bitrate = cfg80211_calculate_bitrate(info);
4795 	/* report 16-bit bitrate only if we can */
4796 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4797 	if (bitrate > 0 &&
4798 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4799 		return false;
4800 	if (bitrate_compat > 0 &&
4801 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4802 		return false;
4803 
4804 	switch (info->bw) {
4805 	case RATE_INFO_BW_5:
4806 		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4807 		break;
4808 	case RATE_INFO_BW_10:
4809 		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4810 		break;
4811 	default:
4812 		WARN_ON(1);
4813 		/* fall through */
4814 	case RATE_INFO_BW_20:
4815 		rate_flg = 0;
4816 		break;
4817 	case RATE_INFO_BW_40:
4818 		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4819 		break;
4820 	case RATE_INFO_BW_80:
4821 		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4822 		break;
4823 	case RATE_INFO_BW_160:
4824 		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4825 		break;
4826 	case RATE_INFO_BW_HE_RU:
4827 		rate_flg = 0;
4828 		WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
4829 	}
4830 
4831 	if (rate_flg && nla_put_flag(msg, rate_flg))
4832 		return false;
4833 
4834 	if (info->flags & RATE_INFO_FLAGS_MCS) {
4835 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
4836 			return false;
4837 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4838 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4839 			return false;
4840 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
4841 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
4842 			return false;
4843 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
4844 			return false;
4845 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4846 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4847 			return false;
4848 	} else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
4849 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
4850 			return false;
4851 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
4852 			return false;
4853 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
4854 			return false;
4855 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
4856 			return false;
4857 		if (info->bw == RATE_INFO_BW_HE_RU &&
4858 		    nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
4859 			       info->he_ru_alloc))
4860 			return false;
4861 	}
4862 
4863 	nla_nest_end(msg, rate);
4864 	return true;
4865 }
4866 
4867 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
4868 			       int id)
4869 {
4870 	void *attr;
4871 	int i = 0;
4872 
4873 	if (!mask)
4874 		return true;
4875 
4876 	attr = nla_nest_start_noflag(msg, id);
4877 	if (!attr)
4878 		return false;
4879 
4880 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
4881 		if (!(mask & BIT(i)))
4882 			continue;
4883 
4884 		if (nla_put_u8(msg, i, signal[i]))
4885 			return false;
4886 	}
4887 
4888 	nla_nest_end(msg, attr);
4889 
4890 	return true;
4891 }
4892 
4893 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
4894 				u32 seq, int flags,
4895 				struct cfg80211_registered_device *rdev,
4896 				struct net_device *dev,
4897 				const u8 *mac_addr, struct station_info *sinfo)
4898 {
4899 	void *hdr;
4900 	struct nlattr *sinfoattr, *bss_param;
4901 
4902 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4903 	if (!hdr)
4904 		return -1;
4905 
4906 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4907 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
4908 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
4909 		goto nla_put_failure;
4910 
4911 	sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
4912 	if (!sinfoattr)
4913 		goto nla_put_failure;
4914 
4915 #define PUT_SINFO(attr, memb, type) do {				\
4916 	BUILD_BUG_ON(sizeof(type) == sizeof(u64));			\
4917 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
4918 	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
4919 			     sinfo->memb))				\
4920 		goto nla_put_failure;					\
4921 	} while (0)
4922 #define PUT_SINFO_U64(attr, memb) do {					\
4923 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
4924 	    nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr,		\
4925 			      sinfo->memb, NL80211_STA_INFO_PAD))	\
4926 		goto nla_put_failure;					\
4927 	} while (0)
4928 
4929 	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
4930 	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
4931 
4932 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
4933 			     BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
4934 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
4935 			(u32)sinfo->rx_bytes))
4936 		goto nla_put_failure;
4937 
4938 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
4939 			     BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
4940 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
4941 			(u32)sinfo->tx_bytes))
4942 		goto nla_put_failure;
4943 
4944 	PUT_SINFO_U64(RX_BYTES64, rx_bytes);
4945 	PUT_SINFO_U64(TX_BYTES64, tx_bytes);
4946 	PUT_SINFO(LLID, llid, u16);
4947 	PUT_SINFO(PLID, plid, u16);
4948 	PUT_SINFO(PLINK_STATE, plink_state, u8);
4949 	PUT_SINFO_U64(RX_DURATION, rx_duration);
4950 	PUT_SINFO_U64(TX_DURATION, tx_duration);
4951 
4952 	if (wiphy_ext_feature_isset(&rdev->wiphy,
4953 				    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
4954 		PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
4955 
4956 	switch (rdev->wiphy.signal_type) {
4957 	case CFG80211_SIGNAL_TYPE_MBM:
4958 		PUT_SINFO(SIGNAL, signal, u8);
4959 		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
4960 		break;
4961 	default:
4962 		break;
4963 	}
4964 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
4965 		if (!nl80211_put_signal(msg, sinfo->chains,
4966 					sinfo->chain_signal,
4967 					NL80211_STA_INFO_CHAIN_SIGNAL))
4968 			goto nla_put_failure;
4969 	}
4970 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
4971 		if (!nl80211_put_signal(msg, sinfo->chains,
4972 					sinfo->chain_signal_avg,
4973 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
4974 			goto nla_put_failure;
4975 	}
4976 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
4977 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
4978 					  NL80211_STA_INFO_TX_BITRATE))
4979 			goto nla_put_failure;
4980 	}
4981 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
4982 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
4983 					  NL80211_STA_INFO_RX_BITRATE))
4984 			goto nla_put_failure;
4985 	}
4986 
4987 	PUT_SINFO(RX_PACKETS, rx_packets, u32);
4988 	PUT_SINFO(TX_PACKETS, tx_packets, u32);
4989 	PUT_SINFO(TX_RETRIES, tx_retries, u32);
4990 	PUT_SINFO(TX_FAILED, tx_failed, u32);
4991 	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
4992 	PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
4993 	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
4994 	PUT_SINFO(LOCAL_PM, local_pm, u32);
4995 	PUT_SINFO(PEER_PM, peer_pm, u32);
4996 	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
4997 	PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
4998 
4999 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5000 		bss_param = nla_nest_start_noflag(msg,
5001 						  NL80211_STA_INFO_BSS_PARAM);
5002 		if (!bss_param)
5003 			goto nla_put_failure;
5004 
5005 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5006 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5007 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5008 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5009 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5010 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5011 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5012 			       sinfo->bss_param.dtim_period) ||
5013 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5014 				sinfo->bss_param.beacon_interval))
5015 			goto nla_put_failure;
5016 
5017 		nla_nest_end(msg, bss_param);
5018 	}
5019 	if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5020 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5021 		    sizeof(struct nl80211_sta_flag_update),
5022 		    &sinfo->sta_flags))
5023 		goto nla_put_failure;
5024 
5025 	PUT_SINFO_U64(T_OFFSET, t_offset);
5026 	PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5027 	PUT_SINFO_U64(BEACON_RX, rx_beacon);
5028 	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5029 	PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5030 	PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5031 	if (wiphy_ext_feature_isset(&rdev->wiphy,
5032 				    NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5033 		PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5034 		PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5035 	}
5036 
5037 #undef PUT_SINFO
5038 #undef PUT_SINFO_U64
5039 
5040 	if (sinfo->pertid) {
5041 		struct nlattr *tidsattr;
5042 		int tid;
5043 
5044 		tidsattr = nla_nest_start_noflag(msg,
5045 						 NL80211_STA_INFO_TID_STATS);
5046 		if (!tidsattr)
5047 			goto nla_put_failure;
5048 
5049 		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5050 			struct cfg80211_tid_stats *tidstats;
5051 			struct nlattr *tidattr;
5052 
5053 			tidstats = &sinfo->pertid[tid];
5054 
5055 			if (!tidstats->filled)
5056 				continue;
5057 
5058 			tidattr = nla_nest_start_noflag(msg, tid + 1);
5059 			if (!tidattr)
5060 				goto nla_put_failure;
5061 
5062 #define PUT_TIDVAL_U64(attr, memb) do {					\
5063 	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
5064 	    nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr,		\
5065 			      tidstats->memb, NL80211_TID_STATS_PAD))	\
5066 		goto nla_put_failure;					\
5067 	} while (0)
5068 
5069 			PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5070 			PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5071 			PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5072 			PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5073 
5074 #undef PUT_TIDVAL_U64
5075 			if ((tidstats->filled &
5076 			     BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5077 			    !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5078 						   NL80211_TID_STATS_TXQ_STATS))
5079 				goto nla_put_failure;
5080 
5081 			nla_nest_end(msg, tidattr);
5082 		}
5083 
5084 		nla_nest_end(msg, tidsattr);
5085 	}
5086 
5087 	nla_nest_end(msg, sinfoattr);
5088 
5089 	if (sinfo->assoc_req_ies_len &&
5090 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5091 		    sinfo->assoc_req_ies))
5092 		goto nla_put_failure;
5093 
5094 	cfg80211_sinfo_release_content(sinfo);
5095 	genlmsg_end(msg, hdr);
5096 	return 0;
5097 
5098  nla_put_failure:
5099 	cfg80211_sinfo_release_content(sinfo);
5100 	genlmsg_cancel(msg, hdr);
5101 	return -EMSGSIZE;
5102 }
5103 
5104 static int nl80211_dump_station(struct sk_buff *skb,
5105 				struct netlink_callback *cb)
5106 {
5107 	struct station_info sinfo;
5108 	struct cfg80211_registered_device *rdev;
5109 	struct wireless_dev *wdev;
5110 	u8 mac_addr[ETH_ALEN];
5111 	int sta_idx = cb->args[2];
5112 	int err;
5113 
5114 	rtnl_lock();
5115 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5116 	if (err)
5117 		goto out_err;
5118 
5119 	if (!wdev->netdev) {
5120 		err = -EINVAL;
5121 		goto out_err;
5122 	}
5123 
5124 	if (!rdev->ops->dump_station) {
5125 		err = -EOPNOTSUPP;
5126 		goto out_err;
5127 	}
5128 
5129 	while (1) {
5130 		memset(&sinfo, 0, sizeof(sinfo));
5131 		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
5132 					mac_addr, &sinfo);
5133 		if (err == -ENOENT)
5134 			break;
5135 		if (err)
5136 			goto out_err;
5137 
5138 		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
5139 				NETLINK_CB(cb->skb).portid,
5140 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
5141 				rdev, wdev->netdev, mac_addr,
5142 				&sinfo) < 0)
5143 			goto out;
5144 
5145 		sta_idx++;
5146 	}
5147 
5148  out:
5149 	cb->args[2] = sta_idx;
5150 	err = skb->len;
5151  out_err:
5152 	rtnl_unlock();
5153 
5154 	return err;
5155 }
5156 
5157 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
5158 {
5159 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5160 	struct net_device *dev = info->user_ptr[1];
5161 	struct station_info sinfo;
5162 	struct sk_buff *msg;
5163 	u8 *mac_addr = NULL;
5164 	int err;
5165 
5166 	memset(&sinfo, 0, sizeof(sinfo));
5167 
5168 	if (!info->attrs[NL80211_ATTR_MAC])
5169 		return -EINVAL;
5170 
5171 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5172 
5173 	if (!rdev->ops->get_station)
5174 		return -EOPNOTSUPP;
5175 
5176 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
5177 	if (err)
5178 		return err;
5179 
5180 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5181 	if (!msg) {
5182 		cfg80211_sinfo_release_content(&sinfo);
5183 		return -ENOMEM;
5184 	}
5185 
5186 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
5187 				 info->snd_portid, info->snd_seq, 0,
5188 				 rdev, dev, mac_addr, &sinfo) < 0) {
5189 		nlmsg_free(msg);
5190 		return -ENOBUFS;
5191 	}
5192 
5193 	return genlmsg_reply(msg, info);
5194 }
5195 
5196 int cfg80211_check_station_change(struct wiphy *wiphy,
5197 				  struct station_parameters *params,
5198 				  enum cfg80211_station_type statype)
5199 {
5200 	if (params->listen_interval != -1 &&
5201 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5202 		return -EINVAL;
5203 
5204 	if (params->support_p2p_ps != -1 &&
5205 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5206 		return -EINVAL;
5207 
5208 	if (params->aid &&
5209 	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
5210 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5211 		return -EINVAL;
5212 
5213 	/* When you run into this, adjust the code below for the new flag */
5214 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5215 
5216 	switch (statype) {
5217 	case CFG80211_STA_MESH_PEER_KERNEL:
5218 	case CFG80211_STA_MESH_PEER_USER:
5219 		/*
5220 		 * No ignoring the TDLS flag here -- the userspace mesh
5221 		 * code doesn't have the bug of including TDLS in the
5222 		 * mask everywhere.
5223 		 */
5224 		if (params->sta_flags_mask &
5225 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5226 				  BIT(NL80211_STA_FLAG_MFP) |
5227 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
5228 			return -EINVAL;
5229 		break;
5230 	case CFG80211_STA_TDLS_PEER_SETUP:
5231 	case CFG80211_STA_TDLS_PEER_ACTIVE:
5232 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5233 			return -EINVAL;
5234 		/* ignore since it can't change */
5235 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5236 		break;
5237 	default:
5238 		/* disallow mesh-specific things */
5239 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
5240 			return -EINVAL;
5241 		if (params->local_pm)
5242 			return -EINVAL;
5243 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5244 			return -EINVAL;
5245 	}
5246 
5247 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5248 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
5249 		/* TDLS can't be set, ... */
5250 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
5251 			return -EINVAL;
5252 		/*
5253 		 * ... but don't bother the driver with it. This works around
5254 		 * a hostapd/wpa_supplicant issue -- it always includes the
5255 		 * TLDS_PEER flag in the mask even for AP mode.
5256 		 */
5257 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5258 	}
5259 
5260 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5261 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5262 		/* reject other things that can't change */
5263 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
5264 			return -EINVAL;
5265 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
5266 			return -EINVAL;
5267 		if (params->supported_rates)
5268 			return -EINVAL;
5269 		if (params->ext_capab || params->ht_capa || params->vht_capa ||
5270 		    params->he_capa)
5271 			return -EINVAL;
5272 	}
5273 
5274 	if (statype != CFG80211_STA_AP_CLIENT &&
5275 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5276 		if (params->vlan)
5277 			return -EINVAL;
5278 	}
5279 
5280 	switch (statype) {
5281 	case CFG80211_STA_AP_MLME_CLIENT:
5282 		/* Use this only for authorizing/unauthorizing a station */
5283 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5284 			return -EOPNOTSUPP;
5285 		break;
5286 	case CFG80211_STA_AP_CLIENT:
5287 	case CFG80211_STA_AP_CLIENT_UNASSOC:
5288 		/* accept only the listed bits */
5289 		if (params->sta_flags_mask &
5290 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5291 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5292 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
5293 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5294 				  BIT(NL80211_STA_FLAG_WME) |
5295 				  BIT(NL80211_STA_FLAG_MFP)))
5296 			return -EINVAL;
5297 
5298 		/* but authenticated/associated only if driver handles it */
5299 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5300 		    params->sta_flags_mask &
5301 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5302 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
5303 			return -EINVAL;
5304 		break;
5305 	case CFG80211_STA_IBSS:
5306 	case CFG80211_STA_AP_STA:
5307 		/* reject any changes other than AUTHORIZED */
5308 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
5309 			return -EINVAL;
5310 		break;
5311 	case CFG80211_STA_TDLS_PEER_SETUP:
5312 		/* reject any changes other than AUTHORIZED or WME */
5313 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5314 					       BIT(NL80211_STA_FLAG_WME)))
5315 			return -EINVAL;
5316 		/* force (at least) rates when authorizing */
5317 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
5318 		    !params->supported_rates)
5319 			return -EINVAL;
5320 		break;
5321 	case CFG80211_STA_TDLS_PEER_ACTIVE:
5322 		/* reject any changes */
5323 		return -EINVAL;
5324 	case CFG80211_STA_MESH_PEER_KERNEL:
5325 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5326 			return -EINVAL;
5327 		break;
5328 	case CFG80211_STA_MESH_PEER_USER:
5329 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
5330 		    params->plink_action != NL80211_PLINK_ACTION_BLOCK)
5331 			return -EINVAL;
5332 		break;
5333 	}
5334 
5335 	/*
5336 	 * Older kernel versions ignored this attribute entirely, so don't
5337 	 * reject attempts to update it but mark it as unused instead so the
5338 	 * driver won't look at the data.
5339 	 */
5340 	if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
5341 	    statype != CFG80211_STA_TDLS_PEER_SETUP)
5342 		params->opmode_notif_used = false;
5343 
5344 	return 0;
5345 }
5346 EXPORT_SYMBOL(cfg80211_check_station_change);
5347 
5348 /*
5349  * Get vlan interface making sure it is running and on the right wiphy.
5350  */
5351 static struct net_device *get_vlan(struct genl_info *info,
5352 				   struct cfg80211_registered_device *rdev)
5353 {
5354 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
5355 	struct net_device *v;
5356 	int ret;
5357 
5358 	if (!vlanattr)
5359 		return NULL;
5360 
5361 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
5362 	if (!v)
5363 		return ERR_PTR(-ENODEV);
5364 
5365 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
5366 		ret = -EINVAL;
5367 		goto error;
5368 	}
5369 
5370 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5371 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5372 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
5373 		ret = -EINVAL;
5374 		goto error;
5375 	}
5376 
5377 	if (!netif_running(v)) {
5378 		ret = -ENETDOWN;
5379 		goto error;
5380 	}
5381 
5382 	return v;
5383  error:
5384 	dev_put(v);
5385 	return ERR_PTR(ret);
5386 }
5387 
5388 static const struct nla_policy
5389 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
5390 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
5391 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
5392 };
5393 
5394 static int nl80211_parse_sta_wme(struct genl_info *info,
5395 				 struct station_parameters *params)
5396 {
5397 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
5398 	struct nlattr *nla;
5399 	int err;
5400 
5401 	/* parse WME attributes if present */
5402 	if (!info->attrs[NL80211_ATTR_STA_WME])
5403 		return 0;
5404 
5405 	nla = info->attrs[NL80211_ATTR_STA_WME];
5406 	err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
5407 					  nl80211_sta_wme_policy,
5408 					  info->extack);
5409 	if (err)
5410 		return err;
5411 
5412 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
5413 		params->uapsd_queues = nla_get_u8(
5414 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
5415 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
5416 		return -EINVAL;
5417 
5418 	if (tb[NL80211_STA_WME_MAX_SP])
5419 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
5420 
5421 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
5422 		return -EINVAL;
5423 
5424 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
5425 
5426 	return 0;
5427 }
5428 
5429 static int nl80211_parse_sta_channel_info(struct genl_info *info,
5430 				      struct station_parameters *params)
5431 {
5432 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
5433 		params->supported_channels =
5434 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5435 		params->supported_channels_len =
5436 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5437 		/*
5438 		 * Need to include at least one (first channel, number of
5439 		 * channels) tuple for each subband, and must have proper
5440 		 * tuples for the rest of the data as well.
5441 		 */
5442 		if (params->supported_channels_len < 2)
5443 			return -EINVAL;
5444 		if (params->supported_channels_len % 2)
5445 			return -EINVAL;
5446 	}
5447 
5448 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
5449 		params->supported_oper_classes =
5450 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5451 		params->supported_oper_classes_len =
5452 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5453 		/*
5454 		 * The value of the Length field of the Supported Operating
5455 		 * Classes element is between 2 and 253.
5456 		 */
5457 		if (params->supported_oper_classes_len < 2 ||
5458 		    params->supported_oper_classes_len > 253)
5459 			return -EINVAL;
5460 	}
5461 	return 0;
5462 }
5463 
5464 static int nl80211_set_station_tdls(struct genl_info *info,
5465 				    struct station_parameters *params)
5466 {
5467 	int err;
5468 	/* Dummy STA entry gets updated once the peer capabilities are known */
5469 	if (info->attrs[NL80211_ATTR_PEER_AID])
5470 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5471 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5472 		params->ht_capa =
5473 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5474 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5475 		params->vht_capa =
5476 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5477 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5478 		params->he_capa =
5479 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5480 		params->he_capa_len =
5481 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5482 
5483 		if (params->he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5484 			return -EINVAL;
5485 	}
5486 
5487 	err = nl80211_parse_sta_channel_info(info, params);
5488 	if (err)
5489 		return err;
5490 
5491 	return nl80211_parse_sta_wme(info, params);
5492 }
5493 
5494 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
5495 					     struct station_parameters *params)
5496 {
5497 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5498 	int idx;
5499 
5500 	if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
5501 		if (!rdev->ops->set_tx_power ||
5502 		    !wiphy_ext_feature_isset(&rdev->wiphy,
5503 					 NL80211_EXT_FEATURE_STA_TX_PWR))
5504 			return -EOPNOTSUPP;
5505 
5506 		idx = NL80211_ATTR_STA_TX_POWER_SETTING;
5507 		params->txpwr.type = nla_get_u8(info->attrs[idx]);
5508 
5509 		if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
5510 			idx = NL80211_ATTR_STA_TX_POWER;
5511 
5512 			if (info->attrs[idx])
5513 				params->txpwr.power =
5514 					nla_get_s16(info->attrs[idx]);
5515 			else
5516 				return -EINVAL;
5517 		}
5518 		params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
5519 	}
5520 
5521 	return 0;
5522 }
5523 
5524 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
5525 {
5526 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5527 	struct net_device *dev = info->user_ptr[1];
5528 	struct station_parameters params;
5529 	u8 *mac_addr;
5530 	int err;
5531 
5532 	memset(&params, 0, sizeof(params));
5533 
5534 	if (!rdev->ops->change_station)
5535 		return -EOPNOTSUPP;
5536 
5537 	/*
5538 	 * AID and listen_interval properties can be set only for unassociated
5539 	 * station. Include these parameters here and will check them in
5540 	 * cfg80211_check_station_change().
5541 	 */
5542 	if (info->attrs[NL80211_ATTR_STA_AID])
5543 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5544 
5545 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5546 		params.listen_interval =
5547 		     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5548 	else
5549 		params.listen_interval = -1;
5550 
5551 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
5552 		params.support_p2p_ps =
5553 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5554 	else
5555 		params.support_p2p_ps = -1;
5556 
5557 	if (!info->attrs[NL80211_ATTR_MAC])
5558 		return -EINVAL;
5559 
5560 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5561 
5562 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
5563 		params.supported_rates =
5564 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5565 		params.supported_rates_len =
5566 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5567 	}
5568 
5569 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5570 		params.capability =
5571 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5572 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5573 	}
5574 
5575 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5576 		params.ext_capab =
5577 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5578 		params.ext_capab_len =
5579 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5580 	}
5581 
5582 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5583 		return -EINVAL;
5584 
5585 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5586 		params.plink_action =
5587 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5588 
5589 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
5590 		params.plink_state =
5591 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
5592 		if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
5593 			params.peer_aid = nla_get_u16(
5594 				info->attrs[NL80211_ATTR_MESH_PEER_AID]);
5595 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
5596 	}
5597 
5598 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
5599 		params.local_pm = nla_get_u32(
5600 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5601 
5602 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5603 		params.opmode_notif_used = true;
5604 		params.opmode_notif =
5605 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5606 	}
5607 
5608 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5609 		params.airtime_weight =
5610 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5611 
5612 	if (params.airtime_weight &&
5613 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5614 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5615 		return -EOPNOTSUPP;
5616 
5617 	err = nl80211_parse_sta_txpower_setting(info, &params);
5618 	if (err)
5619 		return err;
5620 
5621 	/* Include parameters for TDLS peer (will check later) */
5622 	err = nl80211_set_station_tdls(info, &params);
5623 	if (err)
5624 		return err;
5625 
5626 	params.vlan = get_vlan(info, rdev);
5627 	if (IS_ERR(params.vlan))
5628 		return PTR_ERR(params.vlan);
5629 
5630 	switch (dev->ieee80211_ptr->iftype) {
5631 	case NL80211_IFTYPE_AP:
5632 	case NL80211_IFTYPE_AP_VLAN:
5633 	case NL80211_IFTYPE_P2P_GO:
5634 	case NL80211_IFTYPE_P2P_CLIENT:
5635 	case NL80211_IFTYPE_STATION:
5636 	case NL80211_IFTYPE_ADHOC:
5637 	case NL80211_IFTYPE_MESH_POINT:
5638 		break;
5639 	default:
5640 		err = -EOPNOTSUPP;
5641 		goto out_put_vlan;
5642 	}
5643 
5644 	/* driver will call cfg80211_check_station_change() */
5645 	err = rdev_change_station(rdev, dev, mac_addr, &params);
5646 
5647  out_put_vlan:
5648 	if (params.vlan)
5649 		dev_put(params.vlan);
5650 
5651 	return err;
5652 }
5653 
5654 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5655 {
5656 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5657 	int err;
5658 	struct net_device *dev = info->user_ptr[1];
5659 	struct station_parameters params;
5660 	u8 *mac_addr = NULL;
5661 	u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5662 			 BIT(NL80211_STA_FLAG_ASSOCIATED);
5663 
5664 	memset(&params, 0, sizeof(params));
5665 
5666 	if (!rdev->ops->add_station)
5667 		return -EOPNOTSUPP;
5668 
5669 	if (!info->attrs[NL80211_ATTR_MAC])
5670 		return -EINVAL;
5671 
5672 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5673 		return -EINVAL;
5674 
5675 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5676 		return -EINVAL;
5677 
5678 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
5679 	    !info->attrs[NL80211_ATTR_PEER_AID])
5680 		return -EINVAL;
5681 
5682 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5683 	params.supported_rates =
5684 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5685 	params.supported_rates_len =
5686 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5687 	params.listen_interval =
5688 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5689 
5690 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5691 		params.support_p2p_ps =
5692 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5693 	} else {
5694 		/*
5695 		 * if not specified, assume it's supported for P2P GO interface,
5696 		 * and is NOT supported for AP interface
5697 		 */
5698 		params.support_p2p_ps =
5699 			dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5700 	}
5701 
5702 	if (info->attrs[NL80211_ATTR_PEER_AID])
5703 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5704 	else
5705 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5706 
5707 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5708 		params.capability =
5709 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5710 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5711 	}
5712 
5713 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5714 		params.ext_capab =
5715 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5716 		params.ext_capab_len =
5717 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5718 	}
5719 
5720 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5721 		params.ht_capa =
5722 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5723 
5724 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5725 		params.vht_capa =
5726 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5727 
5728 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5729 		params.he_capa =
5730 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5731 		params.he_capa_len =
5732 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5733 
5734 		/* max len is validated in nla policy */
5735 		if (params.he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5736 			return -EINVAL;
5737 	}
5738 
5739 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5740 		params.opmode_notif_used = true;
5741 		params.opmode_notif =
5742 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5743 	}
5744 
5745 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5746 		params.plink_action =
5747 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5748 
5749 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5750 		params.airtime_weight =
5751 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5752 
5753 	if (params.airtime_weight &&
5754 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5755 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5756 		return -EOPNOTSUPP;
5757 
5758 	err = nl80211_parse_sta_txpower_setting(info, &params);
5759 	if (err)
5760 		return err;
5761 
5762 	err = nl80211_parse_sta_channel_info(info, &params);
5763 	if (err)
5764 		return err;
5765 
5766 	err = nl80211_parse_sta_wme(info, &params);
5767 	if (err)
5768 		return err;
5769 
5770 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5771 		return -EINVAL;
5772 
5773 	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
5774 	 * as userspace might just pass through the capabilities from the IEs
5775 	 * directly, rather than enforcing this restriction and returning an
5776 	 * error in this case.
5777 	 */
5778 	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5779 		params.ht_capa = NULL;
5780 		params.vht_capa = NULL;
5781 
5782 		/* HE requires WME */
5783 		if (params.he_capa_len)
5784 			return -EINVAL;
5785 	}
5786 
5787 	/* When you run into this, adjust the code below for the new flag */
5788 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5789 
5790 	switch (dev->ieee80211_ptr->iftype) {
5791 	case NL80211_IFTYPE_AP:
5792 	case NL80211_IFTYPE_AP_VLAN:
5793 	case NL80211_IFTYPE_P2P_GO:
5794 		/* ignore WME attributes if iface/sta is not capable */
5795 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5796 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5797 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5798 
5799 		/* TDLS peers cannot be added */
5800 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5801 		    info->attrs[NL80211_ATTR_PEER_AID])
5802 			return -EINVAL;
5803 		/* but don't bother the driver with it */
5804 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5805 
5806 		/* allow authenticated/associated only if driver handles it */
5807 		if (!(rdev->wiphy.features &
5808 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5809 		    params.sta_flags_mask & auth_assoc)
5810 			return -EINVAL;
5811 
5812 		/* Older userspace, or userspace wanting to be compatible with
5813 		 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
5814 		 * and assoc flags in the mask, but assumes the station will be
5815 		 * added as associated anyway since this was the required driver
5816 		 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
5817 		 * introduced.
5818 		 * In order to not bother drivers with this quirk in the API
5819 		 * set the flags in both the mask and set for new stations in
5820 		 * this case.
5821 		 */
5822 		if (!(params.sta_flags_mask & auth_assoc)) {
5823 			params.sta_flags_mask |= auth_assoc;
5824 			params.sta_flags_set |= auth_assoc;
5825 		}
5826 
5827 		/* must be last in here for error handling */
5828 		params.vlan = get_vlan(info, rdev);
5829 		if (IS_ERR(params.vlan))
5830 			return PTR_ERR(params.vlan);
5831 		break;
5832 	case NL80211_IFTYPE_MESH_POINT:
5833 		/* ignore uAPSD data */
5834 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5835 
5836 		/* associated is disallowed */
5837 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
5838 			return -EINVAL;
5839 		/* TDLS peers cannot be added */
5840 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5841 		    info->attrs[NL80211_ATTR_PEER_AID])
5842 			return -EINVAL;
5843 		break;
5844 	case NL80211_IFTYPE_STATION:
5845 	case NL80211_IFTYPE_P2P_CLIENT:
5846 		/* ignore uAPSD data */
5847 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5848 
5849 		/* these are disallowed */
5850 		if (params.sta_flags_mask &
5851 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
5852 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
5853 			return -EINVAL;
5854 		/* Only TDLS peers can be added */
5855 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5856 			return -EINVAL;
5857 		/* Can only add if TDLS ... */
5858 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
5859 			return -EOPNOTSUPP;
5860 		/* ... with external setup is supported */
5861 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
5862 			return -EOPNOTSUPP;
5863 		/*
5864 		 * Older wpa_supplicant versions always mark the TDLS peer
5865 		 * as authorized, but it shouldn't yet be.
5866 		 */
5867 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
5868 		break;
5869 	default:
5870 		return -EOPNOTSUPP;
5871 	}
5872 
5873 	/* be aware of params.vlan when changing code here */
5874 
5875 	err = rdev_add_station(rdev, dev, mac_addr, &params);
5876 
5877 	if (params.vlan)
5878 		dev_put(params.vlan);
5879 	return err;
5880 }
5881 
5882 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
5883 {
5884 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5885 	struct net_device *dev = info->user_ptr[1];
5886 	struct station_del_parameters params;
5887 
5888 	memset(&params, 0, sizeof(params));
5889 
5890 	if (info->attrs[NL80211_ATTR_MAC])
5891 		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
5892 
5893 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5894 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5895 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5896 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5897 		return -EINVAL;
5898 
5899 	if (!rdev->ops->del_station)
5900 		return -EOPNOTSUPP;
5901 
5902 	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
5903 		params.subtype =
5904 			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
5905 		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
5906 		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
5907 			return -EINVAL;
5908 	} else {
5909 		/* Default to Deauthentication frame */
5910 		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
5911 	}
5912 
5913 	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
5914 		params.reason_code =
5915 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5916 		if (params.reason_code == 0)
5917 			return -EINVAL; /* 0 is reserved */
5918 	} else {
5919 		/* Default to reason code 2 */
5920 		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
5921 	}
5922 
5923 	return rdev_del_station(rdev, dev, &params);
5924 }
5925 
5926 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
5927 				int flags, struct net_device *dev,
5928 				u8 *dst, u8 *next_hop,
5929 				struct mpath_info *pinfo)
5930 {
5931 	void *hdr;
5932 	struct nlattr *pinfoattr;
5933 
5934 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
5935 	if (!hdr)
5936 		return -1;
5937 
5938 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5939 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
5940 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
5941 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
5942 		goto nla_put_failure;
5943 
5944 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
5945 	if (!pinfoattr)
5946 		goto nla_put_failure;
5947 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
5948 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
5949 			pinfo->frame_qlen))
5950 		goto nla_put_failure;
5951 	if (((pinfo->filled & MPATH_INFO_SN) &&
5952 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
5953 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
5954 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
5955 			 pinfo->metric)) ||
5956 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
5957 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
5958 			 pinfo->exptime)) ||
5959 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
5960 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
5961 			pinfo->flags)) ||
5962 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
5963 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
5964 			 pinfo->discovery_timeout)) ||
5965 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
5966 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
5967 			pinfo->discovery_retries)) ||
5968 	    ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
5969 	     nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
5970 			pinfo->hop_count)) ||
5971 	    ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
5972 	     nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
5973 			 pinfo->path_change_count)))
5974 		goto nla_put_failure;
5975 
5976 	nla_nest_end(msg, pinfoattr);
5977 
5978 	genlmsg_end(msg, hdr);
5979 	return 0;
5980 
5981  nla_put_failure:
5982 	genlmsg_cancel(msg, hdr);
5983 	return -EMSGSIZE;
5984 }
5985 
5986 static int nl80211_dump_mpath(struct sk_buff *skb,
5987 			      struct netlink_callback *cb)
5988 {
5989 	struct mpath_info pinfo;
5990 	struct cfg80211_registered_device *rdev;
5991 	struct wireless_dev *wdev;
5992 	u8 dst[ETH_ALEN];
5993 	u8 next_hop[ETH_ALEN];
5994 	int path_idx = cb->args[2];
5995 	int err;
5996 
5997 	rtnl_lock();
5998 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5999 	if (err)
6000 		goto out_err;
6001 
6002 	if (!rdev->ops->dump_mpath) {
6003 		err = -EOPNOTSUPP;
6004 		goto out_err;
6005 	}
6006 
6007 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6008 		err = -EOPNOTSUPP;
6009 		goto out_err;
6010 	}
6011 
6012 	while (1) {
6013 		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6014 				      next_hop, &pinfo);
6015 		if (err == -ENOENT)
6016 			break;
6017 		if (err)
6018 			goto out_err;
6019 
6020 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6021 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
6022 				       wdev->netdev, dst, next_hop,
6023 				       &pinfo) < 0)
6024 			goto out;
6025 
6026 		path_idx++;
6027 	}
6028 
6029  out:
6030 	cb->args[2] = path_idx;
6031 	err = skb->len;
6032  out_err:
6033 	rtnl_unlock();
6034 	return err;
6035 }
6036 
6037 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6038 {
6039 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6040 	int err;
6041 	struct net_device *dev = info->user_ptr[1];
6042 	struct mpath_info pinfo;
6043 	struct sk_buff *msg;
6044 	u8 *dst = NULL;
6045 	u8 next_hop[ETH_ALEN];
6046 
6047 	memset(&pinfo, 0, sizeof(pinfo));
6048 
6049 	if (!info->attrs[NL80211_ATTR_MAC])
6050 		return -EINVAL;
6051 
6052 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6053 
6054 	if (!rdev->ops->get_mpath)
6055 		return -EOPNOTSUPP;
6056 
6057 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6058 		return -EOPNOTSUPP;
6059 
6060 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6061 	if (err)
6062 		return err;
6063 
6064 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6065 	if (!msg)
6066 		return -ENOMEM;
6067 
6068 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6069 				 dev, dst, next_hop, &pinfo) < 0) {
6070 		nlmsg_free(msg);
6071 		return -ENOBUFS;
6072 	}
6073 
6074 	return genlmsg_reply(msg, info);
6075 }
6076 
6077 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6078 {
6079 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6080 	struct net_device *dev = info->user_ptr[1];
6081 	u8 *dst = NULL;
6082 	u8 *next_hop = NULL;
6083 
6084 	if (!info->attrs[NL80211_ATTR_MAC])
6085 		return -EINVAL;
6086 
6087 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6088 		return -EINVAL;
6089 
6090 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6091 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6092 
6093 	if (!rdev->ops->change_mpath)
6094 		return -EOPNOTSUPP;
6095 
6096 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6097 		return -EOPNOTSUPP;
6098 
6099 	return rdev_change_mpath(rdev, dev, dst, next_hop);
6100 }
6101 
6102 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
6103 {
6104 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6105 	struct net_device *dev = info->user_ptr[1];
6106 	u8 *dst = NULL;
6107 	u8 *next_hop = NULL;
6108 
6109 	if (!info->attrs[NL80211_ATTR_MAC])
6110 		return -EINVAL;
6111 
6112 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6113 		return -EINVAL;
6114 
6115 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6116 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6117 
6118 	if (!rdev->ops->add_mpath)
6119 		return -EOPNOTSUPP;
6120 
6121 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6122 		return -EOPNOTSUPP;
6123 
6124 	return rdev_add_mpath(rdev, dev, dst, next_hop);
6125 }
6126 
6127 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
6128 {
6129 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6130 	struct net_device *dev = info->user_ptr[1];
6131 	u8 *dst = NULL;
6132 
6133 	if (info->attrs[NL80211_ATTR_MAC])
6134 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6135 
6136 	if (!rdev->ops->del_mpath)
6137 		return -EOPNOTSUPP;
6138 
6139 	return rdev_del_mpath(rdev, dev, dst);
6140 }
6141 
6142 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
6143 {
6144 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6145 	int err;
6146 	struct net_device *dev = info->user_ptr[1];
6147 	struct mpath_info pinfo;
6148 	struct sk_buff *msg;
6149 	u8 *dst = NULL;
6150 	u8 mpp[ETH_ALEN];
6151 
6152 	memset(&pinfo, 0, sizeof(pinfo));
6153 
6154 	if (!info->attrs[NL80211_ATTR_MAC])
6155 		return -EINVAL;
6156 
6157 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6158 
6159 	if (!rdev->ops->get_mpp)
6160 		return -EOPNOTSUPP;
6161 
6162 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6163 		return -EOPNOTSUPP;
6164 
6165 	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
6166 	if (err)
6167 		return err;
6168 
6169 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6170 	if (!msg)
6171 		return -ENOMEM;
6172 
6173 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6174 			       dev, dst, mpp, &pinfo) < 0) {
6175 		nlmsg_free(msg);
6176 		return -ENOBUFS;
6177 	}
6178 
6179 	return genlmsg_reply(msg, info);
6180 }
6181 
6182 static int nl80211_dump_mpp(struct sk_buff *skb,
6183 			    struct netlink_callback *cb)
6184 {
6185 	struct mpath_info pinfo;
6186 	struct cfg80211_registered_device *rdev;
6187 	struct wireless_dev *wdev;
6188 	u8 dst[ETH_ALEN];
6189 	u8 mpp[ETH_ALEN];
6190 	int path_idx = cb->args[2];
6191 	int err;
6192 
6193 	rtnl_lock();
6194 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6195 	if (err)
6196 		goto out_err;
6197 
6198 	if (!rdev->ops->dump_mpp) {
6199 		err = -EOPNOTSUPP;
6200 		goto out_err;
6201 	}
6202 
6203 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6204 		err = -EOPNOTSUPP;
6205 		goto out_err;
6206 	}
6207 
6208 	while (1) {
6209 		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
6210 				    mpp, &pinfo);
6211 		if (err == -ENOENT)
6212 			break;
6213 		if (err)
6214 			goto out_err;
6215 
6216 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6217 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
6218 				       wdev->netdev, dst, mpp,
6219 				       &pinfo) < 0)
6220 			goto out;
6221 
6222 		path_idx++;
6223 	}
6224 
6225  out:
6226 	cb->args[2] = path_idx;
6227 	err = skb->len;
6228  out_err:
6229 	rtnl_unlock();
6230 	return err;
6231 }
6232 
6233 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
6234 {
6235 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6236 	struct net_device *dev = info->user_ptr[1];
6237 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6238 	struct bss_parameters params;
6239 	int err;
6240 
6241 	memset(&params, 0, sizeof(params));
6242 	/* default to not changing parameters */
6243 	params.use_cts_prot = -1;
6244 	params.use_short_preamble = -1;
6245 	params.use_short_slot_time = -1;
6246 	params.ap_isolate = -1;
6247 	params.ht_opmode = -1;
6248 	params.p2p_ctwindow = -1;
6249 	params.p2p_opp_ps = -1;
6250 
6251 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
6252 		params.use_cts_prot =
6253 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
6254 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
6255 		params.use_short_preamble =
6256 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
6257 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
6258 		params.use_short_slot_time =
6259 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
6260 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6261 		params.basic_rates =
6262 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6263 		params.basic_rates_len =
6264 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6265 	}
6266 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
6267 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
6268 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
6269 		params.ht_opmode =
6270 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
6271 
6272 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6273 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6274 			return -EINVAL;
6275 		params.p2p_ctwindow =
6276 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6277 		if (params.p2p_ctwindow != 0 &&
6278 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
6279 			return -EINVAL;
6280 	}
6281 
6282 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6283 		u8 tmp;
6284 
6285 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6286 			return -EINVAL;
6287 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6288 		params.p2p_opp_ps = tmp;
6289 		if (params.p2p_opp_ps &&
6290 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
6291 			return -EINVAL;
6292 	}
6293 
6294 	if (!rdev->ops->change_bss)
6295 		return -EOPNOTSUPP;
6296 
6297 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6298 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6299 		return -EOPNOTSUPP;
6300 
6301 	wdev_lock(wdev);
6302 	err = rdev_change_bss(rdev, dev, &params);
6303 	wdev_unlock(wdev);
6304 
6305 	return err;
6306 }
6307 
6308 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
6309 {
6310 	char *data = NULL;
6311 	bool is_indoor;
6312 	enum nl80211_user_reg_hint_type user_reg_hint_type;
6313 	u32 owner_nlportid;
6314 
6315 	/*
6316 	 * You should only get this when cfg80211 hasn't yet initialized
6317 	 * completely when built-in to the kernel right between the time
6318 	 * window between nl80211_init() and regulatory_init(), if that is
6319 	 * even possible.
