xref: /linux/net/wireless/nl80211.c (revision 67f9c312b0a7f4bc869376d2a68308e673235954) 
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * This is the new netlink-based wireless configuration interface.
4  *
5  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
6  * Copyright 2013-2014  Intel Mobile Communications GmbH
7  * Copyright 2015-2017	Intel Deutschland GmbH
8  * Copyright (C) 2018-2024 Intel Corporation
9  */
10 
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <linux/if_vlan.h>
24 #include <net/net_namespace.h>
25 #include <net/genetlink.h>
26 #include <net/cfg80211.h>
27 #include <net/sock.h>
28 #include <net/inet_connection_sock.h>
29 #include "core.h"
30 #include "nl80211.h"
31 #include "reg.h"
32 #include "rdev-ops.h"
33 
34 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
35 				   struct genl_info *info,
36 				   struct cfg80211_crypto_settings *settings,
37 				   int cipher_limit);
38 
39 /* the netlink family */
40 static struct genl_family nl80211_fam;
41 
42 /* multicast groups */
43 enum nl80211_multicast_groups {
44 	NL80211_MCGRP_CONFIG,
45 	NL80211_MCGRP_SCAN,
46 	NL80211_MCGRP_REGULATORY,
47 	NL80211_MCGRP_MLME,
48 	NL80211_MCGRP_VENDOR,
49 	NL80211_MCGRP_NAN,
50 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
51 };
52 
53 static const struct genl_multicast_group nl80211_mcgrps[] = {
54 	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
55 	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
56 	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
57 	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
58 	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
59 	[NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
60 #ifdef CONFIG_NL80211_TESTMODE
61 	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
62 #endif
63 };
64 
65 /* returns ERR_PTR values */
66 static struct wireless_dev *
67 __cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev,
68 			   struct net *netns, struct nlattr **attrs)
69 {
70 	struct wireless_dev *result = NULL;
71 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
72 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
73 	u64 wdev_id = 0;
74 	int wiphy_idx = -1;
75 	int ifidx = -1;
76 
77 	if (!have_ifidx && !have_wdev_id)
78 		return ERR_PTR(-EINVAL);
79 
80 	if (have_ifidx)
81 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82 	if (have_wdev_id) {
83 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84 		wiphy_idx = wdev_id >> 32;
85 	}
86 
87 	if (rdev) {
88 		struct wireless_dev *wdev;
89 
90 		lockdep_assert_held(&rdev->wiphy.mtx);
91 
92 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
93 			if (have_ifidx && wdev->netdev &&
94 			    wdev->netdev->ifindex == ifidx) {
95 				result = wdev;
96 				break;
97 			}
98 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
99 				result = wdev;
100 				break;
101 			}
102 		}
103 
104 		return result ?: ERR_PTR(-ENODEV);
105 	}
106 
107 	ASSERT_RTNL();
108 
109 	for_each_rdev(rdev) {
110 		struct wireless_dev *wdev;
111 
112 		if (wiphy_net(&rdev->wiphy) != netns)
113 			continue;
114 
115 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
116 			continue;
117 
118 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
119 			if (have_ifidx && wdev->netdev &&
120 			    wdev->netdev->ifindex == ifidx) {
121 				result = wdev;
122 				break;
123 			}
124 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
125 				result = wdev;
126 				break;
127 			}
128 		}
129 
130 		if (result)
131 			break;
132 	}
133 
134 	if (result)
135 		return result;
136 	return ERR_PTR(-ENODEV);
137 }
138 
139 static struct cfg80211_registered_device *
140 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
141 {
142 	struct cfg80211_registered_device *rdev = NULL, *tmp;
143 	struct net_device *netdev;
144 
145 	ASSERT_RTNL();
146 
147 	if (!attrs[NL80211_ATTR_WIPHY] &&
148 	    !attrs[NL80211_ATTR_IFINDEX] &&
149 	    !attrs[NL80211_ATTR_WDEV])
150 		return ERR_PTR(-EINVAL);
151 
152 	if (attrs[NL80211_ATTR_WIPHY])
153 		rdev = cfg80211_rdev_by_wiphy_idx(
154 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
155 
156 	if (attrs[NL80211_ATTR_WDEV]) {
157 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
158 		struct wireless_dev *wdev;
159 		bool found = false;
160 
161 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
162 		if (tmp) {
163 			/* make sure wdev exists */
164 			list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
165 				if (wdev->identifier != (u32)wdev_id)
166 					continue;
167 				found = true;
168 				break;
169 			}
170 
171 			if (!found)
172 				tmp = NULL;
173 
174 			if (rdev && tmp != rdev)
175 				return ERR_PTR(-EINVAL);
176 			rdev = tmp;
177 		}
178 	}
179 
180 	if (attrs[NL80211_ATTR_IFINDEX]) {
181 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
182 
183 		netdev = __dev_get_by_index(netns, ifindex);
184 		if (netdev) {
185 			if (netdev->ieee80211_ptr)
186 				tmp = wiphy_to_rdev(
187 					netdev->ieee80211_ptr->wiphy);
188 			else
189 				tmp = NULL;
190 
191 			/* not wireless device -- return error */
192 			if (!tmp)
193 				return ERR_PTR(-EINVAL);
194 
195 			/* mismatch -- return error */
196 			if (rdev && tmp != rdev)
197 				return ERR_PTR(-EINVAL);
198 
199 			rdev = tmp;
200 		}
201 	}
202 
203 	if (!rdev)
204 		return ERR_PTR(-ENODEV);
205 
206 	if (netns != wiphy_net(&rdev->wiphy))
207 		return ERR_PTR(-ENODEV);
208 
209 	return rdev;
210 }
211 
212 /*
213  * This function returns a pointer to the driver
214  * that the genl_info item that is passed refers to.
215  *
216  * The result of this can be a PTR_ERR and hence must
217  * be checked with IS_ERR() for errors.
218  */
219 static struct cfg80211_registered_device *
220 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
221 {
222 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
223 }
224 
225 static int validate_beacon_head(const struct nlattr *attr,
226 				struct netlink_ext_ack *extack)
227 {
228 	const u8 *data = nla_data(attr);
229 	unsigned int len = nla_len(attr);
230 	const struct element *elem;
231 	const struct ieee80211_mgmt *mgmt = (void *)data;
232 	unsigned int fixedlen, hdrlen;
233 	bool s1g_bcn;
234 
235 	if (len < offsetofend(typeof(*mgmt), frame_control))
236 		goto err;
237 
238 	s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
239 	if (s1g_bcn) {
240 		fixedlen = offsetof(struct ieee80211_ext,
241 				    u.s1g_beacon.variable);
242 		hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
243 	} else {
244 		fixedlen = offsetof(struct ieee80211_mgmt,
245 				    u.beacon.variable);
246 		hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
247 	}
248 
249 	if (len < fixedlen)
250 		goto err;
251 
252 	if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
253 		goto err;
254 
255 	data += fixedlen;
256 	len -= fixedlen;
257 
258 	for_each_element(elem, data, len) {
259 		/* nothing */
260 	}
261 
262 	if (for_each_element_completed(elem, data, len))
263 		return 0;
264 
265 err:
266 	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
267 	return -EINVAL;
268 }
269 
270 static int validate_ie_attr(const struct nlattr *attr,
271 			    struct netlink_ext_ack *extack)
272 {
273 	const u8 *data = nla_data(attr);
274 	unsigned int len = nla_len(attr);
275 	const struct element *elem;
276 
277 	for_each_element(elem, data, len) {
278 		/* nothing */
279 	}
280 
281 	if (for_each_element_completed(elem, data, len))
282 		return 0;
283 
284 	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
285 	return -EINVAL;
286 }
287 
288 static int validate_he_capa(const struct nlattr *attr,
289 			    struct netlink_ext_ack *extack)
290 {
291 	if (!ieee80211_he_capa_size_ok(nla_data(attr), nla_len(attr)))
292 		return -EINVAL;
293 
294 	return 0;
295 }
296 
297 /* policy for the attributes */
298 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
299 
300 static const struct nla_policy
301 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
302 	[NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
303 	[NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
304 					.len = U8_MAX },
305 	[NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
306 					     .len = U8_MAX },
307 };
308 
309 static const struct nla_policy
310 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
311 	[NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
312 	[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
313 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
314 		NLA_POLICY_MAX(NLA_U8, 15),
315 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
316 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
317 		NLA_POLICY_MAX(NLA_U8, 15),
318 	[NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
319 		NLA_POLICY_MAX(NLA_U8, 31),
320 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
321 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
322 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
323 	[NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
324 	[NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
325 	[NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG },
326 	[NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR] = { .type = NLA_U8 },
327 };
328 
329 static const struct nla_policy
330 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
331 	[NL80211_PMSR_TYPE_FTM] =
332 		NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
333 };
334 
335 static const struct nla_policy
336 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
337 	[NL80211_PMSR_REQ_ATTR_DATA] =
338 		NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
339 	[NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
340 };
341 
342 static const struct nla_policy
343 nl80211_pmsr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
344 	[NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
345 	[NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
346 	[NL80211_PMSR_PEER_ATTR_REQ] =
347 		NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
348 	[NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
349 };
350 
351 static const struct nla_policy
352 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
353 	[NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
354 	[NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
355 	[NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
356 	[NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
357 	[NL80211_PMSR_ATTR_PEERS] =
358 		NLA_POLICY_NESTED_ARRAY(nl80211_pmsr_peer_attr_policy),
359 };
360 
361 static const struct nla_policy
362 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
363 	[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
364 		NLA_POLICY_RANGE(NLA_U8, 1, 20),
365 	[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
366 		NLA_POLICY_RANGE(NLA_U8, 1, 20),
367 	[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
368 		NLA_POLICY_RANGE(NLA_U8, 1, 20),
369 	[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
370 		NLA_POLICY_EXACT_LEN(8),
371 	[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
372 		NLA_POLICY_EXACT_LEN(8),
373 	[NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
374 };
375 
376 static const struct nla_policy
377 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
378 	[NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
379 	[NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
380 	[NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
381 };
382 
383 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
384 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
385 				    .len = NL80211_MAX_SUPP_RATES },
386 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
387 				.len = NL80211_MAX_SUPP_HT_RATES },
388 	[NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
389 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
390 	[NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
391 	[NL80211_TXRATE_HE_GI] =  NLA_POLICY_RANGE(NLA_U8,
392 						   NL80211_RATE_INFO_HE_GI_0_8,
393 						   NL80211_RATE_INFO_HE_GI_3_2),
394 	[NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
395 						   NL80211_RATE_INFO_HE_1XLTF,
396 						   NL80211_RATE_INFO_HE_4XLTF),
397 };
398 
399 static const struct nla_policy
400 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
401 	[NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
402 	[NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
403 	[NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
404 	[NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
405 	[NL80211_TID_CONFIG_ATTR_NOACK] =
406 			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
407 	[NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
408 	[NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
409 	[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
410 			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
411 	[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
412 			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
413 	[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
414 			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
415 	[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
416 			NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
417 	[NL80211_TID_CONFIG_ATTR_TX_RATE] =
418 			NLA_POLICY_NESTED(nl80211_txattr_policy),
419 };
420 
421 static const struct nla_policy
422 nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
423 	[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
424 	[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
425 	[NL80211_FILS_DISCOVERY_ATTR_TMPL] =
426 			NLA_POLICY_RANGE(NLA_BINARY,
427 					 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
428 					 IEEE80211_MAX_DATA_LEN),
429 };
430 
431 static const struct nla_policy
432 nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
433 	[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
434 	[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
435 						       .len = IEEE80211_MAX_DATA_LEN }
436 };
437 
438 static const struct nla_policy
439 sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
440 	[NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
441 	[NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
442 };
443 
444 static const struct nla_policy
445 sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
446 	[NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
447 	[NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
448 };
449 
450 static const struct nla_policy
451 nl80211_mbssid_config_policy[NL80211_MBSSID_CONFIG_ATTR_MAX + 1] = {
452 	[NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES] = NLA_POLICY_MIN(NLA_U8, 2),
453 	[NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY] =
454 						NLA_POLICY_MIN(NLA_U8, 1),
455 	[NL80211_MBSSID_CONFIG_ATTR_INDEX] = { .type = NLA_U8 },
456 	[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX] = { .type = NLA_U32 },
457 	[NL80211_MBSSID_CONFIG_ATTR_EMA] = { .type = NLA_FLAG },
458 };
459 
460 static const struct nla_policy
461 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
462 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
463 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
464 };
465 
466 static const struct netlink_range_validation nl80211_punct_bitmap_range = {
467 	.min = 0,
468 	.max = 0xffff,
469 };
470 
471 static const struct netlink_range_validation q_range = {
472 	.max = INT_MAX,
473 };
474 
475 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
476 	[0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
477 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
478 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
479 				      .len = 20-1 },
480 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
481 
482 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
483 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
484 	[NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
485 						NL80211_EDMG_CHANNELS_MIN,
486 						NL80211_EDMG_CHANNELS_MAX),
487 	[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
488 						NL80211_EDMG_BW_CONFIG_MIN,
489 						NL80211_EDMG_BW_CONFIG_MAX),
490 
491 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
492 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
493 	[NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
494 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
495 
496 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
497 	[NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
498 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
499 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
500 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
501 	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
502 
503 	[NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
504 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
505 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
506 
507 	[NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
508 	[NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
509 
510 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
511 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
512 				    .len = WLAN_MAX_KEY_LEN },
513 	[NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
514 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
515 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
516 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
517 	[NL80211_ATTR_KEY_TYPE] =
518 		NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
519 
520 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
521 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
522 	[NL80211_ATTR_BEACON_HEAD] =
523 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
524 				       IEEE80211_MAX_DATA_LEN),
525 	[NL80211_ATTR_BEACON_TAIL] =
526 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
527 				       IEEE80211_MAX_DATA_LEN),
528 	[NL80211_ATTR_STA_AID] =
529 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
530 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
531 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
532 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
533 					       .len = NL80211_MAX_SUPP_RATES },
534 	[NL80211_ATTR_STA_PLINK_ACTION] =
535 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
536 	[NL80211_ATTR_STA_TX_POWER_SETTING] =
537 		NLA_POLICY_RANGE(NLA_U8,
538 				 NL80211_TX_POWER_AUTOMATIC,
539 				 NL80211_TX_POWER_FIXED),
540 	[NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
541 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
542 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
543 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
544 				   .len = IEEE80211_MAX_MESH_ID_LEN },
545 	[NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
546 
547 	/* allow 3 for NUL-termination, we used to declare this NLA_STRING */
548 	[NL80211_ATTR_REG_ALPHA2] = NLA_POLICY_RANGE(NLA_BINARY, 2, 3),
549 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
550 
551 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
552 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
553 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
554 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
555 					   .len = NL80211_MAX_SUPP_RATES },
556 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
557 
558 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
559 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
560 
561 	[NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
562 
563 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
564 	[NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
565 						   validate_ie_attr,
566 						   IEEE80211_MAX_DATA_LEN),
567 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
568 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
569 
570 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
571 				.len = IEEE80211_MAX_SSID_LEN },
572 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
573 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
574 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
575 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
576 	[NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
577 						  NL80211_MFP_NO,
578 						  NL80211_MFP_OPTIONAL),
579 	[NL80211_ATTR_STA_FLAGS2] =
580 		NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_sta_flag_update)),
581 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
582 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
583 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
584 	[NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
585 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
586 	[NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
587 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
588 	[NL80211_ATTR_WPA_VERSIONS] =
589 		NLA_POLICY_RANGE(NLA_U32, 0,
590 				 NL80211_WPA_VERSION_1 |
591 				 NL80211_WPA_VERSION_2 |
592 				 NL80211_WPA_VERSION_3),
593 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
594 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
595 	[NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
596 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
597 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
598 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
599 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
600 				 .len = IEEE80211_MAX_DATA_LEN },
601 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
602 	[NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
603 						   NL80211_PS_DISABLED,
604 						   NL80211_PS_ENABLED),
605 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
606 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
607 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
608 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
609 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
610 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
611 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
612 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
613 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
614 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
615 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
616 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
617 	[NL80211_ATTR_STA_PLINK_STATE] =
618 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
619 	[NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
620 	[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
621 	[NL80211_ATTR_MESH_PEER_AID] =
622 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
623 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
624 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
625 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
626 	[NL80211_ATTR_HIDDEN_SSID] =
627 		NLA_POLICY_RANGE(NLA_U32,
628 				 NL80211_HIDDEN_SSID_NOT_IN_USE,
629 				 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
630 	[NL80211_ATTR_IE_PROBE_RESP] =
631 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
632 				       IEEE80211_MAX_DATA_LEN),
633 	[NL80211_ATTR_IE_ASSOC_RESP] =
634 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
635 				       IEEE80211_MAX_DATA_LEN),
636 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
637 	[NL80211_ATTR_STA_WME] = NLA_POLICY_NESTED(nl80211_sta_wme_policy),
638 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
639 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
640 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
641 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
642 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
643 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
644 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
645 	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
646 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
647 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
648 				      .len = IEEE80211_MAX_DATA_LEN },
649 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
650 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
651 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
652 		.len = NL80211_HT_CAPABILITY_LEN
653 	},
654 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
655 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
656 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
657 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
658 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
659 
660 	/* need to include at least Auth Transaction and Status Code */
661 	[NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
662 
663 	[NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
664 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
665 	[NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
666 	[NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
667 	[NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
668 		NLA_POLICY_RANGE(NLA_U32,
669 				 NL80211_MESH_POWER_UNKNOWN + 1,
670 				 NL80211_MESH_POWER_MAX),
671 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
672 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
673 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
674 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
675 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
676 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
677 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
678 		.len = NL80211_VHT_CAPABILITY_LEN,
679 	},
680 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
681 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
682 				  .len = IEEE80211_MAX_DATA_LEN },
683 	[NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
684 	[NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
685 		NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
686 	[NL80211_ATTR_PEER_AID] =
687 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
688 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
689 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
690 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
691 	[NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
692 	[NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
693 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
694 	/*
695 	 * The value of the Length field of the Supported Operating
696 	 * Classes element is between 2 and 253.
697 	 */
698 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
699 		NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
700 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
701 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
702 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
703 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
704 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
705 	[NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
706 						  IEEE80211_QOS_MAP_LEN_MIN,
707 						  IEEE80211_QOS_MAP_LEN_MAX),
708 	[NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
709 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
710 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
711 	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
712 	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
713 	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
714 	[NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
715 	[NL80211_ATTR_USER_PRIO] =
716 		NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
717 	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
718 	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
719 	[NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
720 	[NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
721 	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
722 	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
723 	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
724 	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
725 	[NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
726 	[NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
727 	[NL80211_ATTR_STA_SUPPORT_P2P_PS] =
728 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
729 	[NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
730 		.len = VHT_MUMIMO_GROUPS_DATA_LEN
731 	},
732 	[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
733 	[NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
734 	[NL80211_ATTR_BANDS] = { .type = NLA_U32 },
735 	[NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
736 	[NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
737 				    .len = FILS_MAX_KEK_LEN },
738 	[NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
739 	[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
740 	[NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
741 	[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
742 	[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
743 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
744 	},
745 	[NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
746 	[NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
747 					     .len = FILS_ERP_MAX_USERNAME_LEN },
748 	[NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
749 					  .len = FILS_ERP_MAX_REALM_LEN },
750 	[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
751 	[NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
752 					.len = FILS_ERP_MAX_RRK_LEN },
753 	[NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
754 	[NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
755 	[NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
756 	[NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
757 	[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
758 
759 	[NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
760 	[NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
761 	[NL80211_ATTR_TXQ_QUANTUM] = NLA_POLICY_FULL_RANGE(NLA_U32, &q_range),
762 	[NL80211_ATTR_HE_CAPABILITY] =
763 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_he_capa,
764 				       NL80211_HE_MAX_CAPABILITY_LEN),
765 	[NL80211_ATTR_FTM_RESPONDER] =
766 		NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
767 	[NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
768 	[NL80211_ATTR_PEER_MEASUREMENTS] =
769 		NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
770 	[NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
771 	[NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
772 					.len = SAE_PASSWORD_MAX_LEN },
773 	[NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
774 	[NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
775 	[NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
776 	[NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
777 	[NL80211_ATTR_TID_CONFIG] =
778 		NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
779 	[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
780 	[NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
781 	[NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
782 	[NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
783 	[NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
784 	[NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
785 	[NL80211_ATTR_HE_6GHZ_CAPABILITY] =
786 		NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
787 	[NL80211_ATTR_FILS_DISCOVERY] =
788 		NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
789 	[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
790 		NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
791 	[NL80211_ATTR_S1G_CAPABILITY] =
792 		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
793 	[NL80211_ATTR_S1G_CAPABILITY_MASK] =
794 		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
795 	[NL80211_ATTR_SAE_PWE] =
796 		NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
797 				 NL80211_SAE_PWE_BOTH),
798 	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
799 	[NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
800 	[NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG },
801 	[NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 },
802 	[NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 },
803 	[NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 },
804 	[NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy),
805 	[NL80211_ATTR_MBSSID_CONFIG] =
806 			NLA_POLICY_NESTED(nl80211_mbssid_config_policy),
807 	[NL80211_ATTR_MBSSID_ELEMS] = { .type = NLA_NESTED },
808 	[NL80211_ATTR_RADAR_BACKGROUND] = { .type = NLA_FLAG },
809 	[NL80211_ATTR_AP_SETTINGS_FLAGS] = { .type = NLA_U32 },
810 	[NL80211_ATTR_EHT_CAPABILITY] =
811 		NLA_POLICY_RANGE(NLA_BINARY,
812 				 NL80211_EHT_MIN_CAPABILITY_LEN,
813 				 NL80211_EHT_MAX_CAPABILITY_LEN),
814 	[NL80211_ATTR_DISABLE_EHT] = { .type = NLA_FLAG },
815 	[NL80211_ATTR_MLO_LINKS] =
816 		NLA_POLICY_NESTED_ARRAY(nl80211_policy),
817 	[NL80211_ATTR_MLO_LINK_ID] =
818 		NLA_POLICY_RANGE(NLA_U8, 0, IEEE80211_MLD_MAX_NUM_LINKS),
819 	[NL80211_ATTR_MLD_ADDR] = NLA_POLICY_EXACT_LEN(ETH_ALEN),
820 	[NL80211_ATTR_MLO_SUPPORT] = { .type = NLA_FLAG },
821 	[NL80211_ATTR_MAX_NUM_AKM_SUITES] = { .type = NLA_REJECT },
822 	[NL80211_ATTR_PUNCT_BITMAP] =
823 		NLA_POLICY_FULL_RANGE(NLA_U32, &nl80211_punct_bitmap_range),
824 
825 	[NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS] = { .type = NLA_U16 },
826 	[NL80211_ATTR_HW_TIMESTAMP_ENABLED] = { .type = NLA_FLAG },
827 	[NL80211_ATTR_EMA_RNR_ELEMS] = { .type = NLA_NESTED },
828 	[NL80211_ATTR_MLO_LINK_DISABLED] = { .type = NLA_FLAG },
829 	[NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA] = { .type = NLA_FLAG },
830 	[NL80211_ATTR_MLO_TTLM_DLINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
831 	[NL80211_ATTR_MLO_TTLM_ULINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
832 	[NL80211_ATTR_ASSOC_SPP_AMSDU] = { .type = NLA_FLAG },
833 };
834 
835 /* policy for the key attributes */
836 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
837 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
838 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
839 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
840 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
841 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
842 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
843 	[NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
844 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
845 	[NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
846 };
847 
848 /* policy for the key default flags */
849 static const struct nla_policy
850 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
851 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
852 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
853 };
854 
855 #ifdef CONFIG_PM
856 /* policy for WoWLAN attributes */
857 static const struct nla_policy
858 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
859 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
860 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
861 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
862 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
863 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
864 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
865 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
866 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
867 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
868 	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
869 };
870 
871 static const struct nla_policy
872 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
873 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
874 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
875 	[NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
876 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
877 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
878 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
879 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
880 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
881 	},
882 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
883 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
884 	},
885 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
886 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
887 	[NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
888 };
889 #endif /* CONFIG_PM */
890 
891 /* policy for coalesce rule attributes */
892 static const struct nla_policy
893 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
894 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
895 	[NL80211_ATTR_COALESCE_RULE_CONDITION] =
896 		NLA_POLICY_RANGE(NLA_U32,
897 				 NL80211_COALESCE_CONDITION_MATCH,
898 				 NL80211_COALESCE_CONDITION_NO_MATCH),
899 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
900 };
901 
902 /* policy for GTK rekey offload attributes */
903 static const struct nla_policy
904 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
905 	[NL80211_REKEY_DATA_KEK] = {
906 		.type = NLA_BINARY,
907 		.len = NL80211_KEK_EXT_LEN
908 	},
909 	[NL80211_REKEY_DATA_KCK] = {
910 		.type = NLA_BINARY,
911 		.len = NL80211_KCK_EXT_LEN_32
912 	},
913 	[NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
914 	[NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
915 };
916 
917 static const struct nla_policy
918 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
919 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
920 						 .len = IEEE80211_MAX_SSID_LEN },
921 	[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
922 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
923 };
924 
925 static const struct nla_policy
926 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
927 	[NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
928 	[NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
929 };
930 
931 static const struct nla_policy
932 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
933 	[NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
934 	[NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
935 	[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
936 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
937 	},
938 };
939 
940 /* policy for NAN function attributes */
941 static const struct nla_policy
942 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
943 	[NL80211_NAN_FUNC_TYPE] =
944 		NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
945 	[NL80211_NAN_FUNC_SERVICE_ID] = {
946 				    .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
947 	[NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
948 	[NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
949 	[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
950 	[NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
951 	[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
952 	[NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
953 	[NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
954 	[NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
955 	[NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
956 			.len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
957 	[NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
958 	[NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
959 	[NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
960 	[NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
961 	[NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
962 };
963 
964 /* policy for Service Response Filter attributes */
965 static const struct nla_policy
966 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
967 	[NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
968 	[NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
969 				 .len =  NL80211_NAN_FUNC_SRF_MAX_LEN },
970 	[NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
971 	[NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
972 };
973 
974 /* policy for packet pattern attributes */
975 static const struct nla_policy
976 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
977 	[NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
978 	[NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
979 	[NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
980 };
981 
982 static int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
983 				     struct cfg80211_registered_device **rdev,
984 				     struct wireless_dev **wdev,
985 				     struct nlattr **attrbuf)
986 {
987 	int err;
988 
989 	if (!cb->args[0]) {
990 		struct nlattr **attrbuf_free = NULL;
991 
992 		if (!attrbuf) {
993 			attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
994 					  GFP_KERNEL);
995 			if (!attrbuf)
996 				return -ENOMEM;
997 			attrbuf_free = attrbuf;
998 		}
999 
1000 		err = nlmsg_parse_deprecated(cb->nlh,
1001 					     GENL_HDRLEN + nl80211_fam.hdrsize,
1002 					     attrbuf, nl80211_fam.maxattr,
1003 					     nl80211_policy, NULL);
1004 		if (err) {
1005 			kfree(attrbuf_free);
1006 			return err;
1007 		}
1008 
1009 		rtnl_lock();
1010 		*wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk),
1011 						   attrbuf);
1012 		kfree(attrbuf_free);
1013 		if (IS_ERR(*wdev)) {
1014 			rtnl_unlock();
1015 			return PTR_ERR(*wdev);
1016 		}
1017 		*rdev = wiphy_to_rdev((*wdev)->wiphy);
1018 		mutex_lock(&(*rdev)->wiphy.mtx);
1019 		rtnl_unlock();
1020 		/* 0 is the first index - add 1 to parse only once */
1021 		cb->args[0] = (*rdev)->wiphy_idx + 1;
1022 		cb->args[1] = (*wdev)->identifier;
1023 	} else {
1024 		/* subtract the 1 again here */
1025 		struct wiphy *wiphy;
1026 		struct wireless_dev *tmp;
1027 
1028 		rtnl_lock();
1029 		wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
1030 		if (!wiphy) {
1031 			rtnl_unlock();
1032 			return -ENODEV;
1033 		}
1034 		*rdev = wiphy_to_rdev(wiphy);
1035 		*wdev = NULL;
1036 
1037 		list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
1038 			if (tmp->identifier == cb->args[1]) {
1039 				*wdev = tmp;
1040 				break;
1041 			}
1042 		}
1043 
1044 		if (!*wdev) {
1045 			rtnl_unlock();
1046 			return -ENODEV;
1047 		}
1048 		mutex_lock(&(*rdev)->wiphy.mtx);
1049 		rtnl_unlock();
1050 	}
1051 
1052 	return 0;
1053 }
1054 
1055 /* message building helper */
1056 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
1057 		     int flags, u8 cmd)
1058 {
1059 	/* since there is no private header just add the generic one */
1060 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
1061 }
1062 
1063 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
1064 				     const struct ieee80211_reg_rule *rule)
1065 {
1066 	int j;
1067 	struct nlattr *nl_wmm_rules =
1068 		nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
1069 
1070 	if (!nl_wmm_rules)
1071 		goto nla_put_failure;
1072 
1073 	for (j = 0; j < IEEE80211_NUM_ACS; j++) {
1074 		struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
1075 
1076 		if (!nl_wmm_rule)
1077 			goto nla_put_failure;
1078 
1079 		if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
1080 				rule->wmm_rule.client[j].cw_min) ||
1081 		    nla_put_u16(msg, NL80211_WMMR_CW_MAX,
1082 				rule->wmm_rule.client[j].cw_max) ||
1083 		    nla_put_u8(msg, NL80211_WMMR_AIFSN,
1084 			       rule->wmm_rule.client[j].aifsn) ||
1085 		    nla_put_u16(msg, NL80211_WMMR_TXOP,
1086 			        rule->wmm_rule.client[j].cot))
1087 			goto nla_put_failure;
1088 
1089 		nla_nest_end(msg, nl_wmm_rule);
1090 	}
1091 	nla_nest_end(msg, nl_wmm_rules);
1092 
1093 	return 0;
1094 
1095 nla_put_failure:
1096 	return -ENOBUFS;
1097 }
1098 
1099 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
1100 				   struct ieee80211_channel *chan,
1101 				   bool large)
1102 {
1103 	/* Some channels must be completely excluded from the
1104 	 * list to protect old user-space tools from breaking
1105 	 */
1106 	if (!large && chan->flags &
1107 	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
1108 		return 0;
1109 	if (!large && chan->freq_offset)
1110 		return 0;
1111 
1112 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
1113 			chan->center_freq))
1114 		goto nla_put_failure;
1115 
1116 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
1117 		goto nla_put_failure;
1118 
1119 	if ((chan->flags & IEEE80211_CHAN_PSD) &&
1120 	    nla_put_s8(msg, NL80211_FREQUENCY_ATTR_PSD, chan->psd))
1121 		goto nla_put_failure;
1122 
1123 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
1124 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
1125 		goto nla_put_failure;
1126 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
1127 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
1128 			goto nla_put_failure;
1129 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
1130 			goto nla_put_failure;
1131 	}
1132 	if (chan->flags & IEEE80211_CHAN_RADAR) {
1133 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
1134 			goto nla_put_failure;
1135 		if (large) {
1136 			u32 time;
1137 
1138 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
1139 
1140 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
1141 					chan->dfs_state))
1142 				goto nla_put_failure;
1143 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
1144 					time))
1145 				goto nla_put_failure;
1146 			if (nla_put_u32(msg,
1147 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
1148 					chan->dfs_cac_ms))
1149 				goto nla_put_failure;
1150 		}
1151 	}
1152 
1153 	if (large) {
1154 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
1155 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
1156 			goto nla_put_failure;
1157 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
1158 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
1159 			goto nla_put_failure;
1160 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
1161 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
1162 			goto nla_put_failure;
1163 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
1164 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
1165 			goto nla_put_failure;
1166 		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
1167 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
1168 			goto nla_put_failure;
1169 		if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
1170 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
1171 			goto nla_put_failure;
1172 		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
1173 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
1174 			goto nla_put_failure;
1175 		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
1176 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
1177 			goto nla_put_failure;
1178 		if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1179 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1180 			goto nla_put_failure;
1181 		if ((chan->flags & IEEE80211_CHAN_1MHZ) &&
1182 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ))
1183 			goto nla_put_failure;
1184 		if ((chan->flags & IEEE80211_CHAN_2MHZ) &&
1185 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ))
1186 			goto nla_put_failure;
1187 		if ((chan->flags & IEEE80211_CHAN_4MHZ) &&
1188 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ))
1189 			goto nla_put_failure;
1190 		if ((chan->flags & IEEE80211_CHAN_8MHZ) &&
1191 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ))
1192 			goto nla_put_failure;
1193 		if ((chan->flags & IEEE80211_CHAN_16MHZ) &&
1194 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ))
1195 			goto nla_put_failure;
1196 		if ((chan->flags & IEEE80211_CHAN_NO_320MHZ) &&
1197 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_320MHZ))
1198 			goto nla_put_failure;
1199 		if ((chan->flags & IEEE80211_CHAN_NO_EHT) &&
1200 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_EHT))
1201 			goto nla_put_failure;
1202 		if ((chan->flags & IEEE80211_CHAN_DFS_CONCURRENT) &&
1203 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DFS_CONCURRENT))
1204 			goto nla_put_failure;
1205 		if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_VLP_CLIENT) &&
1206 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_VLP_CLIENT))
1207 			goto nla_put_failure;
1208 		if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_AFC_CLIENT) &&
1209 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_AFC_CLIENT))
1210 			goto nla_put_failure;
1211 	}
1212 
1213 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1214 			DBM_TO_MBM(chan->max_power)))
1215 		goto nla_put_failure;
1216 
1217 	if (large) {
1218 		const struct ieee80211_reg_rule *rule =
1219 			freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1220 
1221 		if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1222 			if (nl80211_msg_put_wmm_rules(msg, rule))
1223 				goto nla_put_failure;
1224 		}
1225 	}
1226 
1227 	return 0;
1228 
1229  nla_put_failure:
1230 	return -ENOBUFS;
1231 }
1232 
1233 static bool nl80211_put_txq_stats(struct sk_buff *msg,
1234 				  struct cfg80211_txq_stats *txqstats,
1235 				  int attrtype)
1236 {
1237 	struct nlattr *txqattr;
1238 
1239 #define PUT_TXQVAL_U32(attr, memb) do {					  \
1240 	if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) &&	  \
1241 	    nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1242 		return false;						  \
1243 	} while (0)
1244 
1245 	txqattr = nla_nest_start_noflag(msg, attrtype);
1246 	if (!txqattr)
1247 		return false;
1248 
1249 	PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1250 	PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1251 	PUT_TXQVAL_U32(FLOWS, flows);
1252 	PUT_TXQVAL_U32(DROPS, drops);
1253 	PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1254 	PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1255 	PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1256 	PUT_TXQVAL_U32(COLLISIONS, collisions);
1257 	PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1258 	PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1259 	PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1260 	nla_nest_end(msg, txqattr);
1261 
1262 #undef PUT_TXQVAL_U32
1263 	return true;
1264 }
1265 
1266 /* netlink command implementations */
1267 
1268 /**
1269  * nl80211_link_id - return link ID
1270  * @attrs: attributes to look at
1271  *
1272  * Returns: the link ID or 0 if not given
1273  *
1274  * Note this function doesn't do any validation of the link
1275  * ID validity wrt. links that were actually added, so it must
1276  * be called only from ops with %NL80211_FLAG_MLO_VALID_LINK_ID
1277  * or if additional validation is done.
1278  */
1279 static unsigned int nl80211_link_id(struct nlattr **attrs)
1280 {
1281 	struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1282 
1283 	if (!linkid)
1284 		return 0;
1285 
1286 	return nla_get_u8(linkid);
1287 }
1288 
1289 static int nl80211_link_id_or_invalid(struct nlattr **attrs)
1290 {
1291 	struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1292 
1293 	if (!linkid)
1294 		return -1;
1295 
1296 	return nla_get_u8(linkid);
1297 }
1298 
1299 struct key_parse {
1300 	struct key_params p;
1301 	int idx;
1302 	int type;
1303 	bool def, defmgmt, defbeacon;
1304 	bool def_uni, def_multi;
1305 };
1306 
1307 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1308 				 struct key_parse *k)
1309 {
1310 	struct nlattr *tb[NL80211_KEY_MAX + 1];
1311 	int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1312 					      nl80211_key_policy,
1313 					      info->extack);
1314 	if (err)
1315 		return err;
1316 
1317 	k->def = !!tb[NL80211_KEY_DEFAULT];
1318 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1319 	k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1320 
1321 	if (k->def) {
1322 		k->def_uni = true;
1323 		k->def_multi = true;
1324 	}
1325 	if (k->defmgmt || k->defbeacon)
1326 		k->def_multi = true;
1327 
1328 	if (tb[NL80211_KEY_IDX])
1329 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1330 
1331 	if (tb[NL80211_KEY_DATA]) {
1332 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1333 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1334 	}
1335 
1336 	if (tb[NL80211_KEY_SEQ]) {
1337 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1338 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1339 	}
1340 
1341 	if (tb[NL80211_KEY_CIPHER])
1342 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1343 
1344 	if (tb[NL80211_KEY_TYPE])
1345 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1346 
1347 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1348 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1349 
1350 		err = nla_parse_nested_deprecated(kdt,
1351 						  NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1352 						  tb[NL80211_KEY_DEFAULT_TYPES],
1353 						  nl80211_key_default_policy,
1354 						  info->extack);
1355 		if (err)
1356 			return err;
1357 
1358 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1359 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1360 	}
1361 
1362 	if (tb[NL80211_KEY_MODE])
1363 		k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1364 
1365 	return 0;
1366 }
1367 
1368 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1369 {
1370 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1371 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1372 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1373 	}
1374 
1375 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1376 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1377 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1378 	}
1379 
1380 	if (info->attrs[NL80211_ATTR_KEY_IDX])
1381 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1382 
1383 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1384 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1385 
1386 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1387 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1388 
1389 	if (k->def) {
1390 		k->def_uni = true;
1391 		k->def_multi = true;
1392 	}
1393 	if (k->defmgmt)
1394 		k->def_multi = true;
1395 
1396 	if (info->attrs[NL80211_ATTR_KEY_TYPE])
1397 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1398 
1399 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1400 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1401 		int err = nla_parse_nested_deprecated(kdt,
1402 						      NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1403 						      info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1404 						      nl80211_key_default_policy,
1405 						      info->extack);
1406 		if (err)
1407 			return err;
1408 
1409 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1410 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1411 	}
1412 
1413 	return 0;
1414 }
1415 
1416 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1417 {
1418 	int err;
1419 
1420 	memset(k, 0, sizeof(*k));
1421 	k->idx = -1;
1422 	k->type = -1;
1423 
1424 	if (info->attrs[NL80211_ATTR_KEY])
1425 		err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1426 	else
1427 		err = nl80211_parse_key_old(info, k);
1428 
1429 	if (err)
1430 		return err;
1431 
1432 	if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1433 	    (k->defbeacon ? 1 : 0) > 1) {
1434 		GENL_SET_ERR_MSG(info,
1435 				 "key with multiple default flags is invalid");
1436 		return -EINVAL;
1437 	}
1438 
1439 	if (k->defmgmt || k->defbeacon) {
1440 		if (k->def_uni || !k->def_multi) {
1441 			GENL_SET_ERR_MSG(info,
1442 					 "defmgmt/defbeacon key must be mcast");
1443 			return -EINVAL;
1444 		}
1445 	}
1446 
1447 	if (k->idx != -1) {
1448 		if (k->defmgmt) {
1449 			if (k->idx < 4 || k->idx > 5) {
1450 				GENL_SET_ERR_MSG(info,
1451 						 "defmgmt key idx not 4 or 5");
1452 				return -EINVAL;
1453 			}
1454 		} else if (k->defbeacon) {
1455 			if (k->idx < 6 || k->idx > 7) {
1456 				GENL_SET_ERR_MSG(info,
1457 						 "defbeacon key idx not 6 or 7");
1458 				return -EINVAL;
1459 			}
1460 		} else if (k->def) {
1461 			if (k->idx < 0 || k->idx > 3) {
1462 				GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1463 				return -EINVAL;
1464 			}
1465 		} else {
1466 			if (k->idx < 0 || k->idx > 7) {
1467 				GENL_SET_ERR_MSG(info, "key idx not 0-7");
1468 				return -EINVAL;
1469 			}
1470 		}
1471 	}
1472 
1473 	return 0;
1474 }
1475 
1476 static struct cfg80211_cached_keys *
1477 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1478 		       struct genl_info *info, bool *no_ht)
1479 {
1480 	struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1481 	struct key_parse parse;
1482 	struct nlattr *key;
1483 	struct cfg80211_cached_keys *result;
1484 	int rem, err, def = 0;
1485 	bool have_key = false;
1486 
1487 	nla_for_each_nested(key, keys, rem) {
1488 		have_key = true;
1489 		break;
1490 	}
1491 
1492 	if (!have_key)
1493 		return NULL;
1494 
1495 	result = kzalloc(sizeof(*result), GFP_KERNEL);
1496 	if (!result)
1497 		return ERR_PTR(-ENOMEM);
1498 
1499 	result->def = -1;
1500 
1501 	nla_for_each_nested(key, keys, rem) {
1502 		memset(&parse, 0, sizeof(parse));
1503 		parse.idx = -1;
1504 
1505 		err = nl80211_parse_key_new(info, key, &parse);
1506 		if (err)
1507 			goto error;
1508 		err = -EINVAL;
1509 		if (!parse.p.key)
1510 			goto error;
1511 		if (parse.idx < 0 || parse.idx > 3) {
1512 			GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1513 			goto error;
1514 		}
1515 		if (parse.def) {
1516 			if (def) {
1517 				GENL_SET_ERR_MSG(info,
1518 						 "only one key can be default");
1519 				goto error;
1520 			}
1521 			def = 1;
1522 			result->def = parse.idx;
1523 			if (!parse.def_uni || !parse.def_multi)
1524 				goto error;
1525 		} else if (parse.defmgmt)
1526 			goto error;
1527 		err = cfg80211_validate_key_settings(rdev, &parse.p,
1528 						     parse.idx, false, NULL);
1529 		if (err)
1530 			goto error;
1531 		if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1532 		    parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1533 			GENL_SET_ERR_MSG(info, "connect key must be WEP");
1534 			err = -EINVAL;
1535 			goto error;
1536 		}
1537 		result->params[parse.idx].cipher = parse.p.cipher;
1538 		result->params[parse.idx].key_len = parse.p.key_len;
1539 		result->params[parse.idx].key = result->data[parse.idx];
1540 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1541 
1542 		/* must be WEP key if we got here */
1543 		if (no_ht)
1544 			*no_ht = true;
1545 	}
1546 
1547 	if (result->def < 0) {
1548 		err = -EINVAL;
1549 		GENL_SET_ERR_MSG(info, "need a default/TX key");
1550 		goto error;
1551 	}
1552 
1553 	return result;
1554  error:
1555 	kfree(result);
1556 	return ERR_PTR(err);
1557 }
1558 
1559 static int nl80211_key_allowed(struct wireless_dev *wdev)
1560 {
1561 	lockdep_assert_wiphy(wdev->wiphy);
1562 
1563 	switch (wdev->iftype) {
1564 	case NL80211_IFTYPE_AP:
1565 	case NL80211_IFTYPE_AP_VLAN:
1566 	case NL80211_IFTYPE_P2P_GO:
1567 	case NL80211_IFTYPE_MESH_POINT:
1568 		break;
1569 	case NL80211_IFTYPE_ADHOC:
1570 		if (wdev->u.ibss.current_bss)
1571 			return 0;
1572 		return -ENOLINK;
1573 	case NL80211_IFTYPE_STATION:
1574 	case NL80211_IFTYPE_P2P_CLIENT:
1575 		if (wdev->connected)
1576 			return 0;
1577 		return -ENOLINK;
1578 	case NL80211_IFTYPE_NAN:
1579 		if (wiphy_ext_feature_isset(wdev->wiphy,
1580 					    NL80211_EXT_FEATURE_SECURE_NAN))
1581 			return 0;
1582 		return -EINVAL;
1583 	case NL80211_IFTYPE_UNSPECIFIED:
1584 	case NL80211_IFTYPE_OCB:
1585 	case NL80211_IFTYPE_MONITOR:
1586 	case NL80211_IFTYPE_P2P_DEVICE:
1587 	case NL80211_IFTYPE_WDS:
1588 	case NUM_NL80211_IFTYPES:
1589 		return -EINVAL;
1590 	}
1591 
1592 	return 0;
1593 }
1594 
1595 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1596 							u32 freq)
1597 {
1598 	struct ieee80211_channel *chan;
1599 
1600 	chan = ieee80211_get_channel_khz(wiphy, freq);
1601 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1602 		return NULL;
1603 	return chan;
1604 }
1605 
1606 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1607 {
1608 	struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1609 	int i;
1610 
1611 	if (!nl_modes)
1612 		goto nla_put_failure;
1613 
1614 	i = 0;
1615 	while (ifmodes) {
1616 		if ((ifmodes & 1) && nla_put_flag(msg, i))
1617 			goto nla_put_failure;
1618 		ifmodes >>= 1;
1619 		i++;
1620 	}
1621 
1622 	nla_nest_end(msg, nl_modes);
1623 	return 0;
1624 
1625 nla_put_failure:
1626 	return -ENOBUFS;
1627 }
1628 
1629 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1630 					  struct sk_buff *msg,
1631 					  bool large)
1632 {
1633 	struct nlattr *nl_combis;
1634 	int i, j;
1635 
1636 	nl_combis = nla_nest_start_noflag(msg,
1637 					  NL80211_ATTR_INTERFACE_COMBINATIONS);
1638 	if (!nl_combis)
1639 		goto nla_put_failure;
1640 
1641 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
1642 		const struct ieee80211_iface_combination *c;
1643 		struct nlattr *nl_combi, *nl_limits;
1644 
1645 		c = &wiphy->iface_combinations[i];
1646 
1647 		nl_combi = nla_nest_start_noflag(msg, i + 1);
1648 		if (!nl_combi)
1649 			goto nla_put_failure;
1650 
1651 		nl_limits = nla_nest_start_noflag(msg,
1652 						  NL80211_IFACE_COMB_LIMITS);
1653 		if (!nl_limits)
1654 			goto nla_put_failure;
1655 
1656 		for (j = 0; j < c->n_limits; j++) {
1657 			struct nlattr *nl_limit;
1658 
1659 			nl_limit = nla_nest_start_noflag(msg, j + 1);
1660 			if (!nl_limit)
1661 				goto nla_put_failure;
1662 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1663 					c->limits[j].max))
1664 				goto nla_put_failure;
1665 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1666 						c->limits[j].types))
1667 				goto nla_put_failure;
1668 			nla_nest_end(msg, nl_limit);
1669 		}
1670 
1671 		nla_nest_end(msg, nl_limits);
1672 
1673 		if (c->beacon_int_infra_match &&
1674 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1675 			goto nla_put_failure;
1676 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1677 				c->num_different_channels) ||
1678 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1679 				c->max_interfaces))
1680 			goto nla_put_failure;
1681 		if (large &&
1682 		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1683 				c->radar_detect_widths) ||
1684 		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1685 				c->radar_detect_regions)))
1686 			goto nla_put_failure;
1687 		if (c->beacon_int_min_gcd &&
1688 		    nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1689 				c->beacon_int_min_gcd))
1690 			goto nla_put_failure;
1691 
1692 		nla_nest_end(msg, nl_combi);
1693 	}
1694 
1695 	nla_nest_end(msg, nl_combis);
1696 
1697 	return 0;
1698 nla_put_failure:
1699 	return -ENOBUFS;
1700 }
1701 
1702 #ifdef CONFIG_PM
1703 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1704 					struct sk_buff *msg)
1705 {
1706 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1707 	struct nlattr *nl_tcp;
1708 
1709 	if (!tcp)
1710 		return 0;
1711 
1712 	nl_tcp = nla_nest_start_noflag(msg,
1713 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1714 	if (!nl_tcp)
1715 		return -ENOBUFS;
1716 
1717 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1718 			tcp->data_payload_max))
1719 		return -ENOBUFS;
1720 
1721 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1722 			tcp->data_payload_max))
1723 		return -ENOBUFS;
1724 
1725 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1726 		return -ENOBUFS;
1727 
1728 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1729 				sizeof(*tcp->tok), tcp->tok))
1730 		return -ENOBUFS;
1731 
1732 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1733 			tcp->data_interval_max))
1734 		return -ENOBUFS;
1735 
1736 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1737 			tcp->wake_payload_max))
1738 		return -ENOBUFS;
1739 
1740 	nla_nest_end(msg, nl_tcp);
1741 	return 0;
1742 }
1743 
1744 static int nl80211_send_wowlan(struct sk_buff *msg,
1745 			       struct cfg80211_registered_device *rdev,
1746 			       bool large)
1747 {
1748 	struct nlattr *nl_wowlan;
1749 
1750 	if (!rdev->wiphy.wowlan)
1751 		return 0;
1752 
1753 	nl_wowlan = nla_nest_start_noflag(msg,
1754 					  NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1755 	if (!nl_wowlan)
1756 		return -ENOBUFS;
1757 
1758 	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1759 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1760 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1761 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1762 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1763 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1764 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1765 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1766 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1767 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1768 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1769 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1770 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1771 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1772 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1773 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1774 		return -ENOBUFS;
1775 
1776 	if (rdev->wiphy.wowlan->n_patterns) {
1777 		struct nl80211_pattern_support pat = {
1778 			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1779 			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1780 			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1781 			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1782 		};
1783 
1784 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1785 			    sizeof(pat), &pat))
1786 			return -ENOBUFS;
1787 	}
1788 
1789 	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1790 	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1791 			rdev->wiphy.wowlan->max_nd_match_sets))
1792 		return -ENOBUFS;
1793 
1794 	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1795 		return -ENOBUFS;
1796 
1797 	nla_nest_end(msg, nl_wowlan);
1798 
1799 	return 0;
1800 }
1801 #endif
1802 
1803 static int nl80211_send_coalesce(struct sk_buff *msg,
1804 				 struct cfg80211_registered_device *rdev)
1805 {
1806 	struct nl80211_coalesce_rule_support rule;
1807 
1808 	if (!rdev->wiphy.coalesce)
1809 		return 0;
1810 
1811 	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1812 	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1813 	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1814 	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1815 	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1816 	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1817 
1818 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1819 		return -ENOBUFS;
1820 
1821 	return 0;
1822 }
1823 
1824 static int
1825 nl80211_send_iftype_data(struct sk_buff *msg,
1826 			 const struct ieee80211_supported_band *sband,
1827 			 const struct ieee80211_sband_iftype_data *iftdata)
1828 {
1829 	const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1830 	const struct ieee80211_sta_eht_cap *eht_cap = &iftdata->eht_cap;
1831 
1832 	if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1833 				iftdata->types_mask))
1834 		return -ENOBUFS;
1835 
1836 	if (he_cap->has_he) {
1837 		if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1838 			    sizeof(he_cap->he_cap_elem.mac_cap_info),
1839 			    he_cap->he_cap_elem.mac_cap_info) ||
1840 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1841 			    sizeof(he_cap->he_cap_elem.phy_cap_info),
1842 			    he_cap->he_cap_elem.phy_cap_info) ||
1843 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1844 			    sizeof(he_cap->he_mcs_nss_supp),
1845 			    &he_cap->he_mcs_nss_supp) ||
1846 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1847 			    sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1848 			return -ENOBUFS;
1849 	}
1850 
1851 	if (eht_cap->has_eht && he_cap->has_he) {
1852 		u8 mcs_nss_size, ppe_thresh_size;
1853 		u16 ppe_thres_hdr;
1854 		bool is_ap;
1855 
1856 		is_ap = iftdata->types_mask & BIT(NL80211_IFTYPE_AP) ||
1857 			iftdata->types_mask & BIT(NL80211_IFTYPE_P2P_GO);
1858 
1859 		mcs_nss_size =
1860 			ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
1861 						   &eht_cap->eht_cap_elem,
1862 						   is_ap);
1863 
1864 		ppe_thres_hdr = get_unaligned_le16(&eht_cap->eht_ppe_thres[0]);
1865 		ppe_thresh_size =
1866 			ieee80211_eht_ppe_size(ppe_thres_hdr,
1867 					       eht_cap->eht_cap_elem.phy_cap_info);
1868 
1869 		if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC,
1870 			    sizeof(eht_cap->eht_cap_elem.mac_cap_info),
1871 			    eht_cap->eht_cap_elem.mac_cap_info) ||
1872 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY,
1873 			    sizeof(eht_cap->eht_cap_elem.phy_cap_info),
1874 			    eht_cap->eht_cap_elem.phy_cap_info) ||
1875 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET,
1876 			    mcs_nss_size, &eht_cap->eht_mcs_nss_supp) ||
1877 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE,
1878 			    ppe_thresh_size, eht_cap->eht_ppe_thres))
1879 			return -ENOBUFS;
1880 	}
1881 
1882 	if (sband->band == NL80211_BAND_6GHZ &&
1883 	    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
1884 		    sizeof(iftdata->he_6ghz_capa),
1885 		    &iftdata->he_6ghz_capa))
1886 		return -ENOBUFS;
1887 
1888 	if (iftdata->vendor_elems.data && iftdata->vendor_elems.len &&
1889 	    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS,
1890 		    iftdata->vendor_elems.len, iftdata->vendor_elems.data))
1891 		return -ENOBUFS;
1892 
1893 	return 0;
1894 }
1895 
1896 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1897 				      struct ieee80211_supported_band *sband,
1898 				      bool large)
1899 {
1900 	struct nlattr *nl_rates, *nl_rate;
1901 	struct ieee80211_rate *rate;
1902 	int i;
1903 
1904 	/* add HT info */
1905 	if (sband->ht_cap.ht_supported &&
1906 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1907 		     sizeof(sband->ht_cap.mcs),
1908 		     &sband->ht_cap.mcs) ||
1909 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1910 			 sband->ht_cap.cap) ||
1911 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1912 			sband->ht_cap.ampdu_factor) ||
1913 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1914 			sband->ht_cap.ampdu_density)))
1915 		return -ENOBUFS;
1916 
1917 	/* add VHT info */
1918 	if (sband->vht_cap.vht_supported &&
1919 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1920 		     sizeof(sband->vht_cap.vht_mcs),
1921 		     &sband->vht_cap.vht_mcs) ||
1922 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1923 			 sband->vht_cap.cap)))
1924 		return -ENOBUFS;
1925 
1926 	if (large && sband->n_iftype_data) {
1927 		struct nlattr *nl_iftype_data =
1928 			nla_nest_start_noflag(msg,
1929 					      NL80211_BAND_ATTR_IFTYPE_DATA);
1930 		const struct ieee80211_sband_iftype_data *iftd;
1931 		int err;
1932 
1933 		if (!nl_iftype_data)
1934 			return -ENOBUFS;
1935 
1936 		for_each_sband_iftype_data(sband, i, iftd) {
1937 			struct nlattr *iftdata;
1938 
1939 			iftdata = nla_nest_start_noflag(msg, i + 1);
1940 			if (!iftdata)
1941 				return -ENOBUFS;
1942 
1943 			err = nl80211_send_iftype_data(msg, sband, iftd);
1944 			if (err)
1945 				return err;
1946 
1947 			nla_nest_end(msg, iftdata);
1948 		}
1949 
1950 		nla_nest_end(msg, nl_iftype_data);
1951 	}
1952 
1953 	/* add EDMG info */
1954 	if (large && sband->edmg_cap.channels &&
1955 	    (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1956 		       sband->edmg_cap.channels) ||
1957 	    nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1958 		       sband->edmg_cap.bw_config)))
1959 
1960 		return -ENOBUFS;
1961 
1962 	/* add bitrates */
1963 	nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1964 	if (!nl_rates)
1965 		return -ENOBUFS;
1966 
1967 	for (i = 0; i < sband->n_bitrates; i++) {
1968 		nl_rate = nla_nest_start_noflag(msg, i);
1969 		if (!nl_rate)
1970 			return -ENOBUFS;
1971 
1972 		rate = &sband->bitrates[i];
1973 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1974 				rate->bitrate))
1975 			return -ENOBUFS;
1976 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1977 		    nla_put_flag(msg,
1978 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1979 			return -ENOBUFS;
1980 
1981 		nla_nest_end(msg, nl_rate);
1982 	}
1983 
1984 	nla_nest_end(msg, nl_rates);
1985 
1986 	/* S1G capabilities */
1987 	if (sband->band == NL80211_BAND_S1GHZ && sband->s1g_cap.s1g &&
1988 	    (nla_put(msg, NL80211_BAND_ATTR_S1G_CAPA,
1989 		     sizeof(sband->s1g_cap.cap),
1990 		     sband->s1g_cap.cap) ||
1991 	     nla_put(msg, NL80211_BAND_ATTR_S1G_MCS_NSS_SET,
1992 		     sizeof(sband->s1g_cap.nss_mcs),
1993 		     sband->s1g_cap.nss_mcs)))
1994 		return -ENOBUFS;
1995 
1996 	return 0;
1997 }
1998 
1999 static int
2000 nl80211_send_mgmt_stypes(struct sk_buff *msg,
2001 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
2002 {
2003 	u16 stypes;
2004 	struct nlattr *nl_ftypes, *nl_ifs;
2005 	enum nl80211_iftype ift;
2006 	int i;
2007 
2008 	if (!mgmt_stypes)
2009 		return 0;
2010 
2011 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
2012 	if (!nl_ifs)
2013 		return -ENOBUFS;
2014 
2015 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2016 		nl_ftypes = nla_nest_start_noflag(msg, ift);
2017 		if (!nl_ftypes)
2018 			return -ENOBUFS;
2019 		i = 0;
2020 		stypes = mgmt_stypes[ift].tx;
2021 		while (stypes) {
2022 			if ((stypes & 1) &&
2023 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2024 					(i << 4) | IEEE80211_FTYPE_MGMT))
2025 				return -ENOBUFS;
2026 			stypes >>= 1;
2027 			i++;
2028 		}
2029 		nla_nest_end(msg, nl_ftypes);
2030 	}
2031 
2032 	nla_nest_end(msg, nl_ifs);
2033 
2034 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
2035 	if (!nl_ifs)
2036 		return -ENOBUFS;
2037 
2038 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2039 		nl_ftypes = nla_nest_start_noflag(msg, ift);
2040 		if (!nl_ftypes)
2041 			return -ENOBUFS;
2042 		i = 0;
2043 		stypes = mgmt_stypes[ift].rx;
2044 		while (stypes) {
2045 			if ((stypes & 1) &&
2046 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2047 					(i << 4) | IEEE80211_FTYPE_MGMT))
2048 				return -ENOBUFS;
2049 			stypes >>= 1;
2050 			i++;
2051 		}
2052 		nla_nest_end(msg, nl_ftypes);
2053 	}
2054 	nla_nest_end(msg, nl_ifs);
2055 
2056 	return 0;
2057 }
2058 
2059 #define CMD(op, n)							\
2060 	 do {								\
2061 		if (rdev->ops->op) {					\
2062 			i++;						\
2063 			if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) 	\
2064 				goto nla_put_failure;			\
2065 		}							\
2066 	} while (0)
2067 
2068 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
2069 					struct sk_buff *msg)
2070 {
2071 	int i = 0;
2072 
2073 	/*
2074 	 * do *NOT* add anything into this function, new things need to be
2075 	 * advertised only to new versions of userspace that can deal with
2076 	 * the split (and they can't possibly care about new features...
