xref: /linux/net/wireless/nl80211.c (revision 65c93628599dff4cd7cfb70130d1f6a2203731ea) 
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * This is the new netlink-based wireless configuration interface.
4  *
5  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
6  * Copyright 2013-2014  Intel Mobile Communications GmbH
7  * Copyright 2015-2017	Intel Deutschland GmbH
8  * Copyright (C) 2018-2019 Intel Corporation
9  */
10 
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <linux/if_vlan.h>
24 #include <net/net_namespace.h>
25 #include <net/genetlink.h>
26 #include <net/cfg80211.h>
27 #include <net/sock.h>
28 #include <net/inet_connection_sock.h>
29 #include "core.h"
30 #include "nl80211.h"
31 #include "reg.h"
32 #include "rdev-ops.h"
33 
34 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
35 				   struct genl_info *info,
36 				   struct cfg80211_crypto_settings *settings,
37 				   int cipher_limit);
38 
39 /* the netlink family */
40 static struct genl_family nl80211_fam;
41 
42 /* multicast groups */
43 enum nl80211_multicast_groups {
44 	NL80211_MCGRP_CONFIG,
45 	NL80211_MCGRP_SCAN,
46 	NL80211_MCGRP_REGULATORY,
47 	NL80211_MCGRP_MLME,
48 	NL80211_MCGRP_VENDOR,
49 	NL80211_MCGRP_NAN,
50 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
51 };
52 
53 static const struct genl_multicast_group nl80211_mcgrps[] = {
54 	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
55 	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
56 	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
57 	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
58 	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
59 	[NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
60 #ifdef CONFIG_NL80211_TESTMODE
61 	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
62 #endif
63 };
64 
65 /* returns ERR_PTR values */
66 static struct wireless_dev *
67 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
68 {
69 	struct cfg80211_registered_device *rdev;
70 	struct wireless_dev *result = NULL;
71 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
72 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
73 	u64 wdev_id;
74 	int wiphy_idx = -1;
75 	int ifidx = -1;
76 
77 	ASSERT_RTNL();
78 
79 	if (!have_ifidx && !have_wdev_id)
80 		return ERR_PTR(-EINVAL);
81 
82 	if (have_ifidx)
83 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
84 	if (have_wdev_id) {
85 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
86 		wiphy_idx = wdev_id >> 32;
87 	}
88 
89 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
90 		struct wireless_dev *wdev;
91 
92 		if (wiphy_net(&rdev->wiphy) != netns)
93 			continue;
94 
95 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
96 			continue;
97 
98 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
99 			if (have_ifidx && wdev->netdev &&
100 			    wdev->netdev->ifindex == ifidx) {
101 				result = wdev;
102 				break;
103 			}
104 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
105 				result = wdev;
106 				break;
107 			}
108 		}
109 
110 		if (result)
111 			break;
112 	}
113 
114 	if (result)
115 		return result;
116 	return ERR_PTR(-ENODEV);
117 }
118 
119 static struct cfg80211_registered_device *
120 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
121 {
122 	struct cfg80211_registered_device *rdev = NULL, *tmp;
123 	struct net_device *netdev;
124 
125 	ASSERT_RTNL();
126 
127 	if (!attrs[NL80211_ATTR_WIPHY] &&
128 	    !attrs[NL80211_ATTR_IFINDEX] &&
129 	    !attrs[NL80211_ATTR_WDEV])
130 		return ERR_PTR(-EINVAL);
131 
132 	if (attrs[NL80211_ATTR_WIPHY])
133 		rdev = cfg80211_rdev_by_wiphy_idx(
134 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
135 
136 	if (attrs[NL80211_ATTR_WDEV]) {
137 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
138 		struct wireless_dev *wdev;
139 		bool found = false;
140 
141 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
142 		if (tmp) {
143 			/* make sure wdev exists */
144 			list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
145 				if (wdev->identifier != (u32)wdev_id)
146 					continue;
147 				found = true;
148 				break;
149 			}
150 
151 			if (!found)
152 				tmp = NULL;
153 
154 			if (rdev && tmp != rdev)
155 				return ERR_PTR(-EINVAL);
156 			rdev = tmp;
157 		}
158 	}
159 
160 	if (attrs[NL80211_ATTR_IFINDEX]) {
161 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
162 
163 		netdev = __dev_get_by_index(netns, ifindex);
164 		if (netdev) {
165 			if (netdev->ieee80211_ptr)
166 				tmp = wiphy_to_rdev(
167 					netdev->ieee80211_ptr->wiphy);
168 			else
169 				tmp = NULL;
170 
171 			/* not wireless device -- return error */
172 			if (!tmp)
173 				return ERR_PTR(-EINVAL);
174 
175 			/* mismatch -- return error */
176 			if (rdev && tmp != rdev)
177 				return ERR_PTR(-EINVAL);
178 
179 			rdev = tmp;
180 		}
181 	}
182 
183 	if (!rdev)
184 		return ERR_PTR(-ENODEV);
185 
186 	if (netns != wiphy_net(&rdev->wiphy))
187 		return ERR_PTR(-ENODEV);
188 
189 	return rdev;
190 }
191 
192 /*
193  * This function returns a pointer to the driver
194  * that the genl_info item that is passed refers to.
195  *
196  * The result of this can be a PTR_ERR and hence must
197  * be checked with IS_ERR() for errors.
198  */
199 static struct cfg80211_registered_device *
200 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
201 {
202 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
203 }
204 
205 static int validate_beacon_head(const struct nlattr *attr,
206 				struct netlink_ext_ack *extack)
207 {
208 	const u8 *data = nla_data(attr);
209 	unsigned int len = nla_len(attr);
210 	const struct element *elem;
211 	const struct ieee80211_mgmt *mgmt = (void *)data;
212 	unsigned int fixedlen = offsetof(struct ieee80211_mgmt,
213 					 u.beacon.variable);
214 
215 	if (len < fixedlen)
216 		goto err;
217 
218 	if (ieee80211_hdrlen(mgmt->frame_control) !=
219 	    offsetof(struct ieee80211_mgmt, u.beacon))
220 		goto err;
221 
222 	data += fixedlen;
223 	len -= fixedlen;
224 
225 	for_each_element(elem, data, len) {
226 		/* nothing */
227 	}
228 
229 	if (for_each_element_completed(elem, data, len))
230 		return 0;
231 
232 err:
233 	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
234 	return -EINVAL;
235 }
236 
237 static int validate_ie_attr(const struct nlattr *attr,
238 			    struct netlink_ext_ack *extack)
239 {
240 	const u8 *data = nla_data(attr);
241 	unsigned int len = nla_len(attr);
242 	const struct element *elem;
243 
244 	for_each_element(elem, data, len) {
245 		/* nothing */
246 	}
247 
248 	if (for_each_element_completed(elem, data, len))
249 		return 0;
250 
251 	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
252 	return -EINVAL;
253 }
254 
255 /* policy for the attributes */
256 static const struct nla_policy
257 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
258 	[NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
259 	[NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
260 					.len = U8_MAX },
261 	[NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
262 					     .len = U8_MAX },
263 };
264 
265 static const struct nla_policy
266 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
267 	[NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
268 	[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
269 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
270 		NLA_POLICY_MAX(NLA_U8, 15),
271 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
272 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
273 		NLA_POLICY_MAX(NLA_U8, 15),
274 	[NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
275 		NLA_POLICY_MAX(NLA_U8, 31),
276 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
277 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
278 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
279 };
280 
281 static const struct nla_policy
282 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
283 	[NL80211_PMSR_TYPE_FTM] =
284 		NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
285 };
286 
287 static const struct nla_policy
288 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
289 	[NL80211_PMSR_REQ_ATTR_DATA] =
290 		NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
291 	[NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
292 };
293 
294 static const struct nla_policy
295 nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
296 	[NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
297 	/*
298 	 * we could specify this again to be the top-level policy,
299 	 * but that would open us up to recursion problems ...
300 	 */
301 	[NL80211_PMSR_PEER_ATTR_CHAN] = { .type = NLA_NESTED },
302 	[NL80211_PMSR_PEER_ATTR_REQ] =
303 		NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
304 	[NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
305 };
306 
307 static const struct nla_policy
308 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
309 	[NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
310 	[NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
311 	[NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
312 	[NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
313 	[NL80211_PMSR_ATTR_PEERS] =
314 		NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
315 };
316 
317 static const struct nla_policy
318 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
319 	[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
320 		NLA_POLICY_RANGE(NLA_U8, 1, 20),
321 	[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
322 		NLA_POLICY_RANGE(NLA_U8, 1, 20),
323 };
324 
325 static const struct nla_policy
326 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
327 	[NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
328 	[NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
329 	[NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
330 };
331 
332 static const struct nla_policy
333 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
334 	[NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
335 	[NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
336 	[NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
337 	[NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
338 	[NL80211_TID_CONFIG_ATTR_NOACK] =
339 			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
340 	[NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
341 	[NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
342 	[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
343 			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
344 	[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
345 			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
346 };
347 
348 const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
349 	[0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
350 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
351 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
352 				      .len = 20-1 },
353 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
354 
355 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
356 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
357 	[NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
358 						NL80211_EDMG_CHANNELS_MIN,
359 						NL80211_EDMG_CHANNELS_MAX),
360 	[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
361 						NL80211_EDMG_BW_CONFIG_MIN,
362 						NL80211_EDMG_BW_CONFIG_MAX),
363 
364 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
365 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
366 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
367 
368 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
369 	[NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
370 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
371 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
372 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
373 	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
374 
375 	[NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
376 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
377 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
378 
379 	[NL80211_ATTR_MAC] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
380 	[NL80211_ATTR_PREV_BSSID] = {
381 		.type = NLA_EXACT_LEN_WARN,
382 		.len = ETH_ALEN
383 	},
384 
385 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
386 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
387 				    .len = WLAN_MAX_KEY_LEN },
388 	[NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
389 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
390 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
391 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
392 	[NL80211_ATTR_KEY_TYPE] =
393 		NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
394 
395 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
396 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
397 	[NL80211_ATTR_BEACON_HEAD] =
398 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
399 				       IEEE80211_MAX_DATA_LEN),
400 	[NL80211_ATTR_BEACON_TAIL] =
401 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
402 				       IEEE80211_MAX_DATA_LEN),
403 	[NL80211_ATTR_STA_AID] =
404 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
405 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
406 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
407 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
408 					       .len = NL80211_MAX_SUPP_RATES },
409 	[NL80211_ATTR_STA_PLINK_ACTION] =
410 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
411 	[NL80211_ATTR_STA_TX_POWER_SETTING] =
412 		NLA_POLICY_RANGE(NLA_U8,
413 				 NL80211_TX_POWER_AUTOMATIC,
414 				 NL80211_TX_POWER_FIXED),
415 	[NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
416 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
417 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
418 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
419 				   .len = IEEE80211_MAX_MESH_ID_LEN },
420 	[NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
421 
422 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
423 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
424 
425 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
426 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
427 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
428 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
429 					   .len = NL80211_MAX_SUPP_RATES },
430 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
431 
432 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
433 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
434 
435 	[NL80211_ATTR_HT_CAPABILITY] = {
436 		.type = NLA_EXACT_LEN_WARN,
437 		.len = NL80211_HT_CAPABILITY_LEN
438 	},
439 
440 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
441 	[NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
442 						   validate_ie_attr,
443 						   IEEE80211_MAX_DATA_LEN),
444 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
445 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
446 
447 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
448 				.len = IEEE80211_MAX_SSID_LEN },
449 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
450 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
451 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
452 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
453 	[NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
454 						  NL80211_MFP_NO,
455 						  NL80211_MFP_OPTIONAL),
456 	[NL80211_ATTR_STA_FLAGS2] = {
457 		.len = sizeof(struct nl80211_sta_flag_update),
458 	},
459 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
460 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
461 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
462 	[NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
463 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
464 	[NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
465 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
466 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
467 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
468 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
469 	[NL80211_ATTR_PMKID] = {
470 		.type = NLA_EXACT_LEN_WARN,
471 		.len = WLAN_PMKID_LEN
472 	},
473 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
474 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
475 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
476 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
477 				 .len = IEEE80211_MAX_DATA_LEN },
478 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
479 	[NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
480 						   NL80211_PS_DISABLED,
481 						   NL80211_PS_ENABLED),
482 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
483 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
484 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
485 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
486 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
487 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
488 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
489 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
490 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
491 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
492 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
493 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
494 	[NL80211_ATTR_STA_PLINK_STATE] =
495 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
496 	[NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
497 	[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
498 	[NL80211_ATTR_MESH_PEER_AID] =
499 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
500 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
501 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
502 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
503 	[NL80211_ATTR_HIDDEN_SSID] =
504 		NLA_POLICY_RANGE(NLA_U32,
505 				 NL80211_HIDDEN_SSID_NOT_IN_USE,
506 				 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
507 	[NL80211_ATTR_IE_PROBE_RESP] =
508 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
509 				       IEEE80211_MAX_DATA_LEN),
510 	[NL80211_ATTR_IE_ASSOC_RESP] =
511 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
512 				       IEEE80211_MAX_DATA_LEN),
513 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
514 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
515 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
516 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
517 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
518 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
519 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
520 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
521 	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
522 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
523 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
524 				      .len = IEEE80211_MAX_DATA_LEN },
525 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
526 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
527 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
528 		.len = NL80211_HT_CAPABILITY_LEN
529 	},
530 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
531 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
532 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
533 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
534 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
535 	[NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
536 	[NL80211_ATTR_VHT_CAPABILITY] = {
537 		.type = NLA_EXACT_LEN_WARN,
538 		.len = NL80211_VHT_CAPABILITY_LEN
539 	},
540 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
541 	[NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
542 	[NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
543 	[NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
544 		NLA_POLICY_RANGE(NLA_U32,
545 				 NL80211_MESH_POWER_UNKNOWN + 1,
546 				 NL80211_MESH_POWER_MAX),
547 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
548 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
549 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
550 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
551 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
552 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
553 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
554 		.len = NL80211_VHT_CAPABILITY_LEN,
555 	},
556 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
557 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
558 				  .len = IEEE80211_MAX_DATA_LEN },
559 	[NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
560 	[NL80211_ATTR_MAX_CRIT_PROT_DURATION] = { .type = NLA_U16 },
561 	[NL80211_ATTR_PEER_AID] =
562 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
563 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
564 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
565 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
566 	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
567 	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
568 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
569 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
570 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
571 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
572 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
573 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
574 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
575 	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
576 				   .len = IEEE80211_QOS_MAP_LEN_MAX },
577 	[NL80211_ATTR_MAC_HINT] = {
578 		.type = NLA_EXACT_LEN_WARN,
579 		.len = ETH_ALEN
580 	},
581 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
582 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
583 	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
584 	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
585 	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
586 	[NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
587 	[NL80211_ATTR_USER_PRIO] =
588 		NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
589 	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
590 	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
591 	[NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
592 	[NL80211_ATTR_MAC_MASK] = {
593 		.type = NLA_EXACT_LEN_WARN,
594 		.len = ETH_ALEN
595 	},
596 	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
597 	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
598 	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
599 	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
600 	[NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
601 	[NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
602 	[NL80211_ATTR_STA_SUPPORT_P2P_PS] =
603 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
604 	[NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
605 		.len = VHT_MUMIMO_GROUPS_DATA_LEN
606 	},
607 	[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = {
608 		.type = NLA_EXACT_LEN_WARN,
609 		.len = ETH_ALEN
610 	},
611 	[NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
612 	[NL80211_ATTR_BANDS] = { .type = NLA_U32 },
613 	[NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
614 	[NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
615 				    .len = FILS_MAX_KEK_LEN },
616 	[NL80211_ATTR_FILS_NONCES] = {
617 		.type = NLA_EXACT_LEN_WARN,
618 		.len = 2 * FILS_NONCE_LEN
619 	},
620 	[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
621 	[NL80211_ATTR_BSSID] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
622 	[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
623 	[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
624 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
625 	},
626 	[NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
627 	[NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
628 					     .len = FILS_ERP_MAX_USERNAME_LEN },
629 	[NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
630 					  .len = FILS_ERP_MAX_REALM_LEN },
631 	[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
632 	[NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
633 					.len = FILS_ERP_MAX_RRK_LEN },
634 	[NL80211_ATTR_FILS_CACHE_ID] = { .type = NLA_EXACT_LEN_WARN, .len = 2 },
635 	[NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
636 	[NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
637 	[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
638 
639 	[NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
640 	[NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
641 	[NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
642 	[NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
643 					 .len = NL80211_HE_MAX_CAPABILITY_LEN },
644 
645 	[NL80211_ATTR_FTM_RESPONDER] = {
646 		.type = NLA_NESTED,
647 		.validation_data = nl80211_ftm_responder_policy,
648 	},
649 	[NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
650 	[NL80211_ATTR_PEER_MEASUREMENTS] =
651 		NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
652 	[NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
653 	[NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
654 					.len = SAE_PASSWORD_MAX_LEN },
655 	[NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
656 	[NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
657 	[NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
658 	[NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
659 	[NL80211_ATTR_TID_CONFIG] =
660 		NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
661 };
662 
663 /* policy for the key attributes */
664 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
665 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
666 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
667 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
668 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
669 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
670 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
671 	[NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
672 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
673 	[NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
674 };
675 
676 /* policy for the key default flags */
677 static const struct nla_policy
678 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
679 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
680 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
681 };
682 
683 #ifdef CONFIG_PM
684 /* policy for WoWLAN attributes */
685 static const struct nla_policy
686 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
687 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
688 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
689 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
690 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
691 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
692 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
693 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
694 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
695 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
696 	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
697 };
698 
699 static const struct nla_policy
700 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
701 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
702 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
703 	[NL80211_WOWLAN_TCP_DST_MAC] = {
704 		.type = NLA_EXACT_LEN_WARN,
705 		.len = ETH_ALEN
706 	},
707 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
708 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
709 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
710 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
711 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
712 	},
713 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
714 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
715 	},
716 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
717 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
718 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .type = NLA_MIN_LEN, .len = 1 },
719 };
720 #endif /* CONFIG_PM */
721 
722 /* policy for coalesce rule attributes */
723 static const struct nla_policy
724 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
725 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
726 	[NL80211_ATTR_COALESCE_RULE_CONDITION] =
727 		NLA_POLICY_RANGE(NLA_U32,
728 				 NL80211_COALESCE_CONDITION_MATCH,
729 				 NL80211_COALESCE_CONDITION_NO_MATCH),
730 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
731 };
732 
733 /* policy for GTK rekey offload attributes */
734 static const struct nla_policy
735 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
736 	[NL80211_REKEY_DATA_KEK] = {
737 		.type = NLA_EXACT_LEN_WARN,
738 		.len = NL80211_KEK_LEN,
739 	},
740 	[NL80211_REKEY_DATA_KCK] = {
741 		.type = NLA_EXACT_LEN_WARN,
742 		.len = NL80211_KCK_LEN,
743 	},
744 	[NL80211_REKEY_DATA_REPLAY_CTR] = {
745 		.type = NLA_EXACT_LEN_WARN,
746 		.len = NL80211_REPLAY_CTR_LEN
747 	},
748 };
749 
750 static const struct nla_policy
751 nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
752 	[NL80211_BAND_2GHZ] = { .type = NLA_S32 },
753 	[NL80211_BAND_5GHZ] = { .type = NLA_S32 },
754 	[NL80211_BAND_6GHZ] = { .type = NLA_S32 },
755 	[NL80211_BAND_60GHZ] = { .type = NLA_S32 },
756 };
757 
758 static const struct nla_policy
759 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
760 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
761 						 .len = IEEE80211_MAX_SSID_LEN },
762 	[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = {
763 		.type = NLA_EXACT_LEN_WARN,
764 		.len = ETH_ALEN
765 	},
766 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
767 	[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
768 		NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
769 };
770 
771 static const struct nla_policy
772 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
773 	[NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
774 	[NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
775 };
776 
777 static const struct nla_policy
778 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
779 	[NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
780 	[NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
781 	[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
782 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
783 	},
784 };
785 
786 /* policy for NAN function attributes */
787 static const struct nla_policy
788 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
789 	[NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
790 	[NL80211_NAN_FUNC_SERVICE_ID] = {
791 				    .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
792 	[NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
793 	[NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
794 	[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
795 	[NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
796 	[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
797 	[NL80211_NAN_FUNC_FOLLOW_UP_DEST] = {
798 		.type = NLA_EXACT_LEN_WARN,
799 		.len = ETH_ALEN
800 	},
801 	[NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
802 	[NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
803 	[NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
804 			.len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
805 	[NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
806 	[NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
807 	[NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
808 	[NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
809 	[NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
810 };
811 
812 /* policy for Service Response Filter attributes */
813 static const struct nla_policy
814 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
815 	[NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
816 	[NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
817 				 .len =  NL80211_NAN_FUNC_SRF_MAX_LEN },
818 	[NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
819 	[NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
820 };
821 
822 /* policy for packet pattern attributes */
823 static const struct nla_policy
824 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
825 	[NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
826 	[NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
827 	[NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
828 };
829 
830 int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
831 			      struct cfg80211_registered_device **rdev,
832 			      struct wireless_dev **wdev)
833 {
834 	int err;
835 
836 	if (!cb->args[0]) {
837 		struct nlattr **attrbuf;
838 
839 		attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
840 				  GFP_KERNEL);
841 		if (!attrbuf)
842 			return -ENOMEM;
843 
844 		err = nlmsg_parse_deprecated(cb->nlh,
845 					     GENL_HDRLEN + nl80211_fam.hdrsize,
846 					     attrbuf, nl80211_fam.maxattr,
847 					     nl80211_policy, NULL);
848 		if (err) {
849 			kfree(attrbuf);
850 			return err;
851 		}
852 
853 		*wdev = __cfg80211_wdev_from_attrs(sock_net(cb->skb->sk),
854 						   attrbuf);
855 		kfree(attrbuf);
856 		if (IS_ERR(*wdev))
857 			return PTR_ERR(*wdev);
858 		*rdev = wiphy_to_rdev((*wdev)->wiphy);
859 		/* 0 is the first index - add 1 to parse only once */
860 		cb->args[0] = (*rdev)->wiphy_idx + 1;
861 		cb->args[1] = (*wdev)->identifier;
862 	} else {
863 		/* subtract the 1 again here */
864 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
865 		struct wireless_dev *tmp;
866 
867 		if (!wiphy)
868 			return -ENODEV;
869 		*rdev = wiphy_to_rdev(wiphy);
870 		*wdev = NULL;
871 
872 		list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
873 			if (tmp->identifier == cb->args[1]) {
874 				*wdev = tmp;
875 				break;
876 			}
877 		}
878 
879 		if (!*wdev)
880 			return -ENODEV;
881 	}
882 
883 	return 0;
884 }
885 
886 /* message building helper */
887 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
888 		     int flags, u8 cmd)
889 {
890 	/* since there is no private header just add the generic one */
891 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
892 }
893 
894 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
895 				     const struct ieee80211_reg_rule *rule)
896 {
897 	int j;
898 	struct nlattr *nl_wmm_rules =
899 		nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
900 
901 	if (!nl_wmm_rules)
902 		goto nla_put_failure;
903 
904 	for (j = 0; j < IEEE80211_NUM_ACS; j++) {
905 		struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
906 
907 		if (!nl_wmm_rule)
908 			goto nla_put_failure;
909 
910 		if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
911 				rule->wmm_rule.client[j].cw_min) ||
912 		    nla_put_u16(msg, NL80211_WMMR_CW_MAX,
913 				rule->wmm_rule.client[j].cw_max) ||
914 		    nla_put_u8(msg, NL80211_WMMR_AIFSN,
915 			       rule->wmm_rule.client[j].aifsn) ||
916 		    nla_put_u16(msg, NL80211_WMMR_TXOP,
917 			        rule->wmm_rule.client[j].cot))
918 			goto nla_put_failure;
919 
920 		nla_nest_end(msg, nl_wmm_rule);
921 	}
922 	nla_nest_end(msg, nl_wmm_rules);
923 
924 	return 0;
925 
926 nla_put_failure:
927 	return -ENOBUFS;
928 }
929 
930 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
931 				   struct ieee80211_channel *chan,
932 				   bool large)
933 {
934 	/* Some channels must be completely excluded from the
935 	 * list to protect old user-space tools from breaking
936 	 */
937 	if (!large && chan->flags &
938 	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
939 		return 0;
940 
941 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
942 			chan->center_freq))
943 		goto nla_put_failure;
944 
945 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
946 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
947 		goto nla_put_failure;
948 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
949 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
950 			goto nla_put_failure;
951 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
952 			goto nla_put_failure;
953 	}
954 	if (chan->flags & IEEE80211_CHAN_RADAR) {
955 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
956 			goto nla_put_failure;
957 		if (large) {
958 			u32 time;
959 
960 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
961 
962 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
963 					chan->dfs_state))
964 				goto nla_put_failure;
965 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
966 					time))
967 				goto nla_put_failure;
968 			if (nla_put_u32(msg,
969 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
970 					chan->dfs_cac_ms))
971 				goto nla_put_failure;
972 		}
973 	}
974 
975 	if (large) {
976 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
977 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
978 			goto nla_put_failure;
979 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
980 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
981 			goto nla_put_failure;
982 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
983 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
984 			goto nla_put_failure;
985 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
986 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
987 			goto nla_put_failure;
988 		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
989 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
990 			goto nla_put_failure;
991 		if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
992 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
993 			goto nla_put_failure;
994 		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
995 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
996 			goto nla_put_failure;
997 		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
998 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
999 			goto nla_put_failure;
1000 		if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1001 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1002 			goto nla_put_failure;
1003 	}
1004 
1005 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1006 			DBM_TO_MBM(chan->max_power)))
1007 		goto nla_put_failure;
1008 
1009 	if (large) {
1010 		const struct ieee80211_reg_rule *rule =
1011 			freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1012 
1013 		if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1014 			if (nl80211_msg_put_wmm_rules(msg, rule))
1015 				goto nla_put_failure;
1016 		}
1017 	}
1018 
1019 	return 0;
1020 
1021  nla_put_failure:
1022 	return -ENOBUFS;
1023 }
1024 
1025 static bool nl80211_put_txq_stats(struct sk_buff *msg,
1026 				  struct cfg80211_txq_stats *txqstats,
1027 				  int attrtype)
1028 {
1029 	struct nlattr *txqattr;
1030 
1031 #define PUT_TXQVAL_U32(attr, memb) do {					  \
1032 	if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) &&	  \
1033 	    nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1034 		return false;						  \
1035 	} while (0)
1036 
1037 	txqattr = nla_nest_start_noflag(msg, attrtype);
1038 	if (!txqattr)
1039 		return false;
1040 
1041 	PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1042 	PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1043 	PUT_TXQVAL_U32(FLOWS, flows);
1044 	PUT_TXQVAL_U32(DROPS, drops);
1045 	PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1046 	PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1047 	PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1048 	PUT_TXQVAL_U32(COLLISIONS, collisions);
1049 	PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1050 	PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1051 	PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1052 	nla_nest_end(msg, txqattr);
1053 
1054 #undef PUT_TXQVAL_U32
1055 	return true;
1056 }
1057 
1058 /* netlink command implementations */
1059 
1060 struct key_parse {
1061 	struct key_params p;
1062 	int idx;
1063 	int type;
1064 	bool def, defmgmt, defbeacon;
1065 	bool def_uni, def_multi;
1066 };
1067 
1068 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1069 				 struct key_parse *k)
1070 {
1071 	struct nlattr *tb[NL80211_KEY_MAX + 1];
1072 	int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1073 					      nl80211_key_policy,
1074 					      info->extack);
1075 	if (err)
1076 		return err;
1077 
1078 	k->def = !!tb[NL80211_KEY_DEFAULT];
1079 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1080 	k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1081 
1082 	if (k->def) {
1083 		k->def_uni = true;
1084 		k->def_multi = true;
1085 	}
1086 	if (k->defmgmt || k->defbeacon)
1087 		k->def_multi = true;
1088 
1089 	if (tb[NL80211_KEY_IDX])
1090 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1091 
1092 	if (tb[NL80211_KEY_DATA]) {
1093 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1094 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1095 	}
1096 
1097 	if (tb[NL80211_KEY_SEQ]) {
1098 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1099 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1100 	}
1101 
1102 	if (tb[NL80211_KEY_CIPHER])
1103 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1104 
1105 	if (tb[NL80211_KEY_TYPE])
1106 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1107 
1108 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1109 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1110 
1111 		err = nla_parse_nested_deprecated(kdt,
1112 						  NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1113 						  tb[NL80211_KEY_DEFAULT_TYPES],
1114 						  nl80211_key_default_policy,
1115 						  info->extack);
1116 		if (err)
1117 			return err;
1118 
1119 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1120 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1121 	}
1122 
1123 	if (tb[NL80211_KEY_MODE])
1124 		k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1125 
1126 	return 0;
1127 }
1128 
1129 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1130 {
1131 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1132 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1133 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1134 	}
1135 
1136 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1137 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1138 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1139 	}
1140 
1141 	if (info->attrs[NL80211_ATTR_KEY_IDX])
1142 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1143 
1144 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1145 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1146 
1147 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1148 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1149 
1150 	if (k->def) {
1151 		k->def_uni = true;
1152 		k->def_multi = true;
1153 	}
1154 	if (k->defmgmt)
1155 		k->def_multi = true;
1156 
1157 	if (info->attrs[NL80211_ATTR_KEY_TYPE])
1158 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1159 
1160 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1161 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1162 		int err = nla_parse_nested_deprecated(kdt,
1163 						      NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1164 						      info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1165 						      nl80211_key_default_policy,
1166 						      info->extack);
1167 		if (err)
1168 			return err;
1169 
1170 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1171 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1172 	}
1173 
1174 	return 0;
1175 }
1176 
1177 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1178 {
1179 	int err;
1180 
1181 	memset(k, 0, sizeof(*k));
1182 	k->idx = -1;
1183 	k->type = -1;
1184 
1185 	if (info->attrs[NL80211_ATTR_KEY])
1186 		err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1187 	else
1188 		err = nl80211_parse_key_old(info, k);
1189 
1190 	if (err)
1191 		return err;
1192 
1193 	if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1194 	    (k->defbeacon ? 1 : 0) > 1) {
1195 		GENL_SET_ERR_MSG(info,
1196 				 "key with multiple default flags is invalid");
1197 		return -EINVAL;
1198 	}
1199 
1200 	if (k->defmgmt || k->defbeacon) {
1201 		if (k->def_uni || !k->def_multi) {
1202 			GENL_SET_ERR_MSG(info,
1203 					 "defmgmt/defbeacon key must be mcast");
1204 			return -EINVAL;
1205 		}
1206 	}
1207 
1208 	if (k->idx != -1) {
1209 		if (k->defmgmt) {
1210 			if (k->idx < 4 || k->idx > 5) {
1211 				GENL_SET_ERR_MSG(info,
1212 						 "defmgmt key idx not 4 or 5");
1213 				return -EINVAL;
1214 			}
1215 		} else if (k->defbeacon) {
1216 			if (k->idx < 6 || k->idx > 7) {
1217 				GENL_SET_ERR_MSG(info,
1218 						 "defbeacon key idx not 6 or 7");
1219 				return -EINVAL;
1220 			}
1221 		} else if (k->def) {
1222 			if (k->idx < 0 || k->idx > 3) {
1223 				GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1224 				return -EINVAL;
1225 			}
1226 		} else {
1227 			if (k->idx < 0 || k->idx > 7) {
1228 				GENL_SET_ERR_MSG(info, "key idx not 0-7");
1229 				return -EINVAL;
1230 			}
1231 		}
1232 	}
1233 
1234 	return 0;
1235 }
1236 
1237 static struct cfg80211_cached_keys *
1238 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1239 		       struct genl_info *info, bool *no_ht)
1240 {
1241 	struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1242 	struct key_parse parse;
1243 	struct nlattr *key;
1244 	struct cfg80211_cached_keys *result;
1245 	int rem, err, def = 0;
1246 	bool have_key = false;
1247 
1248 	nla_for_each_nested(key, keys, rem) {
1249 		have_key = true;
1250 		break;
1251 	}
1252 
1253 	if (!have_key)
1254 		return NULL;
1255 
1256 	result = kzalloc(sizeof(*result), GFP_KERNEL);
1257 	if (!result)
1258 		return ERR_PTR(-ENOMEM);
1259 
1260 	result->def = -1;
1261 
1262 	nla_for_each_nested(key, keys, rem) {
1263 		memset(&parse, 0, sizeof(parse));
1264 		parse.idx = -1;
1265 
1266 		err = nl80211_parse_key_new(info, key, &parse);
1267 		if (err)
1268 			goto error;
1269 		err = -EINVAL;
1270 		if (!parse.p.key)
1271 			goto error;
1272 		if (parse.idx < 0 || parse.idx > 3) {
1273 			GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1274 			goto error;
1275 		}
1276 		if (parse.def) {
1277 			if (def) {
1278 				GENL_SET_ERR_MSG(info,
1279 						 "only one key can be default");
1280 				goto error;
1281 			}
1282 			def = 1;
1283 			result->def = parse.idx;
1284 			if (!parse.def_uni || !parse.def_multi)
1285 				goto error;
1286 		} else if (parse.defmgmt)
1287 			goto error;
1288 		err = cfg80211_validate_key_settings(rdev, &parse.p,
1289 						     parse.idx, false, NULL);
1290 		if (err)
1291 			goto error;
1292 		if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1293 		    parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1294 			GENL_SET_ERR_MSG(info, "connect key must be WEP");
1295 			err = -EINVAL;
1296 			goto error;
1297 		}
1298 		result->params[parse.idx].cipher = parse.p.cipher;
1299 		result->params[parse.idx].key_len = parse.p.key_len;
1300 		result->params[parse.idx].key = result->data[parse.idx];
1301 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1302 
1303 		/* must be WEP key if we got here */
1304 		if (no_ht)
1305 			*no_ht = true;
1306 	}
1307 
1308 	if (result->def < 0) {
1309 		err = -EINVAL;
1310 		GENL_SET_ERR_MSG(info, "need a default/TX key");
1311 		goto error;
1312 	}
1313 
1314 	return result;
1315  error:
1316 	kfree(result);
1317 	return ERR_PTR(err);
1318 }
1319 
1320 static int nl80211_key_allowed(struct wireless_dev *wdev)
1321 {
1322 	ASSERT_WDEV_LOCK(wdev);
1323 
1324 	switch (wdev->iftype) {
1325 	case NL80211_IFTYPE_AP:
1326 	case NL80211_IFTYPE_AP_VLAN:
1327 	case NL80211_IFTYPE_P2P_GO:
1328 	case NL80211_IFTYPE_MESH_POINT:
1329 		break;
1330 	case NL80211_IFTYPE_ADHOC:
1331 	case NL80211_IFTYPE_STATION:
1332 	case NL80211_IFTYPE_P2P_CLIENT:
1333 		if (!wdev->current_bss)
1334 			return -ENOLINK;
1335 		break;
1336 	case NL80211_IFTYPE_UNSPECIFIED:
1337 	case NL80211_IFTYPE_OCB:
1338 	case NL80211_IFTYPE_MONITOR:
1339 	case NL80211_IFTYPE_NAN:
1340 	case NL80211_IFTYPE_P2P_DEVICE:
1341 	case NL80211_IFTYPE_WDS:
1342 	case NUM_NL80211_IFTYPES:
1343 		return -EINVAL;
1344 	}
1345 
1346 	return 0;
1347 }
1348 
1349 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1350 							struct nlattr *tb)
1351 {
1352 	struct ieee80211_channel *chan;
1353 
1354 	if (tb == NULL)
1355 		return NULL;
1356 	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1357 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1358 		return NULL;
1359 	return chan;
1360 }
1361 
1362 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1363 {
1364 	struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1365 	int i;
1366 
1367 	if (!nl_modes)
1368 		goto nla_put_failure;
1369 
1370 	i = 0;
1371 	while (ifmodes) {
1372 		if ((ifmodes & 1) && nla_put_flag(msg, i))
1373 			goto nla_put_failure;
1374 		ifmodes >>= 1;
1375 		i++;
1376 	}
1377 
1378 	nla_nest_end(msg, nl_modes);
1379 	return 0;
1380 
1381 nla_put_failure:
1382 	return -ENOBUFS;
1383 }
1384 
1385 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1386 					  struct sk_buff *msg,
1387 					  bool large)
1388 {
1389 	struct nlattr *nl_combis;
1390 	int i, j;
1391 
1392 	nl_combis = nla_nest_start_noflag(msg,
1393 					  NL80211_ATTR_INTERFACE_COMBINATIONS);
1394 	if (!nl_combis)
1395 		goto nla_put_failure;
1396 
1397 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
1398 		const struct ieee80211_iface_combination *c;
1399 		struct nlattr *nl_combi, *nl_limits;
1400 
1401 		c = &wiphy->iface_combinations[i];
1402 
1403 		nl_combi = nla_nest_start_noflag(msg, i + 1);
1404 		if (!nl_combi)
1405 			goto nla_put_failure;
1406 
1407 		nl_limits = nla_nest_start_noflag(msg,
1408 						  NL80211_IFACE_COMB_LIMITS);
1409 		if (!nl_limits)
1410 			goto nla_put_failure;
1411 
1412 		for (j = 0; j < c->n_limits; j++) {
1413 			struct nlattr *nl_limit;
1414 
1415 			nl_limit = nla_nest_start_noflag(msg, j + 1);
1416 			if (!nl_limit)
1417 				goto nla_put_failure;
1418 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1419 					c->limits[j].max))
1420 				goto nla_put_failure;
1421 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1422 						c->limits[j].types))
1423 				goto nla_put_failure;
1424 			nla_nest_end(msg, nl_limit);
1425 		}
1426 
1427 		nla_nest_end(msg, nl_limits);
1428 
1429 		if (c->beacon_int_infra_match &&
1430 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1431 			goto nla_put_failure;
1432 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1433 				c->num_different_channels) ||
1434 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1435 				c->max_interfaces))
1436 			goto nla_put_failure;
1437 		if (large &&
1438 		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1439 				c->radar_detect_widths) ||
1440 		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1441 				c->radar_detect_regions)))
1442 			goto nla_put_failure;
1443 		if (c->beacon_int_min_gcd &&
1444 		    nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1445 				c->beacon_int_min_gcd))
1446 			goto nla_put_failure;
1447 
1448 		nla_nest_end(msg, nl_combi);
1449 	}
1450 
1451 	nla_nest_end(msg, nl_combis);
1452 
1453 	return 0;
1454 nla_put_failure:
1455 	return -ENOBUFS;
1456 }
1457 
1458 #ifdef CONFIG_PM
1459 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1460 					struct sk_buff *msg)
1461 {
1462 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1463 	struct nlattr *nl_tcp;
1464 
1465 	if (!tcp)
1466 		return 0;
1467 
1468 	nl_tcp = nla_nest_start_noflag(msg,
1469 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1470 	if (!nl_tcp)
1471 		return -ENOBUFS;
1472 
1473 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1474 			tcp->data_payload_max))
1475 		return -ENOBUFS;
1476 
1477 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1478 			tcp->data_payload_max))
1479 		return -ENOBUFS;
1480 
1481 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1482 		return -ENOBUFS;
1483 
1484 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1485 				sizeof(*tcp->tok), tcp->tok))
1486 		return -ENOBUFS;
1487 
1488 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1489 			tcp->data_interval_max))
1490 		return -ENOBUFS;
1491 
1492 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1493 			tcp->wake_payload_max))
1494 		return -ENOBUFS;
1495 
1496 	nla_nest_end(msg, nl_tcp);
1497 	return 0;
1498 }
1499 
1500 static int nl80211_send_wowlan(struct sk_buff *msg,
1501 			       struct cfg80211_registered_device *rdev,
1502 			       bool large)
1503 {
1504 	struct nlattr *nl_wowlan;
1505 
1506 	if (!rdev->wiphy.wowlan)
1507 		return 0;
1508 
1509 	nl_wowlan = nla_nest_start_noflag(msg,
1510 					  NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1511 	if (!nl_wowlan)
1512 		return -ENOBUFS;
1513 
1514 	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1515 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1516 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1517 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1518 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1519 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1520 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1521 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1522 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1523 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1524 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1525 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1526 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1527 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1528 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1529 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1530 		return -ENOBUFS;
1531 
1532 	if (rdev->wiphy.wowlan->n_patterns) {
1533 		struct nl80211_pattern_support pat = {
1534 			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1535 			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1536 			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1537 			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1538 		};
1539 
1540 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1541 			    sizeof(pat), &pat))
1542 			return -ENOBUFS;
1543 	}
1544 
1545 	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1546 	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1547 			rdev->wiphy.wowlan->max_nd_match_sets))
1548 		return -ENOBUFS;
1549 
1550 	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1551 		return -ENOBUFS;
1552 
1553 	nla_nest_end(msg, nl_wowlan);
1554 
1555 	return 0;
1556 }
1557 #endif
1558 
1559 static int nl80211_send_coalesce(struct sk_buff *msg,
1560 				 struct cfg80211_registered_device *rdev)
1561 {
1562 	struct nl80211_coalesce_rule_support rule;
1563 
1564 	if (!rdev->wiphy.coalesce)
1565 		return 0;
1566 
1567 	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1568 	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1569 	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1570 	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1571 	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1572 	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1573 
1574 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1575 		return -ENOBUFS;
1576 
1577 	return 0;
1578 }
1579 
1580 static int
1581 nl80211_send_iftype_data(struct sk_buff *msg,
1582 			 const struct ieee80211_sband_iftype_data *iftdata)
1583 {
1584 	const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1585 
1586 	if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1587 				iftdata->types_mask))
1588 		return -ENOBUFS;
1589 
1590 	if (he_cap->has_he) {
1591 		if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1592 			    sizeof(he_cap->he_cap_elem.mac_cap_info),
1593 			    he_cap->he_cap_elem.mac_cap_info) ||
1594 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1595 			    sizeof(he_cap->he_cap_elem.phy_cap_info),
1596 			    he_cap->he_cap_elem.phy_cap_info) ||
1597 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1598 			    sizeof(he_cap->he_mcs_nss_supp),
1599 			    &he_cap->he_mcs_nss_supp) ||
1600 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1601 			    sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1602 			return -ENOBUFS;
1603 	}
1604 
1605 	return 0;
1606 }
1607 
1608 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1609 				      struct ieee80211_supported_band *sband)
1610 {
1611 	struct nlattr *nl_rates, *nl_rate;
1612 	struct ieee80211_rate *rate;
1613 	int i;
1614 
1615 	/* add HT info */
1616 	if (sband->ht_cap.ht_supported &&
1617 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1618 		     sizeof(sband->ht_cap.mcs),
1619 		     &sband->ht_cap.mcs) ||
1620 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1621 			 sband->ht_cap.cap) ||
1622 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1623 			sband->ht_cap.ampdu_factor) ||
1624 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1625 			sband->ht_cap.ampdu_density)))
1626 		return -ENOBUFS;
1627 
1628 	/* add VHT info */
1629 	if (sband->vht_cap.vht_supported &&
1630 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1631 		     sizeof(sband->vht_cap.vht_mcs),
1632 		     &sband->vht_cap.vht_mcs) ||
1633 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1634 			 sband->vht_cap.cap)))
1635 		return -ENOBUFS;
1636 
1637 	if (sband->n_iftype_data) {
1638 		struct nlattr *nl_iftype_data =
1639 			nla_nest_start_noflag(msg,
1640 					      NL80211_BAND_ATTR_IFTYPE_DATA);
1641 		int err;
1642 
1643 		if (!nl_iftype_data)
1644 			return -ENOBUFS;
1645 
1646 		for (i = 0; i < sband->n_iftype_data; i++) {
1647 			struct nlattr *iftdata;
1648 
1649 			iftdata = nla_nest_start_noflag(msg, i + 1);
1650 			if (!iftdata)
1651 				return -ENOBUFS;
1652 
1653 			err = nl80211_send_iftype_data(msg,
1654 						       &sband->iftype_data[i]);
1655 			if (err)
1656 				return err;
1657 
1658 			nla_nest_end(msg, iftdata);
1659 		}
1660 
1661 		nla_nest_end(msg, nl_iftype_data);
1662 	}
1663 
1664 	/* add EDMG info */
1665 	if (sband->edmg_cap.channels &&
1666 	    (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1667 		       sband->edmg_cap.channels) ||
1668 	    nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1669 		       sband->edmg_cap.bw_config)))
1670 
1671 		return -ENOBUFS;
1672 
1673 	/* add bitrates */
1674 	nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1675 	if (!nl_rates)
1676 		return -ENOBUFS;
1677 
1678 	for (i = 0; i < sband->n_bitrates; i++) {
1679 		nl_rate = nla_nest_start_noflag(msg, i);
1680 		if (!nl_rate)
1681 			return -ENOBUFS;
1682 
1683 		rate = &sband->bitrates[i];
1684 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1685 				rate->bitrate))
1686 			return -ENOBUFS;
1687 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1688 		    nla_put_flag(msg,
1689 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1690 			return -ENOBUFS;
1691 
1692 		nla_nest_end(msg, nl_rate);
1693 	}
1694 
1695 	nla_nest_end(msg, nl_rates);
1696 
1697 	return 0;
1698 }
1699 
1700 static int
1701 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1702 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1703 {
1704 	u16 stypes;
1705 	struct nlattr *nl_ftypes, *nl_ifs;
1706 	enum nl80211_iftype ift;
1707 	int i;
1708 
1709 	if (!mgmt_stypes)
1710 		return 0;
1711 
1712 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1713 	if (!nl_ifs)
1714 		return -ENOBUFS;
1715 
1716 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1717 		nl_ftypes = nla_nest_start_noflag(msg, ift);
1718 		if (!nl_ftypes)
1719 			return -ENOBUFS;
1720 		i = 0;
1721 		stypes = mgmt_stypes[ift].tx;
1722 		while (stypes) {
1723 			if ((stypes & 1) &&
1724 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1725 					(i << 4) | IEEE80211_FTYPE_MGMT))
1726 				return -ENOBUFS;
1727 			stypes >>= 1;
1728 			i++;
1729 		}
1730 		nla_nest_end(msg, nl_ftypes);
1731 	}
1732 
1733 	nla_nest_end(msg, nl_ifs);
1734 
1735 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1736 	if (!nl_ifs)
1737 		return -ENOBUFS;
1738 
1739 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1740 		nl_ftypes = nla_nest_start_noflag(msg, ift);
1741 		if (!nl_ftypes)
1742 			return -ENOBUFS;
1743 		i = 0;
1744 		stypes = mgmt_stypes[ift].rx;
1745 		while (stypes) {
1746 			if ((stypes & 1) &&
1747 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1748 					(i << 4) | IEEE80211_FTYPE_MGMT))
1749 				return -ENOBUFS;
1750 			stypes >>= 1;
1751 			i++;
1752 		}
1753 		nla_nest_end(msg, nl_ftypes);
1754 	}
1755 	nla_nest_end(msg, nl_ifs);
1756 
1757 	return 0;
1758 }
1759 
1760 #define CMD(op, n)							\
1761 	 do {								\
1762 		if (rdev->ops->op) {					\
1763 			i++;						\
1764 			if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) 	\
1765 				goto nla_put_failure;			\
1766 		}							\
1767 	} while (0)
1768 
1769 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1770 					struct sk_buff *msg)
1771 {
1772 	int i = 0;
1773 
1774 	/*
1775 	 * do *NOT* add anything into this function, new things need to be
1776 	 * advertised only to new versions of userspace that can deal with
1777 	 * the split (and they can't possibly care about new features...
1778 	 */
1779 	CMD(add_virtual_intf, NEW_INTERFACE);
1780 	CMD(change_virtual_intf, SET_INTERFACE);
1781 	CMD(add_key, NEW_KEY);
1782 	CMD(start_ap, START_AP);
1783 	CMD(add_station, NEW_STATION);
1784 	CMD(add_mpath, NEW_MPATH);
1785 	CMD(update_mesh_config, SET_MESH_CONFIG);
1786 	CMD(change_bss, SET_BSS);
1787 	CMD(auth, AUTHENTICATE);
1788 	CMD(assoc, ASSOCIATE);
1789 	CMD(deauth, DEAUTHENTICATE);
1790 	CMD(disassoc, DISASSOCIATE);
1791 	CMD(join_ibss, JOIN_IBSS);
1792 	CMD(join_mesh, JOIN_MESH);
1793 	CMD(set_pmksa, SET_PMKSA);
1794 	CMD(del_pmksa, DEL_PMKSA);
1795 	CMD(flush_pmksa, FLUSH_PMKSA);
1796 	if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1797 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1798 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1799 	CMD(mgmt_tx, FRAME);
1800 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1801 	if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1802 		i++;
1803 		if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1804 			goto nla_put_failure;
1805 	}
1806 	if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1807 	    rdev->ops->join_mesh) {
1808 		i++;
1809 		if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1810 			goto nla_put_failure;
1811 	}
1812 	CMD(set_wds_peer, SET_WDS_PEER);
1813 	if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1814 		CMD(tdls_mgmt, TDLS_MGMT);
1815 		CMD(tdls_oper, TDLS_OPER);
1816 	}
1817 	if (rdev->wiphy.max_sched_scan_reqs)
1818 		CMD(sched_scan_start, START_SCHED_SCAN);
1819 	CMD(probe_client, PROBE_CLIENT);
1820 	CMD(set_noack_map, SET_NOACK_MAP);
1821 	if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1822 		i++;
1823 		if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1824 			goto nla_put_failure;
1825 	}
1826 	CMD(start_p2p_device, START_P2P_DEVICE);
1827 	CMD(set_mcast_rate, SET_MCAST_RATE);
1828 #ifdef CONFIG_NL80211_TESTMODE
1829 	CMD(testmode_cmd, TESTMODE);
1830 #endif
1831 
1832 	if (rdev->ops->connect || rdev->ops->auth) {
1833 		i++;
1834 		if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1835 			goto nla_put_failure;
1836 	}
1837 
1838 	if (rdev->ops->disconnect || rdev->ops->deauth) {
1839 		i++;
1840 		if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1841 			goto nla_put_failure;
1842 	}
1843 
1844 	return i;
1845  nla_put_failure:
1846 	return -ENOBUFS;
1847 }
1848 
1849 static int
1850 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1851 			   struct sk_buff *msg)
1852 {
1853 	struct nlattr *ftm;
1854 
1855 	if (!cap->ftm.supported)
1856 		return 0;
1857 
1858 	ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1859 	if (!ftm)
1860 		return -ENOBUFS;
1861 
1862 	if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1863 		return -ENOBUFS;
1864 	if (cap->ftm.non_asap &&
1865 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
1866 		return -ENOBUFS;
1867 	if (cap->ftm.request_lci &&
1868 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
1869 		return -ENOBUFS;
1870 	if (cap->ftm.request_civicloc &&
1871 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
1872 		return -ENOBUFS;
1873 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
1874 			cap->ftm.preambles))
1875 		return -ENOBUFS;
1876 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
1877 			cap->ftm.bandwidths))
1878 		return -ENOBUFS;
1879 	if (cap->ftm.max_bursts_exponent >= 0 &&
1880 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
1881 			cap->ftm.max_bursts_exponent))
1882 		return -ENOBUFS;
1883 	if (cap->ftm.max_ftms_per_burst &&
1884 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
1885 			cap->ftm.max_ftms_per_burst))
1886 		return -ENOBUFS;
1887 
1888 	nla_nest_end(msg, ftm);
1889 	return 0;
1890 }
1891 
1892 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
1893 				  struct sk_buff *msg)
1894 {
1895 	const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
1896 	struct nlattr *pmsr, *caps;
1897 
1898 	if (!cap)
1899 		return 0;
1900 
1901 	/*
1902 	 * we don't need to clean up anything here since the caller
1903 	 * will genlmsg_cancel() if we fail
1904 	 */
1905 
1906 	pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
1907 	if (!pmsr)
1908 		return -ENOBUFS;
1909 
1910 	if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
1911 		return -ENOBUFS;
1912 
1913 	if (cap->report_ap_tsf &&
1914 	    nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
1915 		return -ENOBUFS;
1916 
1917 	if (cap->randomize_mac_addr &&
1918 	    nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
1919 		return -ENOBUFS;
1920 
1921 	caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
1922 	if (!caps)
1923 		return -ENOBUFS;
1924 
1925 	if (nl80211_send_pmsr_ftm_capa(cap, msg))
1926 		return -ENOBUFS;
1927 
1928 	nla_nest_end(msg, caps);
1929 	nla_nest_end(msg, pmsr);
1930 
1931 	return 0;
1932 }
1933 
1934 static int
1935 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
1936 			      struct sk_buff *msg)
1937 {
1938 	int i;
1939 	struct nlattr *nested, *nested_akms;
1940 	const struct wiphy_iftype_akm_suites *iftype_akms;
1941 
1942 	if (!rdev->wiphy.num_iftype_akm_suites ||
1943 	    !rdev->wiphy.iftype_akm_suites)
1944 		return 0;
1945 
1946 	nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
1947 	if (!nested)
1948 		return -ENOBUFS;
1949 
1950 	for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
1951 		nested_akms = nla_nest_start(msg, i + 1);
1952 		if (!nested_akms)
1953 			return -ENOBUFS;
1954 
1955 		iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
1956 
1957 		if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
1958 					iftype_akms->iftypes_mask))
1959 			return -ENOBUFS;
1960 
1961 		if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
1962 			    sizeof(u32) * iftype_akms->n_akm_suites,
1963 			    iftype_akms->akm_suites)) {
1964 			return -ENOBUFS;
1965 		}
1966 		nla_nest_end(msg, nested_akms);
1967 	}
1968 
1969 	nla_nest_end(msg, nested);
1970 
1971 	return 0;
1972 }
1973 
1974 static int
1975 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
1976 			       struct sk_buff *msg)
1977 {
1978 	struct nlattr *supp;
1979 
1980 	if (!rdev->wiphy.tid_config_support.vif &&
1981 	    !rdev->wiphy.tid_config_support.peer)
1982 		return 0;
1983 
1984 	supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
1985 	if (!supp)
1986 		return -ENOSPC;
1987 
1988 	if (rdev->wiphy.tid_config_support.vif &&
1989 	    nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
1990 			      rdev->wiphy.tid_config_support.vif,
1991 			      NL80211_TID_CONFIG_ATTR_PAD))
1992 		goto fail;
1993 
1994 	if (rdev->wiphy.tid_config_support.peer &&
1995 	    nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
1996 			      rdev->wiphy.tid_config_support.peer,
1997 			      NL80211_TID_CONFIG_ATTR_PAD))
1998 		goto fail;
1999 
2000 	/* for now we just use the same value ... makes more sense */
2001 	if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2002 		       rdev->wiphy.tid_config_support.max_retry))
2003 		goto fail;
2004 	if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2005 		       rdev->wiphy.tid_config_support.max_retry))
2006 		goto fail;
2007 
2008 	nla_nest_end(msg, supp);
2009 
2010 	return 0;
2011 fail:
2012 	nla_nest_cancel(msg, supp);
2013 	return -ENOBUFS;
2014 }
2015 
2016 struct nl80211_dump_wiphy_state {
2017 	s64 filter_wiphy;
2018 	long start;
2019 	long split_start, band_start, chan_start, capa_start;
2020 	bool split;
2021 };
2022 
2023 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2024 			      enum nl80211_commands cmd,
2025 			      struct sk_buff *msg, u32 portid, u32 seq,
2026 			      int flags, struct nl80211_dump_wiphy_state *state)
2027 {
2028 	void *hdr;
2029 	struct nlattr *nl_bands, *nl_band;
2030 	struct nlattr *nl_freqs, *nl_freq;
2031 	struct nlattr *nl_cmds;
2032 	enum nl80211_band band;
2033 	struct ieee80211_channel *chan;
2034 	int i;
2035 	const struct ieee80211_txrx_stypes *mgmt_stypes =
2036 				rdev->wiphy.mgmt_stypes;
2037 	u32 features;
2038 
2039 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2040 	if (!hdr)
2041 		return -ENOBUFS;
2042 
2043 	if (WARN_ON(!state))
2044 		return -EINVAL;
2045 
2046 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2047 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2048 			   wiphy_name(&rdev->wiphy)) ||
2049 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
2050 			cfg80211_rdev_list_generation))
2051 		goto nla_put_failure;
2052 
2053 	if (cmd != NL80211_CMD_NEW_WIPHY)
2054 		goto finish;
2055 
2056 	switch (state->split_start) {
2057 	case 0:
2058 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2059 			       rdev->wiphy.retry_short) ||
2060 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2061 			       rdev->wiphy.retry_long) ||
2062 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2063 				rdev->wiphy.frag_threshold) ||
2064 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2065 				rdev->wiphy.rts_threshold) ||
2066 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2067 			       rdev->wiphy.coverage_class) ||
2068 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2069 			       rdev->wiphy.max_scan_ssids) ||
2070 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2071 			       rdev->wiphy.max_sched_scan_ssids) ||
2072 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2073 				rdev->wiphy.max_scan_ie_len) ||
2074 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2075 				rdev->wiphy.max_sched_scan_ie_len) ||
2076 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2077 			       rdev->wiphy.max_match_sets) ||
2078 		    nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
2079 				rdev->wiphy.max_sched_scan_plans) ||
2080 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
2081 				rdev->wiphy.max_sched_scan_plan_interval) ||
2082 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
2083 				rdev->wiphy.max_sched_scan_plan_iterations))
2084 			goto nla_put_failure;
2085 
2086 		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2087 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2088 			goto nla_put_failure;
2089 		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2090 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2091 			goto nla_put_failure;
2092 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2093 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2094 			goto nla_put_failure;
2095 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2096 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2097 			goto nla_put_failure;
2098 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2099 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2100 			goto nla_put_failure;
2101 		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2102 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2103 			goto nla_put_failure;
2104 		state->split_start++;
2105 		if (state->split)
2106 			break;
2107 		/* fall through */
2108 	case 1:
2109 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2110 			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
2111 			    rdev->wiphy.cipher_suites))
2112 			goto nla_put_failure;
2113 
2114 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2115 			       rdev->wiphy.max_num_pmkids))
2116 			goto nla_put_failure;
2117 
2118 		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2119 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2120 			goto nla_put_failure;
2121 
2122 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2123 				rdev->wiphy.available_antennas_tx) ||
2124 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2125 				rdev->wiphy.available_antennas_rx))
2126 			goto nla_put_failure;
2127 
2128 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2129 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2130 				rdev->wiphy.probe_resp_offload))
2131 			goto nla_put_failure;
2132 
2133 		if ((rdev->wiphy.available_antennas_tx ||
2134 		     rdev->wiphy.available_antennas_rx) &&
2135 		    rdev->ops->get_antenna) {
2136 			u32 tx_ant = 0, rx_ant = 0;
2137 			int res;
2138 
2139 			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2140 			if (!res) {
2141 				if (nla_put_u32(msg,
2142 						NL80211_ATTR_WIPHY_ANTENNA_TX,
2143 						tx_ant) ||
2144 				    nla_put_u32(msg,
2145 						NL80211_ATTR_WIPHY_ANTENNA_RX,
2146 						rx_ant))
2147 					goto nla_put_failure;
2148 			}
2149 		}
2150 
2151 		state->split_start++;
2152 		if (state->split)
2153 			break;
2154 		/* fall through */
2155 	case 2:
2156 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2157 					rdev->wiphy.interface_modes))
2158 				goto nla_put_failure;
2159 		state->split_start++;
2160 		if (state->split)
2161 			break;
2162 		/* fall through */
2163 	case 3:
2164 		nl_bands = nla_nest_start_noflag(msg,
2165 						 NL80211_ATTR_WIPHY_BANDS);
2166 		if (!nl_bands)
2167 			goto nla_put_failure;
2168 
2169 		for (band = state->band_start;
2170 		     band < NUM_NL80211_BANDS; band++) {
2171 			struct ieee80211_supported_band *sband;
2172 
2173 			sband = rdev->wiphy.bands[band];
2174 
2175 			if (!sband)
2176 				continue;
2177 
2178 			nl_band = nla_nest_start_noflag(msg, band);
2179 			if (!nl_band)
2180 				goto nla_put_failure;
2181 
2182 			switch (state->chan_start) {
2183 			case 0:
2184 				if (nl80211_send_band_rateinfo(msg, sband))
2185 					goto nla_put_failure;
2186 				state->chan_start++;
2187 				if (state->split)
2188 					break;
2189 				/* fall through */
2190 			default:
2191 				/* add frequencies */
2192 				nl_freqs = nla_nest_start_noflag(msg,
2193 								 NL80211_BAND_ATTR_FREQS);
2194 				if (!nl_freqs)
2195 					goto nla_put_failure;
2196 
2197 				for (i = state->chan_start - 1;
2198 				     i < sband->n_channels;
2199 				     i++) {
2200 					nl_freq = nla_nest_start_noflag(msg,
2201 									i);
2202 					if (!nl_freq)
2203 						goto nla_put_failure;
2204 
2205 					chan = &sband->channels[i];
2206 
2207 					if (nl80211_msg_put_channel(
2208 							msg, &rdev->wiphy, chan,
2209 							state->split))
2210 						goto nla_put_failure;
2211 
2212 					nla_nest_end(msg, nl_freq);
2213 					if (state->split)
2214 						break;
2215 				}
2216 				if (i < sband->n_channels)
2217 					state->chan_start = i + 2;
2218 				else
2219 					state->chan_start = 0;
2220 				nla_nest_end(msg, nl_freqs);
2221 			}
2222 
2223 			nla_nest_end(msg, nl_band);
2224 
2225 			if (state->split) {
2226 				/* start again here */
2227 				if (state->chan_start)
2228 					band--;
2229 				break;
2230 			}
2231 		}
2232 		nla_nest_end(msg, nl_bands);
2233 
2234 		if (band < NUM_NL80211_BANDS)
2235 			state->band_start = band + 1;
2236 		else
2237 			state->band_start = 0;
2238 
2239 		/* if bands & channels are done, continue outside */
2240 		if (state->band_start == 0 && state->chan_start == 0)
2241 			state->split_start++;
2242 		if (state->split)
2243 			break;
2244 		/* fall through */
2245 	case 4:
2246 		nl_cmds = nla_nest_start_noflag(msg,
2247 						NL80211_ATTR_SUPPORTED_COMMANDS);
2248 		if (!nl_cmds)
2249 			goto nla_put_failure;
2250 
2251 		i = nl80211_add_commands_unsplit(rdev, msg);
2252 		if (i < 0)
2253 			goto nla_put_failure;
2254 		if (state->split) {
2255 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
2256 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2257 			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2258 				CMD(channel_switch, CHANNEL_SWITCH);
2259 			CMD(set_qos_map, SET_QOS_MAP);
2260 			if (rdev->wiphy.features &
2261 					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2262 				CMD(add_tx_ts, ADD_TX_TS);
2263 			CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2264 			CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2265 			CMD(update_ft_ies, UPDATE_FT_IES);
2266 		}
2267 #undef CMD
2268 
2269 		nla_nest_end(msg, nl_cmds);
2270 		state->split_start++;
2271 		if (state->split)
2272 			break;
2273 		/* fall through */
2274 	case 5:
2275 		if (rdev->ops->remain_on_channel &&
2276 		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2277 		    nla_put_u32(msg,
2278 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2279 				rdev->wiphy.max_remain_on_channel_duration))
2280 			goto nla_put_failure;
2281 
2282 		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2283 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2284 			goto nla_put_failure;
2285 
2286 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2287 			goto nla_put_failure;
2288 		state->split_start++;
2289 		if (state->split)
2290 			break;
2291 		/* fall through */
2292 	case 6:
2293 #ifdef CONFIG_PM
2294 		if (nl80211_send_wowlan(msg, rdev, state->split))
2295 			goto nla_put_failure;
2296 		state->split_start++;
2297 		if (state->split)
2298 			break;
2299 #else
2300 		state->split_start++;
2301 #endif
2302 		/* fall through */
2303 	case 7:
2304 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2305 					rdev->wiphy.software_iftypes))
2306 			goto nla_put_failure;
2307 
2308 		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2309 						   state->split))
2310 			goto nla_put_failure;
2311 
2312 		state->split_start++;
2313 		if (state->split)
2314 			break;
2315 		/* fall through */
2316 	case 8:
2317 		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2318 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2319 				rdev->wiphy.ap_sme_capa))
2320 			goto nla_put_failure;
2321 
2322 		features = rdev->wiphy.features;
2323 		/*
2324 		 * We can only add the per-channel limit information if the
2325 		 * dump is split, otherwise it makes it too big. Therefore
2326 		 * only advertise it in that case.