6320 	 */
6321 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
6322 		return -EINPROGRESS;
6323 
6324 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
6325 		user_reg_hint_type =
6326 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
6327 	else
6328 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
6329 
6330 	switch (user_reg_hint_type) {
6331 	case NL80211_USER_REG_HINT_USER:
6332 	case NL80211_USER_REG_HINT_CELL_BASE:
6333 		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6334 			return -EINVAL;
6335 
6336 		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6337 		return regulatory_hint_user(data, user_reg_hint_type);
6338 	case NL80211_USER_REG_HINT_INDOOR:
6339 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
6340 			owner_nlportid = info->snd_portid;
6341 			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
6342 		} else {
6343 			owner_nlportid = 0;
6344 			is_indoor = true;
6345 		}
6346 
6347 		return regulatory_hint_indoor(is_indoor, owner_nlportid);
6348 	default:
6349 		return -EINVAL;
6350 	}
6351 }
6352 
6353 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
6354 {
6355 	return reg_reload_regdb();
6356 }
6357 
6358 static int nl80211_get_mesh_config(struct sk_buff *skb,
6359 				   struct genl_info *info)
6360 {
6361 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6362 	struct net_device *dev = info->user_ptr[1];
6363 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6364 	struct mesh_config cur_params;
6365 	int err = 0;
6366 	void *hdr;
6367 	struct nlattr *pinfoattr;
6368 	struct sk_buff *msg;
6369 
6370 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6371 		return -EOPNOTSUPP;
6372 
6373 	if (!rdev->ops->get_mesh_config)
6374 		return -EOPNOTSUPP;
6375 
6376 	wdev_lock(wdev);
6377 	/* If not connected, get default parameters */
6378 	if (!wdev->mesh_id_len)
6379 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
6380 	else
6381 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
6382 	wdev_unlock(wdev);
6383 
6384 	if (err)
6385 		return err;
6386 
6387 	/* Draw up a netlink message to send back */
6388 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6389 	if (!msg)
6390 		return -ENOMEM;
6391 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6392 			     NL80211_CMD_GET_MESH_CONFIG);
6393 	if (!hdr)
6394 		goto out;
6395 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
6396 	if (!pinfoattr)
6397 		goto nla_put_failure;
6398 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6399 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
6400 			cur_params.dot11MeshRetryTimeout) ||
6401 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
6402 			cur_params.dot11MeshConfirmTimeout) ||
6403 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
6404 			cur_params.dot11MeshHoldingTimeout) ||
6405 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
6406 			cur_params.dot11MeshMaxPeerLinks) ||
6407 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
6408 		       cur_params.dot11MeshMaxRetries) ||
6409 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
6410 		       cur_params.dot11MeshTTL) ||
6411 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
6412 		       cur_params.element_ttl) ||
6413 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6414 		       cur_params.auto_open_plinks) ||
6415 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6416 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
6417 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6418 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
6419 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
6420 			cur_params.path_refresh_time) ||
6421 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6422 			cur_params.min_discovery_timeout) ||
6423 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6424 			cur_params.dot11MeshHWMPactivePathTimeout) ||
6425 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6426 			cur_params.dot11MeshHWMPpreqMinInterval) ||
6427 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6428 			cur_params.dot11MeshHWMPperrMinInterval) ||
6429 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6430 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
6431 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
6432 		       cur_params.dot11MeshHWMPRootMode) ||
6433 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6434 			cur_params.dot11MeshHWMPRannInterval) ||
6435 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6436 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
6437 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
6438 		       cur_params.dot11MeshForwarding) ||
6439 	    nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
6440 			cur_params.rssi_threshold) ||
6441 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
6442 			cur_params.ht_opmode) ||
6443 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6444 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
6445 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6446 			cur_params.dot11MeshHWMProotInterval) ||
6447 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6448 			cur_params.dot11MeshHWMPconfirmationInterval) ||
6449 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
6450 			cur_params.power_mode) ||
6451 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
6452 			cur_params.dot11MeshAwakeWindowDuration) ||
6453 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
6454 			cur_params.plink_timeout) ||
6455 	    nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
6456 		       cur_params.dot11MeshConnectedToMeshGate))
6457 		goto nla_put_failure;
6458 	nla_nest_end(msg, pinfoattr);
6459 	genlmsg_end(msg, hdr);
6460 	return genlmsg_reply(msg, info);
6461 
6462  nla_put_failure:
6463  out:
6464 	nlmsg_free(msg);
6465 	return -ENOBUFS;
6466 }
6467 
6468 static const struct nla_policy
6469 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
6470 	[NL80211_MESHCONF_RETRY_TIMEOUT] =
6471 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6472 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] =
6473 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6474 	[NL80211_MESHCONF_HOLDING_TIMEOUT] =
6475 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6476 	[NL80211_MESHCONF_MAX_PEER_LINKS] =
6477 		NLA_POLICY_RANGE(NLA_U16, 0, 255),
6478 	[NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
6479 	[NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6480 	[NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6481 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
6482 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
6483 		NLA_POLICY_RANGE(NLA_U32, 1, 255),
6484 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
6485 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
6486 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
6487 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
6488 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
6489 		NLA_POLICY_MIN(NLA_U16, 1),
6490 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
6491 		NLA_POLICY_MIN(NLA_U16, 1),
6492 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
6493 		NLA_POLICY_MIN(NLA_U16, 1),
6494 	[NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
6495 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
6496 		NLA_POLICY_MIN(NLA_U16, 1),
6497 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
6498 	[NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
6499 	[NL80211_MESHCONF_RSSI_THRESHOLD] =
6500 		NLA_POLICY_RANGE(NLA_S32, -255, 0),
6501 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
6502 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
6503 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
6504 		NLA_POLICY_MIN(NLA_U16, 1),
6505 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
6506 		NLA_POLICY_MIN(NLA_U16, 1),
6507 	[NL80211_MESHCONF_POWER_MODE] =
6508 		NLA_POLICY_RANGE(NLA_U32,
6509 				 NL80211_MESH_POWER_ACTIVE,
6510 				 NL80211_MESH_POWER_MAX),
6511 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
6512 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
6513 	[NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
6514 };
6515 
6516 static const struct nla_policy
6517 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
6518 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
6519 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
6520 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
6521 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
6522 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
6523 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
6524 	[NL80211_MESH_SETUP_IE] =
6525 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
6526 				       IEEE80211_MAX_DATA_LEN),
6527 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
6528 };
6529 
6530 static int nl80211_parse_mesh_config(struct genl_info *info,
6531 				     struct mesh_config *cfg,
6532 				     u32 *mask_out)
6533 {
6534 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
6535 	u32 mask = 0;
6536 	u16 ht_opmode;
6537 
6538 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn)	\
6539 do {									\
6540 	if (tb[attr]) {							\
6541 		cfg->param = fn(tb[attr]);				\
6542 		mask |= BIT((attr) - 1);				\
6543 	}								\
6544 } while (0)
6545 
6546 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
6547 		return -EINVAL;
6548 	if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
6549 		return -EINVAL;
6550 
6551 	/* This makes sure that there aren't more than 32 mesh config
6552 	 * parameters (otherwise our bitfield scheme would not work.) */
6553 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
6554 
6555 	/* Fill in the params struct */
6556 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
6557 				  NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
6558 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
6559 				  NL80211_MESHCONF_CONFIRM_TIMEOUT,
6560 				  nla_get_u16);
6561 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
6562 				  NL80211_MESHCONF_HOLDING_TIMEOUT,
6563 				  nla_get_u16);
6564 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
6565 				  NL80211_MESHCONF_MAX_PEER_LINKS,
6566 				  nla_get_u16);
6567 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
6568 				  NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
6569 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
6570 				  NL80211_MESHCONF_TTL, nla_get_u8);
6571 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
6572 				  NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
6573 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
6574 				  NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6575 				  nla_get_u8);
6576 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
6577 				  mask,
6578 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6579 				  nla_get_u32);
6580 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
6581 				  NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6582 				  nla_get_u8);
6583 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
6584 				  NL80211_MESHCONF_PATH_REFRESH_TIME,
6585 				  nla_get_u32);
6586 	if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
6587 	    (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
6588 		return -EINVAL;
6589 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
6590 				  NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6591 				  nla_get_u16);
6592 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6593 				  mask,
6594 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6595 				  nla_get_u32);
6596 	if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
6597 	    (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
6598 	     cfg->dot11MeshHWMPactivePathTimeout > 65535))
6599 		return -EINVAL;
6600 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
6601 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6602 				  nla_get_u16);
6603 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
6604 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6605 				  nla_get_u16);
6606 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6607 				  dot11MeshHWMPnetDiameterTraversalTime, mask,
6608 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6609 				  nla_get_u16);
6610 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
6611 				  NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
6612 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
6613 				  NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6614 				  nla_get_u16);
6615 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
6616 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6617 				  nla_get_u8);
6618 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
6619 				  NL80211_MESHCONF_FORWARDING, nla_get_u8);
6620 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
6621 				  NL80211_MESHCONF_RSSI_THRESHOLD,
6622 				  nla_get_s32);
6623 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
6624 				  NL80211_MESHCONF_CONNECTED_TO_GATE,
6625 				  nla_get_u8);
6626 	/*
6627 	 * Check HT operation mode based on
6628 	 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
6629 	 */
6630 	if (tb[NL80211_MESHCONF_HT_OPMODE]) {
6631 		ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
6632 
6633 		if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
6634 				  IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
6635 				  IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6636 			return -EINVAL;
6637 
6638 		/* NON_HT_STA bit is reserved, but some programs set it */
6639 		ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
6640 
6641 		cfg->ht_opmode = ht_opmode;
6642 		mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6643 	}
6644 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6645 				  dot11MeshHWMPactivePathToRootTimeout, mask,
6646 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6647 				  nla_get_u32);
6648 	if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
6649 	    (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
6650 	     cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
6651 		return -EINVAL;
6652 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
6653 				  NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6654 				  nla_get_u16);
6655 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
6656 				  mask,
6657 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6658 				  nla_get_u16);
6659 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
6660 				  NL80211_MESHCONF_POWER_MODE, nla_get_u32);
6661 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
6662 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
6663 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
6664 				  NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
6665 	if (mask_out)
6666 		*mask_out = mask;
6667 
6668 	return 0;
6669 
6670 #undef FILL_IN_MESH_PARAM_IF_SET
6671 }
6672 
6673 static int nl80211_parse_mesh_setup(struct genl_info *info,
6674 				     struct mesh_setup *setup)
6675 {
6676 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6677 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6678 
6679 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6680 		return -EINVAL;
6681 	if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
6682 		return -EINVAL;
6683 
6684 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6685 		setup->sync_method =
6686 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6687 		 IEEE80211_SYNC_METHOD_VENDOR :
6688 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6689 
6690 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6691 		setup->path_sel_proto =
6692 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6693 		 IEEE80211_PATH_PROTOCOL_VENDOR :
6694 		 IEEE80211_PATH_PROTOCOL_HWMP;
6695 
6696 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6697 		setup->path_metric =
6698 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6699 		 IEEE80211_PATH_METRIC_VENDOR :
6700 		 IEEE80211_PATH_METRIC_AIRTIME;
6701 
6702 	if (tb[NL80211_MESH_SETUP_IE]) {
6703 		struct nlattr *ieattr =
6704 			tb[NL80211_MESH_SETUP_IE];
6705 		setup->ie = nla_data(ieattr);
6706 		setup->ie_len = nla_len(ieattr);
6707 	}
6708 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6709 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6710 		return -EINVAL;
6711 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6712 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6713 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6714 	if (setup->is_secure)
6715 		setup->user_mpm = true;
6716 
6717 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6718 		if (!setup->user_mpm)
6719 			return -EINVAL;
6720 		setup->auth_id =
6721 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6722 	}
6723 
6724 	return 0;
6725 }
6726 
6727 static int nl80211_update_mesh_config(struct sk_buff *skb,
6728 				      struct genl_info *info)
6729 {
6730 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6731 	struct net_device *dev = info->user_ptr[1];
6732 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6733 	struct mesh_config cfg;
6734 	u32 mask;
6735 	int err;
6736 
6737 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6738 		return -EOPNOTSUPP;
6739 
6740 	if (!rdev->ops->update_mesh_config)
6741 		return -EOPNOTSUPP;
6742 
6743 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
6744 	if (err)
6745 		return err;
6746 
6747 	wdev_lock(wdev);
6748 	if (!wdev->mesh_id_len)
6749 		err = -ENOLINK;
6750 
6751 	if (!err)
6752 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6753 
6754 	wdev_unlock(wdev);
6755 
6756 	return err;
6757 }
6758 
6759 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6760 			      struct sk_buff *msg)
6761 {
6762 	struct nlattr *nl_reg_rules;
6763 	unsigned int i;
6764 
6765 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6766 	    (regdom->dfs_region &&
6767 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6768 		goto nla_put_failure;
6769 
6770 	nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
6771 	if (!nl_reg_rules)
6772 		goto nla_put_failure;
6773 
6774 	for (i = 0; i < regdom->n_reg_rules; i++) {
6775 		struct nlattr *nl_reg_rule;
6776 		const struct ieee80211_reg_rule *reg_rule;
6777 		const struct ieee80211_freq_range *freq_range;
6778 		const struct ieee80211_power_rule *power_rule;
6779 		unsigned int max_bandwidth_khz;
6780 
6781 		reg_rule = &regdom->reg_rules[i];
6782 		freq_range = &reg_rule->freq_range;
6783 		power_rule = &reg_rule->power_rule;
6784 
6785 		nl_reg_rule = nla_nest_start_noflag(msg, i);
6786 		if (!nl_reg_rule)
6787 			goto nla_put_failure;
6788 
6789 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
6790 		if (!max_bandwidth_khz)
6791 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6792 								  reg_rule);
6793 
6794 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6795 				reg_rule->flags) ||
6796 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6797 				freq_range->start_freq_khz) ||
6798 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6799 				freq_range->end_freq_khz) ||
6800 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6801 				max_bandwidth_khz) ||
6802 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6803 				power_rule->max_antenna_gain) ||
6804 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6805 				power_rule->max_eirp) ||
6806 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6807 				reg_rule->dfs_cac_ms))
6808 			goto nla_put_failure;
6809 
6810 		nla_nest_end(msg, nl_reg_rule);
6811 	}
6812 
6813 	nla_nest_end(msg, nl_reg_rules);
6814 	return 0;
6815 
6816 nla_put_failure:
6817 	return -EMSGSIZE;
6818 }
6819 
6820 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
6821 {
6822 	const struct ieee80211_regdomain *regdom = NULL;
6823 	struct cfg80211_registered_device *rdev;
6824 	struct wiphy *wiphy = NULL;
6825 	struct sk_buff *msg;
6826 	void *hdr;
6827 
6828 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6829 	if (!msg)
6830 		return -ENOBUFS;
6831 
6832 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6833 			     NL80211_CMD_GET_REG);
6834 	if (!hdr)
6835 		goto put_failure;
6836 
6837 	if (info->attrs[NL80211_ATTR_WIPHY]) {
6838 		bool self_managed;
6839 
6840 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
6841 		if (IS_ERR(rdev)) {
6842 			nlmsg_free(msg);
6843 			return PTR_ERR(rdev);
6844 		}
6845 
6846 		wiphy = &rdev->wiphy;
6847 		self_managed = wiphy->regulatory_flags &
6848 			       REGULATORY_WIPHY_SELF_MANAGED;
6849 		regdom = get_wiphy_regdom(wiphy);
6850 
6851 		/* a self-managed-reg device must have a private regdom */
6852 		if (WARN_ON(!regdom && self_managed)) {
6853 			nlmsg_free(msg);
6854 			return -EINVAL;
6855 		}
6856 
6857 		if (regdom &&
6858 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6859 			goto nla_put_failure;
6860 	}
6861 
6862 	if (!wiphy && reg_last_request_cell_base() &&
6863 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6864 			NL80211_USER_REG_HINT_CELL_BASE))
6865 		goto nla_put_failure;
6866 
6867 	rcu_read_lock();
6868 
6869 	if (!regdom)
6870 		regdom = rcu_dereference(cfg80211_regdomain);
6871 
6872 	if (nl80211_put_regdom(regdom, msg))
6873 		goto nla_put_failure_rcu;
6874 
6875 	rcu_read_unlock();
6876 
6877 	genlmsg_end(msg, hdr);
6878 	return genlmsg_reply(msg, info);
6879 
6880 nla_put_failure_rcu:
6881 	rcu_read_unlock();
6882 nla_put_failure:
6883 put_failure:
6884 	nlmsg_free(msg);
6885 	return -EMSGSIZE;
6886 }
6887 
6888 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
6889 			       u32 seq, int flags, struct wiphy *wiphy,
6890 			       const struct ieee80211_regdomain *regdom)
6891 {
6892 	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6893 				   NL80211_CMD_GET_REG);
6894 
6895 	if (!hdr)
6896 		return -1;
6897 
6898 	genl_dump_check_consistent(cb, hdr);
6899 
6900 	if (nl80211_put_regdom(regdom, msg))
6901 		goto nla_put_failure;
6902 
6903 	if (!wiphy && reg_last_request_cell_base() &&
6904 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6905 			NL80211_USER_REG_HINT_CELL_BASE))
6906 		goto nla_put_failure;
6907 
6908 	if (wiphy &&
6909 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6910 		goto nla_put_failure;
6911 
6912 	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
6913 	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
6914 		goto nla_put_failure;
6915 
6916 	genlmsg_end(msg, hdr);
6917 	return 0;
6918 
6919 nla_put_failure:
6920 	genlmsg_cancel(msg, hdr);
6921 	return -EMSGSIZE;
6922 }
6923 
6924 static int nl80211_get_reg_dump(struct sk_buff *skb,
6925 				struct netlink_callback *cb)
6926 {
6927 	const struct ieee80211_regdomain *regdom = NULL;
6928 	struct cfg80211_registered_device *rdev;
6929 	int err, reg_idx, start = cb->args[2];
6930 
6931 	rtnl_lock();
6932 
6933 	if (cfg80211_regdomain && start == 0) {
6934 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6935 					  NLM_F_MULTI, NULL,
6936 					  rtnl_dereference(cfg80211_regdomain));
6937 		if (err < 0)
6938 			goto out_err;
6939 	}
6940 
6941 	/* the global regdom is idx 0 */
6942 	reg_idx = 1;
6943 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
6944 		regdom = get_wiphy_regdom(&rdev->wiphy);
6945 		if (!regdom)
6946 			continue;
6947 
6948 		if (++reg_idx <= start)
6949 			continue;
6950 
6951 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6952 					  NLM_F_MULTI, &rdev->wiphy, regdom);
6953 		if (err < 0) {
6954 			reg_idx--;
6955 			break;
6956 		}
6957 	}
6958 
6959 	cb->args[2] = reg_idx;
6960 	err = skb->len;
6961 out_err:
6962 	rtnl_unlock();
6963 	return err;
6964 }
6965 
6966 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
6967 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
6968 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
6969 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
6970 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
6971 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
6972 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
6973 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
6974 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
6975 };
6976 
6977 static int parse_reg_rule(struct nlattr *tb[],
6978 	struct ieee80211_reg_rule *reg_rule)
6979 {
6980 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
6981 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
6982 
6983 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
6984 		return -EINVAL;
6985 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
6986 		return -EINVAL;
6987 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
6988 		return -EINVAL;
6989 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
6990 		return -EINVAL;
6991 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
6992 		return -EINVAL;
6993 
6994 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
6995 
6996 	freq_range->start_freq_khz =
6997 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
6998 	freq_range->end_freq_khz =
6999 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7000 	freq_range->max_bandwidth_khz =
7001 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7002 
7003 	power_rule->max_eirp =
7004 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7005 
7006 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7007 		power_rule->max_antenna_gain =
7008 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7009 
7010 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
7011 		reg_rule->dfs_cac_ms =
7012 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7013 
7014 	return 0;
7015 }
7016 
7017 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7018 {
7019 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7020 	struct nlattr *nl_reg_rule;
7021 	char *alpha2;
7022 	int rem_reg_rules, r;
7023 	u32 num_rules = 0, rule_idx = 0;
7024 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7025 	struct ieee80211_regdomain *rd;
7026 
7027 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7028 		return -EINVAL;
7029 
7030 	if (!info->attrs[NL80211_ATTR_REG_RULES])
7031 		return -EINVAL;
7032 
7033 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7034 
7035 	if (info->attrs[NL80211_ATTR_DFS_REGION])
7036 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7037 
7038 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7039 			    rem_reg_rules) {
7040 		num_rules++;
7041 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7042 			return -EINVAL;
7043 	}
7044 
7045 	if (!reg_is_valid_request(alpha2))
7046 		return -EINVAL;
7047 
7048 	rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7049 	if (!rd)
7050 		return -ENOMEM;
7051 
7052 	rd->n_reg_rules = num_rules;
7053 	rd->alpha2[0] = alpha2[0];
7054 	rd->alpha2[1] = alpha2[1];
7055 
7056 	/*
7057 	 * Disable DFS master mode if the DFS region was
7058 	 * not supported or known on this kernel.
7059 	 */
7060 	if (reg_supported_dfs_region(dfs_region))
7061 		rd->dfs_region = dfs_region;
7062 
7063 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7064 			    rem_reg_rules) {
7065 		r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7066 						nl_reg_rule, reg_rule_policy,
7067 						info->extack);
7068 		if (r)
7069 			goto bad_reg;
7070 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
7071 		if (r)
7072 			goto bad_reg;
7073 
7074 		rule_idx++;
7075 
7076 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
7077 			r = -EINVAL;
7078 			goto bad_reg;
7079 		}
7080 	}
7081 
7082 	/* set_regdom takes ownership of rd */
7083 	return set_regdom(rd, REGD_SOURCE_CRDA);
7084  bad_reg:
7085 	kfree(rd);
7086 	return r;
7087 }
7088 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
7089 
7090 static int validate_scan_freqs(struct nlattr *freqs)
7091 {
7092 	struct nlattr *attr1, *attr2;
7093 	int n_channels = 0, tmp1, tmp2;
7094 
7095 	nla_for_each_nested(attr1, freqs, tmp1)
7096 		if (nla_len(attr1) != sizeof(u32))
7097 			return 0;
7098 
7099 	nla_for_each_nested(attr1, freqs, tmp1) {
7100 		n_channels++;
7101 		/*
7102 		 * Some hardware has a limited channel list for
7103 		 * scanning, and it is pretty much nonsensical
7104 		 * to scan for a channel twice, so disallow that
7105 		 * and don't require drivers to check that the
7106 		 * channel list they get isn't longer than what
7107 		 * they can scan, as long as they can scan all
7108 		 * the channels they registered at once.
7109 		 */
7110 		nla_for_each_nested(attr2, freqs, tmp2)
7111 			if (attr1 != attr2 &&
7112 			    nla_get_u32(attr1) == nla_get_u32(attr2))
7113 				return 0;
7114 	}
7115 
7116 	return n_channels;
7117 }
7118 
7119 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
7120 {
7121 	return b < NUM_NL80211_BANDS && wiphy->bands[b];
7122 }
7123 
7124 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
7125 			    struct cfg80211_bss_selection *bss_select)
7126 {
7127 	struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
7128 	struct nlattr *nest;
7129 	int err;
7130 	bool found = false;
7131 	int i;
7132 
7133 	/* only process one nested attribute */
7134 	nest = nla_data(nla);
7135 	if (!nla_ok(nest, nla_len(nest)))
7136 		return -EINVAL;
7137 
7138 	err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
7139 					  nest, nl80211_bss_select_policy,
7140 					  NULL);
7141 	if (err)
7142 		return err;
7143 
7144 	/* only one attribute may be given */
7145 	for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
7146 		if (attr[i]) {
7147 			if (found)
7148 				return -EINVAL;
7149 			found = true;
7150 		}
7151 	}
7152 
7153 	bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
7154 
7155 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
7156 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
7157 
7158 	if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
7159 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
7160 		bss_select->param.band_pref =
7161 			nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
7162 		if (!is_band_valid(wiphy, bss_select->param.band_pref))
7163 			return -EINVAL;
7164 	}
7165 
7166 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
7167 		struct nl80211_bss_select_rssi_adjust *adj_param;
7168 
7169 		adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
7170 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
7171 		bss_select->param.adjust.band = adj_param->band;
7172 		bss_select->param.adjust.delta = adj_param->delta;
7173 		if (!is_band_valid(wiphy, bss_select->param.adjust.band))
7174 			return -EINVAL;
7175 	}
7176 
7177 	/* user-space did not provide behaviour attribute */
7178 	if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
7179 		return -EINVAL;
7180 
7181 	if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
7182 		return -EINVAL;
7183 
7184 	return 0;
7185 }
7186 
7187 int nl80211_parse_random_mac(struct nlattr **attrs,
7188 			     u8 *mac_addr, u8 *mac_addr_mask)
7189 {
7190 	int i;
7191 
7192 	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
7193 		eth_zero_addr(mac_addr);
7194 		eth_zero_addr(mac_addr_mask);
7195 		mac_addr[0] = 0x2;
7196 		mac_addr_mask[0] = 0x3;
7197 
7198 		return 0;
7199 	}
7200 
7201 	/* need both or none */
7202 	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
7203 		return -EINVAL;
7204 
7205 	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
7206 	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
7207 
7208 	/* don't allow or configure an mcast address */
7209 	if (!is_multicast_ether_addr(mac_addr_mask) ||
7210 	    is_multicast_ether_addr(mac_addr))
7211 		return -EINVAL;
7212 
7213 	/*
7214 	 * allow users to pass a MAC address that has bits set outside
7215 	 * of the mask, but don't bother drivers with having to deal
7216 	 * with such bits
7217 	 */
7218 	for (i = 0; i < ETH_ALEN; i++)
7219 		mac_addr[i] &= mac_addr_mask[i];
7220 
7221 	return 0;
7222 }
7223 
7224 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
7225 {
7226 	ASSERT_WDEV_LOCK(wdev);
7227 
7228 	if (!cfg80211_beaconing_iface_active(wdev))
7229 		return true;
7230 
7231 	if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
7232 		return true;
7233 
7234 	return regulatory_pre_cac_allowed(wdev->wiphy);
7235 }
7236 
7237 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
7238 				    enum nl80211_ext_feature_index feat)
7239 {
7240 	if (!(flags & flag))
7241 		return true;
7242 	if (wiphy_ext_feature_isset(wiphy, feat))
7243 		return true;
7244 	return false;
7245 }
7246 
7247 static int
7248 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
7249 			 void *request, struct nlattr **attrs,
7250 			 bool is_sched_scan)
7251 {
7252 	u8 *mac_addr, *mac_addr_mask;
7253 	u32 *flags;
7254 	enum nl80211_feature_flags randomness_flag;
7255 
7256 	if (!attrs[NL80211_ATTR_SCAN_FLAGS])
7257 		return 0;
7258 
7259 	if (is_sched_scan) {
7260 		struct cfg80211_sched_scan_request *req = request;
7261 
7262 		randomness_flag = wdev ?
7263 				  NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
7264 				  NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7265 		flags = &req->flags;
7266 		mac_addr = req->mac_addr;
7267 		mac_addr_mask = req->mac_addr_mask;
7268 	} else {
7269 		struct cfg80211_scan_request *req = request;
7270 
7271 		randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
7272 		flags = &req->flags;
7273 		mac_addr = req->mac_addr;
7274 		mac_addr_mask = req->mac_addr_mask;
7275 	}
7276 
7277 	*flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
7278 
7279 	if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7280 	     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
7281 	    !nl80211_check_scan_feat(wiphy, *flags,
7282 				     NL80211_SCAN_FLAG_LOW_SPAN,
7283 				     NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
7284 	    !nl80211_check_scan_feat(wiphy, *flags,
7285 				     NL80211_SCAN_FLAG_LOW_POWER,
7286 				     NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
7287 	    !nl80211_check_scan_feat(wiphy, *flags,
7288 				     NL80211_SCAN_FLAG_HIGH_ACCURACY,
7289 				     NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
7290 	    !nl80211_check_scan_feat(wiphy, *flags,
7291 				     NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
7292 				     NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
7293 	    !nl80211_check_scan_feat(wiphy, *flags,
7294 				     NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
7295 				     NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
7296 	    !nl80211_check_scan_feat(wiphy, *flags,
7297 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
7298 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
7299 	    !nl80211_check_scan_feat(wiphy, *flags,
7300 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
7301 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
7302 	    !nl80211_check_scan_feat(wiphy, *flags,
7303 				     NL80211_SCAN_FLAG_RANDOM_SN,
7304 				     NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
7305 	    !nl80211_check_scan_feat(wiphy, *flags,
7306 				     NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
7307 				     NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
7308 		return -EOPNOTSUPP;
7309 
7310 	if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7311 		int err;
7312 
7313 		if (!(wiphy->features & randomness_flag) ||
7314 		    (wdev && wdev->current_bss))
7315 			return -EOPNOTSUPP;
7316 
7317 		err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
7318 		if (err)
7319 			return err;
7320 	}
7321 
7322 	return 0;
7323 }
7324 
7325 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
7326 {
7327 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7328 	struct wireless_dev *wdev = info->user_ptr[1];
7329 	struct cfg80211_scan_request *request;
7330 	struct nlattr *attr;
7331 	struct wiphy *wiphy;
7332 	int err, tmp, n_ssids = 0, n_channels, i;
7333 	size_t ie_len;
7334 
7335 	wiphy = &rdev->wiphy;
7336 
7337 	if (wdev->iftype == NL80211_IFTYPE_NAN)
7338 		return -EOPNOTSUPP;
7339 
7340 	if (!rdev->ops->scan)
7341 		return -EOPNOTSUPP;
7342 
7343 	if (rdev->scan_req || rdev->scan_msg) {
7344 		err = -EBUSY;
7345 		goto unlock;
7346 	}
7347 
7348 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7349 		n_channels = validate_scan_freqs(
7350 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7351 		if (!n_channels) {
7352 			err = -EINVAL;
7353 			goto unlock;
7354 		}
7355 	} else {
7356 		n_channels = ieee80211_get_num_supported_channels(wiphy);
7357 	}
7358 
7359 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
7360 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
7361 			n_ssids++;
7362 
7363 	if (n_ssids > wiphy->max_scan_ssids) {
7364 		err = -EINVAL;
7365 		goto unlock;
7366 	}
7367 
7368 	if (info->attrs[NL80211_ATTR_IE])
7369 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7370 	else
7371 		ie_len = 0;
7372 
7373 	if (ie_len > wiphy->max_scan_ie_len) {
7374 		err = -EINVAL;
7375 		goto unlock;
7376 	}
7377 
7378 	request = kzalloc(sizeof(*request)
7379 			+ sizeof(*request->ssids) * n_ssids
7380 			+ sizeof(*request->channels) * n_channels
7381 			+ ie_len, GFP_KERNEL);
7382 	if (!request) {
7383 		err = -ENOMEM;
7384 		goto unlock;
7385 	}
7386 
7387 	if (n_ssids)
7388 		request->ssids = (void *)&request->channels[n_channels];
7389 	request->n_ssids = n_ssids;
7390 	if (ie_len) {
7391 		if (n_ssids)
7392 			request->ie = (void *)(request->ssids + n_ssids);
7393 		else
7394 			request->ie = (void *)(request->channels + n_channels);
7395 	}
7396 
7397 	i = 0;
7398 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7399 		/* user specified, bail out if channel not found */
7400 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
7401 			struct ieee80211_channel *chan;
7402 
7403 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7404 
7405 			if (!chan) {
7406 				err = -EINVAL;
7407 				goto out_free;
7408 			}
7409 
7410 			/* ignore disabled channels */
7411 			if (chan->flags & IEEE80211_CHAN_DISABLED)
7412 				continue;
7413 
7414 			request->channels[i] = chan;
7415 			i++;
7416 		}
7417 	} else {
7418 		enum nl80211_band band;
7419 
7420 		/* all channels */
7421 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
7422 			int j;
7423 
7424 			if (!wiphy->bands[band])
7425 				continue;
7426 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7427 				struct ieee80211_channel *chan;
7428 
7429 				chan = &wiphy->bands[band]->channels[j];
7430 
7431 				if (chan->flags & IEEE80211_CHAN_DISABLED)
7432 					continue;
7433 
7434 				request->channels[i] = chan;
7435 				i++;
7436 			}
7437 		}
7438 	}
7439 
7440 	if (!i) {
7441 		err = -EINVAL;
7442 		goto out_free;
7443 	}
7444 
7445 	request->n_channels = i;
7446 
7447 	wdev_lock(wdev);
7448 	if (!cfg80211_off_channel_oper_allowed(wdev)) {
7449 		struct ieee80211_channel *chan;
7450 
7451 		if (request->n_channels != 1) {
7452 			wdev_unlock(wdev);
7453 			err = -EBUSY;
7454 			goto out_free;
7455 		}
7456 
7457 		chan = request->channels[0];
7458 		if (chan->center_freq != wdev->chandef.chan->center_freq) {
7459 			wdev_unlock(wdev);
7460 			err = -EBUSY;
7461 			goto out_free;
7462 		}
7463 	}
7464 	wdev_unlock(wdev);
7465 
7466 	i = 0;
7467 	if (n_ssids) {
7468 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
7469 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7470 				err = -EINVAL;
7471 				goto out_free;
7472 			}
7473 			request->ssids[i].ssid_len = nla_len(attr);
7474 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
7475 			i++;
7476 		}
7477 	}
7478 
7479 	if (info->attrs[NL80211_ATTR_IE]) {
7480 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7481 		memcpy((void *)request->ie,
7482 		       nla_data(info->attrs[NL80211_ATTR_IE]),
7483 		       request->ie_len);
7484 	}
7485 
7486 	for (i = 0; i < NUM_NL80211_BANDS; i++)
7487 		if (wiphy->bands[i])
7488 			request->rates[i] =
7489 				(1 << wiphy->bands[i]->n_bitrates) - 1;
7490 
7491 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
7492 		nla_for_each_nested(attr,
7493 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
7494 				    tmp) {
7495 			enum nl80211_band band = nla_type(attr);
7496 
7497 			if (band < 0 || band >= NUM_NL80211_BANDS) {
7498 				err = -EINVAL;
7499 				goto out_free;
7500 			}
7501 
7502 			if (!wiphy->bands[band])
7503 				continue;
7504 
7505 			err = ieee80211_get_ratemask(wiphy->bands[band],
7506 						     nla_data(attr),
7507 						     nla_len(attr),
7508 						     &request->rates[band]);
7509 			if (err)
7510 				goto out_free;
7511 		}
7512 	}
7513 
7514 	if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
7515 		if (!wiphy_ext_feature_isset(wiphy,
7516 					NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
7517 			err = -EOPNOTSUPP;
7518 			goto out_free;
7519 		}
7520 
7521 		request->duration =
7522 			nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
7523 		request->duration_mandatory =
7524 			nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
7525 	}
7526 
7527 	err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
7528 				       false);
7529 	if (err)
7530 		goto out_free;
7531 
7532 	request->no_cck =
7533 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7534 
7535 	/* Initial implementation used NL80211_ATTR_MAC to set the specific
7536 	 * BSSID to scan for. This was problematic because that same attribute
7537 	 * was already used for another purpose (local random MAC address). The
7538 	 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
7539 	 * compatibility with older userspace components, also use the
7540 	 * NL80211_ATTR_MAC value here if it can be determined to be used for
7541 	 * the specific BSSID use case instead of the random MAC address
7542 	 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
7543 	 */
7544 	if (info->attrs[NL80211_ATTR_BSSID])
7545 		memcpy(request->bssid,
7546 		       nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
7547 	else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
7548 		 info->attrs[NL80211_ATTR_MAC])
7549 		memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
7550 		       ETH_ALEN);
7551 	else
7552 		eth_broadcast_addr(request->bssid);
7553 
7554 	request->wdev = wdev;
7555 	request->wiphy = &rdev->wiphy;
7556 	request->scan_start = jiffies;
7557 
7558 	rdev->scan_req = request;
7559 	err = rdev_scan(rdev, request);
7560 
7561 	if (!err) {
7562 		nl80211_send_scan_start(rdev, wdev);
7563 		if (wdev->netdev)
7564 			dev_hold(wdev->netdev);
7565 	} else {
7566  out_free:
7567 		rdev->scan_req = NULL;
7568 		kfree(request);
7569 	}
7570 
7571  unlock:
7572 	return err;
7573 }
7574 
7575 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
7576 {
7577 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7578 	struct wireless_dev *wdev = info->user_ptr[1];
7579 
7580 	if (!rdev->ops->abort_scan)
7581 		return -EOPNOTSUPP;
7582 
7583 	if (rdev->scan_msg)
7584 		return 0;
7585 
7586 	if (!rdev->scan_req)
7587 		return -ENOENT;
7588 
7589 	rdev_abort_scan(rdev, wdev);
7590 	return 0;
7591 }
7592 
7593 static int
7594 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
7595 			       struct cfg80211_sched_scan_request *request,
7596 			       struct nlattr **attrs)
7597 {
7598 	int tmp, err, i = 0;
7599 	struct nlattr *attr;
7600 
7601 	if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7602 		u32 interval;
7603 
7604 		/*
7605 		 * If scan plans are not specified,
7606 		 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
7607 		 * case one scan plan will be set with the specified scan
7608 		 * interval and infinite number of iterations.
7609 		 */
7610 		interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
7611 		if (!interval)
7612 			return -EINVAL;
7613 
7614 		request->scan_plans[0].interval =
7615 			DIV_ROUND_UP(interval, MSEC_PER_SEC);
7616 		if (!request->scan_plans[0].interval)
7617 			return -EINVAL;
7618 
7619 		if (request->scan_plans[0].interval >
7620 		    wiphy->max_sched_scan_plan_interval)
7621 			request->scan_plans[0].interval =
7622 				wiphy->max_sched_scan_plan_interval;
7623 
7624 		return 0;
7625 	}
7626 
7627 	nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
7628 		struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
7629 
7630 		if (WARN_ON(i >= n_plans))
7631 			return -EINVAL;
7632 
7633 		err = nla_parse_nested_deprecated(plan,
7634 						  NL80211_SCHED_SCAN_PLAN_MAX,
7635 						  attr, nl80211_plan_policy,
7636 						  NULL);
7637 		if (err)
7638 			return err;
7639 
7640 		if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
7641 			return -EINVAL;
7642 
7643 		request->scan_plans[i].interval =
7644 			nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
7645 		if (!request->scan_plans[i].interval ||
7646 		    request->scan_plans[i].interval >
7647 		    wiphy->max_sched_scan_plan_interval)
7648 			return -EINVAL;
7649 
7650 		if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
7651 			request->scan_plans[i].iterations =
7652 				nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
7653 			if (!request->scan_plans[i].iterations ||
7654 			    (request->scan_plans[i].iterations >
7655 			     wiphy->max_sched_scan_plan_iterations))
7656 				return -EINVAL;
7657 		} else if (i < n_plans - 1) {
7658 			/*
7659 			 * All scan plans but the last one must specify
7660 			 * a finite number of iterations
7661 			 */
7662 			return -EINVAL;
7663 		}
7664 
7665 		i++;
7666 	}
7667 
7668 	/*
7669 	 * The last scan plan must not specify the number of
7670 	 * iterations, it is supposed to run infinitely
7671 	 */
7672 	if (request->scan_plans[n_plans - 1].iterations)
7673 		return  -EINVAL;
7674 
7675 	return 0;
7676 }
7677 
7678 static int
7679 nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
7680 				       struct cfg80211_match_set *match_sets,
7681 				       struct nlattr *tb_band_rssi,
7682 				       s32 rssi_thold)
7683 {
7684 	struct nlattr *attr;
7685 	int i, tmp, ret = 0;
7686 
7687 	if (!wiphy_ext_feature_isset(wiphy,
7688 		    NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
7689 		if (tb_band_rssi)
7690 			ret = -EOPNOTSUPP;
7691 		else
7692 			for (i = 0; i < NUM_NL80211_BANDS; i++)
7693 				match_sets->per_band_rssi_thold[i] =
7694 					NL80211_SCAN_RSSI_THOLD_OFF;
7695 		return ret;
7696 	}
7697 
7698 	for (i = 0; i < NUM_NL80211_BANDS; i++)
7699 		match_sets->per_band_rssi_thold[i] = rssi_thold;
7700 
7701 	nla_for_each_nested(attr, tb_band_rssi, tmp) {
7702 		enum nl80211_band band = nla_type(attr);
7703 
7704 		if (band < 0 || band >= NUM_NL80211_BANDS)
7705 			return -EINVAL;
7706 
7707 		match_sets->per_band_rssi_thold[band] =	nla_get_s32(attr);
7708 	}
7709 
7710 	return 0;
7711 }
7712 
7713 static struct cfg80211_sched_scan_request *
7714 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
7715 			 struct nlattr **attrs, int max_match_sets)
7716 {
7717 	struct cfg80211_sched_scan_request *request;
7718 	struct nlattr *attr;
7719 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7720 	enum nl80211_band band;
7721 	size_t ie_len;
7722 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7723 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7724 
7725 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7726 		n_channels = validate_scan_freqs(
7727 				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7728 		if (!n_channels)
7729 			return ERR_PTR(-EINVAL);
7730 	} else {
7731 		n_channels = ieee80211_get_num_supported_channels(wiphy);
7732 	}
7733 
7734 	if (attrs[NL80211_ATTR_SCAN_SSIDS])
7735 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7736 				    tmp)
7737 			n_ssids++;
7738 
7739 	if (n_ssids > wiphy->max_sched_scan_ssids)
7740 		return ERR_PTR(-EINVAL);
7741 
7742 	/*
7743 	 * First, count the number of 'real' matchsets. Due to an issue with
7744 	 * the old implementation, matchsets containing only the RSSI attribute
7745 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
7746 	 * RSSI for all matchsets, rather than their own matchset for reporting
7747 	 * all APs with a strong RSSI. This is needed to be compatible with
7748 	 * older userspace that treated a matchset with only the RSSI as the
7749 	 * global RSSI for all other matchsets - if there are other matchsets.