2077 	 */
2078 	CMD(add_virtual_intf, NEW_INTERFACE);
2079 	CMD(change_virtual_intf, SET_INTERFACE);
2080 	CMD(add_key, NEW_KEY);
2081 	CMD(start_ap, START_AP);
2082 	CMD(add_station, NEW_STATION);
2083 	CMD(add_mpath, NEW_MPATH);
2084 	CMD(update_mesh_config, SET_MESH_CONFIG);
2085 	CMD(change_bss, SET_BSS);
2086 	CMD(auth, AUTHENTICATE);
2087 	CMD(assoc, ASSOCIATE);
2088 	CMD(deauth, DEAUTHENTICATE);
2089 	CMD(disassoc, DISASSOCIATE);
2090 	CMD(join_ibss, JOIN_IBSS);
2091 	CMD(join_mesh, JOIN_MESH);
2092 	CMD(set_pmksa, SET_PMKSA);
2093 	CMD(del_pmksa, DEL_PMKSA);
2094 	CMD(flush_pmksa, FLUSH_PMKSA);
2095 	if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
2096 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
2097 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
2098 	CMD(mgmt_tx, FRAME);
2099 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
2100 	if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
2101 		i++;
2102 		if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
2103 			goto nla_put_failure;
2104 	}
2105 	if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
2106 	    rdev->ops->join_mesh) {
2107 		i++;
2108 		if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
2109 			goto nla_put_failure;
2110 	}
2111 	if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
2112 		CMD(tdls_mgmt, TDLS_MGMT);
2113 		CMD(tdls_oper, TDLS_OPER);
2114 	}
2115 	if (rdev->wiphy.max_sched_scan_reqs)
2116 		CMD(sched_scan_start, START_SCHED_SCAN);
2117 	CMD(probe_client, PROBE_CLIENT);
2118 	CMD(set_noack_map, SET_NOACK_MAP);
2119 	if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
2120 		i++;
2121 		if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
2122 			goto nla_put_failure;
2123 	}
2124 	CMD(start_p2p_device, START_P2P_DEVICE);
2125 	CMD(set_mcast_rate, SET_MCAST_RATE);
2126 #ifdef CONFIG_NL80211_TESTMODE
2127 	CMD(testmode_cmd, TESTMODE);
2128 #endif
2129 
2130 	if (rdev->ops->connect || rdev->ops->auth) {
2131 		i++;
2132 		if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
2133 			goto nla_put_failure;
2134 	}
2135 
2136 	if (rdev->ops->disconnect || rdev->ops->deauth) {
2137 		i++;
2138 		if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
2139 			goto nla_put_failure;
2140 	}
2141 
2142 	return i;
2143  nla_put_failure:
2144 	return -ENOBUFS;
2145 }
2146 
2147 static int
2148 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
2149 			   struct sk_buff *msg)
2150 {
2151 	struct nlattr *ftm;
2152 
2153 	if (!cap->ftm.supported)
2154 		return 0;
2155 
2156 	ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
2157 	if (!ftm)
2158 		return -ENOBUFS;
2159 
2160 	if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
2161 		return -ENOBUFS;
2162 	if (cap->ftm.non_asap &&
2163 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
2164 		return -ENOBUFS;
2165 	if (cap->ftm.request_lci &&
2166 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
2167 		return -ENOBUFS;
2168 	if (cap->ftm.request_civicloc &&
2169 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
2170 		return -ENOBUFS;
2171 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
2172 			cap->ftm.preambles))
2173 		return -ENOBUFS;
2174 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
2175 			cap->ftm.bandwidths))
2176 		return -ENOBUFS;
2177 	if (cap->ftm.max_bursts_exponent >= 0 &&
2178 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
2179 			cap->ftm.max_bursts_exponent))
2180 		return -ENOBUFS;
2181 	if (cap->ftm.max_ftms_per_burst &&
2182 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
2183 			cap->ftm.max_ftms_per_burst))
2184 		return -ENOBUFS;
2185 	if (cap->ftm.trigger_based &&
2186 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
2187 		return -ENOBUFS;
2188 	if (cap->ftm.non_trigger_based &&
2189 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
2190 		return -ENOBUFS;
2191 
2192 	nla_nest_end(msg, ftm);
2193 	return 0;
2194 }
2195 
2196 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
2197 				  struct sk_buff *msg)
2198 {
2199 	const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
2200 	struct nlattr *pmsr, *caps;
2201 
2202 	if (!cap)
2203 		return 0;
2204 
2205 	/*
2206 	 * we don't need to clean up anything here since the caller
2207 	 * will genlmsg_cancel() if we fail
2208 	 */
2209 
2210 	pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
2211 	if (!pmsr)
2212 		return -ENOBUFS;
2213 
2214 	if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
2215 		return -ENOBUFS;
2216 
2217 	if (cap->report_ap_tsf &&
2218 	    nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
2219 		return -ENOBUFS;
2220 
2221 	if (cap->randomize_mac_addr &&
2222 	    nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
2223 		return -ENOBUFS;
2224 
2225 	caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
2226 	if (!caps)
2227 		return -ENOBUFS;
2228 
2229 	if (nl80211_send_pmsr_ftm_capa(cap, msg))
2230 		return -ENOBUFS;
2231 
2232 	nla_nest_end(msg, caps);
2233 	nla_nest_end(msg, pmsr);
2234 
2235 	return 0;
2236 }
2237 
2238 static int
2239 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
2240 			      struct sk_buff *msg)
2241 {
2242 	int i;
2243 	struct nlattr *nested, *nested_akms;
2244 	const struct wiphy_iftype_akm_suites *iftype_akms;
2245 
2246 	if (!rdev->wiphy.num_iftype_akm_suites ||
2247 	    !rdev->wiphy.iftype_akm_suites)
2248 		return 0;
2249 
2250 	nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
2251 	if (!nested)
2252 		return -ENOBUFS;
2253 
2254 	for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
2255 		nested_akms = nla_nest_start(msg, i + 1);
2256 		if (!nested_akms)
2257 			return -ENOBUFS;
2258 
2259 		iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
2260 
2261 		if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
2262 					iftype_akms->iftypes_mask))
2263 			return -ENOBUFS;
2264 
2265 		if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
2266 			    sizeof(u32) * iftype_akms->n_akm_suites,
2267 			    iftype_akms->akm_suites)) {
2268 			return -ENOBUFS;
2269 		}
2270 		nla_nest_end(msg, nested_akms);
2271 	}
2272 
2273 	nla_nest_end(msg, nested);
2274 
2275 	return 0;
2276 }
2277 
2278 static int
2279 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
2280 			       struct sk_buff *msg)
2281 {
2282 	struct nlattr *supp;
2283 
2284 	if (!rdev->wiphy.tid_config_support.vif &&
2285 	    !rdev->wiphy.tid_config_support.peer)
2286 		return 0;
2287 
2288 	supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
2289 	if (!supp)
2290 		return -ENOSPC;
2291 
2292 	if (rdev->wiphy.tid_config_support.vif &&
2293 	    nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
2294 			      rdev->wiphy.tid_config_support.vif,
2295 			      NL80211_TID_CONFIG_ATTR_PAD))
2296 		goto fail;
2297 
2298 	if (rdev->wiphy.tid_config_support.peer &&
2299 	    nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
2300 			      rdev->wiphy.tid_config_support.peer,
2301 			      NL80211_TID_CONFIG_ATTR_PAD))
2302 		goto fail;
2303 
2304 	/* for now we just use the same value ... makes more sense */
2305 	if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2306 		       rdev->wiphy.tid_config_support.max_retry))
2307 		goto fail;
2308 	if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2309 		       rdev->wiphy.tid_config_support.max_retry))
2310 		goto fail;
2311 
2312 	nla_nest_end(msg, supp);
2313 
2314 	return 0;
2315 fail:
2316 	nla_nest_cancel(msg, supp);
2317 	return -ENOBUFS;
2318 }
2319 
2320 static int
2321 nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
2322 		      struct sk_buff *msg)
2323 {
2324 	struct nlattr *sar_capa, *specs, *sub_freq_range;
2325 	u8 num_freq_ranges;
2326 	int i;
2327 
2328 	if (!rdev->wiphy.sar_capa)
2329 		return 0;
2330 
2331 	num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
2332 
2333 	sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
2334 	if (!sar_capa)
2335 		return -ENOSPC;
2336 
2337 	if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
2338 		goto fail;
2339 
2340 	specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
2341 	if (!specs)
2342 		goto fail;
2343 
2344 	/* report supported freq_ranges */
2345 	for (i = 0; i < num_freq_ranges; i++) {
2346 		sub_freq_range = nla_nest_start(msg, i + 1);
2347 		if (!sub_freq_range)
2348 			goto fail;
2349 
2350 		if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
2351 				rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
2352 			goto fail;
2353 
2354 		if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
2355 				rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
2356 			goto fail;
2357 
2358 		nla_nest_end(msg, sub_freq_range);
2359 	}
2360 
2361 	nla_nest_end(msg, specs);
2362 	nla_nest_end(msg, sar_capa);
2363 
2364 	return 0;
2365 fail:
2366 	nla_nest_cancel(msg, sar_capa);
2367 	return -ENOBUFS;
2368 }
2369 
2370 static int nl80211_put_mbssid_support(struct wiphy *wiphy, struct sk_buff *msg)
2371 {
2372 	struct nlattr *config;
2373 
2374 	if (!wiphy->mbssid_max_interfaces)
2375 		return 0;
2376 
2377 	config = nla_nest_start(msg, NL80211_ATTR_MBSSID_CONFIG);
2378 	if (!config)
2379 		return -ENOBUFS;
2380 
2381 	if (nla_put_u8(msg, NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES,
2382 		       wiphy->mbssid_max_interfaces))
2383 		goto fail;
2384 
2385 	if (wiphy->ema_max_profile_periodicity &&
2386 	    nla_put_u8(msg,
2387 		       NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY,
2388 		       wiphy->ema_max_profile_periodicity))
2389 		goto fail;
2390 
2391 	nla_nest_end(msg, config);
2392 	return 0;
2393 
2394 fail:
2395 	nla_nest_cancel(msg, config);
2396 	return -ENOBUFS;
2397 }
2398 
2399 struct nl80211_dump_wiphy_state {
2400 	s64 filter_wiphy;
2401 	long start;
2402 	long split_start, band_start, chan_start, capa_start;
2403 	bool split;
2404 };
2405 
2406 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2407 			      enum nl80211_commands cmd,
2408 			      struct sk_buff *msg, u32 portid, u32 seq,
2409 			      int flags, struct nl80211_dump_wiphy_state *state)
2410 {
2411 	void *hdr;
2412 	struct nlattr *nl_bands, *nl_band;
2413 	struct nlattr *nl_freqs, *nl_freq;
2414 	struct nlattr *nl_cmds;
2415 	enum nl80211_band band;
2416 	struct ieee80211_channel *chan;
2417 	int i;
2418 	const struct ieee80211_txrx_stypes *mgmt_stypes =
2419 				rdev->wiphy.mgmt_stypes;
2420 	u32 features;
2421 
2422 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2423 	if (!hdr)
2424 		return -ENOBUFS;
2425 
2426 	if (WARN_ON(!state))
2427 		return -EINVAL;
2428 
2429 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2430 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2431 			   wiphy_name(&rdev->wiphy)) ||
2432 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
2433 			cfg80211_rdev_list_generation))
2434 		goto nla_put_failure;
2435 
2436 	if (cmd != NL80211_CMD_NEW_WIPHY)
2437 		goto finish;
2438 
2439 	switch (state->split_start) {
2440 	case 0:
2441 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2442 			       rdev->wiphy.retry_short) ||
2443 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2444 			       rdev->wiphy.retry_long) ||
2445 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2446 				rdev->wiphy.frag_threshold) ||
2447 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2448 				rdev->wiphy.rts_threshold) ||
2449 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2450 			       rdev->wiphy.coverage_class) ||
2451 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2452 			       rdev->wiphy.max_scan_ssids) ||
2453 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2454 			       rdev->wiphy.max_sched_scan_ssids) ||
2455 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2456 				rdev->wiphy.max_scan_ie_len) ||
2457 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2458 				rdev->wiphy.max_sched_scan_ie_len) ||
2459 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2460 			       rdev->wiphy.max_match_sets))
2461 			goto nla_put_failure;
2462 
2463 		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2464 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2465 			goto nla_put_failure;
2466 		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2467 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2468 			goto nla_put_failure;
2469 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2470 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2471 			goto nla_put_failure;
2472 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2473 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2474 			goto nla_put_failure;
2475 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2476 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2477 			goto nla_put_failure;
2478 		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2479 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2480 			goto nla_put_failure;
2481 		state->split_start++;
2482 		if (state->split)
2483 			break;
2484 		fallthrough;
2485 	case 1:
2486 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2487 			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
2488 			    rdev->wiphy.cipher_suites))
2489 			goto nla_put_failure;
2490 
2491 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2492 			       rdev->wiphy.max_num_pmkids))
2493 			goto nla_put_failure;
2494 
2495 		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2496 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2497 			goto nla_put_failure;
2498 
2499 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2500 				rdev->wiphy.available_antennas_tx) ||
2501 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2502 				rdev->wiphy.available_antennas_rx))
2503 			goto nla_put_failure;
2504 
2505 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2506 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2507 				rdev->wiphy.probe_resp_offload))
2508 			goto nla_put_failure;
2509 
2510 		if ((rdev->wiphy.available_antennas_tx ||
2511 		     rdev->wiphy.available_antennas_rx) &&
2512 		    rdev->ops->get_antenna) {
2513 			u32 tx_ant = 0, rx_ant = 0;
2514 			int res;
2515 
2516 			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2517 			if (!res) {
2518 				if (nla_put_u32(msg,
2519 						NL80211_ATTR_WIPHY_ANTENNA_TX,
2520 						tx_ant) ||
2521 				    nla_put_u32(msg,
2522 						NL80211_ATTR_WIPHY_ANTENNA_RX,
2523 						rx_ant))
2524 					goto nla_put_failure;
2525 			}
2526 		}
2527 
2528 		state->split_start++;
2529 		if (state->split)
2530 			break;
2531 		fallthrough;
2532 	case 2:
2533 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2534 					rdev->wiphy.interface_modes))
2535 				goto nla_put_failure;
2536 		state->split_start++;
2537 		if (state->split)
2538 			break;
2539 		fallthrough;
2540 	case 3:
2541 		nl_bands = nla_nest_start_noflag(msg,
2542 						 NL80211_ATTR_WIPHY_BANDS);
2543 		if (!nl_bands)
2544 			goto nla_put_failure;
2545 
2546 		for (band = state->band_start;
2547 		     band < (state->split ?
2548 				NUM_NL80211_BANDS :
2549 				NL80211_BAND_60GHZ + 1);
2550 		     band++) {
2551 			struct ieee80211_supported_band *sband;
2552 
2553 			/* omit higher bands for ancient software */
2554 			if (band > NL80211_BAND_5GHZ && !state->split)
2555 				break;
2556 
2557 			sband = rdev->wiphy.bands[band];
2558 
2559 			if (!sband)
2560 				continue;
2561 
2562 			nl_band = nla_nest_start_noflag(msg, band);
2563 			if (!nl_band)
2564 				goto nla_put_failure;
2565 
2566 			switch (state->chan_start) {
2567 			case 0:
2568 				if (nl80211_send_band_rateinfo(msg, sband,
2569 							       state->split))
2570 					goto nla_put_failure;
2571 				state->chan_start++;
2572 				if (state->split)
2573 					break;
2574 				fallthrough;
2575 			default:
2576 				/* add frequencies */
2577 				nl_freqs = nla_nest_start_noflag(msg,
2578 								 NL80211_BAND_ATTR_FREQS);
2579 				if (!nl_freqs)
2580 					goto nla_put_failure;
2581 
2582 				for (i = state->chan_start - 1;
2583 				     i < sband->n_channels;
2584 				     i++) {
2585 					nl_freq = nla_nest_start_noflag(msg,
2586 									i);
2587 					if (!nl_freq)
2588 						goto nla_put_failure;
2589 
2590 					chan = &sband->channels[i];
2591 
2592 					if (nl80211_msg_put_channel(
2593 							msg, &rdev->wiphy, chan,
2594 							state->split))
2595 						goto nla_put_failure;
2596 
2597 					nla_nest_end(msg, nl_freq);
2598 					if (state->split)
2599 						break;
2600 				}
2601 				if (i < sband->n_channels)
2602 					state->chan_start = i + 2;
2603 				else
2604 					state->chan_start = 0;
2605 				nla_nest_end(msg, nl_freqs);
2606 			}
2607 
2608 			nla_nest_end(msg, nl_band);
2609 
2610 			if (state->split) {
2611 				/* start again here */
2612 				if (state->chan_start)
2613 					band--;
2614 				break;
2615 			}
2616 		}
2617 		nla_nest_end(msg, nl_bands);
2618 
2619 		if (band < NUM_NL80211_BANDS)
2620 			state->band_start = band + 1;
2621 		else
2622 			state->band_start = 0;
2623 
2624 		/* if bands & channels are done, continue outside */
2625 		if (state->band_start == 0 && state->chan_start == 0)
2626 			state->split_start++;
2627 		if (state->split)
2628 			break;
2629 		fallthrough;
2630 	case 4:
2631 		nl_cmds = nla_nest_start_noflag(msg,
2632 						NL80211_ATTR_SUPPORTED_COMMANDS);
2633 		if (!nl_cmds)
2634 			goto nla_put_failure;
2635 
2636 		i = nl80211_add_commands_unsplit(rdev, msg);
2637 		if (i < 0)
2638 			goto nla_put_failure;
2639 		if (state->split) {
2640 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
2641 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2642 			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2643 				CMD(channel_switch, CHANNEL_SWITCH);
2644 			CMD(set_qos_map, SET_QOS_MAP);
2645 			if (rdev->wiphy.features &
2646 					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2647 				CMD(add_tx_ts, ADD_TX_TS);
2648 			CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2649 			CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2650 			CMD(update_ft_ies, UPDATE_FT_IES);
2651 			if (rdev->wiphy.sar_capa)
2652 				CMD(set_sar_specs, SET_SAR_SPECS);
2653 		}
2654 #undef CMD
2655 
2656 		nla_nest_end(msg, nl_cmds);
2657 		state->split_start++;
2658 		if (state->split)
2659 			break;
2660 		fallthrough;
2661 	case 5:
2662 		if (rdev->ops->remain_on_channel &&
2663 		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2664 		    nla_put_u32(msg,
2665 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2666 				rdev->wiphy.max_remain_on_channel_duration))
2667 			goto nla_put_failure;
2668 
2669 		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2670 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2671 			goto nla_put_failure;
2672 
2673 		state->split_start++;
2674 		if (state->split)
2675 			break;
2676 		fallthrough;
2677 	case 6:
2678 #ifdef CONFIG_PM
2679 		if (nl80211_send_wowlan(msg, rdev, state->split))
2680 			goto nla_put_failure;
2681 		state->split_start++;
2682 		if (state->split)
2683 			break;
2684 #else
2685 		state->split_start++;
2686 #endif
2687 		fallthrough;
2688 	case 7:
2689 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2690 					rdev->wiphy.software_iftypes))
2691 			goto nla_put_failure;
2692 
2693 		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2694 						   state->split))
2695 			goto nla_put_failure;
2696 
2697 		state->split_start++;
2698 		if (state->split)
2699 			break;
2700 		fallthrough;
2701 	case 8:
2702 		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2703 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2704 				rdev->wiphy.ap_sme_capa))
2705 			goto nla_put_failure;
2706 
2707 		features = rdev->wiphy.features;
2708 		/*
2709 		 * We can only add the per-channel limit information if the
2710 		 * dump is split, otherwise it makes it too big. Therefore
2711 		 * only advertise it in that case.
2712 		 */
2713 		if (state->split)
2714 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2715 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2716 			goto nla_put_failure;
2717 
2718 		if (rdev->wiphy.ht_capa_mod_mask &&
2719 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2720 			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
2721 			    rdev->wiphy.ht_capa_mod_mask))
2722 			goto nla_put_failure;
2723 
2724 		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2725 		    rdev->wiphy.max_acl_mac_addrs &&
2726 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2727 				rdev->wiphy.max_acl_mac_addrs))
2728 			goto nla_put_failure;
2729 
2730 		/*
2731 		 * Any information below this point is only available to
2732 		 * applications that can deal with it being split. This
2733 		 * helps ensure that newly added capabilities don't break
2734 		 * older tools by overrunning their buffers.
2735 		 *
2736 		 * We still increment split_start so that in the split
2737 		 * case we'll continue with more data in the next round,
2738 		 * but break unconditionally so unsplit data stops here.
2739 		 */
2740 		if (state->split)
2741 			state->split_start++;
2742 		else
2743 			state->split_start = 0;
2744 		break;
2745 	case 9:
2746 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2747 			goto nla_put_failure;
2748 
2749 		if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
2750 				rdev->wiphy.max_sched_scan_plans) ||
2751 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
2752 				rdev->wiphy.max_sched_scan_plan_interval) ||
2753 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
2754 				rdev->wiphy.max_sched_scan_plan_iterations))
2755 			goto nla_put_failure;
2756 
2757 		if (rdev->wiphy.extended_capabilities &&
2758 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2759 			     rdev->wiphy.extended_capabilities_len,
2760 			     rdev->wiphy.extended_capabilities) ||
2761 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2762 			     rdev->wiphy.extended_capabilities_len,
2763 			     rdev->wiphy.extended_capabilities_mask)))
2764 			goto nla_put_failure;
2765 
2766 		if (rdev->wiphy.vht_capa_mod_mask &&
2767 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2768 			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
2769 			    rdev->wiphy.vht_capa_mod_mask))
2770 			goto nla_put_failure;
2771 
2772 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2773 			    rdev->wiphy.perm_addr))
2774 			goto nla_put_failure;
2775 
2776 		if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2777 		    nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2778 			    rdev->wiphy.addr_mask))
2779 			goto nla_put_failure;
2780 
2781 		if (rdev->wiphy.n_addresses > 1) {
2782 			void *attr;
2783 
2784 			attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2785 			if (!attr)
2786 				goto nla_put_failure;
2787 
2788 			for (i = 0; i < rdev->wiphy.n_addresses; i++)
2789 				if (nla_put(msg, i + 1, ETH_ALEN,
2790 					    rdev->wiphy.addresses[i].addr))
2791 					goto nla_put_failure;
2792 
2793 			nla_nest_end(msg, attr);
2794 		}
2795 
2796 		state->split_start++;
2797 		break;
2798 	case 10:
2799 		if (nl80211_send_coalesce(msg, rdev))
2800 			goto nla_put_failure;
2801 
2802 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2803 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2804 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2805 			goto nla_put_failure;
2806 
2807 		if (rdev->wiphy.max_ap_assoc_sta &&
2808 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2809 				rdev->wiphy.max_ap_assoc_sta))
2810 			goto nla_put_failure;
2811 
2812 		state->split_start++;
2813 		break;
2814 	case 11:
2815 		if (rdev->wiphy.n_vendor_commands) {
2816 			const struct nl80211_vendor_cmd_info *info;
2817 			struct nlattr *nested;
2818 
2819 			nested = nla_nest_start_noflag(msg,
2820 						       NL80211_ATTR_VENDOR_DATA);
2821 			if (!nested)
2822 				goto nla_put_failure;
2823 
2824 			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2825 				info = &rdev->wiphy.vendor_commands[i].info;
2826 				if (nla_put(msg, i + 1, sizeof(*info), info))
2827 					goto nla_put_failure;
2828 			}
2829 			nla_nest_end(msg, nested);
2830 		}
2831 
2832 		if (rdev->wiphy.n_vendor_events) {
2833 			const struct nl80211_vendor_cmd_info *info;
2834 			struct nlattr *nested;
2835 
2836 			nested = nla_nest_start_noflag(msg,
2837 						       NL80211_ATTR_VENDOR_EVENTS);
2838 			if (!nested)
2839 				goto nla_put_failure;
2840 
2841 			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2842 				info = &rdev->wiphy.vendor_events[i];
2843 				if (nla_put(msg, i + 1, sizeof(*info), info))
2844 					goto nla_put_failure;
2845 			}
2846 			nla_nest_end(msg, nested);
2847 		}
2848 		state->split_start++;
2849 		break;
2850 	case 12:
2851 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2852 		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2853 			       rdev->wiphy.max_num_csa_counters))
2854 			goto nla_put_failure;
2855 
2856 		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2857 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2858 			goto nla_put_failure;
2859 
2860 		if (rdev->wiphy.max_sched_scan_reqs &&
2861 		    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2862 				rdev->wiphy.max_sched_scan_reqs))
2863 			goto nla_put_failure;
2864 
2865 		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2866 			    sizeof(rdev->wiphy.ext_features),
2867 			    rdev->wiphy.ext_features))
2868 			goto nla_put_failure;
2869 
2870 		if (rdev->wiphy.bss_select_support) {
2871 			struct nlattr *nested;
2872 			u32 bss_select_support = rdev->wiphy.bss_select_support;
2873 
2874 			nested = nla_nest_start_noflag(msg,
2875 						       NL80211_ATTR_BSS_SELECT);
2876 			if (!nested)
2877 				goto nla_put_failure;
2878 
2879 			i = 0;
2880 			while (bss_select_support) {
2881 				if ((bss_select_support & 1) &&
2882 				    nla_put_flag(msg, i))
2883 					goto nla_put_failure;
2884 				i++;
2885 				bss_select_support >>= 1;
2886 			}
2887 			nla_nest_end(msg, nested);
2888 		}
2889 
2890 		state->split_start++;
2891 		break;
2892 	case 13:
2893 		if (rdev->wiphy.num_iftype_ext_capab &&
2894 		    rdev->wiphy.iftype_ext_capab) {
2895 			struct nlattr *nested_ext_capab, *nested;
2896 
2897 			nested = nla_nest_start_noflag(msg,
2898 						       NL80211_ATTR_IFTYPE_EXT_CAPA);
2899 			if (!nested)
2900 				goto nla_put_failure;
2901 
2902 			for (i = state->capa_start;
2903 			     i < rdev->wiphy.num_iftype_ext_capab; i++) {
2904 				const struct wiphy_iftype_ext_capab *capab;
2905 
2906 				capab = &rdev->wiphy.iftype_ext_capab[i];
2907 
2908 				nested_ext_capab = nla_nest_start_noflag(msg,
2909 									 i);
2910 				if (!nested_ext_capab ||
2911 				    nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2912 						capab->iftype) ||
2913 				    nla_put(msg, NL80211_ATTR_EXT_CAPA,
2914 					    capab->extended_capabilities_len,
2915 					    capab->extended_capabilities) ||
2916 				    nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2917 					    capab->extended_capabilities_len,
2918 					    capab->extended_capabilities_mask))
2919 					goto nla_put_failure;
2920 
2921 				if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO &&
2922 				    (nla_put_u16(msg,
2923 						 NL80211_ATTR_EML_CAPABILITY,
2924 						 capab->eml_capabilities) ||
2925 				     nla_put_u16(msg,
2926 						 NL80211_ATTR_MLD_CAPA_AND_OPS,
2927 						 capab->mld_capa_and_ops)))
2928 					goto nla_put_failure;
2929 
2930 				nla_nest_end(msg, nested_ext_capab);
2931 				if (state->split)
2932 					break;
2933 			}
2934 			nla_nest_end(msg, nested);
2935 			if (i < rdev->wiphy.num_iftype_ext_capab) {
2936 				state->capa_start = i + 1;
2937 				break;
2938 			}
2939 		}
2940 
2941 		if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2942 				rdev->wiphy.nan_supported_bands))
2943 			goto nla_put_failure;
2944 
2945 		if (wiphy_ext_feature_isset(&rdev->wiphy,
2946 					    NL80211_EXT_FEATURE_TXQS)) {
2947 			struct cfg80211_txq_stats txqstats = {};
2948 			int res;
2949 
2950 			res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2951 			if (!res &&
2952 			    !nl80211_put_txq_stats(msg, &txqstats,
2953 						   NL80211_ATTR_TXQ_STATS))
2954 				goto nla_put_failure;
2955 
2956 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2957 					rdev->wiphy.txq_limit))
2958 				goto nla_put_failure;
2959 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2960 					rdev->wiphy.txq_memory_limit))
2961 				goto nla_put_failure;
2962 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2963 					rdev->wiphy.txq_quantum))
2964 				goto nla_put_failure;
2965 		}
2966 
2967 		state->split_start++;
2968 		break;
2969 	case 14:
2970 		if (nl80211_send_pmsr_capa(rdev, msg))
2971 			goto nla_put_failure;
2972 
2973 		state->split_start++;
2974 		break;
2975 	case 15:
2976 		if (rdev->wiphy.akm_suites &&
2977 		    nla_put(msg, NL80211_ATTR_AKM_SUITES,
2978 			    sizeof(u32) * rdev->wiphy.n_akm_suites,
2979 			    rdev->wiphy.akm_suites))
2980 			goto nla_put_failure;
2981 
2982 		if (nl80211_put_iftype_akm_suites(rdev, msg))
2983 			goto nla_put_failure;
2984 
2985 		if (nl80211_put_tid_config_support(rdev, msg))
2986 			goto nla_put_failure;
2987 		state->split_start++;
2988 		break;
2989 	case 16:
2990 		if (nl80211_put_sar_specs(rdev, msg))
2991 			goto nla_put_failure;
2992 
2993 		if (nl80211_put_mbssid_support(&rdev->wiphy, msg))
2994 			goto nla_put_failure;
2995 
2996 		if (nla_put_u16(msg, NL80211_ATTR_MAX_NUM_AKM_SUITES,
2997 				rdev->wiphy.max_num_akm_suites))
2998 			goto nla_put_failure;
2999 
3000 		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO)
3001 			nla_put_flag(msg, NL80211_ATTR_MLO_SUPPORT);
3002 
3003 		if (rdev->wiphy.hw_timestamp_max_peers &&
3004 		    nla_put_u16(msg, NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS,
3005 				rdev->wiphy.hw_timestamp_max_peers))
3006 			goto nla_put_failure;
3007 
3008 		/* done */
3009 		state->split_start = 0;
3010 		break;
3011 	}
3012  finish:
3013 	genlmsg_end(msg, hdr);
3014 	return 0;
3015 
3016  nla_put_failure:
3017 	genlmsg_cancel(msg, hdr);
3018 	return -EMSGSIZE;
3019 }
3020 
3021 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
3022 				    struct netlink_callback *cb,
3023 				    struct nl80211_dump_wiphy_state *state)
3024 {
3025 	struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
3026 	int ret;
3027 
3028 	if (!tb)
3029 		return -ENOMEM;
3030 
3031 	ret = nlmsg_parse_deprecated(cb->nlh,
3032 				     GENL_HDRLEN + nl80211_fam.hdrsize,
3033 				     tb, nl80211_fam.maxattr,
3034 				     nl80211_policy, NULL);
3035 	/* ignore parse errors for backward compatibility */
3036 	if (ret) {
3037 		ret = 0;
3038 		goto out;
3039 	}
3040 
3041 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
3042 	if (tb[NL80211_ATTR_WIPHY])
3043 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
3044 	if (tb[NL80211_ATTR_WDEV])
3045 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
3046 	if (tb[NL80211_ATTR_IFINDEX]) {
3047 		struct net_device *netdev;
3048 		struct cfg80211_registered_device *rdev;
3049 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3050 
3051 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
3052 		if (!netdev) {
3053 			ret = -ENODEV;
3054 			goto out;
3055 		}
3056 		if (netdev->ieee80211_ptr) {
3057 			rdev = wiphy_to_rdev(
3058 				netdev->ieee80211_ptr->wiphy);
3059 			state->filter_wiphy = rdev->wiphy_idx;
3060 		}
3061 	}
3062 
3063 	ret = 0;
3064 out:
3065 	kfree(tb);
3066 	return ret;
3067 }
3068 
3069 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
3070 {
3071 	int idx = 0, ret;
3072 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
3073 	struct cfg80211_registered_device *rdev;
3074 
3075 	rtnl_lock();
3076 	if (!state) {
3077 		state = kzalloc(sizeof(*state), GFP_KERNEL);
3078 		if (!state) {
3079 			rtnl_unlock();
3080 			return -ENOMEM;
3081 		}
3082 		state->filter_wiphy = -1;
3083 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
3084 		if (ret) {
3085 			kfree(state);
3086 			rtnl_unlock();
3087 			return ret;
3088 		}
3089 		cb->args[0] = (long)state;
3090 	}
3091 
3092 	for_each_rdev(rdev) {
3093 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3094 			continue;
3095 		if (++idx <= state->start)
3096 			continue;
3097 		if (state->filter_wiphy != -1 &&
3098 		    state->filter_wiphy != rdev->wiphy_idx)
3099 			continue;
3100 		wiphy_lock(&rdev->wiphy);
3101 		/* attempt to fit multiple wiphy data chunks into the skb */
3102 		do {
3103 			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
3104 						 skb,
3105 						 NETLINK_CB(cb->skb).portid,
3106 						 cb->nlh->nlmsg_seq,
3107 						 NLM_F_MULTI, state);
3108 			if (ret < 0) {
3109 				/*
3110 				 * If sending the wiphy data didn't fit (ENOBUFS
3111 				 * or EMSGSIZE returned), this SKB is still
3112 				 * empty (so it's not too big because another
3113 				 * wiphy dataset is already in the skb) and
3114 				 * we've not tried to adjust the dump allocation
3115 				 * yet ... then adjust the alloc size to be
3116 				 * bigger, and return 1 but with the empty skb.
3117 				 * This results in an empty message being RX'ed
3118 				 * in userspace, but that is ignored.
3119 				 *
3120 				 * We can then retry with the larger buffer.
3121 				 */
3122 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
3123 				    !skb->len && !state->split &&
3124 				    cb->min_dump_alloc < 4096) {
3125 					cb->min_dump_alloc = 4096;
3126 					state->split_start = 0;
3127 					wiphy_unlock(&rdev->wiphy);
3128 					rtnl_unlock();
3129 					return 1;
3130 				}
3131 				idx--;
3132 				break;
3133 			}
3134 		} while (state->split_start > 0);
3135 		wiphy_unlock(&rdev->wiphy);
3136 		break;
3137 	}
3138 	rtnl_unlock();
3139 
3140 	state->start = idx;
3141 
3142 	return skb->len;
3143 }
3144 
3145 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
3146 {
3147 	kfree((void *)cb->args[0]);
3148 	return 0;
3149 }
3150 
3151 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
3152 {
3153 	struct sk_buff *msg;
3154 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3155 	struct nl80211_dump_wiphy_state state = {};
3156 
3157 	msg = nlmsg_new(4096, GFP_KERNEL);
3158 	if (!msg)
3159 		return -ENOMEM;
3160 
3161 	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
3162 			       info->snd_portid, info->snd_seq, 0,
3163 			       &state) < 0) {
3164 		nlmsg_free(msg);
3165 		return -ENOBUFS;
3166 	}
3167 
3168 	return genlmsg_reply(msg, info);
3169 }
3170 
3171 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
3172 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
3173 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
3174 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
3175 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
3176 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
3177 };
3178 
3179 static int parse_txq_params(struct nlattr *tb[],
3180 			    struct ieee80211_txq_params *txq_params)
3181 {
3182 	u8 ac;
3183 
3184 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
3185 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
3186 	    !tb[NL80211_TXQ_ATTR_AIFS])
3187 		return -EINVAL;
3188 
3189 	ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
3190 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
3191 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
3192 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
3193 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
3194 
3195 	if (ac >= NL80211_NUM_ACS)
3196 		return -EINVAL;
3197 	txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
3198 	return 0;
3199 }
3200 
3201 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
3202 {
3203 	/*
3204 	 * You can only set the channel explicitly for some interfaces,
3205 	 * most have their channel managed via their respective
3206 	 * "establish a connection" command (connect, join, ...)
3207 	 *
3208 	 * For AP/GO and mesh mode, the channel can be set with the
3209 	 * channel userspace API, but is only stored and passed to the
3210 	 * low-level driver when the AP starts or the mesh is joined.
3211 	 * This is for backward compatibility, userspace can also give
3212 	 * the channel in the start-ap or join-mesh commands instead.
3213 	 *
3214 	 * Monitors are special as they are normally slaved to
3215 	 * whatever else is going on, so they have their own special
3216 	 * operation to set the monitor channel if possible.
3217 	 */
3218 	return !wdev ||
3219 		wdev->iftype == NL80211_IFTYPE_AP ||
3220 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
3221 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
3222 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
3223 }
3224 
3225 static int _nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3226 				  struct genl_info *info, bool monitor,
3227 				  struct cfg80211_chan_def *chandef)
3228 {
3229 	struct netlink_ext_ack *extack = info->extack;
3230 	struct nlattr **attrs = info->attrs;
3231 	u32 control_freq;
3232 
3233 	if (!attrs[NL80211_ATTR_WIPHY_FREQ]) {
3234 		NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3235 				    "Frequency is missing");
3236 		return -EINVAL;
3237 	}
3238 
3239 	control_freq = MHZ_TO_KHZ(
3240 			nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3241 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
3242 		control_freq +=
3243 		    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
3244 
3245 	memset(chandef, 0, sizeof(*chandef));
3246 	chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
3247 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
3248 	chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
3249 	chandef->freq1_offset = control_freq % 1000;
3250 	chandef->center_freq2 = 0;
3251 
3252 	if (!chandef->chan) {
3253 		NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3254 				    "Unknown channel");
3255 		return -EINVAL;
3256 	}
3257 
3258 	if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
3259 		enum nl80211_channel_type chantype;
3260 
3261 		chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
3262 
3263 		switch (chantype) {
3264 		case NL80211_CHAN_NO_HT:
3265 		case NL80211_CHAN_HT20:
3266 		case NL80211_CHAN_HT40PLUS:
3267 		case NL80211_CHAN_HT40MINUS:
3268 			cfg80211_chandef_create(chandef, chandef->chan,
3269 						chantype);
3270 			/* user input for center_freq is incorrect */
3271 			if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
3272 			    chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
3273 				NL_SET_ERR_MSG_ATTR(extack,
3274 						    attrs[NL80211_ATTR_CENTER_FREQ1],
3275 						    "bad center frequency 1");
3276 				return -EINVAL;
3277 			}
3278 			/* center_freq2 must be zero */
3279 			if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
3280 			    nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
3281 				NL_SET_ERR_MSG_ATTR(extack,
3282 						    attrs[NL80211_ATTR_CENTER_FREQ2],
3283 						    "center frequency 2 can't be used");
3284 				return -EINVAL;
3285 			}
3286 			break;
3287 		default:
3288 			NL_SET_ERR_MSG_ATTR(extack,
3289 					    attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3290 					    "invalid channel type");
3291 			return -EINVAL;
3292 		}
3293 	} else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
3294 		chandef->width =
3295 			nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
3296 		if (chandef->chan->band == NL80211_BAND_S1GHZ) {
3297 			/* User input error for channel width doesn't match channel  */
3298 			if (chandef->width != ieee80211_s1g_channel_width(chandef->chan)) {
3299 				NL_SET_ERR_MSG_ATTR(extack,
3300 						    attrs[NL80211_ATTR_CHANNEL_WIDTH],
3301 						    "bad channel width");
3302 				return -EINVAL;
3303 			}
3304 		}
3305 		if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
3306 			chandef->center_freq1 =
3307 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
3308 			if (attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET])
3309 				chandef->freq1_offset = nla_get_u32(
3310 				      attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]);
3311 			else
3312 				chandef->freq1_offset = 0;
3313 		}
3314 		if (attrs[NL80211_ATTR_CENTER_FREQ2])
3315 			chandef->center_freq2 =
3316 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
3317 	}
3318 
3319 	if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
3320 		chandef->edmg.channels =
3321 		      nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
3322 
3323 		if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
3324 			chandef->edmg.bw_config =
3325 		     nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
3326 	} else {
3327 		chandef->edmg.bw_config = 0;
3328 		chandef->edmg.channels = 0;
3329 	}
3330 
3331 	if (info->attrs[NL80211_ATTR_PUNCT_BITMAP]) {
3332 		chandef->punctured =
3333 			nla_get_u32(info->attrs[NL80211_ATTR_PUNCT_BITMAP]);
3334 
3335 		if (chandef->punctured &&
3336 		    !wiphy_ext_feature_isset(&rdev->wiphy,
3337 					     NL80211_EXT_FEATURE_PUNCT)) {
3338 			NL_SET_ERR_MSG(extack,
3339 				       "driver doesn't support puncturing");
3340 			return -EINVAL;
3341 		}
3342 	}
3343 
3344 	if (!cfg80211_chandef_valid(chandef)) {
3345 		NL_SET_ERR_MSG(extack, "invalid channel definition");
3346 		return -EINVAL;
3347 	}
3348 
3349 	if (!_cfg80211_chandef_usable(&rdev->wiphy, chandef,
3350 				      IEEE80211_CHAN_DISABLED,
3351 				      monitor)) {
3352 		NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
3353 		return -EINVAL;
3354 	}
3355 
3356 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
3357 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
3358 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
3359 		NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
3360 		return -EINVAL;
3361 	}
3362 
3363 	return 0;
3364 }
3365 
3366 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3367 			  struct genl_info *info,
3368 			  struct cfg80211_chan_def *chandef)
3369 {
3370 	return _nl80211_parse_chandef(rdev, info, false, chandef);
3371 }
3372 
3373 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
3374 				 struct net_device *dev,
3375 				 struct genl_info *info,
3376 				 int _link_id)
3377 {
3378 	struct cfg80211_chan_def chandef;
3379 	int result;
3380 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
3381 	struct wireless_dev *wdev = NULL;
3382 	int link_id = _link_id;
3383 
3384 	if (dev)
3385 		wdev = dev->ieee80211_ptr;
3386 	if (!nl80211_can_set_dev_channel(wdev))
3387 		return -EOPNOTSUPP;
3388 	if (wdev)
3389 		iftype = wdev->iftype;
3390 
3391 	if (link_id < 0) {
3392 		if (wdev && wdev->valid_links)
3393 			return -EINVAL;
3394 		link_id = 0;
3395 	}
3396 
3397 	result = _nl80211_parse_chandef(rdev, info,
3398 					iftype == NL80211_IFTYPE_MONITOR,
3399 					&chandef);
3400 	if (result)
3401 		return result;
3402 
3403 	switch (iftype) {
3404 	case NL80211_IFTYPE_AP:
3405 	case NL80211_IFTYPE_P2P_GO:
3406 		if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
3407 						   iftype))
3408 			return -EINVAL;
3409 		if (wdev->links[link_id].ap.beacon_interval) {
3410 			struct ieee80211_channel *cur_chan;
3411 
3412 			if (!dev || !rdev->ops->set_ap_chanwidth ||
3413 			    !(rdev->wiphy.features &
3414 			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE))
3415 				return -EBUSY;
3416 
3417 			/* Only allow dynamic channel width changes */
3418 			cur_chan = wdev->links[link_id].ap.chandef.chan;
3419 			if (chandef.chan != cur_chan)
3420 				return -EBUSY;
3421 
3422 			result = rdev_set_ap_chanwidth(rdev, dev, link_id,
3423 						       &chandef);
3424 			if (result)
3425 				return result;
3426 			wdev->links[link_id].ap.chandef = chandef;
3427 		} else {
3428 			wdev->u.ap.preset_chandef = chandef;
3429 		}
3430 		return 0;
3431 	case NL80211_IFTYPE_MESH_POINT:
3432 		return cfg80211_set_mesh_channel(rdev, wdev, &chandef);
3433 	case NL80211_IFTYPE_MONITOR:
3434 		return cfg80211_set_monitor_channel(rdev, &chandef);
3435 	default:
3436 		break;
3437 	}
3438 
3439 	return -EINVAL;
3440 }
3441 
3442 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
3443 {
3444 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3445 	int link_id = nl80211_link_id_or_invalid(info->attrs);
3446 	struct net_device *netdev = info->user_ptr[1];
3447 
3448 	return __nl80211_set_channel(rdev, netdev, info, link_id);
3449 }
3450 
3451 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
3452 {
3453 	struct cfg80211_registered_device *rdev = NULL;
3454 	struct net_device *netdev = NULL;
3455 	struct wireless_dev *wdev;
3456 	int result = 0, rem_txq_params = 0;
3457 	struct nlattr *nl_txq_params;
3458 	u32 changed;
3459 	u8 retry_short = 0, retry_long = 0;
3460 	u32 frag_threshold = 0, rts_threshold = 0;
3461 	u8 coverage_class = 0;
3462 	u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3463 
3464 	rtnl_lock();
3465 	/*
3466 	 * Try to find the wiphy and netdev. Normally this
3467 	 * function shouldn't need the netdev, but this is
3468 	 * done for backward compatibility -- previously
3469 	 * setting the channel was done per wiphy, but now
3470 	 * it is per netdev. Previous userland like hostapd
3471 	 * also passed a netdev to set_wiphy, so that it is
3472 	 * possible to let that go to the right netdev!
3473 	 */
3474 
3475 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
3476 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3477 
3478 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3479 		if (netdev && netdev->ieee80211_ptr)
3480 			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3481 		else
3482 			netdev = NULL;
3483 	}
3484 
3485 	if (!netdev) {
3486 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3487 						  info->attrs);
3488 		if (IS_ERR(rdev)) {
3489 			rtnl_unlock();
3490 			return PTR_ERR(rdev);
3491 		}
3492 		wdev = NULL;
3493 		netdev = NULL;
3494 		result = 0;
3495 	} else
3496 		wdev = netdev->ieee80211_ptr;
3497 
3498 	wiphy_lock(&rdev->wiphy);
3499 
3500 	/*
3501 	 * end workaround code, by now the rdev is available
3502 	 * and locked, and wdev may or may not be NULL.
3503 	 */
3504 
3505 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3506 		result = cfg80211_dev_rename(
3507 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3508 	rtnl_unlock();
3509 
3510 	if (result)
3511 		goto out;
3512 
3513 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3514 		struct ieee80211_txq_params txq_params;
3515 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3516 
3517 		if (!rdev->ops->set_txq_params) {
3518 			result = -EOPNOTSUPP;
3519 			goto out;
3520 		}
3521 
3522 		if (!netdev) {
3523 			result = -EINVAL;
3524 			goto out;
3525 		}
3526 
3527 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3528 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3529 			result = -EINVAL;
3530 			goto out;
3531 		}
3532 
3533 		if (!netif_running(netdev)) {
3534 			result = -ENETDOWN;
3535 			goto out;
3536 		}
3537 
3538 		nla_for_each_nested(nl_txq_params,
3539 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3540 				    rem_txq_params) {
3541 			result = nla_parse_nested_deprecated(tb,
3542 							     NL80211_TXQ_ATTR_MAX,
3543 							     nl_txq_params,
3544 							     txq_params_policy,
3545 							     info->extack);
3546 			if (result)
3547 				goto out;
3548 			result = parse_txq_params(tb, &txq_params);
3549 			if (result)
3550 				goto out;
3551 
3552 			txq_params.link_id =
3553 				nl80211_link_id_or_invalid(info->attrs);
3554 
3555 			if (txq_params.link_id >= 0 &&
3556 			    !(netdev->ieee80211_ptr->valid_links &
3557 			      BIT(txq_params.link_id)))
3558 				result = -ENOLINK;
3559 			else if (txq_params.link_id >= 0 &&
3560 				 !netdev->ieee80211_ptr->valid_links)
3561 				result = -EINVAL;
3562 			else
3563 				result = rdev_set_txq_params(rdev, netdev,
3564 							     &txq_params);
3565 			if (result)
3566 				goto out;
3567 		}
3568 	}
3569 
3570 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3571 		int link_id = nl80211_link_id_or_invalid(info->attrs);
3572 
3573 		if (wdev) {
3574 			result = __nl80211_set_channel(
3575 				rdev,
3576 				nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3577 				info, link_id);
3578 		} else {
3579 			result = __nl80211_set_channel(rdev, netdev, info, link_id);
3580 		}
3581 
3582 		if (result)
3583 			goto out;
3584 	}
3585 
3586 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3587 		struct wireless_dev *txp_wdev = wdev;
3588 		enum nl80211_tx_power_setting type;
3589 		int idx, mbm = 0;
3590 
3591 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3592 			txp_wdev = NULL;
3593 
3594 		if (!rdev->ops->set_tx_power) {
3595 			result = -EOPNOTSUPP;
3596 			goto out;
3597 		}
3598 
3599 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3600 		type = nla_get_u32(info->attrs[idx]);
3601 
3602 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
3603 		    (type != NL80211_TX_POWER_AUTOMATIC)) {
3604 			result = -EINVAL;
3605 			goto out;
3606 		}
3607 
3608 		if (type != NL80211_TX_POWER_AUTOMATIC) {
3609 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
3610 			mbm = nla_get_u32(info->attrs[idx]);
3611 		}
3612 
3613 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
3614 		if (result)
3615 			goto out;
3616 	}
3617 
3618 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
3619 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
3620 		u32 tx_ant, rx_ant;
3621 
3622 		if ((!rdev->wiphy.available_antennas_tx &&
3623 		     !rdev->wiphy.available_antennas_rx) ||
3624 		    !rdev->ops->set_antenna) {
3625 			result = -EOPNOTSUPP;
3626 			goto out;
3627 		}
3628 
3629 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3630 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3631 
3632 		/* reject antenna configurations which don't match the
3633 		 * available antenna masks, except for the "all" mask */
3634 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3635 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
3636 			result = -EINVAL;
3637 			goto out;
3638 		}
3639 
3640 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3641 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3642 
3643 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3644 		if (result)
3645 			goto out;
3646 	}
3647 
3648 	changed = 0;
3649 
3650 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3651 		retry_short = nla_get_u8(
3652 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3653 
3654 		changed |= WIPHY_PARAM_RETRY_SHORT;
3655 	}
3656 
3657 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3658 		retry_long = nla_get_u8(
3659 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3660 
3661 		changed |= WIPHY_PARAM_RETRY_LONG;
3662 	}
3663 
3664 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3665 		frag_threshold = nla_get_u32(
3666 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3667 		if (frag_threshold < 256) {
3668 			result = -EINVAL;
3669 			goto out;
3670 		}
3671 
3672 		if (frag_threshold != (u32) -1) {
3673 			/*
3674 			 * Fragments (apart from the last one) are required to
3675 			 * have even length. Make the fragmentation code
3676 			 * simpler by stripping LSB should someone try to use
3677 			 * odd threshold value.