2327 		 */
2328 		if (state->split)
2329 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2330 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2331 			goto nla_put_failure;
2332 
2333 		if (rdev->wiphy.ht_capa_mod_mask &&
2334 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2335 			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
2336 			    rdev->wiphy.ht_capa_mod_mask))
2337 			goto nla_put_failure;
2338 
2339 		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2340 		    rdev->wiphy.max_acl_mac_addrs &&
2341 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2342 				rdev->wiphy.max_acl_mac_addrs))
2343 			goto nla_put_failure;
2344 
2345 		/*
2346 		 * Any information below this point is only available to
2347 		 * applications that can deal with it being split. This
2348 		 * helps ensure that newly added capabilities don't break
2349 		 * older tools by overrunning their buffers.
2350 		 *
2351 		 * We still increment split_start so that in the split
2352 		 * case we'll continue with more data in the next round,
2353 		 * but break unconditionally so unsplit data stops here.
2354 		 */
2355 		state->split_start++;
2356 		break;
2357 	case 9:
2358 		if (rdev->wiphy.extended_capabilities &&
2359 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2360 			     rdev->wiphy.extended_capabilities_len,
2361 			     rdev->wiphy.extended_capabilities) ||
2362 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2363 			     rdev->wiphy.extended_capabilities_len,
2364 			     rdev->wiphy.extended_capabilities_mask)))
2365 			goto nla_put_failure;
2366 
2367 		if (rdev->wiphy.vht_capa_mod_mask &&
2368 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2369 			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
2370 			    rdev->wiphy.vht_capa_mod_mask))
2371 			goto nla_put_failure;
2372 
2373 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2374 			    rdev->wiphy.perm_addr))
2375 			goto nla_put_failure;
2376 
2377 		if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2378 		    nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2379 			    rdev->wiphy.addr_mask))
2380 			goto nla_put_failure;
2381 
2382 		if (rdev->wiphy.n_addresses > 1) {
2383 			void *attr;
2384 
2385 			attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2386 			if (!attr)
2387 				goto nla_put_failure;
2388 
2389 			for (i = 0; i < rdev->wiphy.n_addresses; i++)
2390 				if (nla_put(msg, i + 1, ETH_ALEN,
2391 					    rdev->wiphy.addresses[i].addr))
2392 					goto nla_put_failure;
2393 
2394 			nla_nest_end(msg, attr);
2395 		}
2396 
2397 		state->split_start++;
2398 		break;
2399 	case 10:
2400 		if (nl80211_send_coalesce(msg, rdev))
2401 			goto nla_put_failure;
2402 
2403 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2404 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2405 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2406 			goto nla_put_failure;
2407 
2408 		if (rdev->wiphy.max_ap_assoc_sta &&
2409 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2410 				rdev->wiphy.max_ap_assoc_sta))
2411 			goto nla_put_failure;
2412 
2413 		state->split_start++;
2414 		break;
2415 	case 11:
2416 		if (rdev->wiphy.n_vendor_commands) {
2417 			const struct nl80211_vendor_cmd_info *info;
2418 			struct nlattr *nested;
2419 
2420 			nested = nla_nest_start_noflag(msg,
2421 						       NL80211_ATTR_VENDOR_DATA);
2422 			if (!nested)
2423 				goto nla_put_failure;
2424 
2425 			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2426 				info = &rdev->wiphy.vendor_commands[i].info;
2427 				if (nla_put(msg, i + 1, sizeof(*info), info))
2428 					goto nla_put_failure;
2429 			}
2430 			nla_nest_end(msg, nested);
2431 		}
2432 
2433 		if (rdev->wiphy.n_vendor_events) {
2434 			const struct nl80211_vendor_cmd_info *info;
2435 			struct nlattr *nested;
2436 
2437 			nested = nla_nest_start_noflag(msg,
2438 						       NL80211_ATTR_VENDOR_EVENTS);
2439 			if (!nested)
2440 				goto nla_put_failure;
2441 
2442 			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2443 				info = &rdev->wiphy.vendor_events[i];
2444 				if (nla_put(msg, i + 1, sizeof(*info), info))
2445 					goto nla_put_failure;
2446 			}
2447 			nla_nest_end(msg, nested);
2448 		}
2449 		state->split_start++;
2450 		break;
2451 	case 12:
2452 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2453 		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2454 			       rdev->wiphy.max_num_csa_counters))
2455 			goto nla_put_failure;
2456 
2457 		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2458 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2459 			goto nla_put_failure;
2460 
2461 		if (rdev->wiphy.max_sched_scan_reqs &&
2462 		    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2463 				rdev->wiphy.max_sched_scan_reqs))
2464 			goto nla_put_failure;
2465 
2466 		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2467 			    sizeof(rdev->wiphy.ext_features),
2468 			    rdev->wiphy.ext_features))
2469 			goto nla_put_failure;
2470 
2471 		if (rdev->wiphy.bss_select_support) {
2472 			struct nlattr *nested;
2473 			u32 bss_select_support = rdev->wiphy.bss_select_support;
2474 
2475 			nested = nla_nest_start_noflag(msg,
2476 						       NL80211_ATTR_BSS_SELECT);
2477 			if (!nested)
2478 				goto nla_put_failure;
2479 
2480 			i = 0;
2481 			while (bss_select_support) {
2482 				if ((bss_select_support & 1) &&
2483 				    nla_put_flag(msg, i))
2484 					goto nla_put_failure;
2485 				i++;
2486 				bss_select_support >>= 1;
2487 			}
2488 			nla_nest_end(msg, nested);
2489 		}
2490 
2491 		state->split_start++;
2492 		break;
2493 	case 13:
2494 		if (rdev->wiphy.num_iftype_ext_capab &&
2495 		    rdev->wiphy.iftype_ext_capab) {
2496 			struct nlattr *nested_ext_capab, *nested;
2497 
2498 			nested = nla_nest_start_noflag(msg,
2499 						       NL80211_ATTR_IFTYPE_EXT_CAPA);
2500 			if (!nested)
2501 				goto nla_put_failure;
2502 
2503 			for (i = state->capa_start;
2504 			     i < rdev->wiphy.num_iftype_ext_capab; i++) {
2505 				const struct wiphy_iftype_ext_capab *capab;
2506 
2507 				capab = &rdev->wiphy.iftype_ext_capab[i];
2508 
2509 				nested_ext_capab = nla_nest_start_noflag(msg,
2510 									 i);
2511 				if (!nested_ext_capab ||
2512 				    nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2513 						capab->iftype) ||
2514 				    nla_put(msg, NL80211_ATTR_EXT_CAPA,
2515 					    capab->extended_capabilities_len,
2516 					    capab->extended_capabilities) ||
2517 				    nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2518 					    capab->extended_capabilities_len,
2519 					    capab->extended_capabilities_mask))
2520 					goto nla_put_failure;
2521 
2522 				nla_nest_end(msg, nested_ext_capab);
2523 				if (state->split)
2524 					break;
2525 			}
2526 			nla_nest_end(msg, nested);
2527 			if (i < rdev->wiphy.num_iftype_ext_capab) {
2528 				state->capa_start = i + 1;
2529 				break;
2530 			}
2531 		}
2532 
2533 		if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2534 				rdev->wiphy.nan_supported_bands))
2535 			goto nla_put_failure;
2536 
2537 		if (wiphy_ext_feature_isset(&rdev->wiphy,
2538 					    NL80211_EXT_FEATURE_TXQS)) {
2539 			struct cfg80211_txq_stats txqstats = {};
2540 			int res;
2541 
2542 			res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2543 			if (!res &&
2544 			    !nl80211_put_txq_stats(msg, &txqstats,
2545 						   NL80211_ATTR_TXQ_STATS))
2546 				goto nla_put_failure;
2547 
2548 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2549 					rdev->wiphy.txq_limit))
2550 				goto nla_put_failure;
2551 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2552 					rdev->wiphy.txq_memory_limit))
2553 				goto nla_put_failure;
2554 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2555 					rdev->wiphy.txq_quantum))
2556 				goto nla_put_failure;
2557 		}
2558 
2559 		state->split_start++;
2560 		break;
2561 	case 14:
2562 		if (nl80211_send_pmsr_capa(rdev, msg))
2563 			goto nla_put_failure;
2564 
2565 		state->split_start++;
2566 		break;
2567 	case 15:
2568 		if (rdev->wiphy.akm_suites &&
2569 		    nla_put(msg, NL80211_ATTR_AKM_SUITES,
2570 			    sizeof(u32) * rdev->wiphy.n_akm_suites,
2571 			    rdev->wiphy.akm_suites))
2572 			goto nla_put_failure;
2573 
2574 		if (nl80211_put_iftype_akm_suites(rdev, msg))
2575 			goto nla_put_failure;
2576 
2577 		if (nl80211_put_tid_config_support(rdev, msg))
2578 			goto nla_put_failure;
2579 
2580 		/* done */
2581 		state->split_start = 0;
2582 		break;
2583 	}
2584  finish:
2585 	genlmsg_end(msg, hdr);
2586 	return 0;
2587 
2588  nla_put_failure:
2589 	genlmsg_cancel(msg, hdr);
2590 	return -EMSGSIZE;
2591 }
2592 
2593 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2594 				    struct netlink_callback *cb,
2595 				    struct nl80211_dump_wiphy_state *state)
2596 {
2597 	struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
2598 	int ret;
2599 
2600 	if (!tb)
2601 		return -ENOMEM;
2602 
2603 	ret = nlmsg_parse_deprecated(cb->nlh,
2604 				     GENL_HDRLEN + nl80211_fam.hdrsize,
2605 				     tb, nl80211_fam.maxattr,
2606 				     nl80211_policy, NULL);
2607 	/* ignore parse errors for backward compatibility */
2608 	if (ret) {
2609 		ret = 0;
2610 		goto out;
2611 	}
2612 
2613 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2614 	if (tb[NL80211_ATTR_WIPHY])
2615 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2616 	if (tb[NL80211_ATTR_WDEV])
2617 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2618 	if (tb[NL80211_ATTR_IFINDEX]) {
2619 		struct net_device *netdev;
2620 		struct cfg80211_registered_device *rdev;
2621 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2622 
2623 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2624 		if (!netdev) {
2625 			ret = -ENODEV;
2626 			goto out;
2627 		}
2628 		if (netdev->ieee80211_ptr) {
2629 			rdev = wiphy_to_rdev(
2630 				netdev->ieee80211_ptr->wiphy);
2631 			state->filter_wiphy = rdev->wiphy_idx;
2632 		}
2633 	}
2634 
2635 	ret = 0;
2636 out:
2637 	kfree(tb);
2638 	return ret;
2639 }
2640 
2641 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2642 {
2643 	int idx = 0, ret;
2644 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2645 	struct cfg80211_registered_device *rdev;
2646 
2647 	rtnl_lock();
2648 	if (!state) {
2649 		state = kzalloc(sizeof(*state), GFP_KERNEL);
2650 		if (!state) {
2651 			rtnl_unlock();
2652 			return -ENOMEM;
2653 		}
2654 		state->filter_wiphy = -1;
2655 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
2656 		if (ret) {
2657 			kfree(state);
2658 			rtnl_unlock();
2659 			return ret;
2660 		}
2661 		cb->args[0] = (long)state;
2662 	}
2663 
2664 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2665 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2666 			continue;
2667 		if (++idx <= state->start)
2668 			continue;
2669 		if (state->filter_wiphy != -1 &&
2670 		    state->filter_wiphy != rdev->wiphy_idx)
2671 			continue;
2672 		/* attempt to fit multiple wiphy data chunks into the skb */
2673 		do {
2674 			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2675 						 skb,
2676 						 NETLINK_CB(cb->skb).portid,
2677 						 cb->nlh->nlmsg_seq,
2678 						 NLM_F_MULTI, state);
2679 			if (ret < 0) {
2680 				/*
2681 				 * If sending the wiphy data didn't fit (ENOBUFS
2682 				 * or EMSGSIZE returned), this SKB is still
2683 				 * empty (so it's not too big because another
2684 				 * wiphy dataset is already in the skb) and
2685 				 * we've not tried to adjust the dump allocation
2686 				 * yet ... then adjust the alloc size to be
2687 				 * bigger, and return 1 but with the empty skb.
2688 				 * This results in an empty message being RX'ed
2689 				 * in userspace, but that is ignored.
2690 				 *
2691 				 * We can then retry with the larger buffer.
2692 				 */
2693 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2694 				    !skb->len && !state->split &&
2695 				    cb->min_dump_alloc < 4096) {
2696 					cb->min_dump_alloc = 4096;
2697 					state->split_start = 0;
2698 					rtnl_unlock();
2699 					return 1;
2700 				}
2701 				idx--;
2702 				break;
2703 			}
2704 		} while (state->split_start > 0);
2705 		break;
2706 	}
2707 	rtnl_unlock();
2708 
2709 	state->start = idx;
2710 
2711 	return skb->len;
2712 }
2713 
2714 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2715 {
2716 	kfree((void *)cb->args[0]);
2717 	return 0;
2718 }
2719 
2720 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2721 {
2722 	struct sk_buff *msg;
2723 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2724 	struct nl80211_dump_wiphy_state state = {};
2725 
2726 	msg = nlmsg_new(4096, GFP_KERNEL);
2727 	if (!msg)
2728 		return -ENOMEM;
2729 
2730 	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2731 			       info->snd_portid, info->snd_seq, 0,
2732 			       &state) < 0) {
2733 		nlmsg_free(msg);
2734 		return -ENOBUFS;
2735 	}
2736 
2737 	return genlmsg_reply(msg, info);
2738 }
2739 
2740 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2741 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
2742 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
2743 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
2744 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
2745 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
2746 };
2747 
2748 static int parse_txq_params(struct nlattr *tb[],
2749 			    struct ieee80211_txq_params *txq_params)
2750 {
2751 	u8 ac;
2752 
2753 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2754 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2755 	    !tb[NL80211_TXQ_ATTR_AIFS])
2756 		return -EINVAL;
2757 
2758 	ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2759 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2760 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2761 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2762 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2763 
2764 	if (ac >= NL80211_NUM_ACS)
2765 		return -EINVAL;
2766 	txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2767 	return 0;
2768 }
2769 
2770 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2771 {
2772 	/*
2773 	 * You can only set the channel explicitly for WDS interfaces,
2774 	 * all others have their channel managed via their respective
2775 	 * "establish a connection" command (connect, join, ...)
2776 	 *
2777 	 * For AP/GO and mesh mode, the channel can be set with the
2778 	 * channel userspace API, but is only stored and passed to the
2779 	 * low-level driver when the AP starts or the mesh is joined.
2780 	 * This is for backward compatibility, userspace can also give
2781 	 * the channel in the start-ap or join-mesh commands instead.
2782 	 *
2783 	 * Monitors are special as they are normally slaved to
2784 	 * whatever else is going on, so they have their own special
2785 	 * operation to set the monitor channel if possible.
2786 	 */
2787 	return !wdev ||
2788 		wdev->iftype == NL80211_IFTYPE_AP ||
2789 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2790 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
2791 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
2792 }
2793 
2794 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2795 			  struct genl_info *info,
2796 			  struct cfg80211_chan_def *chandef)
2797 {
2798 	struct netlink_ext_ack *extack = info->extack;
2799 	struct nlattr **attrs = info->attrs;
2800 	u32 control_freq;
2801 
2802 	if (!attrs[NL80211_ATTR_WIPHY_FREQ])
2803 		return -EINVAL;
2804 
2805 	control_freq = nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]);
2806 
2807 	memset(chandef, 0, sizeof(*chandef));
2808 
2809 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2810 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2811 	chandef->center_freq1 = control_freq;
2812 	chandef->center_freq2 = 0;
2813 
2814 	/* Primary channel not allowed */
2815 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
2816 		NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
2817 				    "Channel is disabled");
2818 		return -EINVAL;
2819 	}
2820 
2821 	if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2822 		enum nl80211_channel_type chantype;
2823 
2824 		chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2825 
2826 		switch (chantype) {
2827 		case NL80211_CHAN_NO_HT:
2828 		case NL80211_CHAN_HT20:
2829 		case NL80211_CHAN_HT40PLUS:
2830 		case NL80211_CHAN_HT40MINUS:
2831 			cfg80211_chandef_create(chandef, chandef->chan,
2832 						chantype);
2833 			/* user input for center_freq is incorrect */
2834 			if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
2835 			    chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
2836 				NL_SET_ERR_MSG_ATTR(extack,
2837 						    attrs[NL80211_ATTR_CENTER_FREQ1],
2838 						    "bad center frequency 1");
2839 				return -EINVAL;
2840 			}
2841 			/* center_freq2 must be zero */
2842 			if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
2843 			    nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
2844 				NL_SET_ERR_MSG_ATTR(extack,
2845 						    attrs[NL80211_ATTR_CENTER_FREQ2],
2846 						    "center frequency 2 can't be used");
2847 				return -EINVAL;
2848 			}
2849 			break;
2850 		default:
2851 			NL_SET_ERR_MSG_ATTR(extack,
2852 					    attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
2853 					    "invalid channel type");
2854 			return -EINVAL;
2855 		}
2856 	} else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2857 		chandef->width =
2858 			nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2859 		if (attrs[NL80211_ATTR_CENTER_FREQ1])
2860 			chandef->center_freq1 =
2861 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
2862 		if (attrs[NL80211_ATTR_CENTER_FREQ2])
2863 			chandef->center_freq2 =
2864 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
2865 	}
2866 
2867 	if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
2868 		chandef->edmg.channels =
2869 		      nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
2870 
2871 		if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
2872 			chandef->edmg.bw_config =
2873 		     nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
2874 	} else {
2875 		chandef->edmg.bw_config = 0;
2876 		chandef->edmg.channels = 0;
2877 	}
2878 
2879 	if (!cfg80211_chandef_valid(chandef)) {
2880 		NL_SET_ERR_MSG(extack, "invalid channel definition");
2881 		return -EINVAL;
2882 	}
2883 
2884 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2885 				     IEEE80211_CHAN_DISABLED)) {
2886 		NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
2887 		return -EINVAL;
2888 	}
2889 
2890 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2891 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
2892 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
2893 		NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
2894 		return -EINVAL;
2895 	}
2896 
2897 	return 0;
2898 }
2899 
2900 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2901 				 struct net_device *dev,
2902 				 struct genl_info *info)
2903 {
2904 	struct cfg80211_chan_def chandef;
2905 	int result;
2906 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2907 	struct wireless_dev *wdev = NULL;
2908 
2909 	if (dev)
2910 		wdev = dev->ieee80211_ptr;
2911 	if (!nl80211_can_set_dev_channel(wdev))
2912 		return -EOPNOTSUPP;
2913 	if (wdev)
2914 		iftype = wdev->iftype;
2915 
2916 	result = nl80211_parse_chandef(rdev, info, &chandef);
2917 	if (result)
2918 		return result;
2919 
2920 	switch (iftype) {
2921 	case NL80211_IFTYPE_AP:
2922 	case NL80211_IFTYPE_P2P_GO:
2923 		if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2924 						   iftype)) {
2925 			result = -EINVAL;
2926 			break;
2927 		}
2928 		if (wdev->beacon_interval) {
2929 			if (!dev || !rdev->ops->set_ap_chanwidth ||
2930 			    !(rdev->wiphy.features &
2931 			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2932 				result = -EBUSY;
2933 				break;
2934 			}
2935 
2936 			/* Only allow dynamic channel width changes */
2937 			if (chandef.chan != wdev->preset_chandef.chan) {
2938 				result = -EBUSY;
2939 				break;
2940 			}
2941 			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2942 			if (result)
2943 				break;
2944 		}
2945 		wdev->preset_chandef = chandef;
2946 		result = 0;
2947 		break;
2948 	case NL80211_IFTYPE_MESH_POINT:
2949 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2950 		break;
2951 	case NL80211_IFTYPE_MONITOR:
2952 		result = cfg80211_set_monitor_channel(rdev, &chandef);
2953 		break;
2954 	default:
2955 		result = -EINVAL;
2956 	}
2957 
2958 	return result;
2959 }
2960 
2961 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2962 {
2963 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2964 	struct net_device *netdev = info->user_ptr[1];
2965 
2966 	return __nl80211_set_channel(rdev, netdev, info);
2967 }
2968 
2969 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2970 {
2971 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2972 	struct net_device *dev = info->user_ptr[1];
2973 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2974 	const u8 *bssid;
2975 
2976 	if (!info->attrs[NL80211_ATTR_MAC])
2977 		return -EINVAL;
2978 
2979 	if (netif_running(dev))
2980 		return -EBUSY;
2981 
2982 	if (!rdev->ops->set_wds_peer)
2983 		return -EOPNOTSUPP;
2984 
2985 	if (wdev->iftype != NL80211_IFTYPE_WDS)
2986 		return -EOPNOTSUPP;
2987 
2988 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2989 	return rdev_set_wds_peer(rdev, dev, bssid);
2990 }
2991 
2992 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2993 {
2994 	struct cfg80211_registered_device *rdev;
2995 	struct net_device *netdev = NULL;
2996 	struct wireless_dev *wdev;
2997 	int result = 0, rem_txq_params = 0;
2998 	struct nlattr *nl_txq_params;
2999 	u32 changed;
3000 	u8 retry_short = 0, retry_long = 0;
3001 	u32 frag_threshold = 0, rts_threshold = 0;
3002 	u8 coverage_class = 0;
3003 	u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3004 
3005 	ASSERT_RTNL();
3006 
3007 	/*
3008 	 * Try to find the wiphy and netdev. Normally this
3009 	 * function shouldn't need the netdev, but this is
3010 	 * done for backward compatibility -- previously
3011 	 * setting the channel was done per wiphy, but now
3012 	 * it is per netdev. Previous userland like hostapd
3013 	 * also passed a netdev to set_wiphy, so that it is
3014 	 * possible to let that go to the right netdev!
3015 	 */
3016 
3017 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
3018 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3019 
3020 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3021 		if (netdev && netdev->ieee80211_ptr)
3022 			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3023 		else
3024 			netdev = NULL;
3025 	}
3026 
3027 	if (!netdev) {
3028 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3029 						  info->attrs);
3030 		if (IS_ERR(rdev))
3031 			return PTR_ERR(rdev);
3032 		wdev = NULL;
3033 		netdev = NULL;
3034 		result = 0;
3035 	} else
3036 		wdev = netdev->ieee80211_ptr;
3037 
3038 	/*
3039 	 * end workaround code, by now the rdev is available
3040 	 * and locked, and wdev may or may not be NULL.
3041 	 */
3042 
3043 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3044 		result = cfg80211_dev_rename(
3045 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3046 
3047 	if (result)
3048 		return result;
3049 
3050 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3051 		struct ieee80211_txq_params txq_params;
3052 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3053 
3054 		if (!rdev->ops->set_txq_params)
3055 			return -EOPNOTSUPP;
3056 
3057 		if (!netdev)
3058 			return -EINVAL;
3059 
3060 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3061 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3062 			return -EINVAL;
3063 
3064 		if (!netif_running(netdev))
3065 			return -ENETDOWN;
3066 
3067 		nla_for_each_nested(nl_txq_params,
3068 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3069 				    rem_txq_params) {
3070 			result = nla_parse_nested_deprecated(tb,
3071 							     NL80211_TXQ_ATTR_MAX,
3072 							     nl_txq_params,
3073 							     txq_params_policy,
3074 							     info->extack);
3075 			if (result)
3076 				return result;
3077 			result = parse_txq_params(tb, &txq_params);
3078 			if (result)
3079 				return result;
3080 
3081 			result = rdev_set_txq_params(rdev, netdev,
3082 						     &txq_params);
3083 			if (result)
3084 				return result;
3085 		}
3086 	}
3087 
3088 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3089 		result = __nl80211_set_channel(
3090 			rdev,
3091 			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3092 			info);
3093 		if (result)
3094 			return result;
3095 	}
3096 
3097 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3098 		struct wireless_dev *txp_wdev = wdev;
3099 		enum nl80211_tx_power_setting type;
3100 		int idx, mbm = 0;
3101 
3102 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3103 			txp_wdev = NULL;
3104 
3105 		if (!rdev->ops->set_tx_power)
3106 			return -EOPNOTSUPP;
3107 
3108 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3109 		type = nla_get_u32(info->attrs[idx]);
3110 
3111 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
3112 		    (type != NL80211_TX_POWER_AUTOMATIC))
3113 			return -EINVAL;
3114 
3115 		if (type != NL80211_TX_POWER_AUTOMATIC) {
3116 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
3117 			mbm = nla_get_u32(info->attrs[idx]);
3118 		}
3119 
3120 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
3121 		if (result)
3122 			return result;
3123 	}
3124 
3125 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
3126 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
3127 		u32 tx_ant, rx_ant;
3128 
3129 		if ((!rdev->wiphy.available_antennas_tx &&
3130 		     !rdev->wiphy.available_antennas_rx) ||
3131 		    !rdev->ops->set_antenna)
3132 			return -EOPNOTSUPP;
3133 
3134 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3135 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3136 
3137 		/* reject antenna configurations which don't match the
3138 		 * available antenna masks, except for the "all" mask */
3139 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3140 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
3141 			return -EINVAL;
3142 
3143 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3144 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3145 
3146 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3147 		if (result)
3148 			return result;
3149 	}
3150 
3151 	changed = 0;
3152 
3153 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3154 		retry_short = nla_get_u8(
3155 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3156 
3157 		changed |= WIPHY_PARAM_RETRY_SHORT;
3158 	}
3159 
3160 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3161 		retry_long = nla_get_u8(
3162 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3163 
3164 		changed |= WIPHY_PARAM_RETRY_LONG;
3165 	}
3166 
3167 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3168 		frag_threshold = nla_get_u32(
3169 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3170 		if (frag_threshold < 256)
3171 			return -EINVAL;
3172 
3173 		if (frag_threshold != (u32) -1) {
3174 			/*
3175 			 * Fragments (apart from the last one) are required to
3176 			 * have even length. Make the fragmentation code
3177 			 * simpler by stripping LSB should someone try to use
3178 			 * odd threshold value.
3179 			 */
3180 			frag_threshold &= ~0x1;
3181 		}
3182 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3183 	}
3184 
3185 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3186 		rts_threshold = nla_get_u32(
3187 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3188 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
3189 	}
3190 
3191 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3192 		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
3193 			return -EINVAL;
3194 
3195 		coverage_class = nla_get_u8(
3196 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3197 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
3198 	}
3199 
3200 	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3201 		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
3202 			return -EOPNOTSUPP;
3203 
3204 		changed |= WIPHY_PARAM_DYN_ACK;
3205 	}
3206 
3207 	if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3208 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3209 					     NL80211_EXT_FEATURE_TXQS))
3210 			return -EOPNOTSUPP;
3211 		txq_limit = nla_get_u32(
3212 			info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3213 		changed |= WIPHY_PARAM_TXQ_LIMIT;
3214 	}
3215 
3216 	if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3217 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3218 					     NL80211_EXT_FEATURE_TXQS))
3219 			return -EOPNOTSUPP;
3220 		txq_memory_limit = nla_get_u32(
3221 			info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3222 		changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3223 	}
3224 
3225 	if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3226 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3227 					     NL80211_EXT_FEATURE_TXQS))
3228 			return -EOPNOTSUPP;
3229 		txq_quantum = nla_get_u32(
3230 			info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3231 		changed |= WIPHY_PARAM_TXQ_QUANTUM;
3232 	}
3233 
3234 	if (changed) {
3235 		u8 old_retry_short, old_retry_long;
3236 		u32 old_frag_threshold, old_rts_threshold;
3237 		u8 old_coverage_class;
3238 		u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3239 
3240 		if (!rdev->ops->set_wiphy_params)
3241 			return -EOPNOTSUPP;
3242 
3243 		old_retry_short = rdev->wiphy.retry_short;
3244 		old_retry_long = rdev->wiphy.retry_long;
3245 		old_frag_threshold = rdev->wiphy.frag_threshold;
3246 		old_rts_threshold = rdev->wiphy.rts_threshold;
3247 		old_coverage_class = rdev->wiphy.coverage_class;
3248 		old_txq_limit = rdev->wiphy.txq_limit;
3249 		old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3250 		old_txq_quantum = rdev->wiphy.txq_quantum;
3251 
3252 		if (changed & WIPHY_PARAM_RETRY_SHORT)
3253 			rdev->wiphy.retry_short = retry_short;
3254 		if (changed & WIPHY_PARAM_RETRY_LONG)
3255 			rdev->wiphy.retry_long = retry_long;
3256 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3257 			rdev->wiphy.frag_threshold = frag_threshold;
3258 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3259 			rdev->wiphy.rts_threshold = rts_threshold;
3260 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3261 			rdev->wiphy.coverage_class = coverage_class;
3262 		if (changed & WIPHY_PARAM_TXQ_LIMIT)
3263 			rdev->wiphy.txq_limit = txq_limit;
3264 		if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3265 			rdev->wiphy.txq_memory_limit = txq_memory_limit;
3266 		if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3267 			rdev->wiphy.txq_quantum = txq_quantum;
3268 
3269 		result = rdev_set_wiphy_params(rdev, changed);
3270 		if (result) {
3271 			rdev->wiphy.retry_short = old_retry_short;
3272 			rdev->wiphy.retry_long = old_retry_long;
3273 			rdev->wiphy.frag_threshold = old_frag_threshold;
3274 			rdev->wiphy.rts_threshold = old_rts_threshold;
3275 			rdev->wiphy.coverage_class = old_coverage_class;
3276 			rdev->wiphy.txq_limit = old_txq_limit;
3277 			rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3278 			rdev->wiphy.txq_quantum = old_txq_quantum;
3279 			return result;
3280 		}
3281 	}
3282 	return 0;
3283 }
3284 
3285 static int nl80211_send_chandef(struct sk_buff *msg,
3286 				const struct cfg80211_chan_def *chandef)
3287 {
3288 	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3289 		return -EINVAL;
3290 
3291 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3292 			chandef->chan->center_freq))
3293 		return -ENOBUFS;
3294 	switch (chandef->width) {
3295 	case NL80211_CHAN_WIDTH_20_NOHT:
3296 	case NL80211_CHAN_WIDTH_20:
3297 	case NL80211_CHAN_WIDTH_40:
3298 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3299 				cfg80211_get_chandef_type(chandef)))
3300 			return -ENOBUFS;
3301 		break;
3302 	default:
3303 		break;
3304 	}
3305 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3306 		return -ENOBUFS;
3307 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3308 		return -ENOBUFS;
3309 	if (chandef->center_freq2 &&
3310 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3311 		return -ENOBUFS;
3312 	return 0;
3313 }
3314 
3315 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3316 			      struct cfg80211_registered_device *rdev,
3317 			      struct wireless_dev *wdev,
3318 			      enum nl80211_commands cmd)
3319 {
3320 	struct net_device *dev = wdev->netdev;
3321 	void *hdr;
3322 
3323 	WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3324 		cmd != NL80211_CMD_DEL_INTERFACE &&
3325 		cmd != NL80211_CMD_SET_INTERFACE);
3326 
3327 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3328 	if (!hdr)
3329 		return -1;
3330 
3331 	if (dev &&
3332 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3333 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3334 		goto nla_put_failure;
3335 
3336 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3337 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3338 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3339 			      NL80211_ATTR_PAD) ||
3340 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3341 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
3342 			rdev->devlist_generation ^
3343 			(cfg80211_rdev_list_generation << 2)) ||
3344 	    nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3345 		goto nla_put_failure;
3346 
3347 	if (rdev->ops->get_channel) {
3348 		int ret;
3349 		struct cfg80211_chan_def chandef = {};
3350 
3351 		ret = rdev_get_channel(rdev, wdev, &chandef);
3352 		if (ret == 0) {
3353 			if (nl80211_send_chandef(msg, &chandef))
3354 				goto nla_put_failure;
3355 		}
3356 	}
3357 
3358 	if (rdev->ops->get_tx_power) {
3359 		int dbm, ret;
3360 
3361 		ret = rdev_get_tx_power(rdev, wdev, &dbm);
3362 		if (ret == 0 &&
3363 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3364 				DBM_TO_MBM(dbm)))
3365 			goto nla_put_failure;
3366 	}
3367 
3368 	wdev_lock(wdev);
3369 	switch (wdev->iftype) {
3370 	case NL80211_IFTYPE_AP:
3371 		if (wdev->ssid_len &&
3372 		    nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3373 			goto nla_put_failure_locked;
3374 		break;
3375 	case NL80211_IFTYPE_STATION:
3376 	case NL80211_IFTYPE_P2P_CLIENT:
3377 	case NL80211_IFTYPE_ADHOC: {
3378 		const u8 *ssid_ie;
3379 		if (!wdev->current_bss)
3380 			break;
3381 		rcu_read_lock();
3382 		ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3383 					       WLAN_EID_SSID);
3384 		if (ssid_ie &&
3385 		    nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3386 			goto nla_put_failure_rcu_locked;
3387 		rcu_read_unlock();
3388 		break;
3389 		}
3390 	default:
3391 		/* nothing */
3392 		break;
3393 	}
3394 	wdev_unlock(wdev);
3395 
3396 	if (rdev->ops->get_txq_stats) {
3397 		struct cfg80211_txq_stats txqstats = {};
3398 		int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3399 
3400 		if (ret == 0 &&
3401 		    !nl80211_put_txq_stats(msg, &txqstats,
3402 					   NL80211_ATTR_TXQ_STATS))
3403 			goto nla_put_failure;
3404 	}
3405 
3406 	genlmsg_end(msg, hdr);
3407 	return 0;
3408 
3409  nla_put_failure_rcu_locked:
3410 	rcu_read_unlock();
3411  nla_put_failure_locked:
3412 	wdev_unlock(wdev);
3413  nla_put_failure:
3414 	genlmsg_cancel(msg, hdr);
3415 	return -EMSGSIZE;
3416 }
3417 
3418 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3419 {
3420 	int wp_idx = 0;
3421 	int if_idx = 0;
3422 	int wp_start = cb->args[0];
3423 	int if_start = cb->args[1];
3424 	int filter_wiphy = -1;
3425 	struct cfg80211_registered_device *rdev;
3426 	struct wireless_dev *wdev;
3427 	int ret;
3428 
3429 	rtnl_lock();
3430 	if (!cb->args[2]) {
3431 		struct nl80211_dump_wiphy_state state = {
3432 			.filter_wiphy = -1,
3433 		};
3434 
3435 		ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3436 		if (ret)
3437 			goto out_unlock;
3438 
3439 		filter_wiphy = state.filter_wiphy;
3440 
3441 		/*
3442 		 * if filtering, set cb->args[2] to +1 since 0 is the default
3443 		 * value needed to determine that parsing is necessary.
3444 		 */
3445 		if (filter_wiphy >= 0)
3446 			cb->args[2] = filter_wiphy + 1;
3447 		else
3448 			cb->args[2] = -1;
3449 	} else if (cb->args[2] > 0) {
3450 		filter_wiphy = cb->args[2] - 1;
3451 	}
3452 
3453 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3454 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3455 			continue;
3456 		if (wp_idx < wp_start) {
3457 			wp_idx++;
3458 			continue;
3459 		}
3460 
3461 		if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3462 			continue;
3463 
3464 		if_idx = 0;
3465 
3466 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3467 			if (if_idx < if_start) {
3468 				if_idx++;
3469 				continue;
3470 			}
3471 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3472 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
3473 					       rdev, wdev,
3474 					       NL80211_CMD_NEW_INTERFACE) < 0) {
3475 				goto out;
3476 			}
3477 			if_idx++;
3478 		}
3479 
3480 		wp_idx++;
3481 	}
3482  out:
3483 	cb->args[0] = wp_idx;
3484 	cb->args[1] = if_idx;
3485 
3486 	ret = skb->len;
3487  out_unlock:
3488 	rtnl_unlock();
3489 
3490 	return ret;
3491 }
3492 
3493 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3494 {
3495 	struct sk_buff *msg;
3496 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3497 	struct wireless_dev *wdev = info->user_ptr[1];
3498 
3499 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3500 	if (!msg)
3501 		return -ENOMEM;
3502 
3503 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3504 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3505 		nlmsg_free(msg);
3506 		return -ENOBUFS;
3507 	}
3508 
3509 	return genlmsg_reply(msg, info);
3510 }
3511 
3512 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3513 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3514 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3515 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3516 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3517 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3518 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3519 };
3520 
3521 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3522 {
3523 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3524 	int flag;
3525 
3526 	*mntrflags = 0;
3527 
3528 	if (!nla)
3529 		return -EINVAL;
3530 
3531 	if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3532 		return -EINVAL;
3533 
3534 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3535 		if (flags[flag])
3536 			*mntrflags |= (1<<flag);
3537 
3538 	*mntrflags |= MONITOR_FLAG_CHANGED;
3539 
3540 	return 0;
3541 }
3542 
3543 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3544 				     enum nl80211_iftype type,
3545 				     struct genl_info *info,
3546 				     struct vif_params *params)
3547 {
3548 	bool change = false;
3549 	int err;
3550 
3551 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3552 		if (type != NL80211_IFTYPE_MONITOR)
3553 			return -EINVAL;
3554 
3555 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3556 					  &params->flags);
3557 		if (err)
3558 			return err;
3559 
3560 		change = true;
3561 	}
3562 
3563 	if (params->flags & MONITOR_FLAG_ACTIVE &&
3564 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3565 		return -EOPNOTSUPP;
3566 
3567 	if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3568 		const u8 *mumimo_groups;
3569 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3570 
3571 		if (type != NL80211_IFTYPE_MONITOR)
3572 			return -EINVAL;
3573 
3574 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3575 			return -EOPNOTSUPP;
3576 
3577 		mumimo_groups =
3578 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3579 
3580 		/* bits 0 and 63 are reserved and must be zero */
3581 		if ((mumimo_groups[0] & BIT(0)) ||
3582 		    (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3583 			return -EINVAL;
3584 
3585 		params->vht_mumimo_groups = mumimo_groups;
3586 		change = true;
3587 	}
3588 
3589 	if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3590 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3591 
3592 		if (type != NL80211_IFTYPE_MONITOR)
3593 			return -EINVAL;
3594 
3595 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3596 			return -EOPNOTSUPP;
3597 
3598 		params->vht_mumimo_follow_addr =
3599 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3600 		change = true;
3601 	}
3602 
3603 	return change ? 1 : 0;
3604 }
3605 
3606 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3607 			       struct net_device *netdev, u8 use_4addr,
3608 			       enum nl80211_iftype iftype)
3609 {
3610 	if (!use_4addr) {
3611 		if (netdev && netif_is_bridge_port(netdev))
3612 			return -EBUSY;
3613 		return 0;
3614 	}
3615 
3616 	switch (iftype) {
3617 	case NL80211_IFTYPE_AP_VLAN:
3618 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3619 			return 0;
3620 		break;
3621 	case NL80211_IFTYPE_STATION:
3622 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3623 			return 0;
3624 		break;
3625 	default:
3626 		break;
3627 	}
3628 
3629 	return -EOPNOTSUPP;
3630 }
3631 
3632 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3633 {
3634 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3635 	struct vif_params params;
3636 	int err;
3637 	enum nl80211_iftype otype, ntype;
3638 	struct net_device *dev = info->user_ptr[1];
3639 	bool change = false;
3640 
3641 	memset(&params, 0, sizeof(params));
3642 
3643 	otype = ntype = dev->ieee80211_ptr->iftype;
3644 
3645 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
3646 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3647 		if (otype != ntype)
3648 			change = true;
3649 	}
3650 
3651 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
3652 		struct wireless_dev *wdev = dev->ieee80211_ptr;
3653 
3654 		if (ntype != NL80211_IFTYPE_MESH_POINT)
3655 			return -EINVAL;
3656 		if (netif_running(dev))
3657 			return -EBUSY;
3658 
3659 		wdev_lock(wdev);
3660 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3661 			     IEEE80211_MAX_MESH_ID_LEN);
3662 		wdev->mesh_id_up_len =
3663 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3664 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3665 		       wdev->mesh_id_up_len);
3666 		wdev_unlock(wdev);
3667 	}
3668 
3669 	if (info->attrs[NL80211_ATTR_4ADDR]) {
3670 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3671 		change = true;
3672 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3673 		if (err)
3674 			return err;
3675 	} else {
3676 		params.use_4addr = -1;
3677 	}
3678 
3679 	err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3680 	if (err < 0)
3681 		return err;
3682 	if (err > 0)
3683 		change = true;
3684 
3685 	if (change)
3686 		err = cfg80211_change_iface(rdev, dev, ntype, &params);
3687 	else
3688 		err = 0;
3689 
3690 	if (!err && params.use_4addr != -1)
3691 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
3692 
3693 	if (change && !err) {
3694 		struct wireless_dev *wdev = dev->ieee80211_ptr;
3695 
3696 		nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3697 	}
3698 
3699 	return err;
3700 }
3701 
3702 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3703 {
3704 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3705 	struct vif_params params;
3706 	struct wireless_dev *wdev;
3707 	struct sk_buff *msg;
3708 	int err;
3709 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3710 
3711 	/* to avoid failing a new interface creation due to pending removal */
3712 	cfg80211_destroy_ifaces(rdev);
3713 
3714 	memset(&params, 0, sizeof(params));
3715 
3716 	if (!info->attrs[NL80211_ATTR_IFNAME])
3717 		return -EINVAL;
3718 
3719 	if (info->attrs[NL80211_ATTR_IFTYPE])
3720 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3721 
3722 	if (!rdev->ops->add_virtual_intf)
3723 		return -EOPNOTSUPP;
3724 
3725 	if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3726 	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3727 	    info->attrs[NL80211_ATTR_MAC]) {
3728 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3729 			   ETH_ALEN);
3730 		if (!is_valid_ether_addr(params.macaddr))
3731 			return -EADDRNOTAVAIL;
3732 	}
3733 
3734 	if (info->attrs[NL80211_ATTR_4ADDR]) {
3735 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3736 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3737 		if (err)
3738 			return err;
3739 	}
3740 
3741 	if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3742 		return -EOPNOTSUPP;
3743 
3744 	err = nl80211_parse_mon_options(rdev, type, info, &params);
3745 	if (err < 0)
3746 		return err;
3747 
3748 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3749 	if (!msg)
3750 		return -ENOMEM;
3751 
3752 	wdev = rdev_add_virtual_intf(rdev,
3753 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3754 				NET_NAME_USER, type, &params);
3755 	if (WARN_ON(!wdev)) {
3756 		nlmsg_free(msg);
3757 		return -EPROTO;
3758 	} else if (IS_ERR(wdev)) {
3759 		nlmsg_free(msg);
3760 		return PTR_ERR(wdev);
3761 	}
3762 
3763 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3764 		wdev->owner_nlportid = info->snd_portid;
3765 
3766 	switch (type) {
3767 	case NL80211_IFTYPE_MESH_POINT:
3768 		if (!info->attrs[NL80211_ATTR_MESH_ID])
3769 			break;
3770 		wdev_lock(wdev);
3771 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3772 			     IEEE80211_MAX_MESH_ID_LEN);
3773 		wdev->mesh_id_up_len =
3774 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3775 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3776 		       wdev->mesh_id_up_len);
3777 		wdev_unlock(wdev);
3778 		break;
3779 	case NL80211_IFTYPE_NAN:
3780 	case NL80211_IFTYPE_P2P_DEVICE:
3781 		/*
3782 		 * P2P Device and NAN do not have a netdev, so don't go
3783 		 * through the netdev notifier and must be added here
3784 		 */
3785 		cfg80211_init_wdev(rdev, wdev);
3786 		break;
3787 	default:
3788 		break;
3789 	}
3790 
3791 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3792 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3793 		nlmsg_free(msg);
3794 		return -ENOBUFS;
3795 	}
3796 
3797 	return genlmsg_reply(msg, info);
3798 }
3799 
3800 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3801 {
3802 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3803 	struct wireless_dev *wdev = info->user_ptr[1];
3804 
3805 	if (!rdev->ops->del_virtual_intf)
3806 		return -EOPNOTSUPP;
3807 
3808 	/*
3809 	 * If we remove a wireless device without a netdev then clear
3810 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
3811 	 * to check if it needs to do dev_put(). Otherwise it crashes
3812 	 * since the wdev has been freed, unlike with a netdev where
3813 	 * we need the dev_put() for the netdev to really be freed.
3814 	 */
3815 	if (!wdev->netdev)
3816 		info->user_ptr[1] = NULL;
3817 
3818 	return rdev_del_virtual_intf(rdev, wdev);
3819 }
3820 
3821 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3822 {
3823 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3824 	struct net_device *dev = info->user_ptr[1];
3825 	u16 noack_map;
3826 
3827 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3828 		return -EINVAL;
3829 
3830 	if (!rdev->ops->set_noack_map)
3831 		return -EOPNOTSUPP;
3832 
3833 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3834 
3835 	return rdev_set_noack_map(rdev, dev, noack_map);
3836 }
3837 
3838 struct get_key_cookie {
3839 	struct sk_buff *msg;
3840 	int error;
3841 	int idx;
3842 };
3843 
3844 static void get_key_callback(void *c, struct key_params *params)
3845 {
3846 	struct nlattr *key;
3847 	struct get_key_cookie *cookie = c;
3848 
3849 	if ((params->key &&
3850 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3851 		     params->key_len, params->key)) ||
3852 	    (params->seq &&
3853 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3854 		     params->seq_len, params->seq)) ||
3855 	    (params->cipher &&
3856 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3857 			 params->cipher)))
3858 		goto nla_put_failure;
3859 
3860 	key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
3861 	if (!key)
3862 		goto nla_put_failure;
3863 
3864 	if ((params->key &&
3865 	     nla_put(cookie->msg, NL80211_KEY_DATA,
3866 		     params->key_len, params->key)) ||
3867 	    (params->seq &&
3868 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
3869 		     params->seq_len, params->seq)) ||
3870 	    (params->cipher &&
3871 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3872 			 params->cipher)))
3873 		goto nla_put_failure;
3874 
3875 	if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
3876 		goto nla_put_failure;
3877 
3878 	nla_nest_end(cookie->msg, key);
3879 
3880 	return;
3881  nla_put_failure:
3882 	cookie->error = 1;
3883 }
3884 
3885 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3886 {
3887 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3888 	int err;
3889 	struct net_device *dev = info->user_ptr[1];
3890 	u8 key_idx = 0;
3891 	const u8 *mac_addr = NULL;
3892 	bool pairwise;
3893 	struct get_key_cookie cookie = {
3894 		.error = 0,
3895 	};
3896 	void *hdr;
3897 	struct sk_buff *msg;
3898 
3899 	if (info->attrs[NL80211_ATTR_KEY_IDX]) {
3900 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3901 		if (key_idx > 5 &&
3902 		    !wiphy_ext_feature_isset(
3903 			    &rdev->wiphy,
3904 			    NL80211_EXT_FEATURE_BEACON_PROTECTION))
3905 			return -EINVAL;
3906 	}
3907 
3908 	if (info->attrs[NL80211_ATTR_MAC])
3909 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3910 
3911 	pairwise = !!mac_addr;
3912 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3913 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3914 
3915 		if (kt != NL80211_KEYTYPE_GROUP &&
3916 		    kt != NL80211_KEYTYPE_PAIRWISE)
3917 			return -EINVAL;
3918 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3919 	}
3920 
3921 	if (!rdev->ops->get_key)
3922 		return -EOPNOTSUPP;
3923 
3924 	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3925 		return -ENOENT;
3926 
3927 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3928 	if (!msg)
3929 		return -ENOMEM;
3930 
3931 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3932 			     NL80211_CMD_NEW_KEY);
3933 	if (!hdr)
3934 		goto nla_put_failure;
3935 
3936 	cookie.msg = msg;
3937 	cookie.idx = key_idx;
3938 
3939 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3940 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3941 		goto nla_put_failure;
3942 	if (mac_addr &&
3943 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3944 		goto nla_put_failure;
3945 
3946 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3947 			   get_key_callback);
3948 
3949 	if (err)
3950 		goto free_msg;
3951 
3952 	if (cookie.error)
3953 		goto nla_put_failure;
3954 
3955 	genlmsg_end(msg, hdr);
3956 	return genlmsg_reply(msg, info);
3957 
3958  nla_put_failure:
3959 	err = -ENOBUFS;
3960  free_msg:
3961 	nlmsg_free(msg);
3962 	return err;
3963 }
3964 
3965 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3966 {
3967 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3968 	struct key_parse key;
3969 	int err;
3970 	struct net_device *dev = info->user_ptr[1];
3971 
3972 	err = nl80211_parse_key(info, &key);
3973 	if (err)
3974 		return err;
3975 
3976 	if (key.idx < 0)
3977 		return -EINVAL;
3978 
3979 	/* Only support setting default key and
3980 	 * Extended Key ID action NL80211_KEY_SET_TX.
3981 	 */
3982 	if (!key.def && !key.defmgmt && !key.defbeacon &&
3983 	    !(key.p.mode == NL80211_KEY_SET_TX))
3984 		return -EINVAL;
3985 
3986 	wdev_lock(dev->ieee80211_ptr);
3987 
3988 	if (key.def) {
3989 		if (!rdev->ops->set_default_key) {
3990 			err = -EOPNOTSUPP;
3991 			goto out;
3992 		}
3993 
3994 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3995 		if (err)
3996 			goto out;
3997 
3998 		err = rdev_set_default_key(rdev, dev, key.idx,
3999 						 key.def_uni, key.def_multi);
4000 
4001 		if (err)
4002 			goto out;
4003 
4004 #ifdef CONFIG_CFG80211_WEXT
4005 		dev->ieee80211_ptr->wext.default_key = key.idx;
4006 #endif
4007 	} else if (key.defmgmt) {
4008 		if (key.def_uni || !key.def_multi) {
4009 			err = -EINVAL;
4010 			goto out;
4011 		}
4012 
4013 		if (!rdev->ops->set_default_mgmt_key) {
4014 			err = -EOPNOTSUPP;
4015 			goto out;
4016 		}
4017 
4018 		err = nl80211_key_allowed(dev->ieee80211_ptr);
4019 		if (err)
4020 			goto out;
4021 
4022 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
4023 		if (err)
4024 			goto out;
4025 
4026 #ifdef CONFIG_CFG80211_WEXT
4027 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
4028 #endif
4029 	} else if (key.defbeacon) {
4030 		if (key.def_uni || !key.def_multi) {
4031 			err = -EINVAL;
4032 			goto out;
4033 		}
4034 
4035 		if (!rdev->ops->set_default_beacon_key) {
4036 			err = -EOPNOTSUPP;
4037 			goto out;
4038 		}
4039 
4040 		err = nl80211_key_allowed(dev->ieee80211_ptr);
4041 		if (err)
4042 			goto out;
4043 
4044 		err = rdev_set_default_beacon_key(rdev, dev, key.idx);
4045 		if (err)
4046 			goto out;
4047 	} else if (key.p.mode == NL80211_KEY_SET_TX &&
4048 		   wiphy_ext_feature_isset(&rdev->wiphy,
4049 					   NL80211_EXT_FEATURE_EXT_KEY_ID)) {
4050 		u8 *mac_addr = NULL;
4051 
4052 		if (info->attrs[NL80211_ATTR_MAC])
4053 			mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4054 
4055 		if (!mac_addr || key.idx < 0 || key.idx > 1) {
4056 			err = -EINVAL;
4057 			goto out;
4058 		}
4059 
4060 		err = rdev_add_key(rdev, dev, key.idx,
4061 				   NL80211_KEYTYPE_PAIRWISE,
4062 				   mac_addr, &key.p);
4063 	} else {
4064 		err = -EINVAL;
4065 	}
4066  out:
4067 	wdev_unlock(dev->ieee80211_ptr);
4068 
4069 	return err;
4070 }
4071 
4072 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
4073 {
4074 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4075 	int err;
4076 	struct net_device *dev = info->user_ptr[1];
4077 	struct key_parse key;
4078 	const u8 *mac_addr = NULL;
4079 
4080 	err = nl80211_parse_key(info, &key);
4081 	if (err)
4082 		return err;
4083 
4084 	if (!key.p.key) {
4085 		GENL_SET_ERR_MSG(info, "no key");
4086 		return -EINVAL;
4087 	}
4088 
4089 	if (info->attrs[NL80211_ATTR_MAC])
4090 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4091 
4092 	if (key.type == -1) {
4093 		if (mac_addr)
4094 			key.type = NL80211_KEYTYPE_PAIRWISE;
4095 		else
4096 			key.type = NL80211_KEYTYPE_GROUP;
4097 	}
4098 
4099 	/* for now */
4100 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4101 	    key.type != NL80211_KEYTYPE_GROUP) {
4102 		GENL_SET_ERR_MSG(info, "key type not pairwise or group");
4103 		return -EINVAL;
4104 	}
4105 
4106 	if (key.type == NL80211_KEYTYPE_GROUP &&
4107 	    info->attrs[NL80211_ATTR_VLAN_ID])
4108 		key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
4109 
4110 	if (!rdev->ops->add_key)
4111 		return -EOPNOTSUPP;
4112 
4113 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
4114 					   key.type == NL80211_KEYTYPE_PAIRWISE,
4115 					   mac_addr)) {
4116 		GENL_SET_ERR_MSG(info, "key setting validation failed");
4117 		return -EINVAL;
4118 	}
4119 
4120 	wdev_lock(dev->ieee80211_ptr);
4121 	err = nl80211_key_allowed(dev->ieee80211_ptr);
4122 	if (err)
4123 		GENL_SET_ERR_MSG(info, "key not allowed");
4124 	if (!err) {
4125 		err = rdev_add_key(rdev, dev, key.idx,
4126 				   key.type == NL80211_KEYTYPE_PAIRWISE,
4127 				    mac_addr, &key.p);
4128 		if (err)
4129 			GENL_SET_ERR_MSG(info, "key addition failed");
4130 	}
4131 	wdev_unlock(dev->ieee80211_ptr);
4132 
4133 	return err;
4134 }
4135 
4136 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
4137 {
4138 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4139 	int err;
4140 	struct net_device *dev = info->user_ptr[1];
4141 	u8 *mac_addr = NULL;
4142 	struct key_parse key;
4143 
4144 	err = nl80211_parse_key(info, &key);
4145 	if (err)
4146 		return err;
4147 
4148 	if (info->attrs[NL80211_ATTR_MAC])
4149 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4150 
4151 	if (key.type == -1) {
4152 		if (mac_addr)
4153 			key.type = NL80211_KEYTYPE_PAIRWISE;
4154 		else
4155 			key.type = NL80211_KEYTYPE_GROUP;
4156 	}
4157 
4158 	/* for now */
4159 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4160 	    key.type != NL80211_KEYTYPE_GROUP)
4161 		return -EINVAL;
4162 
4163 	if (!rdev->ops->del_key)
4164 		return -EOPNOTSUPP;
4165 
4166 	wdev_lock(dev->ieee80211_ptr);
4167 	err = nl80211_key_allowed(dev->ieee80211_ptr);
4168 
4169 	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4170 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4171 		err = -ENOENT;
4172 
4173 	if (!err)
4174 		err = rdev_del_key(rdev, dev, key.idx,
4175 				   key.type == NL80211_KEYTYPE_PAIRWISE,
4176 				   mac_addr);
4177 
4178 #ifdef CONFIG_CFG80211_WEXT
4179 	if (!err) {
4180 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
4181 			dev->ieee80211_ptr->wext.default_key = -1;
4182 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
4183 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
4184 	}
4185 #endif
4186 	wdev_unlock(dev->ieee80211_ptr);
4187 
4188 	return err;
4189 }
4190 
4191 /* This function returns an error or the number of nested attributes */
4192 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4193 {
4194 	struct nlattr *attr;
4195 	int n_entries = 0, tmp;
4196 
4197 	nla_for_each_nested(attr, nl_attr, tmp) {
4198 		if (nla_len(attr) != ETH_ALEN)
4199 			return -EINVAL;
4200 
4201 		n_entries++;
4202 	}
4203 
4204 	return n_entries;
4205 }
4206 
4207 /*
4208  * This function parses ACL information and allocates memory for ACL data.
4209  * On successful return, the calling function is responsible to free the
4210  * ACL buffer returned by this function.