7750 	 */
7751 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7752 		nla_for_each_nested(attr,
7753 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7754 				    tmp) {
7755 			struct nlattr *rssi;
7756 
7757 			err = nla_parse_nested_deprecated(tb,
7758 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7759 							  attr,
7760 							  nl80211_match_policy,
7761 							  NULL);
7762 			if (err)
7763 				return ERR_PTR(err);
7764 
7765 			/* SSID and BSSID are mutually exclusive */
7766 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7767 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7768 				return ERR_PTR(-EINVAL);
7769 
7770 			/* add other standalone attributes here */
7771 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7772 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7773 				n_match_sets++;
7774 				continue;
7775 			}
7776 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7777 			if (rssi)
7778 				default_match_rssi = nla_get_s32(rssi);
7779 		}
7780 	}
7781 
7782 	/* However, if there's no other matchset, add the RSSI one */
7783 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7784 		n_match_sets = 1;
7785 
7786 	if (n_match_sets > max_match_sets)
7787 		return ERR_PTR(-EINVAL);
7788 
7789 	if (attrs[NL80211_ATTR_IE])
7790 		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7791 	else
7792 		ie_len = 0;
7793 
7794 	if (ie_len > wiphy->max_sched_scan_ie_len)
7795 		return ERR_PTR(-EINVAL);
7796 
7797 	if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7798 		/*
7799 		 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
7800 		 * each scan plan already specifies its own interval
7801 		 */
7802 		if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7803 			return ERR_PTR(-EINVAL);
7804 
7805 		nla_for_each_nested(attr,
7806 				    attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7807 			n_plans++;
7808 	} else {
7809 		/*
7810 		 * The scan interval attribute is kept for backward
7811 		 * compatibility. If no scan plans are specified and sched scan
7812 		 * interval is specified, one scan plan will be set with this
7813 		 * scan interval and infinite number of iterations.
7814 		 */
7815 		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7816 			return ERR_PTR(-EINVAL);
7817 
7818 		n_plans = 1;
7819 	}
7820 
7821 	if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
7822 		return ERR_PTR(-EINVAL);
7823 
7824 	if (!wiphy_ext_feature_isset(
7825 		    wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
7826 	    (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
7827 	     attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
7828 		return ERR_PTR(-EINVAL);
7829 
7830 	request = kzalloc(sizeof(*request)
7831 			+ sizeof(*request->ssids) * n_ssids
7832 			+ sizeof(*request->match_sets) * n_match_sets
7833 			+ sizeof(*request->scan_plans) * n_plans
7834 			+ sizeof(*request->channels) * n_channels
7835 			+ ie_len, GFP_KERNEL);
7836 	if (!request)
7837 		return ERR_PTR(-ENOMEM);
7838 
7839 	if (n_ssids)
7840 		request->ssids = (void *)&request->channels[n_channels];
7841 	request->n_ssids = n_ssids;
7842 	if (ie_len) {
7843 		if (n_ssids)
7844 			request->ie = (void *)(request->ssids + n_ssids);
7845 		else
7846 			request->ie = (void *)(request->channels + n_channels);
7847 	}
7848 
7849 	if (n_match_sets) {
7850 		if (request->ie)
7851 			request->match_sets = (void *)(request->ie + ie_len);
7852 		else if (n_ssids)
7853 			request->match_sets =
7854 				(void *)(request->ssids + n_ssids);
7855 		else
7856 			request->match_sets =
7857 				(void *)(request->channels + n_channels);
7858 	}
7859 	request->n_match_sets = n_match_sets;
7860 
7861 	if (n_match_sets)
7862 		request->scan_plans = (void *)(request->match_sets +
7863 					       n_match_sets);
7864 	else if (request->ie)
7865 		request->scan_plans = (void *)(request->ie + ie_len);
7866 	else if (n_ssids)
7867 		request->scan_plans = (void *)(request->ssids + n_ssids);
7868 	else
7869 		request->scan_plans = (void *)(request->channels + n_channels);
7870 
7871 	request->n_scan_plans = n_plans;
7872 
7873 	i = 0;
7874 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7875 		/* user specified, bail out if channel not found */
7876 		nla_for_each_nested(attr,
7877 				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
7878 				    tmp) {
7879 			struct ieee80211_channel *chan;
7880 
7881 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7882 
7883 			if (!chan) {
7884 				err = -EINVAL;
7885 				goto out_free;
7886 			}
7887 
7888 			/* ignore disabled channels */
7889 			if (chan->flags & IEEE80211_CHAN_DISABLED)
7890 				continue;
7891 
7892 			request->channels[i] = chan;
7893 			i++;
7894 		}
7895 	} else {
7896 		/* all channels */
7897 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
7898 			int j;
7899 
7900 			if (!wiphy->bands[band])
7901 				continue;
7902 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7903 				struct ieee80211_channel *chan;
7904 
7905 				chan = &wiphy->bands[band]->channels[j];
7906 
7907 				if (chan->flags & IEEE80211_CHAN_DISABLED)
7908 					continue;
7909 
7910 				request->channels[i] = chan;
7911 				i++;
7912 			}
7913 		}
7914 	}
7915 
7916 	if (!i) {
7917 		err = -EINVAL;
7918 		goto out_free;
7919 	}
7920 
7921 	request->n_channels = i;
7922 
7923 	i = 0;
7924 	if (n_ssids) {
7925 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7926 				    tmp) {
7927 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7928 				err = -EINVAL;
7929 				goto out_free;
7930 			}
7931 			request->ssids[i].ssid_len = nla_len(attr);
7932 			memcpy(request->ssids[i].ssid, nla_data(attr),
7933 			       nla_len(attr));
7934 			i++;
7935 		}
7936 	}
7937 
7938 	i = 0;
7939 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7940 		nla_for_each_nested(attr,
7941 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7942 				    tmp) {
7943 			struct nlattr *ssid, *bssid, *rssi;
7944 
7945 			err = nla_parse_nested_deprecated(tb,
7946 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7947 							  attr,
7948 							  nl80211_match_policy,
7949 							  NULL);
7950 			if (err)
7951 				goto out_free;
7952 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
7953 			bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
7954 
7955 			if (!ssid && !bssid) {
7956 				i++;
7957 				continue;
7958 			}
7959 
7960 			if (WARN_ON(i >= n_match_sets)) {
7961 				/* this indicates a programming error,
7962 				 * the loop above should have verified
7963 				 * things properly
7964 				 */
7965 				err = -EINVAL;
7966 				goto out_free;
7967 			}
7968 
7969 			if (ssid) {
7970 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
7971 					err = -EINVAL;
7972 					goto out_free;
7973 				}
7974 				memcpy(request->match_sets[i].ssid.ssid,
7975 				       nla_data(ssid), nla_len(ssid));
7976 				request->match_sets[i].ssid.ssid_len =
7977 					nla_len(ssid);
7978 			}
7979 			if (bssid) {
7980 				if (nla_len(bssid) != ETH_ALEN) {
7981 					err = -EINVAL;
7982 					goto out_free;
7983 				}
7984 				memcpy(request->match_sets[i].bssid,
7985 				       nla_data(bssid), ETH_ALEN);
7986 			}
7987 
7988 			/* special attribute - old implementation w/a */
7989 			request->match_sets[i].rssi_thold = default_match_rssi;
7990 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7991 			if (rssi)
7992 				request->match_sets[i].rssi_thold =
7993 					nla_get_s32(rssi);
7994 
7995 			/* Parse per band RSSI attribute */
7996 			err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
7997 				&request->match_sets[i],
7998 				tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
7999 				request->match_sets[i].rssi_thold);
8000 			if (err)
8001 				goto out_free;
8002 
8003 			i++;
8004 		}
8005 
8006 		/* there was no other matchset, so the RSSI one is alone */
8007 		if (i == 0 && n_match_sets)
8008 			request->match_sets[0].rssi_thold = default_match_rssi;
8009 
8010 		request->min_rssi_thold = INT_MAX;
8011 		for (i = 0; i < n_match_sets; i++)
8012 			request->min_rssi_thold =
8013 				min(request->match_sets[i].rssi_thold,
8014 				    request->min_rssi_thold);
8015 	} else {
8016 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8017 	}
8018 
8019 	if (ie_len) {
8020 		request->ie_len = ie_len;
8021 		memcpy((void *)request->ie,
8022 		       nla_data(attrs[NL80211_ATTR_IE]),
8023 		       request->ie_len);
8024 	}
8025 
8026 	err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8027 	if (err)
8028 		goto out_free;
8029 
8030 	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8031 		request->delay =
8032 			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8033 
8034 	if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8035 		request->relative_rssi = nla_get_s8(
8036 			attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8037 		request->relative_rssi_set = true;
8038 	}
8039 
8040 	if (request->relative_rssi_set &&
8041 	    attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8042 		struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8043 
8044 		rssi_adjust = nla_data(
8045 			attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8046 		request->rssi_adjust.band = rssi_adjust->band;
8047 		request->rssi_adjust.delta = rssi_adjust->delta;
8048 		if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8049 			err = -EINVAL;
8050 			goto out_free;
8051 		}
8052 	}
8053 
8054 	err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8055 	if (err)
8056 		goto out_free;
8057 
8058 	request->scan_start = jiffies;
8059 
8060 	return request;
8061 
8062 out_free:
8063 	kfree(request);
8064 	return ERR_PTR(err);
8065 }
8066 
8067 static int nl80211_start_sched_scan(struct sk_buff *skb,
8068 				    struct genl_info *info)
8069 {
8070 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8071 	struct net_device *dev = info->user_ptr[1];
8072 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8073 	struct cfg80211_sched_scan_request *sched_scan_req;
8074 	bool want_multi;
8075 	int err;
8076 
8077 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8078 		return -EOPNOTSUPP;
8079 
8080 	want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
8081 	err = cfg80211_sched_scan_req_possible(rdev, want_multi);
8082 	if (err)
8083 		return err;
8084 
8085 	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
8086 						  info->attrs,
8087 						  rdev->wiphy.max_match_sets);
8088 
8089 	err = PTR_ERR_OR_ZERO(sched_scan_req);
8090 	if (err)
8091 		goto out_err;
8092 
8093 	/* leave request id zero for legacy request
8094 	 * or if driver does not support multi-scheduled scan
8095 	 */
8096 	if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
8097 		while (!sched_scan_req->reqid)
8098 			sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
8099 	}
8100 
8101 	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
8102 	if (err)
8103 		goto out_free;
8104 
8105 	sched_scan_req->dev = dev;
8106 	sched_scan_req->wiphy = &rdev->wiphy;
8107 
8108 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
8109 		sched_scan_req->owner_nlportid = info->snd_portid;
8110 
8111 	cfg80211_add_sched_scan_req(rdev, sched_scan_req);
8112 
8113 	nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
8114 	return 0;
8115 
8116 out_free:
8117 	kfree(sched_scan_req);
8118 out_err:
8119 	return err;
8120 }
8121 
8122 static int nl80211_stop_sched_scan(struct sk_buff *skb,
8123 				   struct genl_info *info)
8124 {
8125 	struct cfg80211_sched_scan_request *req;
8126 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8127 	u64 cookie;
8128 
8129 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
8130 		return -EOPNOTSUPP;
8131 
8132 	if (info->attrs[NL80211_ATTR_COOKIE]) {
8133 		cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8134 		return __cfg80211_stop_sched_scan(rdev, cookie, false);
8135 	}
8136 
8137 	req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
8138 				     struct cfg80211_sched_scan_request,
8139 				     list);
8140 	if (!req || req->reqid ||
8141 	    (req->owner_nlportid &&
8142 	     req->owner_nlportid != info->snd_portid))
8143 		return -ENOENT;
8144 
8145 	return cfg80211_stop_sched_scan_req(rdev, req, false);
8146 }
8147 
8148 static int nl80211_start_radar_detection(struct sk_buff *skb,
8149 					 struct genl_info *info)
8150 {
8151 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8152 	struct net_device *dev = info->user_ptr[1];
8153 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8154 	struct wiphy *wiphy = wdev->wiphy;
8155 	struct cfg80211_chan_def chandef;
8156 	enum nl80211_dfs_regions dfs_region;
8157 	unsigned int cac_time_ms;
8158 	int err;
8159 
8160 	dfs_region = reg_get_dfs_region(wiphy);
8161 	if (dfs_region == NL80211_DFS_UNSET)
8162 		return -EINVAL;
8163 
8164 	err = nl80211_parse_chandef(rdev, info, &chandef);
8165 	if (err)
8166 		return err;
8167 
8168 	if (netif_carrier_ok(dev))
8169 		return -EBUSY;
8170 
8171 	if (wdev->cac_started)
8172 		return -EBUSY;
8173 
8174 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8175 	if (err < 0)
8176 		return err;
8177 
8178 	if (err == 0)
8179 		return -EINVAL;
8180 
8181 	if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
8182 		return -EINVAL;
8183 
8184 	/* CAC start is offloaded to HW and can't be started manually */
8185 	if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
8186 		return -EOPNOTSUPP;
8187 
8188 	if (!rdev->ops->start_radar_detection)
8189 		return -EOPNOTSUPP;
8190 
8191 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
8192 	if (WARN_ON(!cac_time_ms))
8193 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
8194 
8195 	err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
8196 	if (!err) {
8197 		wdev->chandef = chandef;
8198 		wdev->cac_started = true;
8199 		wdev->cac_start_time = jiffies;
8200 		wdev->cac_time_ms = cac_time_ms;
8201 	}
8202 	return err;
8203 }
8204 
8205 static int nl80211_notify_radar_detection(struct sk_buff *skb,
8206 					  struct genl_info *info)
8207 {
8208 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8209 	struct net_device *dev = info->user_ptr[1];
8210 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8211 	struct wiphy *wiphy = wdev->wiphy;
8212 	struct cfg80211_chan_def chandef;
8213 	enum nl80211_dfs_regions dfs_region;
8214 	int err;
8215 
8216 	dfs_region = reg_get_dfs_region(wiphy);
8217 	if (dfs_region == NL80211_DFS_UNSET) {
8218 		GENL_SET_ERR_MSG(info,
8219 				 "DFS Region is not set. Unexpected Radar indication");
8220 		return -EINVAL;
8221 	}
8222 
8223 	err = nl80211_parse_chandef(rdev, info, &chandef);
8224 	if (err) {
8225 		GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
8226 		return err;
8227 	}
8228 
8229 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8230 	if (err < 0) {
8231 		GENL_SET_ERR_MSG(info, "chandef is invalid");
8232 		return err;
8233 	}
8234 
8235 	if (err == 0) {
8236 		GENL_SET_ERR_MSG(info,
8237 				 "Unexpected Radar indication for chandef/iftype");
8238 		return -EINVAL;
8239 	}
8240 
8241 	/* Do not process this notification if radar is already detected
8242 	 * by kernel on this channel, and return success.
8243 	 */
8244 	if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
8245 		return 0;
8246 
8247 	cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
8248 
8249 	cfg80211_sched_dfs_chan_update(rdev);
8250 
8251 	rdev->radar_chandef = chandef;
8252 
8253 	/* Propagate this notification to other radios as well */
8254 	queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
8255 
8256 	return 0;
8257 }
8258 
8259 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
8260 {
8261 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8262 	struct net_device *dev = info->user_ptr[1];
8263 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8264 	struct cfg80211_csa_settings params;
8265 	/* csa_attrs is defined static to avoid waste of stack size - this
8266 	 * function is called under RTNL lock, so this should not be a problem.
8267 	 */
8268 	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
8269 	int err;
8270 	bool need_new_beacon = false;
8271 	bool need_handle_dfs_flag = true;
8272 	int len, i;
8273 	u32 cs_count;
8274 
8275 	if (!rdev->ops->channel_switch ||
8276 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
8277 		return -EOPNOTSUPP;
8278 
8279 	switch (dev->ieee80211_ptr->iftype) {
8280 	case NL80211_IFTYPE_AP:
8281 	case NL80211_IFTYPE_P2P_GO:
8282 		need_new_beacon = true;
8283 		/* For all modes except AP the handle_dfs flag needs to be
8284 		 * supplied to tell the kernel that userspace will handle radar
8285 		 * events when they happen. Otherwise a switch to a channel
8286 		 * requiring DFS will be rejected.
8287 		 */
8288 		need_handle_dfs_flag = false;
8289 
8290 		/* useless if AP is not running */
8291 		if (!wdev->beacon_interval)
8292 			return -ENOTCONN;
8293 		break;
8294 	case NL80211_IFTYPE_ADHOC:
8295 		if (!wdev->ssid_len)
8296 			return -ENOTCONN;
8297 		break;
8298 	case NL80211_IFTYPE_MESH_POINT:
8299 		if (!wdev->mesh_id_len)
8300 			return -ENOTCONN;
8301 		break;
8302 	default:
8303 		return -EOPNOTSUPP;
8304 	}
8305 
8306 	memset(&params, 0, sizeof(params));
8307 	params.beacon_csa.ftm_responder = -1;
8308 
8309 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8310 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
8311 		return -EINVAL;
8312 
8313 	/* only important for AP, IBSS and mesh create IEs internally */
8314 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
8315 		return -EINVAL;
8316 
8317 	/* Even though the attribute is u32, the specification says
8318 	 * u8, so let's make sure we don't overflow.
8319 	 */
8320 	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
8321 	if (cs_count > 255)
8322 		return -EINVAL;
8323 
8324 	params.count = cs_count;
8325 
8326 	if (!need_new_beacon)
8327 		goto skip_beacons;
8328 
8329 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after);
8330 	if (err)
8331 		return err;
8332 
8333 	err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
8334 					  info->attrs[NL80211_ATTR_CSA_IES],
8335 					  nl80211_policy, info->extack);
8336 	if (err)
8337 		return err;
8338 
8339 	err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa);
8340 	if (err)
8341 		return err;
8342 
8343 	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
8344 		return -EINVAL;
8345 
8346 	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8347 	if (!len || (len % sizeof(u16)))
8348 		return -EINVAL;
8349 
8350 	params.n_counter_offsets_beacon = len / sizeof(u16);
8351 	if (rdev->wiphy.max_num_csa_counters &&
8352 	    (params.n_counter_offsets_beacon >
8353 	     rdev->wiphy.max_num_csa_counters))
8354 		return -EINVAL;
8355 
8356 	params.counter_offsets_beacon =
8357 		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8358 
8359 	/* sanity checks - counters should fit and be the same */
8360 	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
8361 		u16 offset = params.counter_offsets_beacon[i];
8362 
8363 		if (offset >= params.beacon_csa.tail_len)
8364 			return -EINVAL;
8365 
8366 		if (params.beacon_csa.tail[offset] != params.count)
8367 			return -EINVAL;
8368 	}
8369 
8370 	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
8371 		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8372 		if (!len || (len % sizeof(u16)))
8373 			return -EINVAL;
8374 
8375 		params.n_counter_offsets_presp = len / sizeof(u16);
8376 		if (rdev->wiphy.max_num_csa_counters &&
8377 		    (params.n_counter_offsets_presp >
8378 		     rdev->wiphy.max_num_csa_counters))
8379 			return -EINVAL;
8380 
8381 		params.counter_offsets_presp =
8382 			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8383 
8384 		/* sanity checks - counters should fit and be the same */
8385 		for (i = 0; i < params.n_counter_offsets_presp; i++) {
8386 			u16 offset = params.counter_offsets_presp[i];
8387 
8388 			if (offset >= params.beacon_csa.probe_resp_len)
8389 				return -EINVAL;
8390 
8391 			if (params.beacon_csa.probe_resp[offset] !=
8392 			    params.count)
8393 				return -EINVAL;
8394 		}
8395 	}
8396 
8397 skip_beacons:
8398 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
8399 	if (err)
8400 		return err;
8401 
8402 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
8403 					   wdev->iftype))
8404 		return -EINVAL;
8405 
8406 	err = cfg80211_chandef_dfs_required(wdev->wiphy,
8407 					    &params.chandef,
8408 					    wdev->iftype);
8409 	if (err < 0)
8410 		return err;
8411 
8412 	if (err > 0) {
8413 		params.radar_required = true;
8414 		if (need_handle_dfs_flag &&
8415 		    !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
8416 			return -EINVAL;
8417 		}
8418 	}
8419 
8420 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
8421 		params.block_tx = true;
8422 
8423 	wdev_lock(wdev);
8424 	err = rdev_channel_switch(rdev, dev, &params);
8425 	wdev_unlock(wdev);
8426 
8427 	return err;
8428 }
8429 
8430 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
8431 			    u32 seq, int flags,
8432 			    struct cfg80211_registered_device *rdev,
8433 			    struct wireless_dev *wdev,
8434 			    struct cfg80211_internal_bss *intbss)
8435 {
8436 	struct cfg80211_bss *res = &intbss->pub;
8437 	const struct cfg80211_bss_ies *ies;
8438 	void *hdr;
8439 	struct nlattr *bss;
8440 
8441 	ASSERT_WDEV_LOCK(wdev);
8442 
8443 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8444 			     NL80211_CMD_NEW_SCAN_RESULTS);
8445 	if (!hdr)
8446 		return -1;
8447 
8448 	genl_dump_check_consistent(cb, hdr);
8449 
8450 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
8451 		goto nla_put_failure;
8452 	if (wdev->netdev &&
8453 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
8454 		goto nla_put_failure;
8455 	if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
8456 			      NL80211_ATTR_PAD))
8457 		goto nla_put_failure;
8458 
8459 	bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
8460 	if (!bss)
8461 		goto nla_put_failure;
8462 	if ((!is_zero_ether_addr(res->bssid) &&
8463 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
8464 		goto nla_put_failure;
8465 
8466 	rcu_read_lock();
8467 	/* indicate whether we have probe response data or not */
8468 	if (rcu_access_pointer(res->proberesp_ies) &&
8469 	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
8470 		goto fail_unlock_rcu;
8471 
8472 	/* this pointer prefers to be pointed to probe response data
8473 	 * but is always valid
8474 	 */
8475 	ies = rcu_dereference(res->ies);
8476 	if (ies) {
8477 		if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
8478 				      NL80211_BSS_PAD))
8479 			goto fail_unlock_rcu;
8480 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
8481 					ies->len, ies->data))
8482 			goto fail_unlock_rcu;
8483 	}
8484 
8485 	/* and this pointer is always (unless driver didn't know) beacon data */
8486 	ies = rcu_dereference(res->beacon_ies);
8487 	if (ies && ies->from_beacon) {
8488 		if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
8489 				      NL80211_BSS_PAD))
8490 			goto fail_unlock_rcu;
8491 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
8492 					ies->len, ies->data))
8493 			goto fail_unlock_rcu;
8494 	}
8495 	rcu_read_unlock();
8496 
8497 	if (res->beacon_interval &&
8498 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
8499 		goto nla_put_failure;
8500 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
8501 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
8502 	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
8503 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
8504 			jiffies_to_msecs(jiffies - intbss->ts)))
8505 		goto nla_put_failure;
8506 
8507 	if (intbss->parent_tsf &&
8508 	    (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
8509 			       intbss->parent_tsf, NL80211_BSS_PAD) ||
8510 	     nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
8511 		     intbss->parent_bssid)))
8512 		goto nla_put_failure;
8513 
8514 	if (intbss->ts_boottime &&
8515 	    nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
8516 			      intbss->ts_boottime, NL80211_BSS_PAD))
8517 		goto nla_put_failure;
8518 
8519 	if (!nl80211_put_signal(msg, intbss->pub.chains,
8520 				intbss->pub.chain_signal,
8521 				NL80211_BSS_CHAIN_SIGNAL))
8522 		goto nla_put_failure;
8523 
8524 	switch (rdev->wiphy.signal_type) {
8525 	case CFG80211_SIGNAL_TYPE_MBM:
8526 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
8527 			goto nla_put_failure;
8528 		break;
8529 	case CFG80211_SIGNAL_TYPE_UNSPEC:
8530 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
8531 			goto nla_put_failure;
8532 		break;
8533 	default:
8534 		break;
8535 	}
8536 
8537 	switch (wdev->iftype) {
8538 	case NL80211_IFTYPE_P2P_CLIENT:
8539 	case NL80211_IFTYPE_STATION:
8540 		if (intbss == wdev->current_bss &&
8541 		    nla_put_u32(msg, NL80211_BSS_STATUS,
8542 				NL80211_BSS_STATUS_ASSOCIATED))
8543 			goto nla_put_failure;
8544 		break;
8545 	case NL80211_IFTYPE_ADHOC:
8546 		if (intbss == wdev->current_bss &&
8547 		    nla_put_u32(msg, NL80211_BSS_STATUS,
8548 				NL80211_BSS_STATUS_IBSS_JOINED))
8549 			goto nla_put_failure;
8550 		break;
8551 	default:
8552 		break;
8553 	}
8554 
8555 	nla_nest_end(msg, bss);
8556 
8557 	genlmsg_end(msg, hdr);
8558 	return 0;
8559 
8560  fail_unlock_rcu:
8561 	rcu_read_unlock();
8562  nla_put_failure:
8563 	genlmsg_cancel(msg, hdr);
8564 	return -EMSGSIZE;
8565 }
8566 
8567 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
8568 {
8569 	struct cfg80211_registered_device *rdev;
8570 	struct cfg80211_internal_bss *scan;
8571 	struct wireless_dev *wdev;
8572 	int start = cb->args[2], idx = 0;
8573 	int err;
8574 
8575 	rtnl_lock();
8576 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8577 	if (err) {
8578 		rtnl_unlock();
8579 		return err;
8580 	}
8581 
8582 	wdev_lock(wdev);
8583 	spin_lock_bh(&rdev->bss_lock);
8584 
8585 	/*
8586 	 * dump_scan will be called multiple times to break up the scan results
8587 	 * into multiple messages.  It is unlikely that any more bss-es will be
8588 	 * expired after the first call, so only call only call this on the
8589 	 * first dump_scan invocation.
8590 	 */
8591 	if (start == 0)
8592 		cfg80211_bss_expire(rdev);
8593 
8594 	cb->seq = rdev->bss_generation;
8595 
8596 	list_for_each_entry(scan, &rdev->bss_list, list) {
8597 		if (++idx <= start)
8598 			continue;
8599 		if (nl80211_send_bss(skb, cb,
8600 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
8601 				rdev, wdev, scan) < 0) {
8602 			idx--;
8603 			break;
8604 		}
8605 	}
8606 
8607 	spin_unlock_bh(&rdev->bss_lock);
8608 	wdev_unlock(wdev);
8609 
8610 	cb->args[2] = idx;
8611 	rtnl_unlock();
8612 
8613 	return skb->len;
8614 }
8615 
8616 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
8617 			       int flags, struct net_device *dev,
8618 			       bool allow_radio_stats,
8619 			       struct survey_info *survey)
8620 {
8621 	void *hdr;
8622 	struct nlattr *infoattr;
8623 
8624 	/* skip radio stats if userspace didn't request them */
8625 	if (!survey->channel && !allow_radio_stats)
8626 		return 0;
8627 
8628 	hdr = nl80211hdr_put(msg, portid, seq, flags,
8629 			     NL80211_CMD_NEW_SURVEY_RESULTS);
8630 	if (!hdr)
8631 		return -ENOMEM;
8632 
8633 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
8634 		goto nla_put_failure;
8635 
8636 	infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
8637 	if (!infoattr)
8638 		goto nla_put_failure;
8639 
8640 	if (survey->channel &&
8641 	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
8642 			survey->channel->center_freq))
8643 		goto nla_put_failure;
8644 
8645 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
8646 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
8647 		goto nla_put_failure;
8648 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
8649 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
8650 		goto nla_put_failure;
8651 	if ((survey->filled & SURVEY_INFO_TIME) &&
8652 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
8653 			survey->time, NL80211_SURVEY_INFO_PAD))
8654 		goto nla_put_failure;
8655 	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
8656 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
8657 			      survey->time_busy, NL80211_SURVEY_INFO_PAD))
8658 		goto nla_put_failure;
8659 	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
8660 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
8661 			      survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
8662 		goto nla_put_failure;
8663 	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
8664 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
8665 			      survey->time_rx, NL80211_SURVEY_INFO_PAD))
8666 		goto nla_put_failure;
8667 	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
8668 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
8669 			      survey->time_tx, NL80211_SURVEY_INFO_PAD))
8670 		goto nla_put_failure;
8671 	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
8672 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
8673 			      survey->time_scan, NL80211_SURVEY_INFO_PAD))
8674 		goto nla_put_failure;
8675 
8676 	nla_nest_end(msg, infoattr);
8677 
8678 	genlmsg_end(msg, hdr);
8679 	return 0;
8680 
8681  nla_put_failure:
8682 	genlmsg_cancel(msg, hdr);
8683 	return -EMSGSIZE;
8684 }
8685 
8686 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
8687 {
8688 	struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
8689 	struct survey_info survey;
8690 	struct cfg80211_registered_device *rdev;
8691 	struct wireless_dev *wdev;
8692 	int survey_idx = cb->args[2];
8693 	int res;
8694 	bool radio_stats;
8695 
8696 	rtnl_lock();
8697 	res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8698 	if (res)
8699 		goto out_err;
8700 
8701 	/* prepare_wdev_dump parsed the attributes */
8702 	radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
8703 
8704 	if (!wdev->netdev) {
8705 		res = -EINVAL;
8706 		goto out_err;
8707 	}
8708 
8709 	if (!rdev->ops->dump_survey) {
8710 		res = -EOPNOTSUPP;
8711 		goto out_err;
8712 	}
8713 
8714 	while (1) {
8715 		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
8716 		if (res == -ENOENT)
8717 			break;
8718 		if (res)
8719 			goto out_err;
8720 
8721 		/* don't send disabled channels, but do send non-channel data */
8722 		if (survey.channel &&
8723 		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
8724 			survey_idx++;
8725 			continue;
8726 		}
8727 
8728 		if (nl80211_send_survey(skb,
8729 				NETLINK_CB(cb->skb).portid,
8730 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
8731 				wdev->netdev, radio_stats, &survey) < 0)
8732 			goto out;
8733 		survey_idx++;
8734 	}
8735 
8736  out:
8737 	cb->args[2] = survey_idx;
8738 	res = skb->len;
8739  out_err:
8740 	rtnl_unlock();
8741 	return res;
8742 }
8743 
8744 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
8745 {
8746 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
8747 				  NL80211_WPA_VERSION_2 |
8748 				  NL80211_WPA_VERSION_3));
8749 }
8750 
8751 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
8752 {
8753 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8754 	struct net_device *dev = info->user_ptr[1];
8755 	struct ieee80211_channel *chan;
8756 	const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
8757 	int err, ssid_len, ie_len = 0, auth_data_len = 0;
8758 	enum nl80211_auth_type auth_type;
8759 	struct key_parse key;
8760 	bool local_state_change;
8761 
8762 	if (!info->attrs[NL80211_ATTR_MAC])
8763 		return -EINVAL;
8764 
8765 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
8766 		return -EINVAL;
8767 
8768 	if (!info->attrs[NL80211_ATTR_SSID])
8769 		return -EINVAL;
8770 
8771 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8772 		return -EINVAL;
8773 
8774 	err = nl80211_parse_key(info, &key);
8775 	if (err)
8776 		return err;
8777 
8778 	if (key.idx >= 0) {
8779 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8780 			return -EINVAL;
8781 		if (!key.p.key || !key.p.key_len)
8782 			return -EINVAL;
8783 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8784 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8785 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8786 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
8787 			return -EINVAL;
8788 		if (key.idx > 3)
8789 			return -EINVAL;
8790 	} else {
8791 		key.p.key_len = 0;
8792 		key.p.key = NULL;
8793 	}
8794 
8795 	if (key.idx >= 0) {
8796 		int i;
8797 		bool ok = false;
8798 
8799 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8800 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8801 				ok = true;
8802 				break;
8803 			}
8804 		}
8805 		if (!ok)
8806 			return -EINVAL;
8807 	}
8808 
8809 	if (!rdev->ops->auth)
8810 		return -EOPNOTSUPP;
8811 
8812 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8813 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8814 		return -EOPNOTSUPP;
8815 
8816 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8817 	chan = nl80211_get_valid_chan(&rdev->wiphy,
8818 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8819 	if (!chan)
8820 		return -EINVAL;
8821 
8822 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8823 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8824 
8825 	if (info->attrs[NL80211_ATTR_IE]) {
8826 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8827 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8828 	}
8829 
8830 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8831 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
8832 		return -EINVAL;
8833 
8834 	if ((auth_type == NL80211_AUTHTYPE_SAE ||
8835 	     auth_type == NL80211_AUTHTYPE_FILS_SK ||
8836 	     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
8837 	     auth_type == NL80211_AUTHTYPE_FILS_PK) &&
8838 	    !info->attrs[NL80211_ATTR_AUTH_DATA])
8839 		return -EINVAL;
8840 
8841 	if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
8842 		if (auth_type != NL80211_AUTHTYPE_SAE &&
8843 		    auth_type != NL80211_AUTHTYPE_FILS_SK &&
8844 		    auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
8845 		    auth_type != NL80211_AUTHTYPE_FILS_PK)
8846 			return -EINVAL;
8847 		auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
8848 		auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
8849 		/* need to include at least Auth Transaction and Status Code */
8850 		if (auth_data_len < 4)
8851 			return -EINVAL;
8852 	}
8853 
8854 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8855 
8856 	/*
8857 	 * Since we no longer track auth state, ignore
8858 	 * requests to only change local state.