3678 			 */
3679 			frag_threshold &= ~0x1;
3680 		}
3681 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3682 	}
3683 
3684 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3685 		rts_threshold = nla_get_u32(
3686 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3687 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
3688 	}
3689 
3690 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3691 		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3692 			result = -EINVAL;
3693 			goto out;
3694 		}
3695 
3696 		coverage_class = nla_get_u8(
3697 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3698 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
3699 	}
3700 
3701 	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3702 		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION)) {
3703 			result = -EOPNOTSUPP;
3704 			goto out;
3705 		}
3706 
3707 		changed |= WIPHY_PARAM_DYN_ACK;
3708 	}
3709 
3710 	if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3711 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3712 					     NL80211_EXT_FEATURE_TXQS)) {
3713 			result = -EOPNOTSUPP;
3714 			goto out;
3715 		}
3716 		txq_limit = nla_get_u32(
3717 			info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3718 		changed |= WIPHY_PARAM_TXQ_LIMIT;
3719 	}
3720 
3721 	if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3722 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3723 					     NL80211_EXT_FEATURE_TXQS)) {
3724 			result = -EOPNOTSUPP;
3725 			goto out;
3726 		}
3727 		txq_memory_limit = nla_get_u32(
3728 			info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3729 		changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3730 	}
3731 
3732 	if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3733 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3734 					     NL80211_EXT_FEATURE_TXQS)) {
3735 			result = -EOPNOTSUPP;
3736 			goto out;
3737 		}
3738 		txq_quantum = nla_get_u32(
3739 			info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3740 		changed |= WIPHY_PARAM_TXQ_QUANTUM;
3741 	}
3742 
3743 	if (changed) {
3744 		u8 old_retry_short, old_retry_long;
3745 		u32 old_frag_threshold, old_rts_threshold;
3746 		u8 old_coverage_class;
3747 		u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3748 
3749 		if (!rdev->ops->set_wiphy_params) {
3750 			result = -EOPNOTSUPP;
3751 			goto out;
3752 		}
3753 
3754 		old_retry_short = rdev->wiphy.retry_short;
3755 		old_retry_long = rdev->wiphy.retry_long;
3756 		old_frag_threshold = rdev->wiphy.frag_threshold;
3757 		old_rts_threshold = rdev->wiphy.rts_threshold;
3758 		old_coverage_class = rdev->wiphy.coverage_class;
3759 		old_txq_limit = rdev->wiphy.txq_limit;
3760 		old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3761 		old_txq_quantum = rdev->wiphy.txq_quantum;
3762 
3763 		if (changed & WIPHY_PARAM_RETRY_SHORT)
3764 			rdev->wiphy.retry_short = retry_short;
3765 		if (changed & WIPHY_PARAM_RETRY_LONG)
3766 			rdev->wiphy.retry_long = retry_long;
3767 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3768 			rdev->wiphy.frag_threshold = frag_threshold;
3769 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3770 			rdev->wiphy.rts_threshold = rts_threshold;
3771 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3772 			rdev->wiphy.coverage_class = coverage_class;
3773 		if (changed & WIPHY_PARAM_TXQ_LIMIT)
3774 			rdev->wiphy.txq_limit = txq_limit;
3775 		if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3776 			rdev->wiphy.txq_memory_limit = txq_memory_limit;
3777 		if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3778 			rdev->wiphy.txq_quantum = txq_quantum;
3779 
3780 		result = rdev_set_wiphy_params(rdev, changed);
3781 		if (result) {
3782 			rdev->wiphy.retry_short = old_retry_short;
3783 			rdev->wiphy.retry_long = old_retry_long;
3784 			rdev->wiphy.frag_threshold = old_frag_threshold;
3785 			rdev->wiphy.rts_threshold = old_rts_threshold;
3786 			rdev->wiphy.coverage_class = old_coverage_class;
3787 			rdev->wiphy.txq_limit = old_txq_limit;
3788 			rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3789 			rdev->wiphy.txq_quantum = old_txq_quantum;
3790 			goto out;
3791 		}
3792 	}
3793 
3794 	result = 0;
3795 
3796 out:
3797 	wiphy_unlock(&rdev->wiphy);
3798 	return result;
3799 }
3800 
3801 int nl80211_send_chandef(struct sk_buff *msg, const struct cfg80211_chan_def *chandef)
3802 {
3803 	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3804 		return -EINVAL;
3805 
3806 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3807 			chandef->chan->center_freq))
3808 		return -ENOBUFS;
3809 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
3810 			chandef->chan->freq_offset))
3811 		return -ENOBUFS;
3812 	switch (chandef->width) {
3813 	case NL80211_CHAN_WIDTH_20_NOHT:
3814 	case NL80211_CHAN_WIDTH_20:
3815 	case NL80211_CHAN_WIDTH_40:
3816 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3817 				cfg80211_get_chandef_type(chandef)))
3818 			return -ENOBUFS;
3819 		break;
3820 	default:
3821 		break;
3822 	}
3823 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3824 		return -ENOBUFS;
3825 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3826 		return -ENOBUFS;
3827 	if (chandef->center_freq2 &&
3828 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3829 		return -ENOBUFS;
3830 	if (chandef->punctured &&
3831 	    nla_put_u32(msg, NL80211_ATTR_PUNCT_BITMAP, chandef->punctured))
3832 		return -ENOBUFS;
3833 
3834 	return 0;
3835 }
3836 EXPORT_SYMBOL(nl80211_send_chandef);
3837 
3838 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3839 			      struct cfg80211_registered_device *rdev,
3840 			      struct wireless_dev *wdev,
3841 			      enum nl80211_commands cmd)
3842 {
3843 	struct net_device *dev = wdev->netdev;
3844 	void *hdr;
3845 
3846 	lockdep_assert_wiphy(&rdev->wiphy);
3847 
3848 	WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3849 		cmd != NL80211_CMD_DEL_INTERFACE &&
3850 		cmd != NL80211_CMD_SET_INTERFACE);
3851 
3852 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3853 	if (!hdr)
3854 		return -1;
3855 
3856 	if (dev &&
3857 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3858 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3859 		goto nla_put_failure;
3860 
3861 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3862 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3863 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3864 			      NL80211_ATTR_PAD) ||
3865 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3866 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
3867 			rdev->devlist_generation ^
3868 			(cfg80211_rdev_list_generation << 2)) ||
3869 	    nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3870 		goto nla_put_failure;
3871 
3872 	if (rdev->ops->get_channel && !wdev->valid_links) {
3873 		struct cfg80211_chan_def chandef = {};
3874 		int ret;
3875 
3876 		ret = rdev_get_channel(rdev, wdev, 0, &chandef);
3877 		if (ret == 0 && nl80211_send_chandef(msg, &chandef))
3878 			goto nla_put_failure;
3879 	}
3880 
3881 	if (rdev->ops->get_tx_power) {
3882 		int dbm, ret;
3883 
3884 		ret = rdev_get_tx_power(rdev, wdev, &dbm);
3885 		if (ret == 0 &&
3886 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3887 				DBM_TO_MBM(dbm)))
3888 			goto nla_put_failure;
3889 	}
3890 
3891 	switch (wdev->iftype) {
3892 	case NL80211_IFTYPE_AP:
3893 	case NL80211_IFTYPE_P2P_GO:
3894 		if (wdev->u.ap.ssid_len &&
3895 		    nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
3896 			    wdev->u.ap.ssid))
3897 			goto nla_put_failure;
3898 		break;
3899 	case NL80211_IFTYPE_STATION:
3900 	case NL80211_IFTYPE_P2P_CLIENT:
3901 		if (wdev->u.client.ssid_len &&
3902 		    nla_put(msg, NL80211_ATTR_SSID, wdev->u.client.ssid_len,
3903 			    wdev->u.client.ssid))
3904 			goto nla_put_failure;
3905 		break;
3906 	case NL80211_IFTYPE_ADHOC:
3907 		if (wdev->u.ibss.ssid_len &&
3908 		    nla_put(msg, NL80211_ATTR_SSID, wdev->u.ibss.ssid_len,
3909 			    wdev->u.ibss.ssid))
3910 			goto nla_put_failure;
3911 		break;
3912 	default:
3913 		/* nothing */
3914 		break;
3915 	}
3916 
3917 	if (rdev->ops->get_txq_stats) {
3918 		struct cfg80211_txq_stats txqstats = {};
3919 		int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3920 
3921 		if (ret == 0 &&
3922 		    !nl80211_put_txq_stats(msg, &txqstats,
3923 					   NL80211_ATTR_TXQ_STATS))
3924 			goto nla_put_failure;
3925 	}
3926 
3927 	if (wdev->valid_links) {
3928 		unsigned int link_id;
3929 		struct nlattr *links = nla_nest_start(msg,
3930 						      NL80211_ATTR_MLO_LINKS);
3931 
3932 		if (!links)
3933 			goto nla_put_failure;
3934 
3935 		for_each_valid_link(wdev, link_id) {
3936 			struct nlattr *link = nla_nest_start(msg, link_id + 1);
3937 			struct cfg80211_chan_def chandef = {};
3938 			int ret;
3939 
3940 			if (!link)
3941 				goto nla_put_failure;
3942 
3943 			if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
3944 				goto nla_put_failure;
3945 			if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
3946 				    wdev->links[link_id].addr))
3947 				goto nla_put_failure;
3948 
3949 			ret = rdev_get_channel(rdev, wdev, link_id, &chandef);
3950 			if (ret == 0 && nl80211_send_chandef(msg, &chandef))
3951 				goto nla_put_failure;
3952 
3953 			nla_nest_end(msg, link);
3954 		}
3955 
3956 		nla_nest_end(msg, links);
3957 	}
3958 
3959 	genlmsg_end(msg, hdr);
3960 	return 0;
3961 
3962  nla_put_failure:
3963 	genlmsg_cancel(msg, hdr);
3964 	return -EMSGSIZE;
3965 }
3966 
3967 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3968 {
3969 	int wp_idx = 0;
3970 	int if_idx = 0;
3971 	int wp_start = cb->args[0];
3972 	int if_start = cb->args[1];
3973 	int filter_wiphy = -1;
3974 	struct cfg80211_registered_device *rdev;
3975 	struct wireless_dev *wdev;
3976 	int ret;
3977 
3978 	rtnl_lock();
3979 	if (!cb->args[2]) {
3980 		struct nl80211_dump_wiphy_state state = {
3981 			.filter_wiphy = -1,
3982 		};
3983 
3984 		ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3985 		if (ret)
3986 			goto out_unlock;
3987 
3988 		filter_wiphy = state.filter_wiphy;
3989 
3990 		/*
3991 		 * if filtering, set cb->args[2] to +1 since 0 is the default
3992 		 * value needed to determine that parsing is necessary.
3993 		 */
3994 		if (filter_wiphy >= 0)
3995 			cb->args[2] = filter_wiphy + 1;
3996 		else
3997 			cb->args[2] = -1;
3998 	} else if (cb->args[2] > 0) {
3999 		filter_wiphy = cb->args[2] - 1;
4000 	}
4001 
4002 	for_each_rdev(rdev) {
4003 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
4004 			continue;
4005 		if (wp_idx < wp_start) {
4006 			wp_idx++;
4007 			continue;
4008 		}
4009 
4010 		if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
4011 			continue;
4012 
4013 		if_idx = 0;
4014 
4015 		wiphy_lock(&rdev->wiphy);
4016 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4017 			if (if_idx < if_start) {
4018 				if_idx++;
4019 				continue;
4020 			}
4021 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
4022 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4023 					       rdev, wdev,
4024 					       NL80211_CMD_NEW_INTERFACE) < 0) {
4025 				wiphy_unlock(&rdev->wiphy);
4026 				goto out;
4027 			}
4028 			if_idx++;
4029 		}
4030 		wiphy_unlock(&rdev->wiphy);
4031 
4032 		if_start = 0;
4033 		wp_idx++;
4034 	}
4035  out:
4036 	cb->args[0] = wp_idx;
4037 	cb->args[1] = if_idx;
4038 
4039 	ret = skb->len;
4040  out_unlock:
4041 	rtnl_unlock();
4042 
4043 	return ret;
4044 }
4045 
4046 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
4047 {
4048 	struct sk_buff *msg;
4049 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4050 	struct wireless_dev *wdev = info->user_ptr[1];
4051 
4052 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4053 	if (!msg)
4054 		return -ENOMEM;
4055 
4056 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4057 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4058 		nlmsg_free(msg);
4059 		return -ENOBUFS;
4060 	}
4061 
4062 	return genlmsg_reply(msg, info);
4063 }
4064 
4065 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
4066 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
4067 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
4068 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
4069 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
4070 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
4071 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
4072 };
4073 
4074 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
4075 {
4076 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
4077 	int flag;
4078 
4079 	*mntrflags = 0;
4080 
4081 	if (!nla)
4082 		return -EINVAL;
4083 
4084 	if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
4085 		return -EINVAL;
4086 
4087 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
4088 		if (flags[flag])
4089 			*mntrflags |= (1<<flag);
4090 
4091 	*mntrflags |= MONITOR_FLAG_CHANGED;
4092 
4093 	return 0;
4094 }
4095 
4096 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
4097 				     enum nl80211_iftype type,
4098 				     struct genl_info *info,
4099 				     struct vif_params *params)
4100 {
4101 	bool change = false;
4102 	int err;
4103 
4104 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
4105 		if (type != NL80211_IFTYPE_MONITOR)
4106 			return -EINVAL;
4107 
4108 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
4109 					  &params->flags);
4110 		if (err)
4111 			return err;
4112 
4113 		change = true;
4114 	}
4115 
4116 	if (params->flags & MONITOR_FLAG_ACTIVE &&
4117 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
4118 		return -EOPNOTSUPP;
4119 
4120 	if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
4121 		const u8 *mumimo_groups;
4122 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4123 
4124 		if (type != NL80211_IFTYPE_MONITOR)
4125 			return -EINVAL;
4126 
4127 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4128 			return -EOPNOTSUPP;
4129 
4130 		mumimo_groups =
4131 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
4132 
4133 		/* bits 0 and 63 are reserved and must be zero */
4134 		if ((mumimo_groups[0] & BIT(0)) ||
4135 		    (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
4136 			return -EINVAL;
4137 
4138 		params->vht_mumimo_groups = mumimo_groups;
4139 		change = true;
4140 	}
4141 
4142 	if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
4143 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4144 
4145 		if (type != NL80211_IFTYPE_MONITOR)
4146 			return -EINVAL;
4147 
4148 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4149 			return -EOPNOTSUPP;
4150 
4151 		params->vht_mumimo_follow_addr =
4152 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
4153 		change = true;
4154 	}
4155 
4156 	return change ? 1 : 0;
4157 }
4158 
4159 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
4160 			       struct net_device *netdev, u8 use_4addr,
4161 			       enum nl80211_iftype iftype)
4162 {
4163 	if (!use_4addr) {
4164 		if (netdev && netif_is_bridge_port(netdev))
4165 			return -EBUSY;
4166 		return 0;
4167 	}
4168 
4169 	switch (iftype) {
4170 	case NL80211_IFTYPE_AP_VLAN:
4171 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
4172 			return 0;
4173 		break;
4174 	case NL80211_IFTYPE_STATION:
4175 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
4176 			return 0;
4177 		break;
4178 	default:
4179 		break;
4180 	}
4181 
4182 	return -EOPNOTSUPP;
4183 }
4184 
4185 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
4186 {
4187 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4188 	struct vif_params params;
4189 	int err;
4190 	enum nl80211_iftype otype, ntype;
4191 	struct net_device *dev = info->user_ptr[1];
4192 	bool change = false;
4193 
4194 	memset(&params, 0, sizeof(params));
4195 
4196 	otype = ntype = dev->ieee80211_ptr->iftype;
4197 
4198 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
4199 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4200 		if (otype != ntype)
4201 			change = true;
4202 	}
4203 
4204 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
4205 		struct wireless_dev *wdev = dev->ieee80211_ptr;
4206 
4207 		if (ntype != NL80211_IFTYPE_MESH_POINT)
4208 			return -EINVAL;
4209 		if (otype != NL80211_IFTYPE_MESH_POINT)
4210 			return -EINVAL;
4211 		if (netif_running(dev))
4212 			return -EBUSY;
4213 
4214 		wdev->u.mesh.id_up_len =
4215 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4216 		memcpy(wdev->u.mesh.id,
4217 		       nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4218 		       wdev->u.mesh.id_up_len);
4219 	}
4220 
4221 	if (info->attrs[NL80211_ATTR_4ADDR]) {
4222 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4223 		change = true;
4224 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
4225 		if (err)
4226 			return err;
4227 	} else {
4228 		params.use_4addr = -1;
4229 	}
4230 
4231 	err = nl80211_parse_mon_options(rdev, ntype, info, &params);
4232 	if (err < 0)
4233 		return err;
4234 	if (err > 0)
4235 		change = true;
4236 
4237 	if (change)
4238 		err = cfg80211_change_iface(rdev, dev, ntype, &params);
4239 	else
4240 		err = 0;
4241 
4242 	if (!err && params.use_4addr != -1)
4243 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
4244 
4245 	if (change && !err) {
4246 		struct wireless_dev *wdev = dev->ieee80211_ptr;
4247 
4248 		nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
4249 	}
4250 
4251 	return err;
4252 }
4253 
4254 static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4255 {
4256 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4257 	struct vif_params params;
4258 	struct wireless_dev *wdev;
4259 	struct sk_buff *msg;
4260 	int err;
4261 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
4262 
4263 	memset(&params, 0, sizeof(params));
4264 
4265 	if (!info->attrs[NL80211_ATTR_IFNAME])
4266 		return -EINVAL;
4267 
4268 	if (info->attrs[NL80211_ATTR_IFTYPE])
4269 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4270 
4271 	if (!rdev->ops->add_virtual_intf)
4272 		return -EOPNOTSUPP;
4273 
4274 	if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
4275 	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
4276 	    info->attrs[NL80211_ATTR_MAC]) {
4277 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
4278 			   ETH_ALEN);
4279 		if (!is_valid_ether_addr(params.macaddr))
4280 			return -EADDRNOTAVAIL;
4281 	}
4282 
4283 	if (info->attrs[NL80211_ATTR_4ADDR]) {
4284 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4285 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
4286 		if (err)
4287 			return err;
4288 	}
4289 
4290 	if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
4291 		return -EOPNOTSUPP;
4292 
4293 	err = nl80211_parse_mon_options(rdev, type, info, &params);
4294 	if (err < 0)
4295 		return err;
4296 
4297 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4298 	if (!msg)
4299 		return -ENOMEM;
4300 
4301 	wdev = rdev_add_virtual_intf(rdev,
4302 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
4303 				NET_NAME_USER, type, &params);
4304 	if (WARN_ON(!wdev)) {
4305 		nlmsg_free(msg);
4306 		return -EPROTO;
4307 	} else if (IS_ERR(wdev)) {
4308 		nlmsg_free(msg);
4309 		return PTR_ERR(wdev);
4310 	}
4311 
4312 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4313 		wdev->owner_nlportid = info->snd_portid;
4314 
4315 	switch (type) {
4316 	case NL80211_IFTYPE_MESH_POINT:
4317 		if (!info->attrs[NL80211_ATTR_MESH_ID])
4318 			break;
4319 		wdev->u.mesh.id_up_len =
4320 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4321 		memcpy(wdev->u.mesh.id,
4322 		       nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4323 		       wdev->u.mesh.id_up_len);
4324 		break;
4325 	case NL80211_IFTYPE_NAN:
4326 	case NL80211_IFTYPE_P2P_DEVICE:
4327 		/*
4328 		 * P2P Device and NAN do not have a netdev, so don't go
4329 		 * through the netdev notifier and must be added here
4330 		 */
4331 		cfg80211_init_wdev(wdev);
4332 		cfg80211_register_wdev(rdev, wdev);
4333 		break;
4334 	default:
4335 		break;
4336 	}
4337 
4338 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4339 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4340 		nlmsg_free(msg);
4341 		return -ENOBUFS;
4342 	}
4343 
4344 	return genlmsg_reply(msg, info);
4345 }
4346 
4347 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4348 {
4349 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4350 	int ret;
4351 
4352 	/* to avoid failing a new interface creation due to pending removal */
4353 	cfg80211_destroy_ifaces(rdev);
4354 
4355 	wiphy_lock(&rdev->wiphy);
4356 	ret = _nl80211_new_interface(skb, info);
4357 	wiphy_unlock(&rdev->wiphy);
4358 
4359 	return ret;
4360 }
4361 
4362 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
4363 {
4364 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4365 	struct wireless_dev *wdev = info->user_ptr[1];
4366 
4367 	if (!rdev->ops->del_virtual_intf)
4368 		return -EOPNOTSUPP;
4369 
4370 	/*
4371 	 * We hold RTNL, so this is safe, without RTNL opencount cannot
4372 	 * reach 0, and thus the rdev cannot be deleted.
4373 	 *
4374 	 * We need to do it for the dev_close(), since that will call
4375 	 * the netdev notifiers, and we need to acquire the mutex there
4376 	 * but don't know if we get there from here or from some other
4377 	 * place (e.g. "ip link set ... down").
4378 	 */
4379 	mutex_unlock(&rdev->wiphy.mtx);
4380 
4381 	/*
4382 	 * If we remove a wireless device without a netdev then clear
4383 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
4384 	 * to check if it needs to do dev_put(). Otherwise it crashes
4385 	 * since the wdev has been freed, unlike with a netdev where
4386 	 * we need the dev_put() for the netdev to really be freed.
4387 	 */
4388 	if (!wdev->netdev)
4389 		info->user_ptr[1] = NULL;
4390 	else
4391 		dev_close(wdev->netdev);
4392 
4393 	mutex_lock(&rdev->wiphy.mtx);
4394 
4395 	return cfg80211_remove_virtual_intf(rdev, wdev);
4396 }
4397 
4398 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
4399 {
4400 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4401 	struct net_device *dev = info->user_ptr[1];
4402 	u16 noack_map;
4403 
4404 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
4405 		return -EINVAL;
4406 
4407 	if (!rdev->ops->set_noack_map)
4408 		return -EOPNOTSUPP;
4409 
4410 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
4411 
4412 	return rdev_set_noack_map(rdev, dev, noack_map);
4413 }
4414 
4415 static int nl80211_validate_key_link_id(struct genl_info *info,
4416 					struct wireless_dev *wdev,
4417 					int link_id, bool pairwise)
4418 {
4419 	if (pairwise) {
4420 		if (link_id != -1) {
4421 			GENL_SET_ERR_MSG(info,
4422 					 "link ID not allowed for pairwise key");
4423 			return -EINVAL;
4424 		}
4425 
4426 		return 0;
4427 	}
4428 
4429 	if (wdev->valid_links) {
4430 		if (link_id == -1) {
4431 			GENL_SET_ERR_MSG(info,
4432 					 "link ID must for MLO group key");
4433 			return -EINVAL;
4434 		}
4435 		if (!(wdev->valid_links & BIT(link_id))) {
4436 			GENL_SET_ERR_MSG(info, "invalid link ID for MLO group key");
4437 			return -EINVAL;
4438 		}
4439 	} else if (link_id != -1) {
4440 		GENL_SET_ERR_MSG(info, "link ID not allowed for non-MLO group key");
4441 		return -EINVAL;
4442 	}
4443 
4444 	return 0;
4445 }
4446 
4447 struct get_key_cookie {
4448 	struct sk_buff *msg;
4449 	int error;
4450 	int idx;
4451 };
4452 
4453 static void get_key_callback(void *c, struct key_params *params)
4454 {
4455 	struct nlattr *key;
4456 	struct get_key_cookie *cookie = c;
4457 
4458 	if ((params->key &&
4459 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
4460 		     params->key_len, params->key)) ||
4461 	    (params->seq &&
4462 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
4463 		     params->seq_len, params->seq)) ||
4464 	    (params->cipher &&
4465 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
4466 			 params->cipher)))
4467 		goto nla_put_failure;
4468 
4469 	key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
4470 	if (!key)
4471 		goto nla_put_failure;
4472 
4473 	if ((params->key &&
4474 	     nla_put(cookie->msg, NL80211_KEY_DATA,
4475 		     params->key_len, params->key)) ||
4476 	    (params->seq &&
4477 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
4478 		     params->seq_len, params->seq)) ||
4479 	    (params->cipher &&
4480 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
4481 			 params->cipher)))
4482 		goto nla_put_failure;
4483 
4484 	if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
4485 		goto nla_put_failure;
4486 
4487 	nla_nest_end(cookie->msg, key);
4488 
4489 	return;
4490  nla_put_failure:
4491 	cookie->error = 1;
4492 }
4493 
4494 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
4495 {
4496 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4497 	int err;
4498 	struct net_device *dev = info->user_ptr[1];
4499 	u8 key_idx = 0;
4500 	const u8 *mac_addr = NULL;
4501 	bool pairwise;
4502 	struct get_key_cookie cookie = {
4503 		.error = 0,
4504 	};
4505 	void *hdr;
4506 	struct sk_buff *msg;
4507 	bool bigtk_support = false;
4508 	int link_id = nl80211_link_id_or_invalid(info->attrs);
4509 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4510 
4511 	if (wiphy_ext_feature_isset(&rdev->wiphy,
4512 				    NL80211_EXT_FEATURE_BEACON_PROTECTION))
4513 		bigtk_support = true;
4514 
4515 	if ((wdev->iftype == NL80211_IFTYPE_STATION ||
4516 	     wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
4517 	    wiphy_ext_feature_isset(&rdev->wiphy,
4518 				    NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
4519 		bigtk_support = true;
4520 
4521 	if (info->attrs[NL80211_ATTR_KEY_IDX]) {
4522 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
4523 
4524 		if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
4525 			GENL_SET_ERR_MSG(info, "BIGTK not supported");
4526 			return -EINVAL;
4527 		}
4528 	}
4529 
4530 	if (info->attrs[NL80211_ATTR_MAC])
4531 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4532 
4533 	pairwise = !!mac_addr;
4534 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
4535 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
4536 
4537 		if (kt != NL80211_KEYTYPE_GROUP &&
4538 		    kt != NL80211_KEYTYPE_PAIRWISE)
4539 			return -EINVAL;
4540 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
4541 	}
4542 
4543 	if (!rdev->ops->get_key)
4544 		return -EOPNOTSUPP;
4545 
4546 	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4547 		return -ENOENT;
4548 
4549 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4550 	if (!msg)
4551 		return -ENOMEM;
4552 
4553 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4554 			     NL80211_CMD_NEW_KEY);
4555 	if (!hdr)
4556 		goto nla_put_failure;
4557 
4558 	cookie.msg = msg;
4559 	cookie.idx = key_idx;
4560 
4561 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4562 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
4563 		goto nla_put_failure;
4564 	if (mac_addr &&
4565 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
4566 		goto nla_put_failure;
4567 
4568 	err = nl80211_validate_key_link_id(info, wdev, link_id, pairwise);
4569 	if (err)
4570 		goto free_msg;
4571 
4572 	err = rdev_get_key(rdev, dev, link_id, key_idx, pairwise, mac_addr,
4573 			   &cookie, get_key_callback);
4574 
4575 	if (err)
4576 		goto free_msg;
4577 
4578 	if (cookie.error)
4579 		goto nla_put_failure;
4580 
4581 	genlmsg_end(msg, hdr);
4582 	return genlmsg_reply(msg, info);
4583 
4584  nla_put_failure:
4585 	err = -ENOBUFS;
4586  free_msg:
4587 	nlmsg_free(msg);
4588 	return err;
4589 }
4590 
4591 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
4592 {
4593 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4594 	struct key_parse key;
4595 	int err;
4596 	struct net_device *dev = info->user_ptr[1];
4597 	int link_id = nl80211_link_id_or_invalid(info->attrs);
4598 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4599 
4600 	err = nl80211_parse_key(info, &key);
4601 	if (err)
4602 		return err;
4603 
4604 	if (key.idx < 0)
4605 		return -EINVAL;
4606 
4607 	/* Only support setting default key and
4608 	 * Extended Key ID action NL80211_KEY_SET_TX.
4609 	 */
4610 	if (!key.def && !key.defmgmt && !key.defbeacon &&
4611 	    !(key.p.mode == NL80211_KEY_SET_TX))
4612 		return -EINVAL;
4613 
4614 	if (key.def) {
4615 		if (!rdev->ops->set_default_key)
4616 			return -EOPNOTSUPP;
4617 
4618 		err = nl80211_key_allowed(wdev);
4619 		if (err)
4620 			return err;
4621 
4622 		err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4623 		if (err)
4624 			return err;
4625 
4626 		err = rdev_set_default_key(rdev, dev, link_id, key.idx,
4627 					   key.def_uni, key.def_multi);
4628 
4629 		if (err)
4630 			return err;
4631 
4632 #ifdef CONFIG_CFG80211_WEXT
4633 		wdev->wext.default_key = key.idx;
4634 #endif
4635 		return 0;
4636 	} else if (key.defmgmt) {
4637 		if (key.def_uni || !key.def_multi)
4638 			return -EINVAL;
4639 
4640 		if (!rdev->ops->set_default_mgmt_key)
4641 			return -EOPNOTSUPP;
4642 
4643 		err = nl80211_key_allowed(wdev);
4644 		if (err)
4645 			return err;
4646 
4647 		err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4648 		if (err)
4649 			return err;
4650 
4651 		err = rdev_set_default_mgmt_key(rdev, dev, link_id, key.idx);
4652 		if (err)
4653 			return err;
4654 
4655 #ifdef CONFIG_CFG80211_WEXT
4656 		wdev->wext.default_mgmt_key = key.idx;
4657 #endif
4658 		return 0;
4659 	} else if (key.defbeacon) {
4660 		if (key.def_uni || !key.def_multi)
4661 			return -EINVAL;
4662 
4663 		if (!rdev->ops->set_default_beacon_key)
4664 			return -EOPNOTSUPP;
4665 
4666 		err = nl80211_key_allowed(wdev);
4667 		if (err)
4668 			return err;
4669 
4670 		err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4671 		if (err)
4672 			return err;
4673 
4674 		return rdev_set_default_beacon_key(rdev, dev, link_id, key.idx);
4675 	} else if (key.p.mode == NL80211_KEY_SET_TX &&
4676 		   wiphy_ext_feature_isset(&rdev->wiphy,
4677 					   NL80211_EXT_FEATURE_EXT_KEY_ID)) {
4678 		u8 *mac_addr = NULL;
4679 
4680 		if (info->attrs[NL80211_ATTR_MAC])
4681 			mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4682 
4683 		if (!mac_addr || key.idx < 0 || key.idx > 1)
4684 			return -EINVAL;
4685 
4686 		err = nl80211_validate_key_link_id(info, wdev, link_id, true);
4687 		if (err)
4688 			return err;
4689 
4690 		return rdev_add_key(rdev, dev, link_id, key.idx,
4691 				    NL80211_KEYTYPE_PAIRWISE,
4692 				    mac_addr, &key.p);
4693 	}
4694 
4695 	return -EINVAL;
4696 }
4697 
4698 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
4699 {
4700 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4701 	int err;
4702 	struct net_device *dev = info->user_ptr[1];
4703 	struct key_parse key;
4704 	const u8 *mac_addr = NULL;
4705 	int link_id = nl80211_link_id_or_invalid(info->attrs);
4706 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4707 
4708 	err = nl80211_parse_key(info, &key);
4709 	if (err)
4710 		return err;
4711 
4712 	if (!key.p.key) {
4713 		GENL_SET_ERR_MSG(info, "no key");
4714 		return -EINVAL;
4715 	}
4716 
4717 	if (info->attrs[NL80211_ATTR_MAC])
4718 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4719 
4720 	if (key.type == -1) {
4721 		if (mac_addr)
4722 			key.type = NL80211_KEYTYPE_PAIRWISE;
4723 		else
4724 			key.type = NL80211_KEYTYPE_GROUP;
4725 	}
4726 
4727 	/* for now */
4728 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4729 	    key.type != NL80211_KEYTYPE_GROUP) {
4730 		GENL_SET_ERR_MSG(info, "key type not pairwise or group");
4731 		return -EINVAL;
4732 	}
4733 
4734 	if (key.type == NL80211_KEYTYPE_GROUP &&
4735 	    info->attrs[NL80211_ATTR_VLAN_ID])
4736 		key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
4737 
4738 	if (!rdev->ops->add_key)
4739 		return -EOPNOTSUPP;
4740 
4741 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
4742 					   key.type == NL80211_KEYTYPE_PAIRWISE,
4743 					   mac_addr)) {
4744 		GENL_SET_ERR_MSG(info, "key setting validation failed");
4745 		return -EINVAL;
4746 	}
4747 
4748 	err = nl80211_key_allowed(wdev);
4749 	if (err)
4750 		GENL_SET_ERR_MSG(info, "key not allowed");
4751 
4752 	if (!err)
4753 		err = nl80211_validate_key_link_id(info, wdev, link_id,
4754 				key.type == NL80211_KEYTYPE_PAIRWISE);
4755 
4756 	if (!err) {
4757 		err = rdev_add_key(rdev, dev, link_id, key.idx,
4758 				   key.type == NL80211_KEYTYPE_PAIRWISE,
4759 				    mac_addr, &key.p);
4760 		if (err)
4761 			GENL_SET_ERR_MSG(info, "key addition failed");
4762 	}
4763 
4764 	return err;
4765 }
4766 
4767 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
4768 {
4769 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4770 	int err;
4771 	struct net_device *dev = info->user_ptr[1];
4772 	u8 *mac_addr = NULL;
4773 	struct key_parse key;
4774 	int link_id = nl80211_link_id_or_invalid(info->attrs);
4775 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4776 
4777 	err = nl80211_parse_key(info, &key);
4778 	if (err)
4779 		return err;
4780 
4781 	if (info->attrs[NL80211_ATTR_MAC])
4782 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4783 
4784 	if (key.type == -1) {
4785 		if (mac_addr)
4786 			key.type = NL80211_KEYTYPE_PAIRWISE;
4787 		else
4788 			key.type = NL80211_KEYTYPE_GROUP;
4789 	}
4790 
4791 	/* for now */
4792 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4793 	    key.type != NL80211_KEYTYPE_GROUP)
4794 		return -EINVAL;
4795 
4796 	if (!cfg80211_valid_key_idx(rdev, key.idx,
4797 				    key.type == NL80211_KEYTYPE_PAIRWISE))
4798 		return -EINVAL;
4799 
4800 	if (!rdev->ops->del_key)
4801 		return -EOPNOTSUPP;
4802 
4803 	err = nl80211_key_allowed(wdev);
4804 
4805 	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4806 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4807 		err = -ENOENT;
4808 
4809 	if (!err)
4810 		err = nl80211_validate_key_link_id(info, wdev, link_id,
4811 				key.type == NL80211_KEYTYPE_PAIRWISE);
4812 
4813 	if (!err)
4814 		err = rdev_del_key(rdev, dev, link_id, key.idx,
4815 				   key.type == NL80211_KEYTYPE_PAIRWISE,
4816 				   mac_addr);
4817 
4818 #ifdef CONFIG_CFG80211_WEXT
4819 	if (!err) {
4820 		if (key.idx == wdev->wext.default_key)
4821 			wdev->wext.default_key = -1;
4822 		else if (key.idx == wdev->wext.default_mgmt_key)
4823 			wdev->wext.default_mgmt_key = -1;
4824 	}
4825 #endif
4826 
4827 	return err;
4828 }
4829 
4830 /* This function returns an error or the number of nested attributes */
4831 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4832 {
4833 	struct nlattr *attr;
4834 	int n_entries = 0, tmp;
4835 
4836 	nla_for_each_nested(attr, nl_attr, tmp) {
4837 		if (nla_len(attr) != ETH_ALEN)
4838 			return -EINVAL;
4839 
4840 		n_entries++;
4841 	}
4842 
4843 	return n_entries;
4844 }
4845 
4846 /*
4847  * This function parses ACL information and allocates memory for ACL data.
4848  * On successful return, the calling function is responsible to free the
4849  * ACL buffer returned by this function.
4850  */
4851 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
4852 						struct genl_info *info)
4853 {
4854 	enum nl80211_acl_policy acl_policy;
4855 	struct nlattr *attr;
4856 	struct cfg80211_acl_data *acl;
4857 	int i = 0, n_entries, tmp;
4858 
4859 	if (!wiphy->max_acl_mac_addrs)
4860 		return ERR_PTR(-EOPNOTSUPP);
4861 
4862 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
4863 		return ERR_PTR(-EINVAL);
4864 
4865 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
4866 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
4867 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
4868 		return ERR_PTR(-EINVAL);
4869 
4870 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
4871 		return ERR_PTR(-EINVAL);
4872 
4873 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
4874 	if (n_entries < 0)
4875 		return ERR_PTR(n_entries);
4876 
4877 	if (n_entries > wiphy->max_acl_mac_addrs)
4878 		return ERR_PTR(-EOPNOTSUPP);
4879 
4880 	acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
4881 	if (!acl)
4882 		return ERR_PTR(-ENOMEM);
4883 	acl->n_acl_entries = n_entries;
4884 
4885 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
4886 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
4887 		i++;
4888 	}
4889 	acl->acl_policy = acl_policy;
4890 
4891 	return acl;
4892 }
4893 
4894 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
4895 {
4896 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4897 	struct net_device *dev = info->user_ptr[1];
4898 	struct cfg80211_acl_data *acl;
4899 	int err;
4900 
4901 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4902 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4903 		return -EOPNOTSUPP;
4904 
4905 	if (!dev->ieee80211_ptr->links[0].ap.beacon_interval)
4906 		return -EINVAL;
4907 
4908 	acl = parse_acl_data(&rdev->wiphy, info);
4909 	if (IS_ERR(acl))
4910 		return PTR_ERR(acl);
4911 
4912 	err = rdev_set_mac_acl(rdev, dev, acl);
4913 
4914 	kfree(acl);
4915 
4916 	return err;
4917 }
4918 
4919 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4920 			   u8 *rates, u8 rates_len)
4921 {
4922 	u8 i;
4923 	u32 mask = 0;
4924 
4925 	for (i = 0; i < rates_len; i++) {
4926 		int rate = (rates[i] & 0x7f) * 5;
4927 		int ridx;
4928 
4929 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4930 			struct ieee80211_rate *srate =
4931 				&sband->bitrates[ridx];
4932 			if (rate == srate->bitrate) {
4933 				mask |= 1 << ridx;
4934 				break;
4935 			}
4936 		}
4937 		if (ridx == sband->n_bitrates)
4938 			return 0; /* rate not found */
4939 	}
4940 
4941 	return mask;
4942 }
4943 
4944 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4945 			       u8 *rates, u8 rates_len,
4946 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4947 {
4948 	u8 i;
4949 
4950 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4951 
4952 	for (i = 0; i < rates_len; i++) {
4953 		int ridx, rbit;
4954 
4955 		ridx = rates[i] / 8;
4956 		rbit = BIT(rates[i] % 8);
4957 
4958 		/* check validity */
4959 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4960 			return false;
4961 
4962 		/* check availability */
4963 		ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4964 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4965 			mcs[ridx] |= rbit;
4966 		else
4967 			return false;
4968 	}
4969 
4970 	return true;
4971 }
4972 
4973 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4974 {
4975 	u16 mcs_mask = 0;
4976 
4977 	switch (vht_mcs_map) {
4978 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4979 		break;
4980 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
4981 		mcs_mask = 0x00FF;
4982 		break;
4983 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
4984 		mcs_mask = 0x01FF;
4985 		break;
4986 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
4987 		mcs_mask = 0x03FF;
4988 		break;
4989 	default:
4990 		break;
4991 	}
4992 
4993 	return mcs_mask;
4994 }
4995 
4996 static void vht_build_mcs_mask(u16 vht_mcs_map,
4997 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4998 {
4999 	u8 nss;
5000 
5001 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
5002 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
5003 		vht_mcs_map >>= 2;
5004 	}
5005 }
5006 
5007 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
5008 			     struct nl80211_txrate_vht *txrate,
5009 			     u16 mcs[NL80211_VHT_NSS_MAX])
5010 {
5011 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5012 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
5013 	u8 i;
5014 
5015 	if (!sband->vht_cap.vht_supported)
5016 		return false;
5017 
5018 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
5019 
5020 	/* Build vht_mcs_mask from VHT capabilities */
5021 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5022 
5023 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5024 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5025 			mcs[i] = txrate->mcs[i];
5026 		else
5027 			return false;
5028 	}
5029 
5030 	return true;
5031 }
5032 
5033 static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
5034 {
5035 	switch (he_mcs_map) {
5036 	case IEEE80211_HE_MCS_NOT_SUPPORTED:
5037 		return 0;
5038 	case IEEE80211_HE_MCS_SUPPORT_0_7:
5039 		return 0x00FF;
5040 	case IEEE80211_HE_MCS_SUPPORT_0_9:
5041 		return 0x03FF;
5042 	case IEEE80211_HE_MCS_SUPPORT_0_11:
5043 		return 0xFFF;
5044 	default:
5045 		break;
5046 	}
5047 	return 0;
5048 }
5049 
5050 static void he_build_mcs_mask(u16 he_mcs_map,
5051 			      u16 he_mcs_mask[NL80211_HE_NSS_MAX])
5052 {
5053 	u8 nss;
5054 
5055 	for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
5056 		he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
5057 		he_mcs_map >>= 2;
5058 	}
5059 }
5060 
5061 static u16 he_get_txmcsmap(struct genl_info *info, unsigned int link_id,
5062 			   const struct ieee80211_sta_he_cap *he_cap)
5063 {
5064 	struct net_device *dev = info->user_ptr[1];
5065 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5066 	struct cfg80211_chan_def *chandef;
5067 	__le16 tx_mcs;
5068 
5069 	chandef = wdev_chandef(wdev, link_id);
5070 	if (!chandef) {
5071 		/*
5072 		 * This is probably broken, but we never maintained
5073 		 * a chandef in these cases, so it always was.
5074 		 */
5075 		return le16_to_cpu(he_cap->he_mcs_nss_supp.tx_mcs_80);
5076 	}
5077 
5078 	switch (chandef->width) {
5079 	case NL80211_CHAN_WIDTH_80P80:
5080 		tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
5081 		break;
5082 	case NL80211_CHAN_WIDTH_160:
5083 		tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
5084 		break;
5085 	default:
5086 		tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
5087 		break;
5088 	}
5089 
5090 	return le16_to_cpu(tx_mcs);
5091 }
5092 
5093 static bool he_set_mcs_mask(struct genl_info *info,
5094 			    struct wireless_dev *wdev,
5095 			    struct ieee80211_supported_band *sband,
5096 			    struct nl80211_txrate_he *txrate,
5097 			    u16 mcs[NL80211_HE_NSS_MAX],
5098 			    unsigned int link_id)
5099 {
5100 	const struct ieee80211_sta_he_cap *he_cap;
5101 	u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
5102 	u16 tx_mcs_map = 0;
5103 	u8 i;
5104 
5105 	he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5106 	if (!he_cap)
5107 		return false;
5108 
5109 	memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
5110 
5111 	tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5112 
5113 	/* Build he_mcs_mask from HE capabilities */
5114 	he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5115 
5116 	for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5117 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5118 			mcs[i] = txrate->mcs[i];
5119 		else
5120 			return false;
5121 	}
5122 
5123 	return true;
5124 }
5125 
5126 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
5127 					 struct nlattr *attrs[],
5128 					 enum nl80211_attrs attr,
5129 					 struct cfg80211_bitrate_mask *mask,
5130 					 struct net_device *dev,
5131 					 bool default_all_enabled,
5132 					 unsigned int link_id)
5133 {
5134 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
5135 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5136 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5137 	int rem, i;
5138 	struct nlattr *tx_rates;
5139 	struct ieee80211_supported_band *sband;
5140 	u16 vht_tx_mcs_map, he_tx_mcs_map;
5141 
5142 	memset(mask, 0, sizeof(*mask));
5143 	/* Default to all rates enabled */
5144 	for (i = 0; i < NUM_NL80211_BANDS; i++) {
5145 		const struct ieee80211_sta_he_cap *he_cap;
5146 
5147 		if (!default_all_enabled)
5148 			break;
5149 
5150 		sband = rdev->wiphy.bands[i];
5151 
5152 		if (!sband)
5153 			continue;
5154 
5155 		mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
5156 		memcpy(mask->control[i].ht_mcs,
5157 		       sband->ht_cap.mcs.rx_mask,
5158 		       sizeof(mask->control[i].ht_mcs));
5159 
5160 		if (sband->vht_cap.vht_supported) {
5161 			vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5162 			vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
5163 		}
5164 
5165 		he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5166 		if (!he_cap)
5167 			continue;
5168 
5169 		he_tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5170 		he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
5171 
5172 		mask->control[i].he_gi = 0xFF;
5173 		mask->control[i].he_ltf = 0xFF;
5174 	}
5175 
5176 	/* if no rates are given set it back to the defaults */
5177 	if (!attrs[attr])
5178 		goto out;
5179 
5180 	/* The nested attribute uses enum nl80211_band as the index. This maps
5181 	 * directly to the enum nl80211_band values used in cfg80211.
5182 	 */
5183 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
5184 	nla_for_each_nested(tx_rates, attrs[attr], rem) {
5185 		enum nl80211_band band = nla_type(tx_rates);
5186 		int err;
5187 
5188 		if (band < 0 || band >= NUM_NL80211_BANDS)
5189 			return -EINVAL;
5190 		sband = rdev->wiphy.bands[band];
5191 		if (sband == NULL)
5192 			return -EINVAL;
5193 		err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
5194 						  tx_rates,
5195 						  nl80211_txattr_policy,
5196 						  info->extack);
5197 		if (err)
5198 			return err;
5199 		if (tb[NL80211_TXRATE_LEGACY]) {
5200 			mask->control[band].legacy = rateset_to_mask(
5201 				sband,
5202 				nla_data(tb[NL80211_TXRATE_LEGACY]),
5203 				nla_len(tb[NL80211_TXRATE_LEGACY]));
5204 			if ((mask->control[band].legacy == 0) &&
5205 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
5206 				return -EINVAL;
5207 		}
5208 		if (tb[NL80211_TXRATE_HT]) {
5209 			if (!ht_rateset_to_mask(
5210 					sband,
5211 					nla_data(tb[NL80211_TXRATE_HT]),
5212 					nla_len(tb[NL80211_TXRATE_HT]),
5213 					mask->control[band].ht_mcs))
5214 				return -EINVAL;
5215 		}
5216 
5217 		if (tb[NL80211_TXRATE_VHT]) {
5218 			if (!vht_set_mcs_mask(
5219 					sband,
5220 					nla_data(tb[NL80211_TXRATE_VHT]),
5221 					mask->control[band].vht_mcs))
5222 				return -EINVAL;
5223 		}
5224 
5225 		if (tb[NL80211_TXRATE_GI]) {
5226 			mask->control[band].gi =
5227 				nla_get_u8(tb[NL80211_TXRATE_GI]);
5228 			if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
5229 				return -EINVAL;
5230 		}
5231 		if (tb[NL80211_TXRATE_HE] &&
5232 		    !he_set_mcs_mask(info, wdev, sband,
5233 				     nla_data(tb[NL80211_TXRATE_HE]),
5234 				     mask->control[band].he_mcs,
5235 				     link_id))
5236 			return -EINVAL;
5237 
5238 		if (tb[NL80211_TXRATE_HE_GI])
5239 			mask->control[band].he_gi =
5240 				nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
5241 		if (tb[NL80211_TXRATE_HE_LTF])
5242 			mask->control[band].he_ltf =
5243 				nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
5244 
5245 		if (mask->control[band].legacy == 0) {
5246 			/* don't allow empty legacy rates if HT, VHT or HE
5247 			 * are not even supported.
5248 			 */
5249 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
5250 			      rdev->wiphy.bands[band]->vht_cap.vht_supported ||
5251 			      ieee80211_get_he_iftype_cap(sband, wdev->iftype)))
5252 				return -EINVAL;
5253 
5254 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
5255 				if (mask->control[band].ht_mcs[i])
5256 					goto out;
5257 
5258 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
5259 				if (mask->control[band].vht_mcs[i])
5260 					goto out;
5261 
5262 			for (i = 0; i < NL80211_HE_NSS_MAX; i++)
5263 				if (mask->control[band].he_mcs[i])
5264 					goto out;
5265 
5266 			/* legacy and mcs rates may not be both empty */
5267 			return -EINVAL;
5268 		}
5269 	}
5270 
5271 out:
5272 	return 0;
5273 }
5274 
5275 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
5276 				   enum nl80211_band band,
5277 				   struct cfg80211_bitrate_mask *beacon_rate)
5278 {
5279 	u32 count_ht, count_vht, count_he, i;
5280 	u32 rate = beacon_rate->control[band].legacy;
5281 
5282 	/* Allow only one rate */
5283 	if (hweight32(rate) > 1)
5284 		return -EINVAL;
5285 
5286 	count_ht = 0;
5287 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
5288 		if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
5289 			return -EINVAL;
5290 		} else if (beacon_rate->control[band].ht_mcs[i]) {
5291 			count_ht++;
5292 			if (count_ht > 1)
5293 				return -EINVAL;
5294 		}
5295 		if (count_ht && rate)
5296 			return -EINVAL;
5297 	}
5298 
5299 	count_vht = 0;
5300 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5301 		if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
5302 			return -EINVAL;
5303 		} else if (beacon_rate->control[band].vht_mcs[i]) {
5304 			count_vht++;
5305 			if (count_vht > 1)
5306 				return -EINVAL;
5307 		}
5308 		if (count_vht && rate)
5309 			return -EINVAL;
5310 	}
5311 
5312 	count_he = 0;
5313 	for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5314 		if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) {
5315 			return -EINVAL;
5316 		} else if (beacon_rate->control[band].he_mcs[i]) {
5317 			count_he++;
5318 			if (count_he > 1)
5319 				return -EINVAL;
5320 		}
5321 		if (count_he && rate)
5322 			return -EINVAL;
5323 	}
5324 
5325 	if ((count_ht && count_vht && count_he) ||
5326 	    (!rate && !count_ht && !count_vht && !count_he))
5327 		return -EINVAL;
5328 
5329 	if (rate &&
5330 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5331 				     NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
5332 		return -EINVAL;
5333 	if (count_ht &&
5334 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5335 				     NL80211_EXT_FEATURE_BEACON_RATE_HT))
5336 		return -EINVAL;
5337 	if (count_vht &&
5338 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5339 				     NL80211_EXT_FEATURE_BEACON_RATE_VHT))
5340 		return -EINVAL;
5341 	if (count_he &&
5342 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5343 				     NL80211_EXT_FEATURE_BEACON_RATE_HE))
5344 		return -EINVAL;
5345 
5346 	return 0;
5347 }
5348 
5349 static int nl80211_parse_mbssid_config(struct wiphy *wiphy,
5350 				       struct net_device *dev,
5351 				       struct nlattr *attrs,
5352 				       struct cfg80211_mbssid_config *config,
5353 				       u8 num_elems)
5354 {
5355 	struct nlattr *tb[NL80211_MBSSID_CONFIG_ATTR_MAX + 1];
5356 
5357 	if (!wiphy->mbssid_max_interfaces)
5358 		return -EOPNOTSUPP;
5359 
5360 	if (nla_parse_nested(tb, NL80211_MBSSID_CONFIG_ATTR_MAX, attrs, NULL,
5361 			     NULL) ||
5362 	    !tb[NL80211_MBSSID_CONFIG_ATTR_INDEX])
5363 		return -EINVAL;
5364 
5365 	config->ema = nla_get_flag(tb[NL80211_MBSSID_CONFIG_ATTR_EMA]);
5366 	if (config->ema) {
5367 		if (!wiphy->ema_max_profile_periodicity)
5368 			return -EOPNOTSUPP;
5369 
5370 		if (num_elems > wiphy->ema_max_profile_periodicity)
5371 			return -EINVAL;
5372 	}
5373 
5374 	config->index = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]);
5375 	if (config->index >= wiphy->mbssid_max_interfaces ||
5376 	    (!config->index && !num_elems))
5377 		return -EINVAL;
5378 
5379 	if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]) {
5380 		u32 tx_ifindex =
5381 			nla_get_u32(tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]);
5382 
5383 		if ((!config->index && tx_ifindex != dev->ifindex) ||
5384 		    (config->index && tx_ifindex == dev->ifindex))
5385 			return -EINVAL;
5386 
5387 		if (tx_ifindex != dev->ifindex) {
5388 			struct net_device *tx_netdev =
5389 				dev_get_by_index(wiphy_net(wiphy), tx_ifindex);
5390 
5391 			if (!tx_netdev || !tx_netdev->ieee80211_ptr ||
5392 			    tx_netdev->ieee80211_ptr->wiphy != wiphy ||
5393 			    tx_netdev->ieee80211_ptr->iftype !=
5394 							NL80211_IFTYPE_AP) {
5395 				dev_put(tx_netdev);
5396 				return -EINVAL;
5397 			}
5398 
5399 			config->tx_wdev = tx_netdev->ieee80211_ptr;
5400 		} else {
5401 			config->tx_wdev = dev->ieee80211_ptr;
5402 		}
5403 	} else if (!config->index) {
5404 		config->tx_wdev = dev->ieee80211_ptr;
5405 	} else {
5406 		return -EINVAL;
5407 	}
5408 
5409 	return 0;
5410 }
5411 
5412 static struct cfg80211_mbssid_elems *
5413 nl80211_parse_mbssid_elems(struct wiphy *wiphy, struct nlattr *attrs)
5414 {
5415 	struct nlattr *nl_elems;
5416 	struct cfg80211_mbssid_elems *elems;
5417 	int rem_elems;
5418 	u8 i = 0, num_elems = 0;
5419 
5420 	if (!wiphy->mbssid_max_interfaces)
5421 		return ERR_PTR(-EINVAL);
5422 
5423 	nla_for_each_nested(nl_elems, attrs, rem_elems) {
5424 		if (num_elems >= 255)
5425 			return ERR_PTR(-EINVAL);
5426 		num_elems++;
5427 	}
5428 
5429 	elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL);
5430 	if (!elems)
5431 		return ERR_PTR(-ENOMEM);
5432 	elems->cnt = num_elems;
5433 
5434 	nla_for_each_nested(nl_elems, attrs, rem_elems) {
5435 		elems->elem[i].data = nla_data(nl_elems);
5436 		elems->elem[i].len = nla_len(nl_elems);
5437 		i++;
5438 	}
5439 	return elems;
5440 }
5441 
5442 static struct cfg80211_rnr_elems *
5443 nl80211_parse_rnr_elems(struct wiphy *wiphy, struct nlattr *attrs,
5444 			struct netlink_ext_ack *extack)
5445 {
5446 	struct nlattr *nl_elems;
5447 	struct cfg80211_rnr_elems *elems;
5448 	int rem_elems;
5449 	u8 i = 0, num_elems = 0;
5450 
5451 	nla_for_each_nested(nl_elems, attrs, rem_elems) {
5452 		int ret;
5453 
5454 		ret = validate_ie_attr(nl_elems, extack);
5455 		if (ret)
5456 			return ERR_PTR(ret);
5457 
5458 		num_elems++;
5459 	}
5460 
5461 	elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL);
5462 	if (!elems)
5463 		return ERR_PTR(-ENOMEM);
5464 	elems->cnt = num_elems;
5465 
5466 	nla_for_each_nested(nl_elems, attrs, rem_elems) {
5467 		elems->elem[i].data = nla_data(nl_elems);
5468 		elems->elem[i].len = nla_len(nl_elems);
5469 		i++;
5470 	}
5471 	return elems;
5472 }
5473 
5474 static int nl80211_parse_he_bss_color(struct nlattr *attrs,
5475 				      struct cfg80211_he_bss_color *he_bss_color)
5476 {
5477 	struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
5478 	int err;
5479 
5480 	err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
5481 			       he_bss_color_policy, NULL);
5482 	if (err)
5483 		return err;
5484 
5485 	if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
5486 		return -EINVAL;
5487 
5488 	he_bss_color->color =
5489 		nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
5490 	he_bss_color->enabled =
5491 		!nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
5492 	he_bss_color->partial =
5493 		nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
5494 
5495 	return 0;
5496 }
5497 
5498 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
5499 				struct nlattr *attrs[],
5500 				struct cfg80211_beacon_data *bcn,
5501 				struct netlink_ext_ack *extack)
5502 {
5503 	bool haveinfo = false;
5504 	int err;
5505 
5506 	memset(bcn, 0, sizeof(*bcn));
5507 
5508 	bcn->link_id = nl80211_link_id(attrs);
5509 
5510 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
5511 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
5512 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
5513 		if (!bcn->head_len)
5514 			return -EINVAL;
5515 		haveinfo = true;
5516 	}
5517 
5518 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
5519 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
5520 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
5521 		haveinfo = true;
5522 	}
5523 
5524 	if (!haveinfo)
5525 		return -EINVAL;
5526 
5527 	if (attrs[NL80211_ATTR_IE]) {
5528 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
5529 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
5530 	}
5531 
5532 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
5533 		bcn->proberesp_ies =
5534 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5535 		bcn->proberesp_ies_len =
5536 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5537 	}
5538 
5539 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
5540 		bcn->assocresp_ies =
5541 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5542 		bcn->assocresp_ies_len =
5543 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5544 	}
5545 
5546 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
5547 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
5548 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
5549 	}
5550 
5551 	if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
5552 		struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
5553 
5554 		err = nla_parse_nested_deprecated(tb,
5555 						  NL80211_FTM_RESP_ATTR_MAX,
5556 						  attrs[NL80211_ATTR_FTM_RESPONDER],
5557 						  NULL, NULL);
5558 		if (err)
5559 			return err;
5560 
5561 		if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
5562 		    wiphy_ext_feature_isset(&rdev->wiphy,
5563 					    NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
5564 			bcn->ftm_responder = 1;
5565 		else
5566 			return -EOPNOTSUPP;
5567 
5568 		if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
5569 			bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
5570 			bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
5571 		}
5572 
5573 		if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
5574 			bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5575 			bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5576 		}
5577 	} else {
5578 		bcn->ftm_responder = -1;
5579 	}
5580 
5581 	if (attrs[NL80211_ATTR_HE_BSS_COLOR]) {
5582 		err = nl80211_parse_he_bss_color(attrs[NL80211_ATTR_HE_BSS_COLOR],
5583 						 &bcn->he_bss_color);
5584 		if (err)
5585 			return err;
5586 		bcn->he_bss_color_valid = true;
5587 	}
5588 
5589 	if (attrs[NL80211_ATTR_MBSSID_ELEMS]) {
5590 		struct cfg80211_mbssid_elems *mbssid =
5591 			nl80211_parse_mbssid_elems(&rdev->wiphy,
5592 						   attrs[NL80211_ATTR_MBSSID_ELEMS]);
5593 
5594 		if (IS_ERR(mbssid))
5595 			return PTR_ERR(mbssid);
5596 
5597 		bcn->mbssid_ies = mbssid;
5598 
5599 		if (bcn->mbssid_ies && attrs[NL80211_ATTR_EMA_RNR_ELEMS]) {
5600 			struct cfg80211_rnr_elems *rnr =
5601 				nl80211_parse_rnr_elems(&rdev->wiphy,
5602 							attrs[NL80211_ATTR_EMA_RNR_ELEMS],
5603 							extack);
5604 
5605 			if (IS_ERR(rnr))
5606 				return PTR_ERR(rnr);
5607 
5608 			if (rnr && rnr->cnt < bcn->mbssid_ies->cnt)
5609 				return -EINVAL;
5610 
5611 			bcn->rnr_ies = rnr;
5612 		}
5613 	}
5614 
5615 	return 0;
5616 }
5617 
5618 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
5619 				    struct ieee80211_he_obss_pd *he_obss_pd)
5620 {
5621 	struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
5622 	int err;
5623 
5624 	err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
5625 			       he_obss_pd_policy, NULL);
5626 	if (err)
5627 		return err;
5628 
5629 	if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
5630 		return -EINVAL;
5631 
5632 	he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
5633 
5634 	if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
5635 		he_obss_pd->min_offset =
5636 			nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
5637 	if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
5638 		he_obss_pd->max_offset =
5639 			nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
5640 	if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
5641 		he_obss_pd->non_srg_max_offset =
5642 			nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
5643 
5644 	if (he_obss_pd->min_offset > he_obss_pd->max_offset)
5645 		return -EINVAL;
5646 
5647 	if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
5648 		memcpy(he_obss_pd->bss_color_bitmap,
5649 		       nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
5650 		       sizeof(he_obss_pd->bss_color_bitmap));
5651 
5652 	if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
5653 		memcpy(he_obss_pd->partial_bssid_bitmap,
5654 		       nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
5655 		       sizeof(he_obss_pd->partial_bssid_bitmap));
5656 
5657 	he_obss_pd->enable = true;
5658 
5659 	return 0;
5660 }
5661 
5662 static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
5663 					struct nlattr *attrs,
5664 					struct cfg80211_fils_discovery *fd)
5665 {
5666 	struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
5667 	int ret;
5668 
5669 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
5670 				     NL80211_EXT_FEATURE_FILS_DISCOVERY))
5671 		return -EINVAL;
5672 
5673 	ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
5674 			       NULL, NULL);
5675 	if (ret)
5676 		return ret;
5677 
5678 	if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] &&
5679 	    !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] &&
5680 	    !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]) {
5681 		fd->update = true;
5682 		return 0;
5683 	}
5684 
5685 	if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] ||
5686 	    !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] ||
5687 	    !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
5688 		return -EINVAL;
5689 
5690 	fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5691 	fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5692 	fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
5693 	fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
5694 	fd->update = true;
5695 	return 0;
5696 }
5697 
5698 static int
5699 nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
5700 				     struct nlattr *attrs,
5701 				     struct cfg80211_unsol_bcast_probe_resp *presp)
5702 {
5703 	struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
5704 	int ret;
5705 
5706 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
5707 				     NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
5708 		return -EINVAL;
5709 
5710 	ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
5711 			       attrs, NULL, NULL);
5712 	if (ret)
5713 		return ret;
5714 
5715 	if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] &&
5716 	    !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]) {
5717 		presp->update = true;
5718 		return 0;
5719 	}
5720 
5721 	if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] ||
5722 	    !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
5723 		return -EINVAL;
5724 
5725 	presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5726 	presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5727 	presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
5728 	presp->update = true;
5729 	return 0;
5730 }
5731 
5732 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
5733 					    const struct element *rates)
5734 {
5735 	int i;
5736 
5737 	if (!rates)
5738 		return;
5739 
5740 	for (i = 0; i < rates->datalen; i++) {
5741 		if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
5742 			params->ht_required = true;
5743 		if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
5744 			params->vht_required = true;
5745 		if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
5746 			params->he_required = true;
5747 		if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E)
5748 			params->sae_h2e_required = true;
5749 	}
5750 }
5751 
5752 /*
5753  * Since the nl80211 API didn't include, from the beginning, attributes about
5754  * HT/VHT requirements/capabilities, we parse them out of the IEs for the
5755  * benefit of drivers that rebuild IEs in the firmware.