4211  */
4212 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
4213 						struct genl_info *info)
4214 {
4215 	enum nl80211_acl_policy acl_policy;
4216 	struct nlattr *attr;
4217 	struct cfg80211_acl_data *acl;
4218 	int i = 0, n_entries, tmp;
4219 
4220 	if (!wiphy->max_acl_mac_addrs)
4221 		return ERR_PTR(-EOPNOTSUPP);
4222 
4223 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
4224 		return ERR_PTR(-EINVAL);
4225 
4226 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
4227 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
4228 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
4229 		return ERR_PTR(-EINVAL);
4230 
4231 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
4232 		return ERR_PTR(-EINVAL);
4233 
4234 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
4235 	if (n_entries < 0)
4236 		return ERR_PTR(n_entries);
4237 
4238 	if (n_entries > wiphy->max_acl_mac_addrs)
4239 		return ERR_PTR(-ENOTSUPP);
4240 
4241 	acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
4242 	if (!acl)
4243 		return ERR_PTR(-ENOMEM);
4244 
4245 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
4246 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
4247 		i++;
4248 	}
4249 
4250 	acl->n_acl_entries = n_entries;
4251 	acl->acl_policy = acl_policy;
4252 
4253 	return acl;
4254 }
4255 
4256 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
4257 {
4258 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4259 	struct net_device *dev = info->user_ptr[1];
4260 	struct cfg80211_acl_data *acl;
4261 	int err;
4262 
4263 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4264 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4265 		return -EOPNOTSUPP;
4266 
4267 	if (!dev->ieee80211_ptr->beacon_interval)
4268 		return -EINVAL;
4269 
4270 	acl = parse_acl_data(&rdev->wiphy, info);
4271 	if (IS_ERR(acl))
4272 		return PTR_ERR(acl);
4273 
4274 	err = rdev_set_mac_acl(rdev, dev, acl);
4275 
4276 	kfree(acl);
4277 
4278 	return err;
4279 }
4280 
4281 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4282 			   u8 *rates, u8 rates_len)
4283 {
4284 	u8 i;
4285 	u32 mask = 0;
4286 
4287 	for (i = 0; i < rates_len; i++) {
4288 		int rate = (rates[i] & 0x7f) * 5;
4289 		int ridx;
4290 
4291 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4292 			struct ieee80211_rate *srate =
4293 				&sband->bitrates[ridx];
4294 			if (rate == srate->bitrate) {
4295 				mask |= 1 << ridx;
4296 				break;
4297 			}
4298 		}
4299 		if (ridx == sband->n_bitrates)
4300 			return 0; /* rate not found */
4301 	}
4302 
4303 	return mask;
4304 }
4305 
4306 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4307 			       u8 *rates, u8 rates_len,
4308 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4309 {
4310 	u8 i;
4311 
4312 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4313 
4314 	for (i = 0; i < rates_len; i++) {
4315 		int ridx, rbit;
4316 
4317 		ridx = rates[i] / 8;
4318 		rbit = BIT(rates[i] % 8);
4319 
4320 		/* check validity */
4321 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4322 			return false;
4323 
4324 		/* check availability */
4325 		ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4326 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4327 			mcs[ridx] |= rbit;
4328 		else
4329 			return false;
4330 	}
4331 
4332 	return true;
4333 }
4334 
4335 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4336 {
4337 	u16 mcs_mask = 0;
4338 
4339 	switch (vht_mcs_map) {
4340 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4341 		break;
4342 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
4343 		mcs_mask = 0x00FF;
4344 		break;
4345 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
4346 		mcs_mask = 0x01FF;
4347 		break;
4348 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
4349 		mcs_mask = 0x03FF;
4350 		break;
4351 	default:
4352 		break;
4353 	}
4354 
4355 	return mcs_mask;
4356 }
4357 
4358 static void vht_build_mcs_mask(u16 vht_mcs_map,
4359 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4360 {
4361 	u8 nss;
4362 
4363 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4364 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4365 		vht_mcs_map >>= 2;
4366 	}
4367 }
4368 
4369 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4370 			     struct nl80211_txrate_vht *txrate,
4371 			     u16 mcs[NL80211_VHT_NSS_MAX])
4372 {
4373 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4374 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4375 	u8 i;
4376 
4377 	if (!sband->vht_cap.vht_supported)
4378 		return false;
4379 
4380 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4381 
4382 	/* Build vht_mcs_mask from VHT capabilities */
4383 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4384 
4385 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4386 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4387 			mcs[i] = txrate->mcs[i];
4388 		else
4389 			return false;
4390 	}
4391 
4392 	return true;
4393 }
4394 
4395 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4396 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4397 				    .len = NL80211_MAX_SUPP_RATES },
4398 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
4399 				.len = NL80211_MAX_SUPP_HT_RATES },
4400 	[NL80211_TXRATE_VHT] = {
4401 		.type = NLA_EXACT_LEN_WARN,
4402 		.len = sizeof(struct nl80211_txrate_vht),
4403 	},
4404 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
4405 };
4406 
4407 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4408 					 struct cfg80211_bitrate_mask *mask)
4409 {
4410 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4411 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4412 	int rem, i;
4413 	struct nlattr *tx_rates;
4414 	struct ieee80211_supported_band *sband;
4415 	u16 vht_tx_mcs_map;
4416 
4417 	memset(mask, 0, sizeof(*mask));
4418 	/* Default to all rates enabled */
4419 	for (i = 0; i < NUM_NL80211_BANDS; i++) {
4420 		sband = rdev->wiphy.bands[i];
4421 
4422 		if (!sband)
4423 			continue;
4424 
4425 		mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4426 		memcpy(mask->control[i].ht_mcs,
4427 		       sband->ht_cap.mcs.rx_mask,
4428 		       sizeof(mask->control[i].ht_mcs));
4429 
4430 		if (!sband->vht_cap.vht_supported)
4431 			continue;
4432 
4433 		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4434 		vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4435 	}
4436 
4437 	/* if no rates are given set it back to the defaults */
4438 	if (!info->attrs[NL80211_ATTR_TX_RATES])
4439 		goto out;
4440 
4441 	/* The nested attribute uses enum nl80211_band as the index. This maps
4442 	 * directly to the enum nl80211_band values used in cfg80211.
4443 	 */
4444 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4445 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
4446 		enum nl80211_band band = nla_type(tx_rates);
4447 		int err;
4448 
4449 		if (band < 0 || band >= NUM_NL80211_BANDS)
4450 			return -EINVAL;
4451 		sband = rdev->wiphy.bands[band];
4452 		if (sband == NULL)
4453 			return -EINVAL;
4454 		err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4455 						  tx_rates,
4456 						  nl80211_txattr_policy,
4457 						  info->extack);
4458 		if (err)
4459 			return err;
4460 		if (tb[NL80211_TXRATE_LEGACY]) {
4461 			mask->control[band].legacy = rateset_to_mask(
4462 				sband,
4463 				nla_data(tb[NL80211_TXRATE_LEGACY]),
4464 				nla_len(tb[NL80211_TXRATE_LEGACY]));
4465 			if ((mask->control[band].legacy == 0) &&
4466 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
4467 				return -EINVAL;
4468 		}
4469 		if (tb[NL80211_TXRATE_HT]) {
4470 			if (!ht_rateset_to_mask(
4471 					sband,
4472 					nla_data(tb[NL80211_TXRATE_HT]),
4473 					nla_len(tb[NL80211_TXRATE_HT]),
4474 					mask->control[band].ht_mcs))
4475 				return -EINVAL;
4476 		}
4477 		if (tb[NL80211_TXRATE_VHT]) {
4478 			if (!vht_set_mcs_mask(
4479 					sband,
4480 					nla_data(tb[NL80211_TXRATE_VHT]),
4481 					mask->control[band].vht_mcs))
4482 				return -EINVAL;
4483 		}
4484 		if (tb[NL80211_TXRATE_GI]) {
4485 			mask->control[band].gi =
4486 				nla_get_u8(tb[NL80211_TXRATE_GI]);
4487 			if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4488 				return -EINVAL;
4489 		}
4490 
4491 		if (mask->control[band].legacy == 0) {
4492 			/* don't allow empty legacy rates if HT or VHT
4493 			 * are not even supported.
4494 			 */
4495 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4496 			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
4497 				return -EINVAL;
4498 
4499 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4500 				if (mask->control[band].ht_mcs[i])
4501 					goto out;
4502 
4503 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4504 				if (mask->control[band].vht_mcs[i])
4505 					goto out;
4506 
4507 			/* legacy and mcs rates may not be both empty */
4508 			return -EINVAL;
4509 		}
4510 	}
4511 
4512 out:
4513 	return 0;
4514 }
4515 
4516 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4517 				   enum nl80211_band band,
4518 				   struct cfg80211_bitrate_mask *beacon_rate)
4519 {
4520 	u32 count_ht, count_vht, i;
4521 	u32 rate = beacon_rate->control[band].legacy;
4522 
4523 	/* Allow only one rate */
4524 	if (hweight32(rate) > 1)
4525 		return -EINVAL;
4526 
4527 	count_ht = 0;
4528 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4529 		if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4530 			return -EINVAL;
4531 		} else if (beacon_rate->control[band].ht_mcs[i]) {
4532 			count_ht++;
4533 			if (count_ht > 1)
4534 				return -EINVAL;
4535 		}
4536 		if (count_ht && rate)
4537 			return -EINVAL;
4538 	}
4539 
4540 	count_vht = 0;
4541 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4542 		if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4543 			return -EINVAL;
4544 		} else if (beacon_rate->control[band].vht_mcs[i]) {
4545 			count_vht++;
4546 			if (count_vht > 1)
4547 				return -EINVAL;
4548 		}
4549 		if (count_vht && rate)
4550 			return -EINVAL;
4551 	}
4552 
4553 	if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
4554 		return -EINVAL;
4555 
4556 	if (rate &&
4557 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4558 				     NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4559 		return -EINVAL;
4560 	if (count_ht &&
4561 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4562 				     NL80211_EXT_FEATURE_BEACON_RATE_HT))
4563 		return -EINVAL;
4564 	if (count_vht &&
4565 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4566 				     NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4567 		return -EINVAL;
4568 
4569 	return 0;
4570 }
4571 
4572 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4573 				struct nlattr *attrs[],
4574 				struct cfg80211_beacon_data *bcn)
4575 {
4576 	bool haveinfo = false;
4577 	int err;
4578 
4579 	memset(bcn, 0, sizeof(*bcn));
4580 
4581 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4582 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4583 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4584 		if (!bcn->head_len)
4585 			return -EINVAL;
4586 		haveinfo = true;
4587 	}
4588 
4589 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4590 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4591 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4592 		haveinfo = true;
4593 	}
4594 
4595 	if (!haveinfo)
4596 		return -EINVAL;
4597 
4598 	if (attrs[NL80211_ATTR_IE]) {
4599 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
4600 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
4601 	}
4602 
4603 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
4604 		bcn->proberesp_ies =
4605 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4606 		bcn->proberesp_ies_len =
4607 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4608 	}
4609 
4610 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
4611 		bcn->assocresp_ies =
4612 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4613 		bcn->assocresp_ies_len =
4614 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4615 	}
4616 
4617 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
4618 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
4619 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
4620 	}
4621 
4622 	if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
4623 		struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
4624 
4625 		err = nla_parse_nested_deprecated(tb,
4626 						  NL80211_FTM_RESP_ATTR_MAX,
4627 						  attrs[NL80211_ATTR_FTM_RESPONDER],
4628 						  NULL, NULL);
4629 		if (err)
4630 			return err;
4631 
4632 		if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
4633 		    wiphy_ext_feature_isset(&rdev->wiphy,
4634 					    NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
4635 			bcn->ftm_responder = 1;
4636 		else
4637 			return -EOPNOTSUPP;
4638 
4639 		if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
4640 			bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
4641 			bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
4642 		}
4643 
4644 		if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
4645 			bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4646 			bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4647 		}
4648 	} else {
4649 		bcn->ftm_responder = -1;
4650 	}
4651 
4652 	return 0;
4653 }
4654 
4655 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
4656 				    struct ieee80211_he_obss_pd *he_obss_pd)
4657 {
4658 	struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
4659 	int err;
4660 
4661 	err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
4662 			       he_obss_pd_policy, NULL);
4663 	if (err)
4664 		return err;
4665 
4666 	if (!tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] ||
4667 	    !tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
4668 		return -EINVAL;
4669 
4670 	he_obss_pd->min_offset =
4671 		nla_get_u32(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
4672 	he_obss_pd->max_offset =
4673 		nla_get_u32(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
4674 
4675 	if (he_obss_pd->min_offset >= he_obss_pd->max_offset)
4676 		return -EINVAL;
4677 
4678 	he_obss_pd->enable = true;
4679 
4680 	return 0;
4681 }
4682 
4683 static int nl80211_parse_he_bss_color(struct nlattr *attrs,
4684 				      struct cfg80211_he_bss_color *he_bss_color)
4685 {
4686 	struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
4687 	int err;
4688 
4689 	err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
4690 			       he_bss_color_policy, NULL);
4691 	if (err)
4692 		return err;
4693 
4694 	if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
4695 		return -EINVAL;
4696 
4697 	he_bss_color->color =
4698 		nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
4699 	he_bss_color->disabled =
4700 		nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
4701 	he_bss_color->partial =
4702 		nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
4703 
4704 	return 0;
4705 }
4706 
4707 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
4708 					    const u8 *rates)
4709 {
4710 	int i;
4711 
4712 	if (!rates)
4713 		return;
4714 
4715 	for (i = 0; i < rates[1]; i++) {
4716 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
4717 			params->ht_required = true;
4718 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
4719 			params->vht_required = true;
4720 	}
4721 }
4722 
4723 /*
4724  * Since the nl80211 API didn't include, from the beginning, attributes about
4725  * HT/VHT requirements/capabilities, we parse them out of the IEs for the
4726  * benefit of drivers that rebuild IEs in the firmware.
4727  */
4728 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
4729 {
4730 	const struct cfg80211_beacon_data *bcn = &params->beacon;
4731 	size_t ies_len = bcn->tail_len;
4732 	const u8 *ies = bcn->tail;
4733 	const u8 *rates;
4734 	const u8 *cap;
4735 
4736 	rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
4737 	nl80211_check_ap_rate_selectors(params, rates);
4738 
4739 	rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
4740 	nl80211_check_ap_rate_selectors(params, rates);
4741 
4742 	cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
4743 	if (cap && cap[1] >= sizeof(*params->ht_cap))
4744 		params->ht_cap = (void *)(cap + 2);
4745 	cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
4746 	if (cap && cap[1] >= sizeof(*params->vht_cap))
4747 		params->vht_cap = (void *)(cap + 2);
4748 	cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
4749 	if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
4750 		params->he_cap = (void *)(cap + 3);
4751 }
4752 
4753 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
4754 				   struct cfg80211_ap_settings *params)
4755 {
4756 	struct wireless_dev *wdev;
4757 	bool ret = false;
4758 
4759 	list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4760 		if (wdev->iftype != NL80211_IFTYPE_AP &&
4761 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
4762 			continue;
4763 
4764 		if (!wdev->preset_chandef.chan)
4765 			continue;
4766 
4767 		params->chandef = wdev->preset_chandef;
4768 		ret = true;
4769 		break;
4770 	}
4771 
4772 	return ret;
4773 }
4774 
4775 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
4776 				    enum nl80211_auth_type auth_type,
4777 				    enum nl80211_commands cmd)
4778 {
4779 	if (auth_type > NL80211_AUTHTYPE_MAX)
4780 		return false;
4781 
4782 	switch (cmd) {
4783 	case NL80211_CMD_AUTHENTICATE:
4784 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4785 		    auth_type == NL80211_AUTHTYPE_SAE)
4786 			return false;
4787 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
4788 					     NL80211_EXT_FEATURE_FILS_STA) &&
4789 		    (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4790 		     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4791 		     auth_type == NL80211_AUTHTYPE_FILS_PK))
4792 			return false;
4793 		return true;
4794 	case NL80211_CMD_CONNECT:
4795 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4796 		    !wiphy_ext_feature_isset(&rdev->wiphy,
4797 					     NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
4798 		    auth_type == NL80211_AUTHTYPE_SAE)
4799 			return false;
4800 
4801 		/* FILS with SK PFS or PK not supported yet */
4802 		if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4803 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
4804 			return false;
4805 		if (!wiphy_ext_feature_isset(
4806 			    &rdev->wiphy,
4807 			    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
4808 		    auth_type == NL80211_AUTHTYPE_FILS_SK)
4809 			return false;
4810 		return true;
4811 	case NL80211_CMD_START_AP:
4812 		/* SAE not supported yet */
4813 		if (auth_type == NL80211_AUTHTYPE_SAE)
4814 			return false;
4815 		/* FILS not supported yet */
4816 		if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4817 		    auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4818 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
4819 			return false;
4820 		return true;
4821 	default:
4822 		return false;
4823 	}
4824 }
4825 
4826 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
4827 {
4828 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4829 	struct net_device *dev = info->user_ptr[1];
4830 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4831 	struct cfg80211_ap_settings params;
4832 	int err;
4833 
4834 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4835 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4836 		return -EOPNOTSUPP;
4837 
4838 	if (!rdev->ops->start_ap)
4839 		return -EOPNOTSUPP;
4840 
4841 	if (wdev->beacon_interval)
4842 		return -EALREADY;
4843 
4844 	memset(&params, 0, sizeof(params));
4845 
4846 	/* these are required for START_AP */
4847 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
4848 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
4849 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
4850 		return -EINVAL;
4851 
4852 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon);
4853 	if (err)
4854 		return err;
4855 
4856 	params.beacon_interval =
4857 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4858 	params.dtim_period =
4859 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
4860 
4861 	err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
4862 					   params.beacon_interval);
4863 	if (err)
4864 		return err;
4865 
4866 	/*
4867 	 * In theory, some of these attributes should be required here
4868 	 * but since they were not used when the command was originally
4869 	 * added, keep them optional for old user space programs to let
4870 	 * them continue to work with drivers that do not need the
4871 	 * additional information -- drivers must check!
4872 	 */
4873 	if (info->attrs[NL80211_ATTR_SSID]) {
4874 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4875 		params.ssid_len =
4876 			nla_len(info->attrs[NL80211_ATTR_SSID]);
4877 		if (params.ssid_len == 0 ||
4878 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
4879 			return -EINVAL;
4880 	}
4881 
4882 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
4883 		params.hidden_ssid = nla_get_u32(
4884 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4885 
4886 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4887 
4888 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4889 		params.auth_type = nla_get_u32(
4890 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
4891 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
4892 					     NL80211_CMD_START_AP))
4893 			return -EINVAL;
4894 	} else
4895 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4896 
4897 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
4898 				      NL80211_MAX_NR_CIPHER_SUITES);
4899 	if (err)
4900 		return err;
4901 
4902 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4903 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4904 			return -EOPNOTSUPP;
4905 		params.inactivity_timeout = nla_get_u16(
4906 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4907 	}
4908 
4909 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4910 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4911 			return -EINVAL;
4912 		params.p2p_ctwindow =
4913 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4914 		if (params.p2p_ctwindow != 0 &&
4915 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4916 			return -EINVAL;
4917 	}
4918 
4919 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4920 		u8 tmp;
4921 
4922 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4923 			return -EINVAL;
4924 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4925 		params.p2p_opp_ps = tmp;
4926 		if (params.p2p_opp_ps != 0 &&
4927 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4928 			return -EINVAL;
4929 	}
4930 
4931 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4932 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
4933 		if (err)
4934 			return err;
4935 	} else if (wdev->preset_chandef.chan) {
4936 		params.chandef = wdev->preset_chandef;
4937 	} else if (!nl80211_get_ap_channel(rdev, &params))
4938 		return -EINVAL;
4939 
4940 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
4941 					   wdev->iftype))
4942 		return -EINVAL;
4943 
4944 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
4945 		err = nl80211_parse_tx_bitrate_mask(info, &params.beacon_rate);
4946 		if (err)
4947 			return err;
4948 
4949 		err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4950 					      &params.beacon_rate);
4951 		if (err)
4952 			return err;
4953 	}
4954 
4955 	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4956 		params.smps_mode =
4957 			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4958 		switch (params.smps_mode) {
4959 		case NL80211_SMPS_OFF:
4960 			break;
4961 		case NL80211_SMPS_STATIC:
4962 			if (!(rdev->wiphy.features &
4963 			      NL80211_FEATURE_STATIC_SMPS))
4964 				return -EINVAL;
4965 			break;
4966 		case NL80211_SMPS_DYNAMIC:
4967 			if (!(rdev->wiphy.features &
4968 			      NL80211_FEATURE_DYNAMIC_SMPS))
4969 				return -EINVAL;
4970 			break;
4971 		default:
4972 			return -EINVAL;
4973 		}
4974 	} else {
4975 		params.smps_mode = NL80211_SMPS_OFF;
4976 	}
4977 
4978 	params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4979 	if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4980 		return -EOPNOTSUPP;
4981 
4982 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4983 		params.acl = parse_acl_data(&rdev->wiphy, info);
4984 		if (IS_ERR(params.acl))
4985 			return PTR_ERR(params.acl);
4986 	}
4987 
4988 	params.twt_responder =
4989 		    nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
4990 
4991 	if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
4992 		err = nl80211_parse_he_obss_pd(
4993 					info->attrs[NL80211_ATTR_HE_OBSS_PD],
4994 					&params.he_obss_pd);
4995 		goto out;
4996 	}
4997 
4998 	if (info->attrs[NL80211_ATTR_HE_BSS_COLOR]) {
4999 		err = nl80211_parse_he_bss_color(
5000 					info->attrs[NL80211_ATTR_HE_BSS_COLOR],
5001 					&params.he_bss_color);
5002 		if (err)
5003 			return err;
5004 	}
5005 
5006 	nl80211_calculate_ap_params(&params);
5007 
5008 	if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
5009 		params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
5010 
5011 	wdev_lock(wdev);
5012 	err = rdev_start_ap(rdev, dev, &params);
5013 	if (!err) {
5014 		wdev->preset_chandef = params.chandef;
5015 		wdev->beacon_interval = params.beacon_interval;
5016 		wdev->chandef = params.chandef;
5017 		wdev->ssid_len = params.ssid_len;
5018 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
5019 
5020 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
5021 			wdev->conn_owner_nlportid = info->snd_portid;
5022 	}
5023 	wdev_unlock(wdev);
5024 
5025 out:
5026 	kfree(params.acl);
5027 
5028 	return err;
5029 }
5030 
5031 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
5032 {
5033 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5034 	struct net_device *dev = info->user_ptr[1];
5035 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5036 	struct cfg80211_beacon_data params;
5037 	int err;
5038 
5039 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5040 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5041 		return -EOPNOTSUPP;
5042 
5043 	if (!rdev->ops->change_beacon)
5044 		return -EOPNOTSUPP;
5045 
5046 	if (!wdev->beacon_interval)
5047 		return -EINVAL;
5048 
5049 	err = nl80211_parse_beacon(rdev, info->attrs, &params);
5050 	if (err)
5051 		return err;
5052 
5053 	wdev_lock(wdev);
5054 	err = rdev_change_beacon(rdev, dev, &params);
5055 	wdev_unlock(wdev);
5056 
5057 	return err;
5058 }
5059 
5060 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
5061 {
5062 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5063 	struct net_device *dev = info->user_ptr[1];
5064 
5065 	return cfg80211_stop_ap(rdev, dev, false);
5066 }
5067 
5068 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
5069 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
5070 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
5071 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
5072 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
5073 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
5074 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
5075 };
5076 
5077 static int parse_station_flags(struct genl_info *info,
5078 			       enum nl80211_iftype iftype,
5079 			       struct station_parameters *params)
5080 {
5081 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
5082 	struct nlattr *nla;
5083 	int flag;
5084 
5085 	/*
5086 	 * Try parsing the new attribute first so userspace
5087 	 * can specify both for older kernels.
5088 	 */
5089 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
5090 	if (nla) {
5091 		struct nl80211_sta_flag_update *sta_flags;
5092 
5093 		sta_flags = nla_data(nla);
5094 		params->sta_flags_mask = sta_flags->mask;
5095 		params->sta_flags_set = sta_flags->set;
5096 		params->sta_flags_set &= params->sta_flags_mask;
5097 		if ((params->sta_flags_mask |
5098 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
5099 			return -EINVAL;
5100 		return 0;
5101 	}
5102 
5103 	/* if present, parse the old attribute */
5104 
5105 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
5106 	if (!nla)
5107 		return 0;
5108 
5109 	if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
5110 		return -EINVAL;
5111 
5112 	/*
5113 	 * Only allow certain flags for interface types so that
5114 	 * other attributes are silently ignored. Remember that
5115 	 * this is backward compatibility code with old userspace
5116 	 * and shouldn't be hit in other cases anyway.
5117 	 */
5118 	switch (iftype) {
5119 	case NL80211_IFTYPE_AP:
5120 	case NL80211_IFTYPE_AP_VLAN:
5121 	case NL80211_IFTYPE_P2P_GO:
5122 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5123 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5124 					 BIT(NL80211_STA_FLAG_WME) |
5125 					 BIT(NL80211_STA_FLAG_MFP);
5126 		break;
5127 	case NL80211_IFTYPE_P2P_CLIENT:
5128 	case NL80211_IFTYPE_STATION:
5129 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5130 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
5131 		break;
5132 	case NL80211_IFTYPE_MESH_POINT:
5133 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5134 					 BIT(NL80211_STA_FLAG_MFP) |
5135 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
5136 		break;
5137 	default:
5138 		return -EINVAL;
5139 	}
5140 
5141 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
5142 		if (flags[flag]) {
5143 			params->sta_flags_set |= (1<<flag);
5144 
5145 			/* no longer support new API additions in old API */
5146 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
5147 				return -EINVAL;
5148 		}
5149 	}
5150 
5151 	return 0;
5152 }
5153 
5154 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
5155 {
5156 	struct nlattr *rate;
5157 	u32 bitrate;
5158 	u16 bitrate_compat;
5159 	enum nl80211_rate_info rate_flg;
5160 
5161 	rate = nla_nest_start_noflag(msg, attr);
5162 	if (!rate)
5163 		return false;
5164 
5165 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
5166 	bitrate = cfg80211_calculate_bitrate(info);
5167 	/* report 16-bit bitrate only if we can */
5168 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
5169 	if (bitrate > 0 &&
5170 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
5171 		return false;
5172 	if (bitrate_compat > 0 &&
5173 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
5174 		return false;
5175 
5176 	switch (info->bw) {
5177 	case RATE_INFO_BW_5:
5178 		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
5179 		break;
5180 	case RATE_INFO_BW_10:
5181 		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
5182 		break;
5183 	default:
5184 		WARN_ON(1);
5185 		/* fall through */
5186 	case RATE_INFO_BW_20:
5187 		rate_flg = 0;
5188 		break;
5189 	case RATE_INFO_BW_40:
5190 		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
5191 		break;
5192 	case RATE_INFO_BW_80:
5193 		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
5194 		break;
5195 	case RATE_INFO_BW_160:
5196 		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
5197 		break;
5198 	case RATE_INFO_BW_HE_RU:
5199 		rate_flg = 0;
5200 		WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
5201 	}
5202 
5203 	if (rate_flg && nla_put_flag(msg, rate_flg))
5204 		return false;
5205 
5206 	if (info->flags & RATE_INFO_FLAGS_MCS) {
5207 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
5208 			return false;
5209 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5210 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5211 			return false;
5212 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
5213 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
5214 			return false;
5215 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
5216 			return false;
5217 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5218 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5219 			return false;
5220 	} else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
5221 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
5222 			return false;
5223 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
5224 			return false;
5225 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
5226 			return false;
5227 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
5228 			return false;
5229 		if (info->bw == RATE_INFO_BW_HE_RU &&
5230 		    nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
5231 			       info->he_ru_alloc))
5232 			return false;
5233 	}
5234 
5235 	nla_nest_end(msg, rate);
5236 	return true;
5237 }
5238 
5239 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
5240 			       int id)
5241 {
5242 	void *attr;
5243 	int i = 0;
5244 
5245 	if (!mask)
5246 		return true;
5247 
5248 	attr = nla_nest_start_noflag(msg, id);
5249 	if (!attr)
5250 		return false;
5251 
5252 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
5253 		if (!(mask & BIT(i)))
5254 			continue;
5255 
5256 		if (nla_put_u8(msg, i, signal[i]))
5257 			return false;
5258 	}
5259 
5260 	nla_nest_end(msg, attr);
5261 
5262 	return true;
5263 }
5264 
5265 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
5266 				u32 seq, int flags,
5267 				struct cfg80211_registered_device *rdev,
5268 				struct net_device *dev,
5269 				const u8 *mac_addr, struct station_info *sinfo)
5270 {
5271 	void *hdr;
5272 	struct nlattr *sinfoattr, *bss_param;
5273 
5274 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
5275 	if (!hdr) {
5276 		cfg80211_sinfo_release_content(sinfo);
5277 		return -1;
5278 	}
5279 
5280 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5281 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
5282 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
5283 		goto nla_put_failure;
5284 
5285 	sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
5286 	if (!sinfoattr)
5287 		goto nla_put_failure;
5288 
5289 #define PUT_SINFO(attr, memb, type) do {				\
5290 	BUILD_BUG_ON(sizeof(type) == sizeof(u64));			\
5291 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
5292 	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
5293 			     sinfo->memb))				\
5294 		goto nla_put_failure;					\
5295 	} while (0)
5296 #define PUT_SINFO_U64(attr, memb) do {					\
5297 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
5298 	    nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr,		\
5299 			      sinfo->memb, NL80211_STA_INFO_PAD))	\
5300 		goto nla_put_failure;					\
5301 	} while (0)
5302 
5303 	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
5304 	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
5305 	PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
5306 
5307 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
5308 			     BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
5309 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
5310 			(u32)sinfo->rx_bytes))
5311 		goto nla_put_failure;
5312 
5313 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
5314 			     BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
5315 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
5316 			(u32)sinfo->tx_bytes))
5317 		goto nla_put_failure;
5318 
5319 	PUT_SINFO_U64(RX_BYTES64, rx_bytes);
5320 	PUT_SINFO_U64(TX_BYTES64, tx_bytes);
5321 	PUT_SINFO(LLID, llid, u16);
5322 	PUT_SINFO(PLID, plid, u16);
5323 	PUT_SINFO(PLINK_STATE, plink_state, u8);
5324 	PUT_SINFO_U64(RX_DURATION, rx_duration);
5325 	PUT_SINFO_U64(TX_DURATION, tx_duration);
5326 
5327 	if (wiphy_ext_feature_isset(&rdev->wiphy,
5328 				    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5329 		PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
5330 
5331 	switch (rdev->wiphy.signal_type) {
5332 	case CFG80211_SIGNAL_TYPE_MBM:
5333 		PUT_SINFO(SIGNAL, signal, u8);
5334 		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
5335 		break;
5336 	default:
5337 		break;
5338 	}
5339 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
5340 		if (!nl80211_put_signal(msg, sinfo->chains,
5341 					sinfo->chain_signal,
5342 					NL80211_STA_INFO_CHAIN_SIGNAL))
5343 			goto nla_put_failure;
5344 	}
5345 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
5346 		if (!nl80211_put_signal(msg, sinfo->chains,
5347 					sinfo->chain_signal_avg,
5348 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
5349 			goto nla_put_failure;
5350 	}
5351 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
5352 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
5353 					  NL80211_STA_INFO_TX_BITRATE))
5354 			goto nla_put_failure;
5355 	}
5356 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
5357 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
5358 					  NL80211_STA_INFO_RX_BITRATE))
5359 			goto nla_put_failure;
5360 	}
5361 
5362 	PUT_SINFO(RX_PACKETS, rx_packets, u32);
5363 	PUT_SINFO(TX_PACKETS, tx_packets, u32);
5364 	PUT_SINFO(TX_RETRIES, tx_retries, u32);
5365 	PUT_SINFO(TX_FAILED, tx_failed, u32);
5366 	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
5367 	PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
5368 	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
5369 	PUT_SINFO(LOCAL_PM, local_pm, u32);
5370 	PUT_SINFO(PEER_PM, peer_pm, u32);
5371 	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
5372 	PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
5373 
5374 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5375 		bss_param = nla_nest_start_noflag(msg,
5376 						  NL80211_STA_INFO_BSS_PARAM);
5377 		if (!bss_param)
5378 			goto nla_put_failure;
5379 
5380 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5381 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5382 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5383 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5384 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5385 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5386 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5387 			       sinfo->bss_param.dtim_period) ||
5388 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5389 				sinfo->bss_param.beacon_interval))
5390 			goto nla_put_failure;
5391 
5392 		nla_nest_end(msg, bss_param);
5393 	}
5394 	if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5395 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5396 		    sizeof(struct nl80211_sta_flag_update),
5397 		    &sinfo->sta_flags))
5398 		goto nla_put_failure;
5399 
5400 	PUT_SINFO_U64(T_OFFSET, t_offset);
5401 	PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5402 	PUT_SINFO_U64(BEACON_RX, rx_beacon);
5403 	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5404 	PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5405 	PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5406 	if (wiphy_ext_feature_isset(&rdev->wiphy,
5407 				    NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5408 		PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5409 		PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5410 	}
5411 
5412 #undef PUT_SINFO
5413 #undef PUT_SINFO_U64
5414 
5415 	if (sinfo->pertid) {
5416 		struct nlattr *tidsattr;
5417 		int tid;
5418 
5419 		tidsattr = nla_nest_start_noflag(msg,
5420 						 NL80211_STA_INFO_TID_STATS);
5421 		if (!tidsattr)
5422 			goto nla_put_failure;
5423 
5424 		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5425 			struct cfg80211_tid_stats *tidstats;
5426 			struct nlattr *tidattr;
5427 
5428 			tidstats = &sinfo->pertid[tid];
5429 
5430 			if (!tidstats->filled)
5431 				continue;
5432 
5433 			tidattr = nla_nest_start_noflag(msg, tid + 1);
5434 			if (!tidattr)
5435 				goto nla_put_failure;
5436 
5437 #define PUT_TIDVAL_U64(attr, memb) do {					\
5438 	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
5439 	    nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr,		\
5440 			      tidstats->memb, NL80211_TID_STATS_PAD))	\
5441 		goto nla_put_failure;					\
5442 	} while (0)
5443 
5444 			PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5445 			PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5446 			PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5447 			PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5448 
5449 #undef PUT_TIDVAL_U64
5450 			if ((tidstats->filled &
5451 			     BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5452 			    !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5453 						   NL80211_TID_STATS_TXQ_STATS))
5454 				goto nla_put_failure;
5455 
5456 			nla_nest_end(msg, tidattr);
5457 		}
5458 
5459 		nla_nest_end(msg, tidsattr);
5460 	}
5461 
5462 	nla_nest_end(msg, sinfoattr);
5463 
5464 	if (sinfo->assoc_req_ies_len &&
5465 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5466 		    sinfo->assoc_req_ies))
5467 		goto nla_put_failure;
5468 
5469 	cfg80211_sinfo_release_content(sinfo);
5470 	genlmsg_end(msg, hdr);
5471 	return 0;
5472 
5473  nla_put_failure:
5474 	cfg80211_sinfo_release_content(sinfo);
5475 	genlmsg_cancel(msg, hdr);
5476 	return -EMSGSIZE;
5477 }
5478 
5479 static int nl80211_dump_station(struct sk_buff *skb,
5480 				struct netlink_callback *cb)
5481 {
5482 	struct station_info sinfo;
5483 	struct cfg80211_registered_device *rdev;
5484 	struct wireless_dev *wdev;
5485 	u8 mac_addr[ETH_ALEN];
5486 	int sta_idx = cb->args[2];
5487 	int err;
5488 
5489 	rtnl_lock();
5490 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5491 	if (err)
5492 		goto out_err;
5493 
5494 	if (!wdev->netdev) {
5495 		err = -EINVAL;
5496 		goto out_err;
5497 	}
5498 
5499 	if (!rdev->ops->dump_station) {
5500 		err = -EOPNOTSUPP;
5501 		goto out_err;
5502 	}
5503 
5504 	while (1) {
5505 		memset(&sinfo, 0, sizeof(sinfo));
5506 		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
5507 					mac_addr, &sinfo);
5508 		if (err == -ENOENT)
5509 			break;
5510 		if (err)
5511 			goto out_err;
5512 
5513 		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
5514 				NETLINK_CB(cb->skb).portid,
5515 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
5516 				rdev, wdev->netdev, mac_addr,
5517 				&sinfo) < 0)
5518 			goto out;
5519 
5520 		sta_idx++;
5521 	}
5522 
5523  out:
5524 	cb->args[2] = sta_idx;
5525 	err = skb->len;
5526  out_err:
5527 	rtnl_unlock();
5528 
5529 	return err;
5530 }
5531 
5532 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
5533 {
5534 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5535 	struct net_device *dev = info->user_ptr[1];
5536 	struct station_info sinfo;
5537 	struct sk_buff *msg;
5538 	u8 *mac_addr = NULL;
5539 	int err;
5540 
5541 	memset(&sinfo, 0, sizeof(sinfo));
5542 
5543 	if (!info->attrs[NL80211_ATTR_MAC])
5544 		return -EINVAL;
5545 
5546 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5547 
5548 	if (!rdev->ops->get_station)
5549 		return -EOPNOTSUPP;
5550 
5551 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
5552 	if (err)
5553 		return err;
5554 
5555 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5556 	if (!msg) {
5557 		cfg80211_sinfo_release_content(&sinfo);
5558 		return -ENOMEM;
5559 	}
5560 
5561 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
5562 				 info->snd_portid, info->snd_seq, 0,
5563 				 rdev, dev, mac_addr, &sinfo) < 0) {
5564 		nlmsg_free(msg);
5565 		return -ENOBUFS;
5566 	}
5567 
5568 	return genlmsg_reply(msg, info);
5569 }
5570 
5571 int cfg80211_check_station_change(struct wiphy *wiphy,
5572 				  struct station_parameters *params,
5573 				  enum cfg80211_station_type statype)
5574 {
5575 	if (params->listen_interval != -1 &&
5576 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5577 		return -EINVAL;
5578 
5579 	if (params->support_p2p_ps != -1 &&
5580 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5581 		return -EINVAL;
5582 
5583 	if (params->aid &&
5584 	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
5585 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5586 		return -EINVAL;
5587 
5588 	/* When you run into this, adjust the code below for the new flag */
5589 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5590 
5591 	switch (statype) {
5592 	case CFG80211_STA_MESH_PEER_KERNEL:
5593 	case CFG80211_STA_MESH_PEER_USER:
5594 		/*
5595 		 * No ignoring the TDLS flag here -- the userspace mesh
5596 		 * code doesn't have the bug of including TDLS in the
5597 		 * mask everywhere.
5598 		 */
5599 		if (params->sta_flags_mask &
5600 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5601 				  BIT(NL80211_STA_FLAG_MFP) |
5602 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
5603 			return -EINVAL;
5604 		break;
5605 	case CFG80211_STA_TDLS_PEER_SETUP:
5606 	case CFG80211_STA_TDLS_PEER_ACTIVE:
5607 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5608 			return -EINVAL;
5609 		/* ignore since it can't change */
5610 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5611 		break;
5612 	default:
5613 		/* disallow mesh-specific things */
5614 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
5615 			return -EINVAL;
5616 		if (params->local_pm)
5617 			return -EINVAL;
5618 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5619 			return -EINVAL;
5620 	}
5621 
5622 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5623 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
5624 		/* TDLS can't be set, ... */
5625 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
5626 			return -EINVAL;
5627 		/*
5628 		 * ... but don't bother the driver with it. This works around
5629 		 * a hostapd/wpa_supplicant issue -- it always includes the
5630 		 * TLDS_PEER flag in the mask even for AP mode.
5631 		 */
5632 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5633 	}
5634 
5635 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5636 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5637 		/* reject other things that can't change */
5638 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
5639 			return -EINVAL;
5640 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
5641 			return -EINVAL;
5642 		if (params->supported_rates)
5643 			return -EINVAL;
5644 		if (params->ext_capab || params->ht_capa || params->vht_capa ||
5645 		    params->he_capa)
5646 			return -EINVAL;
5647 	}
5648 
5649 	if (statype != CFG80211_STA_AP_CLIENT &&
5650 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5651 		if (params->vlan)
5652 			return -EINVAL;
5653 	}
5654 
5655 	switch (statype) {
5656 	case CFG80211_STA_AP_MLME_CLIENT:
5657 		/* Use this only for authorizing/unauthorizing a station */
5658 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5659 			return -EOPNOTSUPP;
5660 		break;
5661 	case CFG80211_STA_AP_CLIENT:
5662 	case CFG80211_STA_AP_CLIENT_UNASSOC:
5663 		/* accept only the listed bits */
5664 		if (params->sta_flags_mask &
5665 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5666 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5667 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
5668 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5669 				  BIT(NL80211_STA_FLAG_WME) |
5670 				  BIT(NL80211_STA_FLAG_MFP)))
5671 			return -EINVAL;
5672 
5673 		/* but authenticated/associated only if driver handles it */
5674 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5675 		    params->sta_flags_mask &
5676 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5677 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
5678 			return -EINVAL;
5679 		break;
5680 	case CFG80211_STA_IBSS:
5681 	case CFG80211_STA_AP_STA:
5682 		/* reject any changes other than AUTHORIZED */
5683 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
5684 			return -EINVAL;
5685 		break;
5686 	case CFG80211_STA_TDLS_PEER_SETUP:
5687 		/* reject any changes other than AUTHORIZED or WME */
5688 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5689 					       BIT(NL80211_STA_FLAG_WME)))
5690 			return -EINVAL;
5691 		/* force (at least) rates when authorizing */
5692 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
5693 		    !params->supported_rates)
5694 			return -EINVAL;
5695 		break;
5696 	case CFG80211_STA_TDLS_PEER_ACTIVE:
5697 		/* reject any changes */
5698 		return -EINVAL;
5699 	case CFG80211_STA_MESH_PEER_KERNEL:
5700 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5701 			return -EINVAL;
5702 		break;
5703 	case CFG80211_STA_MESH_PEER_USER:
5704 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
5705 		    params->plink_action != NL80211_PLINK_ACTION_BLOCK)
5706 			return -EINVAL;
5707 		break;
5708 	}
5709 
5710 	/*
5711 	 * Older kernel versions ignored this attribute entirely, so don't
5712 	 * reject attempts to update it but mark it as unused instead so the
5713 	 * driver won't look at the data.
5714 	 */
5715 	if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
5716 	    statype != CFG80211_STA_TDLS_PEER_SETUP)
5717 		params->opmode_notif_used = false;
5718 
5719 	return 0;
5720 }
5721 EXPORT_SYMBOL(cfg80211_check_station_change);
5722 
5723 /*
5724  * Get vlan interface making sure it is running and on the right wiphy.
5725  */
5726 static struct net_device *get_vlan(struct genl_info *info,
5727 				   struct cfg80211_registered_device *rdev)
5728 {
5729 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
5730 	struct net_device *v;
5731 	int ret;
5732 
5733 	if (!vlanattr)
5734 		return NULL;
5735 
5736 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
5737 	if (!v)
5738 		return ERR_PTR(-ENODEV);
5739 
5740 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
5741 		ret = -EINVAL;
5742 		goto error;
5743 	}
5744 
5745 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5746 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5747 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
5748 		ret = -EINVAL;
5749 		goto error;
5750 	}
5751 
5752 	if (!netif_running(v)) {
5753 		ret = -ENETDOWN;
5754 		goto error;
5755 	}
5756 
5757 	return v;
5758  error:
5759 	dev_put(v);
5760 	return ERR_PTR(ret);
5761 }
5762 
5763 static const struct nla_policy
5764 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
5765 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
5766 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
5767 };
5768 
5769 static int nl80211_parse_sta_wme(struct genl_info *info,
5770 				 struct station_parameters *params)
5771 {
5772 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
5773 	struct nlattr *nla;
5774 	int err;
5775 
5776 	/* parse WME attributes if present */
5777 	if (!info->attrs[NL80211_ATTR_STA_WME])
5778 		return 0;
5779 
5780 	nla = info->attrs[NL80211_ATTR_STA_WME];
5781 	err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
5782 					  nl80211_sta_wme_policy,
5783 					  info->extack);
5784 	if (err)
5785 		return err;
5786 
5787 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
5788 		params->uapsd_queues = nla_get_u8(
5789 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
5790 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
5791 		return -EINVAL;
5792 
5793 	if (tb[NL80211_STA_WME_MAX_SP])
5794 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
5795 
5796 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
5797 		return -EINVAL;
5798 
5799 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
5800 
5801 	return 0;
5802 }
5803 
5804 static int nl80211_parse_sta_channel_info(struct genl_info *info,
5805 				      struct station_parameters *params)
5806 {
5807 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
5808 		params->supported_channels =
5809 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5810 		params->supported_channels_len =
5811 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5812 		/*
5813 		 * Need to include at least one (first channel, number of
5814 		 * channels) tuple for each subband, and must have proper
5815 		 * tuples for the rest of the data as well.
5816 		 */
5817 		if (params->supported_channels_len < 2)
5818 			return -EINVAL;
5819 		if (params->supported_channels_len % 2)
5820 			return -EINVAL;
5821 	}
5822 
5823 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
5824 		params->supported_oper_classes =
5825 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5826 		params->supported_oper_classes_len =
5827 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5828 		/*
5829 		 * The value of the Length field of the Supported Operating
5830 		 * Classes element is between 2 and 253.
5831 		 */
5832 		if (params->supported_oper_classes_len < 2 ||
5833 		    params->supported_oper_classes_len > 253)
5834 			return -EINVAL;
5835 	}
5836 	return 0;
5837 }
5838 
5839 static int nl80211_set_station_tdls(struct genl_info *info,
5840 				    struct station_parameters *params)
5841 {
5842 	int err;
5843 	/* Dummy STA entry gets updated once the peer capabilities are known */
5844 	if (info->attrs[NL80211_ATTR_PEER_AID])
5845 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5846 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5847 		params->ht_capa =
5848 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5849 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5850 		params->vht_capa =
5851 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5852 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5853 		params->he_capa =
5854 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5855 		params->he_capa_len =
5856 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5857 
5858 		if (params->he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5859 			return -EINVAL;
5860 	}
5861 
5862 	err = nl80211_parse_sta_channel_info(info, params);
5863 	if (err)
5864 		return err;
5865 
5866 	return nl80211_parse_sta_wme(info, params);
5867 }
5868 
5869 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
5870 					     struct station_parameters *params)
5871 {
5872 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5873 	int idx;
5874 
5875 	if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
5876 		if (!rdev->ops->set_tx_power ||
5877 		    !wiphy_ext_feature_isset(&rdev->wiphy,
5878 					 NL80211_EXT_FEATURE_STA_TX_PWR))
5879 			return -EOPNOTSUPP;
5880 
5881 		idx = NL80211_ATTR_STA_TX_POWER_SETTING;
5882 		params->txpwr.type = nla_get_u8(info->attrs[idx]);
5883 
5884 		if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
5885 			idx = NL80211_ATTR_STA_TX_POWER;
5886 
5887 			if (info->attrs[idx])
5888 				params->txpwr.power =
5889 					nla_get_s16(info->attrs[idx]);
5890 			else
5891 				return -EINVAL;
5892 		}
5893 		params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
5894 	}
5895 
5896 	return 0;
5897 }
5898 
5899 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
5900 {
5901 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5902 	struct net_device *dev = info->user_ptr[1];
5903 	struct station_parameters params;
5904 	u8 *mac_addr;
5905 	int err;
5906 
5907 	memset(&params, 0, sizeof(params));
5908 
5909 	if (!rdev->ops->change_station)
5910 		return -EOPNOTSUPP;
5911 
5912 	/*
5913 	 * AID and listen_interval properties can be set only for unassociated
5914 	 * station. Include these parameters here and will check them in
5915 	 * cfg80211_check_station_change().
5916 	 */
5917 	if (info->attrs[NL80211_ATTR_STA_AID])
5918 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5919 
5920 	if (info->attrs[NL80211_ATTR_VLAN_ID])
5921 		params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
5922 
5923 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5924 		params.listen_interval =
5925 		     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5926 	else
5927 		params.listen_interval = -1;
5928 
5929 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
5930 		params.support_p2p_ps =
5931 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5932 	else
5933 		params.support_p2p_ps = -1;
5934 
5935 	if (!info->attrs[NL80211_ATTR_MAC])
5936 		return -EINVAL;
5937 
5938 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5939 
5940 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
5941 		params.supported_rates =
5942 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5943 		params.supported_rates_len =
5944 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5945 	}
5946 
5947 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5948 		params.capability =
5949 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5950 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5951 	}
5952 
5953 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5954 		params.ext_capab =
5955 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5956 		params.ext_capab_len =
5957 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5958 	}
5959 
5960 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5961 		return -EINVAL;
5962 
5963 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5964 		params.plink_action =
5965 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5966 
5967 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
5968 		params.plink_state =
5969 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
5970 		if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
5971 			params.peer_aid = nla_get_u16(
5972 				info->attrs[NL80211_ATTR_MESH_PEER_AID]);
5973 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
5974 	}
5975 
5976 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
5977 		params.local_pm = nla_get_u32(
5978 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5979 
5980 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5981 		params.opmode_notif_used = true;
5982 		params.opmode_notif =
5983 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5984 	}
5985 
5986 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5987 		params.airtime_weight =
5988 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5989 
5990 	if (params.airtime_weight &&
5991 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5992 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5993 		return -EOPNOTSUPP;
5994 
5995 	err = nl80211_parse_sta_txpower_setting(info, &params);
5996 	if (err)
5997 		return err;
5998 
5999 	/* Include parameters for TDLS peer (will check later) */
6000 	err = nl80211_set_station_tdls(info, &params);
6001 	if (err)
6002 		return err;
6003 
6004 	params.vlan = get_vlan(info, rdev);
6005 	if (IS_ERR(params.vlan))
6006 		return PTR_ERR(params.vlan);
6007 
6008 	switch (dev->ieee80211_ptr->iftype) {
6009 	case NL80211_IFTYPE_AP:
6010 	case NL80211_IFTYPE_AP_VLAN:
6011 	case NL80211_IFTYPE_P2P_GO:
6012 	case NL80211_IFTYPE_P2P_CLIENT:
6013 	case NL80211_IFTYPE_STATION:
6014 	case NL80211_IFTYPE_ADHOC:
6015 	case NL80211_IFTYPE_MESH_POINT:
6016 		break;
6017 	default:
6018 		err = -EOPNOTSUPP;
6019 		goto out_put_vlan;
6020 	}
6021 
6022 	/* driver will call cfg80211_check_station_change() */
6023 	err = rdev_change_station(rdev, dev, mac_addr, &params);
6024 
6025  out_put_vlan:
6026 	if (params.vlan)
6027 		dev_put(params.vlan);
6028 
6029 	return err;
6030 }
6031 
6032 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
6033 {
6034 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6035 	int err;
6036 	struct net_device *dev = info->user_ptr[1];
6037 	struct station_parameters params;
6038 	u8 *mac_addr = NULL;
6039 	u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6040 			 BIT(NL80211_STA_FLAG_ASSOCIATED);
6041 
6042 	memset(&params, 0, sizeof(params));
6043 
6044 	if (!rdev->ops->add_station)
6045 		return -EOPNOTSUPP;
6046 
6047 	if (!info->attrs[NL80211_ATTR_MAC])
6048 		return -EINVAL;
6049 
6050 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
6051 		return -EINVAL;
6052 
6053 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
6054 		return -EINVAL;
6055 
6056 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
6057 	    !info->attrs[NL80211_ATTR_PEER_AID])
6058 		return -EINVAL;
6059 
6060 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6061 	params.supported_rates =
6062 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6063 	params.supported_rates_len =
6064 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6065 	params.listen_interval =
6066 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
6067 
6068 	if (info->attrs[NL80211_ATTR_VLAN_ID])
6069 		params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
6070 
6071 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
6072 		params.support_p2p_ps =
6073 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
6074 	} else {
6075 		/*
6076 		 * if not specified, assume it's supported for P2P GO interface,
6077 		 * and is NOT supported for AP interface
6078 		 */
6079 		params.support_p2p_ps =
6080 			dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
6081 	}
6082 
6083 	if (info->attrs[NL80211_ATTR_PEER_AID])
6084 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
6085 	else
6086 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
6087 
6088 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
6089 		params.capability =
6090 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
6091 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
6092 	}
6093 
6094 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
6095 		params.ext_capab =
6096 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6097 		params.ext_capab_len =
6098 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6099 	}
6100 
6101 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
6102 		params.ht_capa =
6103 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
6104 
6105 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
6106 		params.vht_capa =
6107 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
6108 
6109 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
6110 		params.he_capa =
6111 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6112 		params.he_capa_len =
6113 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6114 
6115 		/* max len is validated in nla policy */
6116 		if (params.he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
6117 			return -EINVAL;
6118 	}
6119 
6120 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6121 		params.opmode_notif_used = true;
6122 		params.opmode_notif =
6123 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6124 	}
6125 
6126 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
6127 		params.plink_action =
6128 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
6129 
6130 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6131 		params.airtime_weight =
6132 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6133 
6134 	if (params.airtime_weight &&
6135 	    !wiphy_ext_feature_isset(&rdev->wiphy,
6136 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6137 		return -EOPNOTSUPP;
6138 
6139 	err = nl80211_parse_sta_txpower_setting(info, &params);
6140 	if (err)
6141 		return err;
6142 
6143 	err = nl80211_parse_sta_channel_info(info, &params);
6144 	if (err)
6145 		return err;
6146 
6147 	err = nl80211_parse_sta_wme(info, &params);
6148 	if (err)
6149 		return err;
6150 
6151 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
6152 		return -EINVAL;
6153 
6154 	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
6155 	 * as userspace might just pass through the capabilities from the IEs
6156 	 * directly, rather than enforcing this restriction and returning an
6157 	 * error in this case.
6158 	 */
6159 	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
6160 		params.ht_capa = NULL;
6161 		params.vht_capa = NULL;
6162 
6163 		/* HE requires WME */
6164 		if (params.he_capa_len)
6165 			return -EINVAL;
6166 	}
6167 
6168 	/* When you run into this, adjust the code below for the new flag */
6169 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
6170 
6171 	switch (dev->ieee80211_ptr->iftype) {
6172 	case NL80211_IFTYPE_AP:
6173 	case NL80211_IFTYPE_AP_VLAN:
6174 	case NL80211_IFTYPE_P2P_GO:
6175 		/* ignore WME attributes if iface/sta is not capable */
6176 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
6177 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
6178 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6179 
6180 		/* TDLS peers cannot be added */
6181 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6182 		    info->attrs[NL80211_ATTR_PEER_AID])
6183 			return -EINVAL;
6184 		/* but don't bother the driver with it */
6185 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6186 
6187 		/* allow authenticated/associated only if driver handles it */
6188 		if (!(rdev->wiphy.features &
6189 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6190 		    params.sta_flags_mask & auth_assoc)
6191 			return -EINVAL;
6192 
6193 		/* Older userspace, or userspace wanting to be compatible with
6194 		 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
6195 		 * and assoc flags in the mask, but assumes the station will be
6196 		 * added as associated anyway since this was the required driver
6197 		 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
6198 		 * introduced.
6199 		 * In order to not bother drivers with this quirk in the API
6200 		 * set the flags in both the mask and set for new stations in
6201 		 * this case.
6202 		 */
6203 		if (!(params.sta_flags_mask & auth_assoc)) {
6204 			params.sta_flags_mask |= auth_assoc;
6205 			params.sta_flags_set |= auth_assoc;
6206 		}
6207 
6208 		/* must be last in here for error handling */
6209 		params.vlan = get_vlan(info, rdev);
6210 		if (IS_ERR(params.vlan))
6211 			return PTR_ERR(params.vlan);
6212 		break;
6213 	case NL80211_IFTYPE_MESH_POINT:
6214 		/* ignore uAPSD data */
6215 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6216 
6217 		/* associated is disallowed */
6218 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
6219 			return -EINVAL;
6220 		/* TDLS peers cannot be added */
6221 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6222 		    info->attrs[NL80211_ATTR_PEER_AID])
6223 			return -EINVAL;
6224 		break;
6225 	case NL80211_IFTYPE_STATION:
6226 	case NL80211_IFTYPE_P2P_CLIENT:
6227 		/* ignore uAPSD data */
6228 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6229 
6230 		/* these are disallowed */
6231 		if (params.sta_flags_mask &
6232 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
6233 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
6234 			return -EINVAL;
6235 		/* Only TDLS peers can be added */
6236 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6237 			return -EINVAL;
6238 		/* Can only add if TDLS ... */
6239 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
6240 			return -EOPNOTSUPP;
6241 		/* ... with external setup is supported */
6242 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
6243 			return -EOPNOTSUPP;
6244 		/*
6245 		 * Older wpa_supplicant versions always mark the TDLS peer
6246 		 * as authorized, but it shouldn't yet be.
6247 		 */
6248 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
6249 		break;
6250 	default:
6251 		return -EOPNOTSUPP;
6252 	}
6253 
6254 	/* be aware of params.vlan when changing code here */
6255 
6256 	err = rdev_add_station(rdev, dev, mac_addr, &params);
6257 
6258 	if (params.vlan)
6259 		dev_put(params.vlan);
6260 	return err;
6261 }
6262 
6263 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
6264 {
6265 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6266 	struct net_device *dev = info->user_ptr[1];
6267 	struct station_del_parameters params;
6268 
6269 	memset(&params, 0, sizeof(params));
6270 
6271 	if (info->attrs[NL80211_ATTR_MAC])
6272 		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
6273 
6274 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6275 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
6276 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
6277 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6278 		return -EINVAL;
6279 
6280 	if (!rdev->ops->del_station)
6281 		return -EOPNOTSUPP;
6282 
6283 	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
6284 		params.subtype =
6285 			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
6286 		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
6287 		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
6288 			return -EINVAL;
6289 	} else {
6290 		/* Default to Deauthentication frame */
6291 		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
6292 	}
6293 
6294 	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
6295 		params.reason_code =
6296 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6297 		if (params.reason_code == 0)
6298 			return -EINVAL; /* 0 is reserved */
6299 	} else {
6300 		/* Default to reason code 2 */
6301 		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
6302 	}
6303 
6304 	return rdev_del_station(rdev, dev, &params);
6305 }
6306 
6307 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
6308 				int flags, struct net_device *dev,
6309 				u8 *dst, u8 *next_hop,
6310 				struct mpath_info *pinfo)
6311 {
6312 	void *hdr;
6313 	struct nlattr *pinfoattr;
6314 
6315 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
6316 	if (!hdr)
6317 		return -1;
6318 
6319 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6320 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
6321 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
6322 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
6323 		goto nla_put_failure;
6324 
6325 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
6326 	if (!pinfoattr)
6327 		goto nla_put_failure;
6328 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
6329 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
6330 			pinfo->frame_qlen))
6331 		goto nla_put_failure;
6332 	if (((pinfo->filled & MPATH_INFO_SN) &&
6333 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
6334 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
6335 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
6336 			 pinfo->metric)) ||
6337 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
6338 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
6339 			 pinfo->exptime)) ||
6340 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
6341 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
6342 			pinfo->flags)) ||
6343 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
6344 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
6345 			 pinfo->discovery_timeout)) ||
6346 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
6347 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
6348 			pinfo->discovery_retries)) ||
6349 	    ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
6350 	     nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
6351 			pinfo->hop_count)) ||
6352 	    ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
6353 	     nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
6354 			 pinfo->path_change_count)))
6355 		goto nla_put_failure;
6356 
6357 	nla_nest_end(msg, pinfoattr);
6358 
6359 	genlmsg_end(msg, hdr);
6360 	return 0;
6361 
6362  nla_put_failure:
6363 	genlmsg_cancel(msg, hdr);
6364 	return -EMSGSIZE;
6365 }
6366 
6367 static int nl80211_dump_mpath(struct sk_buff *skb,
6368 			      struct netlink_callback *cb)
6369 {
6370 	struct mpath_info pinfo;
6371 	struct cfg80211_registered_device *rdev;
6372 	struct wireless_dev *wdev;
6373 	u8 dst[ETH_ALEN];
6374 	u8 next_hop[ETH_ALEN];
6375 	int path_idx = cb->args[2];
6376 	int err;
6377 
6378 	rtnl_lock();
6379 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6380 	if (err)
6381 		goto out_err;
6382 
6383 	if (!rdev->ops->dump_mpath) {
6384 		err = -EOPNOTSUPP;
6385 		goto out_err;
6386 	}
6387 
6388 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6389 		err = -EOPNOTSUPP;
6390 		goto out_err;
6391 	}
6392 
6393 	while (1) {
6394 		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6395 				      next_hop, &pinfo);
6396 		if (err == -ENOENT)
6397 			break;
6398 		if (err)
6399 			goto out_err;
6400 
6401 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6402 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
6403 				       wdev->netdev, dst, next_hop,
6404 				       &pinfo) < 0)
6405 			goto out;
6406 
6407 		path_idx++;
6408 	}
6409 
6410  out:
6411 	cb->args[2] = path_idx;
6412 	err = skb->len;
6413  out_err:
6414 	rtnl_unlock();
6415 	return err;
6416 }
6417 
6418 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6419 {
6420 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6421 	int err;
6422 	struct net_device *dev = info->user_ptr[1];
6423 	struct mpath_info pinfo;
6424 	struct sk_buff *msg;
6425 	u8 *dst = NULL;
6426 	u8 next_hop[ETH_ALEN];
6427 
6428 	memset(&pinfo, 0, sizeof(pinfo));
6429 
6430 	if (!info->attrs[NL80211_ATTR_MAC])
6431 		return -EINVAL;
6432 
6433 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6434 
6435 	if (!rdev->ops->get_mpath)
6436 		return -EOPNOTSUPP;
6437 
6438 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6439 		return -EOPNOTSUPP;
6440 
6441 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6442 	if (err)
6443 		return err;
6444 
6445 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6446 	if (!msg)
6447 		return -ENOMEM;
6448 
6449 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6450 				 dev, dst, next_hop, &pinfo) < 0) {
6451 		nlmsg_free(msg);
6452 		return -ENOBUFS;
6453 	}
6454 
6455 	return genlmsg_reply(msg, info);
6456 }
6457 
6458 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6459 {
6460 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6461 	struct net_device *dev = info->user_ptr[1];
6462 	u8 *dst = NULL;
6463 	u8 *next_hop = NULL;
6464 
6465 	if (!info->attrs[NL80211_ATTR_MAC])
6466 		return -EINVAL;
6467 
6468 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6469 		return -EINVAL;
6470 
6471 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6472 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6473 
6474 	if (!rdev->ops->change_mpath)
6475 		return -EOPNOTSUPP;
6476 
6477 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6478 		return -EOPNOTSUPP;
6479 
6480 	return rdev_change_mpath(rdev, dev, dst, next_hop);
6481 }
6482 
6483 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
6484 {
6485 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6486 	struct net_device *dev = info->user_ptr[1];
6487 	u8 *dst = NULL;
6488 	u8 *next_hop = NULL;
6489 
6490 	if (!info->attrs[NL80211_ATTR_MAC])
6491 		return -EINVAL;
6492 
6493 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6494 		return -EINVAL;
6495 
6496 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6497 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6498 
6499 	if (!rdev->ops->add_mpath)
6500 		return -EOPNOTSUPP;
6501 
6502 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6503 		return -EOPNOTSUPP;
6504 
6505 	return rdev_add_mpath(rdev, dev, dst, next_hop);
6506 }
6507 
6508 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
6509 {
6510 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6511 	struct net_device *dev = info->user_ptr[1];
6512 	u8 *dst = NULL;
6513 
6514 	if (info->attrs[NL80211_ATTR_MAC])
6515 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6516 
6517 	if (!rdev->ops->del_mpath)
6518 		return -EOPNOTSUPP;
6519 
6520 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6521 		return -EOPNOTSUPP;
6522 
6523 	return rdev_del_mpath(rdev, dev, dst);
6524 }
6525 
6526 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
6527 {
6528 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6529 	int err;
6530 	struct net_device *dev = info->user_ptr[1];
6531 	struct mpath_info pinfo;
6532 	struct sk_buff *msg;
6533 	u8 *dst = NULL;
6534 	u8 mpp[ETH_ALEN];
6535 
6536 	memset(&pinfo, 0, sizeof(pinfo));
6537 
6538 	if (!info->attrs[NL80211_ATTR_MAC])
6539 		return -EINVAL;
6540 
6541 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6542 
6543 	if (!rdev->ops->get_mpp)
6544 		return -EOPNOTSUPP;
6545 
6546 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6547 		return -EOPNOTSUPP;
6548 
6549 	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
6550 	if (err)
6551 		return err;
6552 
6553 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6554 	if (!msg)
6555 		return -ENOMEM;
6556 
6557 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6558 			       dev, dst, mpp, &pinfo) < 0) {
6559 		nlmsg_free(msg);
6560 		return -ENOBUFS;
6561 	}
6562 
6563 	return genlmsg_reply(msg, info);
6564 }
6565 
6566 static int nl80211_dump_mpp(struct sk_buff *skb,
6567 			    struct netlink_callback *cb)
6568 {
6569 	struct mpath_info pinfo;
6570 	struct cfg80211_registered_device *rdev;
6571 	struct wireless_dev *wdev;
6572 	u8 dst[ETH_ALEN];
6573 	u8 mpp[ETH_ALEN];
6574 	int path_idx = cb->args[2];
6575 	int err;
6576 
6577 	rtnl_lock();
6578 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6579 	if (err)
6580 		goto out_err;
6581 
6582 	if (!rdev->ops->dump_mpp) {
6583 		err = -EOPNOTSUPP;
6584 		goto out_err;
6585 	}
6586 
6587 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6588 		err = -EOPNOTSUPP;
6589 		goto out_err;
6590 	}
6591 
6592 	while (1) {
6593 		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
6594 				    mpp, &pinfo);
6595 		if (err == -ENOENT)
6596 			break;
6597 		if (err)
6598 			goto out_err;
6599 
6600 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6601 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
6602 				       wdev->netdev, dst, mpp,
6603 				       &pinfo) < 0)
6604 			goto out;
6605 
6606 		path_idx++;
6607 	}
6608 
6609  out:
6610 	cb->args[2] = path_idx;
6611 	err = skb->len;
6612  out_err:
6613 	rtnl_unlock();
6614 	return err;
6615 }
6616 
6617 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
6618 {
6619 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6620 	struct net_device *dev = info->user_ptr[1];
6621 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6622 	struct bss_parameters params;
6623 	int err;
6624 
6625 	memset(&params, 0, sizeof(params));
6626 	/* default to not changing parameters */
6627 	params.use_cts_prot = -1;
6628 	params.use_short_preamble = -1;
6629 	params.use_short_slot_time = -1;
6630 	params.ap_isolate = -1;
6631 	params.ht_opmode = -1;
6632 	params.p2p_ctwindow = -1;
6633 	params.p2p_opp_ps = -1;
6634 
6635 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
6636 		params.use_cts_prot =
6637 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
6638 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
6639 		params.use_short_preamble =
6640 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
6641 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
6642 		params.use_short_slot_time =
6643 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
6644 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6645 		params.basic_rates =
6646 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6647 		params.basic_rates_len =
6648 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6649 	}
6650 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
6651 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
6652 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
6653 		params.ht_opmode =
6654 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
6655 
6656 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6657 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6658 			return -EINVAL;
6659 		params.p2p_ctwindow =
6660 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6661 		if (params.p2p_ctwindow != 0 &&
6662 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
6663 			return -EINVAL;
6664 	}
6665 
6666 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6667 		u8 tmp;
6668 
6669 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6670 			return -EINVAL;
6671 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6672 		params.p2p_opp_ps = tmp;
6673 		if (params.p2p_opp_ps &&
6674 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
6675 			return -EINVAL;
6676 	}
6677 
6678 	if (!rdev->ops->change_bss)
6679 		return -EOPNOTSUPP;
6680 
6681 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6682 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6683 		return -EOPNOTSUPP;
6684 
6685 	wdev_lock(wdev);
6686 	err = rdev_change_bss(rdev, dev, &params);
6687 	wdev_unlock(wdev);
6688 
6689 	return err;
6690 }
6691 
6692 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
6693 {
6694 	char *data = NULL;
6695 	bool is_indoor;
6696 	enum nl80211_user_reg_hint_type user_reg_hint_type;
6697 	u32 owner_nlportid;
6698 
6699 	/*
6700 	 * You should only get this when cfg80211 hasn't yet initialized
6701 	 * completely when built-in to the kernel right between the time
6702 	 * window between nl80211_init() and regulatory_init(), if that is
6703 	 * even possible.