8859 	 */
8860 	if (local_state_change)
8861 		return 0;
8862 
8863 	wdev_lock(dev->ieee80211_ptr);
8864 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
8865 				 ssid, ssid_len, ie, ie_len,
8866 				 key.p.key, key.p.key_len, key.idx,
8867 				 auth_data, auth_data_len);
8868 	wdev_unlock(dev->ieee80211_ptr);
8869 	return err;
8870 }
8871 
8872 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
8873 				     struct genl_info *info)
8874 {
8875 	if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8876 		GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
8877 		return -EINVAL;
8878 	}
8879 
8880 	if (!rdev->ops->tx_control_port ||
8881 	    !wiphy_ext_feature_isset(&rdev->wiphy,
8882 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
8883 		return -EOPNOTSUPP;
8884 
8885 	return 0;
8886 }
8887 
8888 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
8889 				   struct genl_info *info,
8890 				   struct cfg80211_crypto_settings *settings,
8891 				   int cipher_limit)
8892 {
8893 	memset(settings, 0, sizeof(*settings));
8894 
8895 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
8896 
8897 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
8898 		u16 proto;
8899 
8900 		proto = nla_get_u16(
8901 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
8902 		settings->control_port_ethertype = cpu_to_be16(proto);
8903 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
8904 		    proto != ETH_P_PAE)
8905 			return -EINVAL;
8906 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
8907 			settings->control_port_no_encrypt = true;
8908 	} else
8909 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
8910 
8911 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
8912 		int r = validate_pae_over_nl80211(rdev, info);
8913 
8914 		if (r < 0)
8915 			return r;
8916 
8917 		settings->control_port_over_nl80211 = true;
8918 	}
8919 
8920 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
8921 		void *data;
8922 		int len, i;
8923 
8924 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8925 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8926 		settings->n_ciphers_pairwise = len / sizeof(u32);
8927 
8928 		if (len % sizeof(u32))
8929 			return -EINVAL;
8930 
8931 		if (settings->n_ciphers_pairwise > cipher_limit)
8932 			return -EINVAL;
8933 
8934 		memcpy(settings->ciphers_pairwise, data, len);
8935 
8936 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
8937 			if (!cfg80211_supported_cipher_suite(
8938 					&rdev->wiphy,
8939 					settings->ciphers_pairwise[i]))
8940 				return -EINVAL;
8941 	}
8942 
8943 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
8944 		settings->cipher_group =
8945 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
8946 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
8947 						     settings->cipher_group))
8948 			return -EINVAL;
8949 	}
8950 
8951 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
8952 		settings->wpa_versions =
8953 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
8954 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
8955 			return -EINVAL;
8956 	}
8957 
8958 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
8959 		void *data;
8960 		int len;
8961 
8962 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
8963 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
8964 		settings->n_akm_suites = len / sizeof(u32);
8965 
8966 		if (len % sizeof(u32))
8967 			return -EINVAL;
8968 
8969 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
8970 			return -EINVAL;
8971 
8972 		memcpy(settings->akm_suites, data, len);
8973 	}
8974 
8975 	if (info->attrs[NL80211_ATTR_PMK]) {
8976 		if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
8977 			return -EINVAL;
8978 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
8979 					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
8980 			return -EINVAL;
8981 		settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
8982 	}
8983 
8984 	if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
8985 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
8986 					     NL80211_EXT_FEATURE_SAE_OFFLOAD))
8987 			return -EINVAL;
8988 		settings->sae_pwd =
8989 			nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
8990 		settings->sae_pwd_len =
8991 			nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
8992 	}
8993 
8994 	return 0;
8995 }
8996 
8997 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
8998 {
8999 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9000 	struct net_device *dev = info->user_ptr[1];
9001 	struct ieee80211_channel *chan;
9002 	struct cfg80211_assoc_request req = {};
9003 	const u8 *bssid, *ssid;
9004 	int err, ssid_len = 0;
9005 
9006 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9007 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9008 		return -EPERM;
9009 
9010 	if (!info->attrs[NL80211_ATTR_MAC] ||
9011 	    !info->attrs[NL80211_ATTR_SSID] ||
9012 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9013 		return -EINVAL;
9014 
9015 	if (!rdev->ops->assoc)
9016 		return -EOPNOTSUPP;
9017 
9018 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9019 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9020 		return -EOPNOTSUPP;
9021 
9022 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9023 
9024 	chan = nl80211_get_valid_chan(&rdev->wiphy,
9025 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9026 	if (!chan)
9027 		return -EINVAL;
9028 
9029 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9030 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9031 
9032 	if (info->attrs[NL80211_ATTR_IE]) {
9033 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9034 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9035 	}
9036 
9037 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
9038 		enum nl80211_mfp mfp =
9039 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9040 		if (mfp == NL80211_MFP_REQUIRED)
9041 			req.use_mfp = true;
9042 		else if (mfp != NL80211_MFP_NO)
9043 			return -EINVAL;
9044 	}
9045 
9046 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
9047 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9048 
9049 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9050 		req.flags |= ASSOC_REQ_DISABLE_HT;
9051 
9052 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9053 		memcpy(&req.ht_capa_mask,
9054 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9055 		       sizeof(req.ht_capa_mask));
9056 
9057 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9058 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9059 			return -EINVAL;
9060 		memcpy(&req.ht_capa,
9061 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9062 		       sizeof(req.ht_capa));
9063 	}
9064 
9065 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9066 		req.flags |= ASSOC_REQ_DISABLE_VHT;
9067 
9068 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9069 		memcpy(&req.vht_capa_mask,
9070 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9071 		       sizeof(req.vht_capa_mask));
9072 
9073 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9074 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9075 			return -EINVAL;
9076 		memcpy(&req.vht_capa,
9077 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9078 		       sizeof(req.vht_capa));
9079 	}
9080 
9081 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9082 		if (!((rdev->wiphy.features &
9083 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9084 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9085 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9086 					     NL80211_EXT_FEATURE_RRM))
9087 			return -EINVAL;
9088 		req.flags |= ASSOC_REQ_USE_RRM;
9089 	}
9090 
9091 	if (info->attrs[NL80211_ATTR_FILS_KEK]) {
9092 		req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
9093 		req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
9094 		if (!info->attrs[NL80211_ATTR_FILS_NONCES])
9095 			return -EINVAL;
9096 		req.fils_nonces =
9097 			nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
9098 	}
9099 
9100 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
9101 	if (!err) {
9102 		wdev_lock(dev->ieee80211_ptr);
9103 
9104 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
9105 					  ssid, ssid_len, &req);
9106 
9107 		if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9108 			dev->ieee80211_ptr->conn_owner_nlportid =
9109 				info->snd_portid;
9110 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
9111 			       bssid, ETH_ALEN);
9112 		}
9113 
9114 		wdev_unlock(dev->ieee80211_ptr);
9115 	}
9116 
9117 	return err;
9118 }
9119 
9120 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
9121 {
9122 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9123 	struct net_device *dev = info->user_ptr[1];
9124 	const u8 *ie = NULL, *bssid;
9125 	int ie_len = 0, err;
9126 	u16 reason_code;
9127 	bool local_state_change;
9128 
9129 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9130 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9131 		return -EPERM;
9132 
9133 	if (!info->attrs[NL80211_ATTR_MAC])
9134 		return -EINVAL;
9135 
9136 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
9137 		return -EINVAL;
9138 
9139 	if (!rdev->ops->deauth)
9140 		return -EOPNOTSUPP;
9141 
9142 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9143 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9144 		return -EOPNOTSUPP;
9145 
9146 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9147 
9148 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9149 	if (reason_code == 0) {
9150 		/* Reason Code 0 is reserved */
9151 		return -EINVAL;
9152 	}
9153 
9154 	if (info->attrs[NL80211_ATTR_IE]) {
9155 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9156 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9157 	}
9158 
9159 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9160 
9161 	wdev_lock(dev->ieee80211_ptr);
9162 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
9163 				   local_state_change);
9164 	wdev_unlock(dev->ieee80211_ptr);
9165 	return err;
9166 }
9167 
9168 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
9169 {
9170 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9171 	struct net_device *dev = info->user_ptr[1];
9172 	const u8 *ie = NULL, *bssid;
9173 	int ie_len = 0, err;
9174 	u16 reason_code;
9175 	bool local_state_change;
9176 
9177 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9178 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9179 		return -EPERM;
9180 
9181 	if (!info->attrs[NL80211_ATTR_MAC])
9182 		return -EINVAL;
9183 
9184 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
9185 		return -EINVAL;
9186 
9187 	if (!rdev->ops->disassoc)
9188 		return -EOPNOTSUPP;
9189 
9190 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9191 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9192 		return -EOPNOTSUPP;
9193 
9194 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9195 
9196 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9197 	if (reason_code == 0) {
9198 		/* Reason Code 0 is reserved */
9199 		return -EINVAL;
9200 	}
9201 
9202 	if (info->attrs[NL80211_ATTR_IE]) {
9203 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9204 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9205 	}
9206 
9207 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9208 
9209 	wdev_lock(dev->ieee80211_ptr);
9210 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
9211 				     local_state_change);
9212 	wdev_unlock(dev->ieee80211_ptr);
9213 	return err;
9214 }
9215 
9216 static bool
9217 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
9218 			 int mcast_rate[NUM_NL80211_BANDS],
9219 			 int rateval)
9220 {
9221 	struct wiphy *wiphy = &rdev->wiphy;
9222 	bool found = false;
9223 	int band, i;
9224 
9225 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
9226 		struct ieee80211_supported_band *sband;
9227 
9228 		sband = wiphy->bands[band];
9229 		if (!sband)
9230 			continue;
9231 
9232 		for (i = 0; i < sband->n_bitrates; i++) {
9233 			if (sband->bitrates[i].bitrate == rateval) {
9234 				mcast_rate[band] = i + 1;
9235 				found = true;
9236 				break;
9237 			}
9238 		}
9239 	}
9240 
9241 	return found;
9242 }
9243 
9244 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
9245 {
9246 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9247 	struct net_device *dev = info->user_ptr[1];
9248 	struct cfg80211_ibss_params ibss;
9249 	struct wiphy *wiphy;
9250 	struct cfg80211_cached_keys *connkeys = NULL;
9251 	int err;
9252 
9253 	memset(&ibss, 0, sizeof(ibss));
9254 
9255 	if (!info->attrs[NL80211_ATTR_SSID] ||
9256 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
9257 		return -EINVAL;
9258 
9259 	ibss.beacon_interval = 100;
9260 
9261 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
9262 		ibss.beacon_interval =
9263 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9264 
9265 	err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
9266 					   ibss.beacon_interval);
9267 	if (err)
9268 		return err;
9269 
9270 	if (!rdev->ops->join_ibss)
9271 		return -EOPNOTSUPP;
9272 
9273 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9274 		return -EOPNOTSUPP;
9275 
9276 	wiphy = &rdev->wiphy;
9277 
9278 	if (info->attrs[NL80211_ATTR_MAC]) {
9279 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9280 
9281 		if (!is_valid_ether_addr(ibss.bssid))
9282 			return -EINVAL;
9283 	}
9284 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9285 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9286 
9287 	if (info->attrs[NL80211_ATTR_IE]) {
9288 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9289 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9290 	}
9291 
9292 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
9293 	if (err)
9294 		return err;
9295 
9296 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
9297 				     NL80211_IFTYPE_ADHOC))
9298 		return -EINVAL;
9299 
9300 	switch (ibss.chandef.width) {
9301 	case NL80211_CHAN_WIDTH_5:
9302 	case NL80211_CHAN_WIDTH_10:
9303 	case NL80211_CHAN_WIDTH_20_NOHT:
9304 		break;
9305 	case NL80211_CHAN_WIDTH_20:
9306 	case NL80211_CHAN_WIDTH_40:
9307 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9308 			return -EINVAL;
9309 		break;
9310 	case NL80211_CHAN_WIDTH_80:
9311 	case NL80211_CHAN_WIDTH_80P80:
9312 	case NL80211_CHAN_WIDTH_160:
9313 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9314 			return -EINVAL;
9315 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9316 					     NL80211_EXT_FEATURE_VHT_IBSS))
9317 			return -EINVAL;
9318 		break;
9319 	default:
9320 		return -EINVAL;
9321 	}
9322 
9323 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
9324 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
9325 
9326 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9327 		u8 *rates =
9328 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9329 		int n_rates =
9330 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9331 		struct ieee80211_supported_band *sband =
9332 			wiphy->bands[ibss.chandef.chan->band];
9333 
9334 		err = ieee80211_get_ratemask(sband, rates, n_rates,
9335 					     &ibss.basic_rates);
9336 		if (err)
9337 			return err;
9338 	}
9339 
9340 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9341 		memcpy(&ibss.ht_capa_mask,
9342 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9343 		       sizeof(ibss.ht_capa_mask));
9344 
9345 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9346 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9347 			return -EINVAL;
9348 		memcpy(&ibss.ht_capa,
9349 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9350 		       sizeof(ibss.ht_capa));
9351 	}
9352 
9353 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9354 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
9355 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9356 		return -EINVAL;
9357 
9358 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9359 		bool no_ht = false;
9360 
9361 		connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
9362 		if (IS_ERR(connkeys))
9363 			return PTR_ERR(connkeys);
9364 
9365 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
9366 		    no_ht) {
9367 			kzfree(connkeys);
9368 			return -EINVAL;
9369 		}
9370 	}
9371 
9372 	ibss.control_port =
9373 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
9374 
9375 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9376 		int r = validate_pae_over_nl80211(rdev, info);
9377 
9378 		if (r < 0) {
9379 			kzfree(connkeys);
9380 			return r;
9381 		}
9382 
9383 		ibss.control_port_over_nl80211 = true;
9384 	}
9385 
9386 	ibss.userspace_handles_dfs =
9387 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
9388 
9389 	wdev_lock(dev->ieee80211_ptr);
9390 	err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
9391 	if (err)
9392 		kzfree(connkeys);
9393 	else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9394 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9395 	wdev_unlock(dev->ieee80211_ptr);
9396 
9397 	return err;
9398 }
9399 
9400 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
9401 {
9402 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9403 	struct net_device *dev = info->user_ptr[1];
9404 
9405 	if (!rdev->ops->leave_ibss)
9406 		return -EOPNOTSUPP;
9407 
9408 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9409 		return -EOPNOTSUPP;
9410 
9411 	return cfg80211_leave_ibss(rdev, dev, false);
9412 }
9413 
9414 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
9415 {
9416 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9417 	struct net_device *dev = info->user_ptr[1];
9418 	int mcast_rate[NUM_NL80211_BANDS];
9419 	u32 nla_rate;
9420 	int err;
9421 
9422 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
9423 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
9424 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
9425 		return -EOPNOTSUPP;
9426 
9427 	if (!rdev->ops->set_mcast_rate)
9428 		return -EOPNOTSUPP;
9429 
9430 	memset(mcast_rate, 0, sizeof(mcast_rate));
9431 
9432 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
9433 		return -EINVAL;
9434 
9435 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
9436 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
9437 		return -EINVAL;
9438 
9439 	err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
9440 
9441 	return err;
9442 }
9443 
9444 static struct sk_buff *
9445 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
9446 			    struct wireless_dev *wdev, int approxlen,
9447 			    u32 portid, u32 seq, enum nl80211_commands cmd,
9448 			    enum nl80211_attrs attr,
9449 			    const struct nl80211_vendor_cmd_info *info,
9450 			    gfp_t gfp)
9451 {
9452 	struct sk_buff *skb;
9453 	void *hdr;
9454 	struct nlattr *data;
9455 
9456 	skb = nlmsg_new(approxlen + 100, gfp);
9457 	if (!skb)
9458 		return NULL;
9459 
9460 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
9461 	if (!hdr) {
9462 		kfree_skb(skb);
9463 		return NULL;
9464 	}
9465 
9466 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
9467 		goto nla_put_failure;
9468 
9469 	if (info) {
9470 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
9471 				info->vendor_id))
9472 			goto nla_put_failure;
9473 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
9474 				info->subcmd))
9475 			goto nla_put_failure;
9476 	}
9477 
9478 	if (wdev) {
9479 		if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
9480 				      wdev_id(wdev), NL80211_ATTR_PAD))
9481 			goto nla_put_failure;
9482 		if (wdev->netdev &&
9483 		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
9484 				wdev->netdev->ifindex))
9485 			goto nla_put_failure;
9486 	}
9487 
9488 	data = nla_nest_start_noflag(skb, attr);
9489 	if (!data)
9490 		goto nla_put_failure;
9491 
9492 	((void **)skb->cb)[0] = rdev;
9493 	((void **)skb->cb)[1] = hdr;
9494 	((void **)skb->cb)[2] = data;
9495 
9496 	return skb;
9497 
9498  nla_put_failure:
9499 	kfree_skb(skb);
9500 	return NULL;
9501 }
9502 
9503 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
9504 					   struct wireless_dev *wdev,
9505 					   enum nl80211_commands cmd,
9506 					   enum nl80211_attrs attr,
9507 					   unsigned int portid,
9508 					   int vendor_event_idx,
9509 					   int approxlen, gfp_t gfp)
9510 {
9511 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9512 	const struct nl80211_vendor_cmd_info *info;
9513 
9514 	switch (cmd) {
9515 	case NL80211_CMD_TESTMODE:
9516 		if (WARN_ON(vendor_event_idx != -1))
9517 			return NULL;
9518 		info = NULL;
9519 		break;
9520 	case NL80211_CMD_VENDOR:
9521 		if (WARN_ON(vendor_event_idx < 0 ||
9522 			    vendor_event_idx >= wiphy->n_vendor_events))
9523 			return NULL;
9524 		info = &wiphy->vendor_events[vendor_event_idx];
9525 		break;
9526 	default:
9527 		WARN_ON(1);
9528 		return NULL;
9529 	}
9530 
9531 	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
9532 					   cmd, attr, info, gfp);
9533 }
9534 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
9535 
9536 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
9537 {
9538 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9539 	void *hdr = ((void **)skb->cb)[1];
9540 	struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
9541 	struct nlattr *data = ((void **)skb->cb)[2];
9542 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
9543 
9544 	/* clear CB data for netlink core to own from now on */
9545 	memset(skb->cb, 0, sizeof(skb->cb));
9546 
9547 	nla_nest_end(skb, data);
9548 	genlmsg_end(skb, hdr);
9549 
9550 	if (nlhdr->nlmsg_pid) {
9551 		genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
9552 				nlhdr->nlmsg_pid);
9553 	} else {
9554 		if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
9555 			mcgrp = NL80211_MCGRP_VENDOR;
9556 
9557 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
9558 					skb, 0, mcgrp, gfp);
9559 	}
9560 }
9561 EXPORT_SYMBOL(__cfg80211_send_event_skb);
9562 
9563 #ifdef CONFIG_NL80211_TESTMODE
9564 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
9565 {
9566 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9567 	struct wireless_dev *wdev =
9568 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9569 	int err;
9570 
9571 	if (!rdev->ops->testmode_cmd)
9572 		return -EOPNOTSUPP;
9573 
9574 	if (IS_ERR(wdev)) {
9575 		err = PTR_ERR(wdev);
9576 		if (err != -EINVAL)
9577 			return err;
9578 		wdev = NULL;
9579 	} else if (wdev->wiphy != &rdev->wiphy) {
9580 		return -EINVAL;
9581 	}
9582 
9583 	if (!info->attrs[NL80211_ATTR_TESTDATA])
9584 		return -EINVAL;
9585 
9586 	rdev->cur_cmd_info = info;
9587 	err = rdev_testmode_cmd(rdev, wdev,
9588 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
9589 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
9590 	rdev->cur_cmd_info = NULL;
9591 
9592 	return err;
9593 }
9594 
9595 static int nl80211_testmode_dump(struct sk_buff *skb,
9596 				 struct netlink_callback *cb)
9597 {
9598 	struct cfg80211_registered_device *rdev;
9599 	int err;
9600 	long phy_idx;
9601 	void *data = NULL;
9602 	int data_len = 0;
9603 
9604 	rtnl_lock();
9605 
9606 	if (cb->args[0]) {
9607 		/*
9608 		 * 0 is a valid index, but not valid for args[0],
9609 		 * so we need to offset by 1.
9610 		 */
9611 		phy_idx = cb->args[0] - 1;
9612 
9613 		rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
9614 		if (!rdev) {
9615 			err = -ENOENT;
9616 			goto out_err;
9617 		}
9618 	} else {
9619 		struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
9620 
9621 		err = nlmsg_parse_deprecated(cb->nlh,
9622 					     GENL_HDRLEN + nl80211_fam.hdrsize,
9623 					     attrbuf, nl80211_fam.maxattr,
9624 					     nl80211_policy, NULL);
9625 		if (err)
9626 			goto out_err;
9627 
9628 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
9629 		if (IS_ERR(rdev)) {
9630 			err = PTR_ERR(rdev);
9631 			goto out_err;
9632 		}
9633 		phy_idx = rdev->wiphy_idx;
9634 
9635 		if (attrbuf[NL80211_ATTR_TESTDATA])
9636 			cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
9637 	}
9638 
9639 	if (cb->args[1]) {
9640 		data = nla_data((void *)cb->args[1]);
9641 		data_len = nla_len((void *)cb->args[1]);
9642 	}
9643 
9644 	if (!rdev->ops->testmode_dump) {
9645 		err = -EOPNOTSUPP;
9646 		goto out_err;
9647 	}
9648 
9649 	while (1) {
9650 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
9651 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
9652 					   NL80211_CMD_TESTMODE);
9653 		struct nlattr *tmdata;
9654 
9655 		if (!hdr)
9656 			break;
9657 
9658 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
9659 			genlmsg_cancel(skb, hdr);
9660 			break;
9661 		}
9662 
9663 		tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
9664 		if (!tmdata) {
9665 			genlmsg_cancel(skb, hdr);
9666 			break;
9667 		}
9668 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
9669 		nla_nest_end(skb, tmdata);
9670 
9671 		if (err == -ENOBUFS || err == -ENOENT) {
9672 			genlmsg_cancel(skb, hdr);
9673 			break;
9674 		} else if (err) {
9675 			genlmsg_cancel(skb, hdr);
9676 			goto out_err;
9677 		}
9678 
9679 		genlmsg_end(skb, hdr);
9680 	}
9681 
9682 	err = skb->len;
9683 	/* see above */
9684 	cb->args[0] = phy_idx + 1;
9685  out_err:
9686 	rtnl_unlock();
9687 	return err;
9688 }
9689 #endif
9690 
9691 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
9692 {
9693 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9694 	struct net_device *dev = info->user_ptr[1];
9695 	struct cfg80211_connect_params connect;
9696 	struct wiphy *wiphy;
9697 	struct cfg80211_cached_keys *connkeys = NULL;
9698 	int err;
9699 
9700 	memset(&connect, 0, sizeof(connect));
9701 
9702 	if (!info->attrs[NL80211_ATTR_SSID] ||
9703 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
9704 		return -EINVAL;
9705 
9706 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
9707 		connect.auth_type =
9708 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9709 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
9710 					     NL80211_CMD_CONNECT))
9711 			return -EINVAL;
9712 	} else
9713 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
9714 
9715 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
9716 
9717 	if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
9718 	    !wiphy_ext_feature_isset(&rdev->wiphy,
9719 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
9720 		return -EINVAL;
9721 	connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
9722 
9723 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
9724 				      NL80211_MAX_NR_CIPHER_SUITES);
9725 	if (err)
9726 		return err;
9727 
9728 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9729 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9730 		return -EOPNOTSUPP;
9731 
9732 	wiphy = &rdev->wiphy;
9733 
9734 	connect.bg_scan_period = -1;
9735 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
9736 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
9737 		connect.bg_scan_period =
9738 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
9739 	}
9740 
9741 	if (info->attrs[NL80211_ATTR_MAC])
9742 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9743 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
9744 		connect.bssid_hint =
9745 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
9746 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9747 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9748 
9749 	if (info->attrs[NL80211_ATTR_IE]) {
9750 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9751 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9752 	}
9753 
9754 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
9755 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9756 		if (connect.mfp == NL80211_MFP_OPTIONAL &&
9757 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9758 					     NL80211_EXT_FEATURE_MFP_OPTIONAL))
9759 			return -EOPNOTSUPP;
9760 	} else {
9761 		connect.mfp = NL80211_MFP_NO;
9762 	}
9763 
9764 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
9765 		connect.prev_bssid =
9766 			nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9767 
9768 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9769 		connect.channel = nl80211_get_valid_chan(
9770 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9771 		if (!connect.channel)
9772 			return -EINVAL;
9773 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
9774 		connect.channel_hint = nl80211_get_valid_chan(
9775 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
9776 		if (!connect.channel_hint)
9777 			return -EINVAL;
9778 	}
9779 
9780 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9781 		connkeys = nl80211_parse_connkeys(rdev, info, NULL);
9782 		if (IS_ERR(connkeys))
9783 			return PTR_ERR(connkeys);
9784 	}
9785 
9786 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9787 		connect.flags |= ASSOC_REQ_DISABLE_HT;
9788 
9789 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9790 		memcpy(&connect.ht_capa_mask,
9791 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9792 		       sizeof(connect.ht_capa_mask));
9793 
9794 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9795 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
9796 			kzfree(connkeys);
9797 			return -EINVAL;
9798 		}
9799 		memcpy(&connect.ht_capa,
9800 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9801 		       sizeof(connect.ht_capa));
9802 	}
9803 
9804 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9805 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
9806 
9807 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9808 		memcpy(&connect.vht_capa_mask,
9809 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9810 		       sizeof(connect.vht_capa_mask));
9811 
9812 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9813 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
9814 			kzfree(connkeys);
9815 			return -EINVAL;
9816 		}
9817 		memcpy(&connect.vht_capa,
9818 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9819 		       sizeof(connect.vht_capa));
9820 	}
9821 
9822 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9823 		if (!((rdev->wiphy.features &
9824 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9825 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9826 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9827 					     NL80211_EXT_FEATURE_RRM)) {
9828 			kzfree(connkeys);
9829 			return -EINVAL;
9830 		}
9831 		connect.flags |= ASSOC_REQ_USE_RRM;
9832 	}
9833 
9834 	connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
9835 	if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
9836 		kzfree(connkeys);
9837 		return -EOPNOTSUPP;
9838 	}
9839 
9840 	if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
9841 		/* bss selection makes no sense if bssid is set */
9842 		if (connect.bssid) {
9843 			kzfree(connkeys);
9844 			return -EINVAL;
9845 		}
9846 
9847 		err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
9848 				       wiphy, &connect.bss_select);
9849 		if (err) {
9850 			kzfree(connkeys);
9851 			return err;
9852 		}
9853 	}
9854 
9855 	if (wiphy_ext_feature_isset(&rdev->wiphy,
9856 				    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
9857 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9858 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9859 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9860 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9861 		connect.fils_erp_username =
9862 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9863 		connect.fils_erp_username_len =
9864 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9865 		connect.fils_erp_realm =
9866 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9867 		connect.fils_erp_realm_len =
9868 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9869 		connect.fils_erp_next_seq_num =
9870 			nla_get_u16(
9871 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9872 		connect.fils_erp_rrk =
9873 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9874 		connect.fils_erp_rrk_len =
9875 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9876 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9877 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9878 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9879 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9880 		kzfree(connkeys);
9881 		return -EINVAL;
9882 	}
9883 
9884 	if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
9885 		if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9886 			kzfree(connkeys);
9887 			GENL_SET_ERR_MSG(info,
9888 					 "external auth requires connection ownership");
9889 			return -EINVAL;
9890 		}
9891 		connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
9892 	}
9893 
9894 	wdev_lock(dev->ieee80211_ptr);
9895 
9896 	err = cfg80211_connect(rdev, dev, &connect, connkeys,
9897 			       connect.prev_bssid);
9898 	if (err)
9899 		kzfree(connkeys);
9900 
9901 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9902 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9903 		if (connect.bssid)
9904 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
9905 			       connect.bssid, ETH_ALEN);
9906 		else
9907 			memset(dev->ieee80211_ptr->disconnect_bssid,
9908 			       0, ETH_ALEN);
9909 	}
9910 
9911 	wdev_unlock(dev->ieee80211_ptr);
9912 
9913 	return err;
9914 }
9915 
9916 static int nl80211_update_connect_params(struct sk_buff *skb,
9917 					 struct genl_info *info)
9918 {
9919 	struct cfg80211_connect_params connect = {};
9920 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9921 	struct net_device *dev = info->user_ptr[1];
9922 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9923 	bool fils_sk_offload;
9924 	u32 auth_type;
9925 	u32 changed = 0;
9926 	int ret;
9927 
9928 	if (!rdev->ops->update_connect_params)
9929 		return -EOPNOTSUPP;
9930 
9931 	if (info->attrs[NL80211_ATTR_IE]) {
9932 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9933 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9934 		changed |= UPDATE_ASSOC_IES;
9935 	}
9936 
9937 	fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
9938 						  NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
9939 
9940 	/*
9941 	 * when driver supports fils-sk offload all attributes must be
9942 	 * provided. So the else covers "fils-sk-not-all" and
9943 	 * "no-fils-sk-any".
9944 	 */
9945 	if (fils_sk_offload &&
9946 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9947 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9948 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9949 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9950 		connect.fils_erp_username =
9951 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9952 		connect.fils_erp_username_len =
9953 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9954 		connect.fils_erp_realm =
9955 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9956 		connect.fils_erp_realm_len =
9957 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9958 		connect.fils_erp_next_seq_num =
9959 			nla_get_u16(
9960 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9961 		connect.fils_erp_rrk =
9962 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9963 		connect.fils_erp_rrk_len =
9964 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9965 		changed |= UPDATE_FILS_ERP_INFO;
9966 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9967 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9968 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9969 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9970 		return -EINVAL;
9971 	}
9972 
9973 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
9974 		auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9975 		if (!nl80211_valid_auth_type(rdev, auth_type,
9976 					     NL80211_CMD_CONNECT))
9977 			return -EINVAL;
9978 
9979 		if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
9980 		    fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
9981 			return -EINVAL;
9982 
9983 		connect.auth_type = auth_type;
9984 		changed |= UPDATE_AUTH_TYPE;
9985 	}
9986 
9987 	wdev_lock(dev->ieee80211_ptr);
9988 	if (!wdev->current_bss)
9989 		ret = -ENOLINK;
9990 	else
9991 		ret = rdev_update_connect_params(rdev, dev, &connect, changed);
9992 	wdev_unlock(dev->ieee80211_ptr);
9993 
9994 	return ret;
9995 }
9996 
9997 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
9998 {
9999 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10000 	struct net_device *dev = info->user_ptr[1];
10001 	u16 reason;
10002 	int ret;
10003 
10004 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
10005 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10006 		return -EPERM;
10007 
10008 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
10009 		reason = WLAN_REASON_DEAUTH_LEAVING;
10010 	else
10011 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10012 
10013 	if (reason == 0)
10014 		return -EINVAL;
10015 
10016 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10017 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10018 		return -EOPNOTSUPP;
10019 
10020 	wdev_lock(dev->ieee80211_ptr);
10021 	ret = cfg80211_disconnect(rdev, dev, reason, true);
10022 	wdev_unlock(dev->ieee80211_ptr);
10023 	return ret;
10024 }
10025 
10026 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
10027 {
10028 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10029 	struct net *net;
10030 	int err;
10031 
10032 	if (info->attrs[NL80211_ATTR_PID]) {
10033 		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
10034 
10035 		net = get_net_ns_by_pid(pid);
10036 	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
10037 		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
10038 
10039 		net = get_net_ns_by_fd(fd);
10040 	} else {
10041 		return -EINVAL;
10042 	}
10043 
10044 	if (IS_ERR(net))
10045 		return PTR_ERR(net);
10046 
10047 	err = 0;
10048 
10049 	/* check if anything to do */
10050 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
10051 		err = cfg80211_switch_netns(rdev, net);
10052 
10053 	put_net(net);
10054 	return err;
10055 }
10056 
10057 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
10058 {
10059 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10060 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
10061 			struct cfg80211_pmksa *pmksa) = NULL;
10062 	struct net_device *dev = info->user_ptr[1];
10063 	struct cfg80211_pmksa pmksa;
10064 
10065 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
10066 
10067 	if (!info->attrs[NL80211_ATTR_PMKID])
10068 		return -EINVAL;
10069 
10070 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
10071 
10072 	if (info->attrs[NL80211_ATTR_MAC]) {
10073 		pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10074 	} else if (info->attrs[NL80211_ATTR_SSID] &&
10075 		   info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
10076 		   (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
10077 		    info->attrs[NL80211_ATTR_PMK])) {
10078 		pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10079 		pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10080 		pmksa.cache_id =
10081 			nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
10082 	} else {
10083 		return -EINVAL;
10084 	}
10085 	if (info->attrs[NL80211_ATTR_PMK]) {
10086 		pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
10087 		pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
10088 	}
10089 
10090 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10091 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
10092 	    !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
10093 	      wiphy_ext_feature_isset(&rdev->wiphy,
10094 				      NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
10095 		return -EOPNOTSUPP;
10096 
10097 	switch (info->genlhdr->cmd) {
10098 	case NL80211_CMD_SET_PMKSA:
10099 		rdev_ops = rdev->ops->set_pmksa;
10100 		break;
10101 	case NL80211_CMD_DEL_PMKSA:
10102 		rdev_ops = rdev->ops->del_pmksa;
10103 		break;
10104 	default:
10105 		WARN_ON(1);
10106 		break;
10107 	}
10108 
10109 	if (!rdev_ops)
10110 		return -EOPNOTSUPP;
10111 
10112 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
10113 }
10114 
10115 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
10116 {
10117 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10118 	struct net_device *dev = info->user_ptr[1];
10119 
10120 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10121 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10122 		return -EOPNOTSUPP;
10123 
10124 	if (!rdev->ops->flush_pmksa)
10125 		return -EOPNOTSUPP;
10126 
10127 	return rdev_flush_pmksa(rdev, dev);
10128 }
10129 
10130 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
10131 {
10132 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10133 	struct net_device *dev = info->user_ptr[1];
10134 	u8 action_code, dialog_token;
10135 	u32 peer_capability = 0;
10136 	u16 status_code;
10137 	u8 *peer;
10138 	bool initiator;
10139 
10140 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10141 	    !rdev->ops->tdls_mgmt)
10142 		return -EOPNOTSUPP;
10143 
10144 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
10145 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
10146 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
10147 	    !info->attrs[NL80211_ATTR_IE] ||
10148 	    !info->attrs[NL80211_ATTR_MAC])
10149 		return -EINVAL;
10150 
10151 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10152 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
10153 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
10154 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
10155 	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
10156 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
10157 		peer_capability =
10158 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
10159 
10160 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
10161 			      dialog_token, status_code, peer_capability,
10162 			      initiator,
10163 			      nla_data(info->attrs[NL80211_ATTR_IE]),
10164 			      nla_len(info->attrs[NL80211_ATTR_IE]));
10165 }
10166 
10167 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
10168 {
10169 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10170 	struct net_device *dev = info->user_ptr[1];
10171 	enum nl80211_tdls_operation operation;
10172 	u8 *peer;
10173 
10174 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10175 	    !rdev->ops->tdls_oper)
10176 		return -EOPNOTSUPP;
10177 
10178 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
10179 	    !info->attrs[NL80211_ATTR_MAC])
10180 		return -EINVAL;
10181 
10182 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
10183 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10184 
10185 	return rdev_tdls_oper(rdev, dev, peer, operation);
10186 }
10187 
10188 static int nl80211_remain_on_channel(struct sk_buff *skb,
10189 				     struct genl_info *info)
10190 {
10191 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10192 	struct wireless_dev *wdev = info->user_ptr[1];
10193 	struct cfg80211_chan_def chandef;
10194 	const struct cfg80211_chan_def *compat_chandef;
10195 	struct sk_buff *msg;
10196 	void *hdr;
10197 	u64 cookie;
10198 	u32 duration;
10199 	int err;
10200 
10201 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10202 	    !info->attrs[NL80211_ATTR_DURATION])
10203 		return -EINVAL;
10204 
10205 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10206 
10207 	if (!rdev->ops->remain_on_channel ||
10208 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
10209 		return -EOPNOTSUPP;
10210 
10211 	/*
10212 	 * We should be on that channel for at least a minimum amount of
10213 	 * time (10ms) but no longer than the driver supports.
10214 	 */
10215 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10216 	    duration > rdev->wiphy.max_remain_on_channel_duration)
10217 		return -EINVAL;
10218 
10219 	err = nl80211_parse_chandef(rdev, info, &chandef);
10220 	if (err)
10221 		return err;
10222 
10223 	wdev_lock(wdev);
10224 	if (!cfg80211_off_channel_oper_allowed(wdev) &&
10225 	    !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
10226 		compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
10227 							     &chandef);
10228 		if (compat_chandef != &chandef) {
10229 			wdev_unlock(wdev);
10230 			return -EBUSY;
10231 		}
10232 	}
10233 	wdev_unlock(wdev);
10234 
10235 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10236 	if (!msg)
10237 		return -ENOMEM;
10238 
10239 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10240 			     NL80211_CMD_REMAIN_ON_CHANNEL);
10241 	if (!hdr) {
10242 		err = -ENOBUFS;
10243 		goto free_msg;
10244 	}
10245 
10246 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
10247 				     duration, &cookie);
10248 
10249 	if (err)
10250 		goto free_msg;
10251 
10252 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10253 			      NL80211_ATTR_PAD))
10254 		goto nla_put_failure;
10255 
10256 	genlmsg_end(msg, hdr);
10257 
10258 	return genlmsg_reply(msg, info);
10259 
10260  nla_put_failure:
10261 	err = -ENOBUFS;
10262  free_msg:
10263 	nlmsg_free(msg);
10264 	return err;
10265 }
10266 
10267 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
10268 					    struct genl_info *info)
10269 {
10270 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10271 	struct wireless_dev *wdev = info->user_ptr[1];
10272 	u64 cookie;
10273 
10274 	if (!info->attrs[NL80211_ATTR_COOKIE])
10275 		return -EINVAL;
10276 
10277 	if (!rdev->ops->cancel_remain_on_channel)
10278 		return -EOPNOTSUPP;
10279 
10280 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10281 
10282 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
10283 }
10284 
10285 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
10286 				       struct genl_info *info)
10287 {
10288 	struct cfg80211_bitrate_mask mask;
10289 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10290 	struct net_device *dev = info->user_ptr[1];
10291 	int err;
10292 
10293 	if (!rdev->ops->set_bitrate_mask)
10294 		return -EOPNOTSUPP;
10295 
10296 	err = nl80211_parse_tx_bitrate_mask(info, &mask);
10297 	if (err)
10298 		return err;
10299 
10300 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
10301 }
10302 
10303 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
10304 {
10305 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10306 	struct wireless_dev *wdev = info->user_ptr[1];
10307 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
10308 
10309 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
10310 		return -EINVAL;
10311 
10312 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
10313 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
10314 
10315 	switch (wdev->iftype) {
10316 	case NL80211_IFTYPE_STATION:
10317 	case NL80211_IFTYPE_ADHOC:
10318 	case NL80211_IFTYPE_P2P_CLIENT:
10319 	case NL80211_IFTYPE_AP:
10320 	case NL80211_IFTYPE_AP_VLAN:
10321 	case NL80211_IFTYPE_MESH_POINT:
10322 	case NL80211_IFTYPE_P2P_GO:
10323 	case NL80211_IFTYPE_P2P_DEVICE:
10324 		break;
10325 	case NL80211_IFTYPE_NAN:
10326 	default:
10327 		return -EOPNOTSUPP;
10328 	}
10329 
10330 	/* not much point in registering if we can't reply */
10331 	if (!rdev->ops->mgmt_tx)
10332 		return -EOPNOTSUPP;
10333 
10334 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
10335 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10336 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
10337 }
10338 
10339 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
10340 {
10341 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10342 	struct wireless_dev *wdev = info->user_ptr[1];
10343 	struct cfg80211_chan_def chandef;
10344 	int err;
10345 	void *hdr = NULL;
10346 	u64 cookie;
10347 	struct sk_buff *msg = NULL;
10348 	struct cfg80211_mgmt_tx_params params = {
10349 		.dont_wait_for_ack =
10350 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
10351 	};
10352 
10353 	if (!info->attrs[NL80211_ATTR_FRAME])
10354 		return -EINVAL;
10355 
10356 	if (!rdev->ops->mgmt_tx)
10357 		return -EOPNOTSUPP;
10358 
10359 	switch (wdev->iftype) {
10360 	case NL80211_IFTYPE_P2P_DEVICE:
10361 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10362 			return -EINVAL;
10363 	case NL80211_IFTYPE_STATION:
10364 	case NL80211_IFTYPE_ADHOC:
10365 	case NL80211_IFTYPE_P2P_CLIENT:
10366 	case NL80211_IFTYPE_AP:
10367 	case NL80211_IFTYPE_AP_VLAN:
10368 	case NL80211_IFTYPE_MESH_POINT:
10369 	case NL80211_IFTYPE_P2P_GO:
10370 		break;
10371 	case NL80211_IFTYPE_NAN:
10372 	default:
10373 		return -EOPNOTSUPP;
10374 	}
10375 
10376 	if (info->attrs[NL80211_ATTR_DURATION]) {
10377 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10378 			return -EINVAL;
10379 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10380 
10381 		/*
10382 		 * We should wait on the channel for at least a minimum amount
10383 		 * of time (10ms) but no longer than the driver supports.
10384 		 */
10385 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10386 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
10387 			return -EINVAL;
10388 	}
10389 
10390 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
10391 
10392 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10393 		return -EINVAL;
10394 
10395 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
10396 
10397 	/* get the channel if any has been specified, otherwise pass NULL to
10398 	 * the driver. The latter will use the current one
10399 	 */
10400 	chandef.chan = NULL;
10401 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10402 		err = nl80211_parse_chandef(rdev, info, &chandef);
10403 		if (err)
10404 			return err;
10405 	}
10406 
10407 	if (!chandef.chan && params.offchan)
10408 		return -EINVAL;
10409 
10410 	wdev_lock(wdev);
10411 	if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
10412 		wdev_unlock(wdev);
10413 		return -EBUSY;
10414 	}
10415 	wdev_unlock(wdev);
10416 
10417 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
10418 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
10419 
10420 	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
10421 		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10422 		int i;
10423 
10424 		if (len % sizeof(u16))
10425 			return -EINVAL;
10426 
10427 		params.n_csa_offsets = len / sizeof(u16);
10428 		params.csa_offsets =
10429 			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10430 
10431 		/* check that all the offsets fit the frame */
10432 		for (i = 0; i < params.n_csa_offsets; i++) {
10433 			if (params.csa_offsets[i] >= params.len)
10434 				return -EINVAL;
10435 		}
10436 	}
10437 
10438 	if (!params.dont_wait_for_ack) {
10439 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10440 		if (!msg)
10441 			return -ENOMEM;
10442 
10443 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10444 				     NL80211_CMD_FRAME);
10445 		if (!hdr) {
10446 			err = -ENOBUFS;
10447 			goto free_msg;
10448 		}
10449 	}
10450 
10451 	params.chan = chandef.chan;
10452 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
10453 	if (err)
10454 		goto free_msg;
10455 
10456 	if (msg) {
10457 		if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10458 				      NL80211_ATTR_PAD))
10459 			goto nla_put_failure;
10460 
10461 		genlmsg_end(msg, hdr);
10462 		return genlmsg_reply(msg, info);
10463 	}
10464 
10465 	return 0;
10466 
10467  nla_put_failure:
10468 	err = -ENOBUFS;
10469  free_msg:
10470 	nlmsg_free(msg);
10471 	return err;
10472 }
10473 
10474 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
10475 {
10476 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10477 	struct wireless_dev *wdev = info->user_ptr[1];
10478 	u64 cookie;
10479 
10480 	if (!info->attrs[NL80211_ATTR_COOKIE])
10481 		return -EINVAL;
10482 
10483 	if (!rdev->ops->mgmt_tx_cancel_wait)
10484 		return -EOPNOTSUPP;
10485 
10486 	switch (wdev->iftype) {
10487 	case NL80211_IFTYPE_STATION:
10488 	case NL80211_IFTYPE_ADHOC:
10489 	case NL80211_IFTYPE_P2P_CLIENT:
10490 	case NL80211_IFTYPE_AP:
10491 	case NL80211_IFTYPE_AP_VLAN:
10492 	case NL80211_IFTYPE_P2P_GO:
10493 	case NL80211_IFTYPE_P2P_DEVICE:
10494 		break;
10495 	case NL80211_IFTYPE_NAN:
10496 	default:
10497 		return -EOPNOTSUPP;
10498 	}
10499 
10500 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10501 
10502 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
10503 }
10504 
10505 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
10506 {
10507 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10508 	struct wireless_dev *wdev;
10509 	struct net_device *dev = info->user_ptr[1];
10510 	u8 ps_state;
10511 	bool state;
10512 	int err;
10513 
10514 	if (!info->attrs[NL80211_ATTR_PS_STATE])
10515 		return -EINVAL;
10516 
10517 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
10518 
10519 	wdev = dev->ieee80211_ptr;
10520 
10521 	if (!rdev->ops->set_power_mgmt)
10522 		return -EOPNOTSUPP;
10523 
10524 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
10525 
10526 	if (state == wdev->ps)
10527 		return 0;
10528 
10529 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
10530 	if (!err)
10531 		wdev->ps = state;
10532 	return err;
10533 }
10534 
10535 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
10536 {
10537 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10538 	enum nl80211_ps_state ps_state;
10539 	struct wireless_dev *wdev;
10540 	struct net_device *dev = info->user_ptr[1];
10541 	struct sk_buff *msg;
10542 	void *hdr;
10543 	int err;
10544 
10545 	wdev = dev->ieee80211_ptr;
10546 
10547 	if (!rdev->ops->set_power_mgmt)
10548 		return -EOPNOTSUPP;
10549 
10550 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10551 	if (!msg)
10552 		return -ENOMEM;
10553 
10554 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10555 			     NL80211_CMD_GET_POWER_SAVE);
10556 	if (!hdr) {
10557 		err = -ENOBUFS;
10558 		goto free_msg;
10559 	}
10560 
10561 	if (wdev->ps)
10562 		ps_state = NL80211_PS_ENABLED;
10563 	else
10564 		ps_state = NL80211_PS_DISABLED;
10565 
10566 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
10567 		goto nla_put_failure;
10568 
10569 	genlmsg_end(msg, hdr);
10570 	return genlmsg_reply(msg, info);
10571 
10572  nla_put_failure:
10573 	err = -ENOBUFS;
10574  free_msg:
10575 	nlmsg_free(msg);
10576 	return err;
10577 }
10578 
10579 static const struct nla_policy
10580 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
10581 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
10582 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
10583 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
10584 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
10585 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
10586 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
10587 	[NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
10588 };
10589 
10590 static int nl80211_set_cqm_txe(struct genl_info *info,
10591 			       u32 rate, u32 pkts, u32 intvl)
10592 {
10593 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10594 	struct net_device *dev = info->user_ptr[1];
10595 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10596 
10597 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
10598 		return -EINVAL;
10599 
10600 	if (!rdev->ops->set_cqm_txe_config)
10601 		return -EOPNOTSUPP;
10602 
10603 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
10604 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10605 		return -EOPNOTSUPP;
10606 
10607 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
10608 }
10609 
10610 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
10611 				    struct net_device *dev)
10612 {
10613 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10614 	s32 last, low, high;
10615 	u32 hyst;
10616 	int i, n, low_index;
10617 	int err;
10618 
10619 	/* RSSI reporting disabled? */
10620 	if (!wdev->cqm_config)
10621 		return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
10622 
10623 	/*
10624 	 * Obtain current RSSI value if possible, if not and no RSSI threshold
10625 	 * event has been received yet, we should receive an event after a
10626 	 * connection is established and enough beacons received to calculate
10627 	 * the average.