5756  */
5757 static int nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
5758 {
5759 	const struct cfg80211_beacon_data *bcn = &params->beacon;
5760 	size_t ies_len = bcn->tail_len;
5761 	const u8 *ies = bcn->tail;
5762 	const struct element *rates;
5763 	const struct element *cap;
5764 
5765 	rates = cfg80211_find_elem(WLAN_EID_SUPP_RATES, ies, ies_len);
5766 	nl80211_check_ap_rate_selectors(params, rates);
5767 
5768 	rates = cfg80211_find_elem(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
5769 	nl80211_check_ap_rate_selectors(params, rates);
5770 
5771 	cap = cfg80211_find_elem(WLAN_EID_HT_CAPABILITY, ies, ies_len);
5772 	if (cap && cap->datalen >= sizeof(*params->ht_cap))
5773 		params->ht_cap = (void *)cap->data;
5774 	cap = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
5775 	if (cap && cap->datalen >= sizeof(*params->vht_cap))
5776 		params->vht_cap = (void *)cap->data;
5777 	cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
5778 	if (cap && cap->datalen >= sizeof(*params->he_cap) + 1)
5779 		params->he_cap = (void *)(cap->data + 1);
5780 	cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
5781 	if (cap && cap->datalen >= sizeof(*params->he_oper) + 1)
5782 		params->he_oper = (void *)(cap->data + 1);
5783 	cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_CAPABILITY, ies, ies_len);
5784 	if (cap) {
5785 		if (!cap->datalen)
5786 			return -EINVAL;
5787 		params->eht_cap = (void *)(cap->data + 1);
5788 		if (!ieee80211_eht_capa_size_ok((const u8 *)params->he_cap,
5789 						(const u8 *)params->eht_cap,
5790 						cap->datalen - 1, true))
5791 			return -EINVAL;
5792 	}
5793 	cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_OPERATION, ies, ies_len);
5794 	if (cap) {
5795 		if (!cap->datalen)
5796 			return -EINVAL;
5797 		params->eht_oper = (void *)(cap->data + 1);
5798 		if (!ieee80211_eht_oper_size_ok((const u8 *)params->eht_oper,
5799 						cap->datalen - 1))
5800 			return -EINVAL;
5801 	}
5802 	return 0;
5803 }
5804 
5805 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
5806 				   struct cfg80211_ap_settings *params)
5807 {
5808 	struct wireless_dev *wdev;
5809 
5810 	list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
5811 		if (wdev->iftype != NL80211_IFTYPE_AP &&
5812 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
5813 			continue;
5814 
5815 		if (!wdev->u.ap.preset_chandef.chan)
5816 			continue;
5817 
5818 		params->chandef = wdev->u.ap.preset_chandef;
5819 		return true;
5820 	}
5821 
5822 	return false;
5823 }
5824 
5825 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
5826 				    enum nl80211_auth_type auth_type,
5827 				    enum nl80211_commands cmd)
5828 {
5829 	if (auth_type > NL80211_AUTHTYPE_MAX)
5830 		return false;
5831 
5832 	switch (cmd) {
5833 	case NL80211_CMD_AUTHENTICATE:
5834 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5835 		    auth_type == NL80211_AUTHTYPE_SAE)
5836 			return false;
5837 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
5838 					     NL80211_EXT_FEATURE_FILS_STA) &&
5839 		    (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5840 		     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5841 		     auth_type == NL80211_AUTHTYPE_FILS_PK))
5842 			return false;
5843 		return true;
5844 	case NL80211_CMD_CONNECT:
5845 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5846 		    !wiphy_ext_feature_isset(&rdev->wiphy,
5847 					     NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
5848 		    auth_type == NL80211_AUTHTYPE_SAE)
5849 			return false;
5850 
5851 		/* FILS with SK PFS or PK not supported yet */
5852 		if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5853 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
5854 			return false;
5855 		if (!wiphy_ext_feature_isset(
5856 			    &rdev->wiphy,
5857 			    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
5858 		    auth_type == NL80211_AUTHTYPE_FILS_SK)
5859 			return false;
5860 		return true;
5861 	case NL80211_CMD_START_AP:
5862 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
5863 					     NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
5864 		    auth_type == NL80211_AUTHTYPE_SAE)
5865 			return false;
5866 		/* FILS not supported yet */
5867 		if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5868 		    auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5869 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
5870 			return false;
5871 		return true;
5872 	default:
5873 		return false;
5874 	}
5875 }
5876 
5877 static void nl80211_send_ap_started(struct wireless_dev *wdev,
5878 				    unsigned int link_id)
5879 {
5880 	struct wiphy *wiphy = wdev->wiphy;
5881 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
5882 	struct sk_buff *msg;
5883 	void *hdr;
5884 
5885 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5886 	if (!msg)
5887 		return;
5888 
5889 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_START_AP);
5890 	if (!hdr)
5891 		goto out;
5892 
5893 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
5894 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
5895 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
5896 			      NL80211_ATTR_PAD) ||
5897 	    (wdev->u.ap.ssid_len &&
5898 	     nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
5899 		     wdev->u.ap.ssid)) ||
5900 	    (wdev->valid_links &&
5901 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
5902 		goto out;
5903 
5904 	genlmsg_end(msg, hdr);
5905 
5906 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
5907 				NL80211_MCGRP_MLME, GFP_KERNEL);
5908 	return;
5909 out:
5910 	nlmsg_free(msg);
5911 }
5912 
5913 static int nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings *params)
5914 {
5915 	struct ieee80211_channel *channel = params->chandef.chan;
5916 
5917 	if ((params->he_cap ||  params->he_oper) &&
5918 	    (channel->flags & IEEE80211_CHAN_NO_HE))
5919 		return -EOPNOTSUPP;
5920 
5921 	if ((params->eht_cap || params->eht_oper) &&
5922 	    (channel->flags & IEEE80211_CHAN_NO_EHT))
5923 		return -EOPNOTSUPP;
5924 
5925 	return 0;
5926 }
5927 
5928 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
5929 {
5930 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5931 	unsigned int link_id = nl80211_link_id(info->attrs);
5932 	struct net_device *dev = info->user_ptr[1];
5933 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5934 	struct cfg80211_ap_settings *params;
5935 	int err;
5936 
5937 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5938 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5939 		return -EOPNOTSUPP;
5940 
5941 	if (!rdev->ops->start_ap)
5942 		return -EOPNOTSUPP;
5943 
5944 	if (wdev->links[link_id].ap.beacon_interval)
5945 		return -EALREADY;
5946 
5947 	/* these are required for START_AP */
5948 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
5949 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
5950 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
5951 		return -EINVAL;
5952 
5953 	params = kzalloc(sizeof(*params), GFP_KERNEL);
5954 	if (!params)
5955 		return -ENOMEM;
5956 
5957 	err = nl80211_parse_beacon(rdev, info->attrs, &params->beacon,
5958 				   info->extack);
5959 	if (err)
5960 		goto out;
5961 
5962 	params->beacon_interval =
5963 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
5964 	params->dtim_period =
5965 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
5966 
5967 	err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
5968 					   params->beacon_interval);
5969 	if (err)
5970 		goto out;
5971 
5972 	/*
5973 	 * In theory, some of these attributes should be required here
5974 	 * but since they were not used when the command was originally
5975 	 * added, keep them optional for old user space programs to let
5976 	 * them continue to work with drivers that do not need the
5977 	 * additional information -- drivers must check!
5978 	 */
5979 	if (info->attrs[NL80211_ATTR_SSID]) {
5980 		params->ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5981 		params->ssid_len =
5982 			nla_len(info->attrs[NL80211_ATTR_SSID]);
5983 		if (params->ssid_len == 0) {
5984 			err = -EINVAL;
5985 			goto out;
5986 		}
5987 
5988 		if (wdev->u.ap.ssid_len &&
5989 		    (wdev->u.ap.ssid_len != params->ssid_len ||
5990 		     memcmp(wdev->u.ap.ssid, params->ssid, params->ssid_len))) {
5991 			/* require identical SSID for MLO */
5992 			err = -EINVAL;
5993 			goto out;
5994 		}
5995 	} else if (wdev->valid_links) {
5996 		/* require SSID for MLO */
5997 		err = -EINVAL;
5998 		goto out;
5999 	}
6000 
6001 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
6002 		params->hidden_ssid = nla_get_u32(
6003 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
6004 
6005 	params->privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6006 
6007 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
6008 		params->auth_type = nla_get_u32(
6009 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
6010 		if (!nl80211_valid_auth_type(rdev, params->auth_type,
6011 					     NL80211_CMD_START_AP)) {
6012 			err = -EINVAL;
6013 			goto out;
6014 		}
6015 	} else
6016 		params->auth_type = NL80211_AUTHTYPE_AUTOMATIC;
6017 
6018 	err = nl80211_crypto_settings(rdev, info, &params->crypto,
6019 				      NL80211_MAX_NR_CIPHER_SUITES);
6020 	if (err)
6021 		goto out;
6022 
6023 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
6024 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) {
6025 			err = -EOPNOTSUPP;
6026 			goto out;
6027 		}
6028 		params->inactivity_timeout = nla_get_u16(
6029 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
6030 	}
6031 
6032 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6033 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6034 			err = -EINVAL;
6035 			goto out;
6036 		}
6037 		params->p2p_ctwindow =
6038 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6039 		if (params->p2p_ctwindow != 0 &&
6040 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) {
6041 			err = -EINVAL;
6042 			goto out;
6043 		}
6044 	}
6045 
6046 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6047 		u8 tmp;
6048 
6049 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6050 			err = -EINVAL;
6051 			goto out;
6052 		}
6053 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6054 		params->p2p_opp_ps = tmp;
6055 		if (params->p2p_opp_ps != 0 &&
6056 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) {
6057 			err = -EINVAL;
6058 			goto out;
6059 		}
6060 	}
6061 
6062 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
6063 		err = nl80211_parse_chandef(rdev, info, &params->chandef);
6064 		if (err)
6065 			goto out;
6066 	} else if (wdev->valid_links) {
6067 		/* with MLD need to specify the channel configuration */
6068 		err = -EINVAL;
6069 		goto out;
6070 	} else if (wdev->u.ap.preset_chandef.chan) {
6071 		params->chandef = wdev->u.ap.preset_chandef;
6072 	} else if (!nl80211_get_ap_channel(rdev, params)) {
6073 		err = -EINVAL;
6074 		goto out;
6075 	}
6076 
6077 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params->chandef,
6078 					   wdev->iftype)) {
6079 		err = -EINVAL;
6080 		goto out;
6081 	}
6082 
6083 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
6084 		err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
6085 						    NL80211_ATTR_TX_RATES,
6086 						    &params->beacon_rate,
6087 						    dev, false, link_id);
6088 		if (err)
6089 			goto out;
6090 
6091 		err = validate_beacon_tx_rate(rdev, params->chandef.chan->band,
6092 					      &params->beacon_rate);
6093 		if (err)
6094 			goto out;
6095 	}
6096 
6097 	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
6098 		params->smps_mode =
6099 			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
6100 		switch (params->smps_mode) {
6101 		case NL80211_SMPS_OFF:
6102 			break;
6103 		case NL80211_SMPS_STATIC:
6104 			if (!(rdev->wiphy.features &
6105 			      NL80211_FEATURE_STATIC_SMPS)) {
6106 				err = -EINVAL;
6107 				goto out;
6108 			}
6109 			break;
6110 		case NL80211_SMPS_DYNAMIC:
6111 			if (!(rdev->wiphy.features &
6112 			      NL80211_FEATURE_DYNAMIC_SMPS)) {
6113 				err = -EINVAL;
6114 				goto out;
6115 			}
6116 			break;
6117 		default:
6118 			err = -EINVAL;
6119 			goto out;
6120 		}
6121 	} else {
6122 		params->smps_mode = NL80211_SMPS_OFF;
6123 	}
6124 
6125 	params->pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
6126 	if (params->pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
6127 		err = -EOPNOTSUPP;
6128 		goto out;
6129 	}
6130 
6131 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
6132 		params->acl = parse_acl_data(&rdev->wiphy, info);
6133 		if (IS_ERR(params->acl)) {
6134 			err = PTR_ERR(params->acl);
6135 			params->acl = NULL;
6136 			goto out;
6137 		}
6138 	}
6139 
6140 	params->twt_responder =
6141 		    nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
6142 
6143 	if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
6144 		err = nl80211_parse_he_obss_pd(
6145 					info->attrs[NL80211_ATTR_HE_OBSS_PD],
6146 					&params->he_obss_pd);
6147 		if (err)
6148 			goto out;
6149 	}
6150 
6151 	if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
6152 		err = nl80211_parse_fils_discovery(rdev,
6153 						   info->attrs[NL80211_ATTR_FILS_DISCOVERY],
6154 						   &params->fils_discovery);
6155 		if (err)
6156 			goto out;
6157 	}
6158 
6159 	if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
6160 		err = nl80211_parse_unsol_bcast_probe_resp(
6161 			rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
6162 			&params->unsol_bcast_probe_resp);
6163 		if (err)
6164 			goto out;
6165 	}
6166 
6167 	if (info->attrs[NL80211_ATTR_MBSSID_CONFIG]) {
6168 		err = nl80211_parse_mbssid_config(&rdev->wiphy, dev,
6169 						  info->attrs[NL80211_ATTR_MBSSID_CONFIG],
6170 						  &params->mbssid_config,
6171 						  params->beacon.mbssid_ies ?
6172 							params->beacon.mbssid_ies->cnt :
6173 							0);
6174 		if (err)
6175 			goto out;
6176 	}
6177 
6178 	if (!params->mbssid_config.ema && params->beacon.rnr_ies) {
6179 		err = -EINVAL;
6180 		goto out;
6181 	}
6182 
6183 	err = nl80211_calculate_ap_params(params);
6184 	if (err)
6185 		goto out;
6186 
6187 	err = nl80211_validate_ap_phy_operation(params);
6188 	if (err)
6189 		goto out;
6190 
6191 	if (info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS])
6192 		params->flags = nla_get_u32(
6193 			info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]);
6194 	else if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
6195 		params->flags |= NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
6196 
6197 	if (wdev->conn_owner_nlportid &&
6198 	    info->attrs[NL80211_ATTR_SOCKET_OWNER] &&
6199 	    wdev->conn_owner_nlportid != info->snd_portid) {
6200 		err = -EINVAL;
6201 		goto out;
6202 	}
6203 
6204 	/* FIXME: validate MLO/link-id against driver capabilities */
6205 
6206 	err = rdev_start_ap(rdev, dev, params);
6207 	if (!err) {
6208 		wdev->links[link_id].ap.beacon_interval = params->beacon_interval;
6209 		wdev->links[link_id].ap.chandef = params->chandef;
6210 		wdev->u.ap.ssid_len = params->ssid_len;
6211 		memcpy(wdev->u.ap.ssid, params->ssid,
6212 		       params->ssid_len);
6213 
6214 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
6215 			wdev->conn_owner_nlportid = info->snd_portid;
6216 
6217 		nl80211_send_ap_started(wdev, link_id);
6218 	}
6219 out:
6220 	kfree(params->acl);
6221 	kfree(params->beacon.mbssid_ies);
6222 	if (params->mbssid_config.tx_wdev &&
6223 	    params->mbssid_config.tx_wdev->netdev &&
6224 	    params->mbssid_config.tx_wdev->netdev != dev)
6225 		dev_put(params->mbssid_config.tx_wdev->netdev);
6226 	kfree(params->beacon.rnr_ies);
6227 	kfree(params);
6228 
6229 	return err;
6230 }
6231 
6232 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
6233 {
6234 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6235 	unsigned int link_id = nl80211_link_id(info->attrs);
6236 	struct net_device *dev = info->user_ptr[1];
6237 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6238 	struct cfg80211_ap_update *params;
6239 	struct nlattr *attr;
6240 	int err;
6241 
6242 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6243 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6244 		return -EOPNOTSUPP;
6245 
6246 	if (!rdev->ops->change_beacon)
6247 		return -EOPNOTSUPP;
6248 
6249 	if (!wdev->links[link_id].ap.beacon_interval)
6250 		return -EINVAL;
6251 
6252 	params = kzalloc(sizeof(*params), GFP_KERNEL);
6253 	if (!params)
6254 		return -ENOMEM;
6255 
6256 	err = nl80211_parse_beacon(rdev, info->attrs, &params->beacon,
6257 				   info->extack);
6258 	if (err)
6259 		goto out;
6260 
6261 	attr = info->attrs[NL80211_ATTR_FILS_DISCOVERY];
6262 	if (attr) {
6263 		err = nl80211_parse_fils_discovery(rdev, attr,
6264 						   &params->fils_discovery);
6265 		if (err)
6266 			goto out;
6267 	}
6268 
6269 	attr = info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP];
6270 	if (attr) {
6271 		err = nl80211_parse_unsol_bcast_probe_resp(rdev, attr,
6272 							   &params->unsol_bcast_probe_resp);
6273 		if (err)
6274 			goto out;
6275 	}
6276 
6277 	err = rdev_change_beacon(rdev, dev, params);
6278 
6279 out:
6280 	kfree(params->beacon.mbssid_ies);
6281 	kfree(params->beacon.rnr_ies);
6282 	kfree(params);
6283 	return err;
6284 }
6285 
6286 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
6287 {
6288 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6289 	unsigned int link_id = nl80211_link_id(info->attrs);
6290 	struct net_device *dev = info->user_ptr[1];
6291 
6292 	return cfg80211_stop_ap(rdev, dev, link_id, false);
6293 }
6294 
6295 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
6296 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
6297 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
6298 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
6299 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
6300 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
6301 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
6302 };
6303 
6304 static int parse_station_flags(struct genl_info *info,
6305 			       enum nl80211_iftype iftype,
6306 			       struct station_parameters *params)
6307 {
6308 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
6309 	struct nlattr *nla;
6310 	int flag;
6311 
6312 	/*
6313 	 * Try parsing the new attribute first so userspace
6314 	 * can specify both for older kernels.
6315 	 */
6316 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
6317 	if (nla) {
6318 		struct nl80211_sta_flag_update *sta_flags;
6319 
6320 		sta_flags = nla_data(nla);
6321 		params->sta_flags_mask = sta_flags->mask;
6322 		params->sta_flags_set = sta_flags->set;
6323 		params->sta_flags_set &= params->sta_flags_mask;
6324 		if ((params->sta_flags_mask |
6325 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
6326 			return -EINVAL;
6327 		return 0;
6328 	}
6329 
6330 	/* if present, parse the old attribute */
6331 
6332 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
6333 	if (!nla)
6334 		return 0;
6335 
6336 	if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
6337 		return -EINVAL;
6338 
6339 	/*
6340 	 * Only allow certain flags for interface types so that
6341 	 * other attributes are silently ignored. Remember that
6342 	 * this is backward compatibility code with old userspace
6343 	 * and shouldn't be hit in other cases anyway.
6344 	 */
6345 	switch (iftype) {
6346 	case NL80211_IFTYPE_AP:
6347 	case NL80211_IFTYPE_AP_VLAN:
6348 	case NL80211_IFTYPE_P2P_GO:
6349 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
6350 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
6351 					 BIT(NL80211_STA_FLAG_WME) |
6352 					 BIT(NL80211_STA_FLAG_MFP);
6353 		break;
6354 	case NL80211_IFTYPE_P2P_CLIENT:
6355 	case NL80211_IFTYPE_STATION:
6356 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
6357 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
6358 		break;
6359 	case NL80211_IFTYPE_MESH_POINT:
6360 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6361 					 BIT(NL80211_STA_FLAG_MFP) |
6362 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
6363 		break;
6364 	default:
6365 		return -EINVAL;
6366 	}
6367 
6368 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
6369 		if (flags[flag]) {
6370 			params->sta_flags_set |= (1<<flag);
6371 
6372 			/* no longer support new API additions in old API */
6373 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
6374 				return -EINVAL;
6375 		}
6376 	}
6377 
6378 	return 0;
6379 }
6380 
6381 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
6382 {
6383 	struct nlattr *rate;
6384 	u32 bitrate;
6385 	u16 bitrate_compat;
6386 	enum nl80211_rate_info rate_flg;
6387 
6388 	rate = nla_nest_start_noflag(msg, attr);
6389 	if (!rate)
6390 		return false;
6391 
6392 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
6393 	bitrate = cfg80211_calculate_bitrate(info);
6394 	/* report 16-bit bitrate only if we can */
6395 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
6396 	if (bitrate > 0 &&
6397 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
6398 		return false;
6399 	if (bitrate_compat > 0 &&
6400 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
6401 		return false;
6402 
6403 	switch (info->bw) {
6404 	case RATE_INFO_BW_1:
6405 		rate_flg = NL80211_RATE_INFO_1_MHZ_WIDTH;
6406 		break;
6407 	case RATE_INFO_BW_2:
6408 		rate_flg = NL80211_RATE_INFO_2_MHZ_WIDTH;
6409 		break;
6410 	case RATE_INFO_BW_4:
6411 		rate_flg = NL80211_RATE_INFO_4_MHZ_WIDTH;
6412 		break;
6413 	case RATE_INFO_BW_5:
6414 		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
6415 		break;
6416 	case RATE_INFO_BW_8:
6417 		rate_flg = NL80211_RATE_INFO_8_MHZ_WIDTH;
6418 		break;
6419 	case RATE_INFO_BW_10:
6420 		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
6421 		break;
6422 	case RATE_INFO_BW_16:
6423 		rate_flg = NL80211_RATE_INFO_16_MHZ_WIDTH;
6424 		break;
6425 	default:
6426 		WARN_ON(1);
6427 		fallthrough;
6428 	case RATE_INFO_BW_20:
6429 		rate_flg = 0;
6430 		break;
6431 	case RATE_INFO_BW_40:
6432 		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
6433 		break;
6434 	case RATE_INFO_BW_80:
6435 		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
6436 		break;
6437 	case RATE_INFO_BW_160:
6438 		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
6439 		break;
6440 	case RATE_INFO_BW_HE_RU:
6441 		rate_flg = 0;
6442 		WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
6443 		break;
6444 	case RATE_INFO_BW_320:
6445 		rate_flg = NL80211_RATE_INFO_320_MHZ_WIDTH;
6446 		break;
6447 	case RATE_INFO_BW_EHT_RU:
6448 		rate_flg = 0;
6449 		WARN_ON(!(info->flags & RATE_INFO_FLAGS_EHT_MCS));
6450 		break;
6451 	}
6452 
6453 	if (rate_flg && nla_put_flag(msg, rate_flg))
6454 		return false;
6455 
6456 	if (info->flags & RATE_INFO_FLAGS_MCS) {
6457 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
6458 			return false;
6459 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6460 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6461 			return false;
6462 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
6463 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
6464 			return false;
6465 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
6466 			return false;
6467 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6468 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6469 			return false;
6470 	} else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
6471 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
6472 			return false;
6473 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
6474 			return false;
6475 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
6476 			return false;
6477 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
6478 			return false;
6479 		if (info->bw == RATE_INFO_BW_HE_RU &&
6480 		    nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
6481 			       info->he_ru_alloc))
6482 			return false;
6483 	} else if (info->flags & RATE_INFO_FLAGS_S1G_MCS) {
6484 		if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_MCS, info->mcs))
6485 			return false;
6486 		if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_NSS, info->nss))
6487 			return false;
6488 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6489 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6490 			return false;
6491 	} else if (info->flags & RATE_INFO_FLAGS_EHT_MCS) {
6492 		if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_MCS, info->mcs))
6493 			return false;
6494 		if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss))
6495 			return false;
6496 		if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi))
6497 			return false;
6498 		if (info->bw == RATE_INFO_BW_EHT_RU &&
6499 		    nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC,
6500 			       info->eht_ru_alloc))
6501 			return false;
6502 	}
6503 
6504 	nla_nest_end(msg, rate);
6505 	return true;
6506 }
6507 
6508 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
6509 			       int id)
6510 {
6511 	void *attr;
6512 	int i = 0;
6513 
6514 	if (!mask)
6515 		return true;
6516 
6517 	attr = nla_nest_start_noflag(msg, id);
6518 	if (!attr)
6519 		return false;
6520 
6521 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
6522 		if (!(mask & BIT(i)))
6523 			continue;
6524 
6525 		if (nla_put_u8(msg, i, signal[i]))
6526 			return false;
6527 	}
6528 
6529 	nla_nest_end(msg, attr);
6530 
6531 	return true;
6532 }
6533 
6534 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
6535 				u32 seq, int flags,
6536 				struct cfg80211_registered_device *rdev,
6537 				struct net_device *dev,
6538 				const u8 *mac_addr, struct station_info *sinfo)
6539 {
6540 	void *hdr;
6541 	struct nlattr *sinfoattr, *bss_param;
6542 
6543 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
6544 	if (!hdr) {
6545 		cfg80211_sinfo_release_content(sinfo);
6546 		return -1;
6547 	}
6548 
6549 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6550 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
6551 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
6552 		goto nla_put_failure;
6553 
6554 	sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
6555 	if (!sinfoattr)
6556 		goto nla_put_failure;
6557 
6558 #define PUT_SINFO(attr, memb, type) do {				\
6559 	BUILD_BUG_ON(sizeof(type) == sizeof(u64));			\
6560 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
6561 	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
6562 			     sinfo->memb))				\
6563 		goto nla_put_failure;					\
6564 	} while (0)
6565 #define PUT_SINFO_U64(attr, memb) do {					\
6566 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
6567 	    nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr,		\
6568 			      sinfo->memb, NL80211_STA_INFO_PAD))	\
6569 		goto nla_put_failure;					\
6570 	} while (0)
6571 
6572 	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
6573 	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
6574 	PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
6575 
6576 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
6577 			     BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
6578 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
6579 			(u32)sinfo->rx_bytes))
6580 		goto nla_put_failure;
6581 
6582 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
6583 			     BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
6584 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
6585 			(u32)sinfo->tx_bytes))
6586 		goto nla_put_failure;
6587 
6588 	PUT_SINFO_U64(RX_BYTES64, rx_bytes);
6589 	PUT_SINFO_U64(TX_BYTES64, tx_bytes);
6590 	PUT_SINFO(LLID, llid, u16);
6591 	PUT_SINFO(PLID, plid, u16);
6592 	PUT_SINFO(PLINK_STATE, plink_state, u8);
6593 	PUT_SINFO_U64(RX_DURATION, rx_duration);
6594 	PUT_SINFO_U64(TX_DURATION, tx_duration);
6595 
6596 	if (wiphy_ext_feature_isset(&rdev->wiphy,
6597 				    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6598 		PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
6599 
6600 	switch (rdev->wiphy.signal_type) {
6601 	case CFG80211_SIGNAL_TYPE_MBM:
6602 		PUT_SINFO(SIGNAL, signal, u8);
6603 		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
6604 		break;
6605 	default:
6606 		break;
6607 	}
6608 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
6609 		if (!nl80211_put_signal(msg, sinfo->chains,
6610 					sinfo->chain_signal,
6611 					NL80211_STA_INFO_CHAIN_SIGNAL))
6612 			goto nla_put_failure;
6613 	}
6614 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
6615 		if (!nl80211_put_signal(msg, sinfo->chains,
6616 					sinfo->chain_signal_avg,
6617 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
6618 			goto nla_put_failure;
6619 	}
6620 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
6621 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
6622 					  NL80211_STA_INFO_TX_BITRATE))
6623 			goto nla_put_failure;
6624 	}
6625 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
6626 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
6627 					  NL80211_STA_INFO_RX_BITRATE))
6628 			goto nla_put_failure;
6629 	}
6630 
6631 	PUT_SINFO(RX_PACKETS, rx_packets, u32);
6632 	PUT_SINFO(TX_PACKETS, tx_packets, u32);
6633 	PUT_SINFO(TX_RETRIES, tx_retries, u32);
6634 	PUT_SINFO(TX_FAILED, tx_failed, u32);
6635 	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
6636 	PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
6637 	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
6638 	PUT_SINFO(LOCAL_PM, local_pm, u32);
6639 	PUT_SINFO(PEER_PM, peer_pm, u32);
6640 	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
6641 	PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
6642 	PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
6643 
6644 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
6645 		bss_param = nla_nest_start_noflag(msg,
6646 						  NL80211_STA_INFO_BSS_PARAM);
6647 		if (!bss_param)
6648 			goto nla_put_failure;
6649 
6650 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
6651 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
6652 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
6653 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
6654 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
6655 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
6656 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
6657 			       sinfo->bss_param.dtim_period) ||
6658 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
6659 				sinfo->bss_param.beacon_interval))
6660 			goto nla_put_failure;
6661 
6662 		nla_nest_end(msg, bss_param);
6663 	}
6664 	if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
6665 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
6666 		    sizeof(struct nl80211_sta_flag_update),
6667 		    &sinfo->sta_flags))
6668 		goto nla_put_failure;
6669 
6670 	PUT_SINFO_U64(T_OFFSET, t_offset);
6671 	PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
6672 	PUT_SINFO_U64(BEACON_RX, rx_beacon);
6673 	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
6674 	PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
6675 	PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
6676 	if (wiphy_ext_feature_isset(&rdev->wiphy,
6677 				    NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
6678 		PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
6679 		PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
6680 	}
6681 
6682 #undef PUT_SINFO
6683 #undef PUT_SINFO_U64
6684 
6685 	if (sinfo->pertid) {
6686 		struct nlattr *tidsattr;
6687 		int tid;
6688 
6689 		tidsattr = nla_nest_start_noflag(msg,
6690 						 NL80211_STA_INFO_TID_STATS);
6691 		if (!tidsattr)
6692 			goto nla_put_failure;
6693 
6694 		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
6695 			struct cfg80211_tid_stats *tidstats;
6696 			struct nlattr *tidattr;
6697 
6698 			tidstats = &sinfo->pertid[tid];
6699 
6700 			if (!tidstats->filled)
6701 				continue;
6702 
6703 			tidattr = nla_nest_start_noflag(msg, tid + 1);
6704 			if (!tidattr)
6705 				goto nla_put_failure;
6706 
6707 #define PUT_TIDVAL_U64(attr, memb) do {					\
6708 	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
6709 	    nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr,		\
6710 			      tidstats->memb, NL80211_TID_STATS_PAD))	\
6711 		goto nla_put_failure;					\
6712 	} while (0)
6713 
6714 			PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
6715 			PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
6716 			PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
6717 			PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
6718 
6719 #undef PUT_TIDVAL_U64
6720 			if ((tidstats->filled &
6721 			     BIT(NL80211_TID_STATS_TXQ_STATS)) &&
6722 			    !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
6723 						   NL80211_TID_STATS_TXQ_STATS))
6724 				goto nla_put_failure;
6725 
6726 			nla_nest_end(msg, tidattr);
6727 		}
6728 
6729 		nla_nest_end(msg, tidsattr);
6730 	}
6731 
6732 	nla_nest_end(msg, sinfoattr);
6733 
6734 	if (sinfo->assoc_req_ies_len &&
6735 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
6736 		    sinfo->assoc_req_ies))
6737 		goto nla_put_failure;
6738 
6739 	if (sinfo->assoc_resp_ies_len &&
6740 	    nla_put(msg, NL80211_ATTR_RESP_IE, sinfo->assoc_resp_ies_len,
6741 		    sinfo->assoc_resp_ies))
6742 		goto nla_put_failure;
6743 
6744 	if (sinfo->mlo_params_valid) {
6745 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
6746 			       sinfo->assoc_link_id))
6747 			goto nla_put_failure;
6748 
6749 		if (!is_zero_ether_addr(sinfo->mld_addr) &&
6750 		    nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
6751 			    sinfo->mld_addr))
6752 			goto nla_put_failure;
6753 	}
6754 
6755 	cfg80211_sinfo_release_content(sinfo);
6756 	genlmsg_end(msg, hdr);
6757 	return 0;
6758 
6759  nla_put_failure:
6760 	cfg80211_sinfo_release_content(sinfo);
6761 	genlmsg_cancel(msg, hdr);
6762 	return -EMSGSIZE;
6763 }
6764 
6765 static int nl80211_dump_station(struct sk_buff *skb,
6766 				struct netlink_callback *cb)
6767 {
6768 	struct station_info sinfo;
6769 	struct cfg80211_registered_device *rdev;
6770 	struct wireless_dev *wdev;
6771 	u8 mac_addr[ETH_ALEN];
6772 	int sta_idx = cb->args[2];
6773 	int err;
6774 
6775 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
6776 	if (err)
6777 		return err;
6778 	/* nl80211_prepare_wdev_dump acquired it in the successful case */
6779 	__acquire(&rdev->wiphy.mtx);
6780 
6781 	if (!wdev->netdev) {
6782 		err = -EINVAL;
6783 		goto out_err;
6784 	}
6785 
6786 	if (!rdev->ops->dump_station) {
6787 		err = -EOPNOTSUPP;
6788 		goto out_err;
6789 	}
6790 
6791 	while (1) {
6792 		memset(&sinfo, 0, sizeof(sinfo));
6793 		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
6794 					mac_addr, &sinfo);
6795 		if (err == -ENOENT)
6796 			break;
6797 		if (err)
6798 			goto out_err;
6799 
6800 		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
6801 				NETLINK_CB(cb->skb).portid,
6802 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6803 				rdev, wdev->netdev, mac_addr,
6804 				&sinfo) < 0)
6805 			goto out;
6806 
6807 		sta_idx++;
6808 	}
6809 
6810  out:
6811 	cb->args[2] = sta_idx;
6812 	err = skb->len;
6813  out_err:
6814 	wiphy_unlock(&rdev->wiphy);
6815 
6816 	return err;
6817 }
6818 
6819 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
6820 {
6821 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6822 	struct net_device *dev = info->user_ptr[1];
6823 	struct station_info sinfo;
6824 	struct sk_buff *msg;
6825 	u8 *mac_addr = NULL;
6826 	int err;
6827 
6828 	memset(&sinfo, 0, sizeof(sinfo));
6829 
6830 	if (!info->attrs[NL80211_ATTR_MAC])
6831 		return -EINVAL;
6832 
6833 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6834 
6835 	if (!rdev->ops->get_station)
6836 		return -EOPNOTSUPP;
6837 
6838 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
6839 	if (err)
6840 		return err;
6841 
6842 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6843 	if (!msg) {
6844 		cfg80211_sinfo_release_content(&sinfo);
6845 		return -ENOMEM;
6846 	}
6847 
6848 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
6849 				 info->snd_portid, info->snd_seq, 0,
6850 				 rdev, dev, mac_addr, &sinfo) < 0) {
6851 		nlmsg_free(msg);
6852 		return -ENOBUFS;
6853 	}
6854 
6855 	return genlmsg_reply(msg, info);
6856 }
6857 
6858 int cfg80211_check_station_change(struct wiphy *wiphy,
6859 				  struct station_parameters *params,
6860 				  enum cfg80211_station_type statype)
6861 {
6862 	if (params->listen_interval != -1 &&
6863 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6864 		return -EINVAL;
6865 
6866 	if (params->support_p2p_ps != -1 &&
6867 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6868 		return -EINVAL;
6869 
6870 	if (params->aid &&
6871 	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
6872 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6873 		return -EINVAL;
6874 
6875 	/* When you run into this, adjust the code below for the new flag */
6876 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
6877 
6878 	switch (statype) {
6879 	case CFG80211_STA_MESH_PEER_KERNEL:
6880 	case CFG80211_STA_MESH_PEER_USER:
6881 		/*
6882 		 * No ignoring the TDLS flag here -- the userspace mesh
6883 		 * code doesn't have the bug of including TDLS in the
6884 		 * mask everywhere.
6885 		 */
6886 		if (params->sta_flags_mask &
6887 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6888 				  BIT(NL80211_STA_FLAG_MFP) |
6889 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
6890 			return -EINVAL;
6891 		break;
6892 	case CFG80211_STA_TDLS_PEER_SETUP:
6893 	case CFG80211_STA_TDLS_PEER_ACTIVE:
6894 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6895 			return -EINVAL;
6896 		/* ignore since it can't change */
6897 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6898 		break;
6899 	default:
6900 		/* disallow mesh-specific things */
6901 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
6902 			return -EINVAL;
6903 		if (params->local_pm)
6904 			return -EINVAL;
6905 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
6906 			return -EINVAL;
6907 	}
6908 
6909 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
6910 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
6911 		/* TDLS can't be set, ... */
6912 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
6913 			return -EINVAL;
6914 		/*
6915 		 * ... but don't bother the driver with it. This works around
6916 		 * a hostapd/wpa_supplicant issue -- it always includes the
6917 		 * TLDS_PEER flag in the mask even for AP mode.
6918 		 */
6919 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6920 	}
6921 
6922 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
6923 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
6924 		/* reject other things that can't change */
6925 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
6926 			return -EINVAL;
6927 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
6928 			return -EINVAL;
6929 		if (params->link_sta_params.supported_rates)
6930 			return -EINVAL;
6931 		if (params->ext_capab || params->link_sta_params.ht_capa ||
6932 		    params->link_sta_params.vht_capa ||
6933 		    params->link_sta_params.he_capa ||
6934 		    params->link_sta_params.eht_capa)
6935 			return -EINVAL;
6936 		if (params->sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
6937 			return -EINVAL;
6938 	}
6939 
6940 	if (statype != CFG80211_STA_AP_CLIENT &&
6941 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
6942 		if (params->vlan)
6943 			return -EINVAL;
6944 	}
6945 
6946 	switch (statype) {
6947 	case CFG80211_STA_AP_MLME_CLIENT:
6948 		/* Use this only for authorizing/unauthorizing a station */
6949 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
6950 			return -EOPNOTSUPP;
6951 		break;
6952 	case CFG80211_STA_AP_CLIENT:
6953 	case CFG80211_STA_AP_CLIENT_UNASSOC:
6954 		/* accept only the listed bits */
6955 		if (params->sta_flags_mask &
6956 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
6957 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6958 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
6959 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
6960 				  BIT(NL80211_STA_FLAG_WME) |
6961 				  BIT(NL80211_STA_FLAG_MFP) |
6962 				  BIT(NL80211_STA_FLAG_SPP_AMSDU)))
6963 			return -EINVAL;
6964 
6965 		/* but authenticated/associated only if driver handles it */
6966 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6967 		    params->sta_flags_mask &
6968 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6969 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
6970 			return -EINVAL;
6971 		break;
6972 	case CFG80211_STA_IBSS:
6973 	case CFG80211_STA_AP_STA:
6974 		/* reject any changes other than AUTHORIZED */
6975 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
6976 			return -EINVAL;
6977 		break;
6978 	case CFG80211_STA_TDLS_PEER_SETUP:
6979 		/* reject any changes other than AUTHORIZED or WME */
6980 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
6981 					       BIT(NL80211_STA_FLAG_WME)))
6982 			return -EINVAL;
6983 		/* force (at least) rates when authorizing */
6984 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
6985 		    !params->link_sta_params.supported_rates)
6986 			return -EINVAL;
6987 		break;
6988 	case CFG80211_STA_TDLS_PEER_ACTIVE:
6989 		/* reject any changes */
6990 		return -EINVAL;
6991 	case CFG80211_STA_MESH_PEER_KERNEL:
6992 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
6993 			return -EINVAL;
6994 		break;
6995 	case CFG80211_STA_MESH_PEER_USER:
6996 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
6997 		    params->plink_action != NL80211_PLINK_ACTION_BLOCK)
6998 			return -EINVAL;
6999 		break;
7000 	}
7001 
7002 	/*
7003 	 * Older kernel versions ignored this attribute entirely, so don't
7004 	 * reject attempts to update it but mark it as unused instead so the
7005 	 * driver won't look at the data.
7006 	 */
7007 	if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
7008 	    statype != CFG80211_STA_TDLS_PEER_SETUP)
7009 		params->link_sta_params.opmode_notif_used = false;
7010 
7011 	return 0;
7012 }
7013 EXPORT_SYMBOL(cfg80211_check_station_change);
7014 
7015 /*
7016  * Get vlan interface making sure it is running and on the right wiphy.
7017  */
7018 static struct net_device *get_vlan(struct genl_info *info,
7019 				   struct cfg80211_registered_device *rdev)
7020 {
7021 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
7022 	struct net_device *v;
7023 	int ret;
7024 
7025 	if (!vlanattr)
7026 		return NULL;
7027 
7028 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
7029 	if (!v)
7030 		return ERR_PTR(-ENODEV);
7031 
7032 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
7033 		ret = -EINVAL;
7034 		goto error;
7035 	}
7036 
7037 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
7038 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
7039 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
7040 		ret = -EINVAL;
7041 		goto error;
7042 	}
7043 
7044 	if (!netif_running(v)) {
7045 		ret = -ENETDOWN;
7046 		goto error;
7047 	}
7048 
7049 	return v;
7050  error:
7051 	dev_put(v);
7052 	return ERR_PTR(ret);
7053 }
7054 
7055 static int nl80211_parse_sta_wme(struct genl_info *info,
7056 				 struct station_parameters *params)
7057 {
7058 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
7059 	struct nlattr *nla;
7060 	int err;
7061 
7062 	/* parse WME attributes if present */
7063 	if (!info->attrs[NL80211_ATTR_STA_WME])
7064 		return 0;
7065 
7066 	nla = info->attrs[NL80211_ATTR_STA_WME];
7067 	err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
7068 					  nl80211_sta_wme_policy,
7069 					  info->extack);
7070 	if (err)
7071 		return err;
7072 
7073 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
7074 		params->uapsd_queues = nla_get_u8(
7075 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
7076 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
7077 		return -EINVAL;
7078 
7079 	if (tb[NL80211_STA_WME_MAX_SP])
7080 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
7081 
7082 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
7083 		return -EINVAL;
7084 
7085 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
7086 
7087 	return 0;
7088 }
7089 
7090 static int nl80211_parse_sta_channel_info(struct genl_info *info,
7091 				      struct station_parameters *params)
7092 {
7093 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
7094 		params->supported_channels =
7095 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
7096 		params->supported_channels_len =
7097 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
7098 		/*
7099 		 * Need to include at least one (first channel, number of
7100 		 * channels) tuple for each subband (checked in policy),
7101 		 * and must have proper tuples for the rest of the data as well.
7102 		 */
7103 		if (params->supported_channels_len % 2)
7104 			return -EINVAL;
7105 	}
7106 
7107 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
7108 		params->supported_oper_classes =
7109 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
7110 		params->supported_oper_classes_len =
7111 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
7112 	}
7113 	return 0;
7114 }
7115 
7116 static int nl80211_set_station_tdls(struct genl_info *info,
7117 				    struct station_parameters *params)
7118 {
7119 	int err;
7120 	/* Dummy STA entry gets updated once the peer capabilities are known */
7121 	if (info->attrs[NL80211_ATTR_PEER_AID])
7122 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
7123 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
7124 		params->link_sta_params.ht_capa =
7125 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
7126 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
7127 		params->link_sta_params.vht_capa =
7128 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
7129 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
7130 		params->link_sta_params.he_capa =
7131 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7132 		params->link_sta_params.he_capa_len =
7133 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7134 
7135 		if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
7136 			params->link_sta_params.eht_capa =
7137 				nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7138 			params->link_sta_params.eht_capa_len =
7139 				nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7140 
7141 			if (!ieee80211_eht_capa_size_ok((const u8 *)params->link_sta_params.he_capa,
7142 							(const u8 *)params->link_sta_params.eht_capa,
7143 							params->link_sta_params.eht_capa_len,
7144 							false))
7145 				return -EINVAL;
7146 		}
7147 	}
7148 
7149 	err = nl80211_parse_sta_channel_info(info, params);
7150 	if (err)
7151 		return err;
7152 
7153 	return nl80211_parse_sta_wme(info, params);
7154 }
7155 
7156 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
7157 					     struct sta_txpwr *txpwr,
7158 					     bool *txpwr_set)
7159 {
7160 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7161 	int idx;
7162 
7163 	if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
7164 		if (!rdev->ops->set_tx_power ||
7165 		    !wiphy_ext_feature_isset(&rdev->wiphy,
7166 					 NL80211_EXT_FEATURE_STA_TX_PWR))
7167 			return -EOPNOTSUPP;
7168 
7169 		idx = NL80211_ATTR_STA_TX_POWER_SETTING;
7170 		txpwr->type = nla_get_u8(info->attrs[idx]);
7171 
7172 		if (txpwr->type == NL80211_TX_POWER_LIMITED) {
7173 			idx = NL80211_ATTR_STA_TX_POWER;
7174 
7175 			if (info->attrs[idx])
7176 				txpwr->power = nla_get_s16(info->attrs[idx]);
7177 			else
7178 				return -EINVAL;
7179 		}
7180 
7181 		*txpwr_set = true;
7182 	} else {
7183 		*txpwr_set = false;
7184 	}
7185 
7186 	return 0;
7187 }
7188 
7189 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
7190 {
7191 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7192 	struct net_device *dev = info->user_ptr[1];
7193 	struct station_parameters params;
7194 	u8 *mac_addr;
7195 	int err;
7196 
7197 	memset(&params, 0, sizeof(params));
7198 
7199 	if (!rdev->ops->change_station)
7200 		return -EOPNOTSUPP;
7201 
7202 	/*
7203 	 * AID and listen_interval properties can be set only for unassociated
7204 	 * station. Include these parameters here and will check them in
7205 	 * cfg80211_check_station_change().
7206 	 */
7207 	if (info->attrs[NL80211_ATTR_STA_AID])
7208 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
7209 
7210 	if (info->attrs[NL80211_ATTR_VLAN_ID])
7211 		params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
7212 
7213 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
7214 		params.listen_interval =
7215 		     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
7216 	else
7217 		params.listen_interval = -1;
7218 
7219 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
7220 		params.support_p2p_ps =
7221 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
7222 	else
7223 		params.support_p2p_ps = -1;
7224 
7225 	if (!info->attrs[NL80211_ATTR_MAC])
7226 		return -EINVAL;
7227 
7228 	params.link_sta_params.link_id =
7229 		nl80211_link_id_or_invalid(info->attrs);
7230 
7231 	if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
7232 		/* If MLD_ADDR attribute is set then this is an MLD station
7233 		 * and the MLD_ADDR attribute holds the MLD address and the
7234 		 * MAC attribute holds for the LINK address.
7235 		 * In that case, the link_id is also expected to be valid.