6704 	 */
6705 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
6706 		return -EINPROGRESS;
6707 
6708 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
6709 		user_reg_hint_type =
6710 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
6711 	else
6712 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
6713 
6714 	switch (user_reg_hint_type) {
6715 	case NL80211_USER_REG_HINT_USER:
6716 	case NL80211_USER_REG_HINT_CELL_BASE:
6717 		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6718 			return -EINVAL;
6719 
6720 		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6721 		return regulatory_hint_user(data, user_reg_hint_type);
6722 	case NL80211_USER_REG_HINT_INDOOR:
6723 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
6724 			owner_nlportid = info->snd_portid;
6725 			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
6726 		} else {
6727 			owner_nlportid = 0;
6728 			is_indoor = true;
6729 		}
6730 
6731 		return regulatory_hint_indoor(is_indoor, owner_nlportid);
6732 	default:
6733 		return -EINVAL;
6734 	}
6735 }
6736 
6737 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
6738 {
6739 	return reg_reload_regdb();
6740 }
6741 
6742 static int nl80211_get_mesh_config(struct sk_buff *skb,
6743 				   struct genl_info *info)
6744 {
6745 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6746 	struct net_device *dev = info->user_ptr[1];
6747 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6748 	struct mesh_config cur_params;
6749 	int err = 0;
6750 	void *hdr;
6751 	struct nlattr *pinfoattr;
6752 	struct sk_buff *msg;
6753 
6754 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6755 		return -EOPNOTSUPP;
6756 
6757 	if (!rdev->ops->get_mesh_config)
6758 		return -EOPNOTSUPP;
6759 
6760 	wdev_lock(wdev);
6761 	/* If not connected, get default parameters */
6762 	if (!wdev->mesh_id_len)
6763 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
6764 	else
6765 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
6766 	wdev_unlock(wdev);
6767 
6768 	if (err)
6769 		return err;
6770 
6771 	/* Draw up a netlink message to send back */
6772 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6773 	if (!msg)
6774 		return -ENOMEM;
6775 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6776 			     NL80211_CMD_GET_MESH_CONFIG);
6777 	if (!hdr)
6778 		goto out;
6779 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
6780 	if (!pinfoattr)
6781 		goto nla_put_failure;
6782 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6783 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
6784 			cur_params.dot11MeshRetryTimeout) ||
6785 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
6786 			cur_params.dot11MeshConfirmTimeout) ||
6787 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
6788 			cur_params.dot11MeshHoldingTimeout) ||
6789 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
6790 			cur_params.dot11MeshMaxPeerLinks) ||
6791 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
6792 		       cur_params.dot11MeshMaxRetries) ||
6793 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
6794 		       cur_params.dot11MeshTTL) ||
6795 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
6796 		       cur_params.element_ttl) ||
6797 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6798 		       cur_params.auto_open_plinks) ||
6799 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6800 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
6801 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6802 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
6803 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
6804 			cur_params.path_refresh_time) ||
6805 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6806 			cur_params.min_discovery_timeout) ||
6807 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6808 			cur_params.dot11MeshHWMPactivePathTimeout) ||
6809 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6810 			cur_params.dot11MeshHWMPpreqMinInterval) ||
6811 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6812 			cur_params.dot11MeshHWMPperrMinInterval) ||
6813 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6814 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
6815 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
6816 		       cur_params.dot11MeshHWMPRootMode) ||
6817 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6818 			cur_params.dot11MeshHWMPRannInterval) ||
6819 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6820 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
6821 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
6822 		       cur_params.dot11MeshForwarding) ||
6823 	    nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
6824 			cur_params.rssi_threshold) ||
6825 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
6826 			cur_params.ht_opmode) ||
6827 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6828 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
6829 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6830 			cur_params.dot11MeshHWMProotInterval) ||
6831 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6832 			cur_params.dot11MeshHWMPconfirmationInterval) ||
6833 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
6834 			cur_params.power_mode) ||
6835 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
6836 			cur_params.dot11MeshAwakeWindowDuration) ||
6837 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
6838 			cur_params.plink_timeout) ||
6839 	    nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
6840 		       cur_params.dot11MeshConnectedToMeshGate))
6841 		goto nla_put_failure;
6842 	nla_nest_end(msg, pinfoattr);
6843 	genlmsg_end(msg, hdr);
6844 	return genlmsg_reply(msg, info);
6845 
6846  nla_put_failure:
6847  out:
6848 	nlmsg_free(msg);
6849 	return -ENOBUFS;
6850 }
6851 
6852 static const struct nla_policy
6853 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
6854 	[NL80211_MESHCONF_RETRY_TIMEOUT] =
6855 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6856 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] =
6857 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6858 	[NL80211_MESHCONF_HOLDING_TIMEOUT] =
6859 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6860 	[NL80211_MESHCONF_MAX_PEER_LINKS] =
6861 		NLA_POLICY_RANGE(NLA_U16, 0, 255),
6862 	[NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
6863 	[NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6864 	[NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6865 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
6866 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
6867 		NLA_POLICY_RANGE(NLA_U32, 1, 255),
6868 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
6869 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
6870 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
6871 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
6872 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
6873 		NLA_POLICY_MIN(NLA_U16, 1),
6874 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
6875 		NLA_POLICY_MIN(NLA_U16, 1),
6876 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
6877 		NLA_POLICY_MIN(NLA_U16, 1),
6878 	[NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
6879 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
6880 		NLA_POLICY_MIN(NLA_U16, 1),
6881 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
6882 	[NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
6883 	[NL80211_MESHCONF_RSSI_THRESHOLD] =
6884 		NLA_POLICY_RANGE(NLA_S32, -255, 0),
6885 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
6886 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
6887 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
6888 		NLA_POLICY_MIN(NLA_U16, 1),
6889 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
6890 		NLA_POLICY_MIN(NLA_U16, 1),
6891 	[NL80211_MESHCONF_POWER_MODE] =
6892 		NLA_POLICY_RANGE(NLA_U32,
6893 				 NL80211_MESH_POWER_ACTIVE,
6894 				 NL80211_MESH_POWER_MAX),
6895 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
6896 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
6897 	[NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
6898 };
6899 
6900 static const struct nla_policy
6901 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
6902 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
6903 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
6904 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
6905 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
6906 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
6907 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
6908 	[NL80211_MESH_SETUP_IE] =
6909 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
6910 				       IEEE80211_MAX_DATA_LEN),
6911 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
6912 };
6913 
6914 static int nl80211_parse_mesh_config(struct genl_info *info,
6915 				     struct mesh_config *cfg,
6916 				     u32 *mask_out)
6917 {
6918 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
6919 	u32 mask = 0;
6920 	u16 ht_opmode;
6921 
6922 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn)	\
6923 do {									\
6924 	if (tb[attr]) {							\
6925 		cfg->param = fn(tb[attr]);				\
6926 		mask |= BIT((attr) - 1);				\
6927 	}								\
6928 } while (0)
6929 
6930 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
6931 		return -EINVAL;
6932 	if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
6933 		return -EINVAL;
6934 
6935 	/* This makes sure that there aren't more than 32 mesh config
6936 	 * parameters (otherwise our bitfield scheme would not work.) */
6937 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
6938 
6939 	/* Fill in the params struct */
6940 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
6941 				  NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
6942 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
6943 				  NL80211_MESHCONF_CONFIRM_TIMEOUT,
6944 				  nla_get_u16);
6945 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
6946 				  NL80211_MESHCONF_HOLDING_TIMEOUT,
6947 				  nla_get_u16);
6948 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
6949 				  NL80211_MESHCONF_MAX_PEER_LINKS,
6950 				  nla_get_u16);
6951 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
6952 				  NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
6953 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
6954 				  NL80211_MESHCONF_TTL, nla_get_u8);
6955 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
6956 				  NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
6957 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
6958 				  NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6959 				  nla_get_u8);
6960 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
6961 				  mask,
6962 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6963 				  nla_get_u32);
6964 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
6965 				  NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6966 				  nla_get_u8);
6967 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
6968 				  NL80211_MESHCONF_PATH_REFRESH_TIME,
6969 				  nla_get_u32);
6970 	if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
6971 	    (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
6972 		return -EINVAL;
6973 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
6974 				  NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6975 				  nla_get_u16);
6976 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6977 				  mask,
6978 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6979 				  nla_get_u32);
6980 	if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
6981 	    (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
6982 	     cfg->dot11MeshHWMPactivePathTimeout > 65535))
6983 		return -EINVAL;
6984 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
6985 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6986 				  nla_get_u16);
6987 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
6988 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6989 				  nla_get_u16);
6990 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6991 				  dot11MeshHWMPnetDiameterTraversalTime, mask,
6992 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6993 				  nla_get_u16);
6994 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
6995 				  NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
6996 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
6997 				  NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6998 				  nla_get_u16);
6999 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
7000 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
7001 				  nla_get_u8);
7002 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
7003 				  NL80211_MESHCONF_FORWARDING, nla_get_u8);
7004 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
7005 				  NL80211_MESHCONF_RSSI_THRESHOLD,
7006 				  nla_get_s32);
7007 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
7008 				  NL80211_MESHCONF_CONNECTED_TO_GATE,
7009 				  nla_get_u8);
7010 	/*
7011 	 * Check HT operation mode based on
7012 	 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
7013 	 */
7014 	if (tb[NL80211_MESHCONF_HT_OPMODE]) {
7015 		ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
7016 
7017 		if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
7018 				  IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
7019 				  IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
7020 			return -EINVAL;
7021 
7022 		/* NON_HT_STA bit is reserved, but some programs set it */
7023 		ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
7024 
7025 		cfg->ht_opmode = ht_opmode;
7026 		mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
7027 	}
7028 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7029 				  dot11MeshHWMPactivePathToRootTimeout, mask,
7030 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
7031 				  nla_get_u32);
7032 	if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
7033 	    (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
7034 	     cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
7035 		return -EINVAL;
7036 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
7037 				  NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
7038 				  nla_get_u16);
7039 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
7040 				  mask,
7041 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
7042 				  nla_get_u16);
7043 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
7044 				  NL80211_MESHCONF_POWER_MODE, nla_get_u32);
7045 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
7046 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
7047 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
7048 				  NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
7049 	if (mask_out)
7050 		*mask_out = mask;
7051 
7052 	return 0;
7053 
7054 #undef FILL_IN_MESH_PARAM_IF_SET
7055 }
7056 
7057 static int nl80211_parse_mesh_setup(struct genl_info *info,
7058 				     struct mesh_setup *setup)
7059 {
7060 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7061 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
7062 
7063 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
7064 		return -EINVAL;
7065 	if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
7066 		return -EINVAL;
7067 
7068 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
7069 		setup->sync_method =
7070 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
7071 		 IEEE80211_SYNC_METHOD_VENDOR :
7072 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
7073 
7074 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
7075 		setup->path_sel_proto =
7076 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
7077 		 IEEE80211_PATH_PROTOCOL_VENDOR :
7078 		 IEEE80211_PATH_PROTOCOL_HWMP;
7079 
7080 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
7081 		setup->path_metric =
7082 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
7083 		 IEEE80211_PATH_METRIC_VENDOR :
7084 		 IEEE80211_PATH_METRIC_AIRTIME;
7085 
7086 	if (tb[NL80211_MESH_SETUP_IE]) {
7087 		struct nlattr *ieattr =
7088 			tb[NL80211_MESH_SETUP_IE];
7089 		setup->ie = nla_data(ieattr);
7090 		setup->ie_len = nla_len(ieattr);
7091 	}
7092 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
7093 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
7094 		return -EINVAL;
7095 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
7096 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
7097 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
7098 	if (setup->is_secure)
7099 		setup->user_mpm = true;
7100 
7101 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
7102 		if (!setup->user_mpm)
7103 			return -EINVAL;
7104 		setup->auth_id =
7105 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
7106 	}
7107 
7108 	return 0;
7109 }
7110 
7111 static int nl80211_update_mesh_config(struct sk_buff *skb,
7112 				      struct genl_info *info)
7113 {
7114 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7115 	struct net_device *dev = info->user_ptr[1];
7116 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7117 	struct mesh_config cfg;
7118 	u32 mask;
7119 	int err;
7120 
7121 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
7122 		return -EOPNOTSUPP;
7123 
7124 	if (!rdev->ops->update_mesh_config)
7125 		return -EOPNOTSUPP;
7126 
7127 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
7128 	if (err)
7129 		return err;
7130 
7131 	wdev_lock(wdev);
7132 	if (!wdev->mesh_id_len)
7133 		err = -ENOLINK;
7134 
7135 	if (!err)
7136 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
7137 
7138 	wdev_unlock(wdev);
7139 
7140 	return err;
7141 }
7142 
7143 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
7144 			      struct sk_buff *msg)
7145 {
7146 	struct nlattr *nl_reg_rules;
7147 	unsigned int i;
7148 
7149 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
7150 	    (regdom->dfs_region &&
7151 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
7152 		goto nla_put_failure;
7153 
7154 	nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
7155 	if (!nl_reg_rules)
7156 		goto nla_put_failure;
7157 
7158 	for (i = 0; i < regdom->n_reg_rules; i++) {
7159 		struct nlattr *nl_reg_rule;
7160 		const struct ieee80211_reg_rule *reg_rule;
7161 		const struct ieee80211_freq_range *freq_range;
7162 		const struct ieee80211_power_rule *power_rule;
7163 		unsigned int max_bandwidth_khz;
7164 
7165 		reg_rule = &regdom->reg_rules[i];
7166 		freq_range = &reg_rule->freq_range;
7167 		power_rule = &reg_rule->power_rule;
7168 
7169 		nl_reg_rule = nla_nest_start_noflag(msg, i);
7170 		if (!nl_reg_rule)
7171 			goto nla_put_failure;
7172 
7173 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
7174 		if (!max_bandwidth_khz)
7175 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
7176 								  reg_rule);
7177 
7178 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
7179 				reg_rule->flags) ||
7180 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
7181 				freq_range->start_freq_khz) ||
7182 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
7183 				freq_range->end_freq_khz) ||
7184 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
7185 				max_bandwidth_khz) ||
7186 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
7187 				power_rule->max_antenna_gain) ||
7188 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
7189 				power_rule->max_eirp) ||
7190 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
7191 				reg_rule->dfs_cac_ms))
7192 			goto nla_put_failure;
7193 
7194 		nla_nest_end(msg, nl_reg_rule);
7195 	}
7196 
7197 	nla_nest_end(msg, nl_reg_rules);
7198 	return 0;
7199 
7200 nla_put_failure:
7201 	return -EMSGSIZE;
7202 }
7203 
7204 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
7205 {
7206 	const struct ieee80211_regdomain *regdom = NULL;
7207 	struct cfg80211_registered_device *rdev;
7208 	struct wiphy *wiphy = NULL;
7209 	struct sk_buff *msg;
7210 	void *hdr;
7211 
7212 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7213 	if (!msg)
7214 		return -ENOBUFS;
7215 
7216 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7217 			     NL80211_CMD_GET_REG);
7218 	if (!hdr)
7219 		goto put_failure;
7220 
7221 	if (info->attrs[NL80211_ATTR_WIPHY]) {
7222 		bool self_managed;
7223 
7224 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
7225 		if (IS_ERR(rdev)) {
7226 			nlmsg_free(msg);
7227 			return PTR_ERR(rdev);
7228 		}
7229 
7230 		wiphy = &rdev->wiphy;
7231 		self_managed = wiphy->regulatory_flags &
7232 			       REGULATORY_WIPHY_SELF_MANAGED;
7233 		regdom = get_wiphy_regdom(wiphy);
7234 
7235 		/* a self-managed-reg device must have a private regdom */
7236 		if (WARN_ON(!regdom && self_managed)) {
7237 			nlmsg_free(msg);
7238 			return -EINVAL;
7239 		}
7240 
7241 		if (regdom &&
7242 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7243 			goto nla_put_failure;
7244 	}
7245 
7246 	if (!wiphy && reg_last_request_cell_base() &&
7247 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7248 			NL80211_USER_REG_HINT_CELL_BASE))
7249 		goto nla_put_failure;
7250 
7251 	rcu_read_lock();
7252 
7253 	if (!regdom)
7254 		regdom = rcu_dereference(cfg80211_regdomain);
7255 
7256 	if (nl80211_put_regdom(regdom, msg))
7257 		goto nla_put_failure_rcu;
7258 
7259 	rcu_read_unlock();
7260 
7261 	genlmsg_end(msg, hdr);
7262 	return genlmsg_reply(msg, info);
7263 
7264 nla_put_failure_rcu:
7265 	rcu_read_unlock();
7266 nla_put_failure:
7267 put_failure:
7268 	nlmsg_free(msg);
7269 	return -EMSGSIZE;
7270 }
7271 
7272 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
7273 			       u32 seq, int flags, struct wiphy *wiphy,
7274 			       const struct ieee80211_regdomain *regdom)
7275 {
7276 	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7277 				   NL80211_CMD_GET_REG);
7278 
7279 	if (!hdr)
7280 		return -1;
7281 
7282 	genl_dump_check_consistent(cb, hdr);
7283 
7284 	if (nl80211_put_regdom(regdom, msg))
7285 		goto nla_put_failure;
7286 
7287 	if (!wiphy && reg_last_request_cell_base() &&
7288 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7289 			NL80211_USER_REG_HINT_CELL_BASE))
7290 		goto nla_put_failure;
7291 
7292 	if (wiphy &&
7293 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7294 		goto nla_put_failure;
7295 
7296 	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
7297 	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
7298 		goto nla_put_failure;
7299 
7300 	genlmsg_end(msg, hdr);
7301 	return 0;
7302 
7303 nla_put_failure:
7304 	genlmsg_cancel(msg, hdr);
7305 	return -EMSGSIZE;
7306 }
7307 
7308 static int nl80211_get_reg_dump(struct sk_buff *skb,
7309 				struct netlink_callback *cb)
7310 {
7311 	const struct ieee80211_regdomain *regdom = NULL;
7312 	struct cfg80211_registered_device *rdev;
7313 	int err, reg_idx, start = cb->args[2];
7314 
7315 	rtnl_lock();
7316 
7317 	if (cfg80211_regdomain && start == 0) {
7318 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7319 					  NLM_F_MULTI, NULL,
7320 					  rtnl_dereference(cfg80211_regdomain));
7321 		if (err < 0)
7322 			goto out_err;
7323 	}
7324 
7325 	/* the global regdom is idx 0 */
7326 	reg_idx = 1;
7327 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
7328 		regdom = get_wiphy_regdom(&rdev->wiphy);
7329 		if (!regdom)
7330 			continue;
7331 
7332 		if (++reg_idx <= start)
7333 			continue;
7334 
7335 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7336 					  NLM_F_MULTI, &rdev->wiphy, regdom);
7337 		if (err < 0) {
7338 			reg_idx--;
7339 			break;
7340 		}
7341 	}
7342 
7343 	cb->args[2] = reg_idx;
7344 	err = skb->len;
7345 out_err:
7346 	rtnl_unlock();
7347 	return err;
7348 }
7349 
7350 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
7351 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
7352 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
7353 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
7354 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
7355 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
7356 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
7357 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
7358 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
7359 };
7360 
7361 static int parse_reg_rule(struct nlattr *tb[],
7362 	struct ieee80211_reg_rule *reg_rule)
7363 {
7364 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
7365 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
7366 
7367 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
7368 		return -EINVAL;
7369 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
7370 		return -EINVAL;
7371 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
7372 		return -EINVAL;
7373 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
7374 		return -EINVAL;
7375 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
7376 		return -EINVAL;
7377 
7378 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
7379 
7380 	freq_range->start_freq_khz =
7381 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
7382 	freq_range->end_freq_khz =
7383 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7384 	freq_range->max_bandwidth_khz =
7385 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7386 
7387 	power_rule->max_eirp =
7388 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7389 
7390 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7391 		power_rule->max_antenna_gain =
7392 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7393 
7394 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
7395 		reg_rule->dfs_cac_ms =
7396 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7397 
7398 	return 0;
7399 }
7400 
7401 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7402 {
7403 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7404 	struct nlattr *nl_reg_rule;
7405 	char *alpha2;
7406 	int rem_reg_rules, r;
7407 	u32 num_rules = 0, rule_idx = 0;
7408 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7409 	struct ieee80211_regdomain *rd;
7410 
7411 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7412 		return -EINVAL;
7413 
7414 	if (!info->attrs[NL80211_ATTR_REG_RULES])
7415 		return -EINVAL;
7416 
7417 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7418 
7419 	if (info->attrs[NL80211_ATTR_DFS_REGION])
7420 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7421 
7422 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7423 			    rem_reg_rules) {
7424 		num_rules++;
7425 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7426 			return -EINVAL;
7427 	}
7428 
7429 	if (!reg_is_valid_request(alpha2))
7430 		return -EINVAL;
7431 
7432 	rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7433 	if (!rd)
7434 		return -ENOMEM;
7435 
7436 	rd->n_reg_rules = num_rules;
7437 	rd->alpha2[0] = alpha2[0];
7438 	rd->alpha2[1] = alpha2[1];
7439 
7440 	/*
7441 	 * Disable DFS master mode if the DFS region was
7442 	 * not supported or known on this kernel.
7443 	 */
7444 	if (reg_supported_dfs_region(dfs_region))
7445 		rd->dfs_region = dfs_region;
7446 
7447 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7448 			    rem_reg_rules) {
7449 		r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7450 						nl_reg_rule, reg_rule_policy,
7451 						info->extack);
7452 		if (r)
7453 			goto bad_reg;
7454 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
7455 		if (r)
7456 			goto bad_reg;
7457 
7458 		rule_idx++;
7459 
7460 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
7461 			r = -EINVAL;
7462 			goto bad_reg;
7463 		}
7464 	}
7465 
7466 	/* set_regdom takes ownership of rd */
7467 	return set_regdom(rd, REGD_SOURCE_CRDA);
7468  bad_reg:
7469 	kfree(rd);
7470 	return r;
7471 }
7472 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
7473 
7474 static int validate_scan_freqs(struct nlattr *freqs)
7475 {
7476 	struct nlattr *attr1, *attr2;
7477 	int n_channels = 0, tmp1, tmp2;
7478 
7479 	nla_for_each_nested(attr1, freqs, tmp1)
7480 		if (nla_len(attr1) != sizeof(u32))
7481 			return 0;
7482 
7483 	nla_for_each_nested(attr1, freqs, tmp1) {
7484 		n_channels++;
7485 		/*
7486 		 * Some hardware has a limited channel list for
7487 		 * scanning, and it is pretty much nonsensical
7488 		 * to scan for a channel twice, so disallow that
7489 		 * and don't require drivers to check that the
7490 		 * channel list they get isn't longer than what
7491 		 * they can scan, as long as they can scan all
7492 		 * the channels they registered at once.
7493 		 */
7494 		nla_for_each_nested(attr2, freqs, tmp2)
7495 			if (attr1 != attr2 &&
7496 			    nla_get_u32(attr1) == nla_get_u32(attr2))
7497 				return 0;
7498 	}
7499 
7500 	return n_channels;
7501 }
7502 
7503 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
7504 {
7505 	return b < NUM_NL80211_BANDS && wiphy->bands[b];
7506 }
7507 
7508 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
7509 			    struct cfg80211_bss_selection *bss_select)
7510 {
7511 	struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
7512 	struct nlattr *nest;
7513 	int err;
7514 	bool found = false;
7515 	int i;
7516 
7517 	/* only process one nested attribute */
7518 	nest = nla_data(nla);
7519 	if (!nla_ok(nest, nla_len(nest)))
7520 		return -EINVAL;
7521 
7522 	err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
7523 					  nest, nl80211_bss_select_policy,
7524 					  NULL);
7525 	if (err)
7526 		return err;
7527 
7528 	/* only one attribute may be given */
7529 	for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
7530 		if (attr[i]) {
7531 			if (found)
7532 				return -EINVAL;
7533 			found = true;
7534 		}
7535 	}
7536 
7537 	bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
7538 
7539 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
7540 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
7541 
7542 	if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
7543 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
7544 		bss_select->param.band_pref =
7545 			nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
7546 		if (!is_band_valid(wiphy, bss_select->param.band_pref))
7547 			return -EINVAL;
7548 	}
7549 
7550 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
7551 		struct nl80211_bss_select_rssi_adjust *adj_param;
7552 
7553 		adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
7554 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
7555 		bss_select->param.adjust.band = adj_param->band;
7556 		bss_select->param.adjust.delta = adj_param->delta;
7557 		if (!is_band_valid(wiphy, bss_select->param.adjust.band))
7558 			return -EINVAL;
7559 	}
7560 
7561 	/* user-space did not provide behaviour attribute */
7562 	if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
7563 		return -EINVAL;
7564 
7565 	if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
7566 		return -EINVAL;
7567 
7568 	return 0;
7569 }
7570 
7571 int nl80211_parse_random_mac(struct nlattr **attrs,
7572 			     u8 *mac_addr, u8 *mac_addr_mask)
7573 {
7574 	int i;
7575 
7576 	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
7577 		eth_zero_addr(mac_addr);
7578 		eth_zero_addr(mac_addr_mask);
7579 		mac_addr[0] = 0x2;
7580 		mac_addr_mask[0] = 0x3;
7581 
7582 		return 0;
7583 	}
7584 
7585 	/* need both or none */
7586 	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
7587 		return -EINVAL;
7588 
7589 	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
7590 	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
7591 
7592 	/* don't allow or configure an mcast address */
7593 	if (!is_multicast_ether_addr(mac_addr_mask) ||
7594 	    is_multicast_ether_addr(mac_addr))
7595 		return -EINVAL;
7596 
7597 	/*
7598 	 * allow users to pass a MAC address that has bits set outside
7599 	 * of the mask, but don't bother drivers with having to deal
7600 	 * with such bits
7601 	 */
7602 	for (i = 0; i < ETH_ALEN; i++)
7603 		mac_addr[i] &= mac_addr_mask[i];
7604 
7605 	return 0;
7606 }
7607 
7608 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
7609 {
7610 	ASSERT_WDEV_LOCK(wdev);
7611 
7612 	if (!cfg80211_beaconing_iface_active(wdev))
7613 		return true;
7614 
7615 	if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
7616 		return true;
7617 
7618 	return regulatory_pre_cac_allowed(wdev->wiphy);
7619 }
7620 
7621 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
7622 				    enum nl80211_ext_feature_index feat)
7623 {
7624 	if (!(flags & flag))
7625 		return true;
7626 	if (wiphy_ext_feature_isset(wiphy, feat))
7627 		return true;
7628 	return false;
7629 }
7630 
7631 static int
7632 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
7633 			 void *request, struct nlattr **attrs,
7634 			 bool is_sched_scan)
7635 {
7636 	u8 *mac_addr, *mac_addr_mask;
7637 	u32 *flags;
7638 	enum nl80211_feature_flags randomness_flag;
7639 
7640 	if (!attrs[NL80211_ATTR_SCAN_FLAGS])
7641 		return 0;
7642 
7643 	if (is_sched_scan) {
7644 		struct cfg80211_sched_scan_request *req = request;
7645 
7646 		randomness_flag = wdev ?
7647 				  NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
7648 				  NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7649 		flags = &req->flags;
7650 		mac_addr = req->mac_addr;
7651 		mac_addr_mask = req->mac_addr_mask;
7652 	} else {
7653 		struct cfg80211_scan_request *req = request;
7654 
7655 		randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
7656 		flags = &req->flags;
7657 		mac_addr = req->mac_addr;
7658 		mac_addr_mask = req->mac_addr_mask;
7659 	}
7660 
7661 	*flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
7662 
7663 	if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7664 	     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
7665 	    !nl80211_check_scan_feat(wiphy, *flags,
7666 				     NL80211_SCAN_FLAG_LOW_SPAN,
7667 				     NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
7668 	    !nl80211_check_scan_feat(wiphy, *flags,
7669 				     NL80211_SCAN_FLAG_LOW_POWER,
7670 				     NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
7671 	    !nl80211_check_scan_feat(wiphy, *flags,
7672 				     NL80211_SCAN_FLAG_HIGH_ACCURACY,
7673 				     NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
7674 	    !nl80211_check_scan_feat(wiphy, *flags,
7675 				     NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
7676 				     NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
7677 	    !nl80211_check_scan_feat(wiphy, *flags,
7678 				     NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
7679 				     NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
7680 	    !nl80211_check_scan_feat(wiphy, *flags,
7681 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
7682 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
7683 	    !nl80211_check_scan_feat(wiphy, *flags,
7684 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
7685 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
7686 	    !nl80211_check_scan_feat(wiphy, *flags,
7687 				     NL80211_SCAN_FLAG_RANDOM_SN,
7688 				     NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
7689 	    !nl80211_check_scan_feat(wiphy, *flags,
7690 				     NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
7691 				     NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
7692 		return -EOPNOTSUPP;
7693 
7694 	if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7695 		int err;
7696 
7697 		if (!(wiphy->features & randomness_flag) ||
7698 		    (wdev && wdev->current_bss))
7699 			return -EOPNOTSUPP;
7700 
7701 		err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
7702 		if (err)
7703 			return err;
7704 	}
7705 
7706 	return 0;
7707 }
7708 
7709 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
7710 {
7711 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7712 	struct wireless_dev *wdev = info->user_ptr[1];
7713 	struct cfg80211_scan_request *request;
7714 	struct nlattr *attr;
7715 	struct wiphy *wiphy;
7716 	int err, tmp, n_ssids = 0, n_channels, i;
7717 	size_t ie_len;
7718 
7719 	wiphy = &rdev->wiphy;
7720 
7721 	if (wdev->iftype == NL80211_IFTYPE_NAN)
7722 		return -EOPNOTSUPP;
7723 
7724 	if (!rdev->ops->scan)
7725 		return -EOPNOTSUPP;
7726 
7727 	if (rdev->scan_req || rdev->scan_msg) {
7728 		err = -EBUSY;
7729 		goto unlock;
7730 	}
7731 
7732 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7733 		n_channels = validate_scan_freqs(
7734 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7735 		if (!n_channels) {
7736 			err = -EINVAL;
7737 			goto unlock;
7738 		}
7739 	} else {
7740 		n_channels = ieee80211_get_num_supported_channels(wiphy);
7741 	}
7742 
7743 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
7744 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
7745 			n_ssids++;
7746 
7747 	if (n_ssids > wiphy->max_scan_ssids) {
7748 		err = -EINVAL;
7749 		goto unlock;
7750 	}
7751 
7752 	if (info->attrs[NL80211_ATTR_IE])
7753 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7754 	else
7755 		ie_len = 0;
7756 
7757 	if (ie_len > wiphy->max_scan_ie_len) {
7758 		err = -EINVAL;
7759 		goto unlock;
7760 	}
7761 
7762 	request = kzalloc(sizeof(*request)
7763 			+ sizeof(*request->ssids) * n_ssids
7764 			+ sizeof(*request->channels) * n_channels
7765 			+ ie_len, GFP_KERNEL);
7766 	if (!request) {
7767 		err = -ENOMEM;
7768 		goto unlock;
7769 	}
7770 
7771 	if (n_ssids)
7772 		request->ssids = (void *)&request->channels[n_channels];
7773 	request->n_ssids = n_ssids;
7774 	if (ie_len) {
7775 		if (n_ssids)
7776 			request->ie = (void *)(request->ssids + n_ssids);
7777 		else
7778 			request->ie = (void *)(request->channels + n_channels);
7779 	}
7780 
7781 	i = 0;
7782 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7783 		/* user specified, bail out if channel not found */
7784 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
7785 			struct ieee80211_channel *chan;
7786 
7787 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7788 
7789 			if (!chan) {
7790 				err = -EINVAL;
7791 				goto out_free;
7792 			}
7793 
7794 			/* ignore disabled channels */
7795 			if (chan->flags & IEEE80211_CHAN_DISABLED)
7796 				continue;
7797 
7798 			request->channels[i] = chan;
7799 			i++;
7800 		}
7801 	} else {
7802 		enum nl80211_band band;
7803 
7804 		/* all channels */
7805 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
7806 			int j;
7807 
7808 			if (!wiphy->bands[band])
7809 				continue;
7810 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7811 				struct ieee80211_channel *chan;
7812 
7813 				chan = &wiphy->bands[band]->channels[j];
7814 
7815 				if (chan->flags & IEEE80211_CHAN_DISABLED)
7816 					continue;
7817 
7818 				request->channels[i] = chan;
7819 				i++;
7820 			}
7821 		}
7822 	}
7823 
7824 	if (!i) {
7825 		err = -EINVAL;
7826 		goto out_free;
7827 	}
7828 
7829 	request->n_channels = i;
7830 
7831 	wdev_lock(wdev);
7832 	if (!cfg80211_off_channel_oper_allowed(wdev)) {
7833 		struct ieee80211_channel *chan;
7834 
7835 		if (request->n_channels != 1) {
7836 			wdev_unlock(wdev);
7837 			err = -EBUSY;
7838 			goto out_free;
7839 		}
7840 
7841 		chan = request->channels[0];
7842 		if (chan->center_freq != wdev->chandef.chan->center_freq) {
7843 			wdev_unlock(wdev);
7844 			err = -EBUSY;
7845 			goto out_free;
7846 		}
7847 	}
7848 	wdev_unlock(wdev);
7849 
7850 	i = 0;
7851 	if (n_ssids) {
7852 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
7853 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7854 				err = -EINVAL;
7855 				goto out_free;
7856 			}
7857 			request->ssids[i].ssid_len = nla_len(attr);
7858 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
7859 			i++;
7860 		}
7861 	}
7862 
7863 	if (info->attrs[NL80211_ATTR_IE]) {
7864 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7865 		memcpy((void *)request->ie,
7866 		       nla_data(info->attrs[NL80211_ATTR_IE]),
7867 		       request->ie_len);
7868 	}
7869 
7870 	for (i = 0; i < NUM_NL80211_BANDS; i++)
7871 		if (wiphy->bands[i])
7872 			request->rates[i] =
7873 				(1 << wiphy->bands[i]->n_bitrates) - 1;
7874 
7875 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
7876 		nla_for_each_nested(attr,
7877 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
7878 				    tmp) {
7879 			enum nl80211_band band = nla_type(attr);
7880 
7881 			if (band < 0 || band >= NUM_NL80211_BANDS) {
7882 				err = -EINVAL;
7883 				goto out_free;
7884 			}
7885 
7886 			if (!wiphy->bands[band])
7887 				continue;
7888 
7889 			err = ieee80211_get_ratemask(wiphy->bands[band],
7890 						     nla_data(attr),
7891 						     nla_len(attr),
7892 						     &request->rates[band]);
7893 			if (err)
7894 				goto out_free;
7895 		}
7896 	}
7897 
7898 	if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
7899 		if (!wiphy_ext_feature_isset(wiphy,
7900 					NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
7901 			err = -EOPNOTSUPP;
7902 			goto out_free;
7903 		}
7904 
7905 		request->duration =
7906 			nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
7907 		request->duration_mandatory =
7908 			nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
7909 	}
7910 
7911 	err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
7912 				       false);
7913 	if (err)
7914 		goto out_free;
7915 
7916 	request->no_cck =
7917 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7918 
7919 	/* Initial implementation used NL80211_ATTR_MAC to set the specific
7920 	 * BSSID to scan for. This was problematic because that same attribute
7921 	 * was already used for another purpose (local random MAC address). The
7922 	 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
7923 	 * compatibility with older userspace components, also use the
7924 	 * NL80211_ATTR_MAC value here if it can be determined to be used for
7925 	 * the specific BSSID use case instead of the random MAC address
7926 	 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
7927 	 */
7928 	if (info->attrs[NL80211_ATTR_BSSID])
7929 		memcpy(request->bssid,
7930 		       nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
7931 	else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
7932 		 info->attrs[NL80211_ATTR_MAC])
7933 		memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
7934 		       ETH_ALEN);
7935 	else
7936 		eth_broadcast_addr(request->bssid);
7937 
7938 	request->wdev = wdev;
7939 	request->wiphy = &rdev->wiphy;
7940 	request->scan_start = jiffies;
7941 
7942 	rdev->scan_req = request;
7943 	err = rdev_scan(rdev, request);
7944 
7945 	if (!err) {
7946 		nl80211_send_scan_start(rdev, wdev);
7947 		if (wdev->netdev)
7948 			dev_hold(wdev->netdev);
7949 	} else {
7950  out_free:
7951 		rdev->scan_req = NULL;
7952 		kfree(request);
7953 	}
7954 
7955  unlock:
7956 	return err;
7957 }
7958 
7959 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
7960 {
7961 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7962 	struct wireless_dev *wdev = info->user_ptr[1];
7963 
7964 	if (!rdev->ops->abort_scan)
7965 		return -EOPNOTSUPP;
7966 
7967 	if (rdev->scan_msg)
7968 		return 0;
7969 
7970 	if (!rdev->scan_req)
7971 		return -ENOENT;
7972 
7973 	rdev_abort_scan(rdev, wdev);
7974 	return 0;
7975 }
7976 
7977 static int
7978 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
7979 			       struct cfg80211_sched_scan_request *request,
7980 			       struct nlattr **attrs)
7981 {
7982 	int tmp, err, i = 0;
7983 	struct nlattr *attr;
7984 
7985 	if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7986 		u32 interval;
7987 
7988 		/*
7989 		 * If scan plans are not specified,
7990 		 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
7991 		 * case one scan plan will be set with the specified scan
7992 		 * interval and infinite number of iterations.
7993 		 */
7994 		interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
7995 		if (!interval)
7996 			return -EINVAL;
7997 
7998 		request->scan_plans[0].interval =
7999 			DIV_ROUND_UP(interval, MSEC_PER_SEC);
8000 		if (!request->scan_plans[0].interval)
8001 			return -EINVAL;
8002 
8003 		if (request->scan_plans[0].interval >
8004 		    wiphy->max_sched_scan_plan_interval)
8005 			request->scan_plans[0].interval =
8006 				wiphy->max_sched_scan_plan_interval;
8007 
8008 		return 0;
8009 	}
8010 
8011 	nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
8012 		struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
8013 
8014 		if (WARN_ON(i >= n_plans))
8015 			return -EINVAL;
8016 
8017 		err = nla_parse_nested_deprecated(plan,
8018 						  NL80211_SCHED_SCAN_PLAN_MAX,
8019 						  attr, nl80211_plan_policy,
8020 						  NULL);
8021 		if (err)
8022 			return err;
8023 
8024 		if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
8025 			return -EINVAL;
8026 
8027 		request->scan_plans[i].interval =
8028 			nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
8029 		if (!request->scan_plans[i].interval ||
8030 		    request->scan_plans[i].interval >
8031 		    wiphy->max_sched_scan_plan_interval)
8032 			return -EINVAL;
8033 
8034 		if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
8035 			request->scan_plans[i].iterations =
8036 				nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
8037 			if (!request->scan_plans[i].iterations ||
8038 			    (request->scan_plans[i].iterations >
8039 			     wiphy->max_sched_scan_plan_iterations))
8040 				return -EINVAL;
8041 		} else if (i < n_plans - 1) {
8042 			/*
8043 			 * All scan plans but the last one must specify
8044 			 * a finite number of iterations
8045 			 */
8046 			return -EINVAL;
8047 		}
8048 
8049 		i++;
8050 	}
8051 
8052 	/*
8053 	 * The last scan plan must not specify the number of
8054 	 * iterations, it is supposed to run infinitely
8055 	 */
8056 	if (request->scan_plans[n_plans - 1].iterations)
8057 		return  -EINVAL;
8058 
8059 	return 0;
8060 }
8061 
8062 static int
8063 nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
8064 				       struct cfg80211_match_set *match_sets,
8065 				       struct nlattr *tb_band_rssi,
8066 				       s32 rssi_thold)
8067 {
8068 	struct nlattr *attr;
8069 	int i, tmp, ret = 0;
8070 
8071 	if (!wiphy_ext_feature_isset(wiphy,
8072 		    NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
8073 		if (tb_band_rssi)
8074 			ret = -EOPNOTSUPP;
8075 		else
8076 			for (i = 0; i < NUM_NL80211_BANDS; i++)
8077 				match_sets->per_band_rssi_thold[i] =
8078 					NL80211_SCAN_RSSI_THOLD_OFF;
8079 		return ret;
8080 	}
8081 
8082 	for (i = 0; i < NUM_NL80211_BANDS; i++)
8083 		match_sets->per_band_rssi_thold[i] = rssi_thold;
8084 
8085 	nla_for_each_nested(attr, tb_band_rssi, tmp) {
8086 		enum nl80211_band band = nla_type(attr);
8087 
8088 		if (band < 0 || band >= NUM_NL80211_BANDS)
8089 			return -EINVAL;
8090 
8091 		match_sets->per_band_rssi_thold[band] =	nla_get_s32(attr);
8092 	}
8093 
8094 	return 0;
8095 }
8096 
8097 static struct cfg80211_sched_scan_request *
8098 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
8099 			 struct nlattr **attrs, int max_match_sets)
8100 {
8101 	struct cfg80211_sched_scan_request *request;
8102 	struct nlattr *attr;
8103 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
8104 	enum nl80211_band band;
8105 	size_t ie_len;
8106 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
8107 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
8108 
8109 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8110 		n_channels = validate_scan_freqs(
8111 				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
8112 		if (!n_channels)
8113 			return ERR_PTR(-EINVAL);
8114 	} else {
8115 		n_channels = ieee80211_get_num_supported_channels(wiphy);
8116 	}
8117 
8118 	if (attrs[NL80211_ATTR_SCAN_SSIDS])
8119 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8120 				    tmp)
8121 			n_ssids++;
8122 
8123 	if (n_ssids > wiphy->max_sched_scan_ssids)
8124 		return ERR_PTR(-EINVAL);
8125 
8126 	/*
8127 	 * First, count the number of 'real' matchsets. Due to an issue with
8128 	 * the old implementation, matchsets containing only the RSSI attribute
8129 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
8130 	 * RSSI for all matchsets, rather than their own matchset for reporting
8131 	 * all APs with a strong RSSI. This is needed to be compatible with
8132 	 * older userspace that treated a matchset with only the RSSI as the
8133 	 * global RSSI for all other matchsets - if there are other matchsets.
8134 	 */
8135 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8136 		nla_for_each_nested(attr,
8137 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8138 				    tmp) {
8139 			struct nlattr *rssi;
8140 
8141 			err = nla_parse_nested_deprecated(tb,
8142 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8143 							  attr,
8144 							  nl80211_match_policy,
8145 							  NULL);
8146 			if (err)
8147 				return ERR_PTR(err);
8148 
8149 			/* SSID and BSSID are mutually exclusive */
8150 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
8151 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
8152 				return ERR_PTR(-EINVAL);
8153 
8154 			/* add other standalone attributes here */
8155 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
8156 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
8157 				n_match_sets++;
8158 				continue;
8159 			}
8160 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8161 			if (rssi)
8162 				default_match_rssi = nla_get_s32(rssi);
8163 		}
8164 	}
8165 
8166 	/* However, if there's no other matchset, add the RSSI one */
8167 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
8168 		n_match_sets = 1;
8169 
8170 	if (n_match_sets > max_match_sets)
8171 		return ERR_PTR(-EINVAL);
8172 
8173 	if (attrs[NL80211_ATTR_IE])
8174 		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
8175 	else
8176 		ie_len = 0;
8177 
8178 	if (ie_len > wiphy->max_sched_scan_ie_len)
8179 		return ERR_PTR(-EINVAL);
8180 
8181 	if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8182 		/*
8183 		 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
8184 		 * each scan plan already specifies its own interval
8185 		 */
8186 		if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8187 			return ERR_PTR(-EINVAL);
8188 
8189 		nla_for_each_nested(attr,
8190 				    attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
8191 			n_plans++;
8192 	} else {
8193 		/*
8194 		 * The scan interval attribute is kept for backward
8195 		 * compatibility. If no scan plans are specified and sched scan
8196 		 * interval is specified, one scan plan will be set with this
8197 		 * scan interval and infinite number of iterations.
8198 		 */
8199 		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8200 			return ERR_PTR(-EINVAL);
8201 
8202 		n_plans = 1;
8203 	}
8204 
8205 	if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
8206 		return ERR_PTR(-EINVAL);
8207 
8208 	if (!wiphy_ext_feature_isset(
8209 		    wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
8210 	    (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
8211 	     attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
8212 		return ERR_PTR(-EINVAL);
8213 
8214 	request = kzalloc(sizeof(*request)
8215 			+ sizeof(*request->ssids) * n_ssids
8216 			+ sizeof(*request->match_sets) * n_match_sets
8217 			+ sizeof(*request->scan_plans) * n_plans
8218 			+ sizeof(*request->channels) * n_channels
8219 			+ ie_len, GFP_KERNEL);
8220 	if (!request)
8221 		return ERR_PTR(-ENOMEM);
8222 
8223 	if (n_ssids)
8224 		request->ssids = (void *)&request->channels[n_channels];
8225 	request->n_ssids = n_ssids;
8226 	if (ie_len) {
8227 		if (n_ssids)
8228 			request->ie = (void *)(request->ssids + n_ssids);
8229 		else
8230 			request->ie = (void *)(request->channels + n_channels);
8231 	}
8232 
8233 	if (n_match_sets) {
8234 		if (request->ie)
8235 			request->match_sets = (void *)(request->ie + ie_len);
8236 		else if (n_ssids)
8237 			request->match_sets =
8238 				(void *)(request->ssids + n_ssids);
8239 		else
8240 			request->match_sets =
8241 				(void *)(request->channels + n_channels);
8242 	}
8243 	request->n_match_sets = n_match_sets;
8244 
8245 	if (n_match_sets)
8246 		request->scan_plans = (void *)(request->match_sets +
8247 					       n_match_sets);
8248 	else if (request->ie)
8249 		request->scan_plans = (void *)(request->ie + ie_len);
8250 	else if (n_ssids)
8251 		request->scan_plans = (void *)(request->ssids + n_ssids);
8252 	else
8253 		request->scan_plans = (void *)(request->channels + n_channels);
8254 
8255 	request->n_scan_plans = n_plans;
8256 
8257 	i = 0;
8258 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8259 		/* user specified, bail out if channel not found */
8260 		nla_for_each_nested(attr,
8261 				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
8262 				    tmp) {
8263 			struct ieee80211_channel *chan;
8264 
8265 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
8266 
8267 			if (!chan) {
8268 				err = -EINVAL;
8269 				goto out_free;
8270 			}
8271 
8272 			/* ignore disabled channels */
8273 			if (chan->flags & IEEE80211_CHAN_DISABLED)
8274 				continue;
8275 
8276 			request->channels[i] = chan;
8277 			i++;
8278 		}
8279 	} else {
8280 		/* all channels */
8281 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
8282 			int j;
8283 
8284 			if (!wiphy->bands[band])
8285 				continue;
8286 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8287 				struct ieee80211_channel *chan;
8288 
8289 				chan = &wiphy->bands[band]->channels[j];
8290 
8291 				if (chan->flags & IEEE80211_CHAN_DISABLED)
8292 					continue;
8293 
8294 				request->channels[i] = chan;
8295 				i++;
8296 			}
8297 		}
8298 	}
8299 
8300 	if (!i) {
8301 		err = -EINVAL;
8302 		goto out_free;
8303 	}
8304 
8305 	request->n_channels = i;
8306 
8307 	i = 0;
8308 	if (n_ssids) {
8309 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8310 				    tmp) {
8311 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8312 				err = -EINVAL;
8313 				goto out_free;
8314 			}
8315 			request->ssids[i].ssid_len = nla_len(attr);
8316 			memcpy(request->ssids[i].ssid, nla_data(attr),
8317 			       nla_len(attr));
8318 			i++;
8319 		}
8320 	}
8321 
8322 	i = 0;
8323 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8324 		nla_for_each_nested(attr,
8325 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8326 				    tmp) {
8327 			struct nlattr *ssid, *bssid, *rssi;
8328 
8329 			err = nla_parse_nested_deprecated(tb,
8330 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8331 							  attr,
8332 							  nl80211_match_policy,
8333 							  NULL);
8334 			if (err)
8335 				goto out_free;
8336 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
8337 			bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
8338 
8339 			if (!ssid && !bssid) {
8340 				i++;
8341 				continue;
8342 			}
8343 
8344 			if (WARN_ON(i >= n_match_sets)) {
8345 				/* this indicates a programming error,
8346 				 * the loop above should have verified
8347 				 * things properly
8348 				 */
8349 				err = -EINVAL;
8350 				goto out_free;
8351 			}
8352 
8353 			if (ssid) {
8354 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
8355 					err = -EINVAL;
8356 					goto out_free;
8357 				}
8358 				memcpy(request->match_sets[i].ssid.ssid,
8359 				       nla_data(ssid), nla_len(ssid));
8360 				request->match_sets[i].ssid.ssid_len =
8361 					nla_len(ssid);
8362 			}
8363 			if (bssid) {
8364 				if (nla_len(bssid) != ETH_ALEN) {
8365 					err = -EINVAL;
8366 					goto out_free;
8367 				}
8368 				memcpy(request->match_sets[i].bssid,
8369 				       nla_data(bssid), ETH_ALEN);
8370 			}
8371 
8372 			/* special attribute - old implementation w/a */
8373 			request->match_sets[i].rssi_thold = default_match_rssi;
8374 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8375 			if (rssi)
8376 				request->match_sets[i].rssi_thold =
8377 					nla_get_s32(rssi);
8378 
8379 			/* Parse per band RSSI attribute */
8380 			err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
8381 				&request->match_sets[i],
8382 				tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
8383 				request->match_sets[i].rssi_thold);
8384 			if (err)
8385 				goto out_free;
8386 
8387 			i++;
8388 		}
8389 
8390 		/* there was no other matchset, so the RSSI one is alone */
8391 		if (i == 0 && n_match_sets)
8392 			request->match_sets[0].rssi_thold = default_match_rssi;
8393 
8394 		request->min_rssi_thold = INT_MAX;
8395 		for (i = 0; i < n_match_sets; i++)
8396 			request->min_rssi_thold =
8397 				min(request->match_sets[i].rssi_thold,
8398 				    request->min_rssi_thold);
8399 	} else {
8400 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8401 	}
8402 
8403 	if (ie_len) {
8404 		request->ie_len = ie_len;
8405 		memcpy((void *)request->ie,
8406 		       nla_data(attrs[NL80211_ATTR_IE]),
8407 		       request->ie_len);
8408 	}
8409 
8410 	err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8411 	if (err)
8412 		goto out_free;
8413 
8414 	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8415 		request->delay =
8416 			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8417 
8418 	if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8419 		request->relative_rssi = nla_get_s8(
8420 			attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8421 		request->relative_rssi_set = true;
8422 	}
8423 
8424 	if (request->relative_rssi_set &&
8425 	    attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8426 		struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8427 
8428 		rssi_adjust = nla_data(
8429 			attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8430 		request->rssi_adjust.band = rssi_adjust->band;
8431 		request->rssi_adjust.delta = rssi_adjust->delta;
8432 		if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8433 			err = -EINVAL;
8434 			goto out_free;
8435 		}
8436 	}
8437 
8438 	err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8439 	if (err)
8440 		goto out_free;
8441 
8442 	request->scan_start = jiffies;
8443 
8444 	return request;
8445 
8446 out_free:
8447 	kfree(request);
8448 	return ERR_PTR(err);
8449 }
8450 
8451 static int nl80211_start_sched_scan(struct sk_buff *skb,
8452 				    struct genl_info *info)
8453 {
8454 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8455 	struct net_device *dev = info->user_ptr[1];
8456 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8457 	struct cfg80211_sched_scan_request *sched_scan_req;
8458 	bool want_multi;
8459 	int err;
8460 
8461 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8462 		return -EOPNOTSUPP;
8463 
8464 	want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
8465 	err = cfg80211_sched_scan_req_possible(rdev, want_multi);
8466 	if (err)
8467 		return err;
8468 
8469 	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
8470 						  info->attrs,
8471 						  rdev->wiphy.max_match_sets);
8472 
8473 	err = PTR_ERR_OR_ZERO(sched_scan_req);
8474 	if (err)
8475 		goto out_err;
8476 
8477 	/* leave request id zero for legacy request
8478 	 * or if driver does not support multi-scheduled scan
8479 	 */
8480 	if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
8481 		sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
8482 
8483 	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
8484 	if (err)
8485 		goto out_free;
8486 
8487 	sched_scan_req->dev = dev;
8488 	sched_scan_req->wiphy = &rdev->wiphy;
8489 
8490 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
8491 		sched_scan_req->owner_nlportid = info->snd_portid;
8492 
8493 	cfg80211_add_sched_scan_req(rdev, sched_scan_req);
8494 
8495 	nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
8496 	return 0;
8497 
8498 out_free:
8499 	kfree(sched_scan_req);
8500 out_err:
8501 	return err;
8502 }
8503 
8504 static int nl80211_stop_sched_scan(struct sk_buff *skb,
8505 				   struct genl_info *info)
8506 {
8507 	struct cfg80211_sched_scan_request *req;
8508 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8509 	u64 cookie;
8510 
8511 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
8512 		return -EOPNOTSUPP;
8513 
8514 	if (info->attrs[NL80211_ATTR_COOKIE]) {
8515 		cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8516 		return __cfg80211_stop_sched_scan(rdev, cookie, false);
8517 	}
8518 
8519 	req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
8520 				     struct cfg80211_sched_scan_request,
8521 				     list);
8522 	if (!req || req->reqid ||
8523 	    (req->owner_nlportid &&
8524 	     req->owner_nlportid != info->snd_portid))
8525 		return -ENOENT;
8526 
8527 	return cfg80211_stop_sched_scan_req(rdev, req, false);
8528 }
8529 
8530 static int nl80211_start_radar_detection(struct sk_buff *skb,
8531 					 struct genl_info *info)
8532 {
8533 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8534 	struct net_device *dev = info->user_ptr[1];
8535 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8536 	struct wiphy *wiphy = wdev->wiphy;
8537 	struct cfg80211_chan_def chandef;
8538 	enum nl80211_dfs_regions dfs_region;
8539 	unsigned int cac_time_ms;
8540 	int err;
8541 
8542 	dfs_region = reg_get_dfs_region(wiphy);
8543 	if (dfs_region == NL80211_DFS_UNSET)
8544 		return -EINVAL;
8545 
8546 	err = nl80211_parse_chandef(rdev, info, &chandef);
8547 	if (err)
8548 		return err;
8549 
8550 	if (netif_carrier_ok(dev))
8551 		return -EBUSY;
8552 
8553 	if (wdev->cac_started)
8554 		return -EBUSY;
8555 
8556 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8557 	if (err < 0)
8558 		return err;
8559 
8560 	if (err == 0)
8561 		return -EINVAL;
8562 
8563 	if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
8564 		return -EINVAL;
8565 
8566 	/* CAC start is offloaded to HW and can't be started manually */
8567 	if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
8568 		return -EOPNOTSUPP;
8569 
8570 	if (!rdev->ops->start_radar_detection)
8571 		return -EOPNOTSUPP;
8572 
8573 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
8574 	if (WARN_ON(!cac_time_ms))
8575 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
8576 
8577 	err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
8578 	if (!err) {
8579 		wdev->chandef = chandef;
8580 		wdev->cac_started = true;
8581 		wdev->cac_start_time = jiffies;
8582 		wdev->cac_time_ms = cac_time_ms;
8583 	}
8584 	return err;
8585 }
8586 
8587 static int nl80211_notify_radar_detection(struct sk_buff *skb,
8588 					  struct genl_info *info)
8589 {
8590 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8591 	struct net_device *dev = info->user_ptr[1];
8592 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8593 	struct wiphy *wiphy = wdev->wiphy;
8594 	struct cfg80211_chan_def chandef;
8595 	enum nl80211_dfs_regions dfs_region;
8596 	int err;
8597 
8598 	dfs_region = reg_get_dfs_region(wiphy);
8599 	if (dfs_region == NL80211_DFS_UNSET) {
8600 		GENL_SET_ERR_MSG(info,
8601 				 "DFS Region is not set. Unexpected Radar indication");
8602 		return -EINVAL;
8603 	}
8604 
8605 	err = nl80211_parse_chandef(rdev, info, &chandef);
8606 	if (err) {
8607 		GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
8608 		return err;
8609 	}
8610 
8611 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8612 	if (err < 0) {
8613 		GENL_SET_ERR_MSG(info, "chandef is invalid");
8614 		return err;
8615 	}
8616 
8617 	if (err == 0) {
8618 		GENL_SET_ERR_MSG(info,
8619 				 "Unexpected Radar indication for chandef/iftype");
8620 		return -EINVAL;
8621 	}
8622 
8623 	/* Do not process this notification if radar is already detected
8624 	 * by kernel on this channel, and return success.