10628 	 */
10629 	if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
10630 	    rdev->ops->get_station) {
10631 		struct station_info sinfo = {};
10632 		u8 *mac_addr;
10633 
10634 		mac_addr = wdev->current_bss->pub.bssid;
10635 
10636 		err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
10637 		if (err)
10638 			return err;
10639 
10640 		if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
10641 			wdev->cqm_config->last_rssi_event_value =
10642 				(s8) sinfo.rx_beacon_signal_avg;
10643 	}
10644 
10645 	last = wdev->cqm_config->last_rssi_event_value;
10646 	hyst = wdev->cqm_config->rssi_hyst;
10647 	n = wdev->cqm_config->n_rssi_thresholds;
10648 
10649 	for (i = 0; i < n; i++)
10650 		if (last < wdev->cqm_config->rssi_thresholds[i])
10651 			break;
10652 
10653 	low_index = i - 1;
10654 	if (low_index >= 0) {
10655 		low_index = array_index_nospec(low_index, n);
10656 		low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
10657 	} else {
10658 		low = S32_MIN;
10659 	}
10660 	if (i < n) {
10661 		i = array_index_nospec(i, n);
10662 		high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
10663 	} else {
10664 		high = S32_MAX;
10665 	}
10666 
10667 	return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
10668 }
10669 
10670 static int nl80211_set_cqm_rssi(struct genl_info *info,
10671 				const s32 *thresholds, int n_thresholds,
10672 				u32 hysteresis)
10673 {
10674 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10675 	struct net_device *dev = info->user_ptr[1];
10676 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10677 	int i, err;
10678 	s32 prev = S32_MIN;
10679 
10680 	/* Check all values negative and sorted */
10681 	for (i = 0; i < n_thresholds; i++) {
10682 		if (thresholds[i] > 0 || thresholds[i] <= prev)
10683 			return -EINVAL;
10684 
10685 		prev = thresholds[i];
10686 	}
10687 
10688 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
10689 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10690 		return -EOPNOTSUPP;
10691 
10692 	wdev_lock(wdev);
10693 	cfg80211_cqm_config_free(wdev);
10694 	wdev_unlock(wdev);
10695 
10696 	if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
10697 		if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
10698 			return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
10699 
10700 		return rdev_set_cqm_rssi_config(rdev, dev,
10701 						thresholds[0], hysteresis);
10702 	}
10703 
10704 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
10705 				     NL80211_EXT_FEATURE_CQM_RSSI_LIST))
10706 		return -EOPNOTSUPP;
10707 
10708 	if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
10709 		n_thresholds = 0;
10710 
10711 	wdev_lock(wdev);
10712 	if (n_thresholds) {
10713 		struct cfg80211_cqm_config *cqm_config;
10714 
10715 		cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
10716 				     n_thresholds * sizeof(s32), GFP_KERNEL);
10717 		if (!cqm_config) {
10718 			err = -ENOMEM;
10719 			goto unlock;
10720 		}
10721 
10722 		cqm_config->rssi_hyst = hysteresis;
10723 		cqm_config->n_rssi_thresholds = n_thresholds;
10724 		memcpy(cqm_config->rssi_thresholds, thresholds,
10725 		       n_thresholds * sizeof(s32));
10726 
10727 		wdev->cqm_config = cqm_config;
10728 	}
10729 
10730 	err = cfg80211_cqm_rssi_update(rdev, dev);
10731 
10732 unlock:
10733 	wdev_unlock(wdev);
10734 
10735 	return err;
10736 }
10737 
10738 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
10739 {
10740 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
10741 	struct nlattr *cqm;
10742 	int err;
10743 
10744 	cqm = info->attrs[NL80211_ATTR_CQM];
10745 	if (!cqm)
10746 		return -EINVAL;
10747 
10748 	err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
10749 					  nl80211_attr_cqm_policy,
10750 					  info->extack);
10751 	if (err)
10752 		return err;
10753 
10754 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
10755 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
10756 		const s32 *thresholds =
10757 			nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10758 		int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10759 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
10760 
10761 		if (len % 4)
10762 			return -EINVAL;
10763 
10764 		return nl80211_set_cqm_rssi(info, thresholds, len / 4,
10765 					    hysteresis);
10766 	}
10767 
10768 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
10769 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
10770 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
10771 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
10772 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
10773 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
10774 
10775 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
10776 	}
10777 
10778 	return -EINVAL;
10779 }
10780 
10781 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
10782 {
10783 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10784 	struct net_device *dev = info->user_ptr[1];
10785 	struct ocb_setup setup = {};
10786 	int err;
10787 
10788 	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10789 	if (err)
10790 		return err;
10791 
10792 	return cfg80211_join_ocb(rdev, dev, &setup);
10793 }
10794 
10795 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
10796 {
10797 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10798 	struct net_device *dev = info->user_ptr[1];
10799 
10800 	return cfg80211_leave_ocb(rdev, dev);
10801 }
10802 
10803 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
10804 {
10805 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10806 	struct net_device *dev = info->user_ptr[1];
10807 	struct mesh_config cfg;
10808 	struct mesh_setup setup;
10809 	int err;
10810 
10811 	/* start with default */
10812 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
10813 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
10814 
10815 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
10816 		/* and parse parameters if given */
10817 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
10818 		if (err)
10819 			return err;
10820 	}
10821 
10822 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
10823 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
10824 		return -EINVAL;
10825 
10826 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
10827 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
10828 
10829 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
10830 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
10831 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10832 			return -EINVAL;
10833 
10834 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
10835 		setup.beacon_interval =
10836 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10837 
10838 		err = cfg80211_validate_beacon_int(rdev,
10839 						   NL80211_IFTYPE_MESH_POINT,
10840 						   setup.beacon_interval);
10841 		if (err)
10842 			return err;
10843 	}
10844 
10845 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
10846 		setup.dtim_period =
10847 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
10848 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
10849 			return -EINVAL;
10850 	}
10851 
10852 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
10853 		/* parse additional setup parameters if given */
10854 		err = nl80211_parse_mesh_setup(info, &setup);
10855 		if (err)
10856 			return err;
10857 	}
10858 
10859 	if (setup.user_mpm)
10860 		cfg.auto_open_plinks = false;
10861 
10862 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10863 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10864 		if (err)
10865 			return err;
10866 	} else {
10867 		/* __cfg80211_join_mesh() will sort it out */
10868 		setup.chandef.chan = NULL;
10869 	}
10870 
10871 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10872 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10873 		int n_rates =
10874 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10875 		struct ieee80211_supported_band *sband;
10876 
10877 		if (!setup.chandef.chan)
10878 			return -EINVAL;
10879 
10880 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
10881 
10882 		err = ieee80211_get_ratemask(sband, rates, n_rates,
10883 					     &setup.basic_rates);
10884 		if (err)
10885 			return err;
10886 	}
10887 
10888 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
10889 		err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
10890 		if (err)
10891 			return err;
10892 
10893 		if (!setup.chandef.chan)
10894 			return -EINVAL;
10895 
10896 		err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
10897 					      &setup.beacon_rate);
10898 		if (err)
10899 			return err;
10900 	}
10901 
10902 	setup.userspace_handles_dfs =
10903 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10904 
10905 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10906 		int r = validate_pae_over_nl80211(rdev, info);
10907 
10908 		if (r < 0)
10909 			return r;
10910 
10911 		setup.control_port_over_nl80211 = true;
10912 	}
10913 
10914 	wdev_lock(dev->ieee80211_ptr);
10915 	err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
10916 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
10917 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10918 	wdev_unlock(dev->ieee80211_ptr);
10919 
10920 	return err;
10921 }
10922 
10923 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
10924 {
10925 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10926 	struct net_device *dev = info->user_ptr[1];
10927 
10928 	return cfg80211_leave_mesh(rdev, dev);
10929 }
10930 
10931 #ifdef CONFIG_PM
10932 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
10933 					struct cfg80211_registered_device *rdev)
10934 {
10935 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
10936 	struct nlattr *nl_pats, *nl_pat;
10937 	int i, pat_len;
10938 
10939 	if (!wowlan->n_patterns)
10940 		return 0;
10941 
10942 	nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
10943 	if (!nl_pats)
10944 		return -ENOBUFS;
10945 
10946 	for (i = 0; i < wowlan->n_patterns; i++) {
10947 		nl_pat = nla_nest_start_noflag(msg, i + 1);
10948 		if (!nl_pat)
10949 			return -ENOBUFS;
10950 		pat_len = wowlan->patterns[i].pattern_len;
10951 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
10952 			    wowlan->patterns[i].mask) ||
10953 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10954 			    wowlan->patterns[i].pattern) ||
10955 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10956 				wowlan->patterns[i].pkt_offset))
10957 			return -ENOBUFS;
10958 		nla_nest_end(msg, nl_pat);
10959 	}
10960 	nla_nest_end(msg, nl_pats);
10961 
10962 	return 0;
10963 }
10964 
10965 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
10966 				   struct cfg80211_wowlan_tcp *tcp)
10967 {
10968 	struct nlattr *nl_tcp;
10969 
10970 	if (!tcp)
10971 		return 0;
10972 
10973 	nl_tcp = nla_nest_start_noflag(msg,
10974 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
10975 	if (!nl_tcp)
10976 		return -ENOBUFS;
10977 
10978 	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
10979 	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
10980 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
10981 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
10982 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
10983 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
10984 		    tcp->payload_len, tcp->payload) ||
10985 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
10986 			tcp->data_interval) ||
10987 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
10988 		    tcp->wake_len, tcp->wake_data) ||
10989 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
10990 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
10991 		return -ENOBUFS;
10992 
10993 	if (tcp->payload_seq.len &&
10994 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
10995 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
10996 		return -ENOBUFS;
10997 
10998 	if (tcp->payload_tok.len &&
10999 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
11000 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
11001 		    &tcp->payload_tok))
11002 		return -ENOBUFS;
11003 
11004 	nla_nest_end(msg, nl_tcp);
11005 
11006 	return 0;
11007 }
11008 
11009 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
11010 				  struct cfg80211_sched_scan_request *req)
11011 {
11012 	struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
11013 	int i;
11014 
11015 	if (!req)
11016 		return 0;
11017 
11018 	nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
11019 	if (!nd)
11020 		return -ENOBUFS;
11021 
11022 	if (req->n_scan_plans == 1 &&
11023 	    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
11024 			req->scan_plans[0].interval * 1000))
11025 		return -ENOBUFS;
11026 
11027 	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
11028 		return -ENOBUFS;
11029 
11030 	if (req->relative_rssi_set) {
11031 		struct nl80211_bss_select_rssi_adjust rssi_adjust;
11032 
11033 		if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
11034 			       req->relative_rssi))
11035 			return -ENOBUFS;
11036 
11037 		rssi_adjust.band = req->rssi_adjust.band;
11038 		rssi_adjust.delta = req->rssi_adjust.delta;
11039 		if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
11040 			    sizeof(rssi_adjust), &rssi_adjust))
11041 			return -ENOBUFS;
11042 	}
11043 
11044 	freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11045 	if (!freqs)
11046 		return -ENOBUFS;
11047 
11048 	for (i = 0; i < req->n_channels; i++) {
11049 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11050 			return -ENOBUFS;
11051 	}
11052 
11053 	nla_nest_end(msg, freqs);
11054 
11055 	if (req->n_match_sets) {
11056 		matches = nla_nest_start_noflag(msg,
11057 						NL80211_ATTR_SCHED_SCAN_MATCH);
11058 		if (!matches)
11059 			return -ENOBUFS;
11060 
11061 		for (i = 0; i < req->n_match_sets; i++) {
11062 			match = nla_nest_start_noflag(msg, i);
11063 			if (!match)
11064 				return -ENOBUFS;
11065 
11066 			if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
11067 				    req->match_sets[i].ssid.ssid_len,
11068 				    req->match_sets[i].ssid.ssid))
11069 				return -ENOBUFS;
11070 			nla_nest_end(msg, match);
11071 		}
11072 		nla_nest_end(msg, matches);
11073 	}
11074 
11075 	scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
11076 	if (!scan_plans)
11077 		return -ENOBUFS;
11078 
11079 	for (i = 0; i < req->n_scan_plans; i++) {
11080 		scan_plan = nla_nest_start_noflag(msg, i + 1);
11081 		if (!scan_plan)
11082 			return -ENOBUFS;
11083 
11084 		if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
11085 				req->scan_plans[i].interval) ||
11086 		    (req->scan_plans[i].iterations &&
11087 		     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
11088 				 req->scan_plans[i].iterations)))
11089 			return -ENOBUFS;
11090 		nla_nest_end(msg, scan_plan);
11091 	}
11092 	nla_nest_end(msg, scan_plans);
11093 
11094 	nla_nest_end(msg, nd);
11095 
11096 	return 0;
11097 }
11098 
11099 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
11100 {
11101 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11102 	struct sk_buff *msg;
11103 	void *hdr;
11104 	u32 size = NLMSG_DEFAULT_SIZE;
11105 
11106 	if (!rdev->wiphy.wowlan)
11107 		return -EOPNOTSUPP;
11108 
11109 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
11110 		/* adjust size to have room for all the data */
11111 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
11112 			rdev->wiphy.wowlan_config->tcp->payload_len +
11113 			rdev->wiphy.wowlan_config->tcp->wake_len +
11114 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
11115 	}
11116 
11117 	msg = nlmsg_new(size, GFP_KERNEL);
11118 	if (!msg)
11119 		return -ENOMEM;
11120 
11121 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11122 			     NL80211_CMD_GET_WOWLAN);
11123 	if (!hdr)
11124 		goto nla_put_failure;
11125 
11126 	if (rdev->wiphy.wowlan_config) {
11127 		struct nlattr *nl_wowlan;
11128 
11129 		nl_wowlan = nla_nest_start_noflag(msg,
11130 						  NL80211_ATTR_WOWLAN_TRIGGERS);
11131 		if (!nl_wowlan)
11132 			goto nla_put_failure;
11133 
11134 		if ((rdev->wiphy.wowlan_config->any &&
11135 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
11136 		    (rdev->wiphy.wowlan_config->disconnect &&
11137 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
11138 		    (rdev->wiphy.wowlan_config->magic_pkt &&
11139 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
11140 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
11141 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
11142 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
11143 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
11144 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
11145 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
11146 		    (rdev->wiphy.wowlan_config->rfkill_release &&
11147 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
11148 			goto nla_put_failure;
11149 
11150 		if (nl80211_send_wowlan_patterns(msg, rdev))
11151 			goto nla_put_failure;
11152 
11153 		if (nl80211_send_wowlan_tcp(msg,
11154 					    rdev->wiphy.wowlan_config->tcp))
11155 			goto nla_put_failure;
11156 
11157 		if (nl80211_send_wowlan_nd(
11158 			    msg,
11159 			    rdev->wiphy.wowlan_config->nd_config))
11160 			goto nla_put_failure;
11161 
11162 		nla_nest_end(msg, nl_wowlan);
11163 	}
11164 
11165 	genlmsg_end(msg, hdr);
11166 	return genlmsg_reply(msg, info);
11167 
11168 nla_put_failure:
11169 	nlmsg_free(msg);
11170 	return -ENOBUFS;
11171 }
11172 
11173 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
11174 				    struct nlattr *attr,
11175 				    struct cfg80211_wowlan *trig)
11176 {
11177 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
11178 	struct cfg80211_wowlan_tcp *cfg;
11179 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
11180 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
11181 	u32 size;
11182 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
11183 	int err, port;
11184 
11185 	if (!rdev->wiphy.wowlan->tcp)
11186 		return -EINVAL;
11187 
11188 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
11189 					  nl80211_wowlan_tcp_policy, NULL);
11190 	if (err)
11191 		return err;
11192 
11193 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
11194 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
11195 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
11196 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
11197 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
11198 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
11199 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
11200 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
11201 		return -EINVAL;
11202 
11203 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
11204 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
11205 		return -EINVAL;
11206 
11207 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
11208 			rdev->wiphy.wowlan->tcp->data_interval_max ||
11209 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
11210 		return -EINVAL;
11211 
11212 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
11213 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
11214 		return -EINVAL;
11215 
11216 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
11217 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
11218 		return -EINVAL;
11219 
11220 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
11221 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11222 
11223 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11224 		tokens_size = tokln - sizeof(*tok);
11225 
11226 		if (!tok->len || tokens_size % tok->len)
11227 			return -EINVAL;
11228 		if (!rdev->wiphy.wowlan->tcp->tok)
11229 			return -EINVAL;
11230 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
11231 			return -EINVAL;
11232 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
11233 			return -EINVAL;
11234 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
11235 			return -EINVAL;
11236 		if (tok->offset + tok->len > data_size)
11237 			return -EINVAL;
11238 	}
11239 
11240 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
11241 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
11242 		if (!rdev->wiphy.wowlan->tcp->seq)
11243 			return -EINVAL;
11244 		if (seq->len == 0 || seq->len > 4)
11245 			return -EINVAL;
11246 		if (seq->len + seq->offset > data_size)
11247 			return -EINVAL;
11248 	}
11249 
11250 	size = sizeof(*cfg);
11251 	size += data_size;
11252 	size += wake_size + wake_mask_size;
11253 	size += tokens_size;
11254 
11255 	cfg = kzalloc(size, GFP_KERNEL);
11256 	if (!cfg)
11257 		return -ENOMEM;
11258 	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
11259 	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
11260 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
11261 	       ETH_ALEN);
11262 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
11263 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
11264 	else
11265 		port = 0;
11266 #ifdef CONFIG_INET
11267 	/* allocate a socket and port for it and use it */
11268 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
11269 			    IPPROTO_TCP, &cfg->sock, 1);
11270 	if (err) {
11271 		kfree(cfg);
11272 		return err;
11273 	}
11274 	if (inet_csk_get_port(cfg->sock->sk, port)) {
11275 		sock_release(cfg->sock);
11276 		kfree(cfg);
11277 		return -EADDRINUSE;
11278 	}
11279 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
11280 #else
11281 	if (!port) {
11282 		kfree(cfg);
11283 		return -EINVAL;
11284 	}
11285 	cfg->src_port = port;
11286 #endif
11287 
11288 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
11289 	cfg->payload_len = data_size;
11290 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
11291 	memcpy((void *)cfg->payload,
11292 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
11293 	       data_size);
11294 	if (seq)
11295 		cfg->payload_seq = *seq;
11296 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
11297 	cfg->wake_len = wake_size;
11298 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
11299 	memcpy((void *)cfg->wake_data,
11300 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
11301 	       wake_size);
11302 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
11303 			 data_size + wake_size;
11304 	memcpy((void *)cfg->wake_mask,
11305 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
11306 	       wake_mask_size);
11307 	if (tok) {
11308 		cfg->tokens_size = tokens_size;
11309 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
11310 	}
11311 
11312 	trig->tcp = cfg;
11313 
11314 	return 0;
11315 }
11316 
11317 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
11318 				   const struct wiphy_wowlan_support *wowlan,
11319 				   struct nlattr *attr,
11320 				   struct cfg80211_wowlan *trig)
11321 {
11322 	struct nlattr **tb;
11323 	int err;
11324 
11325 	tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
11326 	if (!tb)
11327 		return -ENOMEM;
11328 
11329 	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
11330 		err = -EOPNOTSUPP;
11331 		goto out;
11332 	}
11333 
11334 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
11335 					  nl80211_policy, NULL);
11336 	if (err)
11337 		goto out;
11338 
11339 	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
11340 						   wowlan->max_nd_match_sets);
11341 	err = PTR_ERR_OR_ZERO(trig->nd_config);
11342 	if (err)
11343 		trig->nd_config = NULL;
11344 
11345 out:
11346 	kfree(tb);
11347 	return err;
11348 }
11349 
11350 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
11351 {
11352 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11353 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
11354 	struct cfg80211_wowlan new_triggers = {};
11355 	struct cfg80211_wowlan *ntrig;
11356 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
11357 	int err, i;
11358 	bool prev_enabled = rdev->wiphy.wowlan_config;
11359 	bool regular = false;
11360 
11361 	if (!wowlan)
11362 		return -EOPNOTSUPP;
11363 
11364 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
11365 		cfg80211_rdev_free_wowlan(rdev);
11366 		rdev->wiphy.wowlan_config = NULL;
11367 		goto set_wakeup;
11368 	}
11369 
11370 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
11371 					  info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
11372 					  nl80211_wowlan_policy, info->extack);
11373 	if (err)
11374 		return err;
11375 
11376 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
11377 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
11378 			return -EINVAL;
11379 		new_triggers.any = true;
11380 	}
11381 
11382 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
11383 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
11384 			return -EINVAL;
11385 		new_triggers.disconnect = true;
11386 		regular = true;
11387 	}
11388 
11389 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
11390 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
11391 			return -EINVAL;
11392 		new_triggers.magic_pkt = true;
11393 		regular = true;
11394 	}
11395 
11396 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
11397 		return -EINVAL;
11398 
11399 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
11400 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
11401 			return -EINVAL;
11402 		new_triggers.gtk_rekey_failure = true;
11403 		regular = true;
11404 	}
11405 
11406 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
11407 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
11408 			return -EINVAL;
11409 		new_triggers.eap_identity_req = true;
11410 		regular = true;
11411 	}
11412 
11413 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
11414 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
11415 			return -EINVAL;
11416 		new_triggers.four_way_handshake = true;
11417 		regular = true;
11418 	}
11419 
11420 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
11421 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
11422 			return -EINVAL;
11423 		new_triggers.rfkill_release = true;
11424 		regular = true;
11425 	}
11426 
11427 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
11428 		struct nlattr *pat;
11429 		int n_patterns = 0;
11430 		int rem, pat_len, mask_len, pkt_offset;
11431 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11432 
11433 		regular = true;
11434 
11435 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11436 				    rem)
11437 			n_patterns++;
11438 		if (n_patterns > wowlan->n_patterns)
11439 			return -EINVAL;
11440 
11441 		new_triggers.patterns = kcalloc(n_patterns,
11442 						sizeof(new_triggers.patterns[0]),
11443 						GFP_KERNEL);
11444 		if (!new_triggers.patterns)
11445 			return -ENOMEM;
11446 
11447 		new_triggers.n_patterns = n_patterns;
11448 		i = 0;
11449 
11450 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11451 				    rem) {
11452 			u8 *mask_pat;
11453 
11454 			err = nla_parse_nested_deprecated(pat_tb,
11455 							  MAX_NL80211_PKTPAT,
11456 							  pat,
11457 							  nl80211_packet_pattern_policy,
11458 							  info->extack);
11459 			if (err)
11460 				goto error;
11461 
11462 			err = -EINVAL;
11463 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
11464 			    !pat_tb[NL80211_PKTPAT_PATTERN])
11465 				goto error;
11466 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11467 			mask_len = DIV_ROUND_UP(pat_len, 8);
11468 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11469 				goto error;
11470 			if (pat_len > wowlan->pattern_max_len ||
11471 			    pat_len < wowlan->pattern_min_len)
11472 				goto error;
11473 
11474 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
11475 				pkt_offset = 0;
11476 			else
11477 				pkt_offset = nla_get_u32(
11478 					pat_tb[NL80211_PKTPAT_OFFSET]);
11479 			if (pkt_offset > wowlan->max_pkt_offset)
11480 				goto error;
11481 			new_triggers.patterns[i].pkt_offset = pkt_offset;
11482 
11483 			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11484 			if (!mask_pat) {
11485 				err = -ENOMEM;
11486 				goto error;
11487 			}
11488 			new_triggers.patterns[i].mask = mask_pat;
11489 			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11490 			       mask_len);
11491 			mask_pat += mask_len;
11492 			new_triggers.patterns[i].pattern = mask_pat;
11493 			new_triggers.patterns[i].pattern_len = pat_len;
11494 			memcpy(mask_pat,
11495 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11496 			       pat_len);
11497 			i++;
11498 		}
11499 	}
11500 
11501 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
11502 		regular = true;
11503 		err = nl80211_parse_wowlan_tcp(
11504 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
11505 			&new_triggers);
11506 		if (err)
11507 			goto error;
11508 	}
11509 
11510 	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
11511 		regular = true;
11512 		err = nl80211_parse_wowlan_nd(
11513 			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
11514 			&new_triggers);
11515 		if (err)
11516 			goto error;
11517 	}
11518 
11519 	/* The 'any' trigger means the device continues operating more or less
11520 	 * as in its normal operation mode and wakes up the host on most of the
11521 	 * normal interrupts (like packet RX, ...)
11522 	 * It therefore makes little sense to combine with the more constrained
11523 	 * wakeup trigger modes.
11524 	 */
11525 	if (new_triggers.any && regular) {
11526 		err = -EINVAL;
11527 		goto error;
11528 	}
11529 
11530 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
11531 	if (!ntrig) {
11532 		err = -ENOMEM;
11533 		goto error;
11534 	}
11535 	cfg80211_rdev_free_wowlan(rdev);
11536 	rdev->wiphy.wowlan_config = ntrig;
11537 
11538  set_wakeup:
11539 	if (rdev->ops->set_wakeup &&
11540 	    prev_enabled != !!rdev->wiphy.wowlan_config)
11541 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
11542 
11543 	return 0;
11544  error:
11545 	for (i = 0; i < new_triggers.n_patterns; i++)
11546 		kfree(new_triggers.patterns[i].mask);
11547 	kfree(new_triggers.patterns);
11548 	if (new_triggers.tcp && new_triggers.tcp->sock)
11549 		sock_release(new_triggers.tcp->sock);
11550 	kfree(new_triggers.tcp);
11551 	kfree(new_triggers.nd_config);
11552 	return err;
11553 }
11554 #endif
11555 
11556 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
11557 				       struct cfg80211_registered_device *rdev)
11558 {
11559 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
11560 	int i, j, pat_len;
11561 	struct cfg80211_coalesce_rules *rule;
11562 
11563 	if (!rdev->coalesce->n_rules)
11564 		return 0;
11565 
11566 	nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
11567 	if (!nl_rules)
11568 		return -ENOBUFS;
11569 
11570 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
11571 		nl_rule = nla_nest_start_noflag(msg, i + 1);
11572 		if (!nl_rule)
11573 			return -ENOBUFS;
11574 
11575 		rule = &rdev->coalesce->rules[i];
11576 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
11577 				rule->delay))
11578 			return -ENOBUFS;
11579 
11580 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
11581 				rule->condition))
11582 			return -ENOBUFS;
11583 
11584 		nl_pats = nla_nest_start_noflag(msg,
11585 						NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
11586 		if (!nl_pats)
11587 			return -ENOBUFS;
11588 
11589 		for (j = 0; j < rule->n_patterns; j++) {
11590 			nl_pat = nla_nest_start_noflag(msg, j + 1);
11591 			if (!nl_pat)
11592 				return -ENOBUFS;
11593 			pat_len = rule->patterns[j].pattern_len;
11594 			if (nla_put(msg, NL80211_PKTPAT_MASK,
11595 				    DIV_ROUND_UP(pat_len, 8),
11596 				    rule->patterns[j].mask) ||
11597 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11598 				    rule->patterns[j].pattern) ||
11599 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11600 					rule->patterns[j].pkt_offset))
11601 				return -ENOBUFS;
11602 			nla_nest_end(msg, nl_pat);
11603 		}
11604 		nla_nest_end(msg, nl_pats);
11605 		nla_nest_end(msg, nl_rule);
11606 	}
11607 	nla_nest_end(msg, nl_rules);
11608 
11609 	return 0;
11610 }
11611 
11612 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
11613 {
11614 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11615 	struct sk_buff *msg;
11616 	void *hdr;
11617 
11618 	if (!rdev->wiphy.coalesce)
11619 		return -EOPNOTSUPP;
11620 
11621 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11622 	if (!msg)
11623 		return -ENOMEM;
11624 
11625 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11626 			     NL80211_CMD_GET_COALESCE);
11627 	if (!hdr)
11628 		goto nla_put_failure;
11629 
11630 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
11631 		goto nla_put_failure;
11632 
11633 	genlmsg_end(msg, hdr);
11634 	return genlmsg_reply(msg, info);
11635 
11636 nla_put_failure:
11637 	nlmsg_free(msg);
11638 	return -ENOBUFS;
11639 }
11640 
11641 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
11642 {
11643 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
11644 	int i, j;
11645 	struct cfg80211_coalesce_rules *rule;
11646 
11647 	if (!coalesce)
11648 		return;
11649 
11650 	for (i = 0; i < coalesce->n_rules; i++) {
11651 		rule = &coalesce->rules[i];
11652 		for (j = 0; j < rule->n_patterns; j++)
11653 			kfree(rule->patterns[j].mask);
11654 		kfree(rule->patterns);
11655 	}
11656 	kfree(coalesce->rules);
11657 	kfree(coalesce);
11658 	rdev->coalesce = NULL;
11659 }
11660 
11661 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
11662 				       struct nlattr *rule,
11663 				       struct cfg80211_coalesce_rules *new_rule)
11664 {
11665 	int err, i;
11666 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11667 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
11668 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
11669 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11670 
11671 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
11672 					  rule, nl80211_coalesce_policy, NULL);
11673 	if (err)
11674 		return err;
11675 
11676 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
11677 		new_rule->delay =
11678 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
11679 	if (new_rule->delay > coalesce->max_delay)
11680 		return -EINVAL;
11681 
11682 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
11683 		new_rule->condition =
11684 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
11685 
11686 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
11687 		return -EINVAL;
11688 
11689 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11690 			    rem)
11691 		n_patterns++;
11692 	if (n_patterns > coalesce->n_patterns)
11693 		return -EINVAL;
11694 
11695 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
11696 				     GFP_KERNEL);
11697 	if (!new_rule->patterns)
11698 		return -ENOMEM;
11699 
11700 	new_rule->n_patterns = n_patterns;
11701 	i = 0;
11702 
11703 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11704 			    rem) {
11705 		u8 *mask_pat;
11706 
11707 		err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
11708 						  pat,
11709 						  nl80211_packet_pattern_policy,
11710 						  NULL);
11711 		if (err)
11712 			return err;
11713 
11714 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
11715 		    !pat_tb[NL80211_PKTPAT_PATTERN])
11716 			return -EINVAL;
11717 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11718 		mask_len = DIV_ROUND_UP(pat_len, 8);
11719 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11720 			return -EINVAL;
11721 		if (pat_len > coalesce->pattern_max_len ||
11722 		    pat_len < coalesce->pattern_min_len)
11723 			return -EINVAL;
11724 
11725 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
11726 			pkt_offset = 0;
11727 		else
11728 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
11729 		if (pkt_offset > coalesce->max_pkt_offset)
11730 			return -EINVAL;
11731 		new_rule->patterns[i].pkt_offset = pkt_offset;
11732 
11733 		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11734 		if (!mask_pat)
11735 			return -ENOMEM;
11736 
11737 		new_rule->patterns[i].mask = mask_pat;
11738 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11739 		       mask_len);
11740 
11741 		mask_pat += mask_len;
11742 		new_rule->patterns[i].pattern = mask_pat;
11743 		new_rule->patterns[i].pattern_len = pat_len;
11744 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11745 		       pat_len);
11746 		i++;
11747 	}
11748 
11749 	return 0;
11750 }
11751 
11752 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
11753 {
11754 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11755 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11756 	struct cfg80211_coalesce new_coalesce = {};
11757 	struct cfg80211_coalesce *n_coalesce;
11758 	int err, rem_rule, n_rules = 0, i, j;
11759 	struct nlattr *rule;
11760 	struct cfg80211_coalesce_rules *tmp_rule;
11761 
11762 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
11763 		return -EOPNOTSUPP;
11764 
11765 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
11766 		cfg80211_rdev_free_coalesce(rdev);
11767 		rdev_set_coalesce(rdev, NULL);
11768 		return 0;
11769 	}
11770 
11771 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11772 			    rem_rule)
11773 		n_rules++;
11774 	if (n_rules > coalesce->n_rules)
11775 		return -EINVAL;
11776 
11777 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
11778 				     GFP_KERNEL);
11779 	if (!new_coalesce.rules)
11780 		return -ENOMEM;
11781 
11782 	new_coalesce.n_rules = n_rules;
11783 	i = 0;
11784 
11785 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11786 			    rem_rule) {
11787 		err = nl80211_parse_coalesce_rule(rdev, rule,
11788 						  &new_coalesce.rules[i]);
11789 		if (err)
11790 			goto error;
11791 
11792 		i++;
11793 	}
11794 
11795 	err = rdev_set_coalesce(rdev, &new_coalesce);
11796 	if (err)
11797 		goto error;
11798 
11799 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
11800 	if (!n_coalesce) {
11801 		err = -ENOMEM;
11802 		goto error;
11803 	}
11804 	cfg80211_rdev_free_coalesce(rdev);
11805 	rdev->coalesce = n_coalesce;
11806 
11807 	return 0;
11808 error:
11809 	for (i = 0; i < new_coalesce.n_rules; i++) {
11810 		tmp_rule = &new_coalesce.rules[i];
11811 		for (j = 0; j < tmp_rule->n_patterns; j++)
11812 			kfree(tmp_rule->patterns[j].mask);
11813 		kfree(tmp_rule->patterns);
11814 	}
11815 	kfree(new_coalesce.rules);
11816 
11817 	return err;
11818 }
11819 
11820 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
11821 {
11822 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11823 	struct net_device *dev = info->user_ptr[1];
11824 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11825 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
11826 	struct cfg80211_gtk_rekey_data rekey_data;
11827 	int err;
11828 
11829 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
11830 		return -EINVAL;
11831 
11832 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
11833 					  info->attrs[NL80211_ATTR_REKEY_DATA],
11834 					  nl80211_rekey_policy, info->extack);
11835 	if (err)
11836 		return err;
11837 
11838 	if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
11839 	    !tb[NL80211_REKEY_DATA_KCK])
11840 		return -EINVAL;
11841 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
11842 		return -ERANGE;
11843 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
11844 		return -ERANGE;
11845 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
11846 		return -ERANGE;
11847 
11848 	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
11849 	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
11850 	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
11851 
11852 	wdev_lock(wdev);
11853 	if (!wdev->current_bss) {
11854 		err = -ENOTCONN;
11855 		goto out;
11856 	}
11857 
11858 	if (!rdev->ops->set_rekey_data) {
11859 		err = -EOPNOTSUPP;
11860 		goto out;
11861 	}
11862 
11863 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
11864  out:
11865 	wdev_unlock(wdev);
11866 	return err;
11867 }
11868 
11869 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
11870 					     struct genl_info *info)
11871 {
11872 	struct net_device *dev = info->user_ptr[1];
11873 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11874 
11875 	if (wdev->iftype != NL80211_IFTYPE_AP &&
11876 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
11877 		return -EINVAL;
11878 
11879 	if (wdev->ap_unexpected_nlportid)
11880 		return -EBUSY;
11881 
11882 	wdev->ap_unexpected_nlportid = info->snd_portid;
11883 	return 0;
11884 }
11885 
11886 static int nl80211_probe_client(struct sk_buff *skb,
11887 				struct genl_info *info)
11888 {
11889 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11890 	struct net_device *dev = info->user_ptr[1];
11891 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11892 	struct sk_buff *msg;
11893 	void *hdr;
11894 	const u8 *addr;
11895 	u64 cookie;
11896 	int err;
11897 
11898 	if (wdev->iftype != NL80211_IFTYPE_AP &&
11899 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
11900 		return -EOPNOTSUPP;
11901 
11902 	if (!info->attrs[NL80211_ATTR_MAC])
11903 		return -EINVAL;
11904 
11905 	if (!rdev->ops->probe_client)
11906 		return -EOPNOTSUPP;
11907 
11908 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11909 	if (!msg)
11910 		return -ENOMEM;
11911 
11912 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11913 			     NL80211_CMD_PROBE_CLIENT);
11914 	if (!hdr) {
11915 		err = -ENOBUFS;
11916 		goto free_msg;
11917 	}
11918 
11919 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
11920 
11921 	err = rdev_probe_client(rdev, dev, addr, &cookie);
11922 	if (err)
11923 		goto free_msg;
11924 
11925 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11926 			      NL80211_ATTR_PAD))
11927 		goto nla_put_failure;
11928 
11929 	genlmsg_end(msg, hdr);
11930 
11931 	return genlmsg_reply(msg, info);
11932 
11933  nla_put_failure:
11934 	err = -ENOBUFS;
11935  free_msg:
11936 	nlmsg_free(msg);
11937 	return err;
11938 }
11939 
11940 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
11941 {
11942 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11943 	struct cfg80211_beacon_registration *reg, *nreg;
11944 	int rv;
11945 
11946 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
11947 		return -EOPNOTSUPP;
11948 
11949 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
11950 	if (!nreg)
11951 		return -ENOMEM;
11952 
11953 	/* First, check if already registered. */
11954 	spin_lock_bh(&rdev->beacon_registrations_lock);
11955 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11956 		if (reg->nlportid == info->snd_portid) {
11957 			rv = -EALREADY;
11958 			goto out_err;
11959 		}
11960 	}
11961 	/* Add it to the list */
11962 	nreg->nlportid = info->snd_portid;
11963 	list_add(&nreg->list, &rdev->beacon_registrations);
11964 
11965 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11966 
11967 	return 0;
11968 out_err:
11969 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11970 	kfree(nreg);
11971 	return rv;
11972 }
11973 
11974 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
11975 {
11976 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11977 	struct wireless_dev *wdev = info->user_ptr[1];
11978 	int err;
11979 
11980 	if (!rdev->ops->start_p2p_device)
11981 		return -EOPNOTSUPP;
11982 
11983 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11984 		return -EOPNOTSUPP;
11985 
11986 	if (wdev_running(wdev))
11987 		return 0;
11988 
11989 	if (rfkill_blocked(rdev->rfkill))
11990 		return -ERFKILL;
11991 
11992 	err = rdev_start_p2p_device(rdev, wdev);
11993 	if (err)
11994 		return err;
11995 
11996 	wdev->is_running = true;
11997 	rdev->opencount++;
11998 
11999 	return 0;
12000 }
12001 
12002 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
12003 {
12004 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12005 	struct wireless_dev *wdev = info->user_ptr[1];
12006 
12007 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12008 		return -EOPNOTSUPP;
12009 
12010 	if (!rdev->ops->stop_p2p_device)
12011 		return -EOPNOTSUPP;
12012 
12013 	cfg80211_stop_p2p_device(rdev, wdev);
12014 
12015 	return 0;
12016 }
12017 
12018 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
12019 {
12020 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12021 	struct wireless_dev *wdev = info->user_ptr[1];
12022 	struct cfg80211_nan_conf conf = {};
12023 	int err;
12024 
12025 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12026 		return -EOPNOTSUPP;
12027 
12028 	if (wdev_running(wdev))
12029 		return -EEXIST;
12030 
12031 	if (rfkill_blocked(rdev->rfkill))
12032 		return -ERFKILL;
12033 
12034 	if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
12035 		return -EINVAL;
12036 
12037 	conf.master_pref =
12038 		nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12039 
12040 	if (info->attrs[NL80211_ATTR_BANDS]) {
12041 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12042 
12043 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12044 			return -EOPNOTSUPP;
12045 
12046 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12047 			return -EINVAL;
12048 
12049 		conf.bands = bands;
12050 	}
12051 
12052 	err = rdev_start_nan(rdev, wdev, &conf);
12053 	if (err)
12054 		return err;
12055 
12056 	wdev->is_running = true;
12057 	rdev->opencount++;
12058 
12059 	return 0;
12060 }
12061 
12062 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
12063 {
12064 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12065 	struct wireless_dev *wdev = info->user_ptr[1];
12066 
12067 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12068 		return -EOPNOTSUPP;
12069 
12070 	cfg80211_stop_nan(rdev, wdev);
12071 
12072 	return 0;
12073 }
12074 
12075 static int validate_nan_filter(struct nlattr *filter_attr)
12076 {
12077 	struct nlattr *attr;
12078 	int len = 0, n_entries = 0, rem;
12079 
12080 	nla_for_each_nested(attr, filter_attr, rem) {
12081 		len += nla_len(attr);
12082 		n_entries++;
12083 	}
12084 
12085 	if (len >= U8_MAX)
12086 		return -EINVAL;
12087 
12088 	return n_entries;
12089 }
12090 
12091 static int handle_nan_filter(struct nlattr *attr_filter,
12092 			     struct cfg80211_nan_func *func,
12093 			     bool tx)
12094 {
12095 	struct nlattr *attr;
12096 	int n_entries, rem, i;
12097 	struct cfg80211_nan_func_filter *filter;
12098 
12099 	n_entries = validate_nan_filter(attr_filter);
12100 	if (n_entries < 0)
12101 		return n_entries;
12102 
12103 	BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
12104 
12105 	filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
12106 	if (!filter)
12107 		return -ENOMEM;
12108 
12109 	i = 0;
12110 	nla_for_each_nested(attr, attr_filter, rem) {
12111 		filter[i].filter = nla_memdup(attr, GFP_KERNEL);
12112 		filter[i].len = nla_len(attr);
12113 		i++;
12114 	}
12115 	if (tx) {
12116 		func->num_tx_filters = n_entries;
12117 		func->tx_filters = filter;
12118 	} else {
12119 		func->num_rx_filters = n_entries;
12120 		func->rx_filters = filter;
12121 	}
12122 
12123 	return 0;
12124 }
12125 
12126 static int nl80211_nan_add_func(struct sk_buff *skb,
12127 				struct genl_info *info)
12128 {
12129 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12130 	struct wireless_dev *wdev = info->user_ptr[1];
12131 	struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
12132 	struct cfg80211_nan_func *func;
12133 	struct sk_buff *msg = NULL;
12134 	void *hdr = NULL;
12135 	int err = 0;
12136 
12137 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12138 		return -EOPNOTSUPP;