7236 		 */
7237 		if (params.link_sta_params.link_id < 0)
7238 			return -EINVAL;
7239 
7240 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
7241 		params.link_sta_params.mld_mac = mac_addr;
7242 		params.link_sta_params.link_mac =
7243 			nla_data(info->attrs[NL80211_ATTR_MAC]);
7244 		if (!is_valid_ether_addr(params.link_sta_params.link_mac))
7245 			return -EINVAL;
7246 	} else {
7247 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
7248 	}
7249 
7250 
7251 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
7252 		params.link_sta_params.supported_rates =
7253 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7254 		params.link_sta_params.supported_rates_len =
7255 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7256 	}
7257 
7258 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
7259 		params.capability =
7260 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
7261 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
7262 	}
7263 
7264 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
7265 		params.ext_capab =
7266 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7267 		params.ext_capab_len =
7268 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7269 	}
7270 
7271 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
7272 		return -EINVAL;
7273 
7274 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
7275 		params.plink_action =
7276 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
7277 
7278 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
7279 		params.plink_state =
7280 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
7281 		if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
7282 			params.peer_aid = nla_get_u16(
7283 				info->attrs[NL80211_ATTR_MESH_PEER_AID]);
7284 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
7285 	}
7286 
7287 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
7288 		params.local_pm = nla_get_u32(
7289 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
7290 
7291 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
7292 		params.link_sta_params.opmode_notif_used = true;
7293 		params.link_sta_params.opmode_notif =
7294 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
7295 	}
7296 
7297 	if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
7298 		params.link_sta_params.he_6ghz_capa =
7299 			nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
7300 
7301 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
7302 		params.airtime_weight =
7303 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
7304 
7305 	if (params.airtime_weight &&
7306 	    !wiphy_ext_feature_isset(&rdev->wiphy,
7307 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7308 		return -EOPNOTSUPP;
7309 
7310 	err = nl80211_parse_sta_txpower_setting(info,
7311 						&params.link_sta_params.txpwr,
7312 						&params.link_sta_params.txpwr_set);
7313 	if (err)
7314 		return err;
7315 
7316 	/* Include parameters for TDLS peer (will check later) */
7317 	err = nl80211_set_station_tdls(info, &params);
7318 	if (err)
7319 		return err;
7320 
7321 	params.vlan = get_vlan(info, rdev);
7322 	if (IS_ERR(params.vlan))
7323 		return PTR_ERR(params.vlan);
7324 
7325 	switch (dev->ieee80211_ptr->iftype) {
7326 	case NL80211_IFTYPE_AP:
7327 	case NL80211_IFTYPE_AP_VLAN:
7328 	case NL80211_IFTYPE_P2P_GO:
7329 	case NL80211_IFTYPE_P2P_CLIENT:
7330 	case NL80211_IFTYPE_STATION:
7331 	case NL80211_IFTYPE_ADHOC:
7332 	case NL80211_IFTYPE_MESH_POINT:
7333 		break;
7334 	default:
7335 		err = -EOPNOTSUPP;
7336 		goto out_put_vlan;
7337 	}
7338 
7339 	/* driver will call cfg80211_check_station_change() */
7340 	err = rdev_change_station(rdev, dev, mac_addr, &params);
7341 
7342  out_put_vlan:
7343 	dev_put(params.vlan);
7344 
7345 	return err;
7346 }
7347 
7348 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
7349 {
7350 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7351 	int err;
7352 	struct net_device *dev = info->user_ptr[1];
7353 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7354 	struct station_parameters params;
7355 	u8 *mac_addr = NULL;
7356 	u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7357 			 BIT(NL80211_STA_FLAG_ASSOCIATED);
7358 
7359 	memset(&params, 0, sizeof(params));
7360 
7361 	if (!rdev->ops->add_station)
7362 		return -EOPNOTSUPP;
7363 
7364 	if (!info->attrs[NL80211_ATTR_MAC])
7365 		return -EINVAL;
7366 
7367 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
7368 		return -EINVAL;
7369 
7370 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
7371 		return -EINVAL;
7372 
7373 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
7374 	    !info->attrs[NL80211_ATTR_PEER_AID])
7375 		return -EINVAL;
7376 
7377 	params.link_sta_params.link_id =
7378 		nl80211_link_id_or_invalid(info->attrs);
7379 
7380 	if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
7381 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
7382 		params.link_sta_params.mld_mac = mac_addr;
7383 		params.link_sta_params.link_mac =
7384 			nla_data(info->attrs[NL80211_ATTR_MAC]);
7385 		if (!is_valid_ether_addr(params.link_sta_params.link_mac))
7386 			return -EINVAL;
7387 	} else {
7388 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
7389 	}
7390 
7391 	params.link_sta_params.supported_rates =
7392 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7393 	params.link_sta_params.supported_rates_len =
7394 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7395 	params.listen_interval =
7396 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
7397 
7398 	if (info->attrs[NL80211_ATTR_VLAN_ID])
7399 		params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
7400 
7401 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
7402 		params.support_p2p_ps =
7403 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
7404 	} else {
7405 		/*
7406 		 * if not specified, assume it's supported for P2P GO interface,
7407 		 * and is NOT supported for AP interface
7408 		 */
7409 		params.support_p2p_ps =
7410 			dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
7411 	}
7412 
7413 	if (info->attrs[NL80211_ATTR_PEER_AID])
7414 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
7415 	else
7416 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
7417 
7418 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
7419 		params.capability =
7420 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
7421 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
7422 	}
7423 
7424 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
7425 		params.ext_capab =
7426 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7427 		params.ext_capab_len =
7428 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7429 	}
7430 
7431 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
7432 		params.link_sta_params.ht_capa =
7433 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
7434 
7435 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
7436 		params.link_sta_params.vht_capa =
7437 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
7438 
7439 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
7440 		params.link_sta_params.he_capa =
7441 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7442 		params.link_sta_params.he_capa_len =
7443 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7444 
7445 		if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
7446 			params.link_sta_params.eht_capa =
7447 				nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7448 			params.link_sta_params.eht_capa_len =
7449 				nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7450 
7451 			if (!ieee80211_eht_capa_size_ok((const u8 *)params.link_sta_params.he_capa,
7452 							(const u8 *)params.link_sta_params.eht_capa,
7453 							params.link_sta_params.eht_capa_len,
7454 							false))
7455 				return -EINVAL;
7456 		}
7457 	}
7458 
7459 	if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
7460 		params.link_sta_params.he_6ghz_capa =
7461 			nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
7462 
7463 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
7464 		params.link_sta_params.opmode_notif_used = true;
7465 		params.link_sta_params.opmode_notif =
7466 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
7467 	}
7468 
7469 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
7470 		params.plink_action =
7471 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
7472 
7473 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
7474 		params.airtime_weight =
7475 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
7476 
7477 	if (params.airtime_weight &&
7478 	    !wiphy_ext_feature_isset(&rdev->wiphy,
7479 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7480 		return -EOPNOTSUPP;
7481 
7482 	err = nl80211_parse_sta_txpower_setting(info,
7483 						&params.link_sta_params.txpwr,
7484 						&params.link_sta_params.txpwr_set);
7485 	if (err)
7486 		return err;
7487 
7488 	err = nl80211_parse_sta_channel_info(info, &params);
7489 	if (err)
7490 		return err;
7491 
7492 	err = nl80211_parse_sta_wme(info, &params);
7493 	if (err)
7494 		return err;
7495 
7496 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
7497 		return -EINVAL;
7498 
7499 	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
7500 	 * as userspace might just pass through the capabilities from the IEs
7501 	 * directly, rather than enforcing this restriction and returning an
7502 	 * error in this case.
7503 	 */
7504 	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
7505 		params.link_sta_params.ht_capa = NULL;
7506 		params.link_sta_params.vht_capa = NULL;
7507 
7508 		/* HE and EHT require WME */
7509 		if (params.link_sta_params.he_capa_len ||
7510 		    params.link_sta_params.he_6ghz_capa ||
7511 		    params.link_sta_params.eht_capa_len)
7512 			return -EINVAL;
7513 	}
7514 
7515 	/* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
7516 	if (params.link_sta_params.he_6ghz_capa &&
7517 	    (params.link_sta_params.ht_capa || params.link_sta_params.vht_capa))
7518 		return -EINVAL;
7519 
7520 	/* When you run into this, adjust the code below for the new flag */
7521 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
7522 
7523 	switch (dev->ieee80211_ptr->iftype) {
7524 	case NL80211_IFTYPE_AP:
7525 	case NL80211_IFTYPE_AP_VLAN:
7526 	case NL80211_IFTYPE_P2P_GO:
7527 		/* ignore WME attributes if iface/sta is not capable */
7528 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
7529 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
7530 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
7531 
7532 		/* TDLS peers cannot be added */
7533 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
7534 		    info->attrs[NL80211_ATTR_PEER_AID])
7535 			return -EINVAL;
7536 		/* but don't bother the driver with it */
7537 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
7538 
7539 		/* allow authenticated/associated only if driver handles it */
7540 		if (!(rdev->wiphy.features &
7541 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
7542 		    params.sta_flags_mask & auth_assoc)
7543 			return -EINVAL;
7544 
7545 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
7546 					     NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT) &&
7547 		    params.sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
7548 			return -EINVAL;
7549 
7550 		/* Older userspace, or userspace wanting to be compatible with
7551 		 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
7552 		 * and assoc flags in the mask, but assumes the station will be
7553 		 * added as associated anyway since this was the required driver
7554 		 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
7555 		 * introduced.
7556 		 * In order to not bother drivers with this quirk in the API
7557 		 * set the flags in both the mask and set for new stations in
7558 		 * this case.
7559 		 */
7560 		if (!(params.sta_flags_mask & auth_assoc)) {
7561 			params.sta_flags_mask |= auth_assoc;
7562 			params.sta_flags_set |= auth_assoc;
7563 		}
7564 
7565 		/* must be last in here for error handling */
7566 		params.vlan = get_vlan(info, rdev);
7567 		if (IS_ERR(params.vlan))
7568 			return PTR_ERR(params.vlan);
7569 		break;
7570 	case NL80211_IFTYPE_MESH_POINT:
7571 		/* ignore uAPSD data */
7572 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
7573 
7574 		/* associated is disallowed */
7575 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
7576 			return -EINVAL;
7577 		/* TDLS peers cannot be added */
7578 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
7579 		    info->attrs[NL80211_ATTR_PEER_AID])
7580 			return -EINVAL;
7581 		break;
7582 	case NL80211_IFTYPE_STATION:
7583 	case NL80211_IFTYPE_P2P_CLIENT:
7584 		/* ignore uAPSD data */
7585 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
7586 
7587 		/* these are disallowed */
7588 		if (params.sta_flags_mask &
7589 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
7590 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
7591 			return -EINVAL;
7592 		/* Only TDLS peers can be added */
7593 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
7594 			return -EINVAL;
7595 		/* Can only add if TDLS ... */
7596 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
7597 			return -EOPNOTSUPP;
7598 		/* ... with external setup is supported */
7599 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
7600 			return -EOPNOTSUPP;
7601 		/*
7602 		 * Older wpa_supplicant versions always mark the TDLS peer
7603 		 * as authorized, but it shouldn't yet be.
7604 		 */
7605 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
7606 		break;
7607 	default:
7608 		return -EOPNOTSUPP;
7609 	}
7610 
7611 	/* be aware of params.vlan when changing code here */
7612 
7613 	if (wdev->valid_links) {
7614 		if (params.link_sta_params.link_id < 0) {
7615 			err = -EINVAL;
7616 			goto out;
7617 		}
7618 		if (!(wdev->valid_links & BIT(params.link_sta_params.link_id))) {
7619 			err = -ENOLINK;
7620 			goto out;
7621 		}
7622 	} else {
7623 		if (params.link_sta_params.link_id >= 0) {
7624 			err = -EINVAL;
7625 			goto out;
7626 		}
7627 	}
7628 	err = rdev_add_station(rdev, dev, mac_addr, &params);
7629 out:
7630 	dev_put(params.vlan);
7631 	return err;
7632 }
7633 
7634 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
7635 {
7636 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7637 	struct net_device *dev = info->user_ptr[1];
7638 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7639 	struct station_del_parameters params;
7640 	int link_id = nl80211_link_id_or_invalid(info->attrs);
7641 
7642 	memset(&params, 0, sizeof(params));
7643 
7644 	if (info->attrs[NL80211_ATTR_MAC])
7645 		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
7646 
7647 	switch (wdev->iftype) {
7648 	case NL80211_IFTYPE_AP:
7649 	case NL80211_IFTYPE_AP_VLAN:
7650 	case NL80211_IFTYPE_MESH_POINT:
7651 	case NL80211_IFTYPE_P2P_GO:
7652 		/* always accept these */
7653 		break;
7654 	case NL80211_IFTYPE_ADHOC:
7655 		/* conditionally accept */
7656 		if (wiphy_ext_feature_isset(&rdev->wiphy,
7657 					    NL80211_EXT_FEATURE_DEL_IBSS_STA))
7658 			break;
7659 		return -EINVAL;
7660 	default:
7661 		return -EINVAL;
7662 	}
7663 
7664 	if (!rdev->ops->del_station)
7665 		return -EOPNOTSUPP;
7666 
7667 	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
7668 		params.subtype =
7669 			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
7670 		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
7671 		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
7672 			return -EINVAL;
7673 	} else {
7674 		/* Default to Deauthentication frame */
7675 		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
7676 	}
7677 
7678 	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
7679 		params.reason_code =
7680 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7681 		if (params.reason_code == 0)
7682 			return -EINVAL; /* 0 is reserved */
7683 	} else {
7684 		/* Default to reason code 2 */
7685 		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
7686 	}
7687 
7688 	/* Link ID not expected in case of non-ML operation */
7689 	if (!wdev->valid_links && link_id != -1)
7690 		return -EINVAL;
7691 
7692 	/* If given, a valid link ID should be passed during MLO */
7693 	if (wdev->valid_links && link_id >= 0 &&
7694 	    !(wdev->valid_links & BIT(link_id)))
7695 		return -EINVAL;
7696 
7697 	params.link_id = link_id;
7698 
7699 	return rdev_del_station(rdev, dev, &params);
7700 }
7701 
7702 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
7703 				int flags, struct net_device *dev,
7704 				u8 *dst, u8 *next_hop,
7705 				struct mpath_info *pinfo)
7706 {
7707 	void *hdr;
7708 	struct nlattr *pinfoattr;
7709 
7710 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
7711 	if (!hdr)
7712 		return -1;
7713 
7714 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7715 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
7716 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
7717 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
7718 		goto nla_put_failure;
7719 
7720 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
7721 	if (!pinfoattr)
7722 		goto nla_put_failure;
7723 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
7724 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
7725 			pinfo->frame_qlen))
7726 		goto nla_put_failure;
7727 	if (((pinfo->filled & MPATH_INFO_SN) &&
7728 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
7729 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
7730 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
7731 			 pinfo->metric)) ||
7732 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
7733 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
7734 			 pinfo->exptime)) ||
7735 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
7736 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
7737 			pinfo->flags)) ||
7738 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
7739 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
7740 			 pinfo->discovery_timeout)) ||
7741 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
7742 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
7743 			pinfo->discovery_retries)) ||
7744 	    ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
7745 	     nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
7746 			pinfo->hop_count)) ||
7747 	    ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
7748 	     nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
7749 			 pinfo->path_change_count)))
7750 		goto nla_put_failure;
7751 
7752 	nla_nest_end(msg, pinfoattr);
7753 
7754 	genlmsg_end(msg, hdr);
7755 	return 0;
7756 
7757  nla_put_failure:
7758 	genlmsg_cancel(msg, hdr);
7759 	return -EMSGSIZE;
7760 }
7761 
7762 static int nl80211_dump_mpath(struct sk_buff *skb,
7763 			      struct netlink_callback *cb)
7764 {
7765 	struct mpath_info pinfo;
7766 	struct cfg80211_registered_device *rdev;
7767 	struct wireless_dev *wdev;
7768 	u8 dst[ETH_ALEN];
7769 	u8 next_hop[ETH_ALEN];
7770 	int path_idx = cb->args[2];
7771 	int err;
7772 
7773 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
7774 	if (err)
7775 		return err;
7776 	/* nl80211_prepare_wdev_dump acquired it in the successful case */
7777 	__acquire(&rdev->wiphy.mtx);
7778 
7779 	if (!rdev->ops->dump_mpath) {
7780 		err = -EOPNOTSUPP;
7781 		goto out_err;
7782 	}
7783 
7784 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
7785 		err = -EOPNOTSUPP;
7786 		goto out_err;
7787 	}
7788 
7789 	while (1) {
7790 		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
7791 				      next_hop, &pinfo);
7792 		if (err == -ENOENT)
7793 			break;
7794 		if (err)
7795 			goto out_err;
7796 
7797 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
7798 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
7799 				       wdev->netdev, dst, next_hop,
7800 				       &pinfo) < 0)
7801 			goto out;
7802 
7803 		path_idx++;
7804 	}
7805 
7806  out:
7807 	cb->args[2] = path_idx;
7808 	err = skb->len;
7809  out_err:
7810 	wiphy_unlock(&rdev->wiphy);
7811 	return err;
7812 }
7813 
7814 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
7815 {
7816 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7817 	int err;
7818 	struct net_device *dev = info->user_ptr[1];
7819 	struct mpath_info pinfo;
7820 	struct sk_buff *msg;
7821 	u8 *dst = NULL;
7822 	u8 next_hop[ETH_ALEN];
7823 
7824 	memset(&pinfo, 0, sizeof(pinfo));
7825 
7826 	if (!info->attrs[NL80211_ATTR_MAC])
7827 		return -EINVAL;
7828 
7829 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7830 
7831 	if (!rdev->ops->get_mpath)
7832 		return -EOPNOTSUPP;
7833 
7834 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7835 		return -EOPNOTSUPP;
7836 
7837 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
7838 	if (err)
7839 		return err;
7840 
7841 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7842 	if (!msg)
7843 		return -ENOMEM;
7844 
7845 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
7846 				 dev, dst, next_hop, &pinfo) < 0) {
7847 		nlmsg_free(msg);
7848 		return -ENOBUFS;
7849 	}
7850 
7851 	return genlmsg_reply(msg, info);
7852 }
7853 
7854 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
7855 {
7856 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7857 	struct net_device *dev = info->user_ptr[1];
7858 	u8 *dst = NULL;
7859 	u8 *next_hop = NULL;
7860 
7861 	if (!info->attrs[NL80211_ATTR_MAC])
7862 		return -EINVAL;
7863 
7864 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
7865 		return -EINVAL;
7866 
7867 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7868 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
7869 
7870 	if (!rdev->ops->change_mpath)
7871 		return -EOPNOTSUPP;
7872 
7873 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7874 		return -EOPNOTSUPP;
7875 
7876 	return rdev_change_mpath(rdev, dev, dst, next_hop);
7877 }
7878 
7879 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
7880 {
7881 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7882 	struct net_device *dev = info->user_ptr[1];
7883 	u8 *dst = NULL;
7884 	u8 *next_hop = NULL;
7885 
7886 	if (!info->attrs[NL80211_ATTR_MAC])
7887 		return -EINVAL;
7888 
7889 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
7890 		return -EINVAL;
7891 
7892 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7893 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
7894 
7895 	if (!rdev->ops->add_mpath)
7896 		return -EOPNOTSUPP;
7897 
7898 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7899 		return -EOPNOTSUPP;
7900 
7901 	return rdev_add_mpath(rdev, dev, dst, next_hop);
7902 }
7903 
7904 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
7905 {
7906 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7907 	struct net_device *dev = info->user_ptr[1];
7908 	u8 *dst = NULL;
7909 
7910 	if (info->attrs[NL80211_ATTR_MAC])
7911 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7912 
7913 	if (!rdev->ops->del_mpath)
7914 		return -EOPNOTSUPP;
7915 
7916 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7917 		return -EOPNOTSUPP;
7918 
7919 	return rdev_del_mpath(rdev, dev, dst);
7920 }
7921 
7922 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
7923 {
7924 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7925 	int err;
7926 	struct net_device *dev = info->user_ptr[1];
7927 	struct mpath_info pinfo;
7928 	struct sk_buff *msg;
7929 	u8 *dst = NULL;
7930 	u8 mpp[ETH_ALEN];
7931 
7932 	memset(&pinfo, 0, sizeof(pinfo));
7933 
7934 	if (!info->attrs[NL80211_ATTR_MAC])
7935 		return -EINVAL;
7936 
7937 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7938 
7939 	if (!rdev->ops->get_mpp)
7940 		return -EOPNOTSUPP;
7941 
7942 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7943 		return -EOPNOTSUPP;
7944 
7945 	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
7946 	if (err)
7947 		return err;
7948 
7949 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7950 	if (!msg)
7951 		return -ENOMEM;
7952 
7953 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
7954 			       dev, dst, mpp, &pinfo) < 0) {
7955 		nlmsg_free(msg);
7956 		return -ENOBUFS;
7957 	}
7958 
7959 	return genlmsg_reply(msg, info);
7960 }
7961 
7962 static int nl80211_dump_mpp(struct sk_buff *skb,
7963 			    struct netlink_callback *cb)
7964 {
7965 	struct mpath_info pinfo;
7966 	struct cfg80211_registered_device *rdev;
7967 	struct wireless_dev *wdev;
7968 	u8 dst[ETH_ALEN];
7969 	u8 mpp[ETH_ALEN];
7970 	int path_idx = cb->args[2];
7971 	int err;
7972 
7973 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
7974 	if (err)
7975 		return err;
7976 	/* nl80211_prepare_wdev_dump acquired it in the successful case */
7977 	__acquire(&rdev->wiphy.mtx);
7978 
7979 	if (!rdev->ops->dump_mpp) {
7980 		err = -EOPNOTSUPP;
7981 		goto out_err;
7982 	}
7983 
7984 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
7985 		err = -EOPNOTSUPP;
7986 		goto out_err;
7987 	}
7988 
7989 	while (1) {
7990 		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
7991 				    mpp, &pinfo);
7992 		if (err == -ENOENT)
7993 			break;
7994 		if (err)
7995 			goto out_err;
7996 
7997 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
7998 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
7999 				       wdev->netdev, dst, mpp,
8000 				       &pinfo) < 0)
8001 			goto out;
8002 
8003 		path_idx++;
8004 	}
8005 
8006  out:
8007 	cb->args[2] = path_idx;
8008 	err = skb->len;
8009  out_err:
8010 	wiphy_unlock(&rdev->wiphy);
8011 	return err;
8012 }
8013 
8014 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
8015 {
8016 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8017 	struct net_device *dev = info->user_ptr[1];
8018 	struct bss_parameters params;
8019 
8020 	memset(&params, 0, sizeof(params));
8021 	params.link_id = nl80211_link_id_or_invalid(info->attrs);
8022 	/* default to not changing parameters */
8023 	params.use_cts_prot = -1;
8024 	params.use_short_preamble = -1;
8025 	params.use_short_slot_time = -1;
8026 	params.ap_isolate = -1;
8027 	params.ht_opmode = -1;
8028 	params.p2p_ctwindow = -1;
8029 	params.p2p_opp_ps = -1;
8030 
8031 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
8032 		params.use_cts_prot =
8033 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
8034 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
8035 		params.use_short_preamble =
8036 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
8037 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
8038 		params.use_short_slot_time =
8039 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
8040 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8041 		params.basic_rates =
8042 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8043 		params.basic_rates_len =
8044 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8045 	}
8046 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
8047 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
8048 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
8049 		params.ht_opmode =
8050 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
8051 
8052 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
8053 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8054 			return -EINVAL;
8055 		params.p2p_ctwindow =
8056 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
8057 		if (params.p2p_ctwindow != 0 &&
8058 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
8059 			return -EINVAL;
8060 	}
8061 
8062 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
8063 		u8 tmp;
8064 
8065 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8066 			return -EINVAL;
8067 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
8068 		params.p2p_opp_ps = tmp;
8069 		if (params.p2p_opp_ps &&
8070 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
8071 			return -EINVAL;
8072 	}
8073 
8074 	if (!rdev->ops->change_bss)
8075 		return -EOPNOTSUPP;
8076 
8077 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
8078 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8079 		return -EOPNOTSUPP;
8080 
8081 	return rdev_change_bss(rdev, dev, &params);
8082 }
8083 
8084 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
8085 {
8086 	char *data = NULL;
8087 	bool is_indoor;
8088 	enum nl80211_user_reg_hint_type user_reg_hint_type;
8089 	u32 owner_nlportid;
8090 
8091 	/*
8092 	 * You should only get this when cfg80211 hasn't yet initialized
8093 	 * completely when built-in to the kernel right between the time
8094 	 * window between nl80211_init() and regulatory_init(), if that is
8095 	 * even possible.
8096 	 */
8097 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
8098 		return -EINPROGRESS;
8099 
8100 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
8101 		user_reg_hint_type =
8102 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
8103 	else
8104 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
8105 
8106 	switch (user_reg_hint_type) {
8107 	case NL80211_USER_REG_HINT_USER:
8108 	case NL80211_USER_REG_HINT_CELL_BASE:
8109 		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
8110 			return -EINVAL;
8111 
8112 		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
8113 		return regulatory_hint_user(data, user_reg_hint_type);
8114 	case NL80211_USER_REG_HINT_INDOOR:
8115 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8116 			owner_nlportid = info->snd_portid;
8117 			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
8118 		} else {
8119 			owner_nlportid = 0;
8120 			is_indoor = true;
8121 		}
8122 
8123 		regulatory_hint_indoor(is_indoor, owner_nlportid);
8124 		return 0;
8125 	default:
8126 		return -EINVAL;
8127 	}
8128 }
8129 
8130 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
8131 {
8132 	return reg_reload_regdb();
8133 }
8134 
8135 static int nl80211_get_mesh_config(struct sk_buff *skb,
8136 				   struct genl_info *info)
8137 {
8138 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8139 	struct net_device *dev = info->user_ptr[1];
8140 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8141 	struct mesh_config cur_params;
8142 	int err = 0;
8143 	void *hdr;
8144 	struct nlattr *pinfoattr;
8145 	struct sk_buff *msg;
8146 
8147 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
8148 		return -EOPNOTSUPP;
8149 
8150 	if (!rdev->ops->get_mesh_config)
8151 		return -EOPNOTSUPP;
8152 
8153 	/* If not connected, get default parameters */
8154 	if (!wdev->u.mesh.id_len)
8155 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
8156 	else
8157 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
8158 
8159 	if (err)
8160 		return err;
8161 
8162 	/* Draw up a netlink message to send back */
8163 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8164 	if (!msg)
8165 		return -ENOMEM;
8166 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8167 			     NL80211_CMD_GET_MESH_CONFIG);
8168 	if (!hdr)
8169 		goto out;
8170 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
8171 	if (!pinfoattr)
8172 		goto nla_put_failure;
8173 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
8174 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
8175 			cur_params.dot11MeshRetryTimeout) ||
8176 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
8177 			cur_params.dot11MeshConfirmTimeout) ||
8178 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
8179 			cur_params.dot11MeshHoldingTimeout) ||
8180 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
8181 			cur_params.dot11MeshMaxPeerLinks) ||
8182 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
8183 		       cur_params.dot11MeshMaxRetries) ||
8184 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
8185 		       cur_params.dot11MeshTTL) ||
8186 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
8187 		       cur_params.element_ttl) ||
8188 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
8189 		       cur_params.auto_open_plinks) ||
8190 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
8191 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
8192 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
8193 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
8194 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
8195 			cur_params.path_refresh_time) ||
8196 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
8197 			cur_params.min_discovery_timeout) ||
8198 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
8199 			cur_params.dot11MeshHWMPactivePathTimeout) ||
8200 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
8201 			cur_params.dot11MeshHWMPpreqMinInterval) ||
8202 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
8203 			cur_params.dot11MeshHWMPperrMinInterval) ||
8204 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
8205 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
8206 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
8207 		       cur_params.dot11MeshHWMPRootMode) ||
8208 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
8209 			cur_params.dot11MeshHWMPRannInterval) ||
8210 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
8211 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
8212 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
8213 		       cur_params.dot11MeshForwarding) ||
8214 	    nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
8215 			cur_params.rssi_threshold) ||
8216 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
8217 			cur_params.ht_opmode) ||
8218 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
8219 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
8220 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
8221 			cur_params.dot11MeshHWMProotInterval) ||
8222 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
8223 			cur_params.dot11MeshHWMPconfirmationInterval) ||
8224 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
8225 			cur_params.power_mode) ||
8226 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
8227 			cur_params.dot11MeshAwakeWindowDuration) ||
8228 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
8229 			cur_params.plink_timeout) ||
8230 	    nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
8231 		       cur_params.dot11MeshConnectedToMeshGate) ||
8232 	    nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
8233 		       cur_params.dot11MeshNolearn) ||
8234 	    nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
8235 		       cur_params.dot11MeshConnectedToAuthServer))
8236 		goto nla_put_failure;
8237 	nla_nest_end(msg, pinfoattr);
8238 	genlmsg_end(msg, hdr);
8239 	return genlmsg_reply(msg, info);
8240 
8241  nla_put_failure:
8242  out:
8243 	nlmsg_free(msg);
8244 	return -ENOBUFS;
8245 }
8246 
8247 static const struct nla_policy
8248 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
8249 	[NL80211_MESHCONF_RETRY_TIMEOUT] =
8250 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
8251 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] =
8252 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
8253 	[NL80211_MESHCONF_HOLDING_TIMEOUT] =
8254 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
8255 	[NL80211_MESHCONF_MAX_PEER_LINKS] =
8256 		NLA_POLICY_RANGE(NLA_U16, 0, 255),
8257 	[NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
8258 	[NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
8259 	[NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
8260 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
8261 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
8262 		NLA_POLICY_RANGE(NLA_U32, 1, 255),
8263 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
8264 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
8265 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
8266 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
8267 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
8268 		NLA_POLICY_MIN(NLA_U16, 1),
8269 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
8270 		NLA_POLICY_MIN(NLA_U16, 1),
8271 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
8272 		NLA_POLICY_MIN(NLA_U16, 1),
8273 	[NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
8274 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
8275 		NLA_POLICY_MIN(NLA_U16, 1),
8276 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
8277 	[NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
8278 	[NL80211_MESHCONF_RSSI_THRESHOLD] =
8279 		NLA_POLICY_RANGE(NLA_S32, -255, 0),
8280 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
8281 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
8282 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
8283 		NLA_POLICY_MIN(NLA_U16, 1),
8284 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
8285 		NLA_POLICY_MIN(NLA_U16, 1),
8286 	[NL80211_MESHCONF_POWER_MODE] =
8287 		NLA_POLICY_RANGE(NLA_U32,
8288 				 NL80211_MESH_POWER_ACTIVE,
8289 				 NL80211_MESH_POWER_MAX),
8290 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
8291 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
8292 	[NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
8293 	[NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
8294 	[NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
8295 };
8296 
8297 static const struct nla_policy
8298 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
8299 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
8300 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
8301 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
8302 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
8303 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
8304 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
8305 	[NL80211_MESH_SETUP_IE] =
8306 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
8307 				       IEEE80211_MAX_DATA_LEN),
8308 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
8309 };
8310 
8311 static int nl80211_parse_mesh_config(struct genl_info *info,
8312 				     struct mesh_config *cfg,
8313 				     u32 *mask_out)
8314 {
8315 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
8316 	u32 mask = 0;
8317 	u16 ht_opmode;
8318 
8319 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn)	\
8320 do {									\
8321 	if (tb[attr]) {							\
8322 		cfg->param = fn(tb[attr]);				\
8323 		mask |= BIT((attr) - 1);				\
8324 	}								\
8325 } while (0)
8326 
8327 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
8328 		return -EINVAL;
8329 	if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
8330 		return -EINVAL;
8331 
8332 	/* This makes sure that there aren't more than 32 mesh config
8333 	 * parameters (otherwise our bitfield scheme would not work.) */
8334 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
8335 
8336 	/* Fill in the params struct */
8337 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
8338 				  NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
8339 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
8340 				  NL80211_MESHCONF_CONFIRM_TIMEOUT,
8341 				  nla_get_u16);
8342 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
8343 				  NL80211_MESHCONF_HOLDING_TIMEOUT,
8344 				  nla_get_u16);
8345 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
8346 				  NL80211_MESHCONF_MAX_PEER_LINKS,
8347 				  nla_get_u16);
8348 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
8349 				  NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
8350 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
8351 				  NL80211_MESHCONF_TTL, nla_get_u8);
8352 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
8353 				  NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
8354 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
8355 				  NL80211_MESHCONF_AUTO_OPEN_PLINKS,
8356 				  nla_get_u8);
8357 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
8358 				  mask,
8359 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
8360 				  nla_get_u32);
8361 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
8362 				  NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
8363 				  nla_get_u8);
8364 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
8365 				  NL80211_MESHCONF_PATH_REFRESH_TIME,
8366 				  nla_get_u32);
8367 	if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
8368 	    (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
8369 		return -EINVAL;
8370 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
8371 				  NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
8372 				  nla_get_u16);
8373 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
8374 				  mask,
8375 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
8376 				  nla_get_u32);
8377 	if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
8378 	    (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
8379 	     cfg->dot11MeshHWMPactivePathTimeout > 65535))
8380 		return -EINVAL;
8381 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
8382 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
8383 				  nla_get_u16);
8384 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
8385 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
8386 				  nla_get_u16);
8387 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
8388 				  dot11MeshHWMPnetDiameterTraversalTime, mask,
8389 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
8390 				  nla_get_u16);
8391 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
8392 				  NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
8393 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
8394 				  NL80211_MESHCONF_HWMP_RANN_INTERVAL,
8395 				  nla_get_u16);
8396 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
8397 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
8398 				  nla_get_u8);
8399 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
8400 				  NL80211_MESHCONF_FORWARDING, nla_get_u8);
8401 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
8402 				  NL80211_MESHCONF_RSSI_THRESHOLD,
8403 				  nla_get_s32);
8404 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
8405 				  NL80211_MESHCONF_CONNECTED_TO_GATE,
8406 				  nla_get_u8);
8407 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
8408 				  NL80211_MESHCONF_CONNECTED_TO_AS,
8409 				  nla_get_u8);
8410 	/*
8411 	 * Check HT operation mode based on
8412 	 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
8413 	 */
8414 	if (tb[NL80211_MESHCONF_HT_OPMODE]) {
8415 		ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
8416 
8417 		if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
8418 				  IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
8419 				  IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
8420 			return -EINVAL;
8421 
8422 		/* NON_HT_STA bit is reserved, but some programs set it */
8423 		ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
8424 
8425 		cfg->ht_opmode = ht_opmode;
8426 		mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
8427 	}
8428 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
8429 				  dot11MeshHWMPactivePathToRootTimeout, mask,
8430 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
8431 				  nla_get_u32);
8432 	if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
8433 	    (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
8434 	     cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
8435 		return -EINVAL;
8436 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
8437 				  NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
8438 				  nla_get_u16);
8439 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
8440 				  mask,
8441 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
8442 				  nla_get_u16);
8443 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
8444 				  NL80211_MESHCONF_POWER_MODE, nla_get_u32);
8445 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
8446 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
8447 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
8448 				  NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
8449 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
8450 				  NL80211_MESHCONF_NOLEARN, nla_get_u8);
8451 	if (mask_out)
8452 		*mask_out = mask;
8453 
8454 	return 0;
8455 
8456 #undef FILL_IN_MESH_PARAM_IF_SET
8457 }
8458 
8459 static int nl80211_parse_mesh_setup(struct genl_info *info,
8460 				     struct mesh_setup *setup)
8461 {
8462 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8463 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
8464 
8465 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
8466 		return -EINVAL;
8467 	if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
8468 		return -EINVAL;
8469 
8470 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
8471 		setup->sync_method =
8472 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
8473 		 IEEE80211_SYNC_METHOD_VENDOR :
8474 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
8475 
8476 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
8477 		setup->path_sel_proto =
8478 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
8479 		 IEEE80211_PATH_PROTOCOL_VENDOR :
8480 		 IEEE80211_PATH_PROTOCOL_HWMP;
8481 
8482 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
8483 		setup->path_metric =
8484 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
8485 		 IEEE80211_PATH_METRIC_VENDOR :
8486 		 IEEE80211_PATH_METRIC_AIRTIME;
8487 
8488 	if (tb[NL80211_MESH_SETUP_IE]) {
8489 		struct nlattr *ieattr =
8490 			tb[NL80211_MESH_SETUP_IE];
8491 		setup->ie = nla_data(ieattr);
8492 		setup->ie_len = nla_len(ieattr);
8493 	}
8494 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
8495 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
8496 		return -EINVAL;
8497 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
8498 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
8499 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
8500 	if (setup->is_secure)
8501 		setup->user_mpm = true;
8502 
8503 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
8504 		if (!setup->user_mpm)
8505 			return -EINVAL;
8506 		setup->auth_id =
8507 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
8508 	}
8509 
8510 	return 0;
8511 }
8512 
8513 static int nl80211_update_mesh_config(struct sk_buff *skb,
8514 				      struct genl_info *info)
8515 {
8516 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8517 	struct net_device *dev = info->user_ptr[1];
8518 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8519 	struct mesh_config cfg = {};
8520 	u32 mask;
8521 	int err;
8522 
8523 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
8524 		return -EOPNOTSUPP;
8525 
8526 	if (!rdev->ops->update_mesh_config)
8527 		return -EOPNOTSUPP;
8528 
8529 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
8530 	if (err)
8531 		return err;
8532 
8533 	if (!wdev->u.mesh.id_len)
8534 		err = -ENOLINK;
8535 
8536 	if (!err)
8537 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
8538 
8539 	return err;
8540 }
8541 
8542 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
8543 			      struct sk_buff *msg)
8544 {
8545 	struct nlattr *nl_reg_rules;
8546 	unsigned int i;
8547 
8548 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
8549 	    (regdom->dfs_region &&
8550 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
8551 		goto nla_put_failure;
8552 
8553 	nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
8554 	if (!nl_reg_rules)
8555 		goto nla_put_failure;
8556 
8557 	for (i = 0; i < regdom->n_reg_rules; i++) {
8558 		struct nlattr *nl_reg_rule;
8559 		const struct ieee80211_reg_rule *reg_rule;
8560 		const struct ieee80211_freq_range *freq_range;
8561 		const struct ieee80211_power_rule *power_rule;
8562 		unsigned int max_bandwidth_khz;
8563 
8564 		reg_rule = &regdom->reg_rules[i];
8565 		freq_range = &reg_rule->freq_range;
8566 		power_rule = &reg_rule->power_rule;
8567 
8568 		nl_reg_rule = nla_nest_start_noflag(msg, i);
8569 		if (!nl_reg_rule)
8570 			goto nla_put_failure;
8571 
8572 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
8573 		if (!max_bandwidth_khz)
8574 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
8575 								  reg_rule);
8576 
8577 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
8578 				reg_rule->flags) ||
8579 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
8580 				freq_range->start_freq_khz) ||
8581 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
8582 				freq_range->end_freq_khz) ||
8583 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
8584 				max_bandwidth_khz) ||
8585 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
8586 				power_rule->max_antenna_gain) ||
8587 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
8588 				power_rule->max_eirp) ||
8589 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
8590 				reg_rule->dfs_cac_ms))
8591 			goto nla_put_failure;
8592 
8593 		if ((reg_rule->flags & NL80211_RRF_PSD) &&
8594 		    nla_put_s8(msg, NL80211_ATTR_POWER_RULE_PSD,
8595 			       reg_rule->psd))
8596 			goto nla_put_failure;
8597 
8598 		nla_nest_end(msg, nl_reg_rule);
8599 	}
8600 
8601 	nla_nest_end(msg, nl_reg_rules);
8602 	return 0;
8603 
8604 nla_put_failure:
8605 	return -EMSGSIZE;
8606 }
8607 
8608 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
8609 {
8610 	const struct ieee80211_regdomain *regdom = NULL;
8611 	struct cfg80211_registered_device *rdev;
8612 	struct wiphy *wiphy = NULL;
8613 	struct sk_buff *msg;
8614 	int err = -EMSGSIZE;
8615 	void *hdr;
8616 
8617 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8618 	if (!msg)
8619 		return -ENOBUFS;
8620 
8621 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8622 			     NL80211_CMD_GET_REG);
8623 	if (!hdr)
8624 		goto put_failure;
8625 
8626 	rtnl_lock();
8627 
8628 	if (info->attrs[NL80211_ATTR_WIPHY]) {
8629 		bool self_managed;
8630 
8631 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
8632 		if (IS_ERR(rdev)) {
8633 			err = PTR_ERR(rdev);
8634 			goto nla_put_failure;
8635 		}
8636 
8637 		wiphy = &rdev->wiphy;
8638 		self_managed = wiphy->regulatory_flags &
8639 			       REGULATORY_WIPHY_SELF_MANAGED;
8640 
8641 		rcu_read_lock();
8642 
8643 		regdom = get_wiphy_regdom(wiphy);
8644 
8645 		/* a self-managed-reg device must have a private regdom */
8646 		if (WARN_ON(!regdom && self_managed)) {
8647 			err = -EINVAL;
8648 			goto nla_put_failure_rcu;
8649 		}
8650 
8651 		if (regdom &&
8652 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
8653 			goto nla_put_failure_rcu;
8654 	} else {
8655 		rcu_read_lock();
8656 	}
8657 
8658 	if (!wiphy && reg_last_request_cell_base() &&
8659 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
8660 			NL80211_USER_REG_HINT_CELL_BASE))
8661 		goto nla_put_failure_rcu;
8662 
8663 	if (!regdom)
8664 		regdom = rcu_dereference(cfg80211_regdomain);
8665 
8666 	if (nl80211_put_regdom(regdom, msg))
8667 		goto nla_put_failure_rcu;
8668 
8669 	rcu_read_unlock();
8670 
8671 	genlmsg_end(msg, hdr);
8672 	rtnl_unlock();
8673 	return genlmsg_reply(msg, info);
8674 
8675 nla_put_failure_rcu:
8676 	rcu_read_unlock();
8677 nla_put_failure:
8678 	rtnl_unlock();
8679 put_failure:
8680 	nlmsg_free(msg);
8681 	return err;
8682 }
8683 
8684 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
8685 			       u32 seq, int flags, struct wiphy *wiphy,
8686 			       const struct ieee80211_regdomain *regdom)
8687 {
8688 	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8689 				   NL80211_CMD_GET_REG);
8690 
8691 	if (!hdr)
8692 		return -1;
8693 
8694 	genl_dump_check_consistent(cb, hdr);
8695 
8696 	if (nl80211_put_regdom(regdom, msg))
8697 		goto nla_put_failure;
8698 
8699 	if (!wiphy && reg_last_request_cell_base() &&
8700 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
8701 			NL80211_USER_REG_HINT_CELL_BASE))
8702 		goto nla_put_failure;
8703 
8704 	if (wiphy &&
8705 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
8706 		goto nla_put_failure;
8707 
8708 	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
8709 	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
8710 		goto nla_put_failure;
8711 
8712 	genlmsg_end(msg, hdr);
8713 	return 0;
8714 
8715 nla_put_failure:
8716 	genlmsg_cancel(msg, hdr);
8717 	return -EMSGSIZE;
8718 }
8719 
8720 static int nl80211_get_reg_dump(struct sk_buff *skb,
8721 				struct netlink_callback *cb)
8722 {
8723 	const struct ieee80211_regdomain *regdom = NULL;
8724 	struct cfg80211_registered_device *rdev;
8725 	int err, reg_idx, start = cb->args[2];
8726 
8727 	rcu_read_lock();
8728 
8729 	if (cfg80211_regdomain && start == 0) {
8730 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
8731 					  NLM_F_MULTI, NULL,
8732 					  rcu_dereference(cfg80211_regdomain));
8733 		if (err < 0)
8734 			goto out_err;
8735 	}
8736 
8737 	/* the global regdom is idx 0 */
8738 	reg_idx = 1;
8739 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
8740 		regdom = get_wiphy_regdom(&rdev->wiphy);
8741 		if (!regdom)
8742 			continue;
8743 
8744 		if (++reg_idx <= start)
8745 			continue;
8746 
8747 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
8748 					  NLM_F_MULTI, &rdev->wiphy, regdom);
8749 		if (err < 0) {
8750 			reg_idx--;
8751 			break;
8752 		}
8753 	}
8754 
8755 	cb->args[2] = reg_idx;
8756 	err = skb->len;
8757 out_err:
8758 	rcu_read_unlock();
8759 	return err;
8760 }
8761 
8762 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
8763 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
8764 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
8765 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
8766 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
8767 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
8768 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
8769 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
8770 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
8771 };
8772 
8773 static int parse_reg_rule(struct nlattr *tb[],
8774 	struct ieee80211_reg_rule *reg_rule)
8775 {
8776 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
8777 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
8778 
8779 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
8780 		return -EINVAL;
8781 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
8782 		return -EINVAL;
8783 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
8784 		return -EINVAL;
8785 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
8786 		return -EINVAL;
8787 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
8788 		return -EINVAL;
8789 
8790 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
8791 
8792 	freq_range->start_freq_khz =
8793 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
8794 	freq_range->end_freq_khz =
8795 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
8796 	freq_range->max_bandwidth_khz =
8797 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
8798 
8799 	power_rule->max_eirp =
8800 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
8801 
8802 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
8803 		power_rule->max_antenna_gain =
8804 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
8805 
8806 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
8807 		reg_rule->dfs_cac_ms =
8808 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
8809 
8810 	return 0;
8811 }
8812 
8813 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
8814 {
8815 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
8816 	struct nlattr *nl_reg_rule;
8817 	char *alpha2;
8818 	int rem_reg_rules, r;
8819 	u32 num_rules = 0, rule_idx = 0;
8820 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
8821 	struct ieee80211_regdomain *rd;
8822 
8823 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
8824 		return -EINVAL;
8825 
8826 	if (!info->attrs[NL80211_ATTR_REG_RULES])
8827 		return -EINVAL;
8828 
8829 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
8830 
8831 	if (info->attrs[NL80211_ATTR_DFS_REGION])
8832 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
8833 
8834 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
8835 			    rem_reg_rules) {
8836 		num_rules++;
8837 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
8838 			return -EINVAL;
8839 	}
8840 
8841 	rtnl_lock();
8842 	if (!reg_is_valid_request(alpha2)) {
8843 		r = -EINVAL;
8844 		goto out;
8845 	}
8846 
8847 	rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
8848 	if (!rd) {
8849 		r = -ENOMEM;
8850 		goto out;
8851 	}
8852 
8853 	rd->n_reg_rules = num_rules;
8854 	rd->alpha2[0] = alpha2[0];
8855 	rd->alpha2[1] = alpha2[1];
8856 
8857 	/*
8858 	 * Disable DFS master mode if the DFS region was
8859 	 * not supported or known on this kernel.
8860 	 */
8861 	if (reg_supported_dfs_region(dfs_region))
8862 		rd->dfs_region = dfs_region;
8863 
8864 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
8865 			    rem_reg_rules) {
8866 		r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
8867 						nl_reg_rule, reg_rule_policy,
8868 						info->extack);
8869 		if (r)
8870 			goto bad_reg;
8871 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
8872 		if (r)
8873 			goto bad_reg;
8874 
8875 		rule_idx++;
8876 
8877 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
8878 			r = -EINVAL;
8879 			goto bad_reg;
8880 		}
8881 	}
8882 
8883 	r = set_regdom(rd, REGD_SOURCE_CRDA);
8884 	/* set_regdom takes ownership of rd */
8885 	rd = NULL;
8886  bad_reg:
8887 	kfree(rd);
8888  out:
8889 	rtnl_unlock();
8890 	return r;
8891 }
8892 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
8893 
8894 static int validate_scan_freqs(struct nlattr *freqs)
8895 {
8896 	struct nlattr *attr1, *attr2;
8897 	int n_channels = 0, tmp1, tmp2;
8898 
8899 	nla_for_each_nested(attr1, freqs, tmp1)
8900 		if (nla_len(attr1) != sizeof(u32))
8901 			return 0;
8902 
8903 	nla_for_each_nested(attr1, freqs, tmp1) {
8904 		n_channels++;
8905 		/*
8906 		 * Some hardware has a limited channel list for
8907 		 * scanning, and it is pretty much nonsensical
8908 		 * to scan for a channel twice, so disallow that
8909 		 * and don't require drivers to check that the
8910 		 * channel list they get isn't longer than what
8911 		 * they can scan, as long as they can scan all
8912 		 * the channels they registered at once.
8913 		 */
8914 		nla_for_each_nested(attr2, freqs, tmp2)
8915 			if (attr1 != attr2 &&
8916 			    nla_get_u32(attr1) == nla_get_u32(attr2))
8917 				return 0;
8918 	}
8919 
8920 	return n_channels;
8921 }
8922 
8923 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
8924 {
8925 	return b < NUM_NL80211_BANDS && wiphy->bands[b];
8926 }
8927 
8928 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
8929 			    struct cfg80211_bss_selection *bss_select)
8930 {
8931 	struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
8932 	struct nlattr *nest;
8933 	int err;
8934 	bool found = false;
8935 	int i;
8936 
8937 	/* only process one nested attribute */
8938 	nest = nla_data(nla);
8939 	if (!nla_ok(nest, nla_len(nest)))
8940 		return -EINVAL;
8941 
8942 	err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
8943 					  nest, nl80211_bss_select_policy,
8944 					  NULL);
8945 	if (err)
8946 		return err;
8947 
8948 	/* only one attribute may be given */
8949 	for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
8950 		if (attr[i]) {
8951 			if (found)
8952 				return -EINVAL;
8953 			found = true;
8954 		}
8955 	}
8956 
8957 	bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
8958 
8959 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
8960 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
8961 
8962 	if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
8963 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
8964 		bss_select->param.band_pref =
8965 			nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
8966 		if (!is_band_valid(wiphy, bss_select->param.band_pref))
8967 			return -EINVAL;
8968 	}
8969 
8970 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
8971 		struct nl80211_bss_select_rssi_adjust *adj_param;
8972 
8973 		adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
8974 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
8975 		bss_select->param.adjust.band = adj_param->band;
8976 		bss_select->param.adjust.delta = adj_param->delta;
8977 		if (!is_band_valid(wiphy, bss_select->param.adjust.band))
8978 			return -EINVAL;
8979 	}
8980 
8981 	/* user-space did not provide behaviour attribute */
8982 	if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
8983 		return -EINVAL;
8984 
8985 	if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
8986 		return -EINVAL;
8987 
8988 	return 0;
8989 }
8990 
8991 int nl80211_parse_random_mac(struct nlattr **attrs,
8992 			     u8 *mac_addr, u8 *mac_addr_mask)
8993 {
8994 	int i;
8995 
8996 	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
8997 		eth_zero_addr(mac_addr);
8998 		eth_zero_addr(mac_addr_mask);
8999 		mac_addr[0] = 0x2;
9000 		mac_addr_mask[0] = 0x3;
9001 
9002 		return 0;
9003 	}
9004 
9005 	/* need both or none */
9006 	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
9007 		return -EINVAL;
9008 
9009 	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
9010 	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
9011 
9012 	/* don't allow or configure an mcast address */
9013 	if (!is_multicast_ether_addr(mac_addr_mask) ||
9014 	    is_multicast_ether_addr(mac_addr))
9015 		return -EINVAL;
9016 
9017 	/*
9018 	 * allow users to pass a MAC address that has bits set outside
9019 	 * of the mask, but don't bother drivers with having to deal
9020 	 * with such bits
9021 	 */
9022 	for (i = 0; i < ETH_ALEN; i++)
9023 		mac_addr[i] &= mac_addr_mask[i];
9024 
9025 	return 0;
9026 }
9027 
9028 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev,
9029 					      struct ieee80211_channel *chan)
9030 {
9031 	unsigned int link_id;
9032 	bool all_ok = true;
9033 
9034 	lockdep_assert_wiphy(wdev->wiphy);
9035 
9036 	if (!cfg80211_beaconing_iface_active(wdev))
9037 		return true;
9038 
9039 	/*
9040 	 * FIXME: check if we have a free HW resource/link for chan
9041 	 *
9042 	 * This, as well as the FIXME below, requires knowing the link
9043 	 * capabilities of the hardware.
9044 	 */
9045 
9046 	/* we cannot leave radar channels */
9047 	for_each_valid_link(wdev, link_id) {
9048 		struct cfg80211_chan_def *chandef;
9049 
9050 		chandef = wdev_chandef(wdev, link_id);
9051 		if (!chandef || !chandef->chan)
9052 			continue;
9053 
9054 		/*
9055 		 * FIXME: don't require all_ok, but rather check only the
9056 		 *	  correct HW resource/link onto which 'chan' falls,
9057 		 *	  as only that link leaves the channel for doing
9058 		 *	  the off-channel operation.
9059 		 */
9060 
9061 		if (chandef->chan->flags & IEEE80211_CHAN_RADAR)
9062 			all_ok = false;
9063 	}
9064 
9065 	if (all_ok)
9066 		return true;
9067 
9068 	return regulatory_pre_cac_allowed(wdev->wiphy);
9069 }
9070 
9071 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
9072 				    enum nl80211_ext_feature_index feat)
9073 {
9074 	if (!(flags & flag))
9075 		return true;
9076 	if (wiphy_ext_feature_isset(wiphy, feat))
9077 		return true;
9078 	return false;
9079 }
9080 
9081 static int
9082 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
9083 			 void *request, struct nlattr **attrs,
9084 			 bool is_sched_scan)
9085 {
9086 	u8 *mac_addr, *mac_addr_mask;
9087 	u32 *flags;
9088 	enum nl80211_feature_flags randomness_flag;
9089 
9090 	if (!attrs[NL80211_ATTR_SCAN_FLAGS])
9091 		return 0;
9092 
9093 	if (is_sched_scan) {
9094 		struct cfg80211_sched_scan_request *req = request;
9095 
9096 		randomness_flag = wdev ?