8625 	 */
8626 	if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
8627 		return 0;
8628 
8629 	cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
8630 
8631 	cfg80211_sched_dfs_chan_update(rdev);
8632 
8633 	rdev->radar_chandef = chandef;
8634 
8635 	/* Propagate this notification to other radios as well */
8636 	queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
8637 
8638 	return 0;
8639 }
8640 
8641 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
8642 {
8643 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8644 	struct net_device *dev = info->user_ptr[1];
8645 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8646 	struct cfg80211_csa_settings params;
8647 	/* csa_attrs is defined static to avoid waste of stack size - this
8648 	 * function is called under RTNL lock, so this should not be a problem.
8649 	 */
8650 	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
8651 	int err;
8652 	bool need_new_beacon = false;
8653 	bool need_handle_dfs_flag = true;
8654 	int len, i;
8655 	u32 cs_count;
8656 
8657 	if (!rdev->ops->channel_switch ||
8658 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
8659 		return -EOPNOTSUPP;
8660 
8661 	switch (dev->ieee80211_ptr->iftype) {
8662 	case NL80211_IFTYPE_AP:
8663 	case NL80211_IFTYPE_P2P_GO:
8664 		need_new_beacon = true;
8665 		/* For all modes except AP the handle_dfs flag needs to be
8666 		 * supplied to tell the kernel that userspace will handle radar
8667 		 * events when they happen. Otherwise a switch to a channel
8668 		 * requiring DFS will be rejected.
8669 		 */
8670 		need_handle_dfs_flag = false;
8671 
8672 		/* useless if AP is not running */
8673 		if (!wdev->beacon_interval)
8674 			return -ENOTCONN;
8675 		break;
8676 	case NL80211_IFTYPE_ADHOC:
8677 		if (!wdev->ssid_len)
8678 			return -ENOTCONN;
8679 		break;
8680 	case NL80211_IFTYPE_MESH_POINT:
8681 		if (!wdev->mesh_id_len)
8682 			return -ENOTCONN;
8683 		break;
8684 	default:
8685 		return -EOPNOTSUPP;
8686 	}
8687 
8688 	memset(&params, 0, sizeof(params));
8689 	params.beacon_csa.ftm_responder = -1;
8690 
8691 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8692 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
8693 		return -EINVAL;
8694 
8695 	/* only important for AP, IBSS and mesh create IEs internally */
8696 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
8697 		return -EINVAL;
8698 
8699 	/* Even though the attribute is u32, the specification says
8700 	 * u8, so let's make sure we don't overflow.
8701 	 */
8702 	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
8703 	if (cs_count > 255)
8704 		return -EINVAL;
8705 
8706 	params.count = cs_count;
8707 
8708 	if (!need_new_beacon)
8709 		goto skip_beacons;
8710 
8711 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after);
8712 	if (err)
8713 		return err;
8714 
8715 	err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
8716 					  info->attrs[NL80211_ATTR_CSA_IES],
8717 					  nl80211_policy, info->extack);
8718 	if (err)
8719 		return err;
8720 
8721 	err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa);
8722 	if (err)
8723 		return err;
8724 
8725 	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
8726 		return -EINVAL;
8727 
8728 	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8729 	if (!len || (len % sizeof(u16)))
8730 		return -EINVAL;
8731 
8732 	params.n_counter_offsets_beacon = len / sizeof(u16);
8733 	if (rdev->wiphy.max_num_csa_counters &&
8734 	    (params.n_counter_offsets_beacon >
8735 	     rdev->wiphy.max_num_csa_counters))
8736 		return -EINVAL;
8737 
8738 	params.counter_offsets_beacon =
8739 		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8740 
8741 	/* sanity checks - counters should fit and be the same */
8742 	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
8743 		u16 offset = params.counter_offsets_beacon[i];
8744 
8745 		if (offset >= params.beacon_csa.tail_len)
8746 			return -EINVAL;
8747 
8748 		if (params.beacon_csa.tail[offset] != params.count)
8749 			return -EINVAL;
8750 	}
8751 
8752 	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
8753 		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8754 		if (!len || (len % sizeof(u16)))
8755 			return -EINVAL;
8756 
8757 		params.n_counter_offsets_presp = len / sizeof(u16);
8758 		if (rdev->wiphy.max_num_csa_counters &&
8759 		    (params.n_counter_offsets_presp >
8760 		     rdev->wiphy.max_num_csa_counters))
8761 			return -EINVAL;
8762 
8763 		params.counter_offsets_presp =
8764 			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8765 
8766 		/* sanity checks - counters should fit and be the same */
8767 		for (i = 0; i < params.n_counter_offsets_presp; i++) {
8768 			u16 offset = params.counter_offsets_presp[i];
8769 
8770 			if (offset >= params.beacon_csa.probe_resp_len)
8771 				return -EINVAL;
8772 
8773 			if (params.beacon_csa.probe_resp[offset] !=
8774 			    params.count)
8775 				return -EINVAL;
8776 		}
8777 	}
8778 
8779 skip_beacons:
8780 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
8781 	if (err)
8782 		return err;
8783 
8784 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
8785 					   wdev->iftype))
8786 		return -EINVAL;
8787 
8788 	err = cfg80211_chandef_dfs_required(wdev->wiphy,
8789 					    &params.chandef,
8790 					    wdev->iftype);
8791 	if (err < 0)
8792 		return err;
8793 
8794 	if (err > 0) {
8795 		params.radar_required = true;
8796 		if (need_handle_dfs_flag &&
8797 		    !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
8798 			return -EINVAL;
8799 		}
8800 	}
8801 
8802 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
8803 		params.block_tx = true;
8804 
8805 	wdev_lock(wdev);
8806 	err = rdev_channel_switch(rdev, dev, &params);
8807 	wdev_unlock(wdev);
8808 
8809 	return err;
8810 }
8811 
8812 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
8813 			    u32 seq, int flags,
8814 			    struct cfg80211_registered_device *rdev,
8815 			    struct wireless_dev *wdev,
8816 			    struct cfg80211_internal_bss *intbss)
8817 {
8818 	struct cfg80211_bss *res = &intbss->pub;
8819 	const struct cfg80211_bss_ies *ies;
8820 	void *hdr;
8821 	struct nlattr *bss;
8822 
8823 	ASSERT_WDEV_LOCK(wdev);
8824 
8825 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8826 			     NL80211_CMD_NEW_SCAN_RESULTS);
8827 	if (!hdr)
8828 		return -1;
8829 
8830 	genl_dump_check_consistent(cb, hdr);
8831 
8832 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
8833 		goto nla_put_failure;
8834 	if (wdev->netdev &&
8835 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
8836 		goto nla_put_failure;
8837 	if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
8838 			      NL80211_ATTR_PAD))
8839 		goto nla_put_failure;
8840 
8841 	bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
8842 	if (!bss)
8843 		goto nla_put_failure;
8844 	if ((!is_zero_ether_addr(res->bssid) &&
8845 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
8846 		goto nla_put_failure;
8847 
8848 	rcu_read_lock();
8849 	/* indicate whether we have probe response data or not */
8850 	if (rcu_access_pointer(res->proberesp_ies) &&
8851 	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
8852 		goto fail_unlock_rcu;
8853 
8854 	/* this pointer prefers to be pointed to probe response data
8855 	 * but is always valid
8856 	 */
8857 	ies = rcu_dereference(res->ies);
8858 	if (ies) {
8859 		if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
8860 				      NL80211_BSS_PAD))
8861 			goto fail_unlock_rcu;
8862 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
8863 					ies->len, ies->data))
8864 			goto fail_unlock_rcu;
8865 	}
8866 
8867 	/* and this pointer is always (unless driver didn't know) beacon data */
8868 	ies = rcu_dereference(res->beacon_ies);
8869 	if (ies && ies->from_beacon) {
8870 		if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
8871 				      NL80211_BSS_PAD))
8872 			goto fail_unlock_rcu;
8873 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
8874 					ies->len, ies->data))
8875 			goto fail_unlock_rcu;
8876 	}
8877 	rcu_read_unlock();
8878 
8879 	if (res->beacon_interval &&
8880 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
8881 		goto nla_put_failure;
8882 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
8883 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
8884 	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
8885 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
8886 			jiffies_to_msecs(jiffies - intbss->ts)))
8887 		goto nla_put_failure;
8888 
8889 	if (intbss->parent_tsf &&
8890 	    (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
8891 			       intbss->parent_tsf, NL80211_BSS_PAD) ||
8892 	     nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
8893 		     intbss->parent_bssid)))
8894 		goto nla_put_failure;
8895 
8896 	if (intbss->ts_boottime &&
8897 	    nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
8898 			      intbss->ts_boottime, NL80211_BSS_PAD))
8899 		goto nla_put_failure;
8900 
8901 	if (!nl80211_put_signal(msg, intbss->pub.chains,
8902 				intbss->pub.chain_signal,
8903 				NL80211_BSS_CHAIN_SIGNAL))
8904 		goto nla_put_failure;
8905 
8906 	switch (rdev->wiphy.signal_type) {
8907 	case CFG80211_SIGNAL_TYPE_MBM:
8908 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
8909 			goto nla_put_failure;
8910 		break;
8911 	case CFG80211_SIGNAL_TYPE_UNSPEC:
8912 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
8913 			goto nla_put_failure;
8914 		break;
8915 	default:
8916 		break;
8917 	}
8918 
8919 	switch (wdev->iftype) {
8920 	case NL80211_IFTYPE_P2P_CLIENT:
8921 	case NL80211_IFTYPE_STATION:
8922 		if (intbss == wdev->current_bss &&
8923 		    nla_put_u32(msg, NL80211_BSS_STATUS,
8924 				NL80211_BSS_STATUS_ASSOCIATED))
8925 			goto nla_put_failure;
8926 		break;
8927 	case NL80211_IFTYPE_ADHOC:
8928 		if (intbss == wdev->current_bss &&
8929 		    nla_put_u32(msg, NL80211_BSS_STATUS,
8930 				NL80211_BSS_STATUS_IBSS_JOINED))
8931 			goto nla_put_failure;
8932 		break;
8933 	default:
8934 		break;
8935 	}
8936 
8937 	nla_nest_end(msg, bss);
8938 
8939 	genlmsg_end(msg, hdr);
8940 	return 0;
8941 
8942  fail_unlock_rcu:
8943 	rcu_read_unlock();
8944  nla_put_failure:
8945 	genlmsg_cancel(msg, hdr);
8946 	return -EMSGSIZE;
8947 }
8948 
8949 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
8950 {
8951 	struct cfg80211_registered_device *rdev;
8952 	struct cfg80211_internal_bss *scan;
8953 	struct wireless_dev *wdev;
8954 	int start = cb->args[2], idx = 0;
8955 	int err;
8956 
8957 	rtnl_lock();
8958 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8959 	if (err) {
8960 		rtnl_unlock();
8961 		return err;
8962 	}
8963 
8964 	wdev_lock(wdev);
8965 	spin_lock_bh(&rdev->bss_lock);
8966 
8967 	/*
8968 	 * dump_scan will be called multiple times to break up the scan results
8969 	 * into multiple messages.  It is unlikely that any more bss-es will be
8970 	 * expired after the first call, so only call only call this on the
8971 	 * first dump_scan invocation.
8972 	 */
8973 	if (start == 0)
8974 		cfg80211_bss_expire(rdev);
8975 
8976 	cb->seq = rdev->bss_generation;
8977 
8978 	list_for_each_entry(scan, &rdev->bss_list, list) {
8979 		if (++idx <= start)
8980 			continue;
8981 		if (nl80211_send_bss(skb, cb,
8982 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
8983 				rdev, wdev, scan) < 0) {
8984 			idx--;
8985 			break;
8986 		}
8987 	}
8988 
8989 	spin_unlock_bh(&rdev->bss_lock);
8990 	wdev_unlock(wdev);
8991 
8992 	cb->args[2] = idx;
8993 	rtnl_unlock();
8994 
8995 	return skb->len;
8996 }
8997 
8998 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
8999 			       int flags, struct net_device *dev,
9000 			       bool allow_radio_stats,
9001 			       struct survey_info *survey)
9002 {
9003 	void *hdr;
9004 	struct nlattr *infoattr;
9005 
9006 	/* skip radio stats if userspace didn't request them */
9007 	if (!survey->channel && !allow_radio_stats)
9008 		return 0;
9009 
9010 	hdr = nl80211hdr_put(msg, portid, seq, flags,
9011 			     NL80211_CMD_NEW_SURVEY_RESULTS);
9012 	if (!hdr)
9013 		return -ENOMEM;
9014 
9015 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
9016 		goto nla_put_failure;
9017 
9018 	infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
9019 	if (!infoattr)
9020 		goto nla_put_failure;
9021 
9022 	if (survey->channel &&
9023 	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
9024 			survey->channel->center_freq))
9025 		goto nla_put_failure;
9026 
9027 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
9028 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
9029 		goto nla_put_failure;
9030 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
9031 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
9032 		goto nla_put_failure;
9033 	if ((survey->filled & SURVEY_INFO_TIME) &&
9034 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
9035 			survey->time, NL80211_SURVEY_INFO_PAD))
9036 		goto nla_put_failure;
9037 	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
9038 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
9039 			      survey->time_busy, NL80211_SURVEY_INFO_PAD))
9040 		goto nla_put_failure;
9041 	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
9042 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
9043 			      survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
9044 		goto nla_put_failure;
9045 	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
9046 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
9047 			      survey->time_rx, NL80211_SURVEY_INFO_PAD))
9048 		goto nla_put_failure;
9049 	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
9050 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
9051 			      survey->time_tx, NL80211_SURVEY_INFO_PAD))
9052 		goto nla_put_failure;
9053 	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
9054 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
9055 			      survey->time_scan, NL80211_SURVEY_INFO_PAD))
9056 		goto nla_put_failure;
9057 	if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
9058 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
9059 			      survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
9060 		goto nla_put_failure;
9061 
9062 	nla_nest_end(msg, infoattr);
9063 
9064 	genlmsg_end(msg, hdr);
9065 	return 0;
9066 
9067  nla_put_failure:
9068 	genlmsg_cancel(msg, hdr);
9069 	return -EMSGSIZE;
9070 }
9071 
9072 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
9073 {
9074 	struct nlattr **attrbuf;
9075 	struct survey_info survey;
9076 	struct cfg80211_registered_device *rdev;
9077 	struct wireless_dev *wdev;
9078 	int survey_idx = cb->args[2];
9079 	int res;
9080 	bool radio_stats;
9081 
9082 	attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
9083 	if (!attrbuf)
9084 		return -ENOMEM;
9085 
9086 	rtnl_lock();
9087 	res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9088 	if (res)
9089 		goto out_err;
9090 
9091 	/* prepare_wdev_dump parsed the attributes */
9092 	radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
9093 
9094 	if (!wdev->netdev) {
9095 		res = -EINVAL;
9096 		goto out_err;
9097 	}
9098 
9099 	if (!rdev->ops->dump_survey) {
9100 		res = -EOPNOTSUPP;
9101 		goto out_err;
9102 	}
9103 
9104 	while (1) {
9105 		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
9106 		if (res == -ENOENT)
9107 			break;
9108 		if (res)
9109 			goto out_err;
9110 
9111 		/* don't send disabled channels, but do send non-channel data */
9112 		if (survey.channel &&
9113 		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
9114 			survey_idx++;
9115 			continue;
9116 		}
9117 
9118 		if (nl80211_send_survey(skb,
9119 				NETLINK_CB(cb->skb).portid,
9120 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
9121 				wdev->netdev, radio_stats, &survey) < 0)
9122 			goto out;
9123 		survey_idx++;
9124 	}
9125 
9126  out:
9127 	cb->args[2] = survey_idx;
9128 	res = skb->len;
9129  out_err:
9130 	kfree(attrbuf);
9131 	rtnl_unlock();
9132 	return res;
9133 }
9134 
9135 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
9136 {
9137 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
9138 				  NL80211_WPA_VERSION_2 |
9139 				  NL80211_WPA_VERSION_3));
9140 }
9141 
9142 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
9143 {
9144 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9145 	struct net_device *dev = info->user_ptr[1];
9146 	struct ieee80211_channel *chan;
9147 	const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
9148 	int err, ssid_len, ie_len = 0, auth_data_len = 0;
9149 	enum nl80211_auth_type auth_type;
9150 	struct key_parse key;
9151 	bool local_state_change;
9152 
9153 	if (!info->attrs[NL80211_ATTR_MAC])
9154 		return -EINVAL;
9155 
9156 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
9157 		return -EINVAL;
9158 
9159 	if (!info->attrs[NL80211_ATTR_SSID])
9160 		return -EINVAL;
9161 
9162 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9163 		return -EINVAL;
9164 
9165 	err = nl80211_parse_key(info, &key);
9166 	if (err)
9167 		return err;
9168 
9169 	if (key.idx >= 0) {
9170 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
9171 			return -EINVAL;
9172 		if (!key.p.key || !key.p.key_len)
9173 			return -EINVAL;
9174 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
9175 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
9176 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
9177 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
9178 			return -EINVAL;
9179 		if (key.idx > 3)
9180 			return -EINVAL;
9181 	} else {
9182 		key.p.key_len = 0;
9183 		key.p.key = NULL;
9184 	}
9185 
9186 	if (key.idx >= 0) {
9187 		int i;
9188 		bool ok = false;
9189 
9190 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
9191 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
9192 				ok = true;
9193 				break;
9194 			}
9195 		}
9196 		if (!ok)
9197 			return -EINVAL;
9198 	}
9199 
9200 	if (!rdev->ops->auth)
9201 		return -EOPNOTSUPP;
9202 
9203 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9204 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9205 		return -EOPNOTSUPP;
9206 
9207 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9208 	chan = nl80211_get_valid_chan(&rdev->wiphy,
9209 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9210 	if (!chan)
9211 		return -EINVAL;
9212 
9213 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9214 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9215 
9216 	if (info->attrs[NL80211_ATTR_IE]) {
9217 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9218 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9219 	}
9220 
9221 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9222 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
9223 		return -EINVAL;
9224 
9225 	if ((auth_type == NL80211_AUTHTYPE_SAE ||
9226 	     auth_type == NL80211_AUTHTYPE_FILS_SK ||
9227 	     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
9228 	     auth_type == NL80211_AUTHTYPE_FILS_PK) &&
9229 	    !info->attrs[NL80211_ATTR_AUTH_DATA])
9230 		return -EINVAL;
9231 
9232 	if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
9233 		if (auth_type != NL80211_AUTHTYPE_SAE &&
9234 		    auth_type != NL80211_AUTHTYPE_FILS_SK &&
9235 		    auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
9236 		    auth_type != NL80211_AUTHTYPE_FILS_PK)
9237 			return -EINVAL;
9238 		auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
9239 		auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
9240 		/* need to include at least Auth Transaction and Status Code */
9241 		if (auth_data_len < 4)
9242 			return -EINVAL;
9243 	}
9244 
9245 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9246 
9247 	/*
9248 	 * Since we no longer track auth state, ignore
9249 	 * requests to only change local state.
9250 	 */
9251 	if (local_state_change)
9252 		return 0;
9253 
9254 	wdev_lock(dev->ieee80211_ptr);
9255 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
9256 				 ssid, ssid_len, ie, ie_len,
9257 				 key.p.key, key.p.key_len, key.idx,
9258 				 auth_data, auth_data_len);
9259 	wdev_unlock(dev->ieee80211_ptr);
9260 	return err;
9261 }
9262 
9263 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
9264 				     struct genl_info *info)
9265 {
9266 	if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9267 		GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
9268 		return -EINVAL;
9269 	}
9270 
9271 	if (!rdev->ops->tx_control_port ||
9272 	    !wiphy_ext_feature_isset(&rdev->wiphy,
9273 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
9274 		return -EOPNOTSUPP;
9275 
9276 	return 0;
9277 }
9278 
9279 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
9280 				   struct genl_info *info,
9281 				   struct cfg80211_crypto_settings *settings,
9282 				   int cipher_limit)
9283 {
9284 	memset(settings, 0, sizeof(*settings));
9285 
9286 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
9287 
9288 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
9289 		u16 proto;
9290 
9291 		proto = nla_get_u16(
9292 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
9293 		settings->control_port_ethertype = cpu_to_be16(proto);
9294 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
9295 		    proto != ETH_P_PAE)
9296 			return -EINVAL;
9297 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
9298 			settings->control_port_no_encrypt = true;
9299 	} else
9300 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
9301 
9302 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9303 		int r = validate_pae_over_nl80211(rdev, info);
9304 
9305 		if (r < 0)
9306 			return r;
9307 
9308 		settings->control_port_over_nl80211 = true;
9309 	}
9310 
9311 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
9312 		void *data;
9313 		int len, i;
9314 
9315 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9316 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9317 		settings->n_ciphers_pairwise = len / sizeof(u32);
9318 
9319 		if (len % sizeof(u32))
9320 			return -EINVAL;
9321 
9322 		if (settings->n_ciphers_pairwise > cipher_limit)
9323 			return -EINVAL;
9324 
9325 		memcpy(settings->ciphers_pairwise, data, len);
9326 
9327 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
9328 			if (!cfg80211_supported_cipher_suite(
9329 					&rdev->wiphy,
9330 					settings->ciphers_pairwise[i]))
9331 				return -EINVAL;
9332 	}
9333 
9334 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
9335 		settings->cipher_group =
9336 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
9337 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
9338 						     settings->cipher_group))
9339 			return -EINVAL;
9340 	}
9341 
9342 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
9343 		settings->wpa_versions =
9344 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
9345 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
9346 			return -EINVAL;
9347 	}
9348 
9349 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
9350 		void *data;
9351 		int len;
9352 
9353 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
9354 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
9355 		settings->n_akm_suites = len / sizeof(u32);
9356 
9357 		if (len % sizeof(u32))
9358 			return -EINVAL;
9359 
9360 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
9361 			return -EINVAL;
9362 
9363 		memcpy(settings->akm_suites, data, len);
9364 	}
9365 
9366 	if (info->attrs[NL80211_ATTR_PMK]) {
9367 		if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
9368 			return -EINVAL;
9369 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9370 					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
9371 			return -EINVAL;
9372 		settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9373 	}
9374 
9375 	if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
9376 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9377 					     NL80211_EXT_FEATURE_SAE_OFFLOAD))
9378 			return -EINVAL;
9379 		settings->sae_pwd =
9380 			nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9381 		settings->sae_pwd_len =
9382 			nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9383 	}
9384 
9385 	return 0;
9386 }
9387 
9388 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
9389 {
9390 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9391 	struct net_device *dev = info->user_ptr[1];
9392 	struct ieee80211_channel *chan;
9393 	struct cfg80211_assoc_request req = {};
9394 	const u8 *bssid, *ssid;
9395 	int err, ssid_len = 0;
9396 
9397 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9398 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9399 		return -EPERM;
9400 
9401 	if (!info->attrs[NL80211_ATTR_MAC] ||
9402 	    !info->attrs[NL80211_ATTR_SSID] ||
9403 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9404 		return -EINVAL;
9405 
9406 	if (!rdev->ops->assoc)
9407 		return -EOPNOTSUPP;
9408 
9409 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9410 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9411 		return -EOPNOTSUPP;
9412 
9413 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9414 
9415 	chan = nl80211_get_valid_chan(&rdev->wiphy,
9416 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9417 	if (!chan)
9418 		return -EINVAL;
9419 
9420 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9421 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9422 
9423 	if (info->attrs[NL80211_ATTR_IE]) {
9424 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9425 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9426 	}
9427 
9428 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
9429 		enum nl80211_mfp mfp =
9430 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9431 		if (mfp == NL80211_MFP_REQUIRED)
9432 			req.use_mfp = true;
9433 		else if (mfp != NL80211_MFP_NO)
9434 			return -EINVAL;
9435 	}
9436 
9437 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
9438 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9439 
9440 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9441 		req.flags |= ASSOC_REQ_DISABLE_HT;
9442 
9443 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9444 		memcpy(&req.ht_capa_mask,
9445 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9446 		       sizeof(req.ht_capa_mask));
9447 
9448 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9449 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9450 			return -EINVAL;
9451 		memcpy(&req.ht_capa,
9452 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9453 		       sizeof(req.ht_capa));
9454 	}
9455 
9456 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9457 		req.flags |= ASSOC_REQ_DISABLE_VHT;
9458 
9459 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9460 		memcpy(&req.vht_capa_mask,
9461 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9462 		       sizeof(req.vht_capa_mask));
9463 
9464 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9465 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9466 			return -EINVAL;
9467 		memcpy(&req.vht_capa,
9468 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9469 		       sizeof(req.vht_capa));
9470 	}
9471 
9472 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9473 		if (!((rdev->wiphy.features &
9474 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9475 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9476 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9477 					     NL80211_EXT_FEATURE_RRM))
9478 			return -EINVAL;
9479 		req.flags |= ASSOC_REQ_USE_RRM;
9480 	}
9481 
9482 	if (info->attrs[NL80211_ATTR_FILS_KEK]) {
9483 		req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
9484 		req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
9485 		if (!info->attrs[NL80211_ATTR_FILS_NONCES])
9486 			return -EINVAL;
9487 		req.fils_nonces =
9488 			nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
9489 	}
9490 
9491 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
9492 	if (!err) {
9493 		wdev_lock(dev->ieee80211_ptr);
9494 
9495 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
9496 					  ssid, ssid_len, &req);
9497 
9498 		if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9499 			dev->ieee80211_ptr->conn_owner_nlportid =
9500 				info->snd_portid;
9501 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
9502 			       bssid, ETH_ALEN);
9503 		}
9504 
9505 		wdev_unlock(dev->ieee80211_ptr);
9506 	}
9507 
9508 	return err;
9509 }
9510 
9511 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
9512 {
9513 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9514 	struct net_device *dev = info->user_ptr[1];
9515 	const u8 *ie = NULL, *bssid;
9516 	int ie_len = 0, err;
9517 	u16 reason_code;
9518 	bool local_state_change;
9519 
9520 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9521 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9522 		return -EPERM;
9523 
9524 	if (!info->attrs[NL80211_ATTR_MAC])
9525 		return -EINVAL;
9526 
9527 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
9528 		return -EINVAL;
9529 
9530 	if (!rdev->ops->deauth)
9531 		return -EOPNOTSUPP;
9532 
9533 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9534 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9535 		return -EOPNOTSUPP;
9536 
9537 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9538 
9539 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9540 	if (reason_code == 0) {
9541 		/* Reason Code 0 is reserved */
9542 		return -EINVAL;
9543 	}
9544 
9545 	if (info->attrs[NL80211_ATTR_IE]) {
9546 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9547 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9548 	}
9549 
9550 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9551 
9552 	wdev_lock(dev->ieee80211_ptr);
9553 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
9554 				   local_state_change);
9555 	wdev_unlock(dev->ieee80211_ptr);
9556 	return err;
9557 }
9558 
9559 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
9560 {
9561 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9562 	struct net_device *dev = info->user_ptr[1];
9563 	const u8 *ie = NULL, *bssid;
9564 	int ie_len = 0, err;
9565 	u16 reason_code;
9566 	bool local_state_change;
9567 
9568 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9569 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9570 		return -EPERM;
9571 
9572 	if (!info->attrs[NL80211_ATTR_MAC])
9573 		return -EINVAL;
9574 
9575 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
9576 		return -EINVAL;
9577 
9578 	if (!rdev->ops->disassoc)
9579 		return -EOPNOTSUPP;
9580 
9581 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9582 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9583 		return -EOPNOTSUPP;
9584 
9585 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9586 
9587 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9588 	if (reason_code == 0) {
9589 		/* Reason Code 0 is reserved */
9590 		return -EINVAL;
9591 	}
9592 
9593 	if (info->attrs[NL80211_ATTR_IE]) {
9594 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9595 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9596 	}
9597 
9598 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9599 
9600 	wdev_lock(dev->ieee80211_ptr);
9601 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
9602 				     local_state_change);
9603 	wdev_unlock(dev->ieee80211_ptr);
9604 	return err;
9605 }
9606 
9607 static bool
9608 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
9609 			 int mcast_rate[NUM_NL80211_BANDS],
9610 			 int rateval)
9611 {
9612 	struct wiphy *wiphy = &rdev->wiphy;
9613 	bool found = false;
9614 	int band, i;
9615 
9616 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
9617 		struct ieee80211_supported_band *sband;
9618 
9619 		sband = wiphy->bands[band];
9620 		if (!sband)
9621 			continue;
9622 
9623 		for (i = 0; i < sband->n_bitrates; i++) {
9624 			if (sband->bitrates[i].bitrate == rateval) {
9625 				mcast_rate[band] = i + 1;
9626 				found = true;
9627 				break;
9628 			}
9629 		}
9630 	}
9631 
9632 	return found;
9633 }
9634 
9635 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
9636 {
9637 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9638 	struct net_device *dev = info->user_ptr[1];
9639 	struct cfg80211_ibss_params ibss;
9640 	struct wiphy *wiphy;
9641 	struct cfg80211_cached_keys *connkeys = NULL;
9642 	int err;
9643 
9644 	memset(&ibss, 0, sizeof(ibss));
9645 
9646 	if (!info->attrs[NL80211_ATTR_SSID] ||
9647 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
9648 		return -EINVAL;
9649 
9650 	ibss.beacon_interval = 100;
9651 
9652 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
9653 		ibss.beacon_interval =
9654 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9655 
9656 	err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
9657 					   ibss.beacon_interval);
9658 	if (err)
9659 		return err;
9660 
9661 	if (!rdev->ops->join_ibss)
9662 		return -EOPNOTSUPP;
9663 
9664 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9665 		return -EOPNOTSUPP;
9666 
9667 	wiphy = &rdev->wiphy;
9668 
9669 	if (info->attrs[NL80211_ATTR_MAC]) {
9670 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9671 
9672 		if (!is_valid_ether_addr(ibss.bssid))
9673 			return -EINVAL;
9674 	}
9675 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9676 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9677 
9678 	if (info->attrs[NL80211_ATTR_IE]) {
9679 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9680 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9681 	}
9682 
9683 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
9684 	if (err)
9685 		return err;
9686 
9687 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
9688 				     NL80211_IFTYPE_ADHOC))
9689 		return -EINVAL;
9690 
9691 	switch (ibss.chandef.width) {
9692 	case NL80211_CHAN_WIDTH_5:
9693 	case NL80211_CHAN_WIDTH_10:
9694 	case NL80211_CHAN_WIDTH_20_NOHT:
9695 		break;
9696 	case NL80211_CHAN_WIDTH_20:
9697 	case NL80211_CHAN_WIDTH_40:
9698 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9699 			return -EINVAL;
9700 		break;
9701 	case NL80211_CHAN_WIDTH_80:
9702 	case NL80211_CHAN_WIDTH_80P80:
9703 	case NL80211_CHAN_WIDTH_160:
9704 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9705 			return -EINVAL;
9706 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9707 					     NL80211_EXT_FEATURE_VHT_IBSS))
9708 			return -EINVAL;
9709 		break;
9710 	default:
9711 		return -EINVAL;
9712 	}
9713 
9714 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
9715 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
9716 
9717 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9718 		u8 *rates =
9719 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9720 		int n_rates =
9721 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9722 		struct ieee80211_supported_band *sband =
9723 			wiphy->bands[ibss.chandef.chan->band];
9724 
9725 		err = ieee80211_get_ratemask(sband, rates, n_rates,
9726 					     &ibss.basic_rates);
9727 		if (err)
9728 			return err;
9729 	}
9730 
9731 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9732 		memcpy(&ibss.ht_capa_mask,
9733 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9734 		       sizeof(ibss.ht_capa_mask));
9735 
9736 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9737 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9738 			return -EINVAL;
9739 		memcpy(&ibss.ht_capa,
9740 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9741 		       sizeof(ibss.ht_capa));
9742 	}
9743 
9744 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9745 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
9746 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9747 		return -EINVAL;
9748 
9749 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9750 		bool no_ht = false;
9751 
9752 		connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
9753 		if (IS_ERR(connkeys))
9754 			return PTR_ERR(connkeys);
9755 
9756 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
9757 		    no_ht) {
9758 			kzfree(connkeys);
9759 			return -EINVAL;
9760 		}
9761 	}
9762 
9763 	ibss.control_port =
9764 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
9765 
9766 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9767 		int r = validate_pae_over_nl80211(rdev, info);
9768 
9769 		if (r < 0) {
9770 			kzfree(connkeys);
9771 			return r;
9772 		}
9773 
9774 		ibss.control_port_over_nl80211 = true;
9775 	}
9776 
9777 	ibss.userspace_handles_dfs =
9778 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
9779 
9780 	wdev_lock(dev->ieee80211_ptr);
9781 	err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
9782 	if (err)
9783 		kzfree(connkeys);
9784 	else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9785 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9786 	wdev_unlock(dev->ieee80211_ptr);
9787 
9788 	return err;
9789 }
9790 
9791 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
9792 {
9793 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9794 	struct net_device *dev = info->user_ptr[1];
9795 
9796 	if (!rdev->ops->leave_ibss)
9797 		return -EOPNOTSUPP;
9798 
9799 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9800 		return -EOPNOTSUPP;
9801 
9802 	return cfg80211_leave_ibss(rdev, dev, false);
9803 }
9804 
9805 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
9806 {
9807 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9808 	struct net_device *dev = info->user_ptr[1];
9809 	int mcast_rate[NUM_NL80211_BANDS];
9810 	u32 nla_rate;
9811 	int err;
9812 
9813 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
9814 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
9815 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
9816 		return -EOPNOTSUPP;
9817 
9818 	if (!rdev->ops->set_mcast_rate)
9819 		return -EOPNOTSUPP;
9820 
9821 	memset(mcast_rate, 0, sizeof(mcast_rate));
9822 
9823 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
9824 		return -EINVAL;
9825 
9826 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
9827 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
9828 		return -EINVAL;
9829 
9830 	err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
9831 
9832 	return err;
9833 }
9834 
9835 static struct sk_buff *
9836 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
9837 			    struct wireless_dev *wdev, int approxlen,
9838 			    u32 portid, u32 seq, enum nl80211_commands cmd,
9839 			    enum nl80211_attrs attr,
9840 			    const struct nl80211_vendor_cmd_info *info,
9841 			    gfp_t gfp)
9842 {
9843 	struct sk_buff *skb;
9844 	void *hdr;
9845 	struct nlattr *data;
9846 
9847 	skb = nlmsg_new(approxlen + 100, gfp);
9848 	if (!skb)
9849 		return NULL;
9850 
9851 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
9852 	if (!hdr) {
9853 		kfree_skb(skb);
9854 		return NULL;
9855 	}
9856 
9857 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
9858 		goto nla_put_failure;
9859 
9860 	if (info) {
9861 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
9862 				info->vendor_id))
9863 			goto nla_put_failure;
9864 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
9865 				info->subcmd))
9866 			goto nla_put_failure;
9867 	}
9868 
9869 	if (wdev) {
9870 		if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
9871 				      wdev_id(wdev), NL80211_ATTR_PAD))
9872 			goto nla_put_failure;
9873 		if (wdev->netdev &&
9874 		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
9875 				wdev->netdev->ifindex))
9876 			goto nla_put_failure;
9877 	}
9878 
9879 	data = nla_nest_start_noflag(skb, attr);
9880 	if (!data)
9881 		goto nla_put_failure;
9882 
9883 	((void **)skb->cb)[0] = rdev;
9884 	((void **)skb->cb)[1] = hdr;
9885 	((void **)skb->cb)[2] = data;
9886 
9887 	return skb;
9888 
9889  nla_put_failure:
9890 	kfree_skb(skb);
9891 	return NULL;
9892 }
9893 
9894 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
9895 					   struct wireless_dev *wdev,
9896 					   enum nl80211_commands cmd,
9897 					   enum nl80211_attrs attr,
9898 					   unsigned int portid,
9899 					   int vendor_event_idx,
9900 					   int approxlen, gfp_t gfp)
9901 {
9902 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9903 	const struct nl80211_vendor_cmd_info *info;
9904 
9905 	switch (cmd) {
9906 	case NL80211_CMD_TESTMODE:
9907 		if (WARN_ON(vendor_event_idx != -1))
9908 			return NULL;
9909 		info = NULL;
9910 		break;
9911 	case NL80211_CMD_VENDOR:
9912 		if (WARN_ON(vendor_event_idx < 0 ||
9913 			    vendor_event_idx >= wiphy->n_vendor_events))
9914 			return NULL;
9915 		info = &wiphy->vendor_events[vendor_event_idx];
9916 		break;
9917 	default:
9918 		WARN_ON(1);
9919 		return NULL;
9920 	}
9921 
9922 	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
9923 					   cmd, attr, info, gfp);
9924 }
9925 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
9926 
9927 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
9928 {
9929 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9930 	void *hdr = ((void **)skb->cb)[1];
9931 	struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
9932 	struct nlattr *data = ((void **)skb->cb)[2];
9933 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
9934 
9935 	/* clear CB data for netlink core to own from now on */
9936 	memset(skb->cb, 0, sizeof(skb->cb));
9937 
9938 	nla_nest_end(skb, data);
9939 	genlmsg_end(skb, hdr);
9940 
9941 	if (nlhdr->nlmsg_pid) {
9942 		genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
9943 				nlhdr->nlmsg_pid);
9944 	} else {
9945 		if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
9946 			mcgrp = NL80211_MCGRP_VENDOR;
9947 
9948 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
9949 					skb, 0, mcgrp, gfp);
9950 	}
9951 }
9952 EXPORT_SYMBOL(__cfg80211_send_event_skb);
9953 
9954 #ifdef CONFIG_NL80211_TESTMODE
9955 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
9956 {
9957 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9958 	struct wireless_dev *wdev =
9959 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9960 	int err;
9961 
9962 	if (!rdev->ops->testmode_cmd)
9963 		return -EOPNOTSUPP;
9964 
9965 	if (IS_ERR(wdev)) {
9966 		err = PTR_ERR(wdev);
9967 		if (err != -EINVAL)
9968 			return err;
9969 		wdev = NULL;
9970 	} else if (wdev->wiphy != &rdev->wiphy) {
9971 		return -EINVAL;
9972 	}
9973 
9974 	if (!info->attrs[NL80211_ATTR_TESTDATA])
9975 		return -EINVAL;
9976 
9977 	rdev->cur_cmd_info = info;
9978 	err = rdev_testmode_cmd(rdev, wdev,
9979 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
9980 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
9981 	rdev->cur_cmd_info = NULL;
9982 
9983 	return err;
9984 }
9985 
9986 static int nl80211_testmode_dump(struct sk_buff *skb,
9987 				 struct netlink_callback *cb)
9988 {
9989 	struct cfg80211_registered_device *rdev;
9990 	struct nlattr **attrbuf = NULL;
9991 	int err;
9992 	long phy_idx;
9993 	void *data = NULL;
9994 	int data_len = 0;
9995 
9996 	rtnl_lock();
9997 
9998 	if (cb->args[0]) {
9999 		/*
10000 		 * 0 is a valid index, but not valid for args[0],
10001 		 * so we need to offset by 1.
10002 		 */
10003 		phy_idx = cb->args[0] - 1;
10004 
10005 		rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
10006 		if (!rdev) {
10007 			err = -ENOENT;
10008 			goto out_err;
10009 		}
10010 	} else {
10011 		attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
10012 				  GFP_KERNEL);
10013 		if (!attrbuf) {
10014 			err = -ENOMEM;
10015 			goto out_err;
10016 		}
10017 
10018 		err = nlmsg_parse_deprecated(cb->nlh,
10019 					     GENL_HDRLEN + nl80211_fam.hdrsize,
10020 					     attrbuf, nl80211_fam.maxattr,
10021 					     nl80211_policy, NULL);
10022 		if (err)
10023 			goto out_err;
10024 
10025 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
10026 		if (IS_ERR(rdev)) {
10027 			err = PTR_ERR(rdev);
10028 			goto out_err;
10029 		}
10030 		phy_idx = rdev->wiphy_idx;
10031 
10032 		if (attrbuf[NL80211_ATTR_TESTDATA])
10033 			cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
10034 	}
10035 
10036 	if (cb->args[1]) {
10037 		data = nla_data((void *)cb->args[1]);
10038 		data_len = nla_len((void *)cb->args[1]);
10039 	}
10040 
10041 	if (!rdev->ops->testmode_dump) {
10042 		err = -EOPNOTSUPP;
10043 		goto out_err;
10044 	}
10045 
10046 	while (1) {
10047 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
10048 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
10049 					   NL80211_CMD_TESTMODE);
10050 		struct nlattr *tmdata;
10051 
10052 		if (!hdr)
10053 			break;
10054 
10055 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
10056 			genlmsg_cancel(skb, hdr);
10057 			break;
10058 		}
10059 
10060 		tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
10061 		if (!tmdata) {
10062 			genlmsg_cancel(skb, hdr);
10063 			break;
10064 		}
10065 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
10066 		nla_nest_end(skb, tmdata);
10067 
10068 		if (err == -ENOBUFS || err == -ENOENT) {
10069 			genlmsg_cancel(skb, hdr);
10070 			break;
10071 		} else if (err) {
10072 			genlmsg_cancel(skb, hdr);
10073 			goto out_err;
10074 		}
10075 
10076 		genlmsg_end(skb, hdr);
10077 	}
10078 
10079 	err = skb->len;
10080 	/* see above */
10081 	cb->args[0] = phy_idx + 1;
10082  out_err:
10083 	kfree(attrbuf);
10084 	rtnl_unlock();
10085 	return err;
10086 }
10087 #endif
10088 
10089 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
10090 {
10091 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10092 	struct net_device *dev = info->user_ptr[1];
10093 	struct cfg80211_connect_params connect;
10094 	struct wiphy *wiphy;
10095 	struct cfg80211_cached_keys *connkeys = NULL;
10096 	int err;
10097 
10098 	memset(&connect, 0, sizeof(connect));
10099 
10100 	if (!info->attrs[NL80211_ATTR_SSID] ||
10101 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
10102 		return -EINVAL;
10103 
10104 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10105 		connect.auth_type =
10106 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10107 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
10108 					     NL80211_CMD_CONNECT))
10109 			return -EINVAL;
10110 	} else
10111 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
10112 
10113 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
10114 
10115 	if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
10116 	    !wiphy_ext_feature_isset(&rdev->wiphy,
10117 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
10118 		return -EINVAL;
10119 	connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
10120 
10121 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
10122 				      NL80211_MAX_NR_CIPHER_SUITES);
10123 	if (err)
10124 		return err;
10125 
10126 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10127 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10128 		return -EOPNOTSUPP;
10129 
10130 	wiphy = &rdev->wiphy;
10131 
10132 	connect.bg_scan_period = -1;
10133 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
10134 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
10135 		connect.bg_scan_period =
10136 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
10137 	}
10138 
10139 	if (info->attrs[NL80211_ATTR_MAC])
10140 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10141 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
10142 		connect.bssid_hint =
10143 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
10144 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10145 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10146 
10147 	if (info->attrs[NL80211_ATTR_IE]) {
10148 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10149 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10150 	}
10151 
10152 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
10153 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
10154 		if (connect.mfp == NL80211_MFP_OPTIONAL &&
10155 		    !wiphy_ext_feature_isset(&rdev->wiphy,
10156 					     NL80211_EXT_FEATURE_MFP_OPTIONAL))
10157 			return -EOPNOTSUPP;
10158 	} else {
10159 		connect.mfp = NL80211_MFP_NO;
10160 	}
10161 
10162 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
10163 		connect.prev_bssid =
10164 			nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
10165 
10166 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10167 		connect.channel = nl80211_get_valid_chan(
10168 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
10169 		if (!connect.channel)
10170 			return -EINVAL;
10171 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
10172 		connect.channel_hint = nl80211_get_valid_chan(
10173 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
10174 		if (!connect.channel_hint)
10175 			return -EINVAL;
10176 	}
10177 
10178 	if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
10179 		connect.edmg.channels =
10180 		      nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
10181 
10182 		if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
10183 			connect.edmg.bw_config =
10184 				nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
10185 	}
10186 
10187 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
10188 		connkeys = nl80211_parse_connkeys(rdev, info, NULL);
10189 		if (IS_ERR(connkeys))
10190 			return PTR_ERR(connkeys);
10191 	}
10192 
10193 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
10194 		connect.flags |= ASSOC_REQ_DISABLE_HT;
10195 
10196 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10197 		memcpy(&connect.ht_capa_mask,
10198 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10199 		       sizeof(connect.ht_capa_mask));
10200 
10201 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10202 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
10203 			kzfree(connkeys);
10204 			return -EINVAL;
10205 		}
10206 		memcpy(&connect.ht_capa,
10207 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10208 		       sizeof(connect.ht_capa));
10209 	}
10210 
10211 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10212 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
10213 
10214 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10215 		memcpy(&connect.vht_capa_mask,
10216 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10217 		       sizeof(connect.vht_capa_mask));
10218 
10219 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10220 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
10221 			kzfree(connkeys);
10222 			return -EINVAL;
10223 		}
10224 		memcpy(&connect.vht_capa,
10225 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10226 		       sizeof(connect.vht_capa));
10227 	}
10228 
10229 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10230 		if (!((rdev->wiphy.features &
10231 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10232 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10233 		    !wiphy_ext_feature_isset(&rdev->wiphy,
10234 					     NL80211_EXT_FEATURE_RRM)) {
10235 			kzfree(connkeys);
10236 			return -EINVAL;
10237 		}
10238 		connect.flags |= ASSOC_REQ_USE_RRM;
10239 	}
10240 
10241 	connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
10242 	if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
10243 		kzfree(connkeys);
10244 		return -EOPNOTSUPP;
10245 	}
10246 
10247 	if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
10248 		/* bss selection makes no sense if bssid is set */
10249 		if (connect.bssid) {
10250 			kzfree(connkeys);
10251 			return -EINVAL;
10252 		}
10253 
10254 		err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
10255 				       wiphy, &connect.bss_select);
10256 		if (err) {
10257 			kzfree(connkeys);
10258 			return err;
10259 		}
10260 	}
10261 
10262 	if (wiphy_ext_feature_isset(&rdev->wiphy,
10263 				    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
10264 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10265 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10266 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10267 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10268 		connect.fils_erp_username =
10269 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10270 		connect.fils_erp_username_len =
10271 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10272 		connect.fils_erp_realm =
10273 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10274 		connect.fils_erp_realm_len =
10275 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10276 		connect.fils_erp_next_seq_num =
10277 			nla_get_u16(
10278 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10279 		connect.fils_erp_rrk =
10280 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10281 		connect.fils_erp_rrk_len =
10282 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10283 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10284 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10285 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10286 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10287 		kzfree(connkeys);
10288 		return -EINVAL;
10289 	}
10290 
10291 	if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
10292 		if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10293 			kzfree(connkeys);
10294 			GENL_SET_ERR_MSG(info,
10295 					 "external auth requires connection ownership");
10296 			return -EINVAL;
10297 		}
10298 		connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
10299 	}
10300 
10301 	wdev_lock(dev->ieee80211_ptr);
10302 
10303 	err = cfg80211_connect(rdev, dev, &connect, connkeys,
10304 			       connect.prev_bssid);
10305 	if (err)
10306 		kzfree(connkeys);
10307 
10308 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10309 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10310 		if (connect.bssid)
10311 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
10312 			       connect.bssid, ETH_ALEN);
10313 		else
10314 			memset(dev->ieee80211_ptr->disconnect_bssid,
10315 			       0, ETH_ALEN);
10316 	}
10317 
10318 	wdev_unlock(dev->ieee80211_ptr);
10319 
10320 	return err;
10321 }
10322 
10323 static int nl80211_update_connect_params(struct sk_buff *skb,
10324 					 struct genl_info *info)
10325 {
10326 	struct cfg80211_connect_params connect = {};
10327 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10328 	struct net_device *dev = info->user_ptr[1];
10329 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10330 	bool fils_sk_offload;
10331 	u32 auth_type;
10332 	u32 changed = 0;
10333 	int ret;
10334 
10335 	if (!rdev->ops->update_connect_params)
10336 		return -EOPNOTSUPP;
10337 
10338 	if (info->attrs[NL80211_ATTR_IE]) {
10339 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10340 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10341 		changed |= UPDATE_ASSOC_IES;
10342 	}
10343 
10344 	fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
10345 						  NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
10346 
10347 	/*
10348 	 * when driver supports fils-sk offload all attributes must be
10349 	 * provided. So the else covers "fils-sk-not-all" and
10350 	 * "no-fils-sk-any".
10351 	 */
10352 	if (fils_sk_offload &&
10353 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10354 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10355 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10356 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10357 		connect.fils_erp_username =
10358 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10359 		connect.fils_erp_username_len =
10360 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10361 		connect.fils_erp_realm =
10362 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10363 		connect.fils_erp_realm_len =
10364 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10365 		connect.fils_erp_next_seq_num =
10366 			nla_get_u16(
10367 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10368 		connect.fils_erp_rrk =
10369 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10370 		connect.fils_erp_rrk_len =
10371 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10372 		changed |= UPDATE_FILS_ERP_INFO;
10373 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10374 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10375 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10376 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10377 		return -EINVAL;
10378 	}
10379 
10380 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10381 		auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10382 		if (!nl80211_valid_auth_type(rdev, auth_type,
10383 					     NL80211_CMD_CONNECT))
10384 			return -EINVAL;
10385 
10386 		if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
10387 		    fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
10388 			return -EINVAL;
10389 
10390 		connect.auth_type = auth_type;
10391 		changed |= UPDATE_AUTH_TYPE;
10392 	}
10393 
10394 	wdev_lock(dev->ieee80211_ptr);
10395 	if (!wdev->current_bss)
10396 		ret = -ENOLINK;
10397 	else
10398 		ret = rdev_update_connect_params(rdev, dev, &connect, changed);
10399 	wdev_unlock(dev->ieee80211_ptr);
10400 
10401 	return ret;
10402 }
10403 
10404 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
10405 {
10406 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10407 	struct net_device *dev = info->user_ptr[1];
10408 	u16 reason;
10409 	int ret;
10410 
10411 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
10412 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10413 		return -EPERM;
10414 
10415 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
10416 		reason = WLAN_REASON_DEAUTH_LEAVING;
10417 	else
10418 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10419 
10420 	if (reason == 0)
10421 		return -EINVAL;
10422 
10423 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10424 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10425 		return -EOPNOTSUPP;
10426 
10427 	wdev_lock(dev->ieee80211_ptr);
10428 	ret = cfg80211_disconnect(rdev, dev, reason, true);
10429 	wdev_unlock(dev->ieee80211_ptr);
10430 	return ret;
10431 }
10432 
10433 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
10434 {
10435 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10436 	struct net *net;
10437 	int err;
10438 
10439 	if (info->attrs[NL80211_ATTR_PID]) {
10440 		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
10441 
10442 		net = get_net_ns_by_pid(pid);
10443 	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
10444 		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
10445 
10446 		net = get_net_ns_by_fd(fd);
10447 	} else {
10448 		return -EINVAL;
10449 	}
10450 
10451 	if (IS_ERR(net))
10452 		return PTR_ERR(net);
10453 
10454 	err = 0;
10455 
10456 	/* check if anything to do */
10457 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
10458 		err = cfg80211_switch_netns(rdev, net);
10459 
10460 	put_net(net);
10461 	return err;
10462 }
10463 
10464 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
10465 {
10466 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10467 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
10468 			struct cfg80211_pmksa *pmksa) = NULL;
10469 	struct net_device *dev = info->user_ptr[1];
10470 	struct cfg80211_pmksa pmksa;
10471 
10472 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
10473 
10474 	if (!info->attrs[NL80211_ATTR_PMKID])
10475 		return -EINVAL;
10476 
10477 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
10478 
10479 	if (info->attrs[NL80211_ATTR_MAC]) {
10480 		pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10481 	} else if (info->attrs[NL80211_ATTR_SSID] &&
10482 		   info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
10483 		   (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
10484 		    info->attrs[NL80211_ATTR_PMK])) {
10485 		pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10486 		pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10487 		pmksa.cache_id =
10488 			nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
10489 	} else {
10490 		return -EINVAL;
10491 	}
10492 	if (info->attrs[NL80211_ATTR_PMK]) {
10493 		pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
10494 		pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
10495 	}
10496 
10497 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10498 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
10499 	    !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
10500 	      wiphy_ext_feature_isset(&rdev->wiphy,
10501 				      NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
10502 		return -EOPNOTSUPP;
10503 
10504 	switch (info->genlhdr->cmd) {
10505 	case NL80211_CMD_SET_PMKSA:
10506 		rdev_ops = rdev->ops->set_pmksa;
10507 		break;
10508 	case NL80211_CMD_DEL_PMKSA:
10509 		rdev_ops = rdev->ops->del_pmksa;
10510 		break;
10511 	default:
10512 		WARN_ON(1);
10513 		break;
10514 	}
10515 
10516 	if (!rdev_ops)
10517 		return -EOPNOTSUPP;
10518 
10519 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
10520 }
10521 
10522 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
10523 {
10524 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10525 	struct net_device *dev = info->user_ptr[1];
10526 
10527 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10528 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10529 		return -EOPNOTSUPP;
10530 
10531 	if (!rdev->ops->flush_pmksa)
10532 		return -EOPNOTSUPP;
10533 
10534 	return rdev_flush_pmksa(rdev, dev);
10535 }
10536 
10537 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
10538 {
10539 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10540 	struct net_device *dev = info->user_ptr[1];
10541 	u8 action_code, dialog_token;
10542 	u32 peer_capability = 0;
10543 	u16 status_code;
10544 	u8 *peer;
10545 	bool initiator;
10546 
10547 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10548 	    !rdev->ops->tdls_mgmt)
10549 		return -EOPNOTSUPP;
10550 
10551 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
10552 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
10553 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
10554 	    !info->attrs[NL80211_ATTR_IE] ||
10555 	    !info->attrs[NL80211_ATTR_MAC])
10556 		return -EINVAL;
10557 
10558 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10559 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
10560 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
10561 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
10562 	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
10563 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
10564 		peer_capability =
10565 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
10566 
10567 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
10568 			      dialog_token, status_code, peer_capability,
10569 			      initiator,
10570 			      nla_data(info->attrs[NL80211_ATTR_IE]),
10571 			      nla_len(info->attrs[NL80211_ATTR_IE]));
10572 }
10573 
10574 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
10575 {
10576 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10577 	struct net_device *dev = info->user_ptr[1];
10578 	enum nl80211_tdls_operation operation;
10579 	u8 *peer;
10580 
10581 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10582 	    !rdev->ops->tdls_oper)
10583 		return -EOPNOTSUPP;
10584 
10585 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
10586 	    !info->attrs[NL80211_ATTR_MAC])
10587 		return -EINVAL;
10588 
10589 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
10590 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10591 
10592 	return rdev_tdls_oper(rdev, dev, peer, operation);
10593 }
10594 
10595 static int nl80211_remain_on_channel(struct sk_buff *skb,
10596 				     struct genl_info *info)
10597 {
10598 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10599 	struct wireless_dev *wdev = info->user_ptr[1];
10600 	struct cfg80211_chan_def chandef;
10601 	const struct cfg80211_chan_def *compat_chandef;
10602 	struct sk_buff *msg;
10603 	void *hdr;
10604 	u64 cookie;
10605 	u32 duration;
10606 	int err;
10607 
10608 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10609 	    !info->attrs[NL80211_ATTR_DURATION])
10610 		return -EINVAL;
10611 
10612 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10613 
10614 	if (!rdev->ops->remain_on_channel ||
10615 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
10616 		return -EOPNOTSUPP;
10617 
10618 	/*
10619 	 * We should be on that channel for at least a minimum amount of
10620 	 * time (10ms) but no longer than the driver supports.
10621 	 */
10622 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10623 	    duration > rdev->wiphy.max_remain_on_channel_duration)
10624 		return -EINVAL;
10625 
10626 	err = nl80211_parse_chandef(rdev, info, &chandef);
10627 	if (err)
10628 		return err;
10629 
10630 	wdev_lock(wdev);
10631 	if (!cfg80211_off_channel_oper_allowed(wdev) &&
10632 	    !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
10633 		compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
10634 							     &chandef);
10635 		if (compat_chandef != &chandef) {
10636 			wdev_unlock(wdev);
10637 			return -EBUSY;
10638 		}
10639 	}
10640 	wdev_unlock(wdev);
10641 
10642 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10643 	if (!msg)
10644 		return -ENOMEM;
10645 
10646 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10647 			     NL80211_CMD_REMAIN_ON_CHANNEL);
10648 	if (!hdr) {
10649 		err = -ENOBUFS;
10650 		goto free_msg;
10651 	}
10652 
10653 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
10654 				     duration, &cookie);
10655 
10656 	if (err)
10657 		goto free_msg;
10658 
10659 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10660 			      NL80211_ATTR_PAD))
10661 		goto nla_put_failure;
10662 
10663 	genlmsg_end(msg, hdr);
10664 
10665 	return genlmsg_reply(msg, info);
10666 
10667  nla_put_failure:
10668 	err = -ENOBUFS;
10669  free_msg:
10670 	nlmsg_free(msg);
10671 	return err;
10672 }
10673 
10674 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
10675 					    struct genl_info *info)
10676 {
10677 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10678 	struct wireless_dev *wdev = info->user_ptr[1];
10679 	u64 cookie;
10680 
10681 	if (!info->attrs[NL80211_ATTR_COOKIE])
10682 		return -EINVAL;
10683 
10684 	if (!rdev->ops->cancel_remain_on_channel)
10685 		return -EOPNOTSUPP;
10686 
10687 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10688 
10689 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
10690 }
10691 
10692 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
10693 				       struct genl_info *info)
10694 {
10695 	struct cfg80211_bitrate_mask mask;
10696 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10697 	struct net_device *dev = info->user_ptr[1];
10698 	int err;
10699 
10700 	if (!rdev->ops->set_bitrate_mask)
10701 		return -EOPNOTSUPP;
10702 
10703 	err = nl80211_parse_tx_bitrate_mask(info, &mask);
10704 	if (err)
10705 		return err;
10706 
10707 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
10708 }
10709 
10710 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
10711 {
10712 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10713 	struct wireless_dev *wdev = info->user_ptr[1];
10714 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
10715 
10716 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
10717 		return -EINVAL;
10718 
10719 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
10720 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
10721 
10722 	switch (wdev->iftype) {
10723 	case NL80211_IFTYPE_STATION:
10724 	case NL80211_IFTYPE_ADHOC:
10725 	case NL80211_IFTYPE_P2P_CLIENT:
10726 	case NL80211_IFTYPE_AP:
10727 	case NL80211_IFTYPE_AP_VLAN:
10728 	case NL80211_IFTYPE_MESH_POINT:
10729 	case NL80211_IFTYPE_P2P_GO:
10730 	case NL80211_IFTYPE_P2P_DEVICE:
10731 		break;
10732 	case NL80211_IFTYPE_NAN:
10733 	default:
10734 		return -EOPNOTSUPP;
10735 	}
10736 
10737 	/* not much point in registering if we can't reply */
10738 	if (!rdev->ops->mgmt_tx)
10739 		return -EOPNOTSUPP;
10740 
10741 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
10742 					   nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10743 					   nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10744 					   info->extack);
10745 }
10746 
10747 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
10748 {
10749 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10750 	struct wireless_dev *wdev = info->user_ptr[1];
10751 	struct cfg80211_chan_def chandef;
10752 	int err;
10753 	void *hdr = NULL;
10754 	u64 cookie;
10755 	struct sk_buff *msg = NULL;
10756 	struct cfg80211_mgmt_tx_params params = {
10757 		.dont_wait_for_ack =
10758 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
10759 	};
10760 
10761 	if (!info->attrs[NL80211_ATTR_FRAME])
10762 		return -EINVAL;
10763 
10764 	if (!rdev->ops->mgmt_tx)
10765 		return -EOPNOTSUPP;
10766 
10767 	switch (wdev->iftype) {
10768 	case NL80211_IFTYPE_P2P_DEVICE:
10769 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10770 			return -EINVAL;
10771 	case NL80211_IFTYPE_STATION:
10772 	case NL80211_IFTYPE_ADHOC:
10773 	case NL80211_IFTYPE_P2P_CLIENT:
10774 	case NL80211_IFTYPE_AP:
10775 	case NL80211_IFTYPE_AP_VLAN:
10776 	case NL80211_IFTYPE_MESH_POINT:
10777 	case NL80211_IFTYPE_P2P_GO:
10778 		break;
10779 	case NL80211_IFTYPE_NAN:
10780 	default:
10781 		return -EOPNOTSUPP;
10782 	}
10783 
10784 	if (info->attrs[NL80211_ATTR_DURATION]) {
10785 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10786 			return -EINVAL;
10787 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10788 
10789 		/*
10790 		 * We should wait on the channel for at least a minimum amount
10791 		 * of time (10ms) but no longer than the driver supports.