12139 
12140 	if (!wdev_running(wdev))
12141 		return -ENOTCONN;
12142 
12143 	if (!info->attrs[NL80211_ATTR_NAN_FUNC])
12144 		return -EINVAL;
12145 
12146 	err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
12147 					  info->attrs[NL80211_ATTR_NAN_FUNC],
12148 					  nl80211_nan_func_policy,
12149 					  info->extack);
12150 	if (err)
12151 		return err;
12152 
12153 	func = kzalloc(sizeof(*func), GFP_KERNEL);
12154 	if (!func)
12155 		return -ENOMEM;
12156 
12157 	func->cookie = cfg80211_assign_cookie(rdev);
12158 
12159 	if (!tb[NL80211_NAN_FUNC_TYPE] ||
12160 	    nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
12161 		err = -EINVAL;
12162 		goto out;
12163 	}
12164 
12165 
12166 	func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
12167 
12168 	if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
12169 		err = -EINVAL;
12170 		goto out;
12171 	}
12172 
12173 	memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
12174 	       sizeof(func->service_id));
12175 
12176 	func->close_range =
12177 		nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
12178 
12179 	if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
12180 		func->serv_spec_info_len =
12181 			nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
12182 		func->serv_spec_info =
12183 			kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
12184 				func->serv_spec_info_len,
12185 				GFP_KERNEL);
12186 		if (!func->serv_spec_info) {
12187 			err = -ENOMEM;
12188 			goto out;
12189 		}
12190 	}
12191 
12192 	if (tb[NL80211_NAN_FUNC_TTL])
12193 		func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
12194 
12195 	switch (func->type) {
12196 	case NL80211_NAN_FUNC_PUBLISH:
12197 		if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
12198 			err = -EINVAL;
12199 			goto out;
12200 		}
12201 
12202 		func->publish_type =
12203 			nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
12204 		func->publish_bcast =
12205 			nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
12206 
12207 		if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
12208 			func->publish_bcast) {
12209 			err = -EINVAL;
12210 			goto out;
12211 		}
12212 		break;
12213 	case NL80211_NAN_FUNC_SUBSCRIBE:
12214 		func->subscribe_active =
12215 			nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
12216 		break;
12217 	case NL80211_NAN_FUNC_FOLLOW_UP:
12218 		if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
12219 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
12220 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
12221 			err = -EINVAL;
12222 			goto out;
12223 		}
12224 
12225 		func->followup_id =
12226 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
12227 		func->followup_reqid =
12228 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
12229 		memcpy(func->followup_dest.addr,
12230 		       nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
12231 		       sizeof(func->followup_dest.addr));
12232 		if (func->ttl) {
12233 			err = -EINVAL;
12234 			goto out;
12235 		}
12236 		break;
12237 	default:
12238 		err = -EINVAL;
12239 		goto out;
12240 	}
12241 
12242 	if (tb[NL80211_NAN_FUNC_SRF]) {
12243 		struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
12244 
12245 		err = nla_parse_nested_deprecated(srf_tb,
12246 						  NL80211_NAN_SRF_ATTR_MAX,
12247 						  tb[NL80211_NAN_FUNC_SRF],
12248 						  nl80211_nan_srf_policy,
12249 						  info->extack);
12250 		if (err)
12251 			goto out;
12252 
12253 		func->srf_include =
12254 			nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
12255 
12256 		if (srf_tb[NL80211_NAN_SRF_BF]) {
12257 			if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
12258 			    !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
12259 				err = -EINVAL;
12260 				goto out;
12261 			}
12262 
12263 			func->srf_bf_len =
12264 				nla_len(srf_tb[NL80211_NAN_SRF_BF]);
12265 			func->srf_bf =
12266 				kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
12267 					func->srf_bf_len, GFP_KERNEL);
12268 			if (!func->srf_bf) {
12269 				err = -ENOMEM;
12270 				goto out;
12271 			}
12272 
12273 			func->srf_bf_idx =
12274 				nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
12275 		} else {
12276 			struct nlattr *attr, *mac_attr =
12277 				srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
12278 			int n_entries, rem, i = 0;
12279 
12280 			if (!mac_attr) {
12281 				err = -EINVAL;
12282 				goto out;
12283 			}
12284 
12285 			n_entries = validate_acl_mac_addrs(mac_attr);
12286 			if (n_entries <= 0) {
12287 				err = -EINVAL;
12288 				goto out;
12289 			}
12290 
12291 			func->srf_num_macs = n_entries;
12292 			func->srf_macs =
12293 				kcalloc(n_entries, sizeof(*func->srf_macs),
12294 					GFP_KERNEL);
12295 			if (!func->srf_macs) {
12296 				err = -ENOMEM;
12297 				goto out;
12298 			}
12299 
12300 			nla_for_each_nested(attr, mac_attr, rem)
12301 				memcpy(func->srf_macs[i++].addr, nla_data(attr),
12302 				       sizeof(*func->srf_macs));
12303 		}
12304 	}
12305 
12306 	if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
12307 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
12308 					func, true);
12309 		if (err)
12310 			goto out;
12311 	}
12312 
12313 	if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
12314 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
12315 					func, false);
12316 		if (err)
12317 			goto out;
12318 	}
12319 
12320 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12321 	if (!msg) {
12322 		err = -ENOMEM;
12323 		goto out;
12324 	}
12325 
12326 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12327 			     NL80211_CMD_ADD_NAN_FUNCTION);
12328 	/* This can't really happen - we just allocated 4KB */
12329 	if (WARN_ON(!hdr)) {
12330 		err = -ENOMEM;
12331 		goto out;
12332 	}
12333 
12334 	err = rdev_add_nan_func(rdev, wdev, func);
12335 out:
12336 	if (err < 0) {
12337 		cfg80211_free_nan_func(func);
12338 		nlmsg_free(msg);
12339 		return err;
12340 	}
12341 
12342 	/* propagate the instance id and cookie to userspace  */
12343 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
12344 			      NL80211_ATTR_PAD))
12345 		goto nla_put_failure;
12346 
12347 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12348 	if (!func_attr)
12349 		goto nla_put_failure;
12350 
12351 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
12352 		       func->instance_id))
12353 		goto nla_put_failure;
12354 
12355 	nla_nest_end(msg, func_attr);
12356 
12357 	genlmsg_end(msg, hdr);
12358 	return genlmsg_reply(msg, info);
12359 
12360 nla_put_failure:
12361 	nlmsg_free(msg);
12362 	return -ENOBUFS;
12363 }
12364 
12365 static int nl80211_nan_del_func(struct sk_buff *skb,
12366 			       struct genl_info *info)
12367 {
12368 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12369 	struct wireless_dev *wdev = info->user_ptr[1];
12370 	u64 cookie;
12371 
12372 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12373 		return -EOPNOTSUPP;
12374 
12375 	if (!wdev_running(wdev))
12376 		return -ENOTCONN;
12377 
12378 	if (!info->attrs[NL80211_ATTR_COOKIE])
12379 		return -EINVAL;
12380 
12381 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12382 
12383 	rdev_del_nan_func(rdev, wdev, cookie);
12384 
12385 	return 0;
12386 }
12387 
12388 static int nl80211_nan_change_config(struct sk_buff *skb,
12389 				     struct genl_info *info)
12390 {
12391 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12392 	struct wireless_dev *wdev = info->user_ptr[1];
12393 	struct cfg80211_nan_conf conf = {};
12394 	u32 changed = 0;
12395 
12396 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12397 		return -EOPNOTSUPP;
12398 
12399 	if (!wdev_running(wdev))
12400 		return -ENOTCONN;
12401 
12402 	if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
12403 		conf.master_pref =
12404 			nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12405 		if (conf.master_pref <= 1 || conf.master_pref == 255)
12406 			return -EINVAL;
12407 
12408 		changed |= CFG80211_NAN_CONF_CHANGED_PREF;
12409 	}
12410 
12411 	if (info->attrs[NL80211_ATTR_BANDS]) {
12412 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12413 
12414 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12415 			return -EOPNOTSUPP;
12416 
12417 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12418 			return -EINVAL;
12419 
12420 		conf.bands = bands;
12421 		changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
12422 	}
12423 
12424 	if (!changed)
12425 		return -EINVAL;
12426 
12427 	return rdev_nan_change_conf(rdev, wdev, &conf, changed);
12428 }
12429 
12430 void cfg80211_nan_match(struct wireless_dev *wdev,
12431 			struct cfg80211_nan_match_params *match, gfp_t gfp)
12432 {
12433 	struct wiphy *wiphy = wdev->wiphy;
12434 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12435 	struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
12436 	struct sk_buff *msg;
12437 	void *hdr;
12438 
12439 	if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
12440 		return;
12441 
12442 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12443 	if (!msg)
12444 		return;
12445 
12446 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
12447 	if (!hdr) {
12448 		nlmsg_free(msg);
12449 		return;
12450 	}
12451 
12452 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12453 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12454 					 wdev->netdev->ifindex)) ||
12455 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12456 			      NL80211_ATTR_PAD))
12457 		goto nla_put_failure;
12458 
12459 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
12460 			      NL80211_ATTR_PAD) ||
12461 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
12462 		goto nla_put_failure;
12463 
12464 	match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
12465 	if (!match_attr)
12466 		goto nla_put_failure;
12467 
12468 	local_func_attr = nla_nest_start_noflag(msg,
12469 						NL80211_NAN_MATCH_FUNC_LOCAL);
12470 	if (!local_func_attr)
12471 		goto nla_put_failure;
12472 
12473 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
12474 		goto nla_put_failure;
12475 
12476 	nla_nest_end(msg, local_func_attr);
12477 
12478 	peer_func_attr = nla_nest_start_noflag(msg,
12479 					       NL80211_NAN_MATCH_FUNC_PEER);
12480 	if (!peer_func_attr)
12481 		goto nla_put_failure;
12482 
12483 	if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
12484 	    nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
12485 		goto nla_put_failure;
12486 
12487 	if (match->info && match->info_len &&
12488 	    nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
12489 		    match->info))
12490 		goto nla_put_failure;
12491 
12492 	nla_nest_end(msg, peer_func_attr);
12493 	nla_nest_end(msg, match_attr);
12494 	genlmsg_end(msg, hdr);
12495 
12496 	if (!wdev->owner_nlportid)
12497 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12498 					msg, 0, NL80211_MCGRP_NAN, gfp);
12499 	else
12500 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12501 				wdev->owner_nlportid);
12502 
12503 	return;
12504 
12505 nla_put_failure:
12506 	nlmsg_free(msg);
12507 }
12508 EXPORT_SYMBOL(cfg80211_nan_match);
12509 
12510 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
12511 				  u8 inst_id,
12512 				  enum nl80211_nan_func_term_reason reason,
12513 				  u64 cookie, gfp_t gfp)
12514 {
12515 	struct wiphy *wiphy = wdev->wiphy;
12516 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12517 	struct sk_buff *msg;
12518 	struct nlattr *func_attr;
12519 	void *hdr;
12520 
12521 	if (WARN_ON(!inst_id))
12522 		return;
12523 
12524 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12525 	if (!msg)
12526 		return;
12527 
12528 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
12529 	if (!hdr) {
12530 		nlmsg_free(msg);
12531 		return;
12532 	}
12533 
12534 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12535 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12536 					 wdev->netdev->ifindex)) ||
12537 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12538 			      NL80211_ATTR_PAD))
12539 		goto nla_put_failure;
12540 
12541 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12542 			      NL80211_ATTR_PAD))
12543 		goto nla_put_failure;
12544 
12545 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12546 	if (!func_attr)
12547 		goto nla_put_failure;
12548 
12549 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
12550 	    nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
12551 		goto nla_put_failure;
12552 
12553 	nla_nest_end(msg, func_attr);
12554 	genlmsg_end(msg, hdr);
12555 
12556 	if (!wdev->owner_nlportid)
12557 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12558 					msg, 0, NL80211_MCGRP_NAN, gfp);
12559 	else
12560 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12561 				wdev->owner_nlportid);
12562 
12563 	return;
12564 
12565 nla_put_failure:
12566 	nlmsg_free(msg);
12567 }
12568 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
12569 
12570 static int nl80211_get_protocol_features(struct sk_buff *skb,
12571 					 struct genl_info *info)
12572 {
12573 	void *hdr;
12574 	struct sk_buff *msg;
12575 
12576 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12577 	if (!msg)
12578 		return -ENOMEM;
12579 
12580 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12581 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
12582 	if (!hdr)
12583 		goto nla_put_failure;
12584 
12585 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
12586 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
12587 		goto nla_put_failure;
12588 
12589 	genlmsg_end(msg, hdr);
12590 	return genlmsg_reply(msg, info);
12591 
12592  nla_put_failure:
12593 	kfree_skb(msg);
12594 	return -ENOBUFS;
12595 }
12596 
12597 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
12598 {
12599 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12600 	struct cfg80211_update_ft_ies_params ft_params;
12601 	struct net_device *dev = info->user_ptr[1];
12602 
12603 	if (!rdev->ops->update_ft_ies)
12604 		return -EOPNOTSUPP;
12605 
12606 	if (!info->attrs[NL80211_ATTR_MDID] ||
12607 	    !info->attrs[NL80211_ATTR_IE])
12608 		return -EINVAL;
12609 
12610 	memset(&ft_params, 0, sizeof(ft_params));
12611 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
12612 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12613 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12614 
12615 	return rdev_update_ft_ies(rdev, dev, &ft_params);
12616 }
12617 
12618 static int nl80211_crit_protocol_start(struct sk_buff *skb,
12619 				       struct genl_info *info)
12620 {
12621 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12622 	struct wireless_dev *wdev = info->user_ptr[1];
12623 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
12624 	u16 duration;
12625 	int ret;
12626 
12627 	if (!rdev->ops->crit_proto_start)
12628 		return -EOPNOTSUPP;
12629 
12630 	if (WARN_ON(!rdev->ops->crit_proto_stop))
12631 		return -EINVAL;
12632 
12633 	if (rdev->crit_proto_nlportid)
12634 		return -EBUSY;
12635 
12636 	/* determine protocol if provided */
12637 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
12638 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
12639 
12640 	if (proto >= NUM_NL80211_CRIT_PROTO)
12641 		return -EINVAL;
12642 
12643 	/* timeout must be provided */
12644 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
12645 		return -EINVAL;
12646 
12647 	duration =
12648 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
12649 
12650 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
12651 		return -ERANGE;
12652 
12653 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
12654 	if (!ret)
12655 		rdev->crit_proto_nlportid = info->snd_portid;
12656 
12657 	return ret;
12658 }
12659 
12660 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
12661 				      struct genl_info *info)
12662 {
12663 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12664 	struct wireless_dev *wdev = info->user_ptr[1];
12665 
12666 	if (!rdev->ops->crit_proto_stop)
12667 		return -EOPNOTSUPP;
12668 
12669 	if (rdev->crit_proto_nlportid) {
12670 		rdev->crit_proto_nlportid = 0;
12671 		rdev_crit_proto_stop(rdev, wdev);
12672 	}
12673 	return 0;
12674 }
12675 
12676 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
12677 				       struct nlattr *attr,
12678 				       struct netlink_ext_ack *extack)
12679 {
12680 	if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
12681 		if (attr->nla_type & NLA_F_NESTED) {
12682 			NL_SET_ERR_MSG_ATTR(extack, attr,
12683 					    "unexpected nested data");
12684 			return -EINVAL;
12685 		}
12686 
12687 		return 0;
12688 	}
12689 
12690 	if (!(attr->nla_type & NLA_F_NESTED)) {
12691 		NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
12692 		return -EINVAL;
12693 	}
12694 
12695 	return nl80211_validate_nested(attr, vcmd->maxattr, vcmd->policy,
12696 				       extack);
12697 }
12698 
12699 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
12700 {
12701 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12702 	struct wireless_dev *wdev =
12703 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
12704 	int i, err;
12705 	u32 vid, subcmd;
12706 
12707 	if (!rdev->wiphy.vendor_commands)
12708 		return -EOPNOTSUPP;
12709 
12710 	if (IS_ERR(wdev)) {
12711 		err = PTR_ERR(wdev);
12712 		if (err != -EINVAL)
12713 			return err;
12714 		wdev = NULL;
12715 	} else if (wdev->wiphy != &rdev->wiphy) {
12716 		return -EINVAL;
12717 	}
12718 
12719 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
12720 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
12721 		return -EINVAL;
12722 
12723 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
12724 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
12725 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
12726 		const struct wiphy_vendor_command *vcmd;
12727 		void *data = NULL;
12728 		int len = 0;
12729 
12730 		vcmd = &rdev->wiphy.vendor_commands[i];
12731 
12732 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12733 			continue;
12734 
12735 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12736 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12737 			if (!wdev)
12738 				return -EINVAL;
12739 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12740 			    !wdev->netdev)
12741 				return -EINVAL;
12742 
12743 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12744 				if (!wdev_running(wdev))
12745 					return -ENETDOWN;
12746 			}
12747 
12748 			if (!vcmd->doit)
12749 				return -EOPNOTSUPP;
12750 		} else {
12751 			wdev = NULL;
12752 		}
12753 
12754 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
12755 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12756 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12757 
12758 			err = nl80211_vendor_check_policy(vcmd,
12759 					info->attrs[NL80211_ATTR_VENDOR_DATA],
12760 					info->extack);
12761 			if (err)
12762 				return err;
12763 		}
12764 
12765 		rdev->cur_cmd_info = info;
12766 		err = vcmd->doit(&rdev->wiphy, wdev, data, len);
12767 		rdev->cur_cmd_info = NULL;
12768 		return err;
12769 	}
12770 
12771 	return -EOPNOTSUPP;
12772 }
12773 
12774 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
12775 				       struct netlink_callback *cb,
12776 				       struct cfg80211_registered_device **rdev,
12777 				       struct wireless_dev **wdev)
12778 {
12779 	struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
12780 	u32 vid, subcmd;
12781 	unsigned int i;
12782 	int vcmd_idx = -1;
12783 	int err;
12784 	void *data = NULL;
12785 	unsigned int data_len = 0;
12786 
12787 	if (cb->args[0]) {
12788 		/* subtract the 1 again here */
12789 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
12790 		struct wireless_dev *tmp;
12791 
12792 		if (!wiphy)
12793 			return -ENODEV;
12794 		*rdev = wiphy_to_rdev(wiphy);
12795 		*wdev = NULL;
12796 
12797 		if (cb->args[1]) {
12798 			list_for_each_entry(tmp, &wiphy->wdev_list, list) {
12799 				if (tmp->identifier == cb->args[1] - 1) {
12800 					*wdev = tmp;
12801 					break;
12802 				}
12803 			}
12804 		}
12805 
12806 		/* keep rtnl locked in successful case */
12807 		return 0;
12808 	}
12809 
12810 	err = nlmsg_parse_deprecated(cb->nlh,
12811 				     GENL_HDRLEN + nl80211_fam.hdrsize,
12812 				     attrbuf, nl80211_fam.maxattr,
12813 				     nl80211_policy, NULL);
12814 	if (err)
12815 		return err;
12816 
12817 	if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
12818 	    !attrbuf[NL80211_ATTR_VENDOR_SUBCMD])
12819 		return -EINVAL;
12820 
12821 	*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
12822 	if (IS_ERR(*wdev))
12823 		*wdev = NULL;
12824 
12825 	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
12826 	if (IS_ERR(*rdev))
12827 		return PTR_ERR(*rdev);
12828 
12829 	vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
12830 	subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
12831 
12832 	for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
12833 		const struct wiphy_vendor_command *vcmd;
12834 
12835 		vcmd = &(*rdev)->wiphy.vendor_commands[i];
12836 
12837 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12838 			continue;
12839 
12840 		if (!vcmd->dumpit)
12841 			return -EOPNOTSUPP;
12842 
12843 		vcmd_idx = i;
12844 		break;
12845 	}
12846 
12847 	if (vcmd_idx < 0)
12848 		return -EOPNOTSUPP;
12849 
12850 	if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
12851 		data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12852 		data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12853 
12854 		err = nl80211_vendor_check_policy(
12855 				&(*rdev)->wiphy.vendor_commands[vcmd_idx],
12856 				attrbuf[NL80211_ATTR_VENDOR_DATA],
12857 				cb->extack);
12858 		if (err)
12859 			return err;
12860 	}
12861 
12862 	/* 0 is the first index - add 1 to parse only once */
12863 	cb->args[0] = (*rdev)->wiphy_idx + 1;
12864 	/* add 1 to know if it was NULL */
12865 	cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
12866 	cb->args[2] = vcmd_idx;
12867 	cb->args[3] = (unsigned long)data;
12868 	cb->args[4] = data_len;
12869 
12870 	/* keep rtnl locked in successful case */
12871 	return 0;
12872 }
12873 
12874 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
12875 				   struct netlink_callback *cb)
12876 {
12877 	struct cfg80211_registered_device *rdev;
12878 	struct wireless_dev *wdev;
12879 	unsigned int vcmd_idx;
12880 	const struct wiphy_vendor_command *vcmd;
12881 	void *data;
12882 	int data_len;
12883 	int err;
12884 	struct nlattr *vendor_data;
12885 
12886 	rtnl_lock();
12887 	err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
12888 	if (err)
12889 		goto out;
12890 
12891 	vcmd_idx = cb->args[2];
12892 	data = (void *)cb->args[3];
12893 	data_len = cb->args[4];
12894 	vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
12895 
12896 	if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12897 			   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12898 		if (!wdev) {
12899 			err = -EINVAL;
12900 			goto out;
12901 		}
12902 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12903 		    !wdev->netdev) {
12904 			err = -EINVAL;
12905 			goto out;
12906 		}
12907 
12908 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12909 			if (!wdev_running(wdev)) {
12910 				err = -ENETDOWN;
12911 				goto out;
12912 			}
12913 		}
12914 	}
12915 
12916 	while (1) {
12917 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
12918 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
12919 					   NL80211_CMD_VENDOR);
12920 		if (!hdr)
12921 			break;
12922 
12923 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12924 		    (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
12925 					       wdev_id(wdev),
12926 					       NL80211_ATTR_PAD))) {
12927 			genlmsg_cancel(skb, hdr);
12928 			break;
12929 		}
12930 
12931 		vendor_data = nla_nest_start_noflag(skb,
12932 						    NL80211_ATTR_VENDOR_DATA);
12933 		if (!vendor_data) {
12934 			genlmsg_cancel(skb, hdr);
12935 			break;
12936 		}
12937 
12938 		err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
12939 				   (unsigned long *)&cb->args[5]);
12940 		nla_nest_end(skb, vendor_data);
12941 
12942 		if (err == -ENOBUFS || err == -ENOENT) {
12943 			genlmsg_cancel(skb, hdr);
12944 			break;
12945 		} else if (err) {
12946 			genlmsg_cancel(skb, hdr);
12947 			goto out;
12948 		}
12949 
12950 		genlmsg_end(skb, hdr);
12951 	}
12952 
12953 	err = skb->len;
12954  out:
12955 	rtnl_unlock();
12956 	return err;
12957 }
12958 
12959 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
12960 					   enum nl80211_commands cmd,
12961 					   enum nl80211_attrs attr,
12962 					   int approxlen)
12963 {
12964 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12965 
12966 	if (WARN_ON(!rdev->cur_cmd_info))
12967 		return NULL;
12968 
12969 	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
12970 					   rdev->cur_cmd_info->snd_portid,
12971 					   rdev->cur_cmd_info->snd_seq,
12972 					   cmd, attr, NULL, GFP_KERNEL);
12973 }
12974 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
12975 
12976 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
12977 {
12978 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
12979 	void *hdr = ((void **)skb->cb)[1];
12980 	struct nlattr *data = ((void **)skb->cb)[2];
12981 
12982 	/* clear CB data for netlink core to own from now on */
12983 	memset(skb->cb, 0, sizeof(skb->cb));
12984 
12985 	if (WARN_ON(!rdev->cur_cmd_info)) {
12986 		kfree_skb(skb);
12987 		return -EINVAL;
12988 	}
12989 
12990 	nla_nest_end(skb, data);
12991 	genlmsg_end(skb, hdr);
12992 	return genlmsg_reply(skb, rdev->cur_cmd_info);
12993 }
12994 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
12995 
12996 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
12997 {
12998 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12999 
13000 	if (WARN_ON(!rdev->cur_cmd_info))
13001 		return 0;
13002 
13003 	return rdev->cur_cmd_info->snd_portid;
13004 }
13005 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
13006 
13007 static int nl80211_set_qos_map(struct sk_buff *skb,
13008 			       struct genl_info *info)
13009 {
13010 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13011 	struct cfg80211_qos_map *qos_map = NULL;
13012 	struct net_device *dev = info->user_ptr[1];
13013 	u8 *pos, len, num_des, des_len, des;
13014 	int ret;
13015 
13016 	if (!rdev->ops->set_qos_map)
13017 		return -EOPNOTSUPP;
13018 
13019 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
13020 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
13021 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
13022 
13023 		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
13024 		    len > IEEE80211_QOS_MAP_LEN_MAX)
13025 			return -EINVAL;
13026 
13027 		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
13028 		if (!qos_map)
13029 			return -ENOMEM;
13030 
13031 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
13032 		if (num_des) {
13033 			des_len = num_des *
13034 				sizeof(struct cfg80211_dscp_exception);
13035 			memcpy(qos_map->dscp_exception, pos, des_len);
13036 			qos_map->num_des = num_des;
13037 			for (des = 0; des < num_des; des++) {
13038 				if (qos_map->dscp_exception[des].up > 7) {
13039 					kfree(qos_map);
13040 					return -EINVAL;
13041 				}
13042 			}
13043 			pos += des_len;
13044 		}
13045 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
13046 	}
13047 
13048 	wdev_lock(dev->ieee80211_ptr);
13049 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
13050 	if (!ret)
13051 		ret = rdev_set_qos_map(rdev, dev, qos_map);
13052 	wdev_unlock(dev->ieee80211_ptr);
13053 
13054 	kfree(qos_map);
13055 	return ret;
13056 }
13057 
13058 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
13059 {
13060 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13061 	struct net_device *dev = info->user_ptr[1];
13062 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13063 	const u8 *peer;
13064 	u8 tsid, up;
13065 	u16 admitted_time = 0;
13066 	int err;
13067 
13068 	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
13069 		return -EOPNOTSUPP;
13070 
13071 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
13072 	    !info->attrs[NL80211_ATTR_USER_PRIO])
13073 		return -EINVAL;
13074 
13075 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13076 	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
13077 
13078 	/* WMM uses TIDs 0-7 even for TSPEC */
13079 	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
13080 		/* TODO: handle 802.11 TSPEC/admission control
13081 		 * need more attributes for that (e.g. BA session requirement);
13082 		 * change the WMM adminssion test above to allow both then
13083 		 */
13084 		return -EINVAL;
13085 	}
13086 
13087 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13088 
13089 	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
13090 		admitted_time =
13091 			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
13092 		if (!admitted_time)
13093 			return -EINVAL;
13094 	}
13095 
13096 	wdev_lock(wdev);
13097 	switch (wdev->iftype) {
13098 	case NL80211_IFTYPE_STATION:
13099 	case NL80211_IFTYPE_P2P_CLIENT:
13100 		if (wdev->current_bss)
13101 			break;
13102 		err = -ENOTCONN;
13103 		goto out;
13104 	default:
13105 		err = -EOPNOTSUPP;
13106 		goto out;
13107 	}
13108 
13109 	err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
13110 
13111  out:
13112 	wdev_unlock(wdev);
13113 	return err;
13114 }
13115 
13116 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
13117 {
13118 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13119 	struct net_device *dev = info->user_ptr[1];
13120 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13121 	const u8 *peer;
13122 	u8 tsid;
13123 	int err;
13124 
13125 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
13126 		return -EINVAL;
13127 
13128 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13129 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13130 
13131 	wdev_lock(wdev);
13132 	err = rdev_del_tx_ts(rdev, dev, tsid, peer);
13133 	wdev_unlock(wdev);
13134 
13135 	return err;
13136 }
13137 
13138 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
13139 				       struct genl_info *info)
13140 {
13141 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13142 	struct net_device *dev = info->user_ptr[1];
13143 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13144 	struct cfg80211_chan_def chandef = {};
13145 	const u8 *addr;
13146 	u8 oper_class;
13147 	int err;
13148 
13149 	if (!rdev->ops->tdls_channel_switch ||
13150 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13151 		return -EOPNOTSUPP;
13152 
13153 	switch (dev->ieee80211_ptr->iftype) {
13154 	case NL80211_IFTYPE_STATION:
13155 	case NL80211_IFTYPE_P2P_CLIENT:
13156 		break;
13157 	default:
13158 		return -EOPNOTSUPP;
13159 	}
13160 
13161 	if (!info->attrs[NL80211_ATTR_MAC] ||
13162 	    !info->attrs[NL80211_ATTR_OPER_CLASS])
13163 		return -EINVAL;
13164 
13165 	err = nl80211_parse_chandef(rdev, info, &chandef);
13166 	if (err)
13167 		return err;
13168 
13169 	/*
13170 	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
13171 	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
13172 	 * specification is not defined for them.
13173 	 */
13174 	if (chandef.chan->band == NL80211_BAND_2GHZ &&
13175 	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
13176 	    chandef.width != NL80211_CHAN_WIDTH_20)
13177 		return -EINVAL;
13178 
13179 	/* we will be active on the TDLS link */
13180 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
13181 					   wdev->iftype))
13182 		return -EINVAL;
13183 
13184 	/* don't allow switching to DFS channels */
13185 	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
13186 		return -EINVAL;
13187 
13188 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13189 	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
13190 
13191 	wdev_lock(wdev);
13192 	err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
13193 	wdev_unlock(wdev);
13194 
13195 	return err;
13196 }
13197 
13198 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
13199 					      struct genl_info *info)
13200 {
13201 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13202 	struct net_device *dev = info->user_ptr[1];
13203 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13204 	const u8 *addr;
13205 
13206 	if (!rdev->ops->tdls_channel_switch ||
13207 	    !rdev->ops->tdls_cancel_channel_switch ||
13208 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13209 		return -EOPNOTSUPP;
13210 
13211 	switch (dev->ieee80211_ptr->iftype) {
13212 	case NL80211_IFTYPE_STATION:
13213 	case NL80211_IFTYPE_P2P_CLIENT:
13214 		break;
13215 	default:
13216 		return -EOPNOTSUPP;
13217 	}
13218 
13219 	if (!info->attrs[NL80211_ATTR_MAC])
13220 		return -EINVAL;
13221 
13222 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13223 
13224 	wdev_lock(wdev);
13225 	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
13226 	wdev_unlock(wdev);
13227 
13228 	return 0;
13229 }
13230 
13231 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
13232 					    struct genl_info *info)
13233 {
13234 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13235 	struct net_device *dev = info->user_ptr[1];
13236 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13237 	const struct nlattr *nla;
13238 	bool enabled;
13239 
13240 	if (!rdev->ops->set_multicast_to_unicast)
13241 		return -EOPNOTSUPP;
13242 
13243 	if (wdev->iftype != NL80211_IFTYPE_AP &&
13244 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
13245 		return -EOPNOTSUPP;
13246 
13247 	nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
13248 	enabled = nla_get_flag(nla);
13249 
13250 	return rdev_set_multicast_to_unicast(rdev, dev, enabled);
13251 }
13252 
13253 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
13254 {
13255 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13256 	struct net_device *dev = info->user_ptr[1];
13257 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13258 	struct cfg80211_pmk_conf pmk_conf = {};
13259 	int ret;
13260 
13261 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
13262 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13263 		return -EOPNOTSUPP;
13264 
13265 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13266 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13267 		return -EOPNOTSUPP;
13268 
13269 	if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
13270 		return -EINVAL;
13271 
13272 	wdev_lock(wdev);
13273 	if (!wdev->current_bss) {
13274 		ret = -ENOTCONN;
13275 		goto out;
13276 	}
13277 
13278 	pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13279 	if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
13280 		ret = -EINVAL;
13281 		goto out;
13282 	}
13283 
13284 	pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
13285 	pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
13286 	if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
13287 	    pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
13288 		ret = -EINVAL;
13289 		goto out;
13290 	}
13291 
13292 	if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
13293 		int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13294 
13295 		if (r0_name_len != WLAN_PMK_NAME_LEN) {
13296 			ret = -EINVAL;
13297 			goto out;
13298 		}
13299 
13300 		pmk_conf.pmk_r0_name =
13301 			nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13302 	}
13303 
13304 	ret = rdev_set_pmk(rdev, dev, &pmk_conf);
13305 out:
13306 	wdev_unlock(wdev);
13307 	return ret;
13308 }
13309 
13310 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
13311 {
13312 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13313 	struct net_device *dev = info->user_ptr[1];
13314 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13315 	const u8 *aa;
13316 	int ret;
13317 
13318 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
13319 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13320 		return -EOPNOTSUPP;
13321 
13322 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13323 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13324 		return -EOPNOTSUPP;
13325 
13326 	if (!info->attrs[NL80211_ATTR_MAC])
13327 		return -EINVAL;
13328 
13329 	wdev_lock(wdev);
13330 	aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13331 	ret = rdev_del_pmk(rdev, dev, aa);
13332 	wdev_unlock(wdev);
13333 
13334 	return ret;
13335 }
13336 
13337 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
13338 {
13339 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13340 	struct net_device *dev = info->user_ptr[1];
13341 	struct cfg80211_external_auth_params params;
13342 
13343 	if (!rdev->ops->external_auth)
13344 		return -EOPNOTSUPP;
13345 
13346 	if (!info->attrs[NL80211_ATTR_SSID] &&
13347 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
13348 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
13349 		return -EINVAL;
13350 
13351 	if (!info->attrs[NL80211_ATTR_BSSID])
13352 		return -EINVAL;
13353 
13354 	if (!info->attrs[NL80211_ATTR_STATUS_CODE])
13355 		return -EINVAL;
13356 
13357 	memset(&params, 0, sizeof(params));
13358 
13359 	if (info->attrs[NL80211_ATTR_SSID]) {
13360 		params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13361 		if (params.ssid.ssid_len == 0 ||
13362 		    params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
13363 			return -EINVAL;
13364 		memcpy(params.ssid.ssid,
13365 		       nla_data(info->attrs[NL80211_ATTR_SSID]),
13366 		       params.ssid.ssid_len);
13367 	}
13368 
13369 	memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
13370 	       ETH_ALEN);
13371 
13372 	params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13373 
13374 	if (info->attrs[NL80211_ATTR_PMKID])
13375 		params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13376 
13377 	return rdev_external_auth(rdev, dev, &params);
13378 }
13379 
13380 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
13381 {
13382 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13383 	struct net_device *dev = info->user_ptr[1];
13384 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13385 	const u8 *buf;
13386 	size_t len;
13387 	u8 *dest;
13388 	u16 proto;
13389 	bool noencrypt;
13390 	int err;
13391 
13392 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13393 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
13394 		return -EOPNOTSUPP;
13395 
13396 	if (!rdev->ops->tx_control_port)
13397 		return -EOPNOTSUPP;
13398 
13399 	if (!info->attrs[NL80211_ATTR_FRAME] ||
13400 	    !info->attrs[NL80211_ATTR_MAC] ||
13401 	    !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
13402 		GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
13403 		return -EINVAL;
13404 	}
13405 
13406 	wdev_lock(wdev);
13407 
13408 	switch (wdev->iftype) {
13409 	case NL80211_IFTYPE_AP:
13410 	case NL80211_IFTYPE_P2P_GO:
13411 	case NL80211_IFTYPE_MESH_POINT:
13412 		break;
13413 	case NL80211_IFTYPE_ADHOC:
13414 	case NL80211_IFTYPE_STATION:
13415 	case NL80211_IFTYPE_P2P_CLIENT:
13416 		if (wdev->current_bss)
13417 			break;
13418 		err = -ENOTCONN;
13419 		goto out;
13420 	default:
13421 		err = -EOPNOTSUPP;
13422 		goto out;
13423 	}
13424 
13425 	wdev_unlock(wdev);
13426 
13427 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13428 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13429 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13430 	proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
13431 	noencrypt =
13432 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
13433 
13434 	return rdev_tx_control_port(rdev, dev, buf, len,
13435 				    dest, cpu_to_be16(proto), noencrypt);
13436 
13437  out:
13438 	wdev_unlock(wdev);
13439 	return err;
13440 }
13441 
13442 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
13443 					   struct genl_info *info)
13444 {
13445 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13446 	struct net_device *dev = info->user_ptr[1];
13447 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13448 	struct cfg80211_ftm_responder_stats ftm_stats = {};
13449 	struct sk_buff *msg;
13450 	void *hdr;
13451 	struct nlattr *ftm_stats_attr;
13452 	int err;
13453 
13454 	if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
13455 		return -EOPNOTSUPP;
13456 
13457 	err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
13458 	if (err)
13459 		return err;
13460 
13461 	if (!ftm_stats.filled)
13462 		return -ENODATA;
13463 
13464 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13465 	if (!msg)
13466 		return -ENOMEM;
13467 
13468 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13469 			     NL80211_CMD_GET_FTM_RESPONDER_STATS);
13470 	if (!hdr)
13471 		return -ENOBUFS;
13472 
13473 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
13474 		goto nla_put_failure;
13475 
13476 	ftm_stats_attr = nla_nest_start_noflag(msg,
13477 					       NL80211_ATTR_FTM_RESPONDER_STATS);
13478 	if (!ftm_stats_attr)
13479 		goto nla_put_failure;
13480 
13481 #define SET_FTM(field, name, type)					 \
13482 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13483 	    nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name,		 \
13484 			     ftm_stats.field))				 \
13485 		goto nla_put_failure; } while (0)
13486 #define SET_FTM_U64(field, name)					 \
13487 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13488 	    nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name,		 \
13489 			      ftm_stats.field, NL80211_FTM_STATS_PAD))	 \
13490 		goto nla_put_failure; } while (0)
13491 
13492 	SET_FTM(success_num, SUCCESS_NUM, u32);
13493 	SET_FTM(partial_num, PARTIAL_NUM, u32);
13494 	SET_FTM(failed_num, FAILED_NUM, u32);
13495 	SET_FTM(asap_num, ASAP_NUM, u32);
13496 	SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
13497 	SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
13498 	SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
13499 	SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
13500 	SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
13501 #undef SET_FTM
13502 
13503 	nla_nest_end(msg, ftm_stats_attr);
13504 
13505 	genlmsg_end(msg, hdr);
13506 	return genlmsg_reply(msg, info);
13507 
13508 nla_put_failure:
13509 	nlmsg_free(msg);
13510 	return -ENOBUFS;
13511 }
13512 
13513 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
13514 {
13515 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13516 	struct cfg80211_update_owe_info owe_info;
13517 	struct net_device *dev = info->user_ptr[1];
13518 
13519 	if (!rdev->ops->update_owe_info)
13520 		return -EOPNOTSUPP;
13521 
13522 	if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
13523 	    !info->attrs[NL80211_ATTR_MAC])
13524 		return -EINVAL;
13525 
13526 	memset(&owe_info, 0, sizeof(owe_info));
13527 	owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13528 	nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
13529 
13530 	if (info->attrs[NL80211_ATTR_IE]) {
13531 		owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13532 		owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13533 	}
13534 
13535 	return rdev_update_owe_info(rdev, dev, &owe_info);
13536 }
13537 
13538 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
13539 {
13540 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13541 	struct net_device *dev = info->user_ptr[1];
13542 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13543 	struct station_info sinfo = {};
13544 	const u8 *buf;
13545 	size_t len;
13546 	u8 *dest;
13547 	int err;
13548 
13549 	if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
13550 		return -EOPNOTSUPP;
13551 
13552 	if (!info->attrs[NL80211_ATTR_MAC] ||
13553 	    !info->attrs[NL80211_ATTR_FRAME]) {
13554 		GENL_SET_ERR_MSG(info, "Frame or MAC missing");
13555 		return -EINVAL;
13556 	}
13557 
13558 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
13559 		return -EOPNOTSUPP;
13560 
13561 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13562 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13563 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13564 
13565 	if (len < sizeof(struct ethhdr))
13566 		return -EINVAL;
13567 
13568 	if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
13569 	    !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
13570 		return -EINVAL;
13571 
13572 	err = rdev_get_station(rdev, dev, dest, &sinfo);
13573 	if (err)
13574 		return err;
13575 
13576 	return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
13577 }
13578 
13579 #define NL80211_FLAG_NEED_WIPHY		0x01
13580 #define NL80211_FLAG_NEED_NETDEV	0x02
13581 #define NL80211_FLAG_NEED_RTNL		0x04
13582 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
13583 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
13584 					 NL80211_FLAG_CHECK_NETDEV_UP)
13585 #define NL80211_FLAG_NEED_WDEV		0x10
13586 /* If a netdev is associated, it must be UP, P2P must be started */
13587 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
13588 					 NL80211_FLAG_CHECK_NETDEV_UP)
13589 #define NL80211_FLAG_CLEAR_SKB		0x20
13590 
13591 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
13592 			    struct genl_info *info)
13593 {
13594 	struct cfg80211_registered_device *rdev;
13595 	struct wireless_dev *wdev;
13596 	struct net_device *dev;
13597 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
13598 
13599 	if (rtnl)
13600 		rtnl_lock();
13601 
13602 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
13603 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
13604 		if (IS_ERR(rdev)) {
13605 			if (rtnl)
13606 				rtnl_unlock();
13607 			return PTR_ERR(rdev);
13608 		}
13609 		info->user_ptr[0] = rdev;
13610 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
13611 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13612 		ASSERT_RTNL();
13613 
13614 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
13615 						  info->attrs);
13616 		if (IS_ERR(wdev)) {
13617 			if (rtnl)
13618 				rtnl_unlock();
13619 			return PTR_ERR(wdev);
13620 		}
13621 
13622 		dev = wdev->netdev;
13623 		rdev = wiphy_to_rdev(wdev->wiphy);
13624 
13625 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
13626 			if (!dev) {
13627 				if (rtnl)
13628 					rtnl_unlock();
13629 				return -EINVAL;
13630 			}
13631 
13632 			info->user_ptr[1] = dev;
13633 		} else {
13634 			info->user_ptr[1] = wdev;
13635 		}
13636 
13637 		if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
13638 		    !wdev_running(wdev)) {
13639 			if (rtnl)
13640 				rtnl_unlock();
13641 			return -ENETDOWN;
13642 		}
13643 
13644 		if (dev)
13645 			dev_hold(dev);
13646 
13647 		info->user_ptr[0] = rdev;
13648 	}
13649 
13650 	return 0;
13651 }
13652 
13653 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
13654 			      struct genl_info *info)
13655 {
13656 	if (info->user_ptr[1]) {
13657 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13658 			struct wireless_dev *wdev = info->user_ptr[1];
13659 
13660 			if (wdev->netdev)
13661 				dev_put(wdev->netdev);
13662 		} else {
13663 			dev_put(info->user_ptr[1]);
13664 		}
13665 	}
13666 
13667 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
13668 		rtnl_unlock();
13669 
13670 	/* If needed, clear the netlink message payload from the SKB
13671 	 * as it might contain key data that shouldn't stick around on
13672 	 * the heap after the SKB is freed. The netlink message header
13673 	 * is still needed for further processing, so leave it intact.