9097 				  NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
9098 				  NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
9099 		flags = &req->flags;
9100 		mac_addr = req->mac_addr;
9101 		mac_addr_mask = req->mac_addr_mask;
9102 	} else {
9103 		struct cfg80211_scan_request *req = request;
9104 
9105 		randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
9106 		flags = &req->flags;
9107 		mac_addr = req->mac_addr;
9108 		mac_addr_mask = req->mac_addr_mask;
9109 	}
9110 
9111 	*flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
9112 
9113 	if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
9114 	     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
9115 	    !nl80211_check_scan_feat(wiphy, *flags,
9116 				     NL80211_SCAN_FLAG_LOW_SPAN,
9117 				     NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
9118 	    !nl80211_check_scan_feat(wiphy, *flags,
9119 				     NL80211_SCAN_FLAG_LOW_POWER,
9120 				     NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
9121 	    !nl80211_check_scan_feat(wiphy, *flags,
9122 				     NL80211_SCAN_FLAG_HIGH_ACCURACY,
9123 				     NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
9124 	    !nl80211_check_scan_feat(wiphy, *flags,
9125 				     NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
9126 				     NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
9127 	    !nl80211_check_scan_feat(wiphy, *flags,
9128 				     NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
9129 				     NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
9130 	    !nl80211_check_scan_feat(wiphy, *flags,
9131 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
9132 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
9133 	    !nl80211_check_scan_feat(wiphy, *flags,
9134 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
9135 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
9136 	    !nl80211_check_scan_feat(wiphy, *flags,
9137 				     NL80211_SCAN_FLAG_RANDOM_SN,
9138 				     NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
9139 	    !nl80211_check_scan_feat(wiphy, *flags,
9140 				     NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
9141 				     NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
9142 		return -EOPNOTSUPP;
9143 
9144 	if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
9145 		int err;
9146 
9147 		if (!(wiphy->features & randomness_flag) ||
9148 		    (wdev && wdev->connected))
9149 			return -EOPNOTSUPP;
9150 
9151 		err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
9152 		if (err)
9153 			return err;
9154 	}
9155 
9156 	return 0;
9157 }
9158 
9159 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
9160 {
9161 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9162 	struct wireless_dev *wdev = info->user_ptr[1];
9163 	struct cfg80211_scan_request *request;
9164 	struct nlattr *scan_freqs = NULL;
9165 	bool scan_freqs_khz = false;
9166 	struct nlattr *attr;
9167 	struct wiphy *wiphy;
9168 	int err, tmp, n_ssids = 0, n_channels, i;
9169 	size_t ie_len, size;
9170 	size_t ssids_offset, ie_offset;
9171 
9172 	wiphy = &rdev->wiphy;
9173 
9174 	if (wdev->iftype == NL80211_IFTYPE_NAN)
9175 		return -EOPNOTSUPP;
9176 
9177 	if (!rdev->ops->scan)
9178 		return -EOPNOTSUPP;
9179 
9180 	if (rdev->scan_req || rdev->scan_msg)
9181 		return -EBUSY;
9182 
9183 	if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
9184 		if (!wiphy_ext_feature_isset(wiphy,
9185 					     NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
9186 			return -EOPNOTSUPP;
9187 		scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
9188 		scan_freqs_khz = true;
9189 	} else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
9190 		scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
9191 
9192 	if (scan_freqs) {
9193 		n_channels = validate_scan_freqs(scan_freqs);
9194 		if (!n_channels)
9195 			return -EINVAL;
9196 	} else {
9197 		n_channels = ieee80211_get_num_supported_channels(wiphy);
9198 	}
9199 
9200 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
9201 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
9202 			n_ssids++;
9203 
9204 	if (n_ssids > wiphy->max_scan_ssids)
9205 		return -EINVAL;
9206 
9207 	if (info->attrs[NL80211_ATTR_IE])
9208 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9209 	else
9210 		ie_len = 0;
9211 
9212 	if (ie_len > wiphy->max_scan_ie_len)
9213 		return -EINVAL;
9214 
9215 	size = struct_size(request, channels, n_channels);
9216 	ssids_offset = size;
9217 	size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
9218 	ie_offset = size;
9219 	size = size_add(size, ie_len);
9220 	request = kzalloc(size, GFP_KERNEL);
9221 	if (!request)
9222 		return -ENOMEM;
9223 	request->n_channels = n_channels;
9224 
9225 	if (n_ssids)
9226 		request->ssids = (void *)request + ssids_offset;
9227 	request->n_ssids = n_ssids;
9228 	if (ie_len)
9229 		request->ie = (void *)request + ie_offset;
9230 
9231 	i = 0;
9232 	if (scan_freqs) {
9233 		/* user specified, bail out if channel not found */
9234 		nla_for_each_nested(attr, scan_freqs, tmp) {
9235 			struct ieee80211_channel *chan;
9236 			int freq = nla_get_u32(attr);
9237 
9238 			if (!scan_freqs_khz)
9239 				freq = MHZ_TO_KHZ(freq);
9240 
9241 			chan = ieee80211_get_channel_khz(wiphy, freq);
9242 			if (!chan) {
9243 				err = -EINVAL;
9244 				goto out_free;
9245 			}
9246 
9247 			/* ignore disabled channels */
9248 			if (chan->flags & IEEE80211_CHAN_DISABLED)
9249 				continue;
9250 
9251 			request->channels[i] = chan;
9252 			i++;
9253 		}
9254 	} else {
9255 		enum nl80211_band band;
9256 
9257 		/* all channels */
9258 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
9259 			int j;
9260 
9261 			if (!wiphy->bands[band])
9262 				continue;
9263 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
9264 				struct ieee80211_channel *chan;
9265 
9266 				chan = &wiphy->bands[band]->channels[j];
9267 
9268 				if (chan->flags & IEEE80211_CHAN_DISABLED)
9269 					continue;
9270 
9271 				request->channels[i] = chan;
9272 				i++;
9273 			}
9274 		}
9275 	}
9276 
9277 	if (!i) {
9278 		err = -EINVAL;
9279 		goto out_free;
9280 	}
9281 
9282 	request->n_channels = i;
9283 
9284 	for (i = 0; i < request->n_channels; i++) {
9285 		struct ieee80211_channel *chan = request->channels[i];
9286 
9287 		/* if we can go off-channel to the target channel we're good */
9288 		if (cfg80211_off_channel_oper_allowed(wdev, chan))
9289 			continue;
9290 
9291 		if (!cfg80211_wdev_on_sub_chan(wdev, chan, true)) {
9292 			err = -EBUSY;
9293 			goto out_free;
9294 		}
9295 	}
9296 
9297 	i = 0;
9298 	if (n_ssids) {
9299 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
9300 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
9301 				err = -EINVAL;
9302 				goto out_free;
9303 			}
9304 			request->ssids[i].ssid_len = nla_len(attr);
9305 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
9306 			i++;
9307 		}
9308 	}
9309 
9310 	if (info->attrs[NL80211_ATTR_IE]) {
9311 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9312 		memcpy((void *)request->ie,
9313 		       nla_data(info->attrs[NL80211_ATTR_IE]),
9314 		       request->ie_len);
9315 	}
9316 
9317 	for (i = 0; i < NUM_NL80211_BANDS; i++)
9318 		if (wiphy->bands[i])
9319 			request->rates[i] =
9320 				(1 << wiphy->bands[i]->n_bitrates) - 1;
9321 
9322 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
9323 		nla_for_each_nested(attr,
9324 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
9325 				    tmp) {
9326 			enum nl80211_band band = nla_type(attr);
9327 
9328 			if (band < 0 || band >= NUM_NL80211_BANDS) {
9329 				err = -EINVAL;
9330 				goto out_free;
9331 			}
9332 
9333 			if (!wiphy->bands[band])
9334 				continue;
9335 
9336 			err = ieee80211_get_ratemask(wiphy->bands[band],
9337 						     nla_data(attr),
9338 						     nla_len(attr),
9339 						     &request->rates[band]);
9340 			if (err)
9341 				goto out_free;
9342 		}
9343 	}
9344 
9345 	if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
9346 		request->duration =
9347 			nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
9348 		request->duration_mandatory =
9349 			nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
9350 	}
9351 
9352 	err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
9353 				       false);
9354 	if (err)
9355 		goto out_free;
9356 
9357 	request->no_cck =
9358 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
9359 
9360 	/* Initial implementation used NL80211_ATTR_MAC to set the specific
9361 	 * BSSID to scan for. This was problematic because that same attribute
9362 	 * was already used for another purpose (local random MAC address). The
9363 	 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
9364 	 * compatibility with older userspace components, also use the
9365 	 * NL80211_ATTR_MAC value here if it can be determined to be used for
9366 	 * the specific BSSID use case instead of the random MAC address
9367 	 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
9368 	 */
9369 	if (info->attrs[NL80211_ATTR_BSSID])
9370 		memcpy(request->bssid,
9371 		       nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
9372 	else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
9373 		 info->attrs[NL80211_ATTR_MAC])
9374 		memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
9375 		       ETH_ALEN);
9376 	else
9377 		eth_broadcast_addr(request->bssid);
9378 
9379 	request->tsf_report_link_id = nl80211_link_id_or_invalid(info->attrs);
9380 	request->wdev = wdev;
9381 	request->wiphy = &rdev->wiphy;
9382 	request->scan_start = jiffies;
9383 
9384 	rdev->scan_req = request;
9385 	err = cfg80211_scan(rdev);
9386 
9387 	if (err)
9388 		goto out_free;
9389 
9390 	nl80211_send_scan_start(rdev, wdev);
9391 	dev_hold(wdev->netdev);
9392 
9393 	return 0;
9394 
9395  out_free:
9396 	rdev->scan_req = NULL;
9397 	kfree(request);
9398 
9399 	return err;
9400 }
9401 
9402 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
9403 {
9404 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9405 	struct wireless_dev *wdev = info->user_ptr[1];
9406 
9407 	if (!rdev->ops->abort_scan)
9408 		return -EOPNOTSUPP;
9409 
9410 	if (rdev->scan_msg)
9411 		return 0;
9412 
9413 	if (!rdev->scan_req)
9414 		return -ENOENT;
9415 
9416 	rdev_abort_scan(rdev, wdev);
9417 	return 0;
9418 }
9419 
9420 static int
9421 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
9422 			       struct cfg80211_sched_scan_request *request,
9423 			       struct nlattr **attrs)
9424 {
9425 	int tmp, err, i = 0;
9426 	struct nlattr *attr;
9427 
9428 	if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
9429 		u32 interval;
9430 
9431 		/*
9432 		 * If scan plans are not specified,
9433 		 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
9434 		 * case one scan plan will be set with the specified scan
9435 		 * interval and infinite number of iterations.
9436 		 */
9437 		interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
9438 		if (!interval)
9439 			return -EINVAL;
9440 
9441 		request->scan_plans[0].interval =
9442 			DIV_ROUND_UP(interval, MSEC_PER_SEC);
9443 		if (!request->scan_plans[0].interval)
9444 			return -EINVAL;
9445 
9446 		if (request->scan_plans[0].interval >
9447 		    wiphy->max_sched_scan_plan_interval)
9448 			request->scan_plans[0].interval =
9449 				wiphy->max_sched_scan_plan_interval;
9450 
9451 		return 0;
9452 	}
9453 
9454 	nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
9455 		struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
9456 
9457 		if (WARN_ON(i >= n_plans))
9458 			return -EINVAL;
9459 
9460 		err = nla_parse_nested_deprecated(plan,
9461 						  NL80211_SCHED_SCAN_PLAN_MAX,
9462 						  attr, nl80211_plan_policy,
9463 						  NULL);
9464 		if (err)
9465 			return err;
9466 
9467 		if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
9468 			return -EINVAL;
9469 
9470 		request->scan_plans[i].interval =
9471 			nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
9472 		if (!request->scan_plans[i].interval ||
9473 		    request->scan_plans[i].interval >
9474 		    wiphy->max_sched_scan_plan_interval)
9475 			return -EINVAL;
9476 
9477 		if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
9478 			request->scan_plans[i].iterations =
9479 				nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
9480 			if (!request->scan_plans[i].iterations ||
9481 			    (request->scan_plans[i].iterations >
9482 			     wiphy->max_sched_scan_plan_iterations))
9483 				return -EINVAL;
9484 		} else if (i < n_plans - 1) {
9485 			/*
9486 			 * All scan plans but the last one must specify
9487 			 * a finite number of iterations
9488 			 */
9489 			return -EINVAL;
9490 		}
9491 
9492 		i++;
9493 	}
9494 
9495 	/*
9496 	 * The last scan plan must not specify the number of
9497 	 * iterations, it is supposed to run infinitely
9498 	 */
9499 	if (request->scan_plans[n_plans - 1].iterations)
9500 		return  -EINVAL;
9501 
9502 	return 0;
9503 }
9504 
9505 static struct cfg80211_sched_scan_request *
9506 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
9507 			 struct nlattr **attrs, int max_match_sets)
9508 {
9509 	struct cfg80211_sched_scan_request *request;
9510 	struct nlattr *attr;
9511 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
9512 	enum nl80211_band band;
9513 	size_t ie_len, size;
9514 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
9515 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
9516 
9517 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
9518 		n_channels = validate_scan_freqs(
9519 				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
9520 		if (!n_channels)
9521 			return ERR_PTR(-EINVAL);
9522 	} else {
9523 		n_channels = ieee80211_get_num_supported_channels(wiphy);
9524 	}
9525 
9526 	if (attrs[NL80211_ATTR_SCAN_SSIDS])
9527 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
9528 				    tmp)
9529 			n_ssids++;
9530 
9531 	if (n_ssids > wiphy->max_sched_scan_ssids)
9532 		return ERR_PTR(-EINVAL);
9533 
9534 	/*
9535 	 * First, count the number of 'real' matchsets. Due to an issue with
9536 	 * the old implementation, matchsets containing only the RSSI attribute
9537 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
9538 	 * RSSI for all matchsets, rather than their own matchset for reporting
9539 	 * all APs with a strong RSSI. This is needed to be compatible with
9540 	 * older userspace that treated a matchset with only the RSSI as the
9541 	 * global RSSI for all other matchsets - if there are other matchsets.
9542 	 */
9543 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
9544 		nla_for_each_nested(attr,
9545 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
9546 				    tmp) {
9547 			struct nlattr *rssi;
9548 
9549 			err = nla_parse_nested_deprecated(tb,
9550 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
9551 							  attr,
9552 							  nl80211_match_policy,
9553 							  NULL);
9554 			if (err)
9555 				return ERR_PTR(err);
9556 
9557 			/* SSID and BSSID are mutually exclusive */
9558 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
9559 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
9560 				return ERR_PTR(-EINVAL);
9561 
9562 			/* add other standalone attributes here */
9563 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
9564 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
9565 				n_match_sets++;
9566 				continue;
9567 			}
9568 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
9569 			if (rssi)
9570 				default_match_rssi = nla_get_s32(rssi);
9571 		}
9572 	}
9573 
9574 	/* However, if there's no other matchset, add the RSSI one */
9575 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
9576 		n_match_sets = 1;
9577 
9578 	if (n_match_sets > max_match_sets)
9579 		return ERR_PTR(-EINVAL);
9580 
9581 	if (attrs[NL80211_ATTR_IE])
9582 		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
9583 	else
9584 		ie_len = 0;
9585 
9586 	if (ie_len > wiphy->max_sched_scan_ie_len)
9587 		return ERR_PTR(-EINVAL);
9588 
9589 	if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
9590 		/*
9591 		 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
9592 		 * each scan plan already specifies its own interval
9593 		 */
9594 		if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
9595 			return ERR_PTR(-EINVAL);
9596 
9597 		nla_for_each_nested(attr,
9598 				    attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
9599 			n_plans++;
9600 	} else {
9601 		/*
9602 		 * The scan interval attribute is kept for backward
9603 		 * compatibility. If no scan plans are specified and sched scan
9604 		 * interval is specified, one scan plan will be set with this
9605 		 * scan interval and infinite number of iterations.
9606 		 */
9607 		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
9608 			return ERR_PTR(-EINVAL);
9609 
9610 		n_plans = 1;
9611 	}
9612 
9613 	if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
9614 		return ERR_PTR(-EINVAL);
9615 
9616 	if (!wiphy_ext_feature_isset(
9617 		    wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
9618 	    (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
9619 	     attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
9620 		return ERR_PTR(-EINVAL);
9621 
9622 	size = struct_size(request, channels, n_channels);
9623 	size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
9624 	size = size_add(size, array_size(sizeof(*request->match_sets),
9625 					 n_match_sets));
9626 	size = size_add(size, array_size(sizeof(*request->scan_plans),
9627 					 n_plans));
9628 	size = size_add(size, ie_len);
9629 	request = kzalloc(size, GFP_KERNEL);
9630 	if (!request)
9631 		return ERR_PTR(-ENOMEM);
9632 
9633 	if (n_ssids)
9634 		request->ssids = (void *)&request->channels[n_channels];
9635 	request->n_ssids = n_ssids;
9636 	if (ie_len) {
9637 		if (n_ssids)
9638 			request->ie = (void *)(request->ssids + n_ssids);
9639 		else
9640 			request->ie = (void *)(request->channels + n_channels);
9641 	}
9642 
9643 	if (n_match_sets) {
9644 		if (request->ie)
9645 			request->match_sets = (void *)(request->ie + ie_len);
9646 		else if (n_ssids)
9647 			request->match_sets =
9648 				(void *)(request->ssids + n_ssids);
9649 		else
9650 			request->match_sets =
9651 				(void *)(request->channels + n_channels);
9652 	}
9653 	request->n_match_sets = n_match_sets;
9654 
9655 	if (n_match_sets)
9656 		request->scan_plans = (void *)(request->match_sets +
9657 					       n_match_sets);
9658 	else if (request->ie)
9659 		request->scan_plans = (void *)(request->ie + ie_len);
9660 	else if (n_ssids)
9661 		request->scan_plans = (void *)(request->ssids + n_ssids);
9662 	else
9663 		request->scan_plans = (void *)(request->channels + n_channels);
9664 
9665 	request->n_scan_plans = n_plans;
9666 
9667 	i = 0;
9668 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
9669 		/* user specified, bail out if channel not found */
9670 		nla_for_each_nested(attr,
9671 				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
9672 				    tmp) {
9673 			struct ieee80211_channel *chan;
9674 
9675 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
9676 
9677 			if (!chan) {
9678 				err = -EINVAL;
9679 				goto out_free;
9680 			}
9681 
9682 			/* ignore disabled channels */
9683 			if (chan->flags & IEEE80211_CHAN_DISABLED)
9684 				continue;
9685 
9686 			request->channels[i] = chan;
9687 			i++;
9688 		}
9689 	} else {
9690 		/* all channels */
9691 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
9692 			int j;
9693 
9694 			if (!wiphy->bands[band])
9695 				continue;
9696 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
9697 				struct ieee80211_channel *chan;
9698 
9699 				chan = &wiphy->bands[band]->channels[j];
9700 
9701 				if (chan->flags & IEEE80211_CHAN_DISABLED)
9702 					continue;
9703 
9704 				request->channels[i] = chan;
9705 				i++;
9706 			}
9707 		}
9708 	}
9709 
9710 	if (!i) {
9711 		err = -EINVAL;
9712 		goto out_free;
9713 	}
9714 
9715 	request->n_channels = i;
9716 
9717 	i = 0;
9718 	if (n_ssids) {
9719 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
9720 				    tmp) {
9721 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
9722 				err = -EINVAL;
9723 				goto out_free;
9724 			}
9725 			request->ssids[i].ssid_len = nla_len(attr);
9726 			memcpy(request->ssids[i].ssid, nla_data(attr),
9727 			       nla_len(attr));
9728 			i++;
9729 		}
9730 	}
9731 
9732 	i = 0;
9733 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
9734 		nla_for_each_nested(attr,
9735 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
9736 				    tmp) {
9737 			struct nlattr *ssid, *bssid, *rssi;
9738 
9739 			err = nla_parse_nested_deprecated(tb,
9740 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
9741 							  attr,
9742 							  nl80211_match_policy,
9743 							  NULL);
9744 			if (err)
9745 				goto out_free;
9746 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
9747 			bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
9748 
9749 			if (!ssid && !bssid) {
9750 				i++;
9751 				continue;
9752 			}
9753 
9754 			if (WARN_ON(i >= n_match_sets)) {
9755 				/* this indicates a programming error,
9756 				 * the loop above should have verified
9757 				 * things properly
9758 				 */
9759 				err = -EINVAL;
9760 				goto out_free;
9761 			}
9762 
9763 			if (ssid) {
9764 				memcpy(request->match_sets[i].ssid.ssid,
9765 				       nla_data(ssid), nla_len(ssid));
9766 				request->match_sets[i].ssid.ssid_len =
9767 					nla_len(ssid);
9768 			}
9769 			if (bssid)
9770 				memcpy(request->match_sets[i].bssid,
9771 				       nla_data(bssid), ETH_ALEN);
9772 
9773 			/* special attribute - old implementation w/a */
9774 			request->match_sets[i].rssi_thold = default_match_rssi;
9775 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
9776 			if (rssi)
9777 				request->match_sets[i].rssi_thold =
9778 					nla_get_s32(rssi);
9779 			i++;
9780 		}
9781 
9782 		/* there was no other matchset, so the RSSI one is alone */
9783 		if (i == 0 && n_match_sets)
9784 			request->match_sets[0].rssi_thold = default_match_rssi;
9785 
9786 		request->min_rssi_thold = INT_MAX;
9787 		for (i = 0; i < n_match_sets; i++)
9788 			request->min_rssi_thold =
9789 				min(request->match_sets[i].rssi_thold,
9790 				    request->min_rssi_thold);
9791 	} else {
9792 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
9793 	}
9794 
9795 	if (ie_len) {
9796 		request->ie_len = ie_len;
9797 		memcpy((void *)request->ie,
9798 		       nla_data(attrs[NL80211_ATTR_IE]),
9799 		       request->ie_len);
9800 	}
9801 
9802 	err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
9803 	if (err)
9804 		goto out_free;
9805 
9806 	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
9807 		request->delay =
9808 			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
9809 
9810 	if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
9811 		request->relative_rssi = nla_get_s8(
9812 			attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
9813 		request->relative_rssi_set = true;
9814 	}
9815 
9816 	if (request->relative_rssi_set &&
9817 	    attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
9818 		struct nl80211_bss_select_rssi_adjust *rssi_adjust;
9819 
9820 		rssi_adjust = nla_data(
9821 			attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
9822 		request->rssi_adjust.band = rssi_adjust->band;
9823 		request->rssi_adjust.delta = rssi_adjust->delta;
9824 		if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
9825 			err = -EINVAL;
9826 			goto out_free;
9827 		}
9828 	}
9829 
9830 	err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
9831 	if (err)
9832 		goto out_free;
9833 
9834 	request->scan_start = jiffies;
9835 
9836 	return request;
9837 
9838 out_free:
9839 	kfree(request);
9840 	return ERR_PTR(err);
9841 }
9842 
9843 static int nl80211_start_sched_scan(struct sk_buff *skb,
9844 				    struct genl_info *info)
9845 {
9846 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9847 	struct net_device *dev = info->user_ptr[1];
9848 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9849 	struct cfg80211_sched_scan_request *sched_scan_req;
9850 	bool want_multi;
9851 	int err;
9852 
9853 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
9854 		return -EOPNOTSUPP;
9855 
9856 	want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
9857 	err = cfg80211_sched_scan_req_possible(rdev, want_multi);
9858 	if (err)
9859 		return err;
9860 
9861 	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
9862 						  info->attrs,
9863 						  rdev->wiphy.max_match_sets);
9864 
9865 	err = PTR_ERR_OR_ZERO(sched_scan_req);
9866 	if (err)
9867 		goto out_err;
9868 
9869 	/* leave request id zero for legacy request
9870 	 * or if driver does not support multi-scheduled scan
9871 	 */
9872 	if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
9873 		sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
9874 
9875 	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
9876 	if (err)
9877 		goto out_free;
9878 
9879 	sched_scan_req->dev = dev;
9880 	sched_scan_req->wiphy = &rdev->wiphy;
9881 
9882 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9883 		sched_scan_req->owner_nlportid = info->snd_portid;
9884 
9885 	cfg80211_add_sched_scan_req(rdev, sched_scan_req);
9886 
9887 	nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
9888 	return 0;
9889 
9890 out_free:
9891 	kfree(sched_scan_req);
9892 out_err:
9893 	return err;
9894 }
9895 
9896 static int nl80211_stop_sched_scan(struct sk_buff *skb,
9897 				   struct genl_info *info)
9898 {
9899 	struct cfg80211_sched_scan_request *req;
9900 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9901 	u64 cookie;
9902 
9903 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
9904 		return -EOPNOTSUPP;
9905 
9906 	if (info->attrs[NL80211_ATTR_COOKIE]) {
9907 		cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9908 		return __cfg80211_stop_sched_scan(rdev, cookie, false);
9909 	}
9910 
9911 	req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
9912 				     struct cfg80211_sched_scan_request,
9913 				     list);
9914 	if (!req || req->reqid ||
9915 	    (req->owner_nlportid &&
9916 	     req->owner_nlportid != info->snd_portid))
9917 		return -ENOENT;
9918 
9919 	return cfg80211_stop_sched_scan_req(rdev, req, false);
9920 }
9921 
9922 static int nl80211_start_radar_detection(struct sk_buff *skb,
9923 					 struct genl_info *info)
9924 {
9925 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9926 	struct net_device *dev = info->user_ptr[1];
9927 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9928 	struct wiphy *wiphy = wdev->wiphy;
9929 	struct cfg80211_chan_def chandef;
9930 	enum nl80211_dfs_regions dfs_region;
9931 	unsigned int cac_time_ms;
9932 	int err = -EINVAL;
9933 
9934 	flush_delayed_work(&rdev->dfs_update_channels_wk);
9935 
9936 	wiphy_lock(wiphy);
9937 
9938 	dfs_region = reg_get_dfs_region(wiphy);
9939 	if (dfs_region == NL80211_DFS_UNSET)
9940 		goto unlock;
9941 
9942 	err = nl80211_parse_chandef(rdev, info, &chandef);
9943 	if (err)
9944 		goto unlock;
9945 
9946 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
9947 	if (err < 0)
9948 		goto unlock;
9949 
9950 	if (err == 0) {
9951 		err = -EINVAL;
9952 		goto unlock;
9953 	}
9954 
9955 	if (!cfg80211_chandef_dfs_usable(wiphy, &chandef)) {
9956 		err = -EINVAL;
9957 		goto unlock;
9958 	}
9959 
9960 	if (nla_get_flag(info->attrs[NL80211_ATTR_RADAR_BACKGROUND])) {
9961 		err = cfg80211_start_background_radar_detection(rdev, wdev,
9962 								&chandef);
9963 		goto unlock;
9964 	}
9965 
9966 	if (netif_carrier_ok(dev)) {
9967 		err = -EBUSY;
9968 		goto unlock;
9969 	}
9970 
9971 	if (wdev->cac_started) {
9972 		err = -EBUSY;
9973 		goto unlock;
9974 	}
9975 
9976 	/* CAC start is offloaded to HW and can't be started manually */
9977 	if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD)) {
9978 		err = -EOPNOTSUPP;
9979 		goto unlock;
9980 	}
9981 
9982 	if (!rdev->ops->start_radar_detection) {
9983 		err = -EOPNOTSUPP;
9984 		goto unlock;
9985 	}
9986 
9987 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
9988 	if (WARN_ON(!cac_time_ms))
9989 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
9990 
9991 	err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
9992 	if (!err) {
9993 		wdev->links[0].ap.chandef = chandef;
9994 		wdev->cac_started = true;
9995 		wdev->cac_start_time = jiffies;
9996 		wdev->cac_time_ms = cac_time_ms;
9997 	}
9998 unlock:
9999 	wiphy_unlock(wiphy);
10000 
10001 	return err;
10002 }
10003 
10004 static int nl80211_notify_radar_detection(struct sk_buff *skb,
10005 					  struct genl_info *info)
10006 {
10007 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10008 	struct net_device *dev = info->user_ptr[1];
10009 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10010 	struct wiphy *wiphy = wdev->wiphy;
10011 	struct cfg80211_chan_def chandef;
10012 	enum nl80211_dfs_regions dfs_region;
10013 	int err;
10014 
10015 	dfs_region = reg_get_dfs_region(wiphy);
10016 	if (dfs_region == NL80211_DFS_UNSET) {
10017 		GENL_SET_ERR_MSG(info,
10018 				 "DFS Region is not set. Unexpected Radar indication");
10019 		return -EINVAL;
10020 	}
10021 
10022 	err = nl80211_parse_chandef(rdev, info, &chandef);
10023 	if (err) {
10024 		GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
10025 		return err;
10026 	}
10027 
10028 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
10029 	if (err < 0) {
10030 		GENL_SET_ERR_MSG(info, "chandef is invalid");
10031 		return err;
10032 	}
10033 
10034 	if (err == 0) {
10035 		GENL_SET_ERR_MSG(info,
10036 				 "Unexpected Radar indication for chandef/iftype");
10037 		return -EINVAL;
10038 	}
10039 
10040 	/* Do not process this notification if radar is already detected
10041 	 * by kernel on this channel, and return success.
10042 	 */
10043 	if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
10044 		return 0;
10045 
10046 	cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
10047 
10048 	cfg80211_sched_dfs_chan_update(rdev);
10049 
10050 	rdev->radar_chandef = chandef;
10051 
10052 	/* Propagate this notification to other radios as well */
10053 	queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
10054 
10055 	return 0;
10056 }
10057 
10058 static int nl80211_parse_counter_offsets(struct cfg80211_registered_device *rdev,
10059 					 const u8 *data, size_t datalen,
10060 					 int first_count, struct nlattr *attr,
10061 					 const u16 **offsets, unsigned int *n_offsets)
10062 {
10063 	int i;
10064 
10065 	*n_offsets = 0;
10066 
10067 	if (!attr)
10068 		return 0;
10069 
10070 	if (!nla_len(attr) || (nla_len(attr) % sizeof(u16)))
10071 		return -EINVAL;
10072 
10073 	*n_offsets = nla_len(attr) / sizeof(u16);
10074 	if (rdev->wiphy.max_num_csa_counters &&
10075 	    (*n_offsets > rdev->wiphy.max_num_csa_counters))
10076 		return -EINVAL;
10077 
10078 	*offsets = nla_data(attr);
10079 
10080 	/* sanity checks - counters should fit and be the same */
10081 	for (i = 0; i < *n_offsets; i++) {
10082 		u16 offset = (*offsets)[i];
10083 
10084 		if (offset >= datalen)
10085 			return -EINVAL;
10086 
10087 		if (first_count != -1 && data[offset] != first_count)
10088 			return -EINVAL;
10089 	}
10090 
10091 	return 0;
10092 }
10093 
10094 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
10095 {
10096 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10097 	unsigned int link_id = nl80211_link_id(info->attrs);
10098 	struct net_device *dev = info->user_ptr[1];
10099 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10100 	struct cfg80211_csa_settings params;
10101 	struct nlattr **csa_attrs = NULL;
10102 	int err;
10103 	bool need_new_beacon = false;
10104 	bool need_handle_dfs_flag = true;
10105 	u32 cs_count;
10106 
10107 	if (!rdev->ops->channel_switch ||
10108 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
10109 		return -EOPNOTSUPP;
10110 
10111 	switch (dev->ieee80211_ptr->iftype) {
10112 	case NL80211_IFTYPE_AP:
10113 	case NL80211_IFTYPE_P2P_GO:
10114 		need_new_beacon = true;
10115 		/* For all modes except AP the handle_dfs flag needs to be
10116 		 * supplied to tell the kernel that userspace will handle radar
10117 		 * events when they happen. Otherwise a switch to a channel
10118 		 * requiring DFS will be rejected.
10119 		 */
10120 		need_handle_dfs_flag = false;
10121 
10122 		/* useless if AP is not running */
10123 		if (!wdev->links[link_id].ap.beacon_interval)
10124 			return -ENOTCONN;
10125 		break;
10126 	case NL80211_IFTYPE_ADHOC:
10127 		if (!wdev->u.ibss.ssid_len)
10128 			return -ENOTCONN;
10129 		break;
10130 	case NL80211_IFTYPE_MESH_POINT:
10131 		if (!wdev->u.mesh.id_len)
10132 			return -ENOTCONN;
10133 		break;
10134 	default:
10135 		return -EOPNOTSUPP;
10136 	}
10137 
10138 	memset(&params, 0, sizeof(params));
10139 	params.beacon_csa.ftm_responder = -1;
10140 
10141 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10142 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
10143 		return -EINVAL;
10144 
10145 	/* only important for AP, IBSS and mesh create IEs internally */
10146 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
10147 		return -EINVAL;
10148 
10149 	/* Even though the attribute is u32, the specification says
10150 	 * u8, so let's make sure we don't overflow.
10151 	 */
10152 	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
10153 	if (cs_count > 255)
10154 		return -EINVAL;
10155 
10156 	params.count = cs_count;
10157 
10158 	if (!need_new_beacon)
10159 		goto skip_beacons;
10160 
10161 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after,
10162 				   info->extack);
10163 	if (err)
10164 		goto free;
10165 
10166 	csa_attrs = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*csa_attrs),
10167 			    GFP_KERNEL);
10168 	if (!csa_attrs) {
10169 		err = -ENOMEM;
10170 		goto free;
10171 	}
10172 
10173 	err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
10174 					  info->attrs[NL80211_ATTR_CSA_IES],
10175 					  nl80211_policy, info->extack);
10176 	if (err)
10177 		goto free;
10178 
10179 	err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa,
10180 				   info->extack);
10181 	if (err)
10182 		goto free;
10183 
10184 	if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
10185 		err = -EINVAL;
10186 		goto free;
10187 	}
10188 
10189 	err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.tail,
10190 					    params.beacon_csa.tail_len,
10191 					    params.count,
10192 					    csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON],
10193 					    &params.counter_offsets_beacon,
10194 					    &params.n_counter_offsets_beacon);
10195 	if (err)
10196 		goto free;
10197 
10198 	err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.probe_resp,
10199 					    params.beacon_csa.probe_resp_len,
10200 					    params.count,
10201 					    csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP],
10202 					    &params.counter_offsets_presp,
10203 					    &params.n_counter_offsets_presp);
10204 	if (err)
10205 		goto free;
10206 
10207 skip_beacons:
10208 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
10209 	if (err)
10210 		goto free;
10211 
10212 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
10213 					   wdev->iftype)) {
10214 		err = -EINVAL;
10215 		goto free;
10216 	}
10217 
10218 	err = cfg80211_chandef_dfs_required(wdev->wiphy,
10219 					    &params.chandef,
10220 					    wdev->iftype);
10221 	if (err < 0)
10222 		goto free;
10223 
10224 	if (err > 0) {
10225 		params.radar_required = true;
10226 		if (need_handle_dfs_flag &&
10227 		    !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
10228 			err = -EINVAL;
10229 			goto free;
10230 		}
10231 	}
10232 
10233 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
10234 		params.block_tx = true;
10235 
10236 	params.link_id = link_id;
10237 	err = rdev_channel_switch(rdev, dev, &params);
10238 
10239 free:
10240 	kfree(params.beacon_after.mbssid_ies);
10241 	kfree(params.beacon_csa.mbssid_ies);
10242 	kfree(params.beacon_after.rnr_ies);
10243 	kfree(params.beacon_csa.rnr_ies);
10244 	kfree(csa_attrs);
10245 	return err;
10246 }
10247 
10248 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
10249 			    u32 seq, int flags,
10250 			    struct cfg80211_registered_device *rdev,
10251 			    struct wireless_dev *wdev,
10252 			    struct cfg80211_internal_bss *intbss)
10253 {
10254 	struct cfg80211_bss *res = &intbss->pub;
10255 	const struct cfg80211_bss_ies *ies;
10256 	unsigned int link_id;
10257 	void *hdr;
10258 	struct nlattr *bss;
10259 
10260 	lockdep_assert_wiphy(wdev->wiphy);
10261 
10262 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
10263 			     NL80211_CMD_NEW_SCAN_RESULTS);
10264 	if (!hdr)
10265 		return -1;
10266 
10267 	genl_dump_check_consistent(cb, hdr);
10268 
10269 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
10270 		goto nla_put_failure;
10271 	if (wdev->netdev &&
10272 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
10273 		goto nla_put_failure;
10274 	if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
10275 			      NL80211_ATTR_PAD))
10276 		goto nla_put_failure;
10277 
10278 	bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
10279 	if (!bss)
10280 		goto nla_put_failure;
10281 	if ((!is_zero_ether_addr(res->bssid) &&
10282 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
10283 		goto nla_put_failure;
10284 
10285 	rcu_read_lock();
10286 	/* indicate whether we have probe response data or not */
10287 	if (rcu_access_pointer(res->proberesp_ies) &&
10288 	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
10289 		goto fail_unlock_rcu;
10290 
10291 	/* this pointer prefers to be pointed to probe response data
10292 	 * but is always valid
10293 	 */
10294 	ies = rcu_dereference(res->ies);
10295 	if (ies) {
10296 		if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
10297 				      NL80211_BSS_PAD))
10298 			goto fail_unlock_rcu;
10299 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
10300 					ies->len, ies->data))
10301 			goto fail_unlock_rcu;
10302 	}
10303 
10304 	/* and this pointer is always (unless driver didn't know) beacon data */
10305 	ies = rcu_dereference(res->beacon_ies);
10306 	if (ies && ies->from_beacon) {
10307 		if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
10308 				      NL80211_BSS_PAD))
10309 			goto fail_unlock_rcu;
10310 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
10311 					ies->len, ies->data))
10312 			goto fail_unlock_rcu;
10313 	}
10314 	rcu_read_unlock();
10315 
10316 	if (res->beacon_interval &&
10317 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
10318 		goto nla_put_failure;
10319 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
10320 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
10321 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
10322 			res->channel->freq_offset) ||
10323 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
10324 			jiffies_to_msecs(jiffies - intbss->ts)))
10325 		goto nla_put_failure;
10326 
10327 	if (intbss->parent_tsf &&
10328 	    (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
10329 			       intbss->parent_tsf, NL80211_BSS_PAD) ||
10330 	     nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
10331 		     intbss->parent_bssid)))
10332 		goto nla_put_failure;
10333 
10334 	if (intbss->ts_boottime &&
10335 	    nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
10336 			      intbss->ts_boottime, NL80211_BSS_PAD))
10337 		goto nla_put_failure;
10338 
10339 	if (!nl80211_put_signal(msg, intbss->pub.chains,
10340 				intbss->pub.chain_signal,
10341 				NL80211_BSS_CHAIN_SIGNAL))
10342 		goto nla_put_failure;
10343 
10344 	switch (rdev->wiphy.signal_type) {
10345 	case CFG80211_SIGNAL_TYPE_MBM:
10346 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
10347 			goto nla_put_failure;
10348 		break;
10349 	case CFG80211_SIGNAL_TYPE_UNSPEC:
10350 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
10351 			goto nla_put_failure;
10352 		break;
10353 	default:
10354 		break;
10355 	}
10356 
10357 	switch (wdev->iftype) {
10358 	case NL80211_IFTYPE_P2P_CLIENT:
10359 	case NL80211_IFTYPE_STATION:
10360 		for_each_valid_link(wdev, link_id) {
10361 			if (intbss == wdev->links[link_id].client.current_bss &&
10362 			    (nla_put_u32(msg, NL80211_BSS_STATUS,
10363 					 NL80211_BSS_STATUS_ASSOCIATED) ||
10364 			     (wdev->valid_links &&
10365 			      (nla_put_u8(msg, NL80211_BSS_MLO_LINK_ID,
10366 					  link_id) ||
10367 			       nla_put(msg, NL80211_BSS_MLD_ADDR, ETH_ALEN,
10368 				       wdev->u.client.connected_addr)))))
10369 				goto nla_put_failure;
10370 		}
10371 		break;
10372 	case NL80211_IFTYPE_ADHOC:
10373 		if (intbss == wdev->u.ibss.current_bss &&
10374 		    nla_put_u32(msg, NL80211_BSS_STATUS,
10375 				NL80211_BSS_STATUS_IBSS_JOINED))
10376 			goto nla_put_failure;
10377 		break;
10378 	default:
10379 		break;
10380 	}
10381 
10382 	if (nla_put_u32(msg, NL80211_BSS_USE_FOR, res->use_for))
10383 		goto nla_put_failure;
10384 
10385 	if (res->cannot_use_reasons &&
10386 	    nla_put_u64_64bit(msg, NL80211_BSS_CANNOT_USE_REASONS,
10387 			      res->cannot_use_reasons,
10388 			      NL80211_BSS_PAD))
10389 		goto nla_put_failure;
10390 
10391 	nla_nest_end(msg, bss);
10392 
10393 	genlmsg_end(msg, hdr);
10394 	return 0;
10395 
10396  fail_unlock_rcu:
10397 	rcu_read_unlock();
10398  nla_put_failure:
10399 	genlmsg_cancel(msg, hdr);
10400 	return -EMSGSIZE;
10401 }
10402 
10403 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
10404 {
10405 	struct cfg80211_registered_device *rdev;
10406 	struct cfg80211_internal_bss *scan;
10407 	struct wireless_dev *wdev;
10408 	struct nlattr **attrbuf;
10409 	int start = cb->args[2], idx = 0;
10410 	bool dump_include_use_data;
10411 	int err;
10412 
10413 	attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
10414 	if (!attrbuf)
10415 		return -ENOMEM;
10416 
10417 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
10418 	if (err) {
10419 		kfree(attrbuf);
10420 		return err;
10421 	}
10422 	/* nl80211_prepare_wdev_dump acquired it in the successful case */
10423 	__acquire(&rdev->wiphy.mtx);
10424 
10425 	dump_include_use_data =
10426 		attrbuf[NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA];
10427 	kfree(attrbuf);
10428 
10429 	spin_lock_bh(&rdev->bss_lock);
10430 
10431 	/*
10432 	 * dump_scan will be called multiple times to break up the scan results
10433 	 * into multiple messages.  It is unlikely that any more bss-es will be
10434 	 * expired after the first call, so only call only call this on the
10435 	 * first dump_scan invocation.
10436 	 */
10437 	if (start == 0)
10438 		cfg80211_bss_expire(rdev);
10439 
10440 	cb->seq = rdev->bss_generation;
10441 
10442 	list_for_each_entry(scan, &rdev->bss_list, list) {
10443 		if (++idx <= start)
10444 			continue;
10445 		if (!dump_include_use_data &&
10446 		    !(scan->pub.use_for & NL80211_BSS_USE_FOR_NORMAL))
10447 			continue;
10448 		if (nl80211_send_bss(skb, cb,
10449 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
10450 				rdev, wdev, scan) < 0) {
10451 			idx--;
10452 			break;
10453 		}
10454 	}
10455 
10456 	spin_unlock_bh(&rdev->bss_lock);
10457 
10458 	cb->args[2] = idx;
10459 	wiphy_unlock(&rdev->wiphy);
10460 
10461 	return skb->len;
10462 }
10463 
10464 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
10465 			       int flags, struct net_device *dev,
10466 			       bool allow_radio_stats,
10467 			       struct survey_info *survey)
10468 {
10469 	void *hdr;
10470 	struct nlattr *infoattr;
10471 
10472 	/* skip radio stats if userspace didn't request them */
10473 	if (!survey->channel && !allow_radio_stats)
10474 		return 0;
10475 
10476 	hdr = nl80211hdr_put(msg, portid, seq, flags,
10477 			     NL80211_CMD_NEW_SURVEY_RESULTS);
10478 	if (!hdr)
10479 		return -ENOMEM;
10480 
10481 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
10482 		goto nla_put_failure;
10483 
10484 	infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
10485 	if (!infoattr)
10486 		goto nla_put_failure;
10487 
10488 	if (survey->channel &&
10489 	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
10490 			survey->channel->center_freq))
10491 		goto nla_put_failure;
10492 
10493 	if (survey->channel && survey->channel->freq_offset &&
10494 	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
10495 			survey->channel->freq_offset))
10496 		goto nla_put_failure;
10497 
10498 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
10499 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
10500 		goto nla_put_failure;
10501 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
10502 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
10503 		goto nla_put_failure;
10504 	if ((survey->filled & SURVEY_INFO_TIME) &&
10505 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
10506 			survey->time, NL80211_SURVEY_INFO_PAD))
10507 		goto nla_put_failure;
10508 	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
10509 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
10510 			      survey->time_busy, NL80211_SURVEY_INFO_PAD))
10511 		goto nla_put_failure;
10512 	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
10513 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
10514 			      survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
10515 		goto nla_put_failure;
10516 	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
10517 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
10518 			      survey->time_rx, NL80211_SURVEY_INFO_PAD))
10519 		goto nla_put_failure;
10520 	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
10521 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
10522 			      survey->time_tx, NL80211_SURVEY_INFO_PAD))
10523 		goto nla_put_failure;
10524 	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
10525 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
10526 			      survey->time_scan, NL80211_SURVEY_INFO_PAD))
10527 		goto nla_put_failure;
10528 	if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
10529 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
10530 			      survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
10531 		goto nla_put_failure;
10532 
10533 	nla_nest_end(msg, infoattr);
10534 
10535 	genlmsg_end(msg, hdr);
10536 	return 0;
10537 
10538  nla_put_failure:
10539 	genlmsg_cancel(msg, hdr);
10540 	return -EMSGSIZE;
10541 }
10542 
10543 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
10544 {
10545 	struct nlattr **attrbuf;
10546 	struct survey_info survey;
10547 	struct cfg80211_registered_device *rdev;
10548 	struct wireless_dev *wdev;
10549 	int survey_idx = cb->args[2];
10550 	int res;
10551 	bool radio_stats;
10552 
10553 	attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
10554 	if (!attrbuf)
10555 		return -ENOMEM;
10556 
10557 	res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
10558 	if (res) {
10559 		kfree(attrbuf);
10560 		return res;
10561 	}
10562 	/* nl80211_prepare_wdev_dump acquired it in the successful case */
10563 	__acquire(&rdev->wiphy.mtx);
10564 
10565 	/* prepare_wdev_dump parsed the attributes */
10566 	radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
10567 
10568 	if (!wdev->netdev) {
10569 		res = -EINVAL;
10570 		goto out_err;
10571 	}
10572 
10573 	if (!rdev->ops->dump_survey) {
10574 		res = -EOPNOTSUPP;
10575 		goto out_err;
10576 	}
10577 
10578 	while (1) {
10579 		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
10580 		if (res == -ENOENT)
10581 			break;
10582 		if (res)
10583 			goto out_err;
10584 
10585 		/* don't send disabled channels, but do send non-channel data */
10586 		if (survey.channel &&
10587 		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
10588 			survey_idx++;
10589 			continue;
10590 		}
10591 
10592 		if (nl80211_send_survey(skb,
10593 				NETLINK_CB(cb->skb).portid,
10594 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
10595 				wdev->netdev, radio_stats, &survey) < 0)
10596 			goto out;
10597 		survey_idx++;
10598 	}
10599 
10600  out:
10601 	cb->args[2] = survey_idx;
10602 	res = skb->len;
10603  out_err:
10604 	kfree(attrbuf);
10605 	wiphy_unlock(&rdev->wiphy);
10606 	return res;
10607 }
10608 
10609 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
10610 {
10611 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10612 	struct net_device *dev = info->user_ptr[1];
10613 	struct ieee80211_channel *chan;
10614 	const u8 *bssid, *ssid;
10615 	int err, ssid_len;
10616 	enum nl80211_auth_type auth_type;
10617 	struct key_parse key;
10618 	bool local_state_change;
10619 	struct cfg80211_auth_request req = {};
10620 	u32 freq;
10621 
10622 	if (!info->attrs[NL80211_ATTR_MAC])
10623 		return -EINVAL;
10624 
10625 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
10626 		return -EINVAL;
10627 
10628 	if (!info->attrs[NL80211_ATTR_SSID])
10629 		return -EINVAL;
10630 
10631 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10632 		return -EINVAL;
10633 
10634 	err = nl80211_parse_key(info, &key);
10635 	if (err)
10636 		return err;
10637 
10638 	if (key.idx >= 0) {
10639 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
10640 			return -EINVAL;
10641 		if (!key.p.key || !key.p.key_len)
10642 			return -EINVAL;
10643 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
10644 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
10645 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
10646 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
10647 			return -EINVAL;
10648 		if (key.idx > 3)
10649 			return -EINVAL;
10650 	} else {
10651 		key.p.key_len = 0;
10652 		key.p.key = NULL;
10653 	}
10654 
10655 	if (key.idx >= 0) {
10656 		int i;
10657 		bool ok = false;
10658 
10659 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
10660 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
10661 				ok = true;
10662 				break;
10663 			}
10664 		}
10665 		if (!ok)
10666 			return -EINVAL;
10667 	}
10668 
10669 	if (!rdev->ops->auth)
10670 		return -EOPNOTSUPP;
10671 
10672 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10673 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10674 		return -EOPNOTSUPP;
10675 
10676 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10677 	freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
10678 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
10679 		freq +=
10680 		    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
10681 
10682 	chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
10683 	if (!chan)
10684 		return -EINVAL;
10685 
10686 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10687 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10688 
10689 	if (info->attrs[NL80211_ATTR_IE]) {
10690 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10691 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10692 	}
10693 
10694 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10695 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
10696 		return -EINVAL;
10697 
10698 	if ((auth_type == NL80211_AUTHTYPE_SAE ||
10699 	     auth_type == NL80211_AUTHTYPE_FILS_SK ||
10700 	     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
10701 	     auth_type == NL80211_AUTHTYPE_FILS_PK) &&
10702 	    !info->attrs[NL80211_ATTR_AUTH_DATA])
10703 		return -EINVAL;
10704 
10705 	if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
10706 		if (auth_type != NL80211_AUTHTYPE_SAE &&
10707 		    auth_type != NL80211_AUTHTYPE_FILS_SK &&
10708 		    auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
10709 		    auth_type != NL80211_AUTHTYPE_FILS_PK)
10710 			return -EINVAL;
10711 		req.auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
10712 		req.auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
10713 	}
10714 
10715 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
10716 
10717 	/*
10718 	 * Since we no longer track auth state, ignore
10719 	 * requests to only change local state.