10792 		 */
10793 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10794 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
10795 			return -EINVAL;
10796 	}
10797 
10798 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
10799 
10800 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10801 		return -EINVAL;
10802 
10803 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
10804 
10805 	/* get the channel if any has been specified, otherwise pass NULL to
10806 	 * the driver. The latter will use the current one
10807 	 */
10808 	chandef.chan = NULL;
10809 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10810 		err = nl80211_parse_chandef(rdev, info, &chandef);
10811 		if (err)
10812 			return err;
10813 	}
10814 
10815 	if (!chandef.chan && params.offchan)
10816 		return -EINVAL;
10817 
10818 	wdev_lock(wdev);
10819 	if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
10820 		wdev_unlock(wdev);
10821 		return -EBUSY;
10822 	}
10823 	wdev_unlock(wdev);
10824 
10825 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
10826 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
10827 
10828 	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
10829 		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10830 		int i;
10831 
10832 		if (len % sizeof(u16))
10833 			return -EINVAL;
10834 
10835 		params.n_csa_offsets = len / sizeof(u16);
10836 		params.csa_offsets =
10837 			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10838 
10839 		/* check that all the offsets fit the frame */
10840 		for (i = 0; i < params.n_csa_offsets; i++) {
10841 			if (params.csa_offsets[i] >= params.len)
10842 				return -EINVAL;
10843 		}
10844 	}
10845 
10846 	if (!params.dont_wait_for_ack) {
10847 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10848 		if (!msg)
10849 			return -ENOMEM;
10850 
10851 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10852 				     NL80211_CMD_FRAME);
10853 		if (!hdr) {
10854 			err = -ENOBUFS;
10855 			goto free_msg;
10856 		}
10857 	}
10858 
10859 	params.chan = chandef.chan;
10860 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
10861 	if (err)
10862 		goto free_msg;
10863 
10864 	if (msg) {
10865 		if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10866 				      NL80211_ATTR_PAD))
10867 			goto nla_put_failure;
10868 
10869 		genlmsg_end(msg, hdr);
10870 		return genlmsg_reply(msg, info);
10871 	}
10872 
10873 	return 0;
10874 
10875  nla_put_failure:
10876 	err = -ENOBUFS;
10877  free_msg:
10878 	nlmsg_free(msg);
10879 	return err;
10880 }
10881 
10882 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
10883 {
10884 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10885 	struct wireless_dev *wdev = info->user_ptr[1];
10886 	u64 cookie;
10887 
10888 	if (!info->attrs[NL80211_ATTR_COOKIE])
10889 		return -EINVAL;
10890 
10891 	if (!rdev->ops->mgmt_tx_cancel_wait)
10892 		return -EOPNOTSUPP;
10893 
10894 	switch (wdev->iftype) {
10895 	case NL80211_IFTYPE_STATION:
10896 	case NL80211_IFTYPE_ADHOC:
10897 	case NL80211_IFTYPE_P2P_CLIENT:
10898 	case NL80211_IFTYPE_AP:
10899 	case NL80211_IFTYPE_AP_VLAN:
10900 	case NL80211_IFTYPE_P2P_GO:
10901 	case NL80211_IFTYPE_P2P_DEVICE:
10902 		break;
10903 	case NL80211_IFTYPE_NAN:
10904 	default:
10905 		return -EOPNOTSUPP;
10906 	}
10907 
10908 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10909 
10910 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
10911 }
10912 
10913 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
10914 {
10915 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10916 	struct wireless_dev *wdev;
10917 	struct net_device *dev = info->user_ptr[1];
10918 	u8 ps_state;
10919 	bool state;
10920 	int err;
10921 
10922 	if (!info->attrs[NL80211_ATTR_PS_STATE])
10923 		return -EINVAL;
10924 
10925 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
10926 
10927 	wdev = dev->ieee80211_ptr;
10928 
10929 	if (!rdev->ops->set_power_mgmt)
10930 		return -EOPNOTSUPP;
10931 
10932 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
10933 
10934 	if (state == wdev->ps)
10935 		return 0;
10936 
10937 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
10938 	if (!err)
10939 		wdev->ps = state;
10940 	return err;
10941 }
10942 
10943 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
10944 {
10945 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10946 	enum nl80211_ps_state ps_state;
10947 	struct wireless_dev *wdev;
10948 	struct net_device *dev = info->user_ptr[1];
10949 	struct sk_buff *msg;
10950 	void *hdr;
10951 	int err;
10952 
10953 	wdev = dev->ieee80211_ptr;
10954 
10955 	if (!rdev->ops->set_power_mgmt)
10956 		return -EOPNOTSUPP;
10957 
10958 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10959 	if (!msg)
10960 		return -ENOMEM;
10961 
10962 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10963 			     NL80211_CMD_GET_POWER_SAVE);
10964 	if (!hdr) {
10965 		err = -ENOBUFS;
10966 		goto free_msg;
10967 	}
10968 
10969 	if (wdev->ps)
10970 		ps_state = NL80211_PS_ENABLED;
10971 	else
10972 		ps_state = NL80211_PS_DISABLED;
10973 
10974 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
10975 		goto nla_put_failure;
10976 
10977 	genlmsg_end(msg, hdr);
10978 	return genlmsg_reply(msg, info);
10979 
10980  nla_put_failure:
10981 	err = -ENOBUFS;
10982  free_msg:
10983 	nlmsg_free(msg);
10984 	return err;
10985 }
10986 
10987 static const struct nla_policy
10988 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
10989 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
10990 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
10991 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
10992 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
10993 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
10994 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
10995 	[NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
10996 };
10997 
10998 static int nl80211_set_cqm_txe(struct genl_info *info,
10999 			       u32 rate, u32 pkts, u32 intvl)
11000 {
11001 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11002 	struct net_device *dev = info->user_ptr[1];
11003 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11004 
11005 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
11006 		return -EINVAL;
11007 
11008 	if (!rdev->ops->set_cqm_txe_config)
11009 		return -EOPNOTSUPP;
11010 
11011 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
11012 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11013 		return -EOPNOTSUPP;
11014 
11015 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
11016 }
11017 
11018 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
11019 				    struct net_device *dev)
11020 {
11021 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11022 	s32 last, low, high;
11023 	u32 hyst;
11024 	int i, n, low_index;
11025 	int err;
11026 
11027 	/* RSSI reporting disabled? */
11028 	if (!wdev->cqm_config)
11029 		return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
11030 
11031 	/*
11032 	 * Obtain current RSSI value if possible, if not and no RSSI threshold
11033 	 * event has been received yet, we should receive an event after a
11034 	 * connection is established and enough beacons received to calculate
11035 	 * the average.
11036 	 */
11037 	if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
11038 	    rdev->ops->get_station) {
11039 		struct station_info sinfo = {};
11040 		u8 *mac_addr;
11041 
11042 		mac_addr = wdev->current_bss->pub.bssid;
11043 
11044 		err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
11045 		if (err)
11046 			return err;
11047 
11048 		cfg80211_sinfo_release_content(&sinfo);
11049 		if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
11050 			wdev->cqm_config->last_rssi_event_value =
11051 				(s8) sinfo.rx_beacon_signal_avg;
11052 	}
11053 
11054 	last = wdev->cqm_config->last_rssi_event_value;
11055 	hyst = wdev->cqm_config->rssi_hyst;
11056 	n = wdev->cqm_config->n_rssi_thresholds;
11057 
11058 	for (i = 0; i < n; i++) {
11059 		i = array_index_nospec(i, n);
11060 		if (last < wdev->cqm_config->rssi_thresholds[i])
11061 			break;
11062 	}
11063 
11064 	low_index = i - 1;
11065 	if (low_index >= 0) {
11066 		low_index = array_index_nospec(low_index, n);
11067 		low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
11068 	} else {
11069 		low = S32_MIN;
11070 	}
11071 	if (i < n) {
11072 		i = array_index_nospec(i, n);
11073 		high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
11074 	} else {
11075 		high = S32_MAX;
11076 	}
11077 
11078 	return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
11079 }
11080 
11081 static int nl80211_set_cqm_rssi(struct genl_info *info,
11082 				const s32 *thresholds, int n_thresholds,
11083 				u32 hysteresis)
11084 {
11085 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11086 	struct net_device *dev = info->user_ptr[1];
11087 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11088 	int i, err;
11089 	s32 prev = S32_MIN;
11090 
11091 	/* Check all values negative and sorted */
11092 	for (i = 0; i < n_thresholds; i++) {
11093 		if (thresholds[i] > 0 || thresholds[i] <= prev)
11094 			return -EINVAL;
11095 
11096 		prev = thresholds[i];
11097 	}
11098 
11099 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
11100 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11101 		return -EOPNOTSUPP;
11102 
11103 	wdev_lock(wdev);
11104 	cfg80211_cqm_config_free(wdev);
11105 	wdev_unlock(wdev);
11106 
11107 	if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
11108 		if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
11109 			return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
11110 
11111 		return rdev_set_cqm_rssi_config(rdev, dev,
11112 						thresholds[0], hysteresis);
11113 	}
11114 
11115 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
11116 				     NL80211_EXT_FEATURE_CQM_RSSI_LIST))
11117 		return -EOPNOTSUPP;
11118 
11119 	if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
11120 		n_thresholds = 0;
11121 
11122 	wdev_lock(wdev);
11123 	if (n_thresholds) {
11124 		struct cfg80211_cqm_config *cqm_config;
11125 
11126 		cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
11127 				     n_thresholds * sizeof(s32), GFP_KERNEL);
11128 		if (!cqm_config) {
11129 			err = -ENOMEM;
11130 			goto unlock;
11131 		}
11132 
11133 		cqm_config->rssi_hyst = hysteresis;
11134 		cqm_config->n_rssi_thresholds = n_thresholds;
11135 		memcpy(cqm_config->rssi_thresholds, thresholds,
11136 		       n_thresholds * sizeof(s32));
11137 
11138 		wdev->cqm_config = cqm_config;
11139 	}
11140 
11141 	err = cfg80211_cqm_rssi_update(rdev, dev);
11142 
11143 unlock:
11144 	wdev_unlock(wdev);
11145 
11146 	return err;
11147 }
11148 
11149 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
11150 {
11151 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
11152 	struct nlattr *cqm;
11153 	int err;
11154 
11155 	cqm = info->attrs[NL80211_ATTR_CQM];
11156 	if (!cqm)
11157 		return -EINVAL;
11158 
11159 	err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
11160 					  nl80211_attr_cqm_policy,
11161 					  info->extack);
11162 	if (err)
11163 		return err;
11164 
11165 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
11166 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
11167 		const s32 *thresholds =
11168 			nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11169 		int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11170 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
11171 
11172 		if (len % 4)
11173 			return -EINVAL;
11174 
11175 		return nl80211_set_cqm_rssi(info, thresholds, len / 4,
11176 					    hysteresis);
11177 	}
11178 
11179 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
11180 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
11181 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
11182 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
11183 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
11184 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
11185 
11186 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
11187 	}
11188 
11189 	return -EINVAL;
11190 }
11191 
11192 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
11193 {
11194 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11195 	struct net_device *dev = info->user_ptr[1];
11196 	struct ocb_setup setup = {};
11197 	int err;
11198 
11199 	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11200 	if (err)
11201 		return err;
11202 
11203 	return cfg80211_join_ocb(rdev, dev, &setup);
11204 }
11205 
11206 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
11207 {
11208 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11209 	struct net_device *dev = info->user_ptr[1];
11210 
11211 	return cfg80211_leave_ocb(rdev, dev);
11212 }
11213 
11214 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
11215 {
11216 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11217 	struct net_device *dev = info->user_ptr[1];
11218 	struct mesh_config cfg;
11219 	struct mesh_setup setup;
11220 	int err;
11221 
11222 	/* start with default */
11223 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
11224 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
11225 
11226 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
11227 		/* and parse parameters if given */
11228 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
11229 		if (err)
11230 			return err;
11231 	}
11232 
11233 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
11234 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
11235 		return -EINVAL;
11236 
11237 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
11238 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
11239 
11240 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11241 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
11242 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11243 			return -EINVAL;
11244 
11245 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
11246 		setup.beacon_interval =
11247 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11248 
11249 		err = cfg80211_validate_beacon_int(rdev,
11250 						   NL80211_IFTYPE_MESH_POINT,
11251 						   setup.beacon_interval);
11252 		if (err)
11253 			return err;
11254 	}
11255 
11256 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
11257 		setup.dtim_period =
11258 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
11259 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
11260 			return -EINVAL;
11261 	}
11262 
11263 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
11264 		/* parse additional setup parameters if given */
11265 		err = nl80211_parse_mesh_setup(info, &setup);
11266 		if (err)
11267 			return err;
11268 	}
11269 
11270 	if (setup.user_mpm)
11271 		cfg.auto_open_plinks = false;
11272 
11273 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11274 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11275 		if (err)
11276 			return err;
11277 	} else {
11278 		/* __cfg80211_join_mesh() will sort it out */
11279 		setup.chandef.chan = NULL;
11280 	}
11281 
11282 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11283 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11284 		int n_rates =
11285 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11286 		struct ieee80211_supported_band *sband;
11287 
11288 		if (!setup.chandef.chan)
11289 			return -EINVAL;
11290 
11291 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
11292 
11293 		err = ieee80211_get_ratemask(sband, rates, n_rates,
11294 					     &setup.basic_rates);
11295 		if (err)
11296 			return err;
11297 	}
11298 
11299 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
11300 		err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
11301 		if (err)
11302 			return err;
11303 
11304 		if (!setup.chandef.chan)
11305 			return -EINVAL;
11306 
11307 		err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
11308 					      &setup.beacon_rate);
11309 		if (err)
11310 			return err;
11311 	}
11312 
11313 	setup.userspace_handles_dfs =
11314 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11315 
11316 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11317 		int r = validate_pae_over_nl80211(rdev, info);
11318 
11319 		if (r < 0)
11320 			return r;
11321 
11322 		setup.control_port_over_nl80211 = true;
11323 	}
11324 
11325 	wdev_lock(dev->ieee80211_ptr);
11326 	err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
11327 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
11328 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11329 	wdev_unlock(dev->ieee80211_ptr);
11330 
11331 	return err;
11332 }
11333 
11334 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
11335 {
11336 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11337 	struct net_device *dev = info->user_ptr[1];
11338 
11339 	return cfg80211_leave_mesh(rdev, dev);
11340 }
11341 
11342 #ifdef CONFIG_PM
11343 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
11344 					struct cfg80211_registered_device *rdev)
11345 {
11346 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
11347 	struct nlattr *nl_pats, *nl_pat;
11348 	int i, pat_len;
11349 
11350 	if (!wowlan->n_patterns)
11351 		return 0;
11352 
11353 	nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
11354 	if (!nl_pats)
11355 		return -ENOBUFS;
11356 
11357 	for (i = 0; i < wowlan->n_patterns; i++) {
11358 		nl_pat = nla_nest_start_noflag(msg, i + 1);
11359 		if (!nl_pat)
11360 			return -ENOBUFS;
11361 		pat_len = wowlan->patterns[i].pattern_len;
11362 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
11363 			    wowlan->patterns[i].mask) ||
11364 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11365 			    wowlan->patterns[i].pattern) ||
11366 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11367 				wowlan->patterns[i].pkt_offset))
11368 			return -ENOBUFS;
11369 		nla_nest_end(msg, nl_pat);
11370 	}
11371 	nla_nest_end(msg, nl_pats);
11372 
11373 	return 0;
11374 }
11375 
11376 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
11377 				   struct cfg80211_wowlan_tcp *tcp)
11378 {
11379 	struct nlattr *nl_tcp;
11380 
11381 	if (!tcp)
11382 		return 0;
11383 
11384 	nl_tcp = nla_nest_start_noflag(msg,
11385 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
11386 	if (!nl_tcp)
11387 		return -ENOBUFS;
11388 
11389 	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
11390 	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
11391 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
11392 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
11393 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
11394 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
11395 		    tcp->payload_len, tcp->payload) ||
11396 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
11397 			tcp->data_interval) ||
11398 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
11399 		    tcp->wake_len, tcp->wake_data) ||
11400 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
11401 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
11402 		return -ENOBUFS;
11403 
11404 	if (tcp->payload_seq.len &&
11405 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
11406 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
11407 		return -ENOBUFS;
11408 
11409 	if (tcp->payload_tok.len &&
11410 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
11411 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
11412 		    &tcp->payload_tok))
11413 		return -ENOBUFS;
11414 
11415 	nla_nest_end(msg, nl_tcp);
11416 
11417 	return 0;
11418 }
11419 
11420 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
11421 				  struct cfg80211_sched_scan_request *req)
11422 {
11423 	struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
11424 	int i;
11425 
11426 	if (!req)
11427 		return 0;
11428 
11429 	nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
11430 	if (!nd)
11431 		return -ENOBUFS;
11432 
11433 	if (req->n_scan_plans == 1 &&
11434 	    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
11435 			req->scan_plans[0].interval * 1000))
11436 		return -ENOBUFS;
11437 
11438 	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
11439 		return -ENOBUFS;
11440 
11441 	if (req->relative_rssi_set) {
11442 		struct nl80211_bss_select_rssi_adjust rssi_adjust;
11443 
11444 		if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
11445 			       req->relative_rssi))
11446 			return -ENOBUFS;
11447 
11448 		rssi_adjust.band = req->rssi_adjust.band;
11449 		rssi_adjust.delta = req->rssi_adjust.delta;
11450 		if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
11451 			    sizeof(rssi_adjust), &rssi_adjust))
11452 			return -ENOBUFS;
11453 	}
11454 
11455 	freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11456 	if (!freqs)
11457 		return -ENOBUFS;
11458 
11459 	for (i = 0; i < req->n_channels; i++) {
11460 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11461 			return -ENOBUFS;
11462 	}
11463 
11464 	nla_nest_end(msg, freqs);
11465 
11466 	if (req->n_match_sets) {
11467 		matches = nla_nest_start_noflag(msg,
11468 						NL80211_ATTR_SCHED_SCAN_MATCH);
11469 		if (!matches)
11470 			return -ENOBUFS;
11471 
11472 		for (i = 0; i < req->n_match_sets; i++) {
11473 			match = nla_nest_start_noflag(msg, i);
11474 			if (!match)
11475 				return -ENOBUFS;
11476 
11477 			if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
11478 				    req->match_sets[i].ssid.ssid_len,
11479 				    req->match_sets[i].ssid.ssid))
11480 				return -ENOBUFS;
11481 			nla_nest_end(msg, match);
11482 		}
11483 		nla_nest_end(msg, matches);
11484 	}
11485 
11486 	scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
11487 	if (!scan_plans)
11488 		return -ENOBUFS;
11489 
11490 	for (i = 0; i < req->n_scan_plans; i++) {
11491 		scan_plan = nla_nest_start_noflag(msg, i + 1);
11492 		if (!scan_plan)
11493 			return -ENOBUFS;
11494 
11495 		if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
11496 				req->scan_plans[i].interval) ||
11497 		    (req->scan_plans[i].iterations &&
11498 		     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
11499 				 req->scan_plans[i].iterations)))
11500 			return -ENOBUFS;
11501 		nla_nest_end(msg, scan_plan);
11502 	}
11503 	nla_nest_end(msg, scan_plans);
11504 
11505 	nla_nest_end(msg, nd);
11506 
11507 	return 0;
11508 }
11509 
11510 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
11511 {
11512 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11513 	struct sk_buff *msg;
11514 	void *hdr;
11515 	u32 size = NLMSG_DEFAULT_SIZE;
11516 
11517 	if (!rdev->wiphy.wowlan)
11518 		return -EOPNOTSUPP;
11519 
11520 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
11521 		/* adjust size to have room for all the data */
11522 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
11523 			rdev->wiphy.wowlan_config->tcp->payload_len +
11524 			rdev->wiphy.wowlan_config->tcp->wake_len +
11525 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
11526 	}
11527 
11528 	msg = nlmsg_new(size, GFP_KERNEL);
11529 	if (!msg)
11530 		return -ENOMEM;
11531 
11532 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11533 			     NL80211_CMD_GET_WOWLAN);
11534 	if (!hdr)
11535 		goto nla_put_failure;
11536 
11537 	if (rdev->wiphy.wowlan_config) {
11538 		struct nlattr *nl_wowlan;
11539 
11540 		nl_wowlan = nla_nest_start_noflag(msg,
11541 						  NL80211_ATTR_WOWLAN_TRIGGERS);
11542 		if (!nl_wowlan)
11543 			goto nla_put_failure;
11544 
11545 		if ((rdev->wiphy.wowlan_config->any &&
11546 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
11547 		    (rdev->wiphy.wowlan_config->disconnect &&
11548 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
11549 		    (rdev->wiphy.wowlan_config->magic_pkt &&
11550 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
11551 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
11552 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
11553 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
11554 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
11555 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
11556 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
11557 		    (rdev->wiphy.wowlan_config->rfkill_release &&
11558 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
11559 			goto nla_put_failure;
11560 
11561 		if (nl80211_send_wowlan_patterns(msg, rdev))
11562 			goto nla_put_failure;
11563 
11564 		if (nl80211_send_wowlan_tcp(msg,
11565 					    rdev->wiphy.wowlan_config->tcp))
11566 			goto nla_put_failure;
11567 
11568 		if (nl80211_send_wowlan_nd(
11569 			    msg,
11570 			    rdev->wiphy.wowlan_config->nd_config))
11571 			goto nla_put_failure;
11572 
11573 		nla_nest_end(msg, nl_wowlan);
11574 	}
11575 
11576 	genlmsg_end(msg, hdr);
11577 	return genlmsg_reply(msg, info);
11578 
11579 nla_put_failure:
11580 	nlmsg_free(msg);
11581 	return -ENOBUFS;
11582 }
11583 
11584 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
11585 				    struct nlattr *attr,
11586 				    struct cfg80211_wowlan *trig)
11587 {
11588 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
11589 	struct cfg80211_wowlan_tcp *cfg;
11590 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
11591 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
11592 	u32 size;
11593 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
11594 	int err, port;
11595 
11596 	if (!rdev->wiphy.wowlan->tcp)
11597 		return -EINVAL;
11598 
11599 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
11600 					  nl80211_wowlan_tcp_policy, NULL);
11601 	if (err)
11602 		return err;
11603 
11604 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
11605 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
11606 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
11607 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
11608 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
11609 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
11610 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
11611 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
11612 		return -EINVAL;
11613 
11614 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
11615 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
11616 		return -EINVAL;
11617 
11618 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
11619 			rdev->wiphy.wowlan->tcp->data_interval_max ||
11620 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
11621 		return -EINVAL;
11622 
11623 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
11624 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
11625 		return -EINVAL;
11626 
11627 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
11628 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
11629 		return -EINVAL;
11630 
11631 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
11632 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11633 
11634 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11635 		tokens_size = tokln - sizeof(*tok);
11636 
11637 		if (!tok->len || tokens_size % tok->len)
11638 			return -EINVAL;
11639 		if (!rdev->wiphy.wowlan->tcp->tok)
11640 			return -EINVAL;
11641 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
11642 			return -EINVAL;
11643 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
11644 			return -EINVAL;
11645 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
11646 			return -EINVAL;
11647 		if (tok->offset + tok->len > data_size)
11648 			return -EINVAL;
11649 	}
11650 
11651 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
11652 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
11653 		if (!rdev->wiphy.wowlan->tcp->seq)
11654 			return -EINVAL;
11655 		if (seq->len == 0 || seq->len > 4)
11656 			return -EINVAL;
11657 		if (seq->len + seq->offset > data_size)
11658 			return -EINVAL;
11659 	}
11660 
11661 	size = sizeof(*cfg);
11662 	size += data_size;
11663 	size += wake_size + wake_mask_size;
11664 	size += tokens_size;
11665 
11666 	cfg = kzalloc(size, GFP_KERNEL);
11667 	if (!cfg)
11668 		return -ENOMEM;
11669 	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
11670 	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
11671 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
11672 	       ETH_ALEN);
11673 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
11674 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
11675 	else
11676 		port = 0;
11677 #ifdef CONFIG_INET
11678 	/* allocate a socket and port for it and use it */
11679 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
11680 			    IPPROTO_TCP, &cfg->sock, 1);
11681 	if (err) {
11682 		kfree(cfg);
11683 		return err;
11684 	}
11685 	if (inet_csk_get_port(cfg->sock->sk, port)) {
11686 		sock_release(cfg->sock);
11687 		kfree(cfg);
11688 		return -EADDRINUSE;
11689 	}
11690 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
11691 #else
11692 	if (!port) {
11693 		kfree(cfg);
11694 		return -EINVAL;
11695 	}
11696 	cfg->src_port = port;
11697 #endif
11698 
11699 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
11700 	cfg->payload_len = data_size;
11701 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
11702 	memcpy((void *)cfg->payload,
11703 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
11704 	       data_size);
11705 	if (seq)
11706 		cfg->payload_seq = *seq;
11707 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
11708 	cfg->wake_len = wake_size;
11709 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
11710 	memcpy((void *)cfg->wake_data,
11711 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
11712 	       wake_size);
11713 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
11714 			 data_size + wake_size;
11715 	memcpy((void *)cfg->wake_mask,
11716 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
11717 	       wake_mask_size);
11718 	if (tok) {
11719 		cfg->tokens_size = tokens_size;
11720 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
11721 	}
11722 
11723 	trig->tcp = cfg;
11724 
11725 	return 0;
11726 }
11727 
11728 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
11729 				   const struct wiphy_wowlan_support *wowlan,
11730 				   struct nlattr *attr,
11731 				   struct cfg80211_wowlan *trig)
11732 {
11733 	struct nlattr **tb;
11734 	int err;
11735 
11736 	tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
11737 	if (!tb)
11738 		return -ENOMEM;
11739 
11740 	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
11741 		err = -EOPNOTSUPP;
11742 		goto out;
11743 	}
11744 
11745 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
11746 					  nl80211_policy, NULL);
11747 	if (err)
11748 		goto out;
11749 
11750 	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
11751 						   wowlan->max_nd_match_sets);
11752 	err = PTR_ERR_OR_ZERO(trig->nd_config);
11753 	if (err)
11754 		trig->nd_config = NULL;
11755 
11756 out:
11757 	kfree(tb);
11758 	return err;
11759 }
11760 
11761 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
11762 {
11763 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11764 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
11765 	struct cfg80211_wowlan new_triggers = {};
11766 	struct cfg80211_wowlan *ntrig;
11767 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
11768 	int err, i;
11769 	bool prev_enabled = rdev->wiphy.wowlan_config;
11770 	bool regular = false;
11771 
11772 	if (!wowlan)
11773 		return -EOPNOTSUPP;
11774 
11775 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
11776 		cfg80211_rdev_free_wowlan(rdev);
11777 		rdev->wiphy.wowlan_config = NULL;
11778 		goto set_wakeup;
11779 	}
11780 
11781 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
11782 					  info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
11783 					  nl80211_wowlan_policy, info->extack);
11784 	if (err)
11785 		return err;
11786 
11787 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
11788 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
11789 			return -EINVAL;
11790 		new_triggers.any = true;
11791 	}
11792 
11793 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
11794 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
11795 			return -EINVAL;
11796 		new_triggers.disconnect = true;
11797 		regular = true;
11798 	}
11799 
11800 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
11801 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
11802 			return -EINVAL;
11803 		new_triggers.magic_pkt = true;
11804 		regular = true;
11805 	}
11806 
11807 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
11808 		return -EINVAL;
11809 
11810 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
11811 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
11812 			return -EINVAL;
11813 		new_triggers.gtk_rekey_failure = true;
11814 		regular = true;
11815 	}
11816 
11817 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
11818 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
11819 			return -EINVAL;
11820 		new_triggers.eap_identity_req = true;
11821 		regular = true;
11822 	}
11823 
11824 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
11825 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
11826 			return -EINVAL;
11827 		new_triggers.four_way_handshake = true;
11828 		regular = true;
11829 	}
11830 
11831 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
11832 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
11833 			return -EINVAL;
11834 		new_triggers.rfkill_release = true;
11835 		regular = true;
11836 	}
11837 
11838 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
11839 		struct nlattr *pat;
11840 		int n_patterns = 0;
11841 		int rem, pat_len, mask_len, pkt_offset;
11842 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11843 
11844 		regular = true;
11845 
11846 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11847 				    rem)
11848 			n_patterns++;
11849 		if (n_patterns > wowlan->n_patterns)
11850 			return -EINVAL;
11851 
11852 		new_triggers.patterns = kcalloc(n_patterns,
11853 						sizeof(new_triggers.patterns[0]),
11854 						GFP_KERNEL);
11855 		if (!new_triggers.patterns)
11856 			return -ENOMEM;
11857 
11858 		new_triggers.n_patterns = n_patterns;
11859 		i = 0;
11860 
11861 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11862 				    rem) {
11863 			u8 *mask_pat;
11864 
11865 			err = nla_parse_nested_deprecated(pat_tb,
11866 							  MAX_NL80211_PKTPAT,
11867 							  pat,
11868 							  nl80211_packet_pattern_policy,
11869 							  info->extack);
11870 			if (err)
11871 				goto error;
11872 
11873 			err = -EINVAL;
11874 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
11875 			    !pat_tb[NL80211_PKTPAT_PATTERN])
11876 				goto error;
11877 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11878 			mask_len = DIV_ROUND_UP(pat_len, 8);
11879 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11880 				goto error;
11881 			if (pat_len > wowlan->pattern_max_len ||
11882 			    pat_len < wowlan->pattern_min_len)
11883 				goto error;
11884 
11885 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
11886 				pkt_offset = 0;
11887 			else
11888 				pkt_offset = nla_get_u32(
11889 					pat_tb[NL80211_PKTPAT_OFFSET]);
11890 			if (pkt_offset > wowlan->max_pkt_offset)
11891 				goto error;
11892 			new_triggers.patterns[i].pkt_offset = pkt_offset;
11893 
11894 			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11895 			if (!mask_pat) {
11896 				err = -ENOMEM;
11897 				goto error;
11898 			}
11899 			new_triggers.patterns[i].mask = mask_pat;
11900 			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11901 			       mask_len);
11902 			mask_pat += mask_len;
11903 			new_triggers.patterns[i].pattern = mask_pat;
11904 			new_triggers.patterns[i].pattern_len = pat_len;
11905 			memcpy(mask_pat,
11906 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11907 			       pat_len);
11908 			i++;
11909 		}
11910 	}
11911 
11912 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
11913 		regular = true;
11914 		err = nl80211_parse_wowlan_tcp(
11915 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
11916 			&new_triggers);
11917 		if (err)
11918 			goto error;
11919 	}
11920 
11921 	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
11922 		regular = true;
11923 		err = nl80211_parse_wowlan_nd(
11924 			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
11925 			&new_triggers);
11926 		if (err)
11927 			goto error;
11928 	}
11929 
11930 	/* The 'any' trigger means the device continues operating more or less
11931 	 * as in its normal operation mode and wakes up the host on most of the
11932 	 * normal interrupts (like packet RX, ...)
11933 	 * It therefore makes little sense to combine with the more constrained
11934 	 * wakeup trigger modes.
11935 	 */
11936 	if (new_triggers.any && regular) {
11937 		err = -EINVAL;
11938 		goto error;
11939 	}
11940 
11941 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
11942 	if (!ntrig) {
11943 		err = -ENOMEM;
11944 		goto error;
11945 	}
11946 	cfg80211_rdev_free_wowlan(rdev);
11947 	rdev->wiphy.wowlan_config = ntrig;
11948 
11949  set_wakeup:
11950 	if (rdev->ops->set_wakeup &&
11951 	    prev_enabled != !!rdev->wiphy.wowlan_config)
11952 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
11953 
11954 	return 0;
11955  error:
11956 	for (i = 0; i < new_triggers.n_patterns; i++)
11957 		kfree(new_triggers.patterns[i].mask);
11958 	kfree(new_triggers.patterns);
11959 	if (new_triggers.tcp && new_triggers.tcp->sock)
11960 		sock_release(new_triggers.tcp->sock);
11961 	kfree(new_triggers.tcp);
11962 	kfree(new_triggers.nd_config);
11963 	return err;
11964 }
11965 #endif
11966 
11967 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
11968 				       struct cfg80211_registered_device *rdev)
11969 {
11970 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
11971 	int i, j, pat_len;
11972 	struct cfg80211_coalesce_rules *rule;
11973 
11974 	if (!rdev->coalesce->n_rules)
11975 		return 0;
11976 
11977 	nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
11978 	if (!nl_rules)
11979 		return -ENOBUFS;
11980 
11981 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
11982 		nl_rule = nla_nest_start_noflag(msg, i + 1);
11983 		if (!nl_rule)
11984 			return -ENOBUFS;
11985 
11986 		rule = &rdev->coalesce->rules[i];
11987 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
11988 				rule->delay))
11989 			return -ENOBUFS;
11990 
11991 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
11992 				rule->condition))
11993 			return -ENOBUFS;
11994 
11995 		nl_pats = nla_nest_start_noflag(msg,
11996 						NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
11997 		if (!nl_pats)
11998 			return -ENOBUFS;
11999 
12000 		for (j = 0; j < rule->n_patterns; j++) {
12001 			nl_pat = nla_nest_start_noflag(msg, j + 1);
12002 			if (!nl_pat)
12003 				return -ENOBUFS;
12004 			pat_len = rule->patterns[j].pattern_len;
12005 			if (nla_put(msg, NL80211_PKTPAT_MASK,
12006 				    DIV_ROUND_UP(pat_len, 8),
12007 				    rule->patterns[j].mask) ||
12008 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
12009 				    rule->patterns[j].pattern) ||
12010 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
12011 					rule->patterns[j].pkt_offset))
12012 				return -ENOBUFS;
12013 			nla_nest_end(msg, nl_pat);
12014 		}
12015 		nla_nest_end(msg, nl_pats);
12016 		nla_nest_end(msg, nl_rule);
12017 	}
12018 	nla_nest_end(msg, nl_rules);
12019 
12020 	return 0;
12021 }
12022 
12023 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
12024 {
12025 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12026 	struct sk_buff *msg;
12027 	void *hdr;
12028 
12029 	if (!rdev->wiphy.coalesce)
12030 		return -EOPNOTSUPP;
12031 
12032 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12033 	if (!msg)
12034 		return -ENOMEM;
12035 
12036 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12037 			     NL80211_CMD_GET_COALESCE);
12038 	if (!hdr)
12039 		goto nla_put_failure;
12040 
12041 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
12042 		goto nla_put_failure;
12043 
12044 	genlmsg_end(msg, hdr);
12045 	return genlmsg_reply(msg, info);
12046 
12047 nla_put_failure:
12048 	nlmsg_free(msg);
12049 	return -ENOBUFS;
12050 }
12051 
12052 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
12053 {
12054 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
12055 	int i, j;
12056 	struct cfg80211_coalesce_rules *rule;
12057 
12058 	if (!coalesce)
12059 		return;
12060 
12061 	for (i = 0; i < coalesce->n_rules; i++) {
12062 		rule = &coalesce->rules[i];
12063 		for (j = 0; j < rule->n_patterns; j++)
12064 			kfree(rule->patterns[j].mask);
12065 		kfree(rule->patterns);
12066 	}
12067 	kfree(coalesce->rules);
12068 	kfree(coalesce);
12069 	rdev->coalesce = NULL;
12070 }
12071 
12072 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
12073 				       struct nlattr *rule,
12074 				       struct cfg80211_coalesce_rules *new_rule)
12075 {
12076 	int err, i;
12077 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12078 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
12079 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
12080 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
12081 
12082 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
12083 					  rule, nl80211_coalesce_policy, NULL);
12084 	if (err)
12085 		return err;
12086 
12087 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
12088 		new_rule->delay =
12089 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
12090 	if (new_rule->delay > coalesce->max_delay)
12091 		return -EINVAL;
12092 
12093 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
12094 		new_rule->condition =
12095 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
12096 
12097 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
12098 		return -EINVAL;
12099 
12100 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12101 			    rem)
12102 		n_patterns++;
12103 	if (n_patterns > coalesce->n_patterns)
12104 		return -EINVAL;
12105 
12106 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
12107 				     GFP_KERNEL);
12108 	if (!new_rule->patterns)
12109 		return -ENOMEM;
12110 
12111 	new_rule->n_patterns = n_patterns;
12112 	i = 0;
12113 
12114 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12115 			    rem) {
12116 		u8 *mask_pat;
12117 
12118 		err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
12119 						  pat,
12120 						  nl80211_packet_pattern_policy,
12121 						  NULL);
12122 		if (err)
12123 			return err;
12124 
12125 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
12126 		    !pat_tb[NL80211_PKTPAT_PATTERN])
12127 			return -EINVAL;
12128 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
12129 		mask_len = DIV_ROUND_UP(pat_len, 8);
12130 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
12131 			return -EINVAL;
12132 		if (pat_len > coalesce->pattern_max_len ||
12133 		    pat_len < coalesce->pattern_min_len)
12134 			return -EINVAL;
12135 
12136 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
12137 			pkt_offset = 0;
12138 		else
12139 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
12140 		if (pkt_offset > coalesce->max_pkt_offset)
12141 			return -EINVAL;
12142 		new_rule->patterns[i].pkt_offset = pkt_offset;
12143 
12144 		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12145 		if (!mask_pat)
12146 			return -ENOMEM;
12147 
12148 		new_rule->patterns[i].mask = mask_pat;
12149 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12150 		       mask_len);
12151 
12152 		mask_pat += mask_len;
12153 		new_rule->patterns[i].pattern = mask_pat;
12154 		new_rule->patterns[i].pattern_len = pat_len;
12155 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12156 		       pat_len);
12157 		i++;
12158 	}
12159 
12160 	return 0;
12161 }
12162 
12163 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
12164 {
12165 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12166 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12167 	struct cfg80211_coalesce new_coalesce = {};
12168 	struct cfg80211_coalesce *n_coalesce;
12169 	int err, rem_rule, n_rules = 0, i, j;
12170 	struct nlattr *rule;
12171 	struct cfg80211_coalesce_rules *tmp_rule;
12172 
12173 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
12174 		return -EOPNOTSUPP;
12175 
12176 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
12177 		cfg80211_rdev_free_coalesce(rdev);
12178 		rdev_set_coalesce(rdev, NULL);
12179 		return 0;
12180 	}
12181 
12182 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12183 			    rem_rule)
12184 		n_rules++;
12185 	if (n_rules > coalesce->n_rules)
12186 		return -EINVAL;
12187 
12188 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
12189 				     GFP_KERNEL);
12190 	if (!new_coalesce.rules)
12191 		return -ENOMEM;
12192 
12193 	new_coalesce.n_rules = n_rules;
12194 	i = 0;
12195 
12196 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12197 			    rem_rule) {
12198 		err = nl80211_parse_coalesce_rule(rdev, rule,
12199 						  &new_coalesce.rules[i]);
12200 		if (err)
12201 			goto error;
12202 
12203 		i++;
12204 	}
12205 
12206 	err = rdev_set_coalesce(rdev, &new_coalesce);
12207 	if (err)
12208 		goto error;
12209 
12210 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
12211 	if (!n_coalesce) {
12212 		err = -ENOMEM;
12213 		goto error;
12214 	}
12215 	cfg80211_rdev_free_coalesce(rdev);
12216 	rdev->coalesce = n_coalesce;
12217 
12218 	return 0;
12219 error:
12220 	for (i = 0; i < new_coalesce.n_rules; i++) {
12221 		tmp_rule = &new_coalesce.rules[i];
12222 		for (j = 0; j < tmp_rule->n_patterns; j++)
12223 			kfree(tmp_rule->patterns[j].mask);
12224 		kfree(tmp_rule->patterns);
12225 	}
12226 	kfree(new_coalesce.rules);
12227 
12228 	return err;
12229 }
12230 
12231 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
12232 {
12233 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12234 	struct net_device *dev = info->user_ptr[1];
12235 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12236 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
12237 	struct cfg80211_gtk_rekey_data rekey_data;
12238 	int err;
12239 
12240 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
12241 		return -EINVAL;
12242 
12243 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
12244 					  info->attrs[NL80211_ATTR_REKEY_DATA],
12245 					  nl80211_rekey_policy, info->extack);
12246 	if (err)
12247 		return err;
12248 
12249 	if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
12250 	    !tb[NL80211_REKEY_DATA_KCK])
12251 		return -EINVAL;
12252 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
12253 		return -ERANGE;
12254 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
12255 		return -ERANGE;
12256 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
12257 		return -ERANGE;
12258 
12259 	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
12260 	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
12261 	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
12262 
12263 	wdev_lock(wdev);
12264 	if (!wdev->current_bss) {
12265 		err = -ENOTCONN;
12266 		goto out;
12267 	}
12268 
12269 	if (!rdev->ops->set_rekey_data) {
12270 		err = -EOPNOTSUPP;
12271 		goto out;
12272 	}
12273 
12274 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
12275  out:
12276 	wdev_unlock(wdev);
12277 	return err;
12278 }
12279 
12280 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
12281 					     struct genl_info *info)
12282 {
12283 	struct net_device *dev = info->user_ptr[1];
12284 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12285 
12286 	if (wdev->iftype != NL80211_IFTYPE_AP &&
12287 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
12288 		return -EINVAL;
12289 
12290 	if (wdev->ap_unexpected_nlportid)
12291 		return -EBUSY;
12292 
12293 	wdev->ap_unexpected_nlportid = info->snd_portid;
12294 	return 0;
12295 }
12296 
12297 static int nl80211_probe_client(struct sk_buff *skb,
12298 				struct genl_info *info)
12299 {
12300 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12301 	struct net_device *dev = info->user_ptr[1];
12302 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12303 	struct sk_buff *msg;
12304 	void *hdr;
12305 	const u8 *addr;
12306 	u64 cookie;
12307 	int err;
12308 
12309 	if (wdev->iftype != NL80211_IFTYPE_AP &&
12310 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
12311 		return -EOPNOTSUPP;
12312 
12313 	if (!info->attrs[NL80211_ATTR_MAC])
12314 		return -EINVAL;
12315 
12316 	if (!rdev->ops->probe_client)
12317 		return -EOPNOTSUPP;
12318 
12319 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12320 	if (!msg)
12321 		return -ENOMEM;
12322 
12323 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12324 			     NL80211_CMD_PROBE_CLIENT);
12325 	if (!hdr) {
12326 		err = -ENOBUFS;
12327 		goto free_msg;
12328 	}
12329 
12330 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12331 
12332 	err = rdev_probe_client(rdev, dev, addr, &cookie);
12333 	if (err)
12334 		goto free_msg;
12335 
12336 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12337 			      NL80211_ATTR_PAD))
12338 		goto nla_put_failure;
12339 
12340 	genlmsg_end(msg, hdr);
12341 
12342 	return genlmsg_reply(msg, info);
12343 
12344  nla_put_failure:
12345 	err = -ENOBUFS;
12346  free_msg:
12347 	nlmsg_free(msg);
12348 	return err;
12349 }
12350 
12351 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
12352 {
12353 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12354 	struct cfg80211_beacon_registration *reg, *nreg;
12355 	int rv;
12356 
12357 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
12358 		return -EOPNOTSUPP;
12359 
12360 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
12361 	if (!nreg)
12362 		return -ENOMEM;
12363 
12364 	/* First, check if already registered. */
12365 	spin_lock_bh(&rdev->beacon_registrations_lock);
12366 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
12367 		if (reg->nlportid == info->snd_portid) {
12368 			rv = -EALREADY;
12369 			goto out_err;
12370 		}
12371 	}
12372 	/* Add it to the list */
12373 	nreg->nlportid = info->snd_portid;
12374 	list_add(&nreg->list, &rdev->beacon_registrations);
12375 
12376 	spin_unlock_bh(&rdev->beacon_registrations_lock);
12377 
12378 	return 0;
12379 out_err:
12380 	spin_unlock_bh(&rdev->beacon_registrations_lock);
12381 	kfree(nreg);
12382 	return rv;
12383 }
12384 
12385 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
12386 {
12387 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12388 	struct wireless_dev *wdev = info->user_ptr[1];
12389 	int err;
12390 
12391 	if (!rdev->ops->start_p2p_device)
12392 		return -EOPNOTSUPP;
12393 
12394 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12395 		return -EOPNOTSUPP;
12396 
12397 	if (wdev_running(wdev))
12398 		return 0;
12399 
12400 	if (rfkill_blocked(rdev->rfkill))
12401 		return -ERFKILL;
12402 
12403 	err = rdev_start_p2p_device(rdev, wdev);
12404 	if (err)
12405 		return err;
12406 
12407 	wdev->is_running = true;
12408 	rdev->opencount++;
12409 
12410 	return 0;
12411 }
12412 
12413 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
12414 {
12415 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12416 	struct wireless_dev *wdev = info->user_ptr[1];
12417 
12418 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12419 		return -EOPNOTSUPP;
12420 
12421 	if (!rdev->ops->stop_p2p_device)
12422 		return -EOPNOTSUPP;
12423 
12424 	cfg80211_stop_p2p_device(rdev, wdev);
12425 
12426 	return 0;
12427 }
12428 
12429 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
12430 {
12431 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12432 	struct wireless_dev *wdev = info->user_ptr[1];
12433 	struct cfg80211_nan_conf conf = {};
12434 	int err;
12435 
12436 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12437 		return -EOPNOTSUPP;
12438 
12439 	if (wdev_running(wdev))
12440 		return -EEXIST;
12441 
12442 	if (rfkill_blocked(rdev->rfkill))
12443 		return -ERFKILL;
12444 
12445 	if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
12446 		return -EINVAL;
12447 
12448 	conf.master_pref =
12449 		nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12450 
12451 	if (info->attrs[NL80211_ATTR_BANDS]) {
12452 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12453 
12454 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12455 			return -EOPNOTSUPP;
12456 
12457 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12458 			return -EINVAL;
12459 
12460 		conf.bands = bands;
12461 	}
12462 
12463 	err = rdev_start_nan(rdev, wdev, &conf);
12464 	if (err)
12465 		return err;
12466 
12467 	wdev->is_running = true;
12468 	rdev->opencount++;
12469 
12470 	return 0;
12471 }
12472 
12473 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
12474 {
12475 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12476 	struct wireless_dev *wdev = info->user_ptr[1];
12477 
12478 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12479 		return -EOPNOTSUPP;
12480 
12481 	cfg80211_stop_nan(rdev, wdev);
12482 
12483 	return 0;
12484 }
12485 
12486 static int validate_nan_filter(struct nlattr *filter_attr)
12487 {
12488 	struct nlattr *attr;
12489 	int len = 0, n_entries = 0, rem;
12490 
12491 	nla_for_each_nested(attr, filter_attr, rem) {
12492 		len += nla_len(attr);
12493 		n_entries++;
12494 	}
12495 
12496 	if (len >= U8_MAX)
12497 		return -EINVAL;
12498 
12499 	return n_entries;
12500 }
12501 
12502 static int handle_nan_filter(struct nlattr *attr_filter,
12503 			     struct cfg80211_nan_func *func,
12504 			     bool tx)
12505 {
12506 	struct nlattr *attr;
12507 	int n_entries, rem, i;
12508 	struct cfg80211_nan_func_filter *filter;
12509 
12510 	n_entries = validate_nan_filter(attr_filter);
12511 	if (n_entries < 0)
12512 		return n_entries;
12513 
12514 	BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
12515 
12516 	filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
12517 	if (!filter)
12518 		return -ENOMEM;
12519 
12520 	i = 0;
12521 	nla_for_each_nested(attr, attr_filter, rem) {
12522 		filter[i].filter = nla_memdup(attr, GFP_KERNEL);
12523 		filter[i].len = nla_len(attr);
12524 		i++;
12525 	}
12526 	if (tx) {
12527 		func->num_tx_filters = n_entries;
12528 		func->tx_filters = filter;
12529 	} else {
12530 		func->num_rx_filters = n_entries;
12531 		func->rx_filters = filter;
12532 	}
12533 
12534 	return 0;
12535 }
12536 
12537 static int nl80211_nan_add_func(struct sk_buff *skb,
12538 				struct genl_info *info)
12539 {
12540 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12541 	struct wireless_dev *wdev = info->user_ptr[1];
12542 	struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
12543 	struct cfg80211_nan_func *func;
12544 	struct sk_buff *msg = NULL;
12545 	void *hdr = NULL;
12546 	int err = 0;
12547 
12548 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12549 		return -EOPNOTSUPP;
12550 
12551 	if (!wdev_running(wdev))
12552 		return -ENOTCONN;
12553 
12554 	if (!info->attrs[NL80211_ATTR_NAN_FUNC])
12555 		return -EINVAL;
12556 
12557 	err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
12558 					  info->attrs[NL80211_ATTR_NAN_FUNC],
12559 					  nl80211_nan_func_policy,
12560 					  info->extack);
12561 	if (err)
12562 		return err;
12563 
12564 	func = kzalloc(sizeof(*func), GFP_KERNEL);
12565 	if (!func)
12566 		return -ENOMEM;
12567 
12568 	func->cookie = cfg80211_assign_cookie(rdev);
12569 
12570 	if (!tb[NL80211_NAN_FUNC_TYPE] ||
12571 	    nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
12572 		err = -EINVAL;
12573 		goto out;
12574 	}
12575 
12576 
12577 	func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
12578 
12579 	if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
12580 		err = -EINVAL;
12581 		goto out;
12582 	}
12583 
12584 	memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
12585 	       sizeof(func->service_id));
12586 
12587 	func->close_range =
12588 		nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
12589 
12590 	if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
12591 		func->serv_spec_info_len =
12592 			nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
12593 		func->serv_spec_info =
12594 			kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
12595 				func->serv_spec_info_len,
12596 				GFP_KERNEL);
12597 		if (!func->serv_spec_info) {
12598 			err = -ENOMEM;
12599 			goto out;
12600 		}
12601 	}
12602 
12603 	if (tb[NL80211_NAN_FUNC_TTL])
12604 		func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
12605 
12606 	switch (func->type) {
12607 	case NL80211_NAN_FUNC_PUBLISH:
12608 		if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
12609 			err = -EINVAL;
12610 			goto out;
12611 		}
12612 
12613 		func->publish_type =
12614 			nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
12615 		func->publish_bcast =
12616 			nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
12617 
12618 		if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
12619 			func->publish_bcast) {
12620 			err = -EINVAL;
12621 			goto out;
12622 		}
12623 		break;
12624 	case NL80211_NAN_FUNC_SUBSCRIBE:
12625 		func->subscribe_active =
12626 			nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
12627 		break;
12628 	case NL80211_NAN_FUNC_FOLLOW_UP:
12629 		if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
12630 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
12631 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
12632 			err = -EINVAL;
12633 			goto out;
12634 		}
12635 
12636 		func->followup_id =
12637 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
12638 		func->followup_reqid =
12639 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
12640 		memcpy(func->followup_dest.addr,
12641 		       nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
12642 		       sizeof(func->followup_dest.addr));
12643 		if (func->ttl) {
12644 			err = -EINVAL;
12645 			goto out;
12646 		}
12647 		break;
12648 	default:
12649 		err = -EINVAL;
12650 		goto out;
12651 	}
12652 
12653 	if (tb[NL80211_NAN_FUNC_SRF]) {
12654 		struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
12655 
12656 		err = nla_parse_nested_deprecated(srf_tb,
12657 						  NL80211_NAN_SRF_ATTR_MAX,
12658 						  tb[NL80211_NAN_FUNC_SRF],
12659 						  nl80211_nan_srf_policy,
12660 						  info->extack);
12661 		if (err)
12662 			goto out;
12663 
12664 		func->srf_include =
12665 			nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
12666 
12667 		if (srf_tb[NL80211_NAN_SRF_BF]) {
12668 			if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
12669 			    !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
12670 				err = -EINVAL;
12671 				goto out;
12672 			}
12673 
12674 			func->srf_bf_len =
12675 				nla_len(srf_tb[NL80211_NAN_SRF_BF]);
12676 			func->srf_bf =
12677 				kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
12678 					func->srf_bf_len, GFP_KERNEL);
12679 			if (!func->srf_bf) {
12680 				err = -ENOMEM;
12681 				goto out;
12682 			}
12683 
12684 			func->srf_bf_idx =
12685 				nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
12686 		} else {
12687 			struct nlattr *attr, *mac_attr =
12688 				srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
12689 			int n_entries, rem, i = 0;
12690 
12691 			if (!mac_attr) {
12692 				err = -EINVAL;
12693 				goto out;
12694 			}
12695 
12696 			n_entries = validate_acl_mac_addrs(mac_attr);
12697 			if (n_entries <= 0) {
12698 				err = -EINVAL;
12699 				goto out;
12700 			}
12701 
12702 			func->srf_num_macs = n_entries;
12703 			func->srf_macs =
12704 				kcalloc(n_entries, sizeof(*func->srf_macs),
12705 					GFP_KERNEL);
12706 			if (!func->srf_macs) {
12707 				err = -ENOMEM;
12708 				goto out;
12709 			}
12710 
12711 			nla_for_each_nested(attr, mac_attr, rem)
12712 				memcpy(func->srf_macs[i++].addr, nla_data(attr),
12713 				       sizeof(*func->srf_macs));
12714 		}
12715 	}
12716 
12717 	if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
12718 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
12719 					func, true);
12720 		if (err)
12721 			goto out;
12722 	}
12723 
12724 	if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
12725 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
12726 					func, false);
12727 		if (err)
12728 			goto out;
12729 	}
12730 
12731 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12732 	if (!msg) {
12733 		err = -ENOMEM;
12734 		goto out;
12735 	}
12736 
12737 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12738 			     NL80211_CMD_ADD_NAN_FUNCTION);
12739 	/* This can't really happen - we just allocated 4KB */
12740 	if (WARN_ON(!hdr)) {
12741 		err = -ENOMEM;
12742 		goto out;
12743 	}
12744 
12745 	err = rdev_add_nan_func(rdev, wdev, func);
12746 out:
12747 	if (err < 0) {
12748 		cfg80211_free_nan_func(func);
12749 		nlmsg_free(msg);
12750 		return err;
12751 	}
12752 
12753 	/* propagate the instance id and cookie to userspace  */
12754 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
12755 			      NL80211_ATTR_PAD))
12756 		goto nla_put_failure;
12757 
12758 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12759 	if (!func_attr)
12760 		goto nla_put_failure;
12761 
12762 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
12763 		       func->instance_id))
12764 		goto nla_put_failure;
12765 
12766 	nla_nest_end(msg, func_attr);
12767 
12768 	genlmsg_end(msg, hdr);
12769 	return genlmsg_reply(msg, info);
12770 
12771 nla_put_failure:
12772 	nlmsg_free(msg);
12773 	return -ENOBUFS;
12774 }
12775 
12776 static int nl80211_nan_del_func(struct sk_buff *skb,
12777 			       struct genl_info *info)
12778 {
12779 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12780 	struct wireless_dev *wdev = info->user_ptr[1];
12781 	u64 cookie;
12782 
12783 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12784 		return -EOPNOTSUPP;
12785 
12786 	if (!wdev_running(wdev))
12787 		return -ENOTCONN;
12788 
12789 	if (!info->attrs[NL80211_ATTR_COOKIE])
12790 		return -EINVAL;
12791 
12792 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12793 
12794 	rdev_del_nan_func(rdev, wdev, cookie);
12795 
12796 	return 0;
12797 }
12798 
12799 static int nl80211_nan_change_config(struct sk_buff *skb,
12800 				     struct genl_info *info)
12801 {
12802 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12803 	struct wireless_dev *wdev = info->user_ptr[1];
12804 	struct cfg80211_nan_conf conf = {};
12805 	u32 changed = 0;
12806 
12807 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12808 		return -EOPNOTSUPP;
12809 
12810 	if (!wdev_running(wdev))
12811 		return -ENOTCONN;
12812 
12813 	if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
12814 		conf.master_pref =
12815 			nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12816 		if (conf.master_pref <= 1 || conf.master_pref == 255)
12817 			return -EINVAL;
12818 
12819 		changed |= CFG80211_NAN_CONF_CHANGED_PREF;
12820 	}
12821 
12822 	if (info->attrs[NL80211_ATTR_BANDS]) {
12823 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12824 
12825 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12826 			return -EOPNOTSUPP;
12827 
12828 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12829 			return -EINVAL;
12830 
12831 		conf.bands = bands;
12832 		changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
12833 	}
12834 
12835 	if (!changed)
12836 		return -EINVAL;
12837 
12838 	return rdev_nan_change_conf(rdev, wdev, &conf, changed);
12839 }
12840 
12841 void cfg80211_nan_match(struct wireless_dev *wdev,
12842 			struct cfg80211_nan_match_params *match, gfp_t gfp)
12843 {
12844 	struct wiphy *wiphy = wdev->wiphy;
12845 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12846 	struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
12847 	struct sk_buff *msg;
12848 	void *hdr;
12849 
12850 	if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
12851 		return;
12852 
12853 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12854 	if (!msg)
12855 		return;
12856 
12857 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
12858 	if (!hdr) {
12859 		nlmsg_free(msg);
12860 		return;
12861 	}
12862 
12863 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12864 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12865 					 wdev->netdev->ifindex)) ||
12866 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12867 			      NL80211_ATTR_PAD))
12868 		goto nla_put_failure;
12869 
12870 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
12871 			      NL80211_ATTR_PAD) ||
12872 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
12873 		goto nla_put_failure;
12874 
12875 	match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
12876 	if (!match_attr)
12877 		goto nla_put_failure;
12878 
12879 	local_func_attr = nla_nest_start_noflag(msg,
12880 						NL80211_NAN_MATCH_FUNC_LOCAL);
12881 	if (!local_func_attr)
12882 		goto nla_put_failure;
12883 
12884 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
12885 		goto nla_put_failure;
12886 
12887 	nla_nest_end(msg, local_func_attr);
12888 
12889 	peer_func_attr = nla_nest_start_noflag(msg,
12890 					       NL80211_NAN_MATCH_FUNC_PEER);
12891 	if (!peer_func_attr)
12892 		goto nla_put_failure;
12893 
12894 	if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
12895 	    nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
12896 		goto nla_put_failure;
12897 
12898 	if (match->info && match->info_len &&
12899 	    nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
12900 		    match->info))
12901 		goto nla_put_failure;
12902 
12903 	nla_nest_end(msg, peer_func_attr);
12904 	nla_nest_end(msg, match_attr);
12905 	genlmsg_end(msg, hdr);
12906 
12907 	if (!wdev->owner_nlportid)
12908 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12909 					msg, 0, NL80211_MCGRP_NAN, gfp);
12910 	else
12911 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12912 				wdev->owner_nlportid);
12913 
12914 	return;
12915 
12916 nla_put_failure:
12917 	nlmsg_free(msg);
12918 }
12919 EXPORT_SYMBOL(cfg80211_nan_match);
12920 
12921 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
12922 				  u8 inst_id,
12923 				  enum nl80211_nan_func_term_reason reason,
12924 				  u64 cookie, gfp_t gfp)
12925 {
12926 	struct wiphy *wiphy = wdev->wiphy;
12927 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12928 	struct sk_buff *msg;
12929 	struct nlattr *func_attr;
12930 	void *hdr;
12931 
12932 	if (WARN_ON(!inst_id))
12933 		return;
12934 
12935 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12936 	if (!msg)
12937 		return;
12938 
12939 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
12940 	if (!hdr) {
12941 		nlmsg_free(msg);
12942 		return;
12943 	}
12944 
12945 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12946 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12947 					 wdev->netdev->ifindex)) ||
12948 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12949 			      NL80211_ATTR_PAD))
12950 		goto nla_put_failure;
12951 
12952 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12953 			      NL80211_ATTR_PAD))
12954 		goto nla_put_failure;
12955 
12956 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12957 	if (!func_attr)
12958 		goto nla_put_failure;
12959 
12960 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
12961 	    nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
12962 		goto nla_put_failure;
12963 
12964 	nla_nest_end(msg, func_attr);
12965 	genlmsg_end(msg, hdr);
12966 
12967 	if (!wdev->owner_nlportid)
12968 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12969 					msg, 0, NL80211_MCGRP_NAN, gfp);
12970 	else
12971 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12972 				wdev->owner_nlportid);
12973 
12974 	return;
12975 
12976 nla_put_failure:
12977 	nlmsg_free(msg);
12978 }
12979 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
12980 
12981 static int nl80211_get_protocol_features(struct sk_buff *skb,
12982 					 struct genl_info *info)
12983 {
12984 	void *hdr;
12985 	struct sk_buff *msg;
12986 
12987 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12988 	if (!msg)
12989 		return -ENOMEM;
12990 
12991 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12992 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
12993 	if (!hdr)
12994 		goto nla_put_failure;
12995 
12996 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
12997 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
12998 		goto nla_put_failure;
12999 
13000 	genlmsg_end(msg, hdr);
13001 	return genlmsg_reply(msg, info);
13002 
13003  nla_put_failure:
13004 	kfree_skb(msg);
13005 	return -ENOBUFS;
13006 }
13007 
13008 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
13009 {
13010 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13011 	struct cfg80211_update_ft_ies_params ft_params;
13012 	struct net_device *dev = info->user_ptr[1];
13013 
13014 	if (!rdev->ops->update_ft_ies)
13015 		return -EOPNOTSUPP;
13016 
13017 	if (!info->attrs[NL80211_ATTR_MDID] ||
13018 	    !info->attrs[NL80211_ATTR_IE])
13019 		return -EINVAL;
13020 
13021 	memset(&ft_params, 0, sizeof(ft_params));
13022 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
13023 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13024 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13025 
13026 	return rdev_update_ft_ies(rdev, dev, &ft_params);
13027 }
13028 
13029 static int nl80211_crit_protocol_start(struct sk_buff *skb,
13030 				       struct genl_info *info)
13031 {
13032 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13033 	struct wireless_dev *wdev = info->user_ptr[1];
13034 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
13035 	u16 duration;
13036 	int ret;
13037 
13038 	if (!rdev->ops->crit_proto_start)
13039 		return -EOPNOTSUPP;
13040 
13041 	if (WARN_ON(!rdev->ops->crit_proto_stop))
13042 		return -EINVAL;
13043 
13044 	if (rdev->crit_proto_nlportid)
13045 		return -EBUSY;
13046 
13047 	/* determine protocol if provided */
13048 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
13049 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
13050 
13051 	if (proto >= NUM_NL80211_CRIT_PROTO)
13052 		return -EINVAL;
13053 
13054 	/* timeout must be provided */
13055 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
13056 		return -EINVAL;
13057 
13058 	duration =
13059 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
13060 
13061 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
13062 		return -ERANGE;
13063 
13064 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
13065 	if (!ret)
13066 		rdev->crit_proto_nlportid = info->snd_portid;
13067 
13068 	return ret;
13069 }
13070 
13071 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
13072 				      struct genl_info *info)
13073 {
13074 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13075 	struct wireless_dev *wdev = info->user_ptr[1];
13076 
13077 	if (!rdev->ops->crit_proto_stop)
13078 		return -EOPNOTSUPP;
13079 
13080 	if (rdev->crit_proto_nlportid) {
13081 		rdev->crit_proto_nlportid = 0;
13082 		rdev_crit_proto_stop(rdev, wdev);
13083 	}
13084 	return 0;
13085 }
13086 
13087 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
13088 				       struct nlattr *attr,
13089 				       struct netlink_ext_ack *extack)
13090 {
13091 	if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
13092 		if (attr->nla_type & NLA_F_NESTED) {
13093 			NL_SET_ERR_MSG_ATTR(extack, attr,
13094 					    "unexpected nested data");
13095 			return -EINVAL;
13096 		}
13097 
13098 		return 0;
13099 	}
13100 
13101 	if (!(attr->nla_type & NLA_F_NESTED)) {
13102 		NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
13103 		return -EINVAL;
13104 	}
13105 
13106 	return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
13107 }
13108 
13109 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
13110 {
13111 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13112 	struct wireless_dev *wdev =
13113 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
13114 	int i, err;
13115 	u32 vid, subcmd;
13116 
13117 	if (!rdev->wiphy.vendor_commands)
13118 		return -EOPNOTSUPP;
13119 
13120 	if (IS_ERR(wdev)) {
13121 		err = PTR_ERR(wdev);
13122 		if (err != -EINVAL)
13123 			return err;
13124 		wdev = NULL;
13125 	} else if (wdev->wiphy != &rdev->wiphy) {
13126 		return -EINVAL;
13127 	}
13128 
13129 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
13130 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
13131 		return -EINVAL;
13132 
13133 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
13134 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
13135 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
13136 		const struct wiphy_vendor_command *vcmd;
13137 		void *data = NULL;
13138 		int len = 0;
13139 
13140 		vcmd = &rdev->wiphy.vendor_commands[i];
13141 
13142 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13143 			continue;
13144 
13145 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13146 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13147 			if (!wdev)
13148 				return -EINVAL;
13149 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13150 			    !wdev->netdev)
13151 				return -EINVAL;
13152 
13153 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13154 				if (!wdev_running(wdev))
13155 					return -ENETDOWN;
13156 			}
13157 
13158 			if (!vcmd->doit)
13159 				return -EOPNOTSUPP;
13160 		} else {
13161 			wdev = NULL;
13162 		}
13163 
13164 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
13165 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13166 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13167 
13168 			err = nl80211_vendor_check_policy(vcmd,
13169 					info->attrs[NL80211_ATTR_VENDOR_DATA],
13170 					info->extack);
13171 			if (err)
13172 				return err;
13173 		}
13174 
13175 		rdev->cur_cmd_info = info;
13176 		err = vcmd->doit(&rdev->wiphy, wdev, data, len);
13177 		rdev->cur_cmd_info = NULL;
13178 		return err;
13179 	}
13180 
13181 	return -EOPNOTSUPP;
13182 }
13183 
13184 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
13185 				       struct netlink_callback *cb,
13186 				       struct cfg80211_registered_device **rdev,
13187 				       struct wireless_dev **wdev)
13188 {
13189 	struct nlattr **attrbuf;
13190 	u32 vid, subcmd;
13191 	unsigned int i;
13192 	int vcmd_idx = -1;
13193 	int err;
13194 	void *data = NULL;
13195 	unsigned int data_len = 0;
13196 
13197 	if (cb->args[0]) {
13198 		/* subtract the 1 again here */
13199 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
13200 		struct wireless_dev *tmp;
13201 
13202 		if (!wiphy)
13203 			return -ENODEV;
13204 		*rdev = wiphy_to_rdev(wiphy);
13205 		*wdev = NULL;
13206 
13207 		if (cb->args[1]) {
13208 			list_for_each_entry(tmp, &wiphy->wdev_list, list) {
13209 				if (tmp->identifier == cb->args[1] - 1) {
13210 					*wdev = tmp;
13211 					break;
13212 				}
13213 			}
13214 		}
13215 
13216 		/* keep rtnl locked in successful case */
13217 		return 0;
13218 	}
13219 
13220 	attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
13221 	if (!attrbuf)
13222 		return -ENOMEM;
13223 
13224 	err = nlmsg_parse_deprecated(cb->nlh,
13225 				     GENL_HDRLEN + nl80211_fam.hdrsize,
13226 				     attrbuf, nl80211_fam.maxattr,
13227 				     nl80211_policy, NULL);
13228 	if (err)
13229 		goto out;
13230 
13231 	if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
13232 	    !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
13233 		err = -EINVAL;
13234 		goto out;
13235 	}
13236 
13237 	*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
13238 	if (IS_ERR(*wdev))
13239 		*wdev = NULL;
13240 
13241 	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
13242 	if (IS_ERR(*rdev)) {
13243 		err = PTR_ERR(*rdev);
13244 		goto out;
13245 	}
13246 
13247 	vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
13248 	subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
13249 
13250 	for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
13251 		const struct wiphy_vendor_command *vcmd;
13252 
13253 		vcmd = &(*rdev)->wiphy.vendor_commands[i];
13254 
13255 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13256 			continue;
13257 
13258 		if (!vcmd->dumpit) {
13259 			err = -EOPNOTSUPP;
13260 			goto out;
13261 		}
13262 
13263 		vcmd_idx = i;
13264 		break;
13265 	}
13266 
13267 	if (vcmd_idx < 0) {
13268 		err = -EOPNOTSUPP;
13269 		goto out;
13270 	}
13271 
13272 	if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
13273 		data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13274 		data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13275 
13276 		err = nl80211_vendor_check_policy(
13277 				&(*rdev)->wiphy.vendor_commands[vcmd_idx],
13278 				attrbuf[NL80211_ATTR_VENDOR_DATA],
13279 				cb->extack);
13280 		if (err)
13281 			goto out;
13282 	}
13283 
13284 	/* 0 is the first index - add 1 to parse only once */
13285 	cb->args[0] = (*rdev)->wiphy_idx + 1;
13286 	/* add 1 to know if it was NULL */
13287 	cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
13288 	cb->args[2] = vcmd_idx;
13289 	cb->args[3] = (unsigned long)data;
13290 	cb->args[4] = data_len;
13291 
13292 	/* keep rtnl locked in successful case */
13293 	err = 0;
13294 out:
13295 	kfree(attrbuf);
13296 	return err;
13297 }
13298 
13299 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
13300 				   struct netlink_callback *cb)
13301 {
13302 	struct cfg80211_registered_device *rdev;
13303 	struct wireless_dev *wdev;
13304 	unsigned int vcmd_idx;
13305 	const struct wiphy_vendor_command *vcmd;
13306 	void *data;
13307 	int data_len;
13308 	int err;
13309 	struct nlattr *vendor_data;
13310 
13311 	rtnl_lock();
13312 	err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
13313 	if (err)
13314 		goto out;
13315 
13316 	vcmd_idx = cb->args[2];
13317 	data = (void *)cb->args[3];
13318 	data_len = cb->args[4];
13319 	vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
13320 
13321 	if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13322 			   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13323 		if (!wdev) {
13324 			err = -EINVAL;
13325 			goto out;
13326 		}
13327 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13328 		    !wdev->netdev) {
13329 			err = -EINVAL;
13330 			goto out;
13331 		}
13332 
13333 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13334 			if (!wdev_running(wdev)) {
13335 				err = -ENETDOWN;
13336 				goto out;
13337 			}
13338 		}
13339 	}
13340 
13341 	while (1) {
13342 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13343 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
13344 					   NL80211_CMD_VENDOR);
13345 		if (!hdr)
13346 			break;
13347 
13348 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13349 		    (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
13350 					       wdev_id(wdev),
13351 					       NL80211_ATTR_PAD))) {
13352 			genlmsg_cancel(skb, hdr);
13353 			break;
13354 		}
13355 
13356 		vendor_data = nla_nest_start_noflag(skb,
13357 						    NL80211_ATTR_VENDOR_DATA);
13358 		if (!vendor_data) {
13359 			genlmsg_cancel(skb, hdr);
13360 			break;
13361 		}
13362 
13363 		err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
13364 				   (unsigned long *)&cb->args[5]);
13365 		nla_nest_end(skb, vendor_data);
13366 
13367 		if (err == -ENOBUFS || err == -ENOENT) {
13368 			genlmsg_cancel(skb, hdr);
13369 			break;
13370 		} else if (err) {
13371 			genlmsg_cancel(skb, hdr);
13372 			goto out;
13373 		}
13374 
13375 		genlmsg_end(skb, hdr);
13376 	}
13377 
13378 	err = skb->len;
13379  out:
13380 	rtnl_unlock();
13381 	return err;
13382 }
13383 
13384 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
13385 					   enum nl80211_commands cmd,
13386 					   enum nl80211_attrs attr,
13387 					   int approxlen)
13388 {
13389 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13390 
13391 	if (WARN_ON(!rdev->cur_cmd_info))
13392 		return NULL;
13393 
13394 	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
13395 					   rdev->cur_cmd_info->snd_portid,
13396 					   rdev->cur_cmd_info->snd_seq,
13397 					   cmd, attr, NULL, GFP_KERNEL);
13398 }
13399 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
13400 
13401 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
13402 {
13403 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
13404 	void *hdr = ((void **)skb->cb)[1];
13405 	struct nlattr *data = ((void **)skb->cb)[2];
13406 
13407 	/* clear CB data for netlink core to own from now on */
13408 	memset(skb->cb, 0, sizeof(skb->cb));
13409 
13410 	if (WARN_ON(!rdev->cur_cmd_info)) {
13411 		kfree_skb(skb);
13412 		return -EINVAL;
13413 	}
13414 
13415 	nla_nest_end(skb, data);
13416 	genlmsg_end(skb, hdr);
13417 	return genlmsg_reply(skb, rdev->cur_cmd_info);
13418 }
13419 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
13420 
13421 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
13422 {
13423 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13424 
13425 	if (WARN_ON(!rdev->cur_cmd_info))
13426 		return 0;
13427 
13428 	return rdev->cur_cmd_info->snd_portid;
13429 }
13430 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
13431 
13432 static int nl80211_set_qos_map(struct sk_buff *skb,
13433 			       struct genl_info *info)
13434 {
13435 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13436 	struct cfg80211_qos_map *qos_map = NULL;
13437 	struct net_device *dev = info->user_ptr[1];
13438 	u8 *pos, len, num_des, des_len, des;
13439 	int ret;
13440 
13441 	if (!rdev->ops->set_qos_map)
13442 		return -EOPNOTSUPP;
13443 
13444 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
13445 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
13446 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
13447 
13448 		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
13449 		    len > IEEE80211_QOS_MAP_LEN_MAX)
13450 			return -EINVAL;
13451 
13452 		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
13453 		if (!qos_map)
13454 			return -ENOMEM;
13455 
13456 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
13457 		if (num_des) {
13458 			des_len = num_des *
13459 				sizeof(struct cfg80211_dscp_exception);
13460 			memcpy(qos_map->dscp_exception, pos, des_len);
13461 			qos_map->num_des = num_des;
13462 			for (des = 0; des < num_des; des++) {
13463 				if (qos_map->dscp_exception[des].up > 7) {
13464 					kfree(qos_map);
13465 					return -EINVAL;
13466 				}
13467 			}
13468 			pos += des_len;
13469 		}
13470 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
13471 	}
13472 
13473 	wdev_lock(dev->ieee80211_ptr);
13474 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
13475 	if (!ret)
13476 		ret = rdev_set_qos_map(rdev, dev, qos_map);
13477 	wdev_unlock(dev->ieee80211_ptr);
13478 
13479 	kfree(qos_map);
13480 	return ret;
13481 }
13482 
13483 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
13484 {
13485 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13486 	struct net_device *dev = info->user_ptr[1];
13487 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13488 	const u8 *peer;
13489 	u8 tsid, up;
13490 	u16 admitted_time = 0;
13491 	int err;
13492 
13493 	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
13494 		return -EOPNOTSUPP;
13495 
13496 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
13497 	    !info->attrs[NL80211_ATTR_USER_PRIO])
13498 		return -EINVAL;
13499 
13500 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13501 	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
13502 
13503 	/* WMM uses TIDs 0-7 even for TSPEC */
13504 	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
13505 		/* TODO: handle 802.11 TSPEC/admission control
13506 		 * need more attributes for that (e.g. BA session requirement);
13507 		 * change the WMM adminssion test above to allow both then
13508 		 */
13509 		return -EINVAL;
13510 	}
13511 
13512 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13513 
13514 	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
13515 		admitted_time =
13516 			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
13517 		if (!admitted_time)
13518 			return -EINVAL;
13519 	}
13520 
13521 	wdev_lock(wdev);
13522 	switch (wdev->iftype) {
13523 	case NL80211_IFTYPE_STATION:
13524 	case NL80211_IFTYPE_P2P_CLIENT:
13525 		if (wdev->current_bss)
13526 			break;
13527 		err = -ENOTCONN;
13528 		goto out;
13529 	default:
13530 		err = -EOPNOTSUPP;
13531 		goto out;
13532 	}
13533 
13534 	err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
13535 
13536  out:
13537 	wdev_unlock(wdev);
13538 	return err;
13539 }
13540 
13541 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
13542 {
13543 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13544 	struct net_device *dev = info->user_ptr[1];
13545 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13546 	const u8 *peer;
13547 	u8 tsid;
13548 	int err;
13549 
13550 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
13551 		return -EINVAL;
13552 
13553 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13554 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13555 
13556 	wdev_lock(wdev);
13557 	err = rdev_del_tx_ts(rdev, dev, tsid, peer);
13558 	wdev_unlock(wdev);
13559 
13560 	return err;
13561 }
13562 
13563 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
13564 				       struct genl_info *info)
13565 {
13566 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13567 	struct net_device *dev = info->user_ptr[1];
13568 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13569 	struct cfg80211_chan_def chandef = {};
13570 	const u8 *addr;
13571 	u8 oper_class;
13572 	int err;
13573 
13574 	if (!rdev->ops->tdls_channel_switch ||
13575 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13576 		return -EOPNOTSUPP;
13577 
13578 	switch (dev->ieee80211_ptr->iftype) {
13579 	case NL80211_IFTYPE_STATION:
13580 	case NL80211_IFTYPE_P2P_CLIENT:
13581 		break;
13582 	default:
13583 		return -EOPNOTSUPP;
13584 	}
13585 
13586 	if (!info->attrs[NL80211_ATTR_MAC] ||
13587 	    !info->attrs[NL80211_ATTR_OPER_CLASS])
13588 		return -EINVAL;
13589 
13590 	err = nl80211_parse_chandef(rdev, info, &chandef);
13591 	if (err)
13592 		return err;
13593 
13594 	/*
13595 	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
13596 	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
13597 	 * specification is not defined for them.