13674 	 */
13675 	if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
13676 		struct nlmsghdr *nlh = nlmsg_hdr(skb);
13677 
13678 		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
13679 	}
13680 }
13681 
13682 static const struct genl_ops nl80211_ops[] = {
13683 	{
13684 		.cmd = NL80211_CMD_GET_WIPHY,
13685 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13686 		.doit = nl80211_get_wiphy,
13687 		.dumpit = nl80211_dump_wiphy,
13688 		.done = nl80211_dump_wiphy_done,
13689 		/* can be retrieved by unprivileged users */
13690 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13691 				  NL80211_FLAG_NEED_RTNL,
13692 	},
13693 	{
13694 		.cmd = NL80211_CMD_SET_WIPHY,
13695 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13696 		.doit = nl80211_set_wiphy,
13697 		.flags = GENL_UNS_ADMIN_PERM,
13698 		.internal_flags = NL80211_FLAG_NEED_RTNL,
13699 	},
13700 	{
13701 		.cmd = NL80211_CMD_GET_INTERFACE,
13702 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13703 		.doit = nl80211_get_interface,
13704 		.dumpit = nl80211_dump_interface,
13705 		/* can be retrieved by unprivileged users */
13706 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13707 				  NL80211_FLAG_NEED_RTNL,
13708 	},
13709 	{
13710 		.cmd = NL80211_CMD_SET_INTERFACE,
13711 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13712 		.doit = nl80211_set_interface,
13713 		.flags = GENL_UNS_ADMIN_PERM,
13714 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13715 				  NL80211_FLAG_NEED_RTNL,
13716 	},
13717 	{
13718 		.cmd = NL80211_CMD_NEW_INTERFACE,
13719 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13720 		.doit = nl80211_new_interface,
13721 		.flags = GENL_UNS_ADMIN_PERM,
13722 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13723 				  NL80211_FLAG_NEED_RTNL,
13724 	},
13725 	{
13726 		.cmd = NL80211_CMD_DEL_INTERFACE,
13727 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13728 		.doit = nl80211_del_interface,
13729 		.flags = GENL_UNS_ADMIN_PERM,
13730 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13731 				  NL80211_FLAG_NEED_RTNL,
13732 	},
13733 	{
13734 		.cmd = NL80211_CMD_GET_KEY,
13735 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13736 		.doit = nl80211_get_key,
13737 		.flags = GENL_UNS_ADMIN_PERM,
13738 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13739 				  NL80211_FLAG_NEED_RTNL,
13740 	},
13741 	{
13742 		.cmd = NL80211_CMD_SET_KEY,
13743 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13744 		.doit = nl80211_set_key,
13745 		.flags = GENL_UNS_ADMIN_PERM,
13746 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13747 				  NL80211_FLAG_NEED_RTNL |
13748 				  NL80211_FLAG_CLEAR_SKB,
13749 	},
13750 	{
13751 		.cmd = NL80211_CMD_NEW_KEY,
13752 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13753 		.doit = nl80211_new_key,
13754 		.flags = GENL_UNS_ADMIN_PERM,
13755 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13756 				  NL80211_FLAG_NEED_RTNL |
13757 				  NL80211_FLAG_CLEAR_SKB,
13758 	},
13759 	{
13760 		.cmd = NL80211_CMD_DEL_KEY,
13761 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13762 		.doit = nl80211_del_key,
13763 		.flags = GENL_UNS_ADMIN_PERM,
13764 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13765 				  NL80211_FLAG_NEED_RTNL,
13766 	},
13767 	{
13768 		.cmd = NL80211_CMD_SET_BEACON,
13769 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13770 		.flags = GENL_UNS_ADMIN_PERM,
13771 		.doit = nl80211_set_beacon,
13772 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13773 				  NL80211_FLAG_NEED_RTNL,
13774 	},
13775 	{
13776 		.cmd = NL80211_CMD_START_AP,
13777 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13778 		.flags = GENL_UNS_ADMIN_PERM,
13779 		.doit = nl80211_start_ap,
13780 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13781 				  NL80211_FLAG_NEED_RTNL,
13782 	},
13783 	{
13784 		.cmd = NL80211_CMD_STOP_AP,
13785 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13786 		.flags = GENL_UNS_ADMIN_PERM,
13787 		.doit = nl80211_stop_ap,
13788 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13789 				  NL80211_FLAG_NEED_RTNL,
13790 	},
13791 	{
13792 		.cmd = NL80211_CMD_GET_STATION,
13793 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13794 		.doit = nl80211_get_station,
13795 		.dumpit = nl80211_dump_station,
13796 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13797 				  NL80211_FLAG_NEED_RTNL,
13798 	},
13799 	{
13800 		.cmd = NL80211_CMD_SET_STATION,
13801 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13802 		.doit = nl80211_set_station,
13803 		.flags = GENL_UNS_ADMIN_PERM,
13804 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13805 				  NL80211_FLAG_NEED_RTNL,
13806 	},
13807 	{
13808 		.cmd = NL80211_CMD_NEW_STATION,
13809 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13810 		.doit = nl80211_new_station,
13811 		.flags = GENL_UNS_ADMIN_PERM,
13812 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13813 				  NL80211_FLAG_NEED_RTNL,
13814 	},
13815 	{
13816 		.cmd = NL80211_CMD_DEL_STATION,
13817 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13818 		.doit = nl80211_del_station,
13819 		.flags = GENL_UNS_ADMIN_PERM,
13820 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13821 				  NL80211_FLAG_NEED_RTNL,
13822 	},
13823 	{
13824 		.cmd = NL80211_CMD_GET_MPATH,
13825 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13826 		.doit = nl80211_get_mpath,
13827 		.dumpit = nl80211_dump_mpath,
13828 		.flags = GENL_UNS_ADMIN_PERM,
13829 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13830 				  NL80211_FLAG_NEED_RTNL,
13831 	},
13832 	{
13833 		.cmd = NL80211_CMD_GET_MPP,
13834 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13835 		.doit = nl80211_get_mpp,
13836 		.dumpit = nl80211_dump_mpp,
13837 		.flags = GENL_UNS_ADMIN_PERM,
13838 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13839 				  NL80211_FLAG_NEED_RTNL,
13840 	},
13841 	{
13842 		.cmd = NL80211_CMD_SET_MPATH,
13843 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13844 		.doit = nl80211_set_mpath,
13845 		.flags = GENL_UNS_ADMIN_PERM,
13846 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13847 				  NL80211_FLAG_NEED_RTNL,
13848 	},
13849 	{
13850 		.cmd = NL80211_CMD_NEW_MPATH,
13851 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13852 		.doit = nl80211_new_mpath,
13853 		.flags = GENL_UNS_ADMIN_PERM,
13854 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13855 				  NL80211_FLAG_NEED_RTNL,
13856 	},
13857 	{
13858 		.cmd = NL80211_CMD_DEL_MPATH,
13859 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13860 		.doit = nl80211_del_mpath,
13861 		.flags = GENL_UNS_ADMIN_PERM,
13862 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13863 				  NL80211_FLAG_NEED_RTNL,
13864 	},
13865 	{
13866 		.cmd = NL80211_CMD_SET_BSS,
13867 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13868 		.doit = nl80211_set_bss,
13869 		.flags = GENL_UNS_ADMIN_PERM,
13870 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13871 				  NL80211_FLAG_NEED_RTNL,
13872 	},
13873 	{
13874 		.cmd = NL80211_CMD_GET_REG,
13875 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13876 		.doit = nl80211_get_reg_do,
13877 		.dumpit = nl80211_get_reg_dump,
13878 		.internal_flags = NL80211_FLAG_NEED_RTNL,
13879 		/* can be retrieved by unprivileged users */
13880 	},
13881 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
13882 	{
13883 		.cmd = NL80211_CMD_SET_REG,
13884 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13885 		.doit = nl80211_set_reg,
13886 		.flags = GENL_ADMIN_PERM,
13887 		.internal_flags = NL80211_FLAG_NEED_RTNL,
13888 	},
13889 #endif
13890 	{
13891 		.cmd = NL80211_CMD_REQ_SET_REG,
13892 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13893 		.doit = nl80211_req_set_reg,
13894 		.flags = GENL_ADMIN_PERM,
13895 	},
13896 	{
13897 		.cmd = NL80211_CMD_RELOAD_REGDB,
13898 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13899 		.doit = nl80211_reload_regdb,
13900 		.flags = GENL_ADMIN_PERM,
13901 	},
13902 	{
13903 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
13904 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13905 		.doit = nl80211_get_mesh_config,
13906 		/* can be retrieved by unprivileged users */
13907 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13908 				  NL80211_FLAG_NEED_RTNL,
13909 	},
13910 	{
13911 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
13912 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13913 		.doit = nl80211_update_mesh_config,
13914 		.flags = GENL_UNS_ADMIN_PERM,
13915 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13916 				  NL80211_FLAG_NEED_RTNL,
13917 	},
13918 	{
13919 		.cmd = NL80211_CMD_TRIGGER_SCAN,
13920 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13921 		.doit = nl80211_trigger_scan,
13922 		.flags = GENL_UNS_ADMIN_PERM,
13923 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13924 				  NL80211_FLAG_NEED_RTNL,
13925 	},
13926 	{
13927 		.cmd = NL80211_CMD_ABORT_SCAN,
13928 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13929 		.doit = nl80211_abort_scan,
13930 		.flags = GENL_UNS_ADMIN_PERM,
13931 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13932 				  NL80211_FLAG_NEED_RTNL,
13933 	},
13934 	{
13935 		.cmd = NL80211_CMD_GET_SCAN,
13936 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13937 		.dumpit = nl80211_dump_scan,
13938 	},
13939 	{
13940 		.cmd = NL80211_CMD_START_SCHED_SCAN,
13941 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13942 		.doit = nl80211_start_sched_scan,
13943 		.flags = GENL_UNS_ADMIN_PERM,
13944 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13945 				  NL80211_FLAG_NEED_RTNL,
13946 	},
13947 	{
13948 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
13949 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13950 		.doit = nl80211_stop_sched_scan,
13951 		.flags = GENL_UNS_ADMIN_PERM,
13952 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13953 				  NL80211_FLAG_NEED_RTNL,
13954 	},
13955 	{
13956 		.cmd = NL80211_CMD_AUTHENTICATE,
13957 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13958 		.doit = nl80211_authenticate,
13959 		.flags = GENL_UNS_ADMIN_PERM,
13960 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13961 				  NL80211_FLAG_NEED_RTNL |
13962 				  NL80211_FLAG_CLEAR_SKB,
13963 	},
13964 	{
13965 		.cmd = NL80211_CMD_ASSOCIATE,
13966 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13967 		.doit = nl80211_associate,
13968 		.flags = GENL_UNS_ADMIN_PERM,
13969 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13970 				  NL80211_FLAG_NEED_RTNL |
13971 				  NL80211_FLAG_CLEAR_SKB,
13972 	},
13973 	{
13974 		.cmd = NL80211_CMD_DEAUTHENTICATE,
13975 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13976 		.doit = nl80211_deauthenticate,
13977 		.flags = GENL_UNS_ADMIN_PERM,
13978 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13979 				  NL80211_FLAG_NEED_RTNL,
13980 	},
13981 	{
13982 		.cmd = NL80211_CMD_DISASSOCIATE,
13983 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13984 		.doit = nl80211_disassociate,
13985 		.flags = GENL_UNS_ADMIN_PERM,
13986 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13987 				  NL80211_FLAG_NEED_RTNL,
13988 	},
13989 	{
13990 		.cmd = NL80211_CMD_JOIN_IBSS,
13991 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13992 		.doit = nl80211_join_ibss,
13993 		.flags = GENL_UNS_ADMIN_PERM,
13994 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13995 				  NL80211_FLAG_NEED_RTNL,
13996 	},
13997 	{
13998 		.cmd = NL80211_CMD_LEAVE_IBSS,
13999 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14000 		.doit = nl80211_leave_ibss,
14001 		.flags = GENL_UNS_ADMIN_PERM,
14002 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14003 				  NL80211_FLAG_NEED_RTNL,
14004 	},
14005 #ifdef CONFIG_NL80211_TESTMODE
14006 	{
14007 		.cmd = NL80211_CMD_TESTMODE,
14008 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14009 		.doit = nl80211_testmode_do,
14010 		.dumpit = nl80211_testmode_dump,
14011 		.flags = GENL_UNS_ADMIN_PERM,
14012 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14013 				  NL80211_FLAG_NEED_RTNL,
14014 	},
14015 #endif
14016 	{
14017 		.cmd = NL80211_CMD_CONNECT,
14018 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14019 		.doit = nl80211_connect,
14020 		.flags = GENL_UNS_ADMIN_PERM,
14021 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14022 				  NL80211_FLAG_NEED_RTNL |
14023 				  NL80211_FLAG_CLEAR_SKB,
14024 	},
14025 	{
14026 		.cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
14027 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14028 		.doit = nl80211_update_connect_params,
14029 		.flags = GENL_ADMIN_PERM,
14030 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14031 				  NL80211_FLAG_NEED_RTNL |
14032 				  NL80211_FLAG_CLEAR_SKB,
14033 	},
14034 	{
14035 		.cmd = NL80211_CMD_DISCONNECT,
14036 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14037 		.doit = nl80211_disconnect,
14038 		.flags = GENL_UNS_ADMIN_PERM,
14039 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14040 				  NL80211_FLAG_NEED_RTNL,
14041 	},
14042 	{
14043 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
14044 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14045 		.doit = nl80211_wiphy_netns,
14046 		.flags = GENL_UNS_ADMIN_PERM,
14047 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14048 				  NL80211_FLAG_NEED_RTNL,
14049 	},
14050 	{
14051 		.cmd = NL80211_CMD_GET_SURVEY,
14052 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14053 		.dumpit = nl80211_dump_survey,
14054 	},
14055 	{
14056 		.cmd = NL80211_CMD_SET_PMKSA,
14057 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14058 		.doit = nl80211_setdel_pmksa,
14059 		.flags = GENL_UNS_ADMIN_PERM,
14060 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14061 				  NL80211_FLAG_NEED_RTNL |
14062 				  NL80211_FLAG_CLEAR_SKB,
14063 	},
14064 	{
14065 		.cmd = NL80211_CMD_DEL_PMKSA,
14066 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14067 		.doit = nl80211_setdel_pmksa,
14068 		.flags = GENL_UNS_ADMIN_PERM,
14069 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14070 				  NL80211_FLAG_NEED_RTNL,
14071 	},
14072 	{
14073 		.cmd = NL80211_CMD_FLUSH_PMKSA,
14074 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14075 		.doit = nl80211_flush_pmksa,
14076 		.flags = GENL_UNS_ADMIN_PERM,
14077 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14078 				  NL80211_FLAG_NEED_RTNL,
14079 	},
14080 	{
14081 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
14082 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14083 		.doit = nl80211_remain_on_channel,
14084 		.flags = GENL_UNS_ADMIN_PERM,
14085 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14086 				  NL80211_FLAG_NEED_RTNL,
14087 	},
14088 	{
14089 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14090 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14091 		.doit = nl80211_cancel_remain_on_channel,
14092 		.flags = GENL_UNS_ADMIN_PERM,
14093 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14094 				  NL80211_FLAG_NEED_RTNL,
14095 	},
14096 	{
14097 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
14098 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14099 		.doit = nl80211_set_tx_bitrate_mask,
14100 		.flags = GENL_UNS_ADMIN_PERM,
14101 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14102 				  NL80211_FLAG_NEED_RTNL,
14103 	},
14104 	{
14105 		.cmd = NL80211_CMD_REGISTER_FRAME,
14106 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14107 		.doit = nl80211_register_mgmt,
14108 		.flags = GENL_UNS_ADMIN_PERM,
14109 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14110 				  NL80211_FLAG_NEED_RTNL,
14111 	},
14112 	{
14113 		.cmd = NL80211_CMD_FRAME,
14114 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14115 		.doit = nl80211_tx_mgmt,
14116 		.flags = GENL_UNS_ADMIN_PERM,
14117 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14118 				  NL80211_FLAG_NEED_RTNL,
14119 	},
14120 	{
14121 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
14122 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14123 		.doit = nl80211_tx_mgmt_cancel_wait,
14124 		.flags = GENL_UNS_ADMIN_PERM,
14125 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14126 				  NL80211_FLAG_NEED_RTNL,
14127 	},
14128 	{
14129 		.cmd = NL80211_CMD_SET_POWER_SAVE,
14130 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14131 		.doit = nl80211_set_power_save,
14132 		.flags = GENL_UNS_ADMIN_PERM,
14133 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14134 				  NL80211_FLAG_NEED_RTNL,
14135 	},
14136 	{
14137 		.cmd = NL80211_CMD_GET_POWER_SAVE,
14138 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14139 		.doit = nl80211_get_power_save,
14140 		/* can be retrieved by unprivileged users */
14141 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14142 				  NL80211_FLAG_NEED_RTNL,
14143 	},
14144 	{
14145 		.cmd = NL80211_CMD_SET_CQM,
14146 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14147 		.doit = nl80211_set_cqm,
14148 		.flags = GENL_UNS_ADMIN_PERM,
14149 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14150 				  NL80211_FLAG_NEED_RTNL,
14151 	},
14152 	{
14153 		.cmd = NL80211_CMD_SET_CHANNEL,
14154 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14155 		.doit = nl80211_set_channel,
14156 		.flags = GENL_UNS_ADMIN_PERM,
14157 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14158 				  NL80211_FLAG_NEED_RTNL,
14159 	},
14160 	{
14161 		.cmd = NL80211_CMD_SET_WDS_PEER,
14162 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14163 		.doit = nl80211_set_wds_peer,
14164 		.flags = GENL_UNS_ADMIN_PERM,
14165 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14166 				  NL80211_FLAG_NEED_RTNL,
14167 	},
14168 	{
14169 		.cmd = NL80211_CMD_JOIN_MESH,
14170 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14171 		.doit = nl80211_join_mesh,
14172 		.flags = GENL_UNS_ADMIN_PERM,
14173 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14174 				  NL80211_FLAG_NEED_RTNL,
14175 	},
14176 	{
14177 		.cmd = NL80211_CMD_LEAVE_MESH,
14178 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14179 		.doit = nl80211_leave_mesh,
14180 		.flags = GENL_UNS_ADMIN_PERM,
14181 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14182 				  NL80211_FLAG_NEED_RTNL,
14183 	},
14184 	{
14185 		.cmd = NL80211_CMD_JOIN_OCB,
14186 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14187 		.doit = nl80211_join_ocb,
14188 		.flags = GENL_UNS_ADMIN_PERM,
14189 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14190 				  NL80211_FLAG_NEED_RTNL,
14191 	},
14192 	{
14193 		.cmd = NL80211_CMD_LEAVE_OCB,
14194 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14195 		.doit = nl80211_leave_ocb,
14196 		.flags = GENL_UNS_ADMIN_PERM,
14197 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14198 				  NL80211_FLAG_NEED_RTNL,
14199 	},
14200 #ifdef CONFIG_PM
14201 	{
14202 		.cmd = NL80211_CMD_GET_WOWLAN,
14203 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14204 		.doit = nl80211_get_wowlan,
14205 		/* can be retrieved by unprivileged users */
14206 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14207 				  NL80211_FLAG_NEED_RTNL,
14208 	},
14209 	{
14210 		.cmd = NL80211_CMD_SET_WOWLAN,
14211 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14212 		.doit = nl80211_set_wowlan,
14213 		.flags = GENL_UNS_ADMIN_PERM,
14214 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14215 				  NL80211_FLAG_NEED_RTNL,
14216 	},
14217 #endif
14218 	{
14219 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
14220 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14221 		.doit = nl80211_set_rekey_data,
14222 		.flags = GENL_UNS_ADMIN_PERM,
14223 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14224 				  NL80211_FLAG_NEED_RTNL |
14225 				  NL80211_FLAG_CLEAR_SKB,
14226 	},
14227 	{
14228 		.cmd = NL80211_CMD_TDLS_MGMT,
14229 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14230 		.doit = nl80211_tdls_mgmt,
14231 		.flags = GENL_UNS_ADMIN_PERM,
14232 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14233 				  NL80211_FLAG_NEED_RTNL,
14234 	},
14235 	{
14236 		.cmd = NL80211_CMD_TDLS_OPER,
14237 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14238 		.doit = nl80211_tdls_oper,
14239 		.flags = GENL_UNS_ADMIN_PERM,
14240 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14241 				  NL80211_FLAG_NEED_RTNL,
14242 	},
14243 	{
14244 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
14245 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14246 		.doit = nl80211_register_unexpected_frame,
14247 		.flags = GENL_UNS_ADMIN_PERM,
14248 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14249 				  NL80211_FLAG_NEED_RTNL,
14250 	},
14251 	{
14252 		.cmd = NL80211_CMD_PROBE_CLIENT,
14253 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14254 		.doit = nl80211_probe_client,
14255 		.flags = GENL_UNS_ADMIN_PERM,
14256 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14257 				  NL80211_FLAG_NEED_RTNL,
14258 	},
14259 	{
14260 		.cmd = NL80211_CMD_REGISTER_BEACONS,
14261 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14262 		.doit = nl80211_register_beacons,
14263 		.flags = GENL_UNS_ADMIN_PERM,
14264 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14265 				  NL80211_FLAG_NEED_RTNL,
14266 	},
14267 	{
14268 		.cmd = NL80211_CMD_SET_NOACK_MAP,
14269 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14270 		.doit = nl80211_set_noack_map,
14271 		.flags = GENL_UNS_ADMIN_PERM,
14272 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14273 				  NL80211_FLAG_NEED_RTNL,
14274 	},
14275 	{
14276 		.cmd = NL80211_CMD_START_P2P_DEVICE,
14277 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14278 		.doit = nl80211_start_p2p_device,
14279 		.flags = GENL_UNS_ADMIN_PERM,
14280 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14281 				  NL80211_FLAG_NEED_RTNL,
14282 	},
14283 	{
14284 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
14285 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14286 		.doit = nl80211_stop_p2p_device,
14287 		.flags = GENL_UNS_ADMIN_PERM,
14288 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14289 				  NL80211_FLAG_NEED_RTNL,
14290 	},
14291 	{
14292 		.cmd = NL80211_CMD_START_NAN,
14293 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14294 		.doit = nl80211_start_nan,
14295 		.flags = GENL_ADMIN_PERM,
14296 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14297 				  NL80211_FLAG_NEED_RTNL,
14298 	},
14299 	{
14300 		.cmd = NL80211_CMD_STOP_NAN,
14301 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14302 		.doit = nl80211_stop_nan,
14303 		.flags = GENL_ADMIN_PERM,
14304 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14305 				  NL80211_FLAG_NEED_RTNL,
14306 	},
14307 	{
14308 		.cmd = NL80211_CMD_ADD_NAN_FUNCTION,
14309 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14310 		.doit = nl80211_nan_add_func,
14311 		.flags = GENL_ADMIN_PERM,
14312 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14313 				  NL80211_FLAG_NEED_RTNL,
14314 	},
14315 	{
14316 		.cmd = NL80211_CMD_DEL_NAN_FUNCTION,
14317 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14318 		.doit = nl80211_nan_del_func,
14319 		.flags = GENL_ADMIN_PERM,
14320 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14321 				  NL80211_FLAG_NEED_RTNL,
14322 	},
14323 	{
14324 		.cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
14325 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14326 		.doit = nl80211_nan_change_config,
14327 		.flags = GENL_ADMIN_PERM,
14328 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14329 				  NL80211_FLAG_NEED_RTNL,
14330 	},
14331 	{
14332 		.cmd = NL80211_CMD_SET_MCAST_RATE,
14333 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14334 		.doit = nl80211_set_mcast_rate,
14335 		.flags = GENL_UNS_ADMIN_PERM,
14336 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14337 				  NL80211_FLAG_NEED_RTNL,
14338 	},
14339 	{
14340 		.cmd = NL80211_CMD_SET_MAC_ACL,
14341 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14342 		.doit = nl80211_set_mac_acl,
14343 		.flags = GENL_UNS_ADMIN_PERM,
14344 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14345 				  NL80211_FLAG_NEED_RTNL,
14346 	},
14347 	{
14348 		.cmd = NL80211_CMD_RADAR_DETECT,
14349 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14350 		.doit = nl80211_start_radar_detection,
14351 		.flags = GENL_UNS_ADMIN_PERM,
14352 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14353 				  NL80211_FLAG_NEED_RTNL,
14354 	},
14355 	{
14356 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
14357 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14358 		.doit = nl80211_get_protocol_features,
14359 	},
14360 	{
14361 		.cmd = NL80211_CMD_UPDATE_FT_IES,
14362 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14363 		.doit = nl80211_update_ft_ies,
14364 		.flags = GENL_UNS_ADMIN_PERM,
14365 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14366 				  NL80211_FLAG_NEED_RTNL,
14367 	},
14368 	{
14369 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
14370 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14371 		.doit = nl80211_crit_protocol_start,
14372 		.flags = GENL_UNS_ADMIN_PERM,
14373 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14374 				  NL80211_FLAG_NEED_RTNL,
14375 	},
14376 	{
14377 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
14378 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14379 		.doit = nl80211_crit_protocol_stop,
14380 		.flags = GENL_UNS_ADMIN_PERM,
14381 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14382 				  NL80211_FLAG_NEED_RTNL,
14383 	},
14384 	{
14385 		.cmd = NL80211_CMD_GET_COALESCE,
14386 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14387 		.doit = nl80211_get_coalesce,
14388 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14389 				  NL80211_FLAG_NEED_RTNL,
14390 	},
14391 	{
14392 		.cmd = NL80211_CMD_SET_COALESCE,
14393 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14394 		.doit = nl80211_set_coalesce,
14395 		.flags = GENL_UNS_ADMIN_PERM,
14396 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14397 				  NL80211_FLAG_NEED_RTNL,
14398 	},
14399 	{
14400 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
14401 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14402 		.doit = nl80211_channel_switch,
14403 		.flags = GENL_UNS_ADMIN_PERM,
14404 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14405 				  NL80211_FLAG_NEED_RTNL,
14406 	},
14407 	{
14408 		.cmd = NL80211_CMD_VENDOR,
14409 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14410 		.doit = nl80211_vendor_cmd,
14411 		.dumpit = nl80211_vendor_cmd_dump,
14412 		.flags = GENL_UNS_ADMIN_PERM,
14413 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14414 				  NL80211_FLAG_NEED_RTNL |
14415 				  NL80211_FLAG_CLEAR_SKB,
14416 	},
14417 	{
14418 		.cmd = NL80211_CMD_SET_QOS_MAP,
14419 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14420 		.doit = nl80211_set_qos_map,
14421 		.flags = GENL_UNS_ADMIN_PERM,
14422 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14423 				  NL80211_FLAG_NEED_RTNL,
14424 	},
14425 	{
14426 		.cmd = NL80211_CMD_ADD_TX_TS,
14427 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14428 		.doit = nl80211_add_tx_ts,
14429 		.flags = GENL_UNS_ADMIN_PERM,
14430 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14431 				  NL80211_FLAG_NEED_RTNL,
14432 	},
14433 	{
14434 		.cmd = NL80211_CMD_DEL_TX_TS,
14435 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14436 		.doit = nl80211_del_tx_ts,
14437 		.flags = GENL_UNS_ADMIN_PERM,
14438 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14439 				  NL80211_FLAG_NEED_RTNL,
14440 	},
14441 	{
14442 		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
14443 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14444 		.doit = nl80211_tdls_channel_switch,
14445 		.flags = GENL_UNS_ADMIN_PERM,
14446 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14447 				  NL80211_FLAG_NEED_RTNL,
14448 	},
14449 	{
14450 		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
14451 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14452 		.doit = nl80211_tdls_cancel_channel_switch,
14453 		.flags = GENL_UNS_ADMIN_PERM,
14454 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14455 				  NL80211_FLAG_NEED_RTNL,
14456 	},
14457 	{
14458 		.cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
14459 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14460 		.doit = nl80211_set_multicast_to_unicast,
14461 		.flags = GENL_UNS_ADMIN_PERM,
14462 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14463 				  NL80211_FLAG_NEED_RTNL,
14464 	},
14465 	{
14466 		.cmd = NL80211_CMD_SET_PMK,
14467 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14468 		.doit = nl80211_set_pmk,
14469 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14470 				  NL80211_FLAG_NEED_RTNL |
14471 				  NL80211_FLAG_CLEAR_SKB,
14472 	},
14473 	{
14474 		.cmd = NL80211_CMD_DEL_PMK,
14475 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14476 		.doit = nl80211_del_pmk,
14477 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14478 				  NL80211_FLAG_NEED_RTNL,
14479 	},
14480 	{
14481 		.cmd = NL80211_CMD_EXTERNAL_AUTH,
14482 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14483 		.doit = nl80211_external_auth,
14484 		.flags = GENL_ADMIN_PERM,
14485 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14486 				  NL80211_FLAG_NEED_RTNL,
14487 	},
14488 	{
14489 		.cmd = NL80211_CMD_CONTROL_PORT_FRAME,
14490 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14491 		.doit = nl80211_tx_control_port,
14492 		.flags = GENL_UNS_ADMIN_PERM,
14493 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14494 				  NL80211_FLAG_NEED_RTNL,
14495 	},
14496 	{
14497 		.cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
14498 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14499 		.doit = nl80211_get_ftm_responder_stats,
14500 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14501 				  NL80211_FLAG_NEED_RTNL,
14502 	},
14503 	{
14504 		.cmd = NL80211_CMD_PEER_MEASUREMENT_START,
14505 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14506 		.doit = nl80211_pmsr_start,
14507 		.flags = GENL_UNS_ADMIN_PERM,
14508 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14509 				  NL80211_FLAG_NEED_RTNL,
14510 	},
14511 	{
14512 		.cmd = NL80211_CMD_NOTIFY_RADAR,
14513 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14514 		.doit = nl80211_notify_radar_detection,
14515 		.flags = GENL_UNS_ADMIN_PERM,
14516 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14517 				  NL80211_FLAG_NEED_RTNL,
14518 	},
14519 	{
14520 		.cmd = NL80211_CMD_UPDATE_OWE_INFO,
14521 		.doit = nl80211_update_owe_info,
14522 		.flags = GENL_ADMIN_PERM,
14523 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14524 				  NL80211_FLAG_NEED_RTNL,
14525 	},
14526 	{
14527 		.cmd = NL80211_CMD_PROBE_MESH_LINK,
14528 		.doit = nl80211_probe_mesh_link,
14529 		.flags = GENL_UNS_ADMIN_PERM,
14530 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14531 				  NL80211_FLAG_NEED_RTNL,
14532 	},
14533 };
14534 
14535 static struct genl_family nl80211_fam __ro_after_init = {
14536 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
14537 	.hdrsize = 0,			/* no private header */
14538 	.version = 1,			/* no particular meaning now */
14539 	.maxattr = NL80211_ATTR_MAX,
14540 	.policy = nl80211_policy,
14541 	.netnsok = true,
14542 	.pre_doit = nl80211_pre_doit,
14543 	.post_doit = nl80211_post_doit,
14544 	.module = THIS_MODULE,
14545 	.ops = nl80211_ops,
14546 	.n_ops = ARRAY_SIZE(nl80211_ops),
14547 	.mcgrps = nl80211_mcgrps,
14548 	.n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
14549 };
14550 
14551 /* notification functions */
14552 
14553 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
14554 			  enum nl80211_commands cmd)
14555 {
14556 	struct sk_buff *msg;
14557 	struct nl80211_dump_wiphy_state state = {};
14558 
14559 	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
14560 		cmd != NL80211_CMD_DEL_WIPHY);
14561 
14562 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14563 	if (!msg)
14564 		return;
14565 
14566 	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
14567 		nlmsg_free(msg);
14568 		return;
14569 	}
14570 
14571 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14572 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
14573 }
14574 
14575 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
14576 				struct wireless_dev *wdev,
14577 				enum nl80211_commands cmd)
14578 {
14579 	struct sk_buff *msg;
14580 
14581 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14582 	if (!msg)
14583 		return;
14584 
14585 	if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
14586 		nlmsg_free(msg);
14587 		return;
14588 	}
14589 
14590 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14591 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
14592 }
14593 
14594 static int nl80211_add_scan_req(struct sk_buff *msg,
14595 				struct cfg80211_registered_device *rdev)
14596 {
14597 	struct cfg80211_scan_request *req = rdev->scan_req;
14598 	struct nlattr *nest;
14599 	int i;
14600 
14601 	if (WARN_ON(!req))
14602 		return 0;
14603 
14604 	nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
14605 	if (!nest)
14606 		goto nla_put_failure;
14607 	for (i = 0; i < req->n_ssids; i++) {
14608 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
14609 			goto nla_put_failure;
14610 	}
14611 	nla_nest_end(msg, nest);
14612 
14613 	nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
14614 	if (!nest)
14615 		goto nla_put_failure;
14616 	for (i = 0; i < req->n_channels; i++) {
14617 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
14618 			goto nla_put_failure;
14619 	}
14620 	nla_nest_end(msg, nest);
14621 
14622 	if (req->ie &&
14623 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
14624 		goto nla_put_failure;
14625 
14626 	if (req->flags &&
14627 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
14628 		goto nla_put_failure;
14629 
14630 	if (req->info.scan_start_tsf &&
14631 	    (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
14632 			       req->info.scan_start_tsf, NL80211_BSS_PAD) ||
14633 	     nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
14634 		     req->info.tsf_bssid)))
14635 		goto nla_put_failure;
14636 
14637 	return 0;
14638  nla_put_failure:
14639 	return -ENOBUFS;
14640 }
14641 
14642 static int nl80211_prep_scan_msg(struct sk_buff *msg,
14643 				 struct cfg80211_registered_device *rdev,
14644 				 struct wireless_dev *wdev,
14645 				 u32 portid, u32 seq, int flags,
14646 				 u32 cmd)
14647 {
14648 	void *hdr;
14649 
14650 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
14651 	if (!hdr)
14652 		return -1;
14653 
14654 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14655 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14656 					 wdev->netdev->ifindex)) ||
14657 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14658 			      NL80211_ATTR_PAD))
14659 		goto nla_put_failure;
14660 
14661 	/* ignore errors and send incomplete event anyway */
14662 	nl80211_add_scan_req(msg, rdev);
14663 
14664 	genlmsg_end(msg, hdr);
14665 	return 0;
14666 
14667  nla_put_failure:
14668 	genlmsg_cancel(msg, hdr);
14669 	return -EMSGSIZE;
14670 }
14671 
14672 static int
14673 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
14674 			    struct cfg80211_sched_scan_request *req, u32 cmd)
14675 {
14676 	void *hdr;
14677 
14678 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14679 	if (!hdr)
14680 		return -1;
14681 
14682 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
14683 			wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
14684 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
14685 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
14686 			      NL80211_ATTR_PAD))
14687 		goto nla_put_failure;
14688 
14689 	genlmsg_end(msg, hdr);
14690 	return 0;
14691 
14692  nla_put_failure:
14693 	genlmsg_cancel(msg, hdr);
14694 	return -EMSGSIZE;
14695 }
14696 
14697 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
14698 			     struct wireless_dev *wdev)
14699 {
14700 	struct sk_buff *msg;
14701 
14702 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14703 	if (!msg)
14704 		return;
14705 
14706 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14707 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
14708 		nlmsg_free(msg);
14709 		return;
14710 	}
14711 
14712 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14713 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14714 }
14715 
14716 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
14717 				       struct wireless_dev *wdev, bool aborted)
14718 {
14719 	struct sk_buff *msg;
14720 
14721 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14722 	if (!msg)
14723 		return NULL;
14724 
14725 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14726 				  aborted ? NL80211_CMD_SCAN_ABORTED :
14727 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
14728 		nlmsg_free(msg);
14729 		return NULL;
14730 	}
14731 
14732 	return msg;
14733 }
14734 
14735 /* send message created by nl80211_build_scan_msg() */
14736 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
14737 			   struct sk_buff *msg)
14738 {
14739 	if (!msg)
14740 		return;
14741 
14742 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14743 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14744 }
14745 
14746 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
14747 {
14748 	struct sk_buff *msg;
14749 
14750 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14751 	if (!msg)
14752 		return;
14753 
14754 	if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
14755 		nlmsg_free(msg);
14756 		return;
14757 	}
14758 
14759 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
14760 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14761 }
14762 
14763 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
14764 					  struct regulatory_request *request)
14765 {
14766 	/* Userspace can always count this one always being set */
14767 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
14768 		goto nla_put_failure;
14769 
14770 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
14771 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14772 			       NL80211_REGDOM_TYPE_WORLD))
14773 			goto nla_put_failure;
14774 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
14775 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14776 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
14777 			goto nla_put_failure;
14778 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
14779 		   request->intersect) {
14780 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14781 			       NL80211_REGDOM_TYPE_INTERSECTION))
14782 			goto nla_put_failure;
14783 	} else {
14784 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14785 			       NL80211_REGDOM_TYPE_COUNTRY) ||
14786 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
14787 				   request->alpha2))
14788 			goto nla_put_failure;
14789 	}
14790 
14791 	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
14792 		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
14793 
14794 		if (wiphy &&
14795 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
14796 			goto nla_put_failure;
14797 
14798 		if (wiphy &&
14799 		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
14800 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
14801 			goto nla_put_failure;
14802 	}
14803 
14804 	return true;
14805 
14806 nla_put_failure:
14807 	return false;
14808 }
14809 
14810 /*
14811  * This can happen on global regulatory changes or device specific settings
14812  * based on custom regulatory domains.