10720 	 */
10721 	if (local_state_change)
10722 		return 0;
10723 
10724 	req.auth_type = auth_type;
10725 	req.key = key.p.key;
10726 	req.key_len = key.p.key_len;
10727 	req.key_idx = key.idx;
10728 	req.link_id = nl80211_link_id_or_invalid(info->attrs);
10729 	if (req.link_id >= 0) {
10730 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
10731 			return -EINVAL;
10732 		if (!info->attrs[NL80211_ATTR_MLD_ADDR])
10733 			return -EINVAL;
10734 		req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
10735 		if (!is_valid_ether_addr(req.ap_mld_addr))
10736 			return -EINVAL;
10737 	}
10738 
10739 	req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
10740 				   IEEE80211_BSS_TYPE_ESS,
10741 				   IEEE80211_PRIVACY_ANY);
10742 	if (!req.bss)
10743 		return -ENOENT;
10744 
10745 	err = cfg80211_mlme_auth(rdev, dev, &req);
10746 
10747 	cfg80211_put_bss(&rdev->wiphy, req.bss);
10748 
10749 	return err;
10750 }
10751 
10752 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
10753 				     struct genl_info *info)
10754 {
10755 	if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10756 		GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
10757 		return -EINVAL;
10758 	}
10759 
10760 	if (!rdev->ops->tx_control_port ||
10761 	    !wiphy_ext_feature_isset(&rdev->wiphy,
10762 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
10763 		return -EOPNOTSUPP;
10764 
10765 	return 0;
10766 }
10767 
10768 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
10769 				   struct genl_info *info,
10770 				   struct cfg80211_crypto_settings *settings,
10771 				   int cipher_limit)
10772 {
10773 	memset(settings, 0, sizeof(*settings));
10774 
10775 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
10776 
10777 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
10778 		u16 proto;
10779 
10780 		proto = nla_get_u16(
10781 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
10782 		settings->control_port_ethertype = cpu_to_be16(proto);
10783 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
10784 		    proto != ETH_P_PAE)
10785 			return -EINVAL;
10786 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
10787 			settings->control_port_no_encrypt = true;
10788 	} else
10789 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
10790 
10791 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10792 		int r = validate_pae_over_nl80211(rdev, info);
10793 
10794 		if (r < 0)
10795 			return r;
10796 
10797 		settings->control_port_over_nl80211 = true;
10798 
10799 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
10800 			settings->control_port_no_preauth = true;
10801 	}
10802 
10803 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
10804 		void *data;
10805 		int len, i;
10806 
10807 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
10808 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
10809 		settings->n_ciphers_pairwise = len / sizeof(u32);
10810 
10811 		if (len % sizeof(u32))
10812 			return -EINVAL;
10813 
10814 		if (settings->n_ciphers_pairwise > cipher_limit)
10815 			return -EINVAL;
10816 
10817 		memcpy(settings->ciphers_pairwise, data, len);
10818 
10819 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
10820 			if (!cfg80211_supported_cipher_suite(
10821 					&rdev->wiphy,
10822 					settings->ciphers_pairwise[i]))
10823 				return -EINVAL;
10824 	}
10825 
10826 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
10827 		settings->cipher_group =
10828 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
10829 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
10830 						     settings->cipher_group))
10831 			return -EINVAL;
10832 	}
10833 
10834 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS])
10835 		settings->wpa_versions =
10836 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
10837 
10838 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
10839 		void *data;
10840 		int len;
10841 
10842 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
10843 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
10844 		settings->n_akm_suites = len / sizeof(u32);
10845 
10846 		if (len % sizeof(u32))
10847 			return -EINVAL;
10848 
10849 		if (settings->n_akm_suites > rdev->wiphy.max_num_akm_suites)
10850 			return -EINVAL;
10851 
10852 		memcpy(settings->akm_suites, data, len);
10853 	}
10854 
10855 	if (info->attrs[NL80211_ATTR_PMK]) {
10856 		if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
10857 			return -EINVAL;
10858 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
10859 					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
10860 		    !wiphy_ext_feature_isset(&rdev->wiphy,
10861 					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
10862 			return -EINVAL;
10863 		settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
10864 	}
10865 
10866 	if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
10867 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
10868 					     NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
10869 		    !wiphy_ext_feature_isset(&rdev->wiphy,
10870 					     NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
10871 			return -EINVAL;
10872 		settings->sae_pwd =
10873 			nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
10874 		settings->sae_pwd_len =
10875 			nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
10876 	}
10877 
10878 	if (info->attrs[NL80211_ATTR_SAE_PWE])
10879 		settings->sae_pwe =
10880 			nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
10881 	else
10882 		settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
10883 
10884 	return 0;
10885 }
10886 
10887 static struct cfg80211_bss *nl80211_assoc_bss(struct cfg80211_registered_device *rdev,
10888 					      const u8 *ssid, int ssid_len,
10889 					      struct nlattr **attrs,
10890 					      int assoc_link_id, int link_id)
10891 {
10892 	struct ieee80211_channel *chan;
10893 	struct cfg80211_bss *bss;
10894 	const u8 *bssid;
10895 	u32 freq, use_for = 0;
10896 
10897 	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_WIPHY_FREQ])
10898 		return ERR_PTR(-EINVAL);
10899 
10900 	bssid = nla_data(attrs[NL80211_ATTR_MAC]);
10901 
10902 	freq = MHZ_TO_KHZ(nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]));
10903 	if (attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
10904 		freq += nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
10905 
10906 	chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
10907 	if (!chan)
10908 		return ERR_PTR(-EINVAL);
10909 
10910 	if (assoc_link_id >= 0)
10911 		use_for = NL80211_BSS_USE_FOR_MLD_LINK;
10912 	if (assoc_link_id == link_id)
10913 		use_for |= NL80211_BSS_USE_FOR_NORMAL;
10914 
10915 	bss = __cfg80211_get_bss(&rdev->wiphy, chan, bssid,
10916 				 ssid, ssid_len,
10917 				 IEEE80211_BSS_TYPE_ESS,
10918 				 IEEE80211_PRIVACY_ANY,
10919 				 use_for);
10920 	if (!bss)
10921 		return ERR_PTR(-ENOENT);
10922 
10923 	return bss;
10924 }
10925 
10926 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
10927 {
10928 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10929 	struct net_device *dev = info->user_ptr[1];
10930 	struct cfg80211_assoc_request req = {};
10931 	struct nlattr **attrs = NULL;
10932 	const u8 *ap_addr, *ssid;
10933 	unsigned int link_id;
10934 	int err, ssid_len;
10935 
10936 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
10937 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10938 		return -EPERM;
10939 
10940 	if (!info->attrs[NL80211_ATTR_SSID])
10941 		return -EINVAL;
10942 
10943 	if (!rdev->ops->assoc)
10944 		return -EOPNOTSUPP;
10945 
10946 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10947 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10948 		return -EOPNOTSUPP;
10949 
10950 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10951 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10952 
10953 	if (info->attrs[NL80211_ATTR_IE]) {
10954 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10955 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10956 
10957 		if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
10958 					   req.ie, req.ie_len)) {
10959 			NL_SET_ERR_MSG_ATTR(info->extack,
10960 					    info->attrs[NL80211_ATTR_IE],
10961 					    "non-inheritance makes no sense");
10962 			return -EINVAL;
10963 		}
10964 	}
10965 
10966 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
10967 		enum nl80211_mfp mfp =
10968 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
10969 		if (mfp == NL80211_MFP_REQUIRED)
10970 			req.use_mfp = true;
10971 		else if (mfp != NL80211_MFP_NO)
10972 			return -EINVAL;
10973 	}
10974 
10975 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
10976 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
10977 
10978 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
10979 		req.flags |= ASSOC_REQ_DISABLE_HT;
10980 
10981 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10982 		memcpy(&req.ht_capa_mask,
10983 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10984 		       sizeof(req.ht_capa_mask));
10985 
10986 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10987 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10988 			return -EINVAL;
10989 		memcpy(&req.ht_capa,
10990 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10991 		       sizeof(req.ht_capa));
10992 	}
10993 
10994 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10995 		req.flags |= ASSOC_REQ_DISABLE_VHT;
10996 
10997 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
10998 		req.flags |= ASSOC_REQ_DISABLE_HE;
10999 
11000 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
11001 		req.flags |= ASSOC_REQ_DISABLE_EHT;
11002 
11003 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
11004 		memcpy(&req.vht_capa_mask,
11005 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
11006 		       sizeof(req.vht_capa_mask));
11007 
11008 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
11009 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
11010 			return -EINVAL;
11011 		memcpy(&req.vht_capa,
11012 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
11013 		       sizeof(req.vht_capa));
11014 	}
11015 
11016 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
11017 		if (!((rdev->wiphy.features &
11018 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
11019 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
11020 		    !wiphy_ext_feature_isset(&rdev->wiphy,
11021 					     NL80211_EXT_FEATURE_RRM))
11022 			return -EINVAL;
11023 		req.flags |= ASSOC_REQ_USE_RRM;
11024 	}
11025 
11026 	if (info->attrs[NL80211_ATTR_FILS_KEK]) {
11027 		req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
11028 		req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
11029 		if (!info->attrs[NL80211_ATTR_FILS_NONCES])
11030 			return -EINVAL;
11031 		req.fils_nonces =
11032 			nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
11033 	}
11034 
11035 	if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
11036 		if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
11037 			return -EINVAL;
11038 		memcpy(&req.s1g_capa_mask,
11039 		       nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
11040 		       sizeof(req.s1g_capa_mask));
11041 	}
11042 
11043 	if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
11044 		if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
11045 			return -EINVAL;
11046 		memcpy(&req.s1g_capa,
11047 		       nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
11048 		       sizeof(req.s1g_capa));
11049 	}
11050 
11051 	if (nla_get_flag(info->attrs[NL80211_ATTR_ASSOC_SPP_AMSDU])) {
11052 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
11053 					     NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT)) {
11054 			GENL_SET_ERR_MSG(info, "SPP A-MSDUs not supported");
11055 			return -EINVAL;
11056 		}
11057 		req.flags |= ASSOC_REQ_SPP_AMSDU;
11058 	}
11059 
11060 	req.link_id = nl80211_link_id_or_invalid(info->attrs);
11061 
11062 	if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
11063 		unsigned int attrsize = NUM_NL80211_ATTR * sizeof(*attrs);
11064 		struct nlattr *link;
11065 		int rem = 0;
11066 
11067 		if (req.link_id < 0)
11068 			return -EINVAL;
11069 
11070 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
11071 			return -EINVAL;
11072 
11073 		if (info->attrs[NL80211_ATTR_MAC] ||
11074 		    info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
11075 		    !info->attrs[NL80211_ATTR_MLD_ADDR])
11076 			return -EINVAL;
11077 
11078 		req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
11079 		ap_addr = req.ap_mld_addr;
11080 
11081 		attrs = kzalloc(attrsize, GFP_KERNEL);
11082 		if (!attrs)
11083 			return -ENOMEM;
11084 
11085 		nla_for_each_nested(link,
11086 				    info->attrs[NL80211_ATTR_MLO_LINKS],
11087 				    rem) {
11088 			memset(attrs, 0, attrsize);
11089 
11090 			nla_parse_nested(attrs, NL80211_ATTR_MAX,
11091 					 link, NULL, NULL);
11092 
11093 			if (!attrs[NL80211_ATTR_MLO_LINK_ID]) {
11094 				err = -EINVAL;
11095 				NL_SET_BAD_ATTR(info->extack, link);
11096 				goto free;
11097 			}
11098 
11099 			link_id = nla_get_u8(attrs[NL80211_ATTR_MLO_LINK_ID]);
11100 			/* cannot use the same link ID again */
11101 			if (req.links[link_id].bss) {
11102 				err = -EINVAL;
11103 				NL_SET_BAD_ATTR(info->extack, link);
11104 				goto free;
11105 			}
11106 			req.links[link_id].bss =
11107 				nl80211_assoc_bss(rdev, ssid, ssid_len, attrs,
11108 						  req.link_id, link_id);
11109 			if (IS_ERR(req.links[link_id].bss)) {
11110 				err = PTR_ERR(req.links[link_id].bss);
11111 				req.links[link_id].bss = NULL;
11112 				NL_SET_ERR_MSG_ATTR(info->extack,
11113 						    link, "Error fetching BSS for link");
11114 				goto free;
11115 			}
11116 
11117 			if (attrs[NL80211_ATTR_IE]) {
11118 				req.links[link_id].elems =
11119 					nla_data(attrs[NL80211_ATTR_IE]);
11120 				req.links[link_id].elems_len =
11121 					nla_len(attrs[NL80211_ATTR_IE]);
11122 
11123 				if (cfg80211_find_elem(WLAN_EID_FRAGMENT,
11124 						       req.links[link_id].elems,
11125 						       req.links[link_id].elems_len)) {
11126 					NL_SET_ERR_MSG_ATTR(info->extack,
11127 							    attrs[NL80211_ATTR_IE],
11128 							    "cannot deal with fragmentation");
11129 					err = -EINVAL;
11130 					goto free;
11131 				}
11132 
11133 				if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
11134 							   req.links[link_id].elems,
11135 							   req.links[link_id].elems_len)) {
11136 					NL_SET_ERR_MSG_ATTR(info->extack,
11137 							    attrs[NL80211_ATTR_IE],
11138 							    "cannot deal with non-inheritance");
11139 					err = -EINVAL;
11140 					goto free;
11141 				}
11142 			}
11143 
11144 			req.links[link_id].disabled =
11145 				nla_get_flag(attrs[NL80211_ATTR_MLO_LINK_DISABLED]);
11146 		}
11147 
11148 		if (!req.links[req.link_id].bss) {
11149 			err = -EINVAL;
11150 			goto free;
11151 		}
11152 
11153 		if (req.links[req.link_id].elems_len) {
11154 			GENL_SET_ERR_MSG(info,
11155 					 "cannot have per-link elems on assoc link");
11156 			err = -EINVAL;
11157 			goto free;
11158 		}
11159 
11160 		if (req.links[req.link_id].disabled) {
11161 			GENL_SET_ERR_MSG(info,
11162 					 "cannot have assoc link disabled");
11163 			err = -EINVAL;
11164 			goto free;
11165 		}
11166 
11167 		kfree(attrs);
11168 		attrs = NULL;
11169 	} else {
11170 		if (req.link_id >= 0)
11171 			return -EINVAL;
11172 
11173 		req.bss = nl80211_assoc_bss(rdev, ssid, ssid_len, info->attrs,
11174 					    -1, -1);
11175 		if (IS_ERR(req.bss))
11176 			return PTR_ERR(req.bss);
11177 		ap_addr = req.bss->bssid;
11178 	}
11179 
11180 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
11181 	if (!err) {
11182 		struct nlattr *link;
11183 		int rem = 0;
11184 
11185 		err = cfg80211_mlme_assoc(rdev, dev, &req,
11186 					  info->extack);
11187 
11188 		if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
11189 			dev->ieee80211_ptr->conn_owner_nlportid =
11190 				info->snd_portid;
11191 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
11192 			       ap_addr, ETH_ALEN);
11193 		}
11194 
11195 		/* Report error from first problematic link */
11196 		if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
11197 			nla_for_each_nested(link,
11198 					    info->attrs[NL80211_ATTR_MLO_LINKS],
11199 					    rem) {
11200 				struct nlattr *link_id_attr =
11201 					nla_find_nested(link, NL80211_ATTR_MLO_LINK_ID);
11202 
11203 				if (!link_id_attr)
11204 					continue;
11205 
11206 				link_id = nla_get_u8(link_id_attr);
11207 
11208 				if (link_id == req.link_id)
11209 					continue;
11210 
11211 				if (!req.links[link_id].error ||
11212 				    WARN_ON(req.links[link_id].error > 0))
11213 					continue;
11214 
11215 				WARN_ON(err >= 0);
11216 
11217 				NL_SET_BAD_ATTR(info->extack, link);
11218 				err = req.links[link_id].error;
11219 				break;
11220 			}
11221 		}
11222 	}
11223 
11224 free:
11225 	for (link_id = 0; link_id < ARRAY_SIZE(req.links); link_id++)
11226 		cfg80211_put_bss(&rdev->wiphy, req.links[link_id].bss);
11227 	cfg80211_put_bss(&rdev->wiphy, req.bss);
11228 	kfree(attrs);
11229 
11230 	return err;
11231 }
11232 
11233 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
11234 {
11235 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11236 	struct net_device *dev = info->user_ptr[1];
11237 	const u8 *ie = NULL, *bssid;
11238 	int ie_len = 0;
11239 	u16 reason_code;
11240 	bool local_state_change;
11241 
11242 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
11243 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11244 		return -EPERM;
11245 
11246 	if (!info->attrs[NL80211_ATTR_MAC])
11247 		return -EINVAL;
11248 
11249 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
11250 		return -EINVAL;
11251 
11252 	if (!rdev->ops->deauth)
11253 		return -EOPNOTSUPP;
11254 
11255 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11256 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11257 		return -EOPNOTSUPP;
11258 
11259 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11260 
11261 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
11262 	if (reason_code == 0) {
11263 		/* Reason Code 0 is reserved */
11264 		return -EINVAL;
11265 	}
11266 
11267 	if (info->attrs[NL80211_ATTR_IE]) {
11268 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11269 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11270 	}
11271 
11272 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
11273 
11274 	return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
11275 				    local_state_change);
11276 }
11277 
11278 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
11279 {
11280 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11281 	struct net_device *dev = info->user_ptr[1];
11282 	const u8 *ie = NULL, *bssid;
11283 	int ie_len = 0;
11284 	u16 reason_code;
11285 	bool local_state_change;
11286 
11287 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
11288 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11289 		return -EPERM;
11290 
11291 	if (!info->attrs[NL80211_ATTR_MAC])
11292 		return -EINVAL;
11293 
11294 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
11295 		return -EINVAL;
11296 
11297 	if (!rdev->ops->disassoc)
11298 		return -EOPNOTSUPP;
11299 
11300 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11301 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11302 		return -EOPNOTSUPP;
11303 
11304 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11305 
11306 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
11307 	if (reason_code == 0) {
11308 		/* Reason Code 0 is reserved */
11309 		return -EINVAL;
11310 	}
11311 
11312 	if (info->attrs[NL80211_ATTR_IE]) {
11313 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11314 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11315 	}
11316 
11317 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
11318 
11319 	return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
11320 				      local_state_change);
11321 }
11322 
11323 static bool
11324 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
11325 			 int mcast_rate[NUM_NL80211_BANDS],
11326 			 int rateval)
11327 {
11328 	struct wiphy *wiphy = &rdev->wiphy;
11329 	bool found = false;
11330 	int band, i;
11331 
11332 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
11333 		struct ieee80211_supported_band *sband;
11334 
11335 		sband = wiphy->bands[band];
11336 		if (!sband)
11337 			continue;
11338 
11339 		for (i = 0; i < sband->n_bitrates; i++) {
11340 			if (sband->bitrates[i].bitrate == rateval) {
11341 				mcast_rate[band] = i + 1;
11342 				found = true;
11343 				break;
11344 			}
11345 		}
11346 	}
11347 
11348 	return found;
11349 }
11350 
11351 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
11352 {
11353 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11354 	struct net_device *dev = info->user_ptr[1];
11355 	struct cfg80211_ibss_params ibss;
11356 	struct wiphy *wiphy;
11357 	struct cfg80211_cached_keys *connkeys = NULL;
11358 	int err;
11359 
11360 	memset(&ibss, 0, sizeof(ibss));
11361 
11362 	if (!info->attrs[NL80211_ATTR_SSID] ||
11363 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
11364 		return -EINVAL;
11365 
11366 	ibss.beacon_interval = 100;
11367 
11368 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
11369 		ibss.beacon_interval =
11370 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11371 
11372 	err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
11373 					   ibss.beacon_interval);
11374 	if (err)
11375 		return err;
11376 
11377 	if (!rdev->ops->join_ibss)
11378 		return -EOPNOTSUPP;
11379 
11380 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
11381 		return -EOPNOTSUPP;
11382 
11383 	wiphy = &rdev->wiphy;
11384 
11385 	if (info->attrs[NL80211_ATTR_MAC]) {
11386 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11387 
11388 		if (!is_valid_ether_addr(ibss.bssid))
11389 			return -EINVAL;
11390 	}
11391 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11392 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11393 
11394 	if (info->attrs[NL80211_ATTR_IE]) {
11395 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11396 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11397 	}
11398 
11399 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
11400 	if (err)
11401 		return err;
11402 
11403 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
11404 				     NL80211_IFTYPE_ADHOC))
11405 		return -EINVAL;
11406 
11407 	switch (ibss.chandef.width) {
11408 	case NL80211_CHAN_WIDTH_5:
11409 	case NL80211_CHAN_WIDTH_10:
11410 	case NL80211_CHAN_WIDTH_20_NOHT:
11411 		break;
11412 	case NL80211_CHAN_WIDTH_20:
11413 	case NL80211_CHAN_WIDTH_40:
11414 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
11415 			return -EINVAL;
11416 		break;
11417 	case NL80211_CHAN_WIDTH_80:
11418 	case NL80211_CHAN_WIDTH_80P80:
11419 	case NL80211_CHAN_WIDTH_160:
11420 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
11421 			return -EINVAL;
11422 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
11423 					     NL80211_EXT_FEATURE_VHT_IBSS))
11424 			return -EINVAL;
11425 		break;
11426 	case NL80211_CHAN_WIDTH_320:
11427 		return -EINVAL;
11428 	default:
11429 		return -EINVAL;
11430 	}
11431 
11432 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
11433 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
11434 
11435 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11436 		u8 *rates =
11437 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11438 		int n_rates =
11439 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11440 		struct ieee80211_supported_band *sband =
11441 			wiphy->bands[ibss.chandef.chan->band];
11442 
11443 		err = ieee80211_get_ratemask(sband, rates, n_rates,
11444 					     &ibss.basic_rates);
11445 		if (err)
11446 			return err;
11447 	}
11448 
11449 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11450 		memcpy(&ibss.ht_capa_mask,
11451 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
11452 		       sizeof(ibss.ht_capa_mask));
11453 
11454 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
11455 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11456 			return -EINVAL;
11457 		memcpy(&ibss.ht_capa,
11458 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
11459 		       sizeof(ibss.ht_capa));
11460 	}
11461 
11462 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11463 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
11464 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11465 		return -EINVAL;
11466 
11467 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
11468 		bool no_ht = false;
11469 
11470 		connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
11471 		if (IS_ERR(connkeys))
11472 			return PTR_ERR(connkeys);
11473 
11474 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
11475 		    no_ht) {
11476 			kfree_sensitive(connkeys);
11477 			return -EINVAL;
11478 		}
11479 	}
11480 
11481 	ibss.control_port =
11482 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
11483 
11484 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11485 		int r = validate_pae_over_nl80211(rdev, info);
11486 
11487 		if (r < 0) {
11488 			kfree_sensitive(connkeys);
11489 			return r;
11490 		}
11491 
11492 		ibss.control_port_over_nl80211 = true;
11493 	}
11494 
11495 	ibss.userspace_handles_dfs =
11496 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11497 
11498 	err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
11499 	if (err)
11500 		kfree_sensitive(connkeys);
11501 	else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
11502 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11503 
11504 	return err;
11505 }
11506 
11507 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
11508 {
11509 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11510 	struct net_device *dev = info->user_ptr[1];
11511 
11512 	if (!rdev->ops->leave_ibss)
11513 		return -EOPNOTSUPP;
11514 
11515 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
11516 		return -EOPNOTSUPP;
11517 
11518 	return cfg80211_leave_ibss(rdev, dev, false);
11519 }
11520 
11521 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
11522 {
11523 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11524 	struct net_device *dev = info->user_ptr[1];
11525 	int mcast_rate[NUM_NL80211_BANDS];
11526 	u32 nla_rate;
11527 
11528 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
11529 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
11530 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
11531 		return -EOPNOTSUPP;
11532 
11533 	if (!rdev->ops->set_mcast_rate)
11534 		return -EOPNOTSUPP;
11535 
11536 	memset(mcast_rate, 0, sizeof(mcast_rate));
11537 
11538 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
11539 		return -EINVAL;
11540 
11541 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
11542 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
11543 		return -EINVAL;
11544 
11545 	return rdev_set_mcast_rate(rdev, dev, mcast_rate);
11546 }
11547 
11548 static struct sk_buff *
11549 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
11550 			    struct wireless_dev *wdev, int approxlen,
11551 			    u32 portid, u32 seq, enum nl80211_commands cmd,
11552 			    enum nl80211_attrs attr,
11553 			    const struct nl80211_vendor_cmd_info *info,
11554 			    gfp_t gfp)
11555 {
11556 	struct sk_buff *skb;
11557 	void *hdr;
11558 	struct nlattr *data;
11559 
11560 	skb = nlmsg_new(approxlen + 100, gfp);
11561 	if (!skb)
11562 		return NULL;
11563 
11564 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
11565 	if (!hdr) {
11566 		kfree_skb(skb);
11567 		return NULL;
11568 	}
11569 
11570 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
11571 		goto nla_put_failure;
11572 
11573 	if (info) {
11574 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
11575 				info->vendor_id))
11576 			goto nla_put_failure;
11577 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
11578 				info->subcmd))
11579 			goto nla_put_failure;
11580 	}
11581 
11582 	if (wdev) {
11583 		if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
11584 				      wdev_id(wdev), NL80211_ATTR_PAD))
11585 			goto nla_put_failure;
11586 		if (wdev->netdev &&
11587 		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
11588 				wdev->netdev->ifindex))
11589 			goto nla_put_failure;
11590 	}
11591 
11592 	data = nla_nest_start_noflag(skb, attr);
11593 	if (!data)
11594 		goto nla_put_failure;
11595 
11596 	((void **)skb->cb)[0] = rdev;
11597 	((void **)skb->cb)[1] = hdr;
11598 	((void **)skb->cb)[2] = data;
11599 
11600 	return skb;
11601 
11602  nla_put_failure:
11603 	kfree_skb(skb);
11604 	return NULL;
11605 }
11606 
11607 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
11608 					   struct wireless_dev *wdev,
11609 					   enum nl80211_commands cmd,
11610 					   enum nl80211_attrs attr,
11611 					   unsigned int portid,
11612 					   int vendor_event_idx,
11613 					   int approxlen, gfp_t gfp)
11614 {
11615 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11616 	const struct nl80211_vendor_cmd_info *info;
11617 
11618 	switch (cmd) {
11619 	case NL80211_CMD_TESTMODE:
11620 		if (WARN_ON(vendor_event_idx != -1))
11621 			return NULL;
11622 		info = NULL;
11623 		break;
11624 	case NL80211_CMD_VENDOR:
11625 		if (WARN_ON(vendor_event_idx < 0 ||
11626 			    vendor_event_idx >= wiphy->n_vendor_events))
11627 			return NULL;
11628 		info = &wiphy->vendor_events[vendor_event_idx];
11629 		break;
11630 	default:
11631 		WARN_ON(1);
11632 		return NULL;
11633 	}
11634 
11635 	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
11636 					   cmd, attr, info, gfp);
11637 }
11638 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
11639 
11640 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
11641 {
11642 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
11643 	void *hdr = ((void **)skb->cb)[1];
11644 	struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
11645 	struct nlattr *data = ((void **)skb->cb)[2];
11646 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
11647 
11648 	/* clear CB data for netlink core to own from now on */
11649 	memset(skb->cb, 0, sizeof(skb->cb));
11650 
11651 	nla_nest_end(skb, data);
11652 	genlmsg_end(skb, hdr);
11653 
11654 	if (nlhdr->nlmsg_pid) {
11655 		genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
11656 				nlhdr->nlmsg_pid);
11657 	} else {
11658 		if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
11659 			mcgrp = NL80211_MCGRP_VENDOR;
11660 
11661 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11662 					skb, 0, mcgrp, gfp);
11663 	}
11664 }
11665 EXPORT_SYMBOL(__cfg80211_send_event_skb);
11666 
11667 #ifdef CONFIG_NL80211_TESTMODE
11668 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
11669 {
11670 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11671 	struct wireless_dev *wdev;
11672 	int err;
11673 
11674 	lockdep_assert_held(&rdev->wiphy.mtx);
11675 
11676 	wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
11677 					  info->attrs);
11678 
11679 	if (!rdev->ops->testmode_cmd)
11680 		return -EOPNOTSUPP;
11681 
11682 	if (IS_ERR(wdev)) {
11683 		err = PTR_ERR(wdev);
11684 		if (err != -EINVAL)
11685 			return err;
11686 		wdev = NULL;
11687 	} else if (wdev->wiphy != &rdev->wiphy) {
11688 		return -EINVAL;
11689 	}
11690 
11691 	if (!info->attrs[NL80211_ATTR_TESTDATA])
11692 		return -EINVAL;
11693 
11694 	rdev->cur_cmd_info = info;
11695 	err = rdev_testmode_cmd(rdev, wdev,
11696 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
11697 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
11698 	rdev->cur_cmd_info = NULL;
11699 
11700 	return err;
11701 }
11702 
11703 static int nl80211_testmode_dump(struct sk_buff *skb,
11704 				 struct netlink_callback *cb)
11705 {
11706 	struct cfg80211_registered_device *rdev;
11707 	struct nlattr **attrbuf = NULL;
11708 	int err;
11709 	long phy_idx;
11710 	void *data = NULL;
11711 	int data_len = 0;
11712 
11713 	rtnl_lock();
11714 
11715 	if (cb->args[0]) {
11716 		/*
11717 		 * 0 is a valid index, but not valid for args[0],
11718 		 * so we need to offset by 1.
11719 		 */
11720 		phy_idx = cb->args[0] - 1;
11721 
11722 		rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
11723 		if (!rdev) {
11724 			err = -ENOENT;
11725 			goto out_err;
11726 		}
11727 	} else {
11728 		attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
11729 				  GFP_KERNEL);
11730 		if (!attrbuf) {
11731 			err = -ENOMEM;
11732 			goto out_err;
11733 		}
11734 
11735 		err = nlmsg_parse_deprecated(cb->nlh,
11736 					     GENL_HDRLEN + nl80211_fam.hdrsize,
11737 					     attrbuf, nl80211_fam.maxattr,
11738 					     nl80211_policy, NULL);
11739 		if (err)
11740 			goto out_err;
11741 
11742 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
11743 		if (IS_ERR(rdev)) {
11744 			err = PTR_ERR(rdev);
11745 			goto out_err;
11746 		}
11747 		phy_idx = rdev->wiphy_idx;
11748 
11749 		if (attrbuf[NL80211_ATTR_TESTDATA])
11750 			cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
11751 	}
11752 
11753 	if (cb->args[1]) {
11754 		data = nla_data((void *)cb->args[1]);
11755 		data_len = nla_len((void *)cb->args[1]);
11756 	}
11757 
11758 	if (!rdev->ops->testmode_dump) {
11759 		err = -EOPNOTSUPP;
11760 		goto out_err;
11761 	}
11762 
11763 	while (1) {
11764 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
11765 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
11766 					   NL80211_CMD_TESTMODE);
11767 		struct nlattr *tmdata;
11768 
11769 		if (!hdr)
11770 			break;
11771 
11772 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
11773 			genlmsg_cancel(skb, hdr);
11774 			break;
11775 		}
11776 
11777 		tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
11778 		if (!tmdata) {
11779 			genlmsg_cancel(skb, hdr);
11780 			break;
11781 		}
11782 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
11783 		nla_nest_end(skb, tmdata);
11784 
11785 		if (err == -ENOBUFS || err == -ENOENT) {
11786 			genlmsg_cancel(skb, hdr);
11787 			break;
11788 		} else if (err) {
11789 			genlmsg_cancel(skb, hdr);
11790 			goto out_err;
11791 		}
11792 
11793 		genlmsg_end(skb, hdr);
11794 	}
11795 
11796 	err = skb->len;
11797 	/* see above */
11798 	cb->args[0] = phy_idx + 1;
11799  out_err:
11800 	kfree(attrbuf);
11801 	rtnl_unlock();
11802 	return err;
11803 }
11804 #endif
11805 
11806 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
11807 {
11808 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11809 	struct net_device *dev = info->user_ptr[1];
11810 	struct cfg80211_connect_params connect;
11811 	struct wiphy *wiphy;
11812 	struct cfg80211_cached_keys *connkeys = NULL;
11813 	u32 freq = 0;
11814 	int err;
11815 
11816 	memset(&connect, 0, sizeof(connect));
11817 
11818 	if (!info->attrs[NL80211_ATTR_SSID] ||
11819 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
11820 		return -EINVAL;
11821 
11822 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
11823 		connect.auth_type =
11824 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
11825 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
11826 					     NL80211_CMD_CONNECT))
11827 			return -EINVAL;
11828 	} else
11829 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
11830 
11831 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
11832 
11833 	if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
11834 	    !wiphy_ext_feature_isset(&rdev->wiphy,
11835 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
11836 		return -EINVAL;
11837 	connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
11838 
11839 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
11840 				      NL80211_MAX_NR_CIPHER_SUITES);
11841 	if (err)
11842 		return err;
11843 
11844 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11845 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11846 		return -EOPNOTSUPP;
11847 
11848 	wiphy = &rdev->wiphy;
11849 
11850 	connect.bg_scan_period = -1;
11851 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
11852 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
11853 		connect.bg_scan_period =
11854 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
11855 	}
11856 
11857 	if (info->attrs[NL80211_ATTR_MAC])
11858 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11859 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
11860 		connect.bssid_hint =
11861 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
11862 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11863 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11864 
11865 	if (info->attrs[NL80211_ATTR_IE]) {
11866 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11867 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11868 	}
11869 
11870 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
11871 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
11872 		if (connect.mfp == NL80211_MFP_OPTIONAL &&
11873 		    !wiphy_ext_feature_isset(&rdev->wiphy,
11874 					     NL80211_EXT_FEATURE_MFP_OPTIONAL))
11875 			return -EOPNOTSUPP;
11876 	} else {
11877 		connect.mfp = NL80211_MFP_NO;
11878 	}
11879 
11880 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
11881 		connect.prev_bssid =
11882 			nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
11883 
11884 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
11885 		freq = MHZ_TO_KHZ(nla_get_u32(
11886 					info->attrs[NL80211_ATTR_WIPHY_FREQ]));
11887 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
11888 		freq +=
11889 		    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
11890 
11891 	if (freq) {
11892 		connect.channel = nl80211_get_valid_chan(wiphy, freq);
11893 		if (!connect.channel)
11894 			return -EINVAL;
11895 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
11896 		freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
11897 		freq = MHZ_TO_KHZ(freq);
11898 		connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
11899 		if (!connect.channel_hint)
11900 			return -EINVAL;
11901 	}
11902 
11903 	if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
11904 		connect.edmg.channels =
11905 		      nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
11906 
11907 		if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
11908 			connect.edmg.bw_config =
11909 				nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
11910 	}
11911 
11912 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
11913 		connkeys = nl80211_parse_connkeys(rdev, info, NULL);
11914 		if (IS_ERR(connkeys))
11915 			return PTR_ERR(connkeys);
11916 	}
11917 
11918 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
11919 		connect.flags |= ASSOC_REQ_DISABLE_HT;
11920 
11921 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11922 		memcpy(&connect.ht_capa_mask,
11923 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
11924 		       sizeof(connect.ht_capa_mask));
11925 
11926 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
11927 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
11928 			kfree_sensitive(connkeys);
11929 			return -EINVAL;
11930 		}
11931 		memcpy(&connect.ht_capa,
11932 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
11933 		       sizeof(connect.ht_capa));
11934 	}
11935 
11936 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
11937 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
11938 
11939 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
11940 		connect.flags |= ASSOC_REQ_DISABLE_HE;
11941 
11942 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
11943 		connect.flags |= ASSOC_REQ_DISABLE_EHT;
11944 
11945 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
11946 		memcpy(&connect.vht_capa_mask,
11947 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
11948 		       sizeof(connect.vht_capa_mask));
11949 
11950 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
11951 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
11952 			kfree_sensitive(connkeys);
11953 			return -EINVAL;
11954 		}
11955 		memcpy(&connect.vht_capa,
11956 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
11957 		       sizeof(connect.vht_capa));
11958 	}
11959 
11960 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
11961 		if (!((rdev->wiphy.features &
11962 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
11963 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
11964 		    !wiphy_ext_feature_isset(&rdev->wiphy,
11965 					     NL80211_EXT_FEATURE_RRM)) {
11966 			kfree_sensitive(connkeys);
11967 			return -EINVAL;
11968 		}
11969 		connect.flags |= ASSOC_REQ_USE_RRM;
11970 	}
11971 
11972 	connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
11973 	if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
11974 		kfree_sensitive(connkeys);
11975 		return -EOPNOTSUPP;
11976 	}
11977 
11978 	if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
11979 		/* bss selection makes no sense if bssid is set */
11980 		if (connect.bssid) {
11981 			kfree_sensitive(connkeys);
11982 			return -EINVAL;
11983 		}
11984 
11985 		err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
11986 				       wiphy, &connect.bss_select);
11987 		if (err) {
11988 			kfree_sensitive(connkeys);
11989 			return err;
11990 		}
11991 	}
11992 
11993 	if (wiphy_ext_feature_isset(&rdev->wiphy,
11994 				    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
11995 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
11996 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
11997 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
11998 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
11999 		connect.fils_erp_username =
12000 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12001 		connect.fils_erp_username_len =
12002 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12003 		connect.fils_erp_realm =
12004 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12005 		connect.fils_erp_realm_len =
12006 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12007 		connect.fils_erp_next_seq_num =
12008 			nla_get_u16(
12009 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
12010 		connect.fils_erp_rrk =
12011 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12012 		connect.fils_erp_rrk_len =
12013 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12014 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
12015 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
12016 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
12017 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12018 		kfree_sensitive(connkeys);
12019 		return -EINVAL;
12020 	}
12021 
12022 	if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
12023 		if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12024 			kfree_sensitive(connkeys);
12025 			GENL_SET_ERR_MSG(info,
12026 					 "external auth requires connection ownership");
12027 			return -EINVAL;
12028 		}
12029 		connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
12030 	}
12031 
12032 	if (nla_get_flag(info->attrs[NL80211_ATTR_MLO_SUPPORT]))
12033 		connect.flags |= CONNECT_REQ_MLO_SUPPORT;
12034 
12035 	err = cfg80211_connect(rdev, dev, &connect, connkeys,
12036 			       connect.prev_bssid);
12037 	if (err)
12038 		kfree_sensitive(connkeys);
12039 
12040 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12041 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
12042 		if (connect.bssid)
12043 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
12044 			       connect.bssid, ETH_ALEN);
12045 		else
12046 			eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
12047 	}
12048 
12049 	return err;
12050 }
12051 
12052 static int nl80211_update_connect_params(struct sk_buff *skb,
12053 					 struct genl_info *info)
12054 {
12055 	struct cfg80211_connect_params connect = {};
12056 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12057 	struct net_device *dev = info->user_ptr[1];
12058 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12059 	bool fils_sk_offload;
12060 	u32 auth_type;
12061 	u32 changed = 0;
12062 
12063 	if (!rdev->ops->update_connect_params)
12064 		return -EOPNOTSUPP;
12065 
12066 	if (info->attrs[NL80211_ATTR_IE]) {
12067 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12068 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12069 		changed |= UPDATE_ASSOC_IES;
12070 	}
12071 
12072 	fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
12073 						  NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
12074 
12075 	/*
12076 	 * when driver supports fils-sk offload all attributes must be
12077 	 * provided. So the else covers "fils-sk-not-all" and
12078 	 * "no-fils-sk-any".
12079 	 */
12080 	if (fils_sk_offload &&
12081 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
12082 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
12083 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
12084 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12085 		connect.fils_erp_username =
12086 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12087 		connect.fils_erp_username_len =
12088 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12089 		connect.fils_erp_realm =
12090 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12091 		connect.fils_erp_realm_len =
12092 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12093 		connect.fils_erp_next_seq_num =
12094 			nla_get_u16(
12095 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
12096 		connect.fils_erp_rrk =
12097 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12098 		connect.fils_erp_rrk_len =
12099 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12100 		changed |= UPDATE_FILS_ERP_INFO;
12101 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
12102 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
12103 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
12104 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12105 		return -EINVAL;
12106 	}
12107 
12108 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
12109 		auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
12110 		if (!nl80211_valid_auth_type(rdev, auth_type,
12111 					     NL80211_CMD_CONNECT))
12112 			return -EINVAL;
12113 
12114 		if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
12115 		    fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
12116 			return -EINVAL;
12117 
12118 		connect.auth_type = auth_type;
12119 		changed |= UPDATE_AUTH_TYPE;
12120 	}
12121 
12122 	if (!wdev->connected)
12123 		return -ENOLINK;
12124 
12125 	return rdev_update_connect_params(rdev, dev, &connect, changed);
12126 }
12127 
12128 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
12129 {
12130 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12131 	struct net_device *dev = info->user_ptr[1];
12132 	u16 reason;
12133 
12134 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
12135 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
12136 		return -EPERM;
12137 
12138 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
12139 		reason = WLAN_REASON_DEAUTH_LEAVING;
12140 	else
12141 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
12142 
12143 	if (reason == 0)
12144 		return -EINVAL;
12145 
12146 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12147 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12148 		return -EOPNOTSUPP;
12149 
12150 	return cfg80211_disconnect(rdev, dev, reason, true);
12151 }
12152 
12153 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
12154 {
12155 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12156 	struct net *net;
12157 	int err;
12158 
12159 	if (info->attrs[NL80211_ATTR_PID]) {
12160 		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
12161 
12162 		net = get_net_ns_by_pid(pid);
12163 	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
12164 		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
12165 
12166 		net = get_net_ns_by_fd(fd);
12167 	} else {
12168 		return -EINVAL;
12169 	}
12170 
12171 	if (IS_ERR(net))
12172 		return PTR_ERR(net);
12173 
12174 	err = 0;
12175 
12176 	/* check if anything to do */
12177 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
12178 		err = cfg80211_switch_netns(rdev, net);
12179 
12180 	put_net(net);
12181 	return err;
12182 }
12183 
12184 static int nl80211_set_pmksa(struct sk_buff *skb, struct genl_info *info)
12185 {
12186 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12187 	struct net_device *dev = info->user_ptr[1];
12188 	struct cfg80211_pmksa pmksa;
12189 	bool ap_pmksa_caching_support = false;
12190 
12191 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
12192 
12193 	ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
12194 		NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
12195 
12196 	if (!info->attrs[NL80211_ATTR_PMKID])
12197 		return -EINVAL;
12198 
12199 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
12200 
12201 	if (info->attrs[NL80211_ATTR_MAC]) {
12202 		pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12203 	} else if (info->attrs[NL80211_ATTR_SSID] &&
12204 	           info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
12205 	           info->attrs[NL80211_ATTR_PMK]) {
12206 		pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12207 		pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12208 		pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
12209 	} else {
12210 		return -EINVAL;
12211 	}
12212 
12213 	if (info->attrs[NL80211_ATTR_PMK]) {
12214 		pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12215 		pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
12216 	}
12217 
12218 	if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
12219 		pmksa.pmk_lifetime =
12220 			nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
12221 
12222 	if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
12223 		pmksa.pmk_reauth_threshold =
12224 			nla_get_u8(info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
12225 
12226 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12227 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
12228 	    !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
12229 	       dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
12230 	       ap_pmksa_caching_support))
12231 		return -EOPNOTSUPP;
12232 
12233 	if (!rdev->ops->set_pmksa)
12234 		return -EOPNOTSUPP;
12235 
12236 	return rdev_set_pmksa(rdev, dev, &pmksa);
12237 }
12238 
12239 static int nl80211_del_pmksa(struct sk_buff *skb, struct genl_info *info)
12240 {
12241 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12242 	struct net_device *dev = info->user_ptr[1];
12243 	struct cfg80211_pmksa pmksa;
12244 	bool sae_offload_support = false;
12245 	bool owe_offload_support = false;
12246 	bool ap_pmksa_caching_support = false;
12247 
12248 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
12249 
12250 	sae_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
12251 		NL80211_EXT_FEATURE_SAE_OFFLOAD);
12252 	owe_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
12253 		NL80211_EXT_FEATURE_OWE_OFFLOAD);
12254 	ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
12255 		NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
12256 
12257 	if (info->attrs[NL80211_ATTR_PMKID])
12258 		pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
12259 
12260 	if (info->attrs[NL80211_ATTR_MAC]) {
12261 		pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12262 	} else if (info->attrs[NL80211_ATTR_SSID]) {
12263 		/* SSID based pmksa flush suppported only for FILS,
12264 		 * OWE/SAE OFFLOAD cases
12265 		 */
12266 		if (info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
12267 		    info->attrs[NL80211_ATTR_PMK]) {
12268 			pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
12269 		} else if (!sae_offload_support && !owe_offload_support) {
12270 			return -EINVAL;
12271 		}
12272 		pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12273 		pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12274 	} else {
12275 		return -EINVAL;
12276 	}
12277 
12278 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12279 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
12280 	    !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
12281 	       dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
12282 	       ap_pmksa_caching_support))
12283 		return -EOPNOTSUPP;
12284 
12285 	if (!rdev->ops->del_pmksa)
12286 		return -EOPNOTSUPP;
12287 
12288 	return rdev_del_pmksa(rdev, dev, &pmksa);
12289 }
12290 
12291 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
12292 {
12293 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12294 	struct net_device *dev = info->user_ptr[1];
12295 
12296 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12297 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12298 		return -EOPNOTSUPP;
12299 
12300 	if (!rdev->ops->flush_pmksa)
12301 		return -EOPNOTSUPP;
12302 
12303 	return rdev_flush_pmksa(rdev, dev);
12304 }
12305 
12306 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
12307 {
12308 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12309 	struct net_device *dev = info->user_ptr[1];
12310 	u8 action_code, dialog_token;
12311 	u32 peer_capability = 0;
12312 	u16 status_code;
12313 	u8 *peer;
12314 	int link_id;
12315 	bool initiator;
12316 
12317 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
12318 	    !rdev->ops->tdls_mgmt)
12319 		return -EOPNOTSUPP;
12320 
12321 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
12322 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
12323 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
12324 	    !info->attrs[NL80211_ATTR_IE] ||
12325 	    !info->attrs[NL80211_ATTR_MAC])
12326 		return -EINVAL;
12327 
12328 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12329 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
12330 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
12331 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
12332 	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
12333 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
12334 		peer_capability =
12335 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
12336 	link_id = nl80211_link_id_or_invalid(info->attrs);
12337 
12338 	return rdev_tdls_mgmt(rdev, dev, peer, link_id, action_code,
12339 			      dialog_token, status_code, peer_capability,
12340 			      initiator,
12341 			      nla_data(info->attrs[NL80211_ATTR_IE]),
12342 			      nla_len(info->attrs[NL80211_ATTR_IE]));
12343 }
12344 
12345 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
12346 {
12347 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12348 	struct net_device *dev = info->user_ptr[1];
12349 	enum nl80211_tdls_operation operation;
12350 	u8 *peer;
12351 
12352 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
12353 	    !rdev->ops->tdls_oper)
12354 		return -EOPNOTSUPP;
12355 
12356 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
12357 	    !info->attrs[NL80211_ATTR_MAC])
12358 		return -EINVAL;
12359 
12360 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
12361 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12362 
12363 	return rdev_tdls_oper(rdev, dev, peer, operation);
12364 }
12365 
12366 static int nl80211_remain_on_channel(struct sk_buff *skb,
12367 				     struct genl_info *info)
12368 {
12369 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12370 	unsigned int link_id = nl80211_link_id(info->attrs);
12371 	struct wireless_dev *wdev = info->user_ptr[1];
12372 	struct cfg80211_chan_def chandef;
12373 	struct sk_buff *msg;
12374 	void *hdr;
12375 	u64 cookie;
12376 	u32 duration;
12377 	int err;
12378 
12379 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
12380 	    !info->attrs[NL80211_ATTR_DURATION])
12381 		return -EINVAL;
12382 
12383 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
12384 
12385 	if (!rdev->ops->remain_on_channel ||
12386 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
12387 		return -EOPNOTSUPP;
12388 
12389 	/*
12390 	 * We should be on that channel for at least a minimum amount of
12391 	 * time (10ms) but no longer than the driver supports.
12392 	 */
12393 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
12394 	    duration > rdev->wiphy.max_remain_on_channel_duration)
12395 		return -EINVAL;
12396 
12397 	err = nl80211_parse_chandef(rdev, info, &chandef);
12398 	if (err)
12399 		return err;
12400 
12401 	if (!cfg80211_off_channel_oper_allowed(wdev, chandef.chan)) {
12402 		const struct cfg80211_chan_def *oper_chandef, *compat_chandef;
12403 
12404 		oper_chandef = wdev_chandef(wdev, link_id);
12405 
12406 		if (WARN_ON(!oper_chandef)) {
12407 			/* cannot happen since we must beacon to get here */
12408 			WARN_ON(1);
12409 			return -EBUSY;
12410 		}
12411 
12412 		/* note: returns first one if identical chandefs */
12413 		compat_chandef = cfg80211_chandef_compatible(&chandef,
12414 							     oper_chandef);
12415 
12416 		if (compat_chandef != &chandef)
12417 			return -EBUSY;
12418 	}
12419 
12420 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12421 	if (!msg)
12422 		return -ENOMEM;
12423 
12424 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12425 			     NL80211_CMD_REMAIN_ON_CHANNEL);
12426 	if (!hdr) {
12427 		err = -ENOBUFS;
12428 		goto free_msg;
12429 	}
12430 
12431 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
12432 				     duration, &cookie);
12433 
12434 	if (err)
12435 		goto free_msg;
12436 
12437 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12438 			      NL80211_ATTR_PAD))
12439 		goto nla_put_failure;
12440 
12441 	genlmsg_end(msg, hdr);
12442 
12443 	return genlmsg_reply(msg, info);
12444 
12445  nla_put_failure:
12446 	err = -ENOBUFS;
12447  free_msg:
12448 	nlmsg_free(msg);
12449 	return err;
12450 }
12451 
12452 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
12453 					    struct genl_info *info)
12454 {
12455 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12456 	struct wireless_dev *wdev = info->user_ptr[1];
12457 	u64 cookie;
12458 
12459 	if (!info->attrs[NL80211_ATTR_COOKIE])
12460 		return -EINVAL;
12461 
12462 	if (!rdev->ops->cancel_remain_on_channel)
12463 		return -EOPNOTSUPP;
12464 
12465 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12466 
12467 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
12468 }
12469 
12470 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
12471 				       struct genl_info *info)
12472 {
12473 	struct cfg80211_bitrate_mask mask;
12474 	unsigned int link_id = nl80211_link_id(info->attrs);
12475 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12476 	struct net_device *dev = info->user_ptr[1];
12477 	int err;
12478 
12479 	if (!rdev->ops->set_bitrate_mask)
12480 		return -EOPNOTSUPP;
12481 
12482 	err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
12483 					    NL80211_ATTR_TX_RATES, &mask,
12484 					    dev, true, link_id);
12485 	if (err)
12486 		return err;
12487 
12488 	return rdev_set_bitrate_mask(rdev, dev, link_id, NULL, &mask);
12489 }
12490 
12491 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
12492 {
12493 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12494 	struct wireless_dev *wdev = info->user_ptr[1];
12495 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
12496 
12497 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
12498 		return -EINVAL;
12499 
12500 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
12501 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
12502 
12503 	switch (wdev->iftype) {
12504 	case NL80211_IFTYPE_STATION:
12505 	case NL80211_IFTYPE_ADHOC:
12506 	case NL80211_IFTYPE_P2P_CLIENT:
12507 	case NL80211_IFTYPE_AP:
12508 	case NL80211_IFTYPE_AP_VLAN:
12509 	case NL80211_IFTYPE_MESH_POINT:
12510 	case NL80211_IFTYPE_P2P_GO:
12511 	case NL80211_IFTYPE_P2P_DEVICE:
12512 		break;
12513 	case NL80211_IFTYPE_NAN:
12514 		if (!wiphy_ext_feature_isset(wdev->wiphy,
12515 					     NL80211_EXT_FEATURE_SECURE_NAN))
12516 			return -EOPNOTSUPP;
12517 		break;
12518 	default:
12519 		return -EOPNOTSUPP;
12520 	}
12521 
12522 	/* not much point in registering if we can't reply */
12523 	if (!rdev->ops->mgmt_tx)
12524 		return -EOPNOTSUPP;
12525 
12526 	if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
12527 	    !wiphy_ext_feature_isset(&rdev->wiphy,
12528 				     NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
12529 		GENL_SET_ERR_MSG(info,
12530 				 "multicast RX registrations are not supported");
12531 		return -EOPNOTSUPP;
12532 	}
12533 
12534 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
12535 					   nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
12536 					   nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
12537 					   info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
12538 					   info->extack);
12539 }
12540 
12541 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
12542 {
12543 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12544 	struct wireless_dev *wdev = info->user_ptr[1];
12545 	struct cfg80211_chan_def chandef;
12546 	int err;
12547 	void *hdr = NULL;
12548 	u64 cookie;
12549 	struct sk_buff *msg = NULL;
12550 	struct cfg80211_mgmt_tx_params params = {
12551 		.dont_wait_for_ack =
12552 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
12553 	};
12554 
12555 	if (!info->attrs[NL80211_ATTR_FRAME])
12556 		return -EINVAL;
12557 
12558 	if (!rdev->ops->mgmt_tx)
12559 		return -EOPNOTSUPP;
12560 
12561 	switch (wdev->iftype) {
12562 	case NL80211_IFTYPE_P2P_DEVICE:
12563 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
12564 			return -EINVAL;
12565 		break;
12566 	case NL80211_IFTYPE_STATION:
12567 	case NL80211_IFTYPE_ADHOC:
12568 	case NL80211_IFTYPE_P2P_CLIENT:
12569 	case NL80211_IFTYPE_AP:
12570 	case NL80211_IFTYPE_AP_VLAN:
12571 	case NL80211_IFTYPE_MESH_POINT:
12572 	case NL80211_IFTYPE_P2P_GO:
12573 		break;
12574 	case NL80211_IFTYPE_NAN:
12575 		if (!wiphy_ext_feature_isset(wdev->wiphy,
12576 					     NL80211_EXT_FEATURE_SECURE_NAN))
12577 			return -EOPNOTSUPP;
12578 		break;
12579 	default:
12580 		return -EOPNOTSUPP;
12581 	}
12582 
12583 	if (info->attrs[NL80211_ATTR_DURATION]) {
12584 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
12585 			return -EINVAL;
12586 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
12587 
12588 		/*
12589 		 * We should wait on the channel for at least a minimum amount
12590 		 * of time (10ms) but no longer than the driver supports.
12591 		 */
12592 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
12593 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
12594 			return -EINVAL;
12595 	}
12596 
12597 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
12598 
12599 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
12600 		return -EINVAL;
12601 
12602 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
12603 
12604 	/* get the channel if any has been specified, otherwise pass NULL to
12605 	 * the driver. The latter will use the current one
12606 	 */
12607 	chandef.chan = NULL;
12608 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
12609 		err = nl80211_parse_chandef(rdev, info, &chandef);
12610 		if (err)
12611 			return err;
12612 	}
12613 
12614 	if (!chandef.chan && params.offchan)
12615 		return -EINVAL;
12616 
12617 	if (params.offchan &&
12618 	    !cfg80211_off_channel_oper_allowed(wdev, chandef.chan))
12619 		return -EBUSY;
12620 
12621 	params.link_id = nl80211_link_id_or_invalid(info->attrs);
12622 	/*
12623 	 * This now races due to the unlock, but we cannot check
12624 	 * the valid links for the _station_ anyway, so that's up
12625 	 * to the driver.
12626 	 */
12627 	if (params.link_id >= 0 &&
12628 	    !(wdev->valid_links & BIT(params.link_id)))
12629 		return -EINVAL;
12630 
12631 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
12632 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
12633 
12634 	err = nl80211_parse_counter_offsets(rdev, NULL, params.len, -1,
12635 					    info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX],
12636 					    &params.csa_offsets,
12637 					    &params.n_csa_offsets);
12638 	if (err)
12639 		return err;
12640 
12641 	if (!params.dont_wait_for_ack) {
12642 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12643 		if (!msg)
12644 			return -ENOMEM;
12645 
12646 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12647 				     NL80211_CMD_FRAME);
12648 		if (!hdr) {
12649 			err = -ENOBUFS;
12650 			goto free_msg;
12651 		}
12652 	}
12653 
12654 	params.chan = chandef.chan;
12655 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
12656 	if (err)
12657 		goto free_msg;
12658 
12659 	if (msg) {
12660 		if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12661 				      NL80211_ATTR_PAD))
12662 			goto nla_put_failure;
12663 
12664 		genlmsg_end(msg, hdr);
12665 		return genlmsg_reply(msg, info);
12666 	}
12667 
12668 	return 0;
12669 
12670  nla_put_failure:
12671 	err = -ENOBUFS;
12672  free_msg:
12673 	nlmsg_free(msg);
12674 	return err;
12675 }
12676 
12677 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
12678 {
12679 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12680 	struct wireless_dev *wdev = info->user_ptr[1];
12681 	u64 cookie;
12682 
12683 	if (!info->attrs[NL80211_ATTR_COOKIE])
12684 		return -EINVAL;
12685 
12686 	if (!rdev->ops->mgmt_tx_cancel_wait)
12687 		return -EOPNOTSUPP;
12688 
12689 	switch (wdev->iftype) {
12690 	case NL80211_IFTYPE_STATION:
12691 	case NL80211_IFTYPE_ADHOC:
12692 	case NL80211_IFTYPE_P2P_CLIENT:
12693 	case NL80211_IFTYPE_AP:
12694 	case NL80211_IFTYPE_AP_VLAN:
12695 	case NL80211_IFTYPE_P2P_GO:
12696 	case NL80211_IFTYPE_P2P_DEVICE:
12697 		break;
12698 	case NL80211_IFTYPE_NAN:
12699 		if (!wiphy_ext_feature_isset(wdev->wiphy,
12700 					     NL80211_EXT_FEATURE_SECURE_NAN))
12701 			return -EOPNOTSUPP;
12702 		break;
12703 	default:
12704 		return -EOPNOTSUPP;
12705 	}
12706 
12707 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12708 
12709 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
12710 }
12711 
12712 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
12713 {
12714 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12715 	struct wireless_dev *wdev;
12716 	struct net_device *dev = info->user_ptr[1];
12717 	u8 ps_state;
12718 	bool state;
12719 	int err;
12720 
12721 	if (!info->attrs[NL80211_ATTR_PS_STATE])
12722 		return -EINVAL;
12723 
12724 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
12725 
12726 	wdev = dev->ieee80211_ptr;
12727 
12728 	if (!rdev->ops->set_power_mgmt)
12729 		return -EOPNOTSUPP;
12730 
12731 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
12732 
12733 	if (state == wdev->ps)
12734 		return 0;
12735 
12736 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
12737 	if (!err)
12738 		wdev->ps = state;
12739 	return err;
12740 }
12741 
12742 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
12743 {
12744 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12745 	enum nl80211_ps_state ps_state;
12746 	struct wireless_dev *wdev;
12747 	struct net_device *dev = info->user_ptr[1];
12748 	struct sk_buff *msg;
12749 	void *hdr;
12750 	int err;
12751 
12752 	wdev = dev->ieee80211_ptr;
12753 
12754 	if (!rdev->ops->set_power_mgmt)
12755 		return -EOPNOTSUPP;
12756 
12757 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12758 	if (!msg)
12759 		return -ENOMEM;
12760 
12761 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12762 			     NL80211_CMD_GET_POWER_SAVE);
12763 	if (!hdr) {
12764 		err = -ENOBUFS;
12765 		goto free_msg;
12766 	}
12767 
12768 	if (wdev->ps)
12769 		ps_state = NL80211_PS_ENABLED;
12770 	else
12771 		ps_state = NL80211_PS_DISABLED;
12772 
12773 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
12774 		goto nla_put_failure;
12775 
12776 	genlmsg_end(msg, hdr);
12777 	return genlmsg_reply(msg, info);
12778 
12779  nla_put_failure:
12780 	err = -ENOBUFS;
12781  free_msg:
12782 	nlmsg_free(msg);
12783 	return err;
12784 }
12785 
12786 static const struct nla_policy
12787 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
12788 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
12789 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
12790 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
12791 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
12792 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
12793 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
12794 	[NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
12795 };
12796 
12797 static int nl80211_set_cqm_txe(struct genl_info *info,
12798 			       u32 rate, u32 pkts, u32 intvl)
12799 {
12800 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12801 	struct net_device *dev = info->user_ptr[1];
12802 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12803 
12804 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
12805 		return -EINVAL;
12806 
12807 	if (!rdev->ops->set_cqm_txe_config)
12808 		return -EOPNOTSUPP;
12809 
12810 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
12811 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12812 		return -EOPNOTSUPP;
12813 
12814 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
12815 }
12816 
12817 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
12818 				    struct net_device *dev,
12819 				    struct cfg80211_cqm_config *cqm_config)
12820 {
12821 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12822 	s32 last, low, high;
12823 	u32 hyst;
12824 	int i, n, low_index;
12825 	int err;
12826 
12827 	/*
12828 	 * Obtain current RSSI value if possible, if not and no RSSI threshold
12829 	 * event has been received yet, we should receive an event after a
12830 	 * connection is established and enough beacons received to calculate
12831 	 * the average.