13598 	 */
13599 	if (chandef.chan->band == NL80211_BAND_2GHZ &&
13600 	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
13601 	    chandef.width != NL80211_CHAN_WIDTH_20)
13602 		return -EINVAL;
13603 
13604 	/* we will be active on the TDLS link */
13605 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
13606 					   wdev->iftype))
13607 		return -EINVAL;
13608 
13609 	/* don't allow switching to DFS channels */
13610 	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
13611 		return -EINVAL;
13612 
13613 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13614 	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
13615 
13616 	wdev_lock(wdev);
13617 	err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
13618 	wdev_unlock(wdev);
13619 
13620 	return err;
13621 }
13622 
13623 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
13624 					      struct genl_info *info)
13625 {
13626 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13627 	struct net_device *dev = info->user_ptr[1];
13628 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13629 	const u8 *addr;
13630 
13631 	if (!rdev->ops->tdls_channel_switch ||
13632 	    !rdev->ops->tdls_cancel_channel_switch ||
13633 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13634 		return -EOPNOTSUPP;
13635 
13636 	switch (dev->ieee80211_ptr->iftype) {
13637 	case NL80211_IFTYPE_STATION:
13638 	case NL80211_IFTYPE_P2P_CLIENT:
13639 		break;
13640 	default:
13641 		return -EOPNOTSUPP;
13642 	}
13643 
13644 	if (!info->attrs[NL80211_ATTR_MAC])
13645 		return -EINVAL;
13646 
13647 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13648 
13649 	wdev_lock(wdev);
13650 	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
13651 	wdev_unlock(wdev);
13652 
13653 	return 0;
13654 }
13655 
13656 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
13657 					    struct genl_info *info)
13658 {
13659 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13660 	struct net_device *dev = info->user_ptr[1];
13661 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13662 	const struct nlattr *nla;
13663 	bool enabled;
13664 
13665 	if (!rdev->ops->set_multicast_to_unicast)
13666 		return -EOPNOTSUPP;
13667 
13668 	if (wdev->iftype != NL80211_IFTYPE_AP &&
13669 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
13670 		return -EOPNOTSUPP;
13671 
13672 	nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
13673 	enabled = nla_get_flag(nla);
13674 
13675 	return rdev_set_multicast_to_unicast(rdev, dev, enabled);
13676 }
13677 
13678 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
13679 {
13680 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13681 	struct net_device *dev = info->user_ptr[1];
13682 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13683 	struct cfg80211_pmk_conf pmk_conf = {};
13684 	int ret;
13685 
13686 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
13687 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13688 		return -EOPNOTSUPP;
13689 
13690 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13691 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13692 		return -EOPNOTSUPP;
13693 
13694 	if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
13695 		return -EINVAL;
13696 
13697 	wdev_lock(wdev);
13698 	if (!wdev->current_bss) {
13699 		ret = -ENOTCONN;
13700 		goto out;
13701 	}
13702 
13703 	pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13704 	if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
13705 		ret = -EINVAL;
13706 		goto out;
13707 	}
13708 
13709 	pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
13710 	pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
13711 	if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
13712 	    pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
13713 		ret = -EINVAL;
13714 		goto out;
13715 	}
13716 
13717 	if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
13718 		int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13719 
13720 		if (r0_name_len != WLAN_PMK_NAME_LEN) {
13721 			ret = -EINVAL;
13722 			goto out;
13723 		}
13724 
13725 		pmk_conf.pmk_r0_name =
13726 			nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13727 	}
13728 
13729 	ret = rdev_set_pmk(rdev, dev, &pmk_conf);
13730 out:
13731 	wdev_unlock(wdev);
13732 	return ret;
13733 }
13734 
13735 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
13736 {
13737 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13738 	struct net_device *dev = info->user_ptr[1];
13739 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13740 	const u8 *aa;
13741 	int ret;
13742 
13743 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
13744 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13745 		return -EOPNOTSUPP;
13746 
13747 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13748 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13749 		return -EOPNOTSUPP;
13750 
13751 	if (!info->attrs[NL80211_ATTR_MAC])
13752 		return -EINVAL;
13753 
13754 	wdev_lock(wdev);
13755 	aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13756 	ret = rdev_del_pmk(rdev, dev, aa);
13757 	wdev_unlock(wdev);
13758 
13759 	return ret;
13760 }
13761 
13762 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
13763 {
13764 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13765 	struct net_device *dev = info->user_ptr[1];
13766 	struct cfg80211_external_auth_params params;
13767 
13768 	if (!rdev->ops->external_auth)
13769 		return -EOPNOTSUPP;
13770 
13771 	if (!info->attrs[NL80211_ATTR_SSID] &&
13772 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
13773 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
13774 		return -EINVAL;
13775 
13776 	if (!info->attrs[NL80211_ATTR_BSSID])
13777 		return -EINVAL;
13778 
13779 	if (!info->attrs[NL80211_ATTR_STATUS_CODE])
13780 		return -EINVAL;
13781 
13782 	memset(&params, 0, sizeof(params));
13783 
13784 	if (info->attrs[NL80211_ATTR_SSID]) {
13785 		params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13786 		if (params.ssid.ssid_len == 0 ||
13787 		    params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
13788 			return -EINVAL;
13789 		memcpy(params.ssid.ssid,
13790 		       nla_data(info->attrs[NL80211_ATTR_SSID]),
13791 		       params.ssid.ssid_len);
13792 	}
13793 
13794 	memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
13795 	       ETH_ALEN);
13796 
13797 	params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13798 
13799 	if (info->attrs[NL80211_ATTR_PMKID])
13800 		params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13801 
13802 	return rdev_external_auth(rdev, dev, &params);
13803 }
13804 
13805 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
13806 {
13807 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13808 	struct net_device *dev = info->user_ptr[1];
13809 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13810 	const u8 *buf;
13811 	size_t len;
13812 	u8 *dest;
13813 	u16 proto;
13814 	bool noencrypt;
13815 	int err;
13816 
13817 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13818 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
13819 		return -EOPNOTSUPP;
13820 
13821 	if (!rdev->ops->tx_control_port)
13822 		return -EOPNOTSUPP;
13823 
13824 	if (!info->attrs[NL80211_ATTR_FRAME] ||
13825 	    !info->attrs[NL80211_ATTR_MAC] ||
13826 	    !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
13827 		GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
13828 		return -EINVAL;
13829 	}
13830 
13831 	wdev_lock(wdev);
13832 
13833 	switch (wdev->iftype) {
13834 	case NL80211_IFTYPE_AP:
13835 	case NL80211_IFTYPE_P2P_GO:
13836 	case NL80211_IFTYPE_MESH_POINT:
13837 		break;
13838 	case NL80211_IFTYPE_ADHOC:
13839 	case NL80211_IFTYPE_STATION:
13840 	case NL80211_IFTYPE_P2P_CLIENT:
13841 		if (wdev->current_bss)
13842 			break;
13843 		err = -ENOTCONN;
13844 		goto out;
13845 	default:
13846 		err = -EOPNOTSUPP;
13847 		goto out;
13848 	}
13849 
13850 	wdev_unlock(wdev);
13851 
13852 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13853 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13854 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13855 	proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
13856 	noencrypt =
13857 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
13858 
13859 	return rdev_tx_control_port(rdev, dev, buf, len,
13860 				    dest, cpu_to_be16(proto), noencrypt);
13861 
13862  out:
13863 	wdev_unlock(wdev);
13864 	return err;
13865 }
13866 
13867 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
13868 					   struct genl_info *info)
13869 {
13870 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13871 	struct net_device *dev = info->user_ptr[1];
13872 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13873 	struct cfg80211_ftm_responder_stats ftm_stats = {};
13874 	struct sk_buff *msg;
13875 	void *hdr;
13876 	struct nlattr *ftm_stats_attr;
13877 	int err;
13878 
13879 	if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
13880 		return -EOPNOTSUPP;
13881 
13882 	err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
13883 	if (err)
13884 		return err;
13885 
13886 	if (!ftm_stats.filled)
13887 		return -ENODATA;
13888 
13889 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13890 	if (!msg)
13891 		return -ENOMEM;
13892 
13893 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13894 			     NL80211_CMD_GET_FTM_RESPONDER_STATS);
13895 	if (!hdr)
13896 		goto nla_put_failure;
13897 
13898 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
13899 		goto nla_put_failure;
13900 
13901 	ftm_stats_attr = nla_nest_start_noflag(msg,
13902 					       NL80211_ATTR_FTM_RESPONDER_STATS);
13903 	if (!ftm_stats_attr)
13904 		goto nla_put_failure;
13905 
13906 #define SET_FTM(field, name, type)					 \
13907 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13908 	    nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name,		 \
13909 			     ftm_stats.field))				 \
13910 		goto nla_put_failure; } while (0)
13911 #define SET_FTM_U64(field, name)					 \
13912 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13913 	    nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name,		 \
13914 			      ftm_stats.field, NL80211_FTM_STATS_PAD))	 \
13915 		goto nla_put_failure; } while (0)
13916 
13917 	SET_FTM(success_num, SUCCESS_NUM, u32);
13918 	SET_FTM(partial_num, PARTIAL_NUM, u32);
13919 	SET_FTM(failed_num, FAILED_NUM, u32);
13920 	SET_FTM(asap_num, ASAP_NUM, u32);
13921 	SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
13922 	SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
13923 	SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
13924 	SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
13925 	SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
13926 #undef SET_FTM
13927 
13928 	nla_nest_end(msg, ftm_stats_attr);
13929 
13930 	genlmsg_end(msg, hdr);
13931 	return genlmsg_reply(msg, info);
13932 
13933 nla_put_failure:
13934 	nlmsg_free(msg);
13935 	return -ENOBUFS;
13936 }
13937 
13938 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
13939 {
13940 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13941 	struct cfg80211_update_owe_info owe_info;
13942 	struct net_device *dev = info->user_ptr[1];
13943 
13944 	if (!rdev->ops->update_owe_info)
13945 		return -EOPNOTSUPP;
13946 
13947 	if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
13948 	    !info->attrs[NL80211_ATTR_MAC])
13949 		return -EINVAL;
13950 
13951 	memset(&owe_info, 0, sizeof(owe_info));
13952 	owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13953 	nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
13954 
13955 	if (info->attrs[NL80211_ATTR_IE]) {
13956 		owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13957 		owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13958 	}
13959 
13960 	return rdev_update_owe_info(rdev, dev, &owe_info);
13961 }
13962 
13963 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
13964 {
13965 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13966 	struct net_device *dev = info->user_ptr[1];
13967 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13968 	struct station_info sinfo = {};
13969 	const u8 *buf;
13970 	size_t len;
13971 	u8 *dest;
13972 	int err;
13973 
13974 	if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
13975 		return -EOPNOTSUPP;
13976 
13977 	if (!info->attrs[NL80211_ATTR_MAC] ||
13978 	    !info->attrs[NL80211_ATTR_FRAME]) {
13979 		GENL_SET_ERR_MSG(info, "Frame or MAC missing");
13980 		return -EINVAL;
13981 	}
13982 
13983 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
13984 		return -EOPNOTSUPP;
13985 
13986 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13987 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13988 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13989 
13990 	if (len < sizeof(struct ethhdr))
13991 		return -EINVAL;
13992 
13993 	if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
13994 	    !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
13995 		return -EINVAL;
13996 
13997 	err = rdev_get_station(rdev, dev, dest, &sinfo);
13998 	if (err)
13999 		return err;
14000 
14001 	cfg80211_sinfo_release_content(&sinfo);
14002 
14003 	return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
14004 }
14005 
14006 static int parse_tid_conf(struct cfg80211_registered_device *rdev,
14007 			  struct nlattr *attrs[], struct net_device *dev,
14008 			  struct cfg80211_tid_cfg *tid_conf,
14009 			  struct genl_info *info, const u8 *peer)
14010 {
14011 	struct netlink_ext_ack *extack = info->extack;
14012 	u64 mask;
14013 	int err;
14014 
14015 	if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
14016 		return -EINVAL;
14017 
14018 	tid_conf->config_override =
14019 			nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
14020 	tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
14021 
14022 	if (tid_conf->config_override) {
14023 		if (rdev->ops->reset_tid_config) {
14024 			err = rdev_reset_tid_config(rdev, dev, peer,
14025 						    tid_conf->tids);
14026 			/* If peer is there no other configuration will be
14027 			 * allowed
14028 			 */
14029 			if (err || peer)
14030 				return err;
14031 		} else {
14032 			return -EINVAL;
14033 		}
14034 	}
14035 
14036 	if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
14037 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
14038 		tid_conf->noack =
14039 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
14040 	}
14041 
14042 	if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
14043 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
14044 		tid_conf->retry_short =
14045 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
14046 
14047 		if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
14048 			return -EINVAL;
14049 	}
14050 
14051 	if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
14052 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
14053 		tid_conf->retry_long =
14054 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
14055 
14056 		if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
14057 			return -EINVAL;
14058 	}
14059 
14060 	if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
14061 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
14062 		tid_conf->ampdu =
14063 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
14064 	}
14065 
14066 	if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
14067 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
14068 		tid_conf->rtscts =
14069 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
14070 	}
14071 
14072 	if (peer)
14073 		mask = rdev->wiphy.tid_config_support.peer;
14074 	else
14075 		mask = rdev->wiphy.tid_config_support.vif;
14076 
14077 	if (tid_conf->mask & ~mask) {
14078 		NL_SET_ERR_MSG(extack, "unsupported TID configuration");
14079 		return -ENOTSUPP;
14080 	}
14081 
14082 	return 0;
14083 }
14084 
14085 static int nl80211_set_tid_config(struct sk_buff *skb,
14086 				  struct genl_info *info)
14087 {
14088 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14089 	struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
14090 	struct net_device *dev = info->user_ptr[1];
14091 	struct cfg80211_tid_config *tid_config;
14092 	struct nlattr *tid;
14093 	int conf_idx = 0, rem_conf;
14094 	int ret = -EINVAL;
14095 	u32 num_conf = 0;
14096 
14097 	if (!info->attrs[NL80211_ATTR_TID_CONFIG])
14098 		return -EINVAL;
14099 
14100 	if (!rdev->ops->set_tid_config)
14101 		return -EOPNOTSUPP;
14102 
14103 	nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14104 			    rem_conf)
14105 		num_conf++;
14106 
14107 	tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
14108 			     GFP_KERNEL);
14109 	if (!tid_config)
14110 		return -ENOMEM;
14111 
14112 	tid_config->n_tid_conf = num_conf;
14113 
14114 	if (info->attrs[NL80211_ATTR_MAC])
14115 		tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14116 
14117 	nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14118 			    rem_conf) {
14119 		ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
14120 				       tid, NULL, NULL);
14121 
14122 		if (ret)
14123 			goto bad_tid_conf;
14124 
14125 		ret = parse_tid_conf(rdev, attrs, dev,
14126 				     &tid_config->tid_conf[conf_idx],
14127 				     info, tid_config->peer);
14128 		if (ret)
14129 			goto bad_tid_conf;
14130 
14131 		conf_idx++;
14132 	}
14133 
14134 	ret = rdev_set_tid_config(rdev, dev, tid_config);
14135 
14136 bad_tid_conf:
14137 	kfree(tid_config);
14138 	return ret;
14139 }
14140 
14141 #define NL80211_FLAG_NEED_WIPHY		0x01
14142 #define NL80211_FLAG_NEED_NETDEV	0x02
14143 #define NL80211_FLAG_NEED_RTNL		0x04
14144 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
14145 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
14146 					 NL80211_FLAG_CHECK_NETDEV_UP)
14147 #define NL80211_FLAG_NEED_WDEV		0x10
14148 /* If a netdev is associated, it must be UP, P2P must be started */
14149 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
14150 					 NL80211_FLAG_CHECK_NETDEV_UP)
14151 #define NL80211_FLAG_CLEAR_SKB		0x20
14152 
14153 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
14154 			    struct genl_info *info)
14155 {
14156 	struct cfg80211_registered_device *rdev;
14157 	struct wireless_dev *wdev;
14158 	struct net_device *dev;
14159 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
14160 
14161 	if (rtnl)
14162 		rtnl_lock();
14163 
14164 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
14165 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
14166 		if (IS_ERR(rdev)) {
14167 			if (rtnl)
14168 				rtnl_unlock();
14169 			return PTR_ERR(rdev);
14170 		}
14171 		info->user_ptr[0] = rdev;
14172 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
14173 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14174 		ASSERT_RTNL();
14175 
14176 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
14177 						  info->attrs);
14178 		if (IS_ERR(wdev)) {
14179 			if (rtnl)
14180 				rtnl_unlock();
14181 			return PTR_ERR(wdev);
14182 		}
14183 
14184 		dev = wdev->netdev;
14185 		rdev = wiphy_to_rdev(wdev->wiphy);
14186 
14187 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
14188 			if (!dev) {
14189 				if (rtnl)
14190 					rtnl_unlock();
14191 				return -EINVAL;
14192 			}
14193 
14194 			info->user_ptr[1] = dev;
14195 		} else {
14196 			info->user_ptr[1] = wdev;
14197 		}
14198 
14199 		if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
14200 		    !wdev_running(wdev)) {
14201 			if (rtnl)
14202 				rtnl_unlock();
14203 			return -ENETDOWN;
14204 		}
14205 
14206 		if (dev)
14207 			dev_hold(dev);
14208 
14209 		info->user_ptr[0] = rdev;
14210 	}
14211 
14212 	return 0;
14213 }
14214 
14215 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
14216 			      struct genl_info *info)
14217 {
14218 	if (info->user_ptr[1]) {
14219 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14220 			struct wireless_dev *wdev = info->user_ptr[1];
14221 
14222 			if (wdev->netdev)
14223 				dev_put(wdev->netdev);
14224 		} else {
14225 			dev_put(info->user_ptr[1]);
14226 		}
14227 	}
14228 
14229 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
14230 		rtnl_unlock();
14231 
14232 	/* If needed, clear the netlink message payload from the SKB
14233 	 * as it might contain key data that shouldn't stick around on
14234 	 * the heap after the SKB is freed. The netlink message header
14235 	 * is still needed for further processing, so leave it intact.
14236 	 */
14237 	if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
14238 		struct nlmsghdr *nlh = nlmsg_hdr(skb);
14239 
14240 		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
14241 	}
14242 }
14243 
14244 static const struct genl_ops nl80211_ops[] = {
14245 	{
14246 		.cmd = NL80211_CMD_GET_WIPHY,
14247 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14248 		.doit = nl80211_get_wiphy,
14249 		.dumpit = nl80211_dump_wiphy,
14250 		.done = nl80211_dump_wiphy_done,
14251 		/* can be retrieved by unprivileged users */
14252 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14253 				  NL80211_FLAG_NEED_RTNL,
14254 	},
14255 	{
14256 		.cmd = NL80211_CMD_SET_WIPHY,
14257 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14258 		.doit = nl80211_set_wiphy,
14259 		.flags = GENL_UNS_ADMIN_PERM,
14260 		.internal_flags = NL80211_FLAG_NEED_RTNL,
14261 	},
14262 	{
14263 		.cmd = NL80211_CMD_GET_INTERFACE,
14264 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14265 		.doit = nl80211_get_interface,
14266 		.dumpit = nl80211_dump_interface,
14267 		/* can be retrieved by unprivileged users */
14268 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14269 				  NL80211_FLAG_NEED_RTNL,
14270 	},
14271 	{
14272 		.cmd = NL80211_CMD_SET_INTERFACE,
14273 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14274 		.doit = nl80211_set_interface,
14275 		.flags = GENL_UNS_ADMIN_PERM,
14276 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14277 				  NL80211_FLAG_NEED_RTNL,
14278 	},
14279 	{
14280 		.cmd = NL80211_CMD_NEW_INTERFACE,
14281 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14282 		.doit = nl80211_new_interface,
14283 		.flags = GENL_UNS_ADMIN_PERM,
14284 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14285 				  NL80211_FLAG_NEED_RTNL,
14286 	},
14287 	{
14288 		.cmd = NL80211_CMD_DEL_INTERFACE,
14289 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14290 		.doit = nl80211_del_interface,
14291 		.flags = GENL_UNS_ADMIN_PERM,
14292 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14293 				  NL80211_FLAG_NEED_RTNL,
14294 	},
14295 	{
14296 		.cmd = NL80211_CMD_GET_KEY,
14297 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14298 		.doit = nl80211_get_key,
14299 		.flags = GENL_UNS_ADMIN_PERM,
14300 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14301 				  NL80211_FLAG_NEED_RTNL,
14302 	},
14303 	{
14304 		.cmd = NL80211_CMD_SET_KEY,
14305 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14306 		.doit = nl80211_set_key,
14307 		.flags = GENL_UNS_ADMIN_PERM,
14308 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14309 				  NL80211_FLAG_NEED_RTNL |
14310 				  NL80211_FLAG_CLEAR_SKB,
14311 	},
14312 	{
14313 		.cmd = NL80211_CMD_NEW_KEY,
14314 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14315 		.doit = nl80211_new_key,
14316 		.flags = GENL_UNS_ADMIN_PERM,
14317 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14318 				  NL80211_FLAG_NEED_RTNL |
14319 				  NL80211_FLAG_CLEAR_SKB,
14320 	},
14321 	{
14322 		.cmd = NL80211_CMD_DEL_KEY,
14323 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14324 		.doit = nl80211_del_key,
14325 		.flags = GENL_UNS_ADMIN_PERM,
14326 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14327 				  NL80211_FLAG_NEED_RTNL,
14328 	},
14329 	{
14330 		.cmd = NL80211_CMD_SET_BEACON,
14331 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14332 		.flags = GENL_UNS_ADMIN_PERM,
14333 		.doit = nl80211_set_beacon,
14334 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14335 				  NL80211_FLAG_NEED_RTNL,
14336 	},
14337 	{
14338 		.cmd = NL80211_CMD_START_AP,
14339 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14340 		.flags = GENL_UNS_ADMIN_PERM,
14341 		.doit = nl80211_start_ap,
14342 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14343 				  NL80211_FLAG_NEED_RTNL,
14344 	},
14345 	{
14346 		.cmd = NL80211_CMD_STOP_AP,
14347 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14348 		.flags = GENL_UNS_ADMIN_PERM,
14349 		.doit = nl80211_stop_ap,
14350 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14351 				  NL80211_FLAG_NEED_RTNL,
14352 	},
14353 	{
14354 		.cmd = NL80211_CMD_GET_STATION,
14355 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14356 		.doit = nl80211_get_station,
14357 		.dumpit = nl80211_dump_station,
14358 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14359 				  NL80211_FLAG_NEED_RTNL,
14360 	},
14361 	{
14362 		.cmd = NL80211_CMD_SET_STATION,
14363 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14364 		.doit = nl80211_set_station,
14365 		.flags = GENL_UNS_ADMIN_PERM,
14366 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14367 				  NL80211_FLAG_NEED_RTNL,
14368 	},
14369 	{
14370 		.cmd = NL80211_CMD_NEW_STATION,
14371 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14372 		.doit = nl80211_new_station,
14373 		.flags = GENL_UNS_ADMIN_PERM,
14374 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14375 				  NL80211_FLAG_NEED_RTNL,
14376 	},
14377 	{
14378 		.cmd = NL80211_CMD_DEL_STATION,
14379 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14380 		.doit = nl80211_del_station,
14381 		.flags = GENL_UNS_ADMIN_PERM,
14382 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14383 				  NL80211_FLAG_NEED_RTNL,
14384 	},
14385 	{
14386 		.cmd = NL80211_CMD_GET_MPATH,
14387 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14388 		.doit = nl80211_get_mpath,
14389 		.dumpit = nl80211_dump_mpath,
14390 		.flags = GENL_UNS_ADMIN_PERM,
14391 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14392 				  NL80211_FLAG_NEED_RTNL,
14393 	},
14394 	{
14395 		.cmd = NL80211_CMD_GET_MPP,
14396 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14397 		.doit = nl80211_get_mpp,
14398 		.dumpit = nl80211_dump_mpp,
14399 		.flags = GENL_UNS_ADMIN_PERM,
14400 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14401 				  NL80211_FLAG_NEED_RTNL,
14402 	},
14403 	{
14404 		.cmd = NL80211_CMD_SET_MPATH,
14405 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14406 		.doit = nl80211_set_mpath,
14407 		.flags = GENL_UNS_ADMIN_PERM,
14408 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14409 				  NL80211_FLAG_NEED_RTNL,
14410 	},
14411 	{
14412 		.cmd = NL80211_CMD_NEW_MPATH,
14413 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14414 		.doit = nl80211_new_mpath,
14415 		.flags = GENL_UNS_ADMIN_PERM,
14416 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14417 				  NL80211_FLAG_NEED_RTNL,
14418 	},
14419 	{
14420 		.cmd = NL80211_CMD_DEL_MPATH,
14421 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14422 		.doit = nl80211_del_mpath,
14423 		.flags = GENL_UNS_ADMIN_PERM,
14424 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14425 				  NL80211_FLAG_NEED_RTNL,
14426 	},
14427 	{
14428 		.cmd = NL80211_CMD_SET_BSS,
14429 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14430 		.doit = nl80211_set_bss,
14431 		.flags = GENL_UNS_ADMIN_PERM,
14432 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14433 				  NL80211_FLAG_NEED_RTNL,
14434 	},
14435 	{
14436 		.cmd = NL80211_CMD_GET_REG,
14437 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14438 		.doit = nl80211_get_reg_do,
14439 		.dumpit = nl80211_get_reg_dump,
14440 		.internal_flags = NL80211_FLAG_NEED_RTNL,
14441 		/* can be retrieved by unprivileged users */
14442 	},
14443 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
14444 	{
14445 		.cmd = NL80211_CMD_SET_REG,
14446 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14447 		.doit = nl80211_set_reg,
14448 		.flags = GENL_ADMIN_PERM,
14449 		.internal_flags = NL80211_FLAG_NEED_RTNL,
14450 	},
14451 #endif
14452 	{
14453 		.cmd = NL80211_CMD_REQ_SET_REG,
14454 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14455 		.doit = nl80211_req_set_reg,
14456 		.flags = GENL_ADMIN_PERM,
14457 	},
14458 	{
14459 		.cmd = NL80211_CMD_RELOAD_REGDB,
14460 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14461 		.doit = nl80211_reload_regdb,
14462 		.flags = GENL_ADMIN_PERM,
14463 	},
14464 	{
14465 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
14466 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14467 		.doit = nl80211_get_mesh_config,
14468 		/* can be retrieved by unprivileged users */
14469 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14470 				  NL80211_FLAG_NEED_RTNL,
14471 	},
14472 	{
14473 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
14474 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14475 		.doit = nl80211_update_mesh_config,
14476 		.flags = GENL_UNS_ADMIN_PERM,
14477 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14478 				  NL80211_FLAG_NEED_RTNL,
14479 	},
14480 	{
14481 		.cmd = NL80211_CMD_TRIGGER_SCAN,
14482 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14483 		.doit = nl80211_trigger_scan,
14484 		.flags = GENL_UNS_ADMIN_PERM,
14485 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14486 				  NL80211_FLAG_NEED_RTNL,
14487 	},
14488 	{
14489 		.cmd = NL80211_CMD_ABORT_SCAN,
14490 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14491 		.doit = nl80211_abort_scan,
14492 		.flags = GENL_UNS_ADMIN_PERM,
14493 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14494 				  NL80211_FLAG_NEED_RTNL,
14495 	},
14496 	{
14497 		.cmd = NL80211_CMD_GET_SCAN,
14498 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14499 		.dumpit = nl80211_dump_scan,
14500 	},
14501 	{
14502 		.cmd = NL80211_CMD_START_SCHED_SCAN,
14503 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14504 		.doit = nl80211_start_sched_scan,
14505 		.flags = GENL_UNS_ADMIN_PERM,
14506 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14507 				  NL80211_FLAG_NEED_RTNL,
14508 	},
14509 	{
14510 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
14511 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14512 		.doit = nl80211_stop_sched_scan,
14513 		.flags = GENL_UNS_ADMIN_PERM,
14514 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14515 				  NL80211_FLAG_NEED_RTNL,
14516 	},
14517 	{
14518 		.cmd = NL80211_CMD_AUTHENTICATE,
14519 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14520 		.doit = nl80211_authenticate,
14521 		.flags = GENL_UNS_ADMIN_PERM,
14522 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14523 				  NL80211_FLAG_NEED_RTNL |
14524 				  NL80211_FLAG_CLEAR_SKB,
14525 	},
14526 	{
14527 		.cmd = NL80211_CMD_ASSOCIATE,
14528 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14529 		.doit = nl80211_associate,
14530 		.flags = GENL_UNS_ADMIN_PERM,
14531 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14532 				  NL80211_FLAG_NEED_RTNL |
14533 				  NL80211_FLAG_CLEAR_SKB,
14534 	},
14535 	{
14536 		.cmd = NL80211_CMD_DEAUTHENTICATE,
14537 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14538 		.doit = nl80211_deauthenticate,
14539 		.flags = GENL_UNS_ADMIN_PERM,
14540 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14541 				  NL80211_FLAG_NEED_RTNL,
14542 	},
14543 	{
14544 		.cmd = NL80211_CMD_DISASSOCIATE,
14545 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14546 		.doit = nl80211_disassociate,
14547 		.flags = GENL_UNS_ADMIN_PERM,
14548 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14549 				  NL80211_FLAG_NEED_RTNL,
14550 	},
14551 	{
14552 		.cmd = NL80211_CMD_JOIN_IBSS,
14553 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14554 		.doit = nl80211_join_ibss,
14555 		.flags = GENL_UNS_ADMIN_PERM,
14556 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14557 				  NL80211_FLAG_NEED_RTNL,
14558 	},
14559 	{
14560 		.cmd = NL80211_CMD_LEAVE_IBSS,
14561 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14562 		.doit = nl80211_leave_ibss,
14563 		.flags = GENL_UNS_ADMIN_PERM,
14564 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14565 				  NL80211_FLAG_NEED_RTNL,
14566 	},
14567 #ifdef CONFIG_NL80211_TESTMODE
14568 	{
14569 		.cmd = NL80211_CMD_TESTMODE,
14570 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14571 		.doit = nl80211_testmode_do,
14572 		.dumpit = nl80211_testmode_dump,
14573 		.flags = GENL_UNS_ADMIN_PERM,
14574 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14575 				  NL80211_FLAG_NEED_RTNL,
14576 	},
14577 #endif
14578 	{
14579 		.cmd = NL80211_CMD_CONNECT,
14580 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14581 		.doit = nl80211_connect,
14582 		.flags = GENL_UNS_ADMIN_PERM,
14583 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14584 				  NL80211_FLAG_NEED_RTNL |
14585 				  NL80211_FLAG_CLEAR_SKB,
14586 	},
14587 	{
14588 		.cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
14589 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14590 		.doit = nl80211_update_connect_params,
14591 		.flags = GENL_ADMIN_PERM,
14592 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14593 				  NL80211_FLAG_NEED_RTNL |
14594 				  NL80211_FLAG_CLEAR_SKB,
14595 	},
14596 	{
14597 		.cmd = NL80211_CMD_DISCONNECT,
14598 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14599 		.doit = nl80211_disconnect,
14600 		.flags = GENL_UNS_ADMIN_PERM,
14601 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14602 				  NL80211_FLAG_NEED_RTNL,
14603 	},
14604 	{
14605 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
14606 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14607 		.doit = nl80211_wiphy_netns,
14608 		.flags = GENL_UNS_ADMIN_PERM,
14609 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14610 				  NL80211_FLAG_NEED_RTNL,
14611 	},
14612 	{
14613 		.cmd = NL80211_CMD_GET_SURVEY,
14614 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14615 		.dumpit = nl80211_dump_survey,
14616 	},
14617 	{
14618 		.cmd = NL80211_CMD_SET_PMKSA,
14619 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14620 		.doit = nl80211_setdel_pmksa,
14621 		.flags = GENL_UNS_ADMIN_PERM,
14622 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14623 				  NL80211_FLAG_NEED_RTNL |
14624 				  NL80211_FLAG_CLEAR_SKB,
14625 	},
14626 	{
14627 		.cmd = NL80211_CMD_DEL_PMKSA,
14628 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14629 		.doit = nl80211_setdel_pmksa,
14630 		.flags = GENL_UNS_ADMIN_PERM,
14631 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14632 				  NL80211_FLAG_NEED_RTNL,
14633 	},
14634 	{
14635 		.cmd = NL80211_CMD_FLUSH_PMKSA,
14636 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14637 		.doit = nl80211_flush_pmksa,
14638 		.flags = GENL_UNS_ADMIN_PERM,
14639 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14640 				  NL80211_FLAG_NEED_RTNL,
14641 	},
14642 	{
14643 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
14644 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14645 		.doit = nl80211_remain_on_channel,
14646 		.flags = GENL_UNS_ADMIN_PERM,
14647 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14648 				  NL80211_FLAG_NEED_RTNL,
14649 	},
14650 	{
14651 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14652 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14653 		.doit = nl80211_cancel_remain_on_channel,
14654 		.flags = GENL_UNS_ADMIN_PERM,
14655 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14656 				  NL80211_FLAG_NEED_RTNL,
14657 	},
14658 	{
14659 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
14660 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14661 		.doit = nl80211_set_tx_bitrate_mask,
14662 		.flags = GENL_UNS_ADMIN_PERM,
14663 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14664 				  NL80211_FLAG_NEED_RTNL,
14665 	},
14666 	{
14667 		.cmd = NL80211_CMD_REGISTER_FRAME,
14668 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14669 		.doit = nl80211_register_mgmt,
14670 		.flags = GENL_UNS_ADMIN_PERM,
14671 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14672 				  NL80211_FLAG_NEED_RTNL,
14673 	},
14674 	{
14675 		.cmd = NL80211_CMD_FRAME,
14676 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14677 		.doit = nl80211_tx_mgmt,
14678 		.flags = GENL_UNS_ADMIN_PERM,
14679 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14680 				  NL80211_FLAG_NEED_RTNL,
14681 	},
14682 	{
14683 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
14684 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14685 		.doit = nl80211_tx_mgmt_cancel_wait,
14686 		.flags = GENL_UNS_ADMIN_PERM,
14687 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14688 				  NL80211_FLAG_NEED_RTNL,
14689 	},
14690 	{
14691 		.cmd = NL80211_CMD_SET_POWER_SAVE,
14692 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14693 		.doit = nl80211_set_power_save,
14694 		.flags = GENL_UNS_ADMIN_PERM,
14695 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14696 				  NL80211_FLAG_NEED_RTNL,
14697 	},
14698 	{
14699 		.cmd = NL80211_CMD_GET_POWER_SAVE,
14700 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14701 		.doit = nl80211_get_power_save,
14702 		/* can be retrieved by unprivileged users */
14703 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14704 				  NL80211_FLAG_NEED_RTNL,
14705 	},
14706 	{
14707 		.cmd = NL80211_CMD_SET_CQM,
14708 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14709 		.doit = nl80211_set_cqm,
14710 		.flags = GENL_UNS_ADMIN_PERM,
14711 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14712 				  NL80211_FLAG_NEED_RTNL,
14713 	},
14714 	{
14715 		.cmd = NL80211_CMD_SET_CHANNEL,
14716 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14717 		.doit = nl80211_set_channel,
14718 		.flags = GENL_UNS_ADMIN_PERM,
14719 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14720 				  NL80211_FLAG_NEED_RTNL,
14721 	},
14722 	{
14723 		.cmd = NL80211_CMD_SET_WDS_PEER,
14724 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14725 		.doit = nl80211_set_wds_peer,
14726 		.flags = GENL_UNS_ADMIN_PERM,
14727 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14728 				  NL80211_FLAG_NEED_RTNL,
14729 	},
14730 	{
14731 		.cmd = NL80211_CMD_JOIN_MESH,
14732 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14733 		.doit = nl80211_join_mesh,
14734 		.flags = GENL_UNS_ADMIN_PERM,
14735 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14736 				  NL80211_FLAG_NEED_RTNL,
14737 	},
14738 	{
14739 		.cmd = NL80211_CMD_LEAVE_MESH,
14740 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14741 		.doit = nl80211_leave_mesh,
14742 		.flags = GENL_UNS_ADMIN_PERM,
14743 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14744 				  NL80211_FLAG_NEED_RTNL,
14745 	},
14746 	{
14747 		.cmd = NL80211_CMD_JOIN_OCB,
14748 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14749 		.doit = nl80211_join_ocb,
14750 		.flags = GENL_UNS_ADMIN_PERM,
14751 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14752 				  NL80211_FLAG_NEED_RTNL,
14753 	},
14754 	{
14755 		.cmd = NL80211_CMD_LEAVE_OCB,
14756 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14757 		.doit = nl80211_leave_ocb,
14758 		.flags = GENL_UNS_ADMIN_PERM,
14759 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14760 				  NL80211_FLAG_NEED_RTNL,
14761 	},
14762 #ifdef CONFIG_PM
14763 	{
14764 		.cmd = NL80211_CMD_GET_WOWLAN,
14765 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14766 		.doit = nl80211_get_wowlan,
14767 		/* can be retrieved by unprivileged users */
14768 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14769 				  NL80211_FLAG_NEED_RTNL,
14770 	},
14771 	{
14772 		.cmd = NL80211_CMD_SET_WOWLAN,
14773 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14774 		.doit = nl80211_set_wowlan,
14775 		.flags = GENL_UNS_ADMIN_PERM,
14776 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14777 				  NL80211_FLAG_NEED_RTNL,
14778 	},
14779 #endif
14780 	{
14781 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
14782 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14783 		.doit = nl80211_set_rekey_data,
14784 		.flags = GENL_UNS_ADMIN_PERM,
14785 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14786 				  NL80211_FLAG_NEED_RTNL |
14787 				  NL80211_FLAG_CLEAR_SKB,
14788 	},
14789 	{
14790 		.cmd = NL80211_CMD_TDLS_MGMT,
14791 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14792 		.doit = nl80211_tdls_mgmt,
14793 		.flags = GENL_UNS_ADMIN_PERM,
14794 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14795 				  NL80211_FLAG_NEED_RTNL,
14796 	},
14797 	{
14798 		.cmd = NL80211_CMD_TDLS_OPER,
14799 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14800 		.doit = nl80211_tdls_oper,
14801 		.flags = GENL_UNS_ADMIN_PERM,
14802 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14803 				  NL80211_FLAG_NEED_RTNL,
14804 	},
14805 	{
14806 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
14807 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14808 		.doit = nl80211_register_unexpected_frame,
14809 		.flags = GENL_UNS_ADMIN_PERM,
14810 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14811 				  NL80211_FLAG_NEED_RTNL,
14812 	},
14813 	{
14814 		.cmd = NL80211_CMD_PROBE_CLIENT,
14815 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14816 		.doit = nl80211_probe_client,
14817 		.flags = GENL_UNS_ADMIN_PERM,
14818 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14819 				  NL80211_FLAG_NEED_RTNL,
14820 	},
14821 	{
14822 		.cmd = NL80211_CMD_REGISTER_BEACONS,
14823 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14824 		.doit = nl80211_register_beacons,
14825 		.flags = GENL_UNS_ADMIN_PERM,
14826 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14827 				  NL80211_FLAG_NEED_RTNL,
14828 	},
14829 	{
14830 		.cmd = NL80211_CMD_SET_NOACK_MAP,
14831 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14832 		.doit = nl80211_set_noack_map,
14833 		.flags = GENL_UNS_ADMIN_PERM,
14834 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14835 				  NL80211_FLAG_NEED_RTNL,
14836 	},
14837 	{
14838 		.cmd = NL80211_CMD_START_P2P_DEVICE,
14839 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14840 		.doit = nl80211_start_p2p_device,
14841 		.flags = GENL_UNS_ADMIN_PERM,
14842 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14843 				  NL80211_FLAG_NEED_RTNL,
14844 	},
14845 	{
14846 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
14847 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14848 		.doit = nl80211_stop_p2p_device,
14849 		.flags = GENL_UNS_ADMIN_PERM,
14850 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14851 				  NL80211_FLAG_NEED_RTNL,
14852 	},
14853 	{
14854 		.cmd = NL80211_CMD_START_NAN,
14855 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14856 		.doit = nl80211_start_nan,
14857 		.flags = GENL_ADMIN_PERM,
14858 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14859 				  NL80211_FLAG_NEED_RTNL,
14860 	},
14861 	{
14862 		.cmd = NL80211_CMD_STOP_NAN,
14863 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14864 		.doit = nl80211_stop_nan,
14865 		.flags = GENL_ADMIN_PERM,
14866 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14867 				  NL80211_FLAG_NEED_RTNL,
14868 	},
14869 	{
14870 		.cmd = NL80211_CMD_ADD_NAN_FUNCTION,
14871 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14872 		.doit = nl80211_nan_add_func,
14873 		.flags = GENL_ADMIN_PERM,
14874 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14875 				  NL80211_FLAG_NEED_RTNL,
14876 	},
14877 	{
14878 		.cmd = NL80211_CMD_DEL_NAN_FUNCTION,
14879 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14880 		.doit = nl80211_nan_del_func,
14881 		.flags = GENL_ADMIN_PERM,
14882 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14883 				  NL80211_FLAG_NEED_RTNL,
14884 	},
14885 	{
14886 		.cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
14887 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14888 		.doit = nl80211_nan_change_config,
14889 		.flags = GENL_ADMIN_PERM,
14890 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14891 				  NL80211_FLAG_NEED_RTNL,
14892 	},
14893 	{
14894 		.cmd = NL80211_CMD_SET_MCAST_RATE,
14895 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14896 		.doit = nl80211_set_mcast_rate,
14897 		.flags = GENL_UNS_ADMIN_PERM,
14898 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14899 				  NL80211_FLAG_NEED_RTNL,
14900 	},
14901 	{
14902 		.cmd = NL80211_CMD_SET_MAC_ACL,
14903 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14904 		.doit = nl80211_set_mac_acl,
14905 		.flags = GENL_UNS_ADMIN_PERM,
14906 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14907 				  NL80211_FLAG_NEED_RTNL,
14908 	},
14909 	{
14910 		.cmd = NL80211_CMD_RADAR_DETECT,
14911 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14912 		.doit = nl80211_start_radar_detection,
14913 		.flags = GENL_UNS_ADMIN_PERM,
14914 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14915 				  NL80211_FLAG_NEED_RTNL,
14916 	},
14917 	{
14918 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
14919 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14920 		.doit = nl80211_get_protocol_features,
14921 	},
14922 	{
14923 		.cmd = NL80211_CMD_UPDATE_FT_IES,
14924 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14925 		.doit = nl80211_update_ft_ies,
14926 		.flags = GENL_UNS_ADMIN_PERM,
14927 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14928 				  NL80211_FLAG_NEED_RTNL,
14929 	},
14930 	{
14931 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
14932 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14933 		.doit = nl80211_crit_protocol_start,
14934 		.flags = GENL_UNS_ADMIN_PERM,
14935 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14936 				  NL80211_FLAG_NEED_RTNL,
14937 	},
14938 	{
14939 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
14940 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14941 		.doit = nl80211_crit_protocol_stop,
14942 		.flags = GENL_UNS_ADMIN_PERM,
14943 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14944 				  NL80211_FLAG_NEED_RTNL,
14945 	},
14946 	{
14947 		.cmd = NL80211_CMD_GET_COALESCE,
14948 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14949 		.doit = nl80211_get_coalesce,
14950 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14951 				  NL80211_FLAG_NEED_RTNL,
14952 	},
14953 	{
14954 		.cmd = NL80211_CMD_SET_COALESCE,
14955 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14956 		.doit = nl80211_set_coalesce,
14957 		.flags = GENL_UNS_ADMIN_PERM,
14958 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14959 				  NL80211_FLAG_NEED_RTNL,
14960 	},
14961 	{
14962 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
14963 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14964 		.doit = nl80211_channel_switch,
14965 		.flags = GENL_UNS_ADMIN_PERM,
14966 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14967 				  NL80211_FLAG_NEED_RTNL,
14968 	},
14969 	{
14970 		.cmd = NL80211_CMD_VENDOR,
14971 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14972 		.doit = nl80211_vendor_cmd,
14973 		.dumpit = nl80211_vendor_cmd_dump,
14974 		.flags = GENL_UNS_ADMIN_PERM,
14975 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14976 				  NL80211_FLAG_NEED_RTNL |
14977 				  NL80211_FLAG_CLEAR_SKB,
14978 	},
14979 	{
14980 		.cmd = NL80211_CMD_SET_QOS_MAP,
14981 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14982 		.doit = nl80211_set_qos_map,
14983 		.flags = GENL_UNS_ADMIN_PERM,
14984 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14985 				  NL80211_FLAG_NEED_RTNL,
14986 	},
14987 	{
14988 		.cmd = NL80211_CMD_ADD_TX_TS,
14989 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14990 		.doit = nl80211_add_tx_ts,
14991 		.flags = GENL_UNS_ADMIN_PERM,
14992 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14993 				  NL80211_FLAG_NEED_RTNL,
14994 	},
14995 	{
14996 		.cmd = NL80211_CMD_DEL_TX_TS,
14997 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14998 		.doit = nl80211_del_tx_ts,
14999 		.flags = GENL_UNS_ADMIN_PERM,
15000 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15001 				  NL80211_FLAG_NEED_RTNL,
15002 	},
15003 	{
15004 		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
15005 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15006 		.doit = nl80211_tdls_channel_switch,
15007 		.flags = GENL_UNS_ADMIN_PERM,
15008 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15009 				  NL80211_FLAG_NEED_RTNL,
15010 	},
15011 	{
15012 		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
15013 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15014 		.doit = nl80211_tdls_cancel_channel_switch,
15015 		.flags = GENL_UNS_ADMIN_PERM,
15016 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15017 				  NL80211_FLAG_NEED_RTNL,
15018 	},
15019 	{
15020 		.cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
15021 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15022 		.doit = nl80211_set_multicast_to_unicast,
15023 		.flags = GENL_UNS_ADMIN_PERM,
15024 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
15025 				  NL80211_FLAG_NEED_RTNL,
15026 	},
15027 	{
15028 		.cmd = NL80211_CMD_SET_PMK,
15029 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15030 		.doit = nl80211_set_pmk,
15031 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15032 				  NL80211_FLAG_NEED_RTNL |
15033 				  NL80211_FLAG_CLEAR_SKB,
15034 	},
15035 	{
15036 		.cmd = NL80211_CMD_DEL_PMK,
15037 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15038 		.doit = nl80211_del_pmk,
15039 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15040 				  NL80211_FLAG_NEED_RTNL,
15041 	},
15042 	{
15043 		.cmd = NL80211_CMD_EXTERNAL_AUTH,
15044 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15045 		.doit = nl80211_external_auth,
15046 		.flags = GENL_ADMIN_PERM,
15047 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15048 				  NL80211_FLAG_NEED_RTNL,
15049 	},
15050 	{
15051 		.cmd = NL80211_CMD_CONTROL_PORT_FRAME,
15052 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15053 		.doit = nl80211_tx_control_port,
15054 		.flags = GENL_UNS_ADMIN_PERM,
15055 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15056 				  NL80211_FLAG_NEED_RTNL,
15057 	},
15058 	{
15059 		.cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
15060 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15061 		.doit = nl80211_get_ftm_responder_stats,
15062 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
15063 				  NL80211_FLAG_NEED_RTNL,
15064 	},
15065 	{
15066 		.cmd = NL80211_CMD_PEER_MEASUREMENT_START,
15067 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15068 		.doit = nl80211_pmsr_start,
15069 		.flags = GENL_UNS_ADMIN_PERM,
15070 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15071 				  NL80211_FLAG_NEED_RTNL,
15072 	},
15073 	{
15074 		.cmd = NL80211_CMD_NOTIFY_RADAR,
15075 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15076 		.doit = nl80211_notify_radar_detection,
15077 		.flags = GENL_UNS_ADMIN_PERM,
15078 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15079 				  NL80211_FLAG_NEED_RTNL,
15080 	},
15081 	{
15082 		.cmd = NL80211_CMD_UPDATE_OWE_INFO,
15083 		.doit = nl80211_update_owe_info,
15084 		.flags = GENL_ADMIN_PERM,
15085 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15086 				  NL80211_FLAG_NEED_RTNL,
15087 	},
15088 	{
15089 		.cmd = NL80211_CMD_PROBE_MESH_LINK,
15090 		.doit = nl80211_probe_mesh_link,
15091 		.flags = GENL_UNS_ADMIN_PERM,
15092 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15093 				  NL80211_FLAG_NEED_RTNL,
15094 	},
15095 	{
15096 		.cmd = NL80211_CMD_SET_TID_CONFIG,
15097 		.doit = nl80211_set_tid_config,
15098 		.flags = GENL_UNS_ADMIN_PERM,
15099 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
15100 				  NL80211_FLAG_NEED_RTNL,
15101 	},
15102 };
15103 
15104 static struct genl_family nl80211_fam __ro_after_init = {
15105 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
15106 	.hdrsize = 0,			/* no private header */
15107 	.version = 1,			/* no particular meaning now */
15108 	.maxattr = NL80211_ATTR_MAX,
15109 	.policy = nl80211_policy,
15110 	.netnsok = true,
15111 	.pre_doit = nl80211_pre_doit,
15112 	.post_doit = nl80211_post_doit,
15113 	.module = THIS_MODULE,
15114 	.ops = nl80211_ops,
15115 	.n_ops = ARRAY_SIZE(nl80211_ops),
15116 	.mcgrps = nl80211_mcgrps,
15117 	.n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
15118 	.parallel_ops = true,
15119 };
15120 
15121 /* notification functions */
15122 
15123 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
15124 			  enum nl80211_commands cmd)
15125 {
15126 	struct sk_buff *msg;
15127 	struct nl80211_dump_wiphy_state state = {};
15128 
15129 	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
15130 		cmd != NL80211_CMD_DEL_WIPHY);
15131 
15132 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15133 	if (!msg)
15134 		return;
15135 
15136 	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
15137 		nlmsg_free(msg);
15138 		return;
15139 	}
15140 
15141 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15142 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
15143 }
15144 
15145 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
15146 				struct wireless_dev *wdev,
15147 				enum nl80211_commands cmd)
15148 {
15149 	struct sk_buff *msg;
15150 
15151 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15152 	if (!msg)
15153 		return;
15154 
15155 	if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
15156 		nlmsg_free(msg);
15157 		return;
15158 	}
15159 
15160 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15161 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
15162 }
15163 
15164 static int nl80211_add_scan_req(struct sk_buff *msg,
15165 				struct cfg80211_registered_device *rdev)
15166 {
15167 	struct cfg80211_scan_request *req = rdev->scan_req;
15168 	struct nlattr *nest;
15169 	int i;
15170 
15171 	if (WARN_ON(!req))
15172 		return 0;
15173 
15174 	nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
15175 	if (!nest)
15176 		goto nla_put_failure;
15177 	for (i = 0; i < req->n_ssids; i++) {
15178 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
15179 			goto nla_put_failure;
15180 	}
15181 	nla_nest_end(msg, nest);
15182 
15183 	nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
15184 	if (!nest)
15185 		goto nla_put_failure;
15186 	for (i = 0; i < req->n_channels; i++) {
15187 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
15188 			goto nla_put_failure;
15189 	}
15190 	nla_nest_end(msg, nest);
15191 
15192 	if (req->ie &&
15193 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
15194 		goto nla_put_failure;
15195 
15196 	if (req->flags &&
15197 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
15198 		goto nla_put_failure;
15199 
15200 	if (req->info.scan_start_tsf &&
15201 	    (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
15202 			       req->info.scan_start_tsf, NL80211_BSS_PAD) ||
15203 	     nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
15204 		     req->info.tsf_bssid)))
15205 		goto nla_put_failure;
15206 
15207 	return 0;
15208  nla_put_failure:
15209 	return -ENOBUFS;
15210 }
15211 
15212 static int nl80211_prep_scan_msg(struct sk_buff *msg,
15213 				 struct cfg80211_registered_device *rdev,
15214 				 struct wireless_dev *wdev,
15215 				 u32 portid, u32 seq, int flags,
15216 				 u32 cmd)
15217 {
15218 	void *hdr;
15219 
15220 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
15221 	if (!hdr)
15222 		return -1;
15223 
15224 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15225 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15226 					 wdev->netdev->ifindex)) ||
15227 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15228 			      NL80211_ATTR_PAD))
15229 		goto nla_put_failure;
15230 
15231 	/* ignore errors and send incomplete event anyway */
15232 	nl80211_add_scan_req(msg, rdev);
15233 
15234 	genlmsg_end(msg, hdr);
15235 	return 0;
15236 
15237  nla_put_failure:
15238 	genlmsg_cancel(msg, hdr);
15239 	return -EMSGSIZE;
15240 }
15241 
15242 static int
15243 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
15244 			    struct cfg80211_sched_scan_request *req, u32 cmd)
15245 {
15246 	void *hdr;
15247 
15248 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15249 	if (!hdr)
15250 		return -1;
15251 
15252 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
15253 			wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
15254 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
15255 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
15256 			      NL80211_ATTR_PAD))
15257 		goto nla_put_failure;
15258 
15259 	genlmsg_end(msg, hdr);
15260 	return 0;
15261 
15262  nla_put_failure:
15263 	genlmsg_cancel(msg, hdr);
15264 	return -EMSGSIZE;
15265 }
15266 
15267 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
15268 			     struct wireless_dev *wdev)
15269 {
15270 	struct sk_buff *msg;
15271 
15272 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15273 	if (!msg)
15274 		return;
15275 
15276 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
15277 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
15278 		nlmsg_free(msg);
15279 		return;
15280 	}
15281 
15282 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15283 				NL80211_MCGRP_SCAN, GFP_KERNEL);
15284 }
15285 
15286 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
15287 				       struct wireless_dev *wdev, bool aborted)
15288 {
15289 	struct sk_buff *msg;
15290 
15291 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15292 	if (!msg)
15293 		return NULL;
15294 
15295 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
15296 				  aborted ? NL80211_CMD_SCAN_ABORTED :
15297 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
15298 		nlmsg_free(msg);
15299 		return NULL;
15300 	}
15301 
15302 	return msg;
15303 }
15304 
15305 /* send message created by nl80211_build_scan_msg() */
15306 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
15307 			   struct sk_buff *msg)
15308 {
15309 	if (!msg)
15310 		return;
15311 
15312 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15313 				NL80211_MCGRP_SCAN, GFP_KERNEL);
15314 }
15315 
15316 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
15317 {
15318 	struct sk_buff *msg;
15319 
15320 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15321 	if (!msg)
15322 		return;
15323 
15324 	if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
15325 		nlmsg_free(msg);
15326 		return;
15327 	}
15328 
15329 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
15330 				NL80211_MCGRP_SCAN, GFP_KERNEL);
15331 }
15332 
15333 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
15334 					  struct regulatory_request *request)
15335 {
15336 	/* Userspace can always count this one always being set */
15337 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
15338 		goto nla_put_failure;
15339 
15340 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
15341 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15342 			       NL80211_REGDOM_TYPE_WORLD))
15343 			goto nla_put_failure;
15344 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
15345 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15346 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
15347 			goto nla_put_failure;
15348 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
15349 		   request->intersect) {
15350 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15351 			       NL80211_REGDOM_TYPE_INTERSECTION))
15352 			goto nla_put_failure;
15353 	} else {
15354 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15355 			       NL80211_REGDOM_TYPE_COUNTRY) ||
15356 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
15357 				   request->alpha2))
15358 			goto nla_put_failure;
15359 	}
15360 
15361 	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
15362 		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
15363 
15364 		if (wiphy &&
15365 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
15366 			goto nla_put_failure;
15367 
15368 		if (wiphy &&
15369 		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
15370 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
15371 			goto nla_put_failure;
15372 	}
15373 
15374 	return true;
15375 
15376 nla_put_failure:
15377 	return false;
15378 }
15379 
15380 /*
15381  * This can happen on global regulatory changes or device specific settings
15382  * based on custom regulatory domains.