14813  */
14814 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
14815 				     struct regulatory_request *request)
14816 {
14817 	struct sk_buff *msg;
14818 	void *hdr;
14819 
14820 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14821 	if (!msg)
14822 		return;
14823 
14824 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
14825 	if (!hdr) {
14826 		nlmsg_free(msg);
14827 		return;
14828 	}
14829 
14830 	if (nl80211_reg_change_event_fill(msg, request) == false)
14831 		goto nla_put_failure;
14832 
14833 	genlmsg_end(msg, hdr);
14834 
14835 	rcu_read_lock();
14836 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14837 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
14838 	rcu_read_unlock();
14839 
14840 	return;
14841 
14842 nla_put_failure:
14843 	nlmsg_free(msg);
14844 }
14845 
14846 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
14847 				    struct net_device *netdev,
14848 				    const u8 *buf, size_t len,
14849 				    enum nl80211_commands cmd, gfp_t gfp,
14850 				    int uapsd_queues, const u8 *req_ies,
14851 				    size_t req_ies_len)
14852 {
14853 	struct sk_buff *msg;
14854 	void *hdr;
14855 
14856 	msg = nlmsg_new(100 + len + req_ies_len, gfp);
14857 	if (!msg)
14858 		return;
14859 
14860 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14861 	if (!hdr) {
14862 		nlmsg_free(msg);
14863 		return;
14864 	}
14865 
14866 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14867 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14868 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14869 	    (req_ies &&
14870 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
14871 		goto nla_put_failure;
14872 
14873 	if (uapsd_queues >= 0) {
14874 		struct nlattr *nla_wmm =
14875 			nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
14876 		if (!nla_wmm)
14877 			goto nla_put_failure;
14878 
14879 		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
14880 			       uapsd_queues))
14881 			goto nla_put_failure;
14882 
14883 		nla_nest_end(msg, nla_wmm);
14884 	}
14885 
14886 	genlmsg_end(msg, hdr);
14887 
14888 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14889 				NL80211_MCGRP_MLME, gfp);
14890 	return;
14891 
14892  nla_put_failure:
14893 	nlmsg_free(msg);
14894 }
14895 
14896 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
14897 			  struct net_device *netdev, const u8 *buf,
14898 			  size_t len, gfp_t gfp)
14899 {
14900 	nl80211_send_mlme_event(rdev, netdev, buf, len,
14901 				NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0);
14902 }
14903 
14904 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
14905 			   struct net_device *netdev, const u8 *buf,
14906 			   size_t len, gfp_t gfp, int uapsd_queues,
14907 			   const u8 *req_ies, size_t req_ies_len)
14908 {
14909 	nl80211_send_mlme_event(rdev, netdev, buf, len,
14910 				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
14911 				req_ies, req_ies_len);
14912 }
14913 
14914 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
14915 			 struct net_device *netdev, const u8 *buf,
14916 			 size_t len, gfp_t gfp)
14917 {
14918 	nl80211_send_mlme_event(rdev, netdev, buf, len,
14919 				NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0);
14920 }
14921 
14922 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
14923 			   struct net_device *netdev, const u8 *buf,
14924 			   size_t len, gfp_t gfp)
14925 {
14926 	nl80211_send_mlme_event(rdev, netdev, buf, len,
14927 				NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0);
14928 }
14929 
14930 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
14931 				  size_t len)
14932 {
14933 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14934 	struct wiphy *wiphy = wdev->wiphy;
14935 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14936 	const struct ieee80211_mgmt *mgmt = (void *)buf;
14937 	u32 cmd;
14938 
14939 	if (WARN_ON(len < 2))
14940 		return;
14941 
14942 	if (ieee80211_is_deauth(mgmt->frame_control))
14943 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
14944 	else
14945 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
14946 
14947 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
14948 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
14949 				NULL, 0);
14950 }
14951 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
14952 
14953 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
14954 				      struct net_device *netdev, int cmd,
14955 				      const u8 *addr, gfp_t gfp)
14956 {
14957 	struct sk_buff *msg;
14958 	void *hdr;
14959 
14960 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14961 	if (!msg)
14962 		return;
14963 
14964 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14965 	if (!hdr) {
14966 		nlmsg_free(msg);
14967 		return;
14968 	}
14969 
14970 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14971 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14972 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
14973 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
14974 		goto nla_put_failure;
14975 
14976 	genlmsg_end(msg, hdr);
14977 
14978 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14979 				NL80211_MCGRP_MLME, gfp);
14980 	return;
14981 
14982  nla_put_failure:
14983 	nlmsg_free(msg);
14984 }
14985 
14986 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
14987 			       struct net_device *netdev, const u8 *addr,
14988 			       gfp_t gfp)
14989 {
14990 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
14991 				  addr, gfp);
14992 }
14993 
14994 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
14995 				struct net_device *netdev, const u8 *addr,
14996 				gfp_t gfp)
14997 {
14998 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
14999 				  addr, gfp);
15000 }
15001 
15002 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
15003 				 struct net_device *netdev,
15004 				 struct cfg80211_connect_resp_params *cr,
15005 				 gfp_t gfp)
15006 {
15007 	struct sk_buff *msg;
15008 	void *hdr;
15009 
15010 	msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
15011 			cr->fils.kek_len + cr->fils.pmk_len +
15012 			(cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15013 	if (!msg)
15014 		return;
15015 
15016 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
15017 	if (!hdr) {
15018 		nlmsg_free(msg);
15019 		return;
15020 	}
15021 
15022 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15023 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15024 	    (cr->bssid &&
15025 	     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
15026 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
15027 			cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
15028 			cr->status) ||
15029 	    (cr->status < 0 &&
15030 	     (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15031 	      nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
15032 			  cr->timeout_reason))) ||
15033 	    (cr->req_ie &&
15034 	     nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
15035 	    (cr->resp_ie &&
15036 	     nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
15037 		     cr->resp_ie)) ||
15038 	    (cr->fils.update_erp_next_seq_num &&
15039 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15040 			 cr->fils.erp_next_seq_num)) ||
15041 	    (cr->status == WLAN_STATUS_SUCCESS &&
15042 	     ((cr->fils.kek &&
15043 	       nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
15044 		       cr->fils.kek)) ||
15045 	      (cr->fils.pmk &&
15046 	       nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
15047 	      (cr->fils.pmkid &&
15048 	       nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
15049 		goto nla_put_failure;
15050 
15051 	genlmsg_end(msg, hdr);
15052 
15053 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15054 				NL80211_MCGRP_MLME, gfp);
15055 	return;
15056 
15057  nla_put_failure:
15058 	nlmsg_free(msg);
15059 }
15060 
15061 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
15062 			 struct net_device *netdev,
15063 			 struct cfg80211_roam_info *info, gfp_t gfp)
15064 {
15065 	struct sk_buff *msg;
15066 	void *hdr;
15067 	const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
15068 
15069 	msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
15070 			info->fils.kek_len + info->fils.pmk_len +
15071 			(info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15072 	if (!msg)
15073 		return;
15074 
15075 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
15076 	if (!hdr) {
15077 		nlmsg_free(msg);
15078 		return;
15079 	}
15080 
15081 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15082 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15083 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
15084 	    (info->req_ie &&
15085 	     nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
15086 		     info->req_ie)) ||
15087 	    (info->resp_ie &&
15088 	     nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
15089 		     info->resp_ie)) ||
15090 	    (info->fils.update_erp_next_seq_num &&
15091 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15092 			 info->fils.erp_next_seq_num)) ||
15093 	    (info->fils.kek &&
15094 	     nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
15095 		     info->fils.kek)) ||
15096 	    (info->fils.pmk &&
15097 	     nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
15098 	    (info->fils.pmkid &&
15099 	     nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
15100 		goto nla_put_failure;
15101 
15102 	genlmsg_end(msg, hdr);
15103 
15104 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15105 				NL80211_MCGRP_MLME, gfp);
15106 	return;
15107 
15108  nla_put_failure:
15109 	nlmsg_free(msg);
15110 }
15111 
15112 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
15113 				  struct net_device *netdev, const u8 *bssid)
15114 {
15115 	struct sk_buff *msg;
15116 	void *hdr;
15117 
15118 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15119 	if (!msg)
15120 		return;
15121 
15122 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
15123 	if (!hdr) {
15124 		nlmsg_free(msg);
15125 		return;
15126 	}
15127 
15128 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15129 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15130 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15131 		goto nla_put_failure;
15132 
15133 	genlmsg_end(msg, hdr);
15134 
15135 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15136 				NL80211_MCGRP_MLME, GFP_KERNEL);
15137 	return;
15138 
15139  nla_put_failure:
15140 	nlmsg_free(msg);
15141 }
15142 
15143 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
15144 			       struct net_device *netdev, u16 reason,
15145 			       const u8 *ie, size_t ie_len, bool from_ap)
15146 {
15147 	struct sk_buff *msg;
15148 	void *hdr;
15149 
15150 	msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
15151 	if (!msg)
15152 		return;
15153 
15154 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
15155 	if (!hdr) {
15156 		nlmsg_free(msg);
15157 		return;
15158 	}
15159 
15160 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15161 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15162 	    (reason &&
15163 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
15164 	    (from_ap &&
15165 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
15166 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
15167 		goto nla_put_failure;
15168 
15169 	genlmsg_end(msg, hdr);
15170 
15171 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15172 				NL80211_MCGRP_MLME, GFP_KERNEL);
15173 	return;
15174 
15175  nla_put_failure:
15176 	nlmsg_free(msg);
15177 }
15178 
15179 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
15180 			     struct net_device *netdev, const u8 *bssid,
15181 			     gfp_t gfp)
15182 {
15183 	struct sk_buff *msg;
15184 	void *hdr;
15185 
15186 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15187 	if (!msg)
15188 		return;
15189 
15190 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
15191 	if (!hdr) {
15192 		nlmsg_free(msg);
15193 		return;
15194 	}
15195 
15196 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15197 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15198 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15199 		goto nla_put_failure;
15200 
15201 	genlmsg_end(msg, hdr);
15202 
15203 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15204 				NL80211_MCGRP_MLME, gfp);
15205 	return;
15206 
15207  nla_put_failure:
15208 	nlmsg_free(msg);
15209 }
15210 
15211 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
15212 					const u8 *ie, u8 ie_len,
15213 					int sig_dbm, gfp_t gfp)
15214 {
15215 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15216 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15217 	struct sk_buff *msg;
15218 	void *hdr;
15219 
15220 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
15221 		return;
15222 
15223 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
15224 
15225 	msg = nlmsg_new(100 + ie_len, gfp);
15226 	if (!msg)
15227 		return;
15228 
15229 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
15230 	if (!hdr) {
15231 		nlmsg_free(msg);
15232 		return;
15233 	}
15234 
15235 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15236 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15237 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15238 	    (ie_len && ie &&
15239 	     nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
15240 	    (sig_dbm &&
15241 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
15242 		goto nla_put_failure;
15243 
15244 	genlmsg_end(msg, hdr);
15245 
15246 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15247 				NL80211_MCGRP_MLME, gfp);
15248 	return;
15249 
15250  nla_put_failure:
15251 	nlmsg_free(msg);
15252 }
15253 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
15254 
15255 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
15256 				 struct net_device *netdev, const u8 *addr,
15257 				 enum nl80211_key_type key_type, int key_id,
15258 				 const u8 *tsc, gfp_t gfp)
15259 {
15260 	struct sk_buff *msg;
15261 	void *hdr;
15262 
15263 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15264 	if (!msg)
15265 		return;
15266 
15267 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
15268 	if (!hdr) {
15269 		nlmsg_free(msg);
15270 		return;
15271 	}
15272 
15273 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15274 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15275 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
15276 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
15277 	    (key_id != -1 &&
15278 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
15279 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
15280 		goto nla_put_failure;
15281 
15282 	genlmsg_end(msg, hdr);
15283 
15284 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15285 				NL80211_MCGRP_MLME, gfp);
15286 	return;
15287 
15288  nla_put_failure:
15289 	nlmsg_free(msg);
15290 }
15291 
15292 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
15293 				    struct ieee80211_channel *channel_before,
15294 				    struct ieee80211_channel *channel_after)
15295 {
15296 	struct sk_buff *msg;
15297 	void *hdr;
15298 	struct nlattr *nl_freq;
15299 
15300 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
15301 	if (!msg)
15302 		return;
15303 
15304 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
15305 	if (!hdr) {
15306 		nlmsg_free(msg);
15307 		return;
15308 	}
15309 
15310 	/*
15311 	 * Since we are applying the beacon hint to a wiphy we know its
15312 	 * wiphy_idx is valid
15313 	 */
15314 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
15315 		goto nla_put_failure;
15316 
15317 	/* Before */
15318 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
15319 	if (!nl_freq)
15320 		goto nla_put_failure;
15321 
15322 	if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
15323 		goto nla_put_failure;
15324 	nla_nest_end(msg, nl_freq);
15325 
15326 	/* After */
15327 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
15328 	if (!nl_freq)
15329 		goto nla_put_failure;
15330 
15331 	if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
15332 		goto nla_put_failure;
15333 	nla_nest_end(msg, nl_freq);
15334 
15335 	genlmsg_end(msg, hdr);
15336 
15337 	rcu_read_lock();
15338 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15339 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15340 	rcu_read_unlock();
15341 
15342 	return;
15343 
15344 nla_put_failure:
15345 	nlmsg_free(msg);
15346 }
15347 
15348 static void nl80211_send_remain_on_chan_event(
15349 	int cmd, struct cfg80211_registered_device *rdev,
15350 	struct wireless_dev *wdev, u64 cookie,
15351 	struct ieee80211_channel *chan,
15352 	unsigned int duration, gfp_t gfp)
15353 {
15354 	struct sk_buff *msg;
15355 	void *hdr;
15356 
15357 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15358 	if (!msg)
15359 		return;
15360 
15361 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15362 	if (!hdr) {
15363 		nlmsg_free(msg);
15364 		return;
15365 	}
15366 
15367 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15368 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15369 					 wdev->netdev->ifindex)) ||
15370 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15371 			      NL80211_ATTR_PAD) ||
15372 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
15373 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
15374 			NL80211_CHAN_NO_HT) ||
15375 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15376 			      NL80211_ATTR_PAD))
15377 		goto nla_put_failure;
15378 
15379 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
15380 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
15381 		goto nla_put_failure;
15382 
15383 	genlmsg_end(msg, hdr);
15384 
15385 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15386 				NL80211_MCGRP_MLME, gfp);
15387 	return;
15388 
15389  nla_put_failure:
15390 	nlmsg_free(msg);
15391 }
15392 
15393 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
15394 			       struct ieee80211_channel *chan,
15395 			       unsigned int duration, gfp_t gfp)
15396 {
15397 	struct wiphy *wiphy = wdev->wiphy;
15398 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15399 
15400 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
15401 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
15402 					  rdev, wdev, cookie, chan,
15403 					  duration, gfp);
15404 }
15405 EXPORT_SYMBOL(cfg80211_ready_on_channel);
15406 
15407 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
15408 					struct ieee80211_channel *chan,
15409 					gfp_t gfp)
15410 {
15411 	struct wiphy *wiphy = wdev->wiphy;
15412 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15413 
15414 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
15415 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15416 					  rdev, wdev, cookie, chan, 0, gfp);
15417 }
15418 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
15419 
15420 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
15421 					struct ieee80211_channel *chan,
15422 					gfp_t gfp)
15423 {
15424 	struct wiphy *wiphy = wdev->wiphy;
15425 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15426 
15427 	trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
15428 	nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
15429 					  rdev, wdev, cookie, chan, 0, gfp);
15430 }
15431 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
15432 
15433 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
15434 		      struct station_info *sinfo, gfp_t gfp)
15435 {
15436 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15437 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15438 	struct sk_buff *msg;
15439 
15440 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
15441 
15442 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15443 	if (!msg)
15444 		return;
15445 
15446 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
15447 				 rdev, dev, mac_addr, sinfo) < 0) {
15448 		nlmsg_free(msg);
15449 		return;
15450 	}
15451 
15452 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15453 				NL80211_MCGRP_MLME, gfp);
15454 }
15455 EXPORT_SYMBOL(cfg80211_new_sta);
15456 
15457 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
15458 			    struct station_info *sinfo, gfp_t gfp)
15459 {
15460 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15461 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15462 	struct sk_buff *msg;
15463 	struct station_info empty_sinfo = {};
15464 
15465 	if (!sinfo)
15466 		sinfo = &empty_sinfo;
15467 
15468 	trace_cfg80211_del_sta(dev, mac_addr);
15469 
15470 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15471 	if (!msg) {
15472 		cfg80211_sinfo_release_content(sinfo);
15473 		return;
15474 	}
15475 
15476 	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
15477 				 rdev, dev, mac_addr, sinfo) < 0) {
15478 		nlmsg_free(msg);
15479 		return;
15480 	}
15481 
15482 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15483 				NL80211_MCGRP_MLME, gfp);
15484 }
15485 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
15486 
15487 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
15488 			  enum nl80211_connect_failed_reason reason,
15489 			  gfp_t gfp)
15490 {
15491 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15492 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15493 	struct sk_buff *msg;
15494 	void *hdr;
15495 
15496 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
15497 	if (!msg)
15498 		return;
15499 
15500 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
15501 	if (!hdr) {
15502 		nlmsg_free(msg);
15503 		return;
15504 	}
15505 
15506 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15507 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
15508 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
15509 		goto nla_put_failure;
15510 
15511 	genlmsg_end(msg, hdr);
15512 
15513 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15514 				NL80211_MCGRP_MLME, gfp);
15515 	return;
15516 
15517  nla_put_failure:
15518 	nlmsg_free(msg);
15519 }
15520 EXPORT_SYMBOL(cfg80211_conn_failed);
15521 
15522 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
15523 				       const u8 *addr, gfp_t gfp)
15524 {
15525 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15526 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15527 	struct sk_buff *msg;
15528 	void *hdr;
15529 	u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
15530 
15531 	if (!nlportid)
15532 		return false;
15533 
15534 	msg = nlmsg_new(100, gfp);
15535 	if (!msg)
15536 		return true;
15537 
15538 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15539 	if (!hdr) {
15540 		nlmsg_free(msg);
15541 		return true;
15542 	}
15543 
15544 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15545 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15546 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
15547 		goto nla_put_failure;
15548 
15549 	genlmsg_end(msg, hdr);
15550 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15551 	return true;
15552 
15553  nla_put_failure:
15554 	nlmsg_free(msg);
15555 	return true;
15556 }
15557 
15558 bool cfg80211_rx_spurious_frame(struct net_device *dev,
15559 				const u8 *addr, gfp_t gfp)
15560 {
15561 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15562 	bool ret;
15563 
15564 	trace_cfg80211_rx_spurious_frame(dev, addr);
15565 
15566 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15567 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
15568 		trace_cfg80211_return_bool(false);
15569 		return false;
15570 	}
15571 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
15572 					 addr, gfp);
15573 	trace_cfg80211_return_bool(ret);
15574 	return ret;
15575 }
15576 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
15577 
15578 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
15579 					const u8 *addr, gfp_t gfp)
15580 {
15581 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15582 	bool ret;
15583 
15584 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
15585 
15586 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15587 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
15588 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
15589 		trace_cfg80211_return_bool(false);
15590 		return false;
15591 	}
15592 	ret = __nl80211_unexpected_frame(dev,
15593 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
15594 					 addr, gfp);
15595 	trace_cfg80211_return_bool(ret);
15596 	return ret;
15597 }
15598 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
15599 
15600 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
15601 		      struct wireless_dev *wdev, u32 nlportid,
15602 		      int freq, int sig_dbm,
15603 		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
15604 {
15605 	struct net_device *netdev = wdev->netdev;
15606 	struct sk_buff *msg;
15607 	void *hdr;
15608 
15609 	msg = nlmsg_new(100 + len, gfp);
15610 	if (!msg)
15611 		return -ENOMEM;
15612 
15613 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
15614 	if (!hdr) {
15615 		nlmsg_free(msg);
15616 		return -ENOMEM;
15617 	}
15618 
15619 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15620 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15621 					netdev->ifindex)) ||
15622 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15623 			      NL80211_ATTR_PAD) ||
15624 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
15625 	    (sig_dbm &&
15626 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
15627 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15628 	    (flags &&
15629 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
15630 		goto nla_put_failure;
15631 
15632 	genlmsg_end(msg, hdr);
15633 
15634 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15635 
15636  nla_put_failure:
15637 	nlmsg_free(msg);
15638 	return -ENOBUFS;
15639 }
15640 
15641 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
15642 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
15643 {
15644 	struct wiphy *wiphy = wdev->wiphy;
15645 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15646 	struct net_device *netdev = wdev->netdev;
15647 	struct sk_buff *msg;
15648 	void *hdr;
15649 
15650 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
15651 
15652 	msg = nlmsg_new(100 + len, gfp);
15653 	if (!msg)
15654 		return;
15655 
15656 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
15657 	if (!hdr) {
15658 		nlmsg_free(msg);
15659 		return;
15660 	}
15661 
15662 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15663 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15664 				   netdev->ifindex)) ||
15665 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15666 			      NL80211_ATTR_PAD) ||
15667 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15668 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15669 			      NL80211_ATTR_PAD) ||
15670 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
15671 		goto nla_put_failure;
15672 
15673 	genlmsg_end(msg, hdr);
15674 
15675 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15676 				NL80211_MCGRP_MLME, gfp);
15677 	return;
15678 
15679  nla_put_failure:
15680 	nlmsg_free(msg);
15681 }
15682 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
15683 
15684 static int __nl80211_rx_control_port(struct net_device *dev,
15685 				     struct sk_buff *skb,
15686 				     bool unencrypted, gfp_t gfp)
15687 {
15688 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15689 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15690 	struct ethhdr *ehdr = eth_hdr(skb);
15691 	const u8 *addr = ehdr->h_source;
15692 	u16 proto = be16_to_cpu(skb->protocol);
15693 	struct sk_buff *msg;
15694 	void *hdr;
15695 	struct nlattr *frame;
15696 
15697 	u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
15698 
15699 	if (!nlportid)
15700 		return -ENOENT;
15701 
15702 	msg = nlmsg_new(100 + skb->len, gfp);
15703 	if (!msg)
15704 		return -ENOMEM;
15705 
15706 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
15707 	if (!hdr) {
15708 		nlmsg_free(msg);
15709 		return -ENOBUFS;
15710 	}
15711 
15712 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15713 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15714 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15715 			      NL80211_ATTR_PAD) ||
15716 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15717 	    nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
15718 	    (unencrypted && nla_put_flag(msg,
15719 					 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
15720 		goto nla_put_failure;
15721 
15722 	frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
15723 	if (!frame)
15724 		goto nla_put_failure;
15725 
15726 	skb_copy_bits(skb, 0, nla_data(frame), skb->len);
15727 	genlmsg_end(msg, hdr);
15728 
15729 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15730 
15731  nla_put_failure:
15732 	nlmsg_free(msg);
15733 	return -ENOBUFS;
15734 }
15735 
15736 bool cfg80211_rx_control_port(struct net_device *dev,
15737 			      struct sk_buff *skb, bool unencrypted)
15738 {
15739 	int ret;
15740 
15741 	trace_cfg80211_rx_control_port(dev, skb, unencrypted);
15742 	ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
15743 	trace_cfg80211_return_bool(ret == 0);
15744 	return ret == 0;
15745 }
15746 EXPORT_SYMBOL(cfg80211_rx_control_port);
15747 
15748 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
15749 					    const char *mac, gfp_t gfp)
15750 {
15751 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15752 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15753 	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15754 	void **cb;
15755 
15756 	if (!msg)
15757 		return NULL;
15758 
15759 	cb = (void **)msg->cb;
15760 
15761 	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
15762 	if (!cb[0]) {
15763 		nlmsg_free(msg);
15764 		return NULL;
15765 	}
15766 
15767 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15768 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15769 		goto nla_put_failure;
15770 
15771 	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
15772 		goto nla_put_failure;
15773 
15774 	cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
15775 	if (!cb[1])
15776 		goto nla_put_failure;
15777 
15778 	cb[2] = rdev;
15779 
15780 	return msg;
15781  nla_put_failure:
15782 	nlmsg_free(msg);
15783 	return NULL;
15784 }
15785 
15786 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
15787 {
15788 	void **cb = (void **)msg->cb;
15789 	struct cfg80211_registered_device *rdev = cb[2];
15790 
15791 	nla_nest_end(msg, cb[1]);
15792 	genlmsg_end(msg, cb[0]);
15793 
15794 	memset(msg->cb, 0, sizeof(msg->cb));
15795 
15796 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15797 				NL80211_MCGRP_MLME, gfp);
15798 }
15799 
15800 void cfg80211_cqm_rssi_notify(struct net_device *dev,
15801 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
15802 			      s32 rssi_level, gfp_t gfp)
15803 {
15804 	struct sk_buff *msg;
15805 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15806 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15807 
15808 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
15809 
15810 	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
15811 		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
15812 		return;
15813 
15814 	if (wdev->cqm_config) {
15815 		wdev->cqm_config->last_rssi_event_value = rssi_level;
15816 
15817 		cfg80211_cqm_rssi_update(rdev, dev);
15818 
15819 		if (rssi_level == 0)
15820 			rssi_level = wdev->cqm_config->last_rssi_event_value;
15821 	}
15822 
15823 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
15824 	if (!msg)
15825 		return;
15826 
15827 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
15828 			rssi_event))
15829 		goto nla_put_failure;
15830 
15831 	if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
15832 				      rssi_level))
15833 		goto nla_put_failure;
15834 
15835 	cfg80211_send_cqm(msg, gfp);
15836 
15837 	return;
15838 
15839  nla_put_failure:
15840 	nlmsg_free(msg);
15841 }
15842 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
15843 
15844 void cfg80211_cqm_txe_notify(struct net_device *dev,
15845 			     const u8 *peer, u32 num_packets,
15846 			     u32 rate, u32 intvl, gfp_t gfp)
15847 {
15848 	struct sk_buff *msg;
15849 
15850 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
15851 	if (!msg)
15852 		return;
15853 
15854 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
15855 		goto nla_put_failure;
15856 
15857 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
15858 		goto nla_put_failure;
15859 
15860 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
15861 		goto nla_put_failure;
15862 
15863 	cfg80211_send_cqm(msg, gfp);
15864 	return;
15865 
15866  nla_put_failure:
15867 	nlmsg_free(msg);
15868 }
15869 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
15870 
15871 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
15872 				 const u8 *peer, u32 num_packets, gfp_t gfp)
15873 {
15874 	struct sk_buff *msg;
15875 
15876 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
15877 
15878 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
15879 	if (!msg)
15880 		return;
15881 
15882 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
15883 		goto nla_put_failure;
15884 
15885 	cfg80211_send_cqm(msg, gfp);
15886 	return;
15887 
15888  nla_put_failure:
15889 	nlmsg_free(msg);
15890 }
15891 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
15892 
15893 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
15894 {
15895 	struct sk_buff *msg;
15896 
15897 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
15898 	if (!msg)
15899 		return;
15900 
15901 	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
15902 		goto nla_put_failure;
15903 
15904 	cfg80211_send_cqm(msg, gfp);
15905 	return;
15906 
15907  nla_put_failure:
15908 	nlmsg_free(msg);
15909 }
15910 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
15911 
15912 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
15913 				     struct net_device *netdev, const u8 *bssid,
15914 				     const u8 *replay_ctr, gfp_t gfp)
15915 {
15916 	struct sk_buff *msg;
15917 	struct nlattr *rekey_attr;
15918 	void *hdr;
15919 
15920 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15921 	if (!msg)
15922 		return;
15923 
15924 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
15925 	if (!hdr) {
15926 		nlmsg_free(msg);
15927 		return;
15928 	}
15929 
15930 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15931 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15932 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15933 		goto nla_put_failure;
15934 
15935 	rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
15936 	if (!rekey_attr)
15937 		goto nla_put_failure;
15938 
15939 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
15940 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
15941 		goto nla_put_failure;
15942 
15943 	nla_nest_end(msg, rekey_attr);
15944 
15945 	genlmsg_end(msg, hdr);
15946 
15947 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15948 				NL80211_MCGRP_MLME, gfp);
15949 	return;
15950 
15951  nla_put_failure:
15952 	nlmsg_free(msg);
15953 }
15954 
15955 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
15956 			       const u8 *replay_ctr, gfp_t gfp)
15957 {
15958 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15959 	struct wiphy *wiphy = wdev->wiphy;
15960 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15961 
15962 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
15963 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
15964 }
15965 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
15966 
15967 static void
15968 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
15969 			       struct net_device *netdev, int index,
15970 			       const u8 *bssid, bool preauth, gfp_t gfp)
15971 {
15972 	struct sk_buff *msg;
15973 	struct nlattr *attr;
15974 	void *hdr;
15975 
15976 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15977 	if (!msg)
15978 		return;
15979 
15980 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
15981 	if (!hdr) {
15982 		nlmsg_free(msg);
15983 		return;
15984 	}
15985 
15986 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15987 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
15988 		goto nla_put_failure;
15989 
15990 	attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
15991 	if (!attr)
15992 		goto nla_put_failure;
15993 
15994 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
15995 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
15996 	    (preauth &&
15997 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
15998 		goto nla_put_failure;
15999 
16000 	nla_nest_end(msg, attr);
16001 
16002 	genlmsg_end(msg, hdr);
16003 
16004 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16005 				NL80211_MCGRP_MLME, gfp);
16006 	return;
16007 
16008  nla_put_failure:
16009 	nlmsg_free(msg);
16010 }
16011 
16012 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
16013 				     const u8 *bssid, bool preauth, gfp_t gfp)
16014 {
16015 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16016 	struct wiphy *wiphy = wdev->wiphy;
16017 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16018 
16019 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
16020 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
16021 }
16022 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
16023 
16024 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
16025 				     struct net_device *netdev,
16026 				     struct cfg80211_chan_def *chandef,
16027 				     gfp_t gfp,
16028 				     enum nl80211_commands notif,
16029 				     u8 count)
16030 {
16031 	struct sk_buff *msg;
16032 	void *hdr;
16033 
16034 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16035 	if (!msg)
16036 		return;
16037 
16038 	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
16039 	if (!hdr) {
16040 		nlmsg_free(msg);
16041 		return;
16042 	}
16043 
16044 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16045 		goto nla_put_failure;
16046 
16047 	if (nl80211_send_chandef(msg, chandef))
16048 		goto nla_put_failure;
16049 
16050 	if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
16051 	    (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
16052 			goto nla_put_failure;
16053 
16054 	genlmsg_end(msg, hdr);
16055 
16056 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16057 				NL80211_MCGRP_MLME, gfp);
16058 	return;
16059 
16060  nla_put_failure:
16061 	nlmsg_free(msg);
16062 }
16063 
16064 void cfg80211_ch_switch_notify(struct net_device *dev,
16065 			       struct cfg80211_chan_def *chandef)
16066 {
16067 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16068 	struct wiphy *wiphy = wdev->wiphy;
16069 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16070 
16071 	ASSERT_WDEV_LOCK(wdev);
16072 
16073 	trace_cfg80211_ch_switch_notify(dev, chandef);
16074 
16075 	wdev->chandef = *chandef;
16076 	wdev->preset_chandef = *chandef;
16077 
16078 	if (wdev->iftype == NL80211_IFTYPE_STATION &&
16079 	    !WARN_ON(!wdev->current_bss))
16080 		wdev->current_bss->pub.channel = chandef->chan;
16081 
16082 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16083 				 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
16084 }
16085 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
16086 
16087 void cfg80211_ch_switch_started_notify(struct net_device *dev,
16088 				       struct cfg80211_chan_def *chandef,
16089 				       u8 count)
16090 {
16091 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16092 	struct wiphy *wiphy = wdev->wiphy;
16093 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16094 
16095 	trace_cfg80211_ch_switch_started_notify(dev, chandef);
16096 
16097 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16098 				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
16099 }
16100 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
16101 
16102 void
16103 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
16104 		     const struct cfg80211_chan_def *chandef,
16105 		     enum nl80211_radar_event event,
16106 		     struct net_device *netdev, gfp_t gfp)
16107 {
16108 	struct sk_buff *msg;
16109 	void *hdr;
16110 
16111 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16112 	if (!msg)
16113 		return;
16114 
16115 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
16116 	if (!hdr) {
16117 		nlmsg_free(msg);
16118 		return;
16119 	}
16120 
16121 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16122 		goto nla_put_failure;
16123 
16124 	/* NOP and radar events don't need a netdev parameter */
16125 	if (netdev) {
16126 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
16127 
16128 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16129 		    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16130 				      NL80211_ATTR_PAD))
16131 			goto nla_put_failure;
16132 	}
16133 
16134 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
16135 		goto nla_put_failure;
16136 
16137 	if (nl80211_send_chandef(msg, chandef))
16138 		goto nla_put_failure;
16139 
16140 	genlmsg_end(msg, hdr);
16141 
16142 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16143 				NL80211_MCGRP_MLME, gfp);
16144 	return;
16145 
16146  nla_put_failure:
16147 	nlmsg_free(msg);
16148 }
16149 
16150 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
16151 				       struct sta_opmode_info *sta_opmode,
16152 				       gfp_t gfp)
16153 {
16154 	struct sk_buff *msg;
16155 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16156 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16157 	void *hdr;
16158 
16159 	if (WARN_ON(!mac))
16160 		return;
16161 
16162 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16163 	if (!msg)
16164 		return;
16165 
16166 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
16167 	if (!hdr) {
16168 		nlmsg_free(msg);
16169 		return;
16170 	}
16171 
16172 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16173 		goto nla_put_failure;
16174 
16175 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16176 		goto nla_put_failure;
16177 
16178 	if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
16179 		goto nla_put_failure;
16180 
16181 	if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
16182 	    nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
16183 		goto nla_put_failure;
16184 
16185 	if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
16186 	    nla_put_u8(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
16187 		goto nla_put_failure;
16188 
16189 	if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
16190 	    nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
16191 		goto nla_put_failure;
16192 
16193 	genlmsg_end(msg, hdr);
16194 
16195 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16196 				NL80211_MCGRP_MLME, gfp);
16197 
16198 	return;
16199 
16200 nla_put_failure:
16201 	nlmsg_free(msg);
16202 }
16203 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
16204 
16205 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
16206 			   u64 cookie, bool acked, s32 ack_signal,
16207 			   bool is_valid_ack_signal, gfp_t gfp)
16208 {
16209 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16210 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16211 	struct sk_buff *msg;
16212 	void *hdr;
16213 
16214 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
16215 
16216 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16217 
16218 	if (!msg)
16219 		return;
16220 
16221 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
16222 	if (!hdr) {
16223 		nlmsg_free(msg);
16224 		return;
16225 	}
16226 
16227 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16228 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16229 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16230 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16231 			      NL80211_ATTR_PAD) ||
16232 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
16233 	    (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
16234 						ack_signal)))
16235 		goto nla_put_failure;
16236 
16237 	genlmsg_end(msg, hdr);
16238 
16239 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16240 				NL80211_MCGRP_MLME, gfp);
16241 	return;
16242 
16243  nla_put_failure:
16244 	nlmsg_free(msg);
16245 }
16246 EXPORT_SYMBOL(cfg80211_probe_status);
16247 
16248 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
16249 				 const u8 *frame, size_t len,
16250 				 int freq, int sig_dbm)
16251 {
16252 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16253 	struct sk_buff *msg;
16254 	void *hdr;
16255 	struct cfg80211_beacon_registration *reg;
16256 
16257 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
16258 
16259 	spin_lock_bh(&rdev->beacon_registrations_lock);
16260 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
16261 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
16262 		if (!msg) {
16263 			spin_unlock_bh(&rdev->beacon_registrations_lock);
16264 			return;
16265 		}
16266 
16267 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16268 		if (!hdr)
16269 			goto nla_put_failure;
16270 
16271 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16272 		    (freq &&
16273 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
16274 		    (sig_dbm &&
16275 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16276 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
16277 			goto nla_put_failure;
16278 
16279 		genlmsg_end(msg, hdr);
16280 
16281 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
16282 	}
16283 	spin_unlock_bh(&rdev->beacon_registrations_lock);
16284 	return;
16285 
16286  nla_put_failure:
16287 	spin_unlock_bh(&rdev->beacon_registrations_lock);
16288 	nlmsg_free(msg);
16289 }
16290 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
16291 
16292 #ifdef CONFIG_PM
16293 static int cfg80211_net_detect_results(struct sk_buff *msg,
16294 				       struct cfg80211_wowlan_wakeup *wakeup)
16295 {
16296 	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
16297 	struct nlattr *nl_results, *nl_match, *nl_freqs;
16298 	int i, j;
16299 
16300 	nl_results = nla_nest_start_noflag(msg,
16301 					   NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
16302 	if (!nl_results)
16303 		return -EMSGSIZE;
16304 
16305 	for (i = 0; i < nd->n_matches; i++) {
16306 		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
16307 
16308 		nl_match = nla_nest_start_noflag(msg, i);
16309 		if (!nl_match)
16310 			break;
16311 
16312 		/* The SSID attribute is optional in nl80211, but for
16313 		 * simplicity reasons it's always present in the
16314 		 * cfg80211 structure.  If a driver can't pass the
16315 		 * SSID, that needs to be changed.  A zero length SSID
16316 		 * is still a valid SSID (wildcard), so it cannot be
16317 		 * used for this purpose.
16318 		 */
16319 		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
16320 			    match->ssid.ssid)) {
16321 			nla_nest_cancel(msg, nl_match);
16322 			goto out;
16323 		}
16324 
16325 		if (match->n_channels) {
16326 			nl_freqs = nla_nest_start_noflag(msg,
16327 							 NL80211_ATTR_SCAN_FREQUENCIES);
16328 			if (!nl_freqs) {
16329 				nla_nest_cancel(msg, nl_match);
16330 				goto out;
16331 			}
16332 
16333 			for (j = 0; j < match->n_channels; j++) {
16334 				if (nla_put_u32(msg, j, match->channels[j])) {
16335 					nla_nest_cancel(msg, nl_freqs);
16336 					nla_nest_cancel(msg, nl_match);
16337 					goto out;
16338 				}
16339 			}
16340 
16341 			nla_nest_end(msg, nl_freqs);
16342 		}
16343 
16344 		nla_nest_end(msg, nl_match);
16345 	}
16346 
16347 out:
16348 	nla_nest_end(msg, nl_results);
16349 	return 0;
16350 }
16351 
16352 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
16353 				   struct cfg80211_wowlan_wakeup *wakeup,
16354 				   gfp_t gfp)
16355 {
16356 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16357 	struct sk_buff *msg;
16358 	void *hdr;
16359 	int size = 200;
16360 
16361 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
16362 
16363 	if (wakeup)
16364 		size += wakeup->packet_present_len;
16365 
16366 	msg = nlmsg_new(size, gfp);
16367 	if (!msg)
16368 		return;
16369 
16370 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
16371 	if (!hdr)
16372 		goto free_msg;
16373 
16374 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16375 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16376 			      NL80211_ATTR_PAD))
16377 		goto free_msg;
16378 
16379 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16380 					wdev->netdev->ifindex))
16381 		goto free_msg;
16382 
16383 	if (wakeup) {
16384 		struct nlattr *reasons;
16385 
16386 		reasons = nla_nest_start_noflag(msg,
16387 						NL80211_ATTR_WOWLAN_TRIGGERS);
16388 		if (!reasons)
16389 			goto free_msg;
16390 
16391 		if (wakeup->disconnect &&
16392 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
16393 			goto free_msg;
16394 		if (wakeup->magic_pkt &&
16395 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
16396 			goto free_msg;
16397 		if (wakeup->gtk_rekey_failure &&
16398 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
16399 			goto free_msg;
16400 		if (wakeup->eap_identity_req &&
16401 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
16402 			goto free_msg;
16403 		if (wakeup->four_way_handshake &&
16404 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
16405 			goto free_msg;
16406 		if (wakeup->rfkill_release &&
16407 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
16408 			goto free_msg;
16409 
16410 		if (wakeup->pattern_idx >= 0 &&
16411 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
16412 				wakeup->pattern_idx))
16413 			goto free_msg;
16414 
16415 		if (wakeup->tcp_match &&
16416 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
16417 			goto free_msg;
16418 
16419 		if (wakeup->tcp_connlost &&
16420 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
16421 			goto free_msg;
16422 
16423 		if (wakeup->tcp_nomoretokens &&
16424 		    nla_put_flag(msg,
16425 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
16426 			goto free_msg;
16427 
16428 		if (wakeup->packet) {
16429 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
16430 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
16431 
16432 			if (!wakeup->packet_80211) {
16433 				pkt_attr =
16434 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
16435 				len_attr =
16436 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
16437 			}
16438 
16439 			if (wakeup->packet_len &&
16440 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
16441 				goto free_msg;
16442 
16443 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
16444 				    wakeup->packet))
16445 				goto free_msg;
16446 		}
16447 
16448 		if (wakeup->net_detect &&
16449 		    cfg80211_net_detect_results(msg, wakeup))
16450 				goto free_msg;
16451 
16452 		nla_nest_end(msg, reasons);
16453 	}
16454 
16455 	genlmsg_end(msg, hdr);
16456 
16457 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16458 				NL80211_MCGRP_MLME, gfp);
16459 	return;
16460 
16461  free_msg:
16462 	nlmsg_free(msg);
16463 }
16464 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
16465 #endif
16466 
16467 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
16468 				enum nl80211_tdls_operation oper,
16469 				u16 reason_code, gfp_t gfp)
16470 {
16471 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16472 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16473 	struct sk_buff *msg;
16474 	void *hdr;
16475 
16476 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
16477 					 reason_code);
16478 
16479 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16480 	if (!msg)
16481 		return;
16482 
16483 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
16484 	if (!hdr) {
16485 		nlmsg_free(msg);
16486 		return;
16487 	}
16488 
16489 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16490 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16491 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
16492 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
16493 	    (reason_code > 0 &&
16494 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
16495 		goto nla_put_failure;
16496 
16497 	genlmsg_end(msg, hdr);
16498 
16499 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16500 				NL80211_MCGRP_MLME, gfp);
16501 	return;
16502 
16503  nla_put_failure:
16504 	nlmsg_free(msg);
16505 }
16506 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
16507 
16508 static int nl80211_netlink_notify(struct notifier_block * nb,
16509 				  unsigned long state,
16510 				  void *_notify)
16511 {
16512 	struct netlink_notify *notify = _notify;
16513 	struct cfg80211_registered_device *rdev;
16514 	struct wireless_dev *wdev;
16515 	struct cfg80211_beacon_registration *reg, *tmp;
16516 
16517 	if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
16518 		return NOTIFY_DONE;
16519 
16520 	rcu_read_lock();
16521 
16522 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
16523 		struct cfg80211_sched_scan_request *sched_scan_req;
16524 
16525 		list_for_each_entry_rcu(sched_scan_req,
16526 					&rdev->sched_scan_req_list,
16527 					list) {
16528 			if (sched_scan_req->owner_nlportid == notify->portid) {
16529 				sched_scan_req->nl_owner_dead = true;
16530 				schedule_work(&rdev->sched_scan_stop_wk);
16531 			}
16532 		}
16533 
16534 		list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
16535 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
16536 
16537 			if (wdev->owner_nlportid == notify->portid) {
16538 				wdev->nl_owner_dead = true;
16539 				schedule_work(&rdev->destroy_work);
16540 			} else if (wdev->conn_owner_nlportid == notify->portid) {
16541 				schedule_work(&wdev->disconnect_wk);
16542 			}
16543 
16544 			cfg80211_release_pmsr(wdev, notify->portid);
16545 		}
16546 
16547 		spin_lock_bh(&rdev->beacon_registrations_lock);
16548 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
16549 					 list) {
16550 			if (reg->nlportid == notify->portid) {
16551 				list_del(&reg->list);
16552 				kfree(reg);
16553 				break;
16554 			}
16555 		}
16556 		spin_unlock_bh(&rdev->beacon_registrations_lock);
16557 	}
16558 
16559 	rcu_read_unlock();
16560 
16561 	/*
16562 	 * It is possible that the user space process that is controlling the
16563 	 * indoor setting disappeared, so notify the regulatory core.
16564 	 */
16565 	regulatory_netlink_notify(notify->portid);
16566 	return NOTIFY_OK;
16567 }
16568 
16569 static struct notifier_block nl80211_netlink_notifier = {
16570 	.notifier_call = nl80211_netlink_notify,
16571 };
16572 
16573 void cfg80211_ft_event(struct net_device *netdev,
16574 		       struct cfg80211_ft_event_params *ft_event)
16575 {
16576 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16577 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16578 	struct sk_buff *msg;
16579 	void *hdr;
16580 
16581 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
16582 
16583 	if (!ft_event->target_ap)
16584 		return;
16585 
16586 	msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
16587 			GFP_KERNEL);
16588 	if (!msg)
16589 		return;
16590 
16591 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
16592 	if (!hdr)
16593 		goto out;
16594 
16595 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16596 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16597 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
16598 		goto out;
16599 
16600 	if (ft_event->ies &&
16601 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
16602 		goto out;
16603 	if (ft_event->ric_ies &&
16604 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
16605 		    ft_event->ric_ies))
16606 		goto out;
16607 
16608 	genlmsg_end(msg, hdr);
16609 
16610 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16611 				NL80211_MCGRP_MLME, GFP_KERNEL);
16612 	return;
16613  out:
16614 	nlmsg_free(msg);
16615 }
16616 EXPORT_SYMBOL(cfg80211_ft_event);
16617 
16618 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
16619 {
16620 	struct cfg80211_registered_device *rdev;
16621 	struct sk_buff *msg;
16622 	void *hdr;
16623 	u32 nlportid;
16624 
16625 	rdev = wiphy_to_rdev(wdev->wiphy);
16626 	if (!rdev->crit_proto_nlportid)
16627 		return;
16628 
16629 	nlportid = rdev->crit_proto_nlportid;
16630 	rdev->crit_proto_nlportid = 0;
16631 
16632 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16633 	if (!msg)
16634 		return;
16635 
16636 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
16637 	if (!hdr)
16638 		goto nla_put_failure;
16639 
16640 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16641 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16642 			      NL80211_ATTR_PAD))
16643 		goto nla_put_failure;
16644 
16645 	genlmsg_end(msg, hdr);
16646 
16647 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16648 	return;
16649 
16650  nla_put_failure:
16651 	nlmsg_free(msg);
16652 }
16653 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
16654 
16655 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
16656 {
16657 	struct wiphy *wiphy = wdev->wiphy;
16658 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16659 	struct sk_buff *msg;
16660 	void *hdr;
16661 
16662 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16663 	if (!msg)
16664 		return;
16665 
16666 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
16667 	if (!hdr)
16668 		goto out;
16669 
16670 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16671 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
16672 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16673 			      NL80211_ATTR_PAD))
16674 		goto out;
16675 
16676 	genlmsg_end(msg, hdr);
16677 
16678 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
16679 				NL80211_MCGRP_MLME, GFP_KERNEL);
16680 	return;
16681  out:
16682 	nlmsg_free(msg);
16683 }
16684 
16685 int cfg80211_external_auth_request(struct net_device *dev,
16686 				   struct cfg80211_external_auth_params *params,
16687 				   gfp_t gfp)
16688 {
16689 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16690 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16691 	struct sk_buff *msg;
16692 	void *hdr;
16693 
16694 	if (!wdev->conn_owner_nlportid)
16695 		return -EINVAL;
16696 
16697 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16698 	if (!msg)
16699 		return -ENOMEM;
16700 
16701 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
16702 	if (!hdr)
16703 		goto nla_put_failure;
16704 
16705 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16706 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16707 	    nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
16708 	    nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
16709 			params->action) ||
16710 	    nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
16711 	    nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
16712 		    params->ssid.ssid))
16713 		goto nla_put_failure;
16714 
16715 	genlmsg_end(msg, hdr);
16716 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
16717 			wdev->conn_owner_nlportid);
16718 	return 0;
16719 
16720  nla_put_failure:
16721 	nlmsg_free(msg);
16722 	return -ENOBUFS;
16723 }
16724 EXPORT_SYMBOL(cfg80211_external_auth_request);
16725 
16726 void cfg80211_update_owe_info_event(struct net_device *netdev,
16727 				    struct cfg80211_update_owe_info *owe_info,
16728 				    gfp_t gfp)
16729 {
16730 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16731 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16732 	struct sk_buff *msg;
16733 	void *hdr;
16734 
16735 	trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
16736 
16737 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16738 	if (!msg)
16739 		return;
16740 
16741 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
16742 	if (!hdr)
16743 		goto nla_put_failure;
16744 
16745 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16746 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16747 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
16748 		goto nla_put_failure;
16749 
16750 	if (!owe_info->ie_len ||
16751 	    nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
16752 		goto nla_put_failure;
16753 
16754 	genlmsg_end(msg, hdr);
16755 
16756 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16757 				NL80211_MCGRP_MLME, gfp);
16758 	return;
16759 
16760 nla_put_failure:
16761 	genlmsg_cancel(msg, hdr);
16762 	nlmsg_free(msg);
16763 }
16764 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
16765 
16766 /* initialisation/exit functions */
16767 
16768 int __init nl80211_init(void)
16769 {
16770 	int err;
16771 
16772 	err = genl_register_family(&nl80211_fam);
16773 	if (err)
16774 		return err;
16775 
16776 	err = netlink_register_notifier(&nl80211_netlink_notifier);
16777 	if (err)
16778 		goto err_out;
16779 
16780 	return 0;
16781  err_out:
16782 	genl_unregister_family(&nl80211_fam);
16783 	return err;
16784 }
16785 
16786 void nl80211_exit(void)
16787 {
16788 	netlink_unregister_notifier(&nl80211_netlink_notifier);
16789 	genl_unregister_family(&nl80211_fam);
16790 }
16791