15383  */
15384 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
15385 				     struct regulatory_request *request)
15386 {
15387 	struct sk_buff *msg;
15388 	void *hdr;
15389 
15390 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15391 	if (!msg)
15392 		return;
15393 
15394 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
15395 	if (!hdr)
15396 		goto nla_put_failure;
15397 
15398 	if (!nl80211_reg_change_event_fill(msg, request))
15399 		goto nla_put_failure;
15400 
15401 	genlmsg_end(msg, hdr);
15402 
15403 	rcu_read_lock();
15404 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15405 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15406 	rcu_read_unlock();
15407 
15408 	return;
15409 
15410 nla_put_failure:
15411 	nlmsg_free(msg);
15412 }
15413 
15414 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
15415 				    struct net_device *netdev,
15416 				    const u8 *buf, size_t len,
15417 				    enum nl80211_commands cmd, gfp_t gfp,
15418 				    int uapsd_queues, const u8 *req_ies,
15419 				    size_t req_ies_len)
15420 {
15421 	struct sk_buff *msg;
15422 	void *hdr;
15423 
15424 	msg = nlmsg_new(100 + len + req_ies_len, gfp);
15425 	if (!msg)
15426 		return;
15427 
15428 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15429 	if (!hdr) {
15430 		nlmsg_free(msg);
15431 		return;
15432 	}
15433 
15434 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15435 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15436 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15437 	    (req_ies &&
15438 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
15439 		goto nla_put_failure;
15440 
15441 	if (uapsd_queues >= 0) {
15442 		struct nlattr *nla_wmm =
15443 			nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
15444 		if (!nla_wmm)
15445 			goto nla_put_failure;
15446 
15447 		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
15448 			       uapsd_queues))
15449 			goto nla_put_failure;
15450 
15451 		nla_nest_end(msg, nla_wmm);
15452 	}
15453 
15454 	genlmsg_end(msg, hdr);
15455 
15456 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15457 				NL80211_MCGRP_MLME, gfp);
15458 	return;
15459 
15460  nla_put_failure:
15461 	nlmsg_free(msg);
15462 }
15463 
15464 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
15465 			  struct net_device *netdev, const u8 *buf,
15466 			  size_t len, gfp_t gfp)
15467 {
15468 	nl80211_send_mlme_event(rdev, netdev, buf, len,
15469 				NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0);
15470 }
15471 
15472 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
15473 			   struct net_device *netdev, const u8 *buf,
15474 			   size_t len, gfp_t gfp, int uapsd_queues,
15475 			   const u8 *req_ies, size_t req_ies_len)
15476 {
15477 	nl80211_send_mlme_event(rdev, netdev, buf, len,
15478 				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
15479 				req_ies, req_ies_len);
15480 }
15481 
15482 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
15483 			 struct net_device *netdev, const u8 *buf,
15484 			 size_t len, gfp_t gfp)
15485 {
15486 	nl80211_send_mlme_event(rdev, netdev, buf, len,
15487 				NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0);
15488 }
15489 
15490 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
15491 			   struct net_device *netdev, const u8 *buf,
15492 			   size_t len, gfp_t gfp)
15493 {
15494 	nl80211_send_mlme_event(rdev, netdev, buf, len,
15495 				NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0);
15496 }
15497 
15498 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
15499 				  size_t len)
15500 {
15501 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15502 	struct wiphy *wiphy = wdev->wiphy;
15503 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15504 	const struct ieee80211_mgmt *mgmt = (void *)buf;
15505 	u32 cmd;
15506 
15507 	if (WARN_ON(len < 2))
15508 		return;
15509 
15510 	if (ieee80211_is_deauth(mgmt->frame_control))
15511 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
15512 	else
15513 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
15514 
15515 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
15516 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
15517 				NULL, 0);
15518 }
15519 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
15520 
15521 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
15522 				      struct net_device *netdev, int cmd,
15523 				      const u8 *addr, gfp_t gfp)
15524 {
15525 	struct sk_buff *msg;
15526 	void *hdr;
15527 
15528 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15529 	if (!msg)
15530 		return;
15531 
15532 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15533 	if (!hdr) {
15534 		nlmsg_free(msg);
15535 		return;
15536 	}
15537 
15538 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15539 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15540 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15541 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
15542 		goto nla_put_failure;
15543 
15544 	genlmsg_end(msg, hdr);
15545 
15546 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15547 				NL80211_MCGRP_MLME, gfp);
15548 	return;
15549 
15550  nla_put_failure:
15551 	nlmsg_free(msg);
15552 }
15553 
15554 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
15555 			       struct net_device *netdev, const u8 *addr,
15556 			       gfp_t gfp)
15557 {
15558 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
15559 				  addr, gfp);
15560 }
15561 
15562 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
15563 				struct net_device *netdev, const u8 *addr,
15564 				gfp_t gfp)
15565 {
15566 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
15567 				  addr, gfp);
15568 }
15569 
15570 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
15571 				 struct net_device *netdev,
15572 				 struct cfg80211_connect_resp_params *cr,
15573 				 gfp_t gfp)
15574 {
15575 	struct sk_buff *msg;
15576 	void *hdr;
15577 
15578 	msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
15579 			cr->fils.kek_len + cr->fils.pmk_len +
15580 			(cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15581 	if (!msg)
15582 		return;
15583 
15584 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
15585 	if (!hdr) {
15586 		nlmsg_free(msg);
15587 		return;
15588 	}
15589 
15590 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15591 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15592 	    (cr->bssid &&
15593 	     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
15594 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
15595 			cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
15596 			cr->status) ||
15597 	    (cr->status < 0 &&
15598 	     (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15599 	      nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
15600 			  cr->timeout_reason))) ||
15601 	    (cr->req_ie &&
15602 	     nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
15603 	    (cr->resp_ie &&
15604 	     nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
15605 		     cr->resp_ie)) ||
15606 	    (cr->fils.update_erp_next_seq_num &&
15607 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15608 			 cr->fils.erp_next_seq_num)) ||
15609 	    (cr->status == WLAN_STATUS_SUCCESS &&
15610 	     ((cr->fils.kek &&
15611 	       nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
15612 		       cr->fils.kek)) ||
15613 	      (cr->fils.pmk &&
15614 	       nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
15615 	      (cr->fils.pmkid &&
15616 	       nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
15617 		goto nla_put_failure;
15618 
15619 	genlmsg_end(msg, hdr);
15620 
15621 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15622 				NL80211_MCGRP_MLME, gfp);
15623 	return;
15624 
15625  nla_put_failure:
15626 	nlmsg_free(msg);
15627 }
15628 
15629 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
15630 			 struct net_device *netdev,
15631 			 struct cfg80211_roam_info *info, gfp_t gfp)
15632 {
15633 	struct sk_buff *msg;
15634 	void *hdr;
15635 	const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
15636 
15637 	msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
15638 			info->fils.kek_len + info->fils.pmk_len +
15639 			(info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15640 	if (!msg)
15641 		return;
15642 
15643 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
15644 	if (!hdr) {
15645 		nlmsg_free(msg);
15646 		return;
15647 	}
15648 
15649 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15650 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15651 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
15652 	    (info->req_ie &&
15653 	     nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
15654 		     info->req_ie)) ||
15655 	    (info->resp_ie &&
15656 	     nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
15657 		     info->resp_ie)) ||
15658 	    (info->fils.update_erp_next_seq_num &&
15659 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15660 			 info->fils.erp_next_seq_num)) ||
15661 	    (info->fils.kek &&
15662 	     nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
15663 		     info->fils.kek)) ||
15664 	    (info->fils.pmk &&
15665 	     nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
15666 	    (info->fils.pmkid &&
15667 	     nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
15668 		goto nla_put_failure;
15669 
15670 	genlmsg_end(msg, hdr);
15671 
15672 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15673 				NL80211_MCGRP_MLME, gfp);
15674 	return;
15675 
15676  nla_put_failure:
15677 	nlmsg_free(msg);
15678 }
15679 
15680 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
15681 				  struct net_device *netdev, const u8 *bssid)
15682 {
15683 	struct sk_buff *msg;
15684 	void *hdr;
15685 
15686 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15687 	if (!msg)
15688 		return;
15689 
15690 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
15691 	if (!hdr) {
15692 		nlmsg_free(msg);
15693 		return;
15694 	}
15695 
15696 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15697 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15698 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15699 		goto nla_put_failure;
15700 
15701 	genlmsg_end(msg, hdr);
15702 
15703 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15704 				NL80211_MCGRP_MLME, GFP_KERNEL);
15705 	return;
15706 
15707  nla_put_failure:
15708 	nlmsg_free(msg);
15709 }
15710 
15711 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
15712 			       struct net_device *netdev, u16 reason,
15713 			       const u8 *ie, size_t ie_len, bool from_ap)
15714 {
15715 	struct sk_buff *msg;
15716 	void *hdr;
15717 
15718 	msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
15719 	if (!msg)
15720 		return;
15721 
15722 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
15723 	if (!hdr) {
15724 		nlmsg_free(msg);
15725 		return;
15726 	}
15727 
15728 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15729 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15730 	    (reason &&
15731 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
15732 	    (from_ap &&
15733 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
15734 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
15735 		goto nla_put_failure;
15736 
15737 	genlmsg_end(msg, hdr);
15738 
15739 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15740 				NL80211_MCGRP_MLME, GFP_KERNEL);
15741 	return;
15742 
15743  nla_put_failure:
15744 	nlmsg_free(msg);
15745 }
15746 
15747 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
15748 			     struct net_device *netdev, const u8 *bssid,
15749 			     gfp_t gfp)
15750 {
15751 	struct sk_buff *msg;
15752 	void *hdr;
15753 
15754 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15755 	if (!msg)
15756 		return;
15757 
15758 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
15759 	if (!hdr) {
15760 		nlmsg_free(msg);
15761 		return;
15762 	}
15763 
15764 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15765 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15766 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15767 		goto nla_put_failure;
15768 
15769 	genlmsg_end(msg, hdr);
15770 
15771 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15772 				NL80211_MCGRP_MLME, gfp);
15773 	return;
15774 
15775  nla_put_failure:
15776 	nlmsg_free(msg);
15777 }
15778 
15779 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
15780 					const u8 *ie, u8 ie_len,
15781 					int sig_dbm, gfp_t gfp)
15782 {
15783 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15784 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15785 	struct sk_buff *msg;
15786 	void *hdr;
15787 
15788 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
15789 		return;
15790 
15791 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
15792 
15793 	msg = nlmsg_new(100 + ie_len, gfp);
15794 	if (!msg)
15795 		return;
15796 
15797 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
15798 	if (!hdr) {
15799 		nlmsg_free(msg);
15800 		return;
15801 	}
15802 
15803 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15804 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15805 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15806 	    (ie_len && ie &&
15807 	     nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
15808 	    (sig_dbm &&
15809 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
15810 		goto nla_put_failure;
15811 
15812 	genlmsg_end(msg, hdr);
15813 
15814 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15815 				NL80211_MCGRP_MLME, gfp);
15816 	return;
15817 
15818  nla_put_failure:
15819 	nlmsg_free(msg);
15820 }
15821 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
15822 
15823 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
15824 				 struct net_device *netdev, const u8 *addr,
15825 				 enum nl80211_key_type key_type, int key_id,
15826 				 const u8 *tsc, gfp_t gfp)
15827 {
15828 	struct sk_buff *msg;
15829 	void *hdr;
15830 
15831 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15832 	if (!msg)
15833 		return;
15834 
15835 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
15836 	if (!hdr) {
15837 		nlmsg_free(msg);
15838 		return;
15839 	}
15840 
15841 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15842 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15843 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
15844 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
15845 	    (key_id != -1 &&
15846 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
15847 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
15848 		goto nla_put_failure;
15849 
15850 	genlmsg_end(msg, hdr);
15851 
15852 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15853 				NL80211_MCGRP_MLME, gfp);
15854 	return;
15855 
15856  nla_put_failure:
15857 	nlmsg_free(msg);
15858 }
15859 
15860 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
15861 				    struct ieee80211_channel *channel_before,
15862 				    struct ieee80211_channel *channel_after)
15863 {
15864 	struct sk_buff *msg;
15865 	void *hdr;
15866 	struct nlattr *nl_freq;
15867 
15868 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
15869 	if (!msg)
15870 		return;
15871 
15872 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
15873 	if (!hdr) {
15874 		nlmsg_free(msg);
15875 		return;
15876 	}
15877 
15878 	/*
15879 	 * Since we are applying the beacon hint to a wiphy we know its
15880 	 * wiphy_idx is valid
15881 	 */
15882 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
15883 		goto nla_put_failure;
15884 
15885 	/* Before */
15886 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
15887 	if (!nl_freq)
15888 		goto nla_put_failure;
15889 
15890 	if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
15891 		goto nla_put_failure;
15892 	nla_nest_end(msg, nl_freq);
15893 
15894 	/* After */
15895 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
15896 	if (!nl_freq)
15897 		goto nla_put_failure;
15898 
15899 	if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
15900 		goto nla_put_failure;
15901 	nla_nest_end(msg, nl_freq);
15902 
15903 	genlmsg_end(msg, hdr);
15904 
15905 	rcu_read_lock();
15906 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15907 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15908 	rcu_read_unlock();
15909 
15910 	return;
15911 
15912 nla_put_failure:
15913 	nlmsg_free(msg);
15914 }
15915 
15916 static void nl80211_send_remain_on_chan_event(
15917 	int cmd, struct cfg80211_registered_device *rdev,
15918 	struct wireless_dev *wdev, u64 cookie,
15919 	struct ieee80211_channel *chan,
15920 	unsigned int duration, gfp_t gfp)
15921 {
15922 	struct sk_buff *msg;
15923 	void *hdr;
15924 
15925 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15926 	if (!msg)
15927 		return;
15928 
15929 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15930 	if (!hdr) {
15931 		nlmsg_free(msg);
15932 		return;
15933 	}
15934 
15935 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15936 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15937 					 wdev->netdev->ifindex)) ||
15938 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15939 			      NL80211_ATTR_PAD) ||
15940 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
15941 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
15942 			NL80211_CHAN_NO_HT) ||
15943 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15944 			      NL80211_ATTR_PAD))
15945 		goto nla_put_failure;
15946 
15947 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
15948 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
15949 		goto nla_put_failure;
15950 
15951 	genlmsg_end(msg, hdr);
15952 
15953 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15954 				NL80211_MCGRP_MLME, gfp);
15955 	return;
15956 
15957  nla_put_failure:
15958 	nlmsg_free(msg);
15959 }
15960 
15961 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
15962 			       struct ieee80211_channel *chan,
15963 			       unsigned int duration, gfp_t gfp)
15964 {
15965 	struct wiphy *wiphy = wdev->wiphy;
15966 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15967 
15968 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
15969 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
15970 					  rdev, wdev, cookie, chan,
15971 					  duration, gfp);
15972 }
15973 EXPORT_SYMBOL(cfg80211_ready_on_channel);
15974 
15975 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
15976 					struct ieee80211_channel *chan,
15977 					gfp_t gfp)
15978 {
15979 	struct wiphy *wiphy = wdev->wiphy;
15980 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15981 
15982 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
15983 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15984 					  rdev, wdev, cookie, chan, 0, gfp);
15985 }
15986 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
15987 
15988 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
15989 					struct ieee80211_channel *chan,
15990 					gfp_t gfp)
15991 {
15992 	struct wiphy *wiphy = wdev->wiphy;
15993 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15994 
15995 	trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
15996 	nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
15997 					  rdev, wdev, cookie, chan, 0, gfp);
15998 }
15999 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
16000 
16001 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
16002 		      struct station_info *sinfo, gfp_t gfp)
16003 {
16004 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16005 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16006 	struct sk_buff *msg;
16007 
16008 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
16009 
16010 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16011 	if (!msg)
16012 		return;
16013 
16014 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
16015 				 rdev, dev, mac_addr, sinfo) < 0) {
16016 		nlmsg_free(msg);
16017 		return;
16018 	}
16019 
16020 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16021 				NL80211_MCGRP_MLME, gfp);
16022 }
16023 EXPORT_SYMBOL(cfg80211_new_sta);
16024 
16025 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
16026 			    struct station_info *sinfo, gfp_t gfp)
16027 {
16028 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16029 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16030 	struct sk_buff *msg;
16031 	struct station_info empty_sinfo = {};
16032 
16033 	if (!sinfo)
16034 		sinfo = &empty_sinfo;
16035 
16036 	trace_cfg80211_del_sta(dev, mac_addr);
16037 
16038 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16039 	if (!msg) {
16040 		cfg80211_sinfo_release_content(sinfo);
16041 		return;
16042 	}
16043 
16044 	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
16045 				 rdev, dev, mac_addr, sinfo) < 0) {
16046 		nlmsg_free(msg);
16047 		return;
16048 	}
16049 
16050 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16051 				NL80211_MCGRP_MLME, gfp);
16052 }
16053 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
16054 
16055 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
16056 			  enum nl80211_connect_failed_reason reason,
16057 			  gfp_t gfp)
16058 {
16059 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16060 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16061 	struct sk_buff *msg;
16062 	void *hdr;
16063 
16064 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
16065 	if (!msg)
16066 		return;
16067 
16068 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
16069 	if (!hdr) {
16070 		nlmsg_free(msg);
16071 		return;
16072 	}
16073 
16074 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16075 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
16076 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
16077 		goto nla_put_failure;
16078 
16079 	genlmsg_end(msg, hdr);
16080 
16081 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16082 				NL80211_MCGRP_MLME, gfp);
16083 	return;
16084 
16085  nla_put_failure:
16086 	nlmsg_free(msg);
16087 }
16088 EXPORT_SYMBOL(cfg80211_conn_failed);
16089 
16090 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
16091 				       const u8 *addr, gfp_t gfp)
16092 {
16093 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16094 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16095 	struct sk_buff *msg;
16096 	void *hdr;
16097 	u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
16098 
16099 	if (!nlportid)
16100 		return false;
16101 
16102 	msg = nlmsg_new(100, gfp);
16103 	if (!msg)
16104 		return true;
16105 
16106 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16107 	if (!hdr) {
16108 		nlmsg_free(msg);
16109 		return true;
16110 	}
16111 
16112 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16113 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16114 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
16115 		goto nla_put_failure;
16116 
16117 	genlmsg_end(msg, hdr);
16118 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16119 	return true;
16120 
16121  nla_put_failure:
16122 	nlmsg_free(msg);
16123 	return true;
16124 }
16125 
16126 bool cfg80211_rx_spurious_frame(struct net_device *dev,
16127 				const u8 *addr, gfp_t gfp)
16128 {
16129 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16130 	bool ret;
16131 
16132 	trace_cfg80211_rx_spurious_frame(dev, addr);
16133 
16134 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16135 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
16136 		trace_cfg80211_return_bool(false);
16137 		return false;
16138 	}
16139 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
16140 					 addr, gfp);
16141 	trace_cfg80211_return_bool(ret);
16142 	return ret;
16143 }
16144 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
16145 
16146 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
16147 					const u8 *addr, gfp_t gfp)
16148 {
16149 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16150 	bool ret;
16151 
16152 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
16153 
16154 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16155 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
16156 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
16157 		trace_cfg80211_return_bool(false);
16158 		return false;
16159 	}
16160 	ret = __nl80211_unexpected_frame(dev,
16161 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
16162 					 addr, gfp);
16163 	trace_cfg80211_return_bool(ret);
16164 	return ret;
16165 }
16166 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
16167 
16168 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
16169 		      struct wireless_dev *wdev, u32 nlportid,
16170 		      int freq, int sig_dbm,
16171 		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
16172 {
16173 	struct net_device *netdev = wdev->netdev;
16174 	struct sk_buff *msg;
16175 	void *hdr;
16176 
16177 	msg = nlmsg_new(100 + len, gfp);
16178 	if (!msg)
16179 		return -ENOMEM;
16180 
16181 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16182 	if (!hdr) {
16183 		nlmsg_free(msg);
16184 		return -ENOMEM;
16185 	}
16186 
16187 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16188 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16189 					netdev->ifindex)) ||
16190 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16191 			      NL80211_ATTR_PAD) ||
16192 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
16193 	    (sig_dbm &&
16194 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16195 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16196 	    (flags &&
16197 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
16198 		goto nla_put_failure;
16199 
16200 	genlmsg_end(msg, hdr);
16201 
16202 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16203 
16204  nla_put_failure:
16205 	nlmsg_free(msg);
16206 	return -ENOBUFS;
16207 }
16208 
16209 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
16210 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
16211 {
16212 	struct wiphy *wiphy = wdev->wiphy;
16213 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16214 	struct net_device *netdev = wdev->netdev;
16215 	struct sk_buff *msg;
16216 	void *hdr;
16217 
16218 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
16219 
16220 	msg = nlmsg_new(100 + len, gfp);
16221 	if (!msg)
16222 		return;
16223 
16224 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
16225 	if (!hdr) {
16226 		nlmsg_free(msg);
16227 		return;
16228 	}
16229 
16230 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16231 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16232 				   netdev->ifindex)) ||
16233 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16234 			      NL80211_ATTR_PAD) ||
16235 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16236 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16237 			      NL80211_ATTR_PAD) ||
16238 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
16239 		goto nla_put_failure;
16240 
16241 	genlmsg_end(msg, hdr);
16242 
16243 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16244 				NL80211_MCGRP_MLME, gfp);
16245 	return;
16246 
16247  nla_put_failure:
16248 	nlmsg_free(msg);
16249 }
16250 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
16251 
16252 static int __nl80211_rx_control_port(struct net_device *dev,
16253 				     struct sk_buff *skb,
16254 				     bool unencrypted, gfp_t gfp)
16255 {
16256 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16257 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16258 	struct ethhdr *ehdr = eth_hdr(skb);
16259 	const u8 *addr = ehdr->h_source;
16260 	u16 proto = be16_to_cpu(skb->protocol);
16261 	struct sk_buff *msg;
16262 	void *hdr;
16263 	struct nlattr *frame;
16264 
16265 	u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
16266 
16267 	if (!nlportid)
16268 		return -ENOENT;
16269 
16270 	msg = nlmsg_new(100 + skb->len, gfp);
16271 	if (!msg)
16272 		return -ENOMEM;
16273 
16274 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
16275 	if (!hdr) {
16276 		nlmsg_free(msg);
16277 		return -ENOBUFS;
16278 	}
16279 
16280 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16281 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16282 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16283 			      NL80211_ATTR_PAD) ||
16284 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16285 	    nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
16286 	    (unencrypted && nla_put_flag(msg,
16287 					 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
16288 		goto nla_put_failure;
16289 
16290 	frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
16291 	if (!frame)
16292 		goto nla_put_failure;
16293 
16294 	skb_copy_bits(skb, 0, nla_data(frame), skb->len);
16295 	genlmsg_end(msg, hdr);
16296 
16297 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16298 
16299  nla_put_failure:
16300 	nlmsg_free(msg);
16301 	return -ENOBUFS;
16302 }
16303 
16304 bool cfg80211_rx_control_port(struct net_device *dev,
16305 			      struct sk_buff *skb, bool unencrypted)
16306 {
16307 	int ret;
16308 
16309 	trace_cfg80211_rx_control_port(dev, skb, unencrypted);
16310 	ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
16311 	trace_cfg80211_return_bool(ret == 0);
16312 	return ret == 0;
16313 }
16314 EXPORT_SYMBOL(cfg80211_rx_control_port);
16315 
16316 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
16317 					    const char *mac, gfp_t gfp)
16318 {
16319 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16320 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16321 	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16322 	void **cb;
16323 
16324 	if (!msg)
16325 		return NULL;
16326 
16327 	cb = (void **)msg->cb;
16328 
16329 	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
16330 	if (!cb[0]) {
16331 		nlmsg_free(msg);
16332 		return NULL;
16333 	}
16334 
16335 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16336 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16337 		goto nla_put_failure;
16338 
16339 	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
16340 		goto nla_put_failure;
16341 
16342 	cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
16343 	if (!cb[1])
16344 		goto nla_put_failure;
16345 
16346 	cb[2] = rdev;
16347 
16348 	return msg;
16349  nla_put_failure:
16350 	nlmsg_free(msg);
16351 	return NULL;
16352 }
16353 
16354 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
16355 {
16356 	void **cb = (void **)msg->cb;
16357 	struct cfg80211_registered_device *rdev = cb[2];
16358 
16359 	nla_nest_end(msg, cb[1]);
16360 	genlmsg_end(msg, cb[0]);
16361 
16362 	memset(msg->cb, 0, sizeof(msg->cb));
16363 
16364 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16365 				NL80211_MCGRP_MLME, gfp);
16366 }
16367 
16368 void cfg80211_cqm_rssi_notify(struct net_device *dev,
16369 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
16370 			      s32 rssi_level, gfp_t gfp)
16371 {
16372 	struct sk_buff *msg;
16373 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16374 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16375 
16376 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
16377 
16378 	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
16379 		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
16380 		return;
16381 
16382 	if (wdev->cqm_config) {
16383 		wdev->cqm_config->last_rssi_event_value = rssi_level;
16384 
16385 		cfg80211_cqm_rssi_update(rdev, dev);
16386 
16387 		if (rssi_level == 0)
16388 			rssi_level = wdev->cqm_config->last_rssi_event_value;
16389 	}
16390 
16391 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
16392 	if (!msg)
16393 		return;
16394 
16395 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
16396 			rssi_event))
16397 		goto nla_put_failure;
16398 
16399 	if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
16400 				      rssi_level))
16401 		goto nla_put_failure;
16402 
16403 	cfg80211_send_cqm(msg, gfp);
16404 
16405 	return;
16406 
16407  nla_put_failure:
16408 	nlmsg_free(msg);
16409 }
16410 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
16411 
16412 void cfg80211_cqm_txe_notify(struct net_device *dev,
16413 			     const u8 *peer, u32 num_packets,
16414 			     u32 rate, u32 intvl, gfp_t gfp)
16415 {
16416 	struct sk_buff *msg;
16417 
16418 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
16419 	if (!msg)
16420 		return;
16421 
16422 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
16423 		goto nla_put_failure;
16424 
16425 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
16426 		goto nla_put_failure;
16427 
16428 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
16429 		goto nla_put_failure;
16430 
16431 	cfg80211_send_cqm(msg, gfp);
16432 	return;
16433 
16434  nla_put_failure:
16435 	nlmsg_free(msg);
16436 }
16437 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
16438 
16439 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
16440 				 const u8 *peer, u32 num_packets, gfp_t gfp)
16441 {
16442 	struct sk_buff *msg;
16443 
16444 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
16445 
16446 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
16447 	if (!msg)
16448 		return;
16449 
16450 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
16451 		goto nla_put_failure;
16452 
16453 	cfg80211_send_cqm(msg, gfp);
16454 	return;
16455 
16456  nla_put_failure:
16457 	nlmsg_free(msg);
16458 }
16459 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
16460 
16461 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
16462 {
16463 	struct sk_buff *msg;
16464 
16465 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
16466 	if (!msg)
16467 		return;
16468 
16469 	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
16470 		goto nla_put_failure;
16471 
16472 	cfg80211_send_cqm(msg, gfp);
16473 	return;
16474 
16475  nla_put_failure:
16476 	nlmsg_free(msg);
16477 }
16478 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
16479 
16480 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
16481 				     struct net_device *netdev, const u8 *bssid,
16482 				     const u8 *replay_ctr, gfp_t gfp)
16483 {
16484 	struct sk_buff *msg;
16485 	struct nlattr *rekey_attr;
16486 	void *hdr;
16487 
16488 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16489 	if (!msg)
16490 		return;
16491 
16492 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
16493 	if (!hdr) {
16494 		nlmsg_free(msg);
16495 		return;
16496 	}
16497 
16498 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16499 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16500 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16501 		goto nla_put_failure;
16502 
16503 	rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
16504 	if (!rekey_attr)
16505 		goto nla_put_failure;
16506 
16507 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
16508 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
16509 		goto nla_put_failure;
16510 
16511 	nla_nest_end(msg, rekey_attr);
16512 
16513 	genlmsg_end(msg, hdr);
16514 
16515 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16516 				NL80211_MCGRP_MLME, gfp);
16517 	return;
16518 
16519  nla_put_failure:
16520 	nlmsg_free(msg);
16521 }
16522 
16523 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
16524 			       const u8 *replay_ctr, gfp_t gfp)
16525 {
16526 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16527 	struct wiphy *wiphy = wdev->wiphy;
16528 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16529 
16530 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
16531 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
16532 }
16533 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
16534 
16535 static void
16536 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
16537 			       struct net_device *netdev, int index,
16538 			       const u8 *bssid, bool preauth, gfp_t gfp)
16539 {
16540 	struct sk_buff *msg;
16541 	struct nlattr *attr;
16542 	void *hdr;
16543 
16544 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16545 	if (!msg)
16546 		return;
16547 
16548 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
16549 	if (!hdr) {
16550 		nlmsg_free(msg);
16551 		return;
16552 	}
16553 
16554 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16555 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16556 		goto nla_put_failure;
16557 
16558 	attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
16559 	if (!attr)
16560 		goto nla_put_failure;
16561 
16562 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
16563 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
16564 	    (preauth &&
16565 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
16566 		goto nla_put_failure;
16567 
16568 	nla_nest_end(msg, attr);
16569 
16570 	genlmsg_end(msg, hdr);
16571 
16572 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16573 				NL80211_MCGRP_MLME, gfp);
16574 	return;
16575 
16576  nla_put_failure:
16577 	nlmsg_free(msg);
16578 }
16579 
16580 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
16581 				     const u8 *bssid, bool preauth, gfp_t gfp)
16582 {
16583 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16584 	struct wiphy *wiphy = wdev->wiphy;
16585 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16586 
16587 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
16588 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
16589 }
16590 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
16591 
16592 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
16593 				     struct net_device *netdev,
16594 				     struct cfg80211_chan_def *chandef,
16595 				     gfp_t gfp,
16596 				     enum nl80211_commands notif,
16597 				     u8 count)
16598 {
16599 	struct sk_buff *msg;
16600 	void *hdr;
16601 
16602 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16603 	if (!msg)
16604 		return;
16605 
16606 	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
16607 	if (!hdr) {
16608 		nlmsg_free(msg);
16609 		return;
16610 	}
16611 
16612 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16613 		goto nla_put_failure;
16614 
16615 	if (nl80211_send_chandef(msg, chandef))
16616 		goto nla_put_failure;
16617 
16618 	if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
16619 	    (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
16620 			goto nla_put_failure;
16621 
16622 	genlmsg_end(msg, hdr);
16623 
16624 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16625 				NL80211_MCGRP_MLME, gfp);
16626 	return;
16627 
16628  nla_put_failure:
16629 	nlmsg_free(msg);
16630 }
16631 
16632 void cfg80211_ch_switch_notify(struct net_device *dev,
16633 			       struct cfg80211_chan_def *chandef)
16634 {
16635 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16636 	struct wiphy *wiphy = wdev->wiphy;
16637 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16638 
16639 	ASSERT_WDEV_LOCK(wdev);
16640 
16641 	trace_cfg80211_ch_switch_notify(dev, chandef);
16642 
16643 	wdev->chandef = *chandef;
16644 	wdev->preset_chandef = *chandef;
16645 
16646 	if (wdev->iftype == NL80211_IFTYPE_STATION &&
16647 	    !WARN_ON(!wdev->current_bss))
16648 		cfg80211_update_assoc_bss_entry(wdev, chandef->chan);
16649 
16650 	cfg80211_sched_dfs_chan_update(rdev);
16651 
16652 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16653 				 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
16654 }
16655 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
16656 
16657 void cfg80211_ch_switch_started_notify(struct net_device *dev,
16658 				       struct cfg80211_chan_def *chandef,
16659 				       u8 count)
16660 {
16661 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16662 	struct wiphy *wiphy = wdev->wiphy;
16663 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16664 
16665 	trace_cfg80211_ch_switch_started_notify(dev, chandef);
16666 
16667 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16668 				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
16669 }
16670 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
16671 
16672 void
16673 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
16674 		     const struct cfg80211_chan_def *chandef,
16675 		     enum nl80211_radar_event event,
16676 		     struct net_device *netdev, gfp_t gfp)
16677 {
16678 	struct sk_buff *msg;
16679 	void *hdr;
16680 
16681 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16682 	if (!msg)
16683 		return;
16684 
16685 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
16686 	if (!hdr) {
16687 		nlmsg_free(msg);
16688 		return;
16689 	}
16690 
16691 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16692 		goto nla_put_failure;
16693 
16694 	/* NOP and radar events don't need a netdev parameter */
16695 	if (netdev) {
16696 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
16697 
16698 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16699 		    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16700 				      NL80211_ATTR_PAD))
16701 			goto nla_put_failure;
16702 	}
16703 
16704 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
16705 		goto nla_put_failure;
16706 
16707 	if (nl80211_send_chandef(msg, chandef))
16708 		goto nla_put_failure;
16709 
16710 	genlmsg_end(msg, hdr);
16711 
16712 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16713 				NL80211_MCGRP_MLME, gfp);
16714 	return;
16715 
16716  nla_put_failure:
16717 	nlmsg_free(msg);
16718 }
16719 
16720 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
16721 				       struct sta_opmode_info *sta_opmode,
16722 				       gfp_t gfp)
16723 {
16724 	struct sk_buff *msg;
16725 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16726 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16727 	void *hdr;
16728 
16729 	if (WARN_ON(!mac))
16730 		return;
16731 
16732 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16733 	if (!msg)
16734 		return;
16735 
16736 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
16737 	if (!hdr) {
16738 		nlmsg_free(msg);
16739 		return;
16740 	}
16741 
16742 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16743 		goto nla_put_failure;
16744 
16745 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16746 		goto nla_put_failure;
16747 
16748 	if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
16749 		goto nla_put_failure;
16750 
16751 	if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
16752 	    nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
16753 		goto nla_put_failure;
16754 
16755 	if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
16756 	    nla_put_u8(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
16757 		goto nla_put_failure;
16758 
16759 	if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
16760 	    nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
16761 		goto nla_put_failure;
16762 
16763 	genlmsg_end(msg, hdr);
16764 
16765 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16766 				NL80211_MCGRP_MLME, gfp);
16767 
16768 	return;
16769 
16770 nla_put_failure:
16771 	nlmsg_free(msg);
16772 }
16773 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
16774 
16775 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
16776 			   u64 cookie, bool acked, s32 ack_signal,
16777 			   bool is_valid_ack_signal, gfp_t gfp)
16778 {
16779 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16780 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16781 	struct sk_buff *msg;
16782 	void *hdr;
16783 
16784 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
16785 
16786 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16787 
16788 	if (!msg)
16789 		return;
16790 
16791 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
16792 	if (!hdr) {
16793 		nlmsg_free(msg);
16794 		return;
16795 	}
16796 
16797 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16798 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16799 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16800 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16801 			      NL80211_ATTR_PAD) ||
16802 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
16803 	    (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
16804 						ack_signal)))
16805 		goto nla_put_failure;
16806 
16807 	genlmsg_end(msg, hdr);
16808 
16809 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16810 				NL80211_MCGRP_MLME, gfp);
16811 	return;
16812 
16813  nla_put_failure:
16814 	nlmsg_free(msg);
16815 }
16816 EXPORT_SYMBOL(cfg80211_probe_status);
16817 
16818 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
16819 				 const u8 *frame, size_t len,
16820 				 int freq, int sig_dbm)
16821 {
16822 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16823 	struct sk_buff *msg;
16824 	void *hdr;
16825 	struct cfg80211_beacon_registration *reg;
16826 
16827 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
16828 
16829 	spin_lock_bh(&rdev->beacon_registrations_lock);
16830 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
16831 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
16832 		if (!msg) {
16833 			spin_unlock_bh(&rdev->beacon_registrations_lock);
16834 			return;
16835 		}
16836 
16837 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16838 		if (!hdr)
16839 			goto nla_put_failure;
16840 
16841 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16842 		    (freq &&
16843 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
16844 		    (sig_dbm &&
16845 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16846 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
16847 			goto nla_put_failure;
16848 
16849 		genlmsg_end(msg, hdr);
16850 
16851 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
16852 	}
16853 	spin_unlock_bh(&rdev->beacon_registrations_lock);
16854 	return;
16855 
16856  nla_put_failure:
16857 	spin_unlock_bh(&rdev->beacon_registrations_lock);
16858 	nlmsg_free(msg);
16859 }
16860 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
16861 
16862 #ifdef CONFIG_PM
16863 static int cfg80211_net_detect_results(struct sk_buff *msg,
16864 				       struct cfg80211_wowlan_wakeup *wakeup)
16865 {
16866 	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
16867 	struct nlattr *nl_results, *nl_match, *nl_freqs;
16868 	int i, j;
16869 
16870 	nl_results = nla_nest_start_noflag(msg,
16871 					   NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
16872 	if (!nl_results)
16873 		return -EMSGSIZE;
16874 
16875 	for (i = 0; i < nd->n_matches; i++) {
16876 		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
16877 
16878 		nl_match = nla_nest_start_noflag(msg, i);
16879 		if (!nl_match)
16880 			break;
16881 
16882 		/* The SSID attribute is optional in nl80211, but for
16883 		 * simplicity reasons it's always present in the
16884 		 * cfg80211 structure.  If a driver can't pass the
16885 		 * SSID, that needs to be changed.  A zero length SSID
16886 		 * is still a valid SSID (wildcard), so it cannot be
16887 		 * used for this purpose.
16888 		 */
16889 		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
16890 			    match->ssid.ssid)) {
16891 			nla_nest_cancel(msg, nl_match);
16892 			goto out;
16893 		}
16894 
16895 		if (match->n_channels) {
16896 			nl_freqs = nla_nest_start_noflag(msg,
16897 							 NL80211_ATTR_SCAN_FREQUENCIES);
16898 			if (!nl_freqs) {
16899 				nla_nest_cancel(msg, nl_match);
16900 				goto out;
16901 			}
16902 
16903 			for (j = 0; j < match->n_channels; j++) {
16904 				if (nla_put_u32(msg, j, match->channels[j])) {
16905 					nla_nest_cancel(msg, nl_freqs);
16906 					nla_nest_cancel(msg, nl_match);
16907 					goto out;
16908 				}
16909 			}
16910 
16911 			nla_nest_end(msg, nl_freqs);
16912 		}
16913 
16914 		nla_nest_end(msg, nl_match);
16915 	}
16916 
16917 out:
16918 	nla_nest_end(msg, nl_results);
16919 	return 0;
16920 }
16921 
16922 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
16923 				   struct cfg80211_wowlan_wakeup *wakeup,
16924 				   gfp_t gfp)
16925 {
16926 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16927 	struct sk_buff *msg;
16928 	void *hdr;
16929 	int size = 200;
16930 
16931 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
16932 
16933 	if (wakeup)
16934 		size += wakeup->packet_present_len;
16935 
16936 	msg = nlmsg_new(size, gfp);
16937 	if (!msg)
16938 		return;
16939 
16940 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
16941 	if (!hdr)
16942 		goto free_msg;
16943 
16944 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16945 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16946 			      NL80211_ATTR_PAD))
16947 		goto free_msg;
16948 
16949 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16950 					wdev->netdev->ifindex))
16951 		goto free_msg;
16952 
16953 	if (wakeup) {
16954 		struct nlattr *reasons;
16955 
16956 		reasons = nla_nest_start_noflag(msg,
16957 						NL80211_ATTR_WOWLAN_TRIGGERS);
16958 		if (!reasons)
16959 			goto free_msg;
16960 
16961 		if (wakeup->disconnect &&
16962 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
16963 			goto free_msg;
16964 		if (wakeup->magic_pkt &&
16965 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
16966 			goto free_msg;
16967 		if (wakeup->gtk_rekey_failure &&
16968 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
16969 			goto free_msg;
16970 		if (wakeup->eap_identity_req &&
16971 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
16972 			goto free_msg;
16973 		if (wakeup->four_way_handshake &&
16974 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
16975 			goto free_msg;
16976 		if (wakeup->rfkill_release &&
16977 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
16978 			goto free_msg;
16979 
16980 		if (wakeup->pattern_idx >= 0 &&
16981 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
16982 				wakeup->pattern_idx))
16983 			goto free_msg;
16984 
16985 		if (wakeup->tcp_match &&
16986 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
16987 			goto free_msg;
16988 
16989 		if (wakeup->tcp_connlost &&
16990 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
16991 			goto free_msg;
16992 
16993 		if (wakeup->tcp_nomoretokens &&
16994 		    nla_put_flag(msg,
16995 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
16996 			goto free_msg;
16997 
16998 		if (wakeup->packet) {
16999 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
17000 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
17001 
17002 			if (!wakeup->packet_80211) {
17003 				pkt_attr =
17004 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
17005 				len_attr =
17006 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
17007 			}
17008 
17009 			if (wakeup->packet_len &&
17010 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
17011 				goto free_msg;
17012 
17013 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
17014 				    wakeup->packet))
17015 				goto free_msg;
17016 		}
17017 
17018 		if (wakeup->net_detect &&
17019 		    cfg80211_net_detect_results(msg, wakeup))
17020 				goto free_msg;
17021 
17022 		nla_nest_end(msg, reasons);
17023 	}
17024 
17025 	genlmsg_end(msg, hdr);
17026 
17027 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17028 				NL80211_MCGRP_MLME, gfp);
17029 	return;
17030 
17031  free_msg:
17032 	nlmsg_free(msg);
17033 }
17034 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
17035 #endif
17036 
17037 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
17038 				enum nl80211_tdls_operation oper,
17039 				u16 reason_code, gfp_t gfp)
17040 {
17041 	struct wireless_dev *wdev = dev->ieee80211_ptr;
17042 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17043 	struct sk_buff *msg;
17044 	void *hdr;
17045 
17046 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
17047 					 reason_code);
17048 
17049 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17050 	if (!msg)
17051 		return;
17052 
17053 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
17054 	if (!hdr) {
17055 		nlmsg_free(msg);
17056 		return;
17057 	}
17058 
17059 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17060 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17061 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
17062 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
17063 	    (reason_code > 0 &&
17064 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
17065 		goto nla_put_failure;
17066 
17067 	genlmsg_end(msg, hdr);
17068 
17069 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17070 				NL80211_MCGRP_MLME, gfp);
17071 	return;
17072 
17073  nla_put_failure:
17074 	nlmsg_free(msg);
17075 }
17076 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
17077 
17078 static int nl80211_netlink_notify(struct notifier_block * nb,
17079 				  unsigned long state,
17080 				  void *_notify)
17081 {
17082 	struct netlink_notify *notify = _notify;
17083 	struct cfg80211_registered_device *rdev;
17084 	struct wireless_dev *wdev;
17085 	struct cfg80211_beacon_registration *reg, *tmp;
17086 
17087 	if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
17088 		return NOTIFY_DONE;
17089 
17090 	rcu_read_lock();
17091 
17092 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
17093 		struct cfg80211_sched_scan_request *sched_scan_req;
17094 
17095 		list_for_each_entry_rcu(sched_scan_req,
17096 					&rdev->sched_scan_req_list,
17097 					list) {
17098 			if (sched_scan_req->owner_nlportid == notify->portid) {
17099 				sched_scan_req->nl_owner_dead = true;
17100 				schedule_work(&rdev->sched_scan_stop_wk);
17101 			}
17102 		}
17103 
17104 		list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
17105 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
17106 
17107 			if (wdev->owner_nlportid == notify->portid) {
17108 				wdev->nl_owner_dead = true;
17109 				schedule_work(&rdev->destroy_work);
17110 			} else if (wdev->conn_owner_nlportid == notify->portid) {
17111 				schedule_work(&wdev->disconnect_wk);
17112 			}
17113 
17114 			cfg80211_release_pmsr(wdev, notify->portid);
17115 		}
17116 
17117 		spin_lock_bh(&rdev->beacon_registrations_lock);
17118 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
17119 					 list) {
17120 			if (reg->nlportid == notify->portid) {
17121 				list_del(&reg->list);
17122 				kfree(reg);
17123 				break;
17124 			}
17125 		}
17126 		spin_unlock_bh(&rdev->beacon_registrations_lock);
17127 	}
17128 
17129 	rcu_read_unlock();
17130 
17131 	/*
17132 	 * It is possible that the user space process that is controlling the
17133 	 * indoor setting disappeared, so notify the regulatory core.
17134 	 */
17135 	regulatory_netlink_notify(notify->portid);
17136 	return NOTIFY_OK;
17137 }
17138 
17139 static struct notifier_block nl80211_netlink_notifier = {
17140 	.notifier_call = nl80211_netlink_notify,
17141 };
17142 
17143 void cfg80211_ft_event(struct net_device *netdev,
17144 		       struct cfg80211_ft_event_params *ft_event)
17145 {
17146 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
17147 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17148 	struct sk_buff *msg;
17149 	void *hdr;
17150 
17151 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
17152 
17153 	if (!ft_event->target_ap)
17154 		return;
17155 
17156 	msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
17157 			GFP_KERNEL);
17158 	if (!msg)
17159 		return;
17160 
17161 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
17162 	if (!hdr)
17163 		goto out;
17164 
17165 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17166 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17167 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
17168 		goto out;
17169 
17170 	if (ft_event->ies &&
17171 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
17172 		goto out;
17173 	if (ft_event->ric_ies &&
17174 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
17175 		    ft_event->ric_ies))
17176 		goto out;
17177 
17178 	genlmsg_end(msg, hdr);
17179 
17180 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17181 				NL80211_MCGRP_MLME, GFP_KERNEL);
17182 	return;
17183  out:
17184 	nlmsg_free(msg);
17185 }
17186 EXPORT_SYMBOL(cfg80211_ft_event);
17187 
17188 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
17189 {
17190 	struct cfg80211_registered_device *rdev;
17191 	struct sk_buff *msg;
17192 	void *hdr;
17193 	u32 nlportid;
17194 
17195 	rdev = wiphy_to_rdev(wdev->wiphy);
17196 	if (!rdev->crit_proto_nlportid)
17197 		return;
17198 
17199 	nlportid = rdev->crit_proto_nlportid;
17200 	rdev->crit_proto_nlportid = 0;
17201 
17202 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17203 	if (!msg)
17204 		return;
17205 
17206 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
17207 	if (!hdr)
17208 		goto nla_put_failure;
17209 
17210 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17211 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17212 			      NL80211_ATTR_PAD))
17213 		goto nla_put_failure;
17214 
17215 	genlmsg_end(msg, hdr);
17216 
17217 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
17218 	return;
17219 
17220  nla_put_failure:
17221 	nlmsg_free(msg);
17222 }
17223 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
17224 
17225 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
17226 {
17227 	struct wiphy *wiphy = wdev->wiphy;
17228 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17229 	struct sk_buff *msg;
17230 	void *hdr;
17231 
17232 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17233 	if (!msg)
17234 		return;
17235 
17236 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
17237 	if (!hdr)
17238 		goto out;
17239 
17240 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17241 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
17242 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17243 			      NL80211_ATTR_PAD))
17244 		goto out;
17245 
17246 	genlmsg_end(msg, hdr);
17247 
17248 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
17249 				NL80211_MCGRP_MLME, GFP_KERNEL);
17250 	return;
17251  out:
17252 	nlmsg_free(msg);
17253 }
17254 
17255 int cfg80211_external_auth_request(struct net_device *dev,
17256 				   struct cfg80211_external_auth_params *params,
17257 				   gfp_t gfp)
17258 {
17259 	struct wireless_dev *wdev = dev->ieee80211_ptr;
17260 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17261 	struct sk_buff *msg;
17262 	void *hdr;
17263 
17264 	if (!wdev->conn_owner_nlportid)
17265 		return -EINVAL;
17266 
17267 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17268 	if (!msg)
17269 		return -ENOMEM;
17270 
17271 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
17272 	if (!hdr)
17273 		goto nla_put_failure;
17274 
17275 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17276 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17277 	    nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
17278 	    nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
17279 			params->action) ||
17280 	    nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
17281 	    nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
17282 		    params->ssid.ssid))
17283 		goto nla_put_failure;
17284 
17285 	genlmsg_end(msg, hdr);
17286 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
17287 			wdev->conn_owner_nlportid);
17288 	return 0;
17289 
17290  nla_put_failure:
17291 	nlmsg_free(msg);
17292 	return -ENOBUFS;
17293 }
17294 EXPORT_SYMBOL(cfg80211_external_auth_request);
17295 
17296 void cfg80211_update_owe_info_event(struct net_device *netdev,
17297 				    struct cfg80211_update_owe_info *owe_info,
17298 				    gfp_t gfp)
17299 {
17300 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
17301 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17302 	struct sk_buff *msg;
17303 	void *hdr;
17304 
17305 	trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
17306 
17307 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17308 	if (!msg)
17309 		return;
17310 
17311 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
17312 	if (!hdr)
17313 		goto nla_put_failure;
17314 
17315 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17316 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17317 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
17318 		goto nla_put_failure;
17319 
17320 	if (!owe_info->ie_len ||
17321 	    nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
17322 		goto nla_put_failure;
17323 
17324 	genlmsg_end(msg, hdr);
17325 
17326 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17327 				NL80211_MCGRP_MLME, gfp);
17328 	return;
17329 
17330 nla_put_failure:
17331 	genlmsg_cancel(msg, hdr);
17332 	nlmsg_free(msg);
17333 }
17334 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
17335 
17336 /* initialisation/exit functions */
17337 
17338 int __init nl80211_init(void)
17339 {
17340 	int err;
17341 
17342 	err = genl_register_family(&nl80211_fam);
17343 	if (err)
17344 		return err;
17345 
17346 	err = netlink_register_notifier(&nl80211_netlink_notifier);
17347 	if (err)
17348 		goto err_out;
17349 
17350 	return 0;
17351  err_out:
17352 	genl_unregister_family(&nl80211_fam);
17353 	return err;
17354 }
17355 
17356 void nl80211_exit(void)
17357 {
17358 	netlink_unregister_notifier(&nl80211_netlink_notifier);
17359 	genl_unregister_family(&nl80211_fam);
17360 }
17361