12832 	 */
12833 	if (!cqm_config->last_rssi_event_value &&
12834 	    wdev->links[0].client.current_bss &&
12835 	    rdev->ops->get_station) {
12836 		struct station_info sinfo = {};
12837 		u8 *mac_addr;
12838 
12839 		mac_addr = wdev->links[0].client.current_bss->pub.bssid;
12840 
12841 		err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
12842 		if (err)
12843 			return err;
12844 
12845 		cfg80211_sinfo_release_content(&sinfo);
12846 		if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
12847 			cqm_config->last_rssi_event_value =
12848 				(s8) sinfo.rx_beacon_signal_avg;
12849 	}
12850 
12851 	last = cqm_config->last_rssi_event_value;
12852 	hyst = cqm_config->rssi_hyst;
12853 	n = cqm_config->n_rssi_thresholds;
12854 
12855 	for (i = 0; i < n; i++) {
12856 		i = array_index_nospec(i, n);
12857 		if (last < cqm_config->rssi_thresholds[i])
12858 			break;
12859 	}
12860 
12861 	low_index = i - 1;
12862 	if (low_index >= 0) {
12863 		low_index = array_index_nospec(low_index, n);
12864 		low = cqm_config->rssi_thresholds[low_index] - hyst;
12865 	} else {
12866 		low = S32_MIN;
12867 	}
12868 	if (i < n) {
12869 		i = array_index_nospec(i, n);
12870 		high = cqm_config->rssi_thresholds[i] + hyst - 1;
12871 	} else {
12872 		high = S32_MAX;
12873 	}
12874 
12875 	return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
12876 }
12877 
12878 static int nl80211_set_cqm_rssi(struct genl_info *info,
12879 				const s32 *thresholds, int n_thresholds,
12880 				u32 hysteresis)
12881 {
12882 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12883 	struct cfg80211_cqm_config *cqm_config = NULL, *old;
12884 	struct net_device *dev = info->user_ptr[1];
12885 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12886 	s32 prev = S32_MIN;
12887 	int i, err;
12888 
12889 	/* Check all values negative and sorted */
12890 	for (i = 0; i < n_thresholds; i++) {
12891 		if (thresholds[i] > 0 || thresholds[i] <= prev)
12892 			return -EINVAL;
12893 
12894 		prev = thresholds[i];
12895 	}
12896 
12897 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
12898 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12899 		return -EOPNOTSUPP;
12900 
12901 	if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
12902 		n_thresholds = 0;
12903 
12904 	old = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
12905 
12906 	/* if already disabled just succeed */
12907 	if (!n_thresholds && !old)
12908 		return 0;
12909 
12910 	if (n_thresholds > 1) {
12911 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
12912 					     NL80211_EXT_FEATURE_CQM_RSSI_LIST) ||
12913 		    !rdev->ops->set_cqm_rssi_range_config)
12914 			return -EOPNOTSUPP;
12915 	} else {
12916 		if (!rdev->ops->set_cqm_rssi_config)
12917 			return -EOPNOTSUPP;
12918 	}
12919 
12920 	if (n_thresholds) {
12921 		cqm_config = kzalloc(struct_size(cqm_config, rssi_thresholds,
12922 						 n_thresholds),
12923 				     GFP_KERNEL);
12924 		if (!cqm_config)
12925 			return -ENOMEM;
12926 
12927 		cqm_config->rssi_hyst = hysteresis;
12928 		cqm_config->n_rssi_thresholds = n_thresholds;
12929 		memcpy(cqm_config->rssi_thresholds, thresholds,
12930 		       flex_array_size(cqm_config, rssi_thresholds,
12931 				       n_thresholds));
12932 		cqm_config->use_range_api = n_thresholds > 1 ||
12933 					    !rdev->ops->set_cqm_rssi_config;
12934 
12935 		rcu_assign_pointer(wdev->cqm_config, cqm_config);
12936 
12937 		if (cqm_config->use_range_api)
12938 			err = cfg80211_cqm_rssi_update(rdev, dev, cqm_config);
12939 		else
12940 			err = rdev_set_cqm_rssi_config(rdev, dev,
12941 						       thresholds[0],
12942 						       hysteresis);
12943 	} else {
12944 		RCU_INIT_POINTER(wdev->cqm_config, NULL);
12945 		/* if enabled as range also disable via range */
12946 		if (old->use_range_api)
12947 			err = rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
12948 		else
12949 			err = rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
12950 	}
12951 
12952 	if (err) {
12953 		rcu_assign_pointer(wdev->cqm_config, old);
12954 		kfree_rcu(cqm_config, rcu_head);
12955 	} else {
12956 		kfree_rcu(old, rcu_head);
12957 	}
12958 
12959 	return err;
12960 }
12961 
12962 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
12963 {
12964 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
12965 	struct nlattr *cqm;
12966 	int err;
12967 
12968 	cqm = info->attrs[NL80211_ATTR_CQM];
12969 	if (!cqm)
12970 		return -EINVAL;
12971 
12972 	err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
12973 					  nl80211_attr_cqm_policy,
12974 					  info->extack);
12975 	if (err)
12976 		return err;
12977 
12978 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
12979 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
12980 		const s32 *thresholds =
12981 			nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
12982 		int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
12983 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
12984 
12985 		if (len % 4)
12986 			return -EINVAL;
12987 
12988 		return nl80211_set_cqm_rssi(info, thresholds, len / 4,
12989 					    hysteresis);
12990 	}
12991 
12992 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
12993 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
12994 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
12995 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
12996 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
12997 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
12998 
12999 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
13000 	}
13001 
13002 	return -EINVAL;
13003 }
13004 
13005 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
13006 {
13007 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13008 	struct net_device *dev = info->user_ptr[1];
13009 	struct ocb_setup setup = {};
13010 	int err;
13011 
13012 	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
13013 	if (err)
13014 		return err;
13015 
13016 	return cfg80211_join_ocb(rdev, dev, &setup);
13017 }
13018 
13019 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
13020 {
13021 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13022 	struct net_device *dev = info->user_ptr[1];
13023 
13024 	return cfg80211_leave_ocb(rdev, dev);
13025 }
13026 
13027 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
13028 {
13029 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13030 	struct net_device *dev = info->user_ptr[1];
13031 	struct mesh_config cfg;
13032 	struct mesh_setup setup;
13033 	int err;
13034 
13035 	/* start with default */
13036 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
13037 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
13038 
13039 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
13040 		/* and parse parameters if given */
13041 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
13042 		if (err)
13043 			return err;
13044 	}
13045 
13046 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
13047 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
13048 		return -EINVAL;
13049 
13050 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
13051 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
13052 
13053 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
13054 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
13055 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
13056 			return -EINVAL;
13057 
13058 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
13059 		setup.beacon_interval =
13060 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
13061 
13062 		err = cfg80211_validate_beacon_int(rdev,
13063 						   NL80211_IFTYPE_MESH_POINT,
13064 						   setup.beacon_interval);
13065 		if (err)
13066 			return err;
13067 	}
13068 
13069 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
13070 		setup.dtim_period =
13071 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
13072 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
13073 			return -EINVAL;
13074 	}
13075 
13076 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
13077 		/* parse additional setup parameters if given */
13078 		err = nl80211_parse_mesh_setup(info, &setup);
13079 		if (err)
13080 			return err;
13081 	}
13082 
13083 	if (setup.user_mpm)
13084 		cfg.auto_open_plinks = false;
13085 
13086 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
13087 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
13088 		if (err)
13089 			return err;
13090 	} else {
13091 		/* __cfg80211_join_mesh() will sort it out */
13092 		setup.chandef.chan = NULL;
13093 	}
13094 
13095 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
13096 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13097 		int n_rates =
13098 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13099 		struct ieee80211_supported_band *sband;
13100 
13101 		if (!setup.chandef.chan)
13102 			return -EINVAL;
13103 
13104 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
13105 
13106 		err = ieee80211_get_ratemask(sband, rates, n_rates,
13107 					     &setup.basic_rates);
13108 		if (err)
13109 			return err;
13110 	}
13111 
13112 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
13113 		err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
13114 						    NL80211_ATTR_TX_RATES,
13115 						    &setup.beacon_rate,
13116 						    dev, false, 0);
13117 		if (err)
13118 			return err;
13119 
13120 		if (!setup.chandef.chan)
13121 			return -EINVAL;
13122 
13123 		err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
13124 					      &setup.beacon_rate);
13125 		if (err)
13126 			return err;
13127 	}
13128 
13129 	setup.userspace_handles_dfs =
13130 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
13131 
13132 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
13133 		int r = validate_pae_over_nl80211(rdev, info);
13134 
13135 		if (r < 0)
13136 			return r;
13137 
13138 		setup.control_port_over_nl80211 = true;
13139 	}
13140 
13141 	err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
13142 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
13143 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
13144 
13145 	return err;
13146 }
13147 
13148 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
13149 {
13150 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13151 	struct net_device *dev = info->user_ptr[1];
13152 
13153 	return cfg80211_leave_mesh(rdev, dev);
13154 }
13155 
13156 #ifdef CONFIG_PM
13157 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
13158 					struct cfg80211_registered_device *rdev)
13159 {
13160 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
13161 	struct nlattr *nl_pats, *nl_pat;
13162 	int i, pat_len;
13163 
13164 	if (!wowlan->n_patterns)
13165 		return 0;
13166 
13167 	nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
13168 	if (!nl_pats)
13169 		return -ENOBUFS;
13170 
13171 	for (i = 0; i < wowlan->n_patterns; i++) {
13172 		nl_pat = nla_nest_start_noflag(msg, i + 1);
13173 		if (!nl_pat)
13174 			return -ENOBUFS;
13175 		pat_len = wowlan->patterns[i].pattern_len;
13176 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
13177 			    wowlan->patterns[i].mask) ||
13178 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
13179 			    wowlan->patterns[i].pattern) ||
13180 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
13181 				wowlan->patterns[i].pkt_offset))
13182 			return -ENOBUFS;
13183 		nla_nest_end(msg, nl_pat);
13184 	}
13185 	nla_nest_end(msg, nl_pats);
13186 
13187 	return 0;
13188 }
13189 
13190 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
13191 				   struct cfg80211_wowlan_tcp *tcp)
13192 {
13193 	struct nlattr *nl_tcp;
13194 
13195 	if (!tcp)
13196 		return 0;
13197 
13198 	nl_tcp = nla_nest_start_noflag(msg,
13199 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
13200 	if (!nl_tcp)
13201 		return -ENOBUFS;
13202 
13203 	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
13204 	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
13205 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
13206 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
13207 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
13208 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
13209 		    tcp->payload_len, tcp->payload) ||
13210 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
13211 			tcp->data_interval) ||
13212 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
13213 		    tcp->wake_len, tcp->wake_data) ||
13214 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
13215 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
13216 		return -ENOBUFS;
13217 
13218 	if (tcp->payload_seq.len &&
13219 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
13220 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
13221 		return -ENOBUFS;
13222 
13223 	if (tcp->payload_tok.len &&
13224 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
13225 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
13226 		    &tcp->payload_tok))
13227 		return -ENOBUFS;
13228 
13229 	nla_nest_end(msg, nl_tcp);
13230 
13231 	return 0;
13232 }
13233 
13234 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
13235 				  struct cfg80211_sched_scan_request *req)
13236 {
13237 	struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
13238 	int i;
13239 
13240 	if (!req)
13241 		return 0;
13242 
13243 	nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
13244 	if (!nd)
13245 		return -ENOBUFS;
13246 
13247 	if (req->n_scan_plans == 1 &&
13248 	    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
13249 			req->scan_plans[0].interval * 1000))
13250 		return -ENOBUFS;
13251 
13252 	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
13253 		return -ENOBUFS;
13254 
13255 	if (req->relative_rssi_set) {
13256 		struct nl80211_bss_select_rssi_adjust rssi_adjust;
13257 
13258 		if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
13259 			       req->relative_rssi))
13260 			return -ENOBUFS;
13261 
13262 		rssi_adjust.band = req->rssi_adjust.band;
13263 		rssi_adjust.delta = req->rssi_adjust.delta;
13264 		if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
13265 			    sizeof(rssi_adjust), &rssi_adjust))
13266 			return -ENOBUFS;
13267 	}
13268 
13269 	freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
13270 	if (!freqs)
13271 		return -ENOBUFS;
13272 
13273 	for (i = 0; i < req->n_channels; i++) {
13274 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
13275 			return -ENOBUFS;
13276 	}
13277 
13278 	nla_nest_end(msg, freqs);
13279 
13280 	if (req->n_match_sets) {
13281 		matches = nla_nest_start_noflag(msg,
13282 						NL80211_ATTR_SCHED_SCAN_MATCH);
13283 		if (!matches)
13284 			return -ENOBUFS;
13285 
13286 		for (i = 0; i < req->n_match_sets; i++) {
13287 			match = nla_nest_start_noflag(msg, i);
13288 			if (!match)
13289 				return -ENOBUFS;
13290 
13291 			if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
13292 				    req->match_sets[i].ssid.ssid_len,
13293 				    req->match_sets[i].ssid.ssid))
13294 				return -ENOBUFS;
13295 			nla_nest_end(msg, match);
13296 		}
13297 		nla_nest_end(msg, matches);
13298 	}
13299 
13300 	scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
13301 	if (!scan_plans)
13302 		return -ENOBUFS;
13303 
13304 	for (i = 0; i < req->n_scan_plans; i++) {
13305 		scan_plan = nla_nest_start_noflag(msg, i + 1);
13306 		if (!scan_plan)
13307 			return -ENOBUFS;
13308 
13309 		if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
13310 				req->scan_plans[i].interval) ||
13311 		    (req->scan_plans[i].iterations &&
13312 		     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
13313 				 req->scan_plans[i].iterations)))
13314 			return -ENOBUFS;
13315 		nla_nest_end(msg, scan_plan);
13316 	}
13317 	nla_nest_end(msg, scan_plans);
13318 
13319 	nla_nest_end(msg, nd);
13320 
13321 	return 0;
13322 }
13323 
13324 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
13325 {
13326 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13327 	struct sk_buff *msg;
13328 	void *hdr;
13329 	u32 size = NLMSG_DEFAULT_SIZE;
13330 
13331 	if (!rdev->wiphy.wowlan)
13332 		return -EOPNOTSUPP;
13333 
13334 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
13335 		/* adjust size to have room for all the data */
13336 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
13337 			rdev->wiphy.wowlan_config->tcp->payload_len +
13338 			rdev->wiphy.wowlan_config->tcp->wake_len +
13339 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
13340 	}
13341 
13342 	msg = nlmsg_new(size, GFP_KERNEL);
13343 	if (!msg)
13344 		return -ENOMEM;
13345 
13346 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13347 			     NL80211_CMD_GET_WOWLAN);
13348 	if (!hdr)
13349 		goto nla_put_failure;
13350 
13351 	if (rdev->wiphy.wowlan_config) {
13352 		struct nlattr *nl_wowlan;
13353 
13354 		nl_wowlan = nla_nest_start_noflag(msg,
13355 						  NL80211_ATTR_WOWLAN_TRIGGERS);
13356 		if (!nl_wowlan)
13357 			goto nla_put_failure;
13358 
13359 		if ((rdev->wiphy.wowlan_config->any &&
13360 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
13361 		    (rdev->wiphy.wowlan_config->disconnect &&
13362 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
13363 		    (rdev->wiphy.wowlan_config->magic_pkt &&
13364 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
13365 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
13366 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
13367 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
13368 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
13369 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
13370 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
13371 		    (rdev->wiphy.wowlan_config->rfkill_release &&
13372 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
13373 			goto nla_put_failure;
13374 
13375 		if (nl80211_send_wowlan_patterns(msg, rdev))
13376 			goto nla_put_failure;
13377 
13378 		if (nl80211_send_wowlan_tcp(msg,
13379 					    rdev->wiphy.wowlan_config->tcp))
13380 			goto nla_put_failure;
13381 
13382 		if (nl80211_send_wowlan_nd(
13383 			    msg,
13384 			    rdev->wiphy.wowlan_config->nd_config))
13385 			goto nla_put_failure;
13386 
13387 		nla_nest_end(msg, nl_wowlan);
13388 	}
13389 
13390 	genlmsg_end(msg, hdr);
13391 	return genlmsg_reply(msg, info);
13392 
13393 nla_put_failure:
13394 	nlmsg_free(msg);
13395 	return -ENOBUFS;
13396 }
13397 
13398 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
13399 				    struct nlattr *attr,
13400 				    struct cfg80211_wowlan *trig)
13401 {
13402 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
13403 	struct cfg80211_wowlan_tcp *cfg;
13404 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
13405 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
13406 	u32 size;
13407 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
13408 	int err, port;
13409 
13410 	if (!rdev->wiphy.wowlan->tcp)
13411 		return -EINVAL;
13412 
13413 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
13414 					  nl80211_wowlan_tcp_policy, NULL);
13415 	if (err)
13416 		return err;
13417 
13418 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
13419 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
13420 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
13421 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
13422 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
13423 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
13424 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
13425 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
13426 		return -EINVAL;
13427 
13428 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
13429 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
13430 		return -EINVAL;
13431 
13432 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
13433 			rdev->wiphy.wowlan->tcp->data_interval_max ||
13434 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
13435 		return -EINVAL;
13436 
13437 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
13438 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
13439 		return -EINVAL;
13440 
13441 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
13442 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
13443 		return -EINVAL;
13444 
13445 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
13446 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
13447 
13448 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
13449 		tokens_size = tokln - sizeof(*tok);
13450 
13451 		if (!tok->len || tokens_size % tok->len)
13452 			return -EINVAL;
13453 		if (!rdev->wiphy.wowlan->tcp->tok)
13454 			return -EINVAL;
13455 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
13456 			return -EINVAL;
13457 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
13458 			return -EINVAL;
13459 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
13460 			return -EINVAL;
13461 		if (tok->offset + tok->len > data_size)
13462 			return -EINVAL;
13463 	}
13464 
13465 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
13466 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
13467 		if (!rdev->wiphy.wowlan->tcp->seq)
13468 			return -EINVAL;
13469 		if (seq->len == 0 || seq->len > 4)
13470 			return -EINVAL;
13471 		if (seq->len + seq->offset > data_size)
13472 			return -EINVAL;
13473 	}
13474 
13475 	size = sizeof(*cfg);
13476 	size += data_size;
13477 	size += wake_size + wake_mask_size;
13478 	size += tokens_size;
13479 
13480 	cfg = kzalloc(size, GFP_KERNEL);
13481 	if (!cfg)
13482 		return -ENOMEM;
13483 	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
13484 	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
13485 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
13486 	       ETH_ALEN);
13487 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
13488 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
13489 	else
13490 		port = 0;
13491 #ifdef CONFIG_INET
13492 	/* allocate a socket and port for it and use it */
13493 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
13494 			    IPPROTO_TCP, &cfg->sock, 1);
13495 	if (err) {
13496 		kfree(cfg);
13497 		return err;
13498 	}
13499 	if (inet_csk_get_port(cfg->sock->sk, port)) {
13500 		sock_release(cfg->sock);
13501 		kfree(cfg);
13502 		return -EADDRINUSE;
13503 	}
13504 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
13505 #else
13506 	if (!port) {
13507 		kfree(cfg);
13508 		return -EINVAL;
13509 	}
13510 	cfg->src_port = port;
13511 #endif
13512 
13513 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
13514 	cfg->payload_len = data_size;
13515 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
13516 	memcpy((void *)cfg->payload,
13517 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
13518 	       data_size);
13519 	if (seq)
13520 		cfg->payload_seq = *seq;
13521 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
13522 	cfg->wake_len = wake_size;
13523 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
13524 	memcpy((void *)cfg->wake_data,
13525 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
13526 	       wake_size);
13527 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
13528 			 data_size + wake_size;
13529 	memcpy((void *)cfg->wake_mask,
13530 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
13531 	       wake_mask_size);
13532 	if (tok) {
13533 		cfg->tokens_size = tokens_size;
13534 		cfg->payload_tok = *tok;
13535 		memcpy(cfg->payload_tok.token_stream, tok->token_stream,
13536 		       tokens_size);
13537 	}
13538 
13539 	trig->tcp = cfg;
13540 
13541 	return 0;
13542 }
13543 
13544 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
13545 				   const struct wiphy_wowlan_support *wowlan,
13546 				   struct nlattr *attr,
13547 				   struct cfg80211_wowlan *trig)
13548 {
13549 	struct nlattr **tb;
13550 	int err;
13551 
13552 	tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
13553 	if (!tb)
13554 		return -ENOMEM;
13555 
13556 	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
13557 		err = -EOPNOTSUPP;
13558 		goto out;
13559 	}
13560 
13561 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
13562 					  nl80211_policy, NULL);
13563 	if (err)
13564 		goto out;
13565 
13566 	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
13567 						   wowlan->max_nd_match_sets);
13568 	err = PTR_ERR_OR_ZERO(trig->nd_config);
13569 	if (err)
13570 		trig->nd_config = NULL;
13571 
13572 out:
13573 	kfree(tb);
13574 	return err;
13575 }
13576 
13577 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
13578 {
13579 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13580 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
13581 	struct cfg80211_wowlan new_triggers = {};
13582 	struct cfg80211_wowlan *ntrig;
13583 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
13584 	int err, i;
13585 	bool prev_enabled = rdev->wiphy.wowlan_config;
13586 	bool regular = false;
13587 
13588 	if (!wowlan)
13589 		return -EOPNOTSUPP;
13590 
13591 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
13592 		cfg80211_rdev_free_wowlan(rdev);
13593 		rdev->wiphy.wowlan_config = NULL;
13594 		goto set_wakeup;
13595 	}
13596 
13597 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
13598 					  info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
13599 					  nl80211_wowlan_policy, info->extack);
13600 	if (err)
13601 		return err;
13602 
13603 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
13604 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
13605 			return -EINVAL;
13606 		new_triggers.any = true;
13607 	}
13608 
13609 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
13610 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
13611 			return -EINVAL;
13612 		new_triggers.disconnect = true;
13613 		regular = true;
13614 	}
13615 
13616 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
13617 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
13618 			return -EINVAL;
13619 		new_triggers.magic_pkt = true;
13620 		regular = true;
13621 	}
13622 
13623 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
13624 		return -EINVAL;
13625 
13626 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
13627 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
13628 			return -EINVAL;
13629 		new_triggers.gtk_rekey_failure = true;
13630 		regular = true;
13631 	}
13632 
13633 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
13634 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
13635 			return -EINVAL;
13636 		new_triggers.eap_identity_req = true;
13637 		regular = true;
13638 	}
13639 
13640 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
13641 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
13642 			return -EINVAL;
13643 		new_triggers.four_way_handshake = true;
13644 		regular = true;
13645 	}
13646 
13647 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
13648 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
13649 			return -EINVAL;
13650 		new_triggers.rfkill_release = true;
13651 		regular = true;
13652 	}
13653 
13654 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
13655 		struct nlattr *pat;
13656 		int n_patterns = 0;
13657 		int rem, pat_len, mask_len, pkt_offset;
13658 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
13659 
13660 		regular = true;
13661 
13662 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
13663 				    rem)
13664 			n_patterns++;
13665 		if (n_patterns > wowlan->n_patterns)
13666 			return -EINVAL;
13667 
13668 		new_triggers.patterns = kcalloc(n_patterns,
13669 						sizeof(new_triggers.patterns[0]),
13670 						GFP_KERNEL);
13671 		if (!new_triggers.patterns)
13672 			return -ENOMEM;
13673 
13674 		new_triggers.n_patterns = n_patterns;
13675 		i = 0;
13676 
13677 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
13678 				    rem) {
13679 			u8 *mask_pat;
13680 
13681 			err = nla_parse_nested_deprecated(pat_tb,
13682 							  MAX_NL80211_PKTPAT,
13683 							  pat,
13684 							  nl80211_packet_pattern_policy,
13685 							  info->extack);
13686 			if (err)
13687 				goto error;
13688 
13689 			err = -EINVAL;
13690 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
13691 			    !pat_tb[NL80211_PKTPAT_PATTERN])
13692 				goto error;
13693 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
13694 			mask_len = DIV_ROUND_UP(pat_len, 8);
13695 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
13696 				goto error;
13697 			if (pat_len > wowlan->pattern_max_len ||
13698 			    pat_len < wowlan->pattern_min_len)
13699 				goto error;
13700 
13701 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
13702 				pkt_offset = 0;
13703 			else
13704 				pkt_offset = nla_get_u32(
13705 					pat_tb[NL80211_PKTPAT_OFFSET]);
13706 			if (pkt_offset > wowlan->max_pkt_offset)
13707 				goto error;
13708 			new_triggers.patterns[i].pkt_offset = pkt_offset;
13709 
13710 			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
13711 			if (!mask_pat) {
13712 				err = -ENOMEM;
13713 				goto error;
13714 			}
13715 			new_triggers.patterns[i].mask = mask_pat;
13716 			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
13717 			       mask_len);
13718 			mask_pat += mask_len;
13719 			new_triggers.patterns[i].pattern = mask_pat;
13720 			new_triggers.patterns[i].pattern_len = pat_len;
13721 			memcpy(mask_pat,
13722 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
13723 			       pat_len);
13724 			i++;
13725 		}
13726 	}
13727 
13728 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
13729 		regular = true;
13730 		err = nl80211_parse_wowlan_tcp(
13731 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
13732 			&new_triggers);
13733 		if (err)
13734 			goto error;
13735 	}
13736 
13737 	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
13738 		regular = true;
13739 		err = nl80211_parse_wowlan_nd(
13740 			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
13741 			&new_triggers);
13742 		if (err)
13743 			goto error;
13744 	}
13745 
13746 	/* The 'any' trigger means the device continues operating more or less
13747 	 * as in its normal operation mode and wakes up the host on most of the
13748 	 * normal interrupts (like packet RX, ...)
13749 	 * It therefore makes little sense to combine with the more constrained
13750 	 * wakeup trigger modes.
13751 	 */
13752 	if (new_triggers.any && regular) {
13753 		err = -EINVAL;
13754 		goto error;
13755 	}
13756 
13757 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
13758 	if (!ntrig) {
13759 		err = -ENOMEM;
13760 		goto error;
13761 	}
13762 	cfg80211_rdev_free_wowlan(rdev);
13763 	rdev->wiphy.wowlan_config = ntrig;
13764 
13765  set_wakeup:
13766 	if (rdev->ops->set_wakeup &&
13767 	    prev_enabled != !!rdev->wiphy.wowlan_config)
13768 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
13769 
13770 	return 0;
13771  error:
13772 	for (i = 0; i < new_triggers.n_patterns; i++)
13773 		kfree(new_triggers.patterns[i].mask);
13774 	kfree(new_triggers.patterns);
13775 	if (new_triggers.tcp && new_triggers.tcp->sock)
13776 		sock_release(new_triggers.tcp->sock);
13777 	kfree(new_triggers.tcp);
13778 	kfree(new_triggers.nd_config);
13779 	return err;
13780 }
13781 #endif
13782 
13783 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
13784 				       struct cfg80211_registered_device *rdev)
13785 {
13786 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
13787 	int i, j, pat_len;
13788 	struct cfg80211_coalesce_rules *rule;
13789 
13790 	if (!rdev->coalesce->n_rules)
13791 		return 0;
13792 
13793 	nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
13794 	if (!nl_rules)
13795 		return -ENOBUFS;
13796 
13797 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
13798 		nl_rule = nla_nest_start_noflag(msg, i + 1);
13799 		if (!nl_rule)
13800 			return -ENOBUFS;
13801 
13802 		rule = &rdev->coalesce->rules[i];
13803 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
13804 				rule->delay))
13805 			return -ENOBUFS;
13806 
13807 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
13808 				rule->condition))
13809 			return -ENOBUFS;
13810 
13811 		nl_pats = nla_nest_start_noflag(msg,
13812 						NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
13813 		if (!nl_pats)
13814 			return -ENOBUFS;
13815 
13816 		for (j = 0; j < rule->n_patterns; j++) {
13817 			nl_pat = nla_nest_start_noflag(msg, j + 1);
13818 			if (!nl_pat)
13819 				return -ENOBUFS;
13820 			pat_len = rule->patterns[j].pattern_len;
13821 			if (nla_put(msg, NL80211_PKTPAT_MASK,
13822 				    DIV_ROUND_UP(pat_len, 8),
13823 				    rule->patterns[j].mask) ||
13824 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
13825 				    rule->patterns[j].pattern) ||
13826 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
13827 					rule->patterns[j].pkt_offset))
13828 				return -ENOBUFS;
13829 			nla_nest_end(msg, nl_pat);
13830 		}
13831 		nla_nest_end(msg, nl_pats);
13832 		nla_nest_end(msg, nl_rule);
13833 	}
13834 	nla_nest_end(msg, nl_rules);
13835 
13836 	return 0;
13837 }
13838 
13839 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
13840 {
13841 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13842 	struct sk_buff *msg;
13843 	void *hdr;
13844 
13845 	if (!rdev->wiphy.coalesce)
13846 		return -EOPNOTSUPP;
13847 
13848 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13849 	if (!msg)
13850 		return -ENOMEM;
13851 
13852 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13853 			     NL80211_CMD_GET_COALESCE);
13854 	if (!hdr)
13855 		goto nla_put_failure;
13856 
13857 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
13858 		goto nla_put_failure;
13859 
13860 	genlmsg_end(msg, hdr);
13861 	return genlmsg_reply(msg, info);
13862 
13863 nla_put_failure:
13864 	nlmsg_free(msg);
13865 	return -ENOBUFS;
13866 }
13867 
13868 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
13869 {
13870 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
13871 	int i, j;
13872 	struct cfg80211_coalesce_rules *rule;
13873 
13874 	if (!coalesce)
13875 		return;
13876 
13877 	for (i = 0; i < coalesce->n_rules; i++) {
13878 		rule = &coalesce->rules[i];
13879 		for (j = 0; j < rule->n_patterns; j++)
13880 			kfree(rule->patterns[j].mask);
13881 		kfree(rule->patterns);
13882 	}
13883 	kfree(coalesce->rules);
13884 	kfree(coalesce);
13885 	rdev->coalesce = NULL;
13886 }
13887 
13888 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
13889 				       struct nlattr *rule,
13890 				       struct cfg80211_coalesce_rules *new_rule)
13891 {
13892 	int err, i;
13893 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
13894 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
13895 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
13896 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
13897 
13898 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
13899 					  rule, nl80211_coalesce_policy, NULL);
13900 	if (err)
13901 		return err;
13902 
13903 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
13904 		new_rule->delay =
13905 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
13906 	if (new_rule->delay > coalesce->max_delay)
13907 		return -EINVAL;
13908 
13909 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
13910 		new_rule->condition =
13911 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
13912 
13913 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
13914 		return -EINVAL;
13915 
13916 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
13917 			    rem)
13918 		n_patterns++;
13919 	if (n_patterns > coalesce->n_patterns)
13920 		return -EINVAL;
13921 
13922 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
13923 				     GFP_KERNEL);
13924 	if (!new_rule->patterns)
13925 		return -ENOMEM;
13926 
13927 	new_rule->n_patterns = n_patterns;
13928 	i = 0;
13929 
13930 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
13931 			    rem) {
13932 		u8 *mask_pat;
13933 
13934 		err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
13935 						  pat,
13936 						  nl80211_packet_pattern_policy,
13937 						  NULL);
13938 		if (err)
13939 			return err;
13940 
13941 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
13942 		    !pat_tb[NL80211_PKTPAT_PATTERN])
13943 			return -EINVAL;
13944 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
13945 		mask_len = DIV_ROUND_UP(pat_len, 8);
13946 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
13947 			return -EINVAL;
13948 		if (pat_len > coalesce->pattern_max_len ||
13949 		    pat_len < coalesce->pattern_min_len)
13950 			return -EINVAL;
13951 
13952 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
13953 			pkt_offset = 0;
13954 		else
13955 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
13956 		if (pkt_offset > coalesce->max_pkt_offset)
13957 			return -EINVAL;
13958 		new_rule->patterns[i].pkt_offset = pkt_offset;
13959 
13960 		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
13961 		if (!mask_pat)
13962 			return -ENOMEM;
13963 
13964 		new_rule->patterns[i].mask = mask_pat;
13965 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
13966 		       mask_len);
13967 
13968 		mask_pat += mask_len;
13969 		new_rule->patterns[i].pattern = mask_pat;
13970 		new_rule->patterns[i].pattern_len = pat_len;
13971 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
13972 		       pat_len);
13973 		i++;
13974 	}
13975 
13976 	return 0;
13977 }
13978 
13979 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
13980 {
13981 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13982 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
13983 	struct cfg80211_coalesce new_coalesce = {};
13984 	struct cfg80211_coalesce *n_coalesce;
13985 	int err, rem_rule, n_rules = 0, i, j;
13986 	struct nlattr *rule;
13987 	struct cfg80211_coalesce_rules *tmp_rule;
13988 
13989 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
13990 		return -EOPNOTSUPP;
13991 
13992 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
13993 		cfg80211_rdev_free_coalesce(rdev);
13994 		rdev_set_coalesce(rdev, NULL);
13995 		return 0;
13996 	}
13997 
13998 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
13999 			    rem_rule)
14000 		n_rules++;
14001 	if (n_rules > coalesce->n_rules)
14002 		return -EINVAL;
14003 
14004 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
14005 				     GFP_KERNEL);
14006 	if (!new_coalesce.rules)
14007 		return -ENOMEM;
14008 
14009 	new_coalesce.n_rules = n_rules;
14010 	i = 0;
14011 
14012 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
14013 			    rem_rule) {
14014 		err = nl80211_parse_coalesce_rule(rdev, rule,
14015 						  &new_coalesce.rules[i]);
14016 		if (err)
14017 			goto error;
14018 
14019 		i++;
14020 	}
14021 
14022 	err = rdev_set_coalesce(rdev, &new_coalesce);
14023 	if (err)
14024 		goto error;
14025 
14026 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
14027 	if (!n_coalesce) {
14028 		err = -ENOMEM;
14029 		goto error;
14030 	}
14031 	cfg80211_rdev_free_coalesce(rdev);
14032 	rdev->coalesce = n_coalesce;
14033 
14034 	return 0;
14035 error:
14036 	for (i = 0; i < new_coalesce.n_rules; i++) {
14037 		tmp_rule = &new_coalesce.rules[i];
14038 		if (!tmp_rule)
14039 			continue;
14040 		for (j = 0; j < tmp_rule->n_patterns; j++)
14041 			kfree(tmp_rule->patterns[j].mask);
14042 		kfree(tmp_rule->patterns);
14043 	}
14044 	kfree(new_coalesce.rules);
14045 
14046 	return err;
14047 }
14048 
14049 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
14050 {
14051 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14052 	struct net_device *dev = info->user_ptr[1];
14053 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14054 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
14055 	struct cfg80211_gtk_rekey_data rekey_data = {};
14056 	int err;
14057 
14058 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
14059 		return -EINVAL;
14060 
14061 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
14062 					  info->attrs[NL80211_ATTR_REKEY_DATA],
14063 					  nl80211_rekey_policy, info->extack);
14064 	if (err)
14065 		return err;
14066 
14067 	if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
14068 	    !tb[NL80211_REKEY_DATA_KCK])
14069 		return -EINVAL;
14070 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
14071 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
14072 	      nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
14073 		return -ERANGE;
14074 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
14075 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
14076 	      nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN) &&
14077 	     !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KCK_32 &&
14078 	       nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN_32))
14079 		return -ERANGE;
14080 
14081 	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
14082 	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
14083 	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
14084 	rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
14085 	rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
14086 	if (tb[NL80211_REKEY_DATA_AKM])
14087 		rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
14088 
14089 	if (!wdev->connected)
14090 		return -ENOTCONN;
14091 
14092 	if (!rdev->ops->set_rekey_data)
14093 		return -EOPNOTSUPP;
14094 
14095 	return rdev_set_rekey_data(rdev, dev, &rekey_data);
14096 }
14097 
14098 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
14099 					     struct genl_info *info)
14100 {
14101 	struct net_device *dev = info->user_ptr[1];
14102 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14103 
14104 	if (wdev->iftype != NL80211_IFTYPE_AP &&
14105 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
14106 		return -EINVAL;
14107 
14108 	if (wdev->ap_unexpected_nlportid)
14109 		return -EBUSY;
14110 
14111 	wdev->ap_unexpected_nlportid = info->snd_portid;
14112 	return 0;
14113 }
14114 
14115 static int nl80211_probe_client(struct sk_buff *skb,
14116 				struct genl_info *info)
14117 {
14118 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14119 	struct net_device *dev = info->user_ptr[1];
14120 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14121 	struct sk_buff *msg;
14122 	void *hdr;
14123 	const u8 *addr;
14124 	u64 cookie;
14125 	int err;
14126 
14127 	if (wdev->iftype != NL80211_IFTYPE_AP &&
14128 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
14129 		return -EOPNOTSUPP;
14130 
14131 	if (!info->attrs[NL80211_ATTR_MAC])
14132 		return -EINVAL;
14133 
14134 	if (!rdev->ops->probe_client)
14135 		return -EOPNOTSUPP;
14136 
14137 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14138 	if (!msg)
14139 		return -ENOMEM;
14140 
14141 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14142 			     NL80211_CMD_PROBE_CLIENT);
14143 	if (!hdr) {
14144 		err = -ENOBUFS;
14145 		goto free_msg;
14146 	}
14147 
14148 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14149 
14150 	err = rdev_probe_client(rdev, dev, addr, &cookie);
14151 	if (err)
14152 		goto free_msg;
14153 
14154 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14155 			      NL80211_ATTR_PAD))
14156 		goto nla_put_failure;
14157 
14158 	genlmsg_end(msg, hdr);
14159 
14160 	return genlmsg_reply(msg, info);
14161 
14162  nla_put_failure:
14163 	err = -ENOBUFS;
14164  free_msg:
14165 	nlmsg_free(msg);
14166 	return err;
14167 }
14168 
14169 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
14170 {
14171 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14172 	struct cfg80211_beacon_registration *reg, *nreg;
14173 	int rv;
14174 
14175 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
14176 		return -EOPNOTSUPP;
14177 
14178 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
14179 	if (!nreg)
14180 		return -ENOMEM;
14181 
14182 	/* First, check if already registered. */
14183 	spin_lock_bh(&rdev->beacon_registrations_lock);
14184 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
14185 		if (reg->nlportid == info->snd_portid) {
14186 			rv = -EALREADY;
14187 			goto out_err;
14188 		}
14189 	}
14190 	/* Add it to the list */
14191 	nreg->nlportid = info->snd_portid;
14192 	list_add(&nreg->list, &rdev->beacon_registrations);
14193 
14194 	spin_unlock_bh(&rdev->beacon_registrations_lock);
14195 
14196 	return 0;
14197 out_err:
14198 	spin_unlock_bh(&rdev->beacon_registrations_lock);
14199 	kfree(nreg);
14200 	return rv;
14201 }
14202 
14203 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
14204 {
14205 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14206 	struct wireless_dev *wdev = info->user_ptr[1];
14207 	int err;
14208 
14209 	if (!rdev->ops->start_p2p_device)
14210 		return -EOPNOTSUPP;
14211 
14212 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
14213 		return -EOPNOTSUPP;
14214 
14215 	if (wdev_running(wdev))
14216 		return 0;
14217 
14218 	if (rfkill_blocked(rdev->wiphy.rfkill))
14219 		return -ERFKILL;
14220 
14221 	err = rdev_start_p2p_device(rdev, wdev);
14222 	if (err)
14223 		return err;
14224 
14225 	wdev->is_running = true;
14226 	rdev->opencount++;
14227 
14228 	return 0;
14229 }
14230 
14231 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
14232 {
14233 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14234 	struct wireless_dev *wdev = info->user_ptr[1];
14235 
14236 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
14237 		return -EOPNOTSUPP;
14238 
14239 	if (!rdev->ops->stop_p2p_device)
14240 		return -EOPNOTSUPP;
14241 
14242 	cfg80211_stop_p2p_device(rdev, wdev);
14243 
14244 	return 0;
14245 }
14246 
14247 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
14248 {
14249 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14250 	struct wireless_dev *wdev = info->user_ptr[1];
14251 	struct cfg80211_nan_conf conf = {};
14252 	int err;
14253 
14254 	if (wdev->iftype != NL80211_IFTYPE_NAN)
14255 		return -EOPNOTSUPP;
14256 
14257 	if (wdev_running(wdev))
14258 		return -EEXIST;
14259 
14260 	if (rfkill_blocked(rdev->wiphy.rfkill))
14261 		return -ERFKILL;
14262 
14263 	if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
14264 		return -EINVAL;
14265 
14266 	conf.master_pref =
14267 		nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
14268 
14269 	if (info->attrs[NL80211_ATTR_BANDS]) {
14270 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
14271 
14272 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
14273 			return -EOPNOTSUPP;
14274 
14275 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
14276 			return -EINVAL;
14277 
14278 		conf.bands = bands;
14279 	}
14280 
14281 	err = rdev_start_nan(rdev, wdev, &conf);
14282 	if (err)
14283 		return err;
14284 
14285 	wdev->is_running = true;
14286 	rdev->opencount++;
14287 
14288 	return 0;
14289 }
14290 
14291 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
14292 {
14293 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14294 	struct wireless_dev *wdev = info->user_ptr[1];
14295 
14296 	if (wdev->iftype != NL80211_IFTYPE_NAN)
14297 		return -EOPNOTSUPP;
14298 
14299 	cfg80211_stop_nan(rdev, wdev);
14300 
14301 	return 0;
14302 }
14303 
14304 static int validate_nan_filter(struct nlattr *filter_attr)
14305 {
14306 	struct nlattr *attr;
14307 	int len = 0, n_entries = 0, rem;
14308 
14309 	nla_for_each_nested(attr, filter_attr, rem) {
14310 		len += nla_len(attr);
14311 		n_entries++;
14312 	}
14313 
14314 	if (len >= U8_MAX)
14315 		return -EINVAL;
14316 
14317 	return n_entries;
14318 }
14319 
14320 static int handle_nan_filter(struct nlattr *attr_filter,
14321 			     struct cfg80211_nan_func *func,
14322 			     bool tx)
14323 {
14324 	struct nlattr *attr;
14325 	int n_entries, rem, i;
14326 	struct cfg80211_nan_func_filter *filter;
14327 
14328 	n_entries = validate_nan_filter(attr_filter);
14329 	if (n_entries < 0)
14330 		return n_entries;
14331 
14332 	BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
14333 
14334 	filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
14335 	if (!filter)
14336 		return -ENOMEM;
14337 
14338 	i = 0;
14339 	nla_for_each_nested(attr, attr_filter, rem) {
14340 		filter[i].filter = nla_memdup(attr, GFP_KERNEL);
14341 		if (!filter[i].filter)
14342 			goto err;
14343 
14344 		filter[i].len = nla_len(attr);
14345 		i++;
14346 	}
14347 	if (tx) {
14348 		func->num_tx_filters = n_entries;
14349 		func->tx_filters = filter;
14350 	} else {
14351 		func->num_rx_filters = n_entries;
14352 		func->rx_filters = filter;
14353 	}
14354 
14355 	return 0;
14356 
14357 err:
14358 	i = 0;
14359 	nla_for_each_nested(attr, attr_filter, rem) {
14360 		kfree(filter[i].filter);
14361 		i++;
14362 	}
14363 	kfree(filter);
14364 	return -ENOMEM;
14365 }
14366 
14367 static int nl80211_nan_add_func(struct sk_buff *skb,
14368 				struct genl_info *info)
14369 {
14370 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14371 	struct wireless_dev *wdev = info->user_ptr[1];
14372 	struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
14373 	struct cfg80211_nan_func *func;
14374 	struct sk_buff *msg = NULL;
14375 	void *hdr = NULL;
14376 	int err = 0;
14377 
14378 	if (wdev->iftype != NL80211_IFTYPE_NAN)
14379 		return -EOPNOTSUPP;
14380 
14381 	if (!wdev_running(wdev))
14382 		return -ENOTCONN;
14383 
14384 	if (!info->attrs[NL80211_ATTR_NAN_FUNC])
14385 		return -EINVAL;
14386 
14387 	err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
14388 					  info->attrs[NL80211_ATTR_NAN_FUNC],
14389 					  nl80211_nan_func_policy,
14390 					  info->extack);
14391 	if (err)
14392 		return err;
14393 
14394 	func = kzalloc(sizeof(*func), GFP_KERNEL);
14395 	if (!func)
14396 		return -ENOMEM;
14397 
14398 	func->cookie = cfg80211_assign_cookie(rdev);
14399 
14400 	if (!tb[NL80211_NAN_FUNC_TYPE]) {
14401 		err = -EINVAL;
14402 		goto out;
14403 	}
14404 
14405 
14406 	func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
14407 
14408 	if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
14409 		err = -EINVAL;
14410 		goto out;
14411 	}
14412 
14413 	memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
14414 	       sizeof(func->service_id));
14415 
14416 	func->close_range =
14417 		nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
14418 
14419 	if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
14420 		func->serv_spec_info_len =
14421 			nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
14422 		func->serv_spec_info =
14423 			kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
14424 				func->serv_spec_info_len,
14425 				GFP_KERNEL);
14426 		if (!func->serv_spec_info) {
14427 			err = -ENOMEM;
14428 			goto out;
14429 		}
14430 	}
14431 
14432 	if (tb[NL80211_NAN_FUNC_TTL])
14433 		func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
14434 
14435 	switch (func->type) {
14436 	case NL80211_NAN_FUNC_PUBLISH:
14437 		if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
14438 			err = -EINVAL;
14439 			goto out;
14440 		}
14441 
14442 		func->publish_type =
14443 			nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
14444 		func->publish_bcast =
14445 			nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
14446 
14447 		if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
14448 			func->publish_bcast) {
14449 			err = -EINVAL;
14450 			goto out;
14451 		}
14452 		break;
14453 	case NL80211_NAN_FUNC_SUBSCRIBE:
14454 		func->subscribe_active =
14455 			nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
14456 		break;
14457 	case NL80211_NAN_FUNC_FOLLOW_UP:
14458 		if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
14459 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
14460 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
14461 			err = -EINVAL;
14462 			goto out;
14463 		}
14464 
14465 		func->followup_id =
14466 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
14467 		func->followup_reqid =
14468 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
14469 		memcpy(func->followup_dest.addr,
14470 		       nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
14471 		       sizeof(func->followup_dest.addr));
14472 		if (func->ttl) {
14473 			err = -EINVAL;
14474 			goto out;
14475 		}
14476 		break;
14477 	default:
14478 		err = -EINVAL;
14479 		goto out;
14480 	}
14481 
14482 	if (tb[NL80211_NAN_FUNC_SRF]) {
14483 		struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
14484 
14485 		err = nla_parse_nested_deprecated(srf_tb,
14486 						  NL80211_NAN_SRF_ATTR_MAX,
14487 						  tb[NL80211_NAN_FUNC_SRF],
14488 						  nl80211_nan_srf_policy,
14489 						  info->extack);
14490 		if (err)
14491 			goto out;
14492 
14493 		func->srf_include =
14494 			nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
14495 
14496 		if (srf_tb[NL80211_NAN_SRF_BF]) {
14497 			if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
14498 			    !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
14499 				err = -EINVAL;
14500 				goto out;
14501 			}
14502 
14503 			func->srf_bf_len =
14504 				nla_len(srf_tb[NL80211_NAN_SRF_BF]);
14505 			func->srf_bf =
14506 				kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
14507 					func->srf_bf_len, GFP_KERNEL);
14508 			if (!func->srf_bf) {
14509 				err = -ENOMEM;
14510 				goto out;
14511 			}
14512 
14513 			func->srf_bf_idx =
14514 				nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
14515 		} else {
14516 			struct nlattr *attr, *mac_attr =
14517 				srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
14518 			int n_entries, rem, i = 0;
14519 
14520 			if (!mac_attr) {
14521 				err = -EINVAL;
14522 				goto out;
14523 			}
14524 
14525 			n_entries = validate_acl_mac_addrs(mac_attr);
14526 			if (n_entries <= 0) {
14527 				err = -EINVAL;
14528 				goto out;
14529 			}
14530 
14531 			func->srf_num_macs = n_entries;
14532 			func->srf_macs =
14533 				kcalloc(n_entries, sizeof(*func->srf_macs),
14534 					GFP_KERNEL);
14535 			if (!func->srf_macs) {
14536 				err = -ENOMEM;
14537 				goto out;
14538 			}
14539 
14540 			nla_for_each_nested(attr, mac_attr, rem)
14541 				memcpy(func->srf_macs[i++].addr, nla_data(attr),
14542 				       sizeof(*func->srf_macs));
14543 		}
14544 	}
14545 
14546 	if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
14547 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
14548 					func, true);
14549 		if (err)
14550 			goto out;
14551 	}
14552 
14553 	if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
14554 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
14555 					func, false);
14556 		if (err)
14557 			goto out;
14558 	}
14559 
14560 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14561 	if (!msg) {
14562 		err = -ENOMEM;
14563 		goto out;
14564 	}
14565 
14566 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14567 			     NL80211_CMD_ADD_NAN_FUNCTION);
14568 	/* This can't really happen - we just allocated 4KB */
14569 	if (WARN_ON(!hdr)) {
14570 		err = -ENOMEM;
14571 		goto out;
14572 	}
14573 
14574 	err = rdev_add_nan_func(rdev, wdev, func);
14575 out:
14576 	if (err < 0) {
14577 		cfg80211_free_nan_func(func);
14578 		nlmsg_free(msg);
14579 		return err;
14580 	}
14581 
14582 	/* propagate the instance id and cookie to userspace  */
14583 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
14584 			      NL80211_ATTR_PAD))
14585 		goto nla_put_failure;
14586 
14587 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
14588 	if (!func_attr)
14589 		goto nla_put_failure;
14590 
14591 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
14592 		       func->instance_id))
14593 		goto nla_put_failure;
14594 
14595 	nla_nest_end(msg, func_attr);
14596 
14597 	genlmsg_end(msg, hdr);
14598 	return genlmsg_reply(msg, info);
14599 
14600 nla_put_failure:
14601 	nlmsg_free(msg);
14602 	return -ENOBUFS;
14603 }
14604 
14605 static int nl80211_nan_del_func(struct sk_buff *skb,
14606 			       struct genl_info *info)
14607 {
14608 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14609 	struct wireless_dev *wdev = info->user_ptr[1];
14610 	u64 cookie;
14611 
14612 	if (wdev->iftype != NL80211_IFTYPE_NAN)
14613 		return -EOPNOTSUPP;
14614 
14615 	if (!wdev_running(wdev))
14616 		return -ENOTCONN;
14617 
14618 	if (!info->attrs[NL80211_ATTR_COOKIE])
14619 		return -EINVAL;
14620 
14621 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
14622 
14623 	rdev_del_nan_func(rdev, wdev, cookie);
14624 
14625 	return 0;
14626 }
14627 
14628 static int nl80211_nan_change_config(struct sk_buff *skb,
14629 				     struct genl_info *info)
14630 {
14631 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14632 	struct wireless_dev *wdev = info->user_ptr[1];
14633 	struct cfg80211_nan_conf conf = {};
14634 	u32 changed = 0;
14635 
14636 	if (wdev->iftype != NL80211_IFTYPE_NAN)
14637 		return -EOPNOTSUPP;
14638 
14639 	if (!wdev_running(wdev))
14640 		return -ENOTCONN;
14641 
14642 	if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
14643 		conf.master_pref =
14644 			nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
14645 		if (conf.master_pref <= 1 || conf.master_pref == 255)
14646 			return -EINVAL;
14647 
14648 		changed |= CFG80211_NAN_CONF_CHANGED_PREF;
14649 	}
14650 
14651 	if (info->attrs[NL80211_ATTR_BANDS]) {
14652 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
14653 
14654 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
14655 			return -EOPNOTSUPP;
14656 
14657 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
14658 			return -EINVAL;
14659 
14660 		conf.bands = bands;
14661 		changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
14662 	}
14663 
14664 	if (!changed)
14665 		return -EINVAL;
14666 
14667 	return rdev_nan_change_conf(rdev, wdev, &conf, changed);
14668 }
14669 
14670 void cfg80211_nan_match(struct wireless_dev *wdev,
14671 			struct cfg80211_nan_match_params *match, gfp_t gfp)
14672 {
14673 	struct wiphy *wiphy = wdev->wiphy;
14674 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14675 	struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
14676 	struct sk_buff *msg;
14677 	void *hdr;
14678 
14679 	if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
14680 		return;
14681 
14682 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14683 	if (!msg)
14684 		return;
14685 
14686 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
14687 	if (!hdr) {
14688 		nlmsg_free(msg);
14689 		return;
14690 	}
14691 
14692 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14693 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14694 					 wdev->netdev->ifindex)) ||
14695 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14696 			      NL80211_ATTR_PAD))
14697 		goto nla_put_failure;
14698 
14699 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
14700 			      NL80211_ATTR_PAD) ||
14701 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
14702 		goto nla_put_failure;
14703 
14704 	match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
14705 	if (!match_attr)
14706 		goto nla_put_failure;
14707 
14708 	local_func_attr = nla_nest_start_noflag(msg,
14709 						NL80211_NAN_MATCH_FUNC_LOCAL);
14710 	if (!local_func_attr)
14711 		goto nla_put_failure;
14712 
14713 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
14714 		goto nla_put_failure;
14715 
14716 	nla_nest_end(msg, local_func_attr);
14717 
14718 	peer_func_attr = nla_nest_start_noflag(msg,
14719 					       NL80211_NAN_MATCH_FUNC_PEER);
14720 	if (!peer_func_attr)
14721 		goto nla_put_failure;
14722 
14723 	if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
14724 	    nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
14725 		goto nla_put_failure;
14726 
14727 	if (match->info && match->info_len &&
14728 	    nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
14729 		    match->info))
14730 		goto nla_put_failure;
14731 
14732 	nla_nest_end(msg, peer_func_attr);
14733 	nla_nest_end(msg, match_attr);
14734 	genlmsg_end(msg, hdr);
14735 
14736 	if (!wdev->owner_nlportid)
14737 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
14738 					msg, 0, NL80211_MCGRP_NAN, gfp);
14739 	else
14740 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
14741 				wdev->owner_nlportid);
14742 
14743 	return;
14744 
14745 nla_put_failure:
14746 	nlmsg_free(msg);
14747 }
14748 EXPORT_SYMBOL(cfg80211_nan_match);
14749 
14750 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
14751 				  u8 inst_id,
14752 				  enum nl80211_nan_func_term_reason reason,
14753 				  u64 cookie, gfp_t gfp)
14754 {
14755 	struct wiphy *wiphy = wdev->wiphy;
14756 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14757 	struct sk_buff *msg;
14758 	struct nlattr *func_attr;
14759 	void *hdr;
14760 
14761 	if (WARN_ON(!inst_id))
14762 		return;
14763 
14764 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14765 	if (!msg)
14766 		return;
14767 
14768 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
14769 	if (!hdr) {
14770 		nlmsg_free(msg);
14771 		return;
14772 	}
14773 
14774 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14775 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14776 					 wdev->netdev->ifindex)) ||
14777 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14778 			      NL80211_ATTR_PAD))
14779 		goto nla_put_failure;
14780 
14781 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14782 			      NL80211_ATTR_PAD))
14783 		goto nla_put_failure;
14784 
14785 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
14786 	if (!func_attr)
14787 		goto nla_put_failure;
14788 
14789 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
14790 	    nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
14791 		goto nla_put_failure;
14792 
14793 	nla_nest_end(msg, func_attr);
14794 	genlmsg_end(msg, hdr);
14795 
14796 	if (!wdev->owner_nlportid)
14797 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
14798 					msg, 0, NL80211_MCGRP_NAN, gfp);
14799 	else
14800 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
14801 				wdev->owner_nlportid);
14802 
14803 	return;
14804 
14805 nla_put_failure:
14806 	nlmsg_free(msg);
14807 }
14808 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
14809 
14810 static int nl80211_get_protocol_features(struct sk_buff *skb,
14811 					 struct genl_info *info)
14812 {
14813 	void *hdr;
14814 	struct sk_buff *msg;
14815 
14816 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14817 	if (!msg)
14818 		return -ENOMEM;
14819 
14820 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14821 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
14822 	if (!hdr)
14823 		goto nla_put_failure;
14824 
14825 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
14826 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
14827 		goto nla_put_failure;
14828 
14829 	genlmsg_end(msg, hdr);
14830 	return genlmsg_reply(msg, info);
14831 
14832  nla_put_failure:
14833 	kfree_skb(msg);
14834 	return -ENOBUFS;
14835 }
14836 
14837 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
14838 {
14839 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14840 	struct cfg80211_update_ft_ies_params ft_params;
14841 	struct net_device *dev = info->user_ptr[1];
14842 
14843 	if (!rdev->ops->update_ft_ies)
14844 		return -EOPNOTSUPP;
14845 
14846 	if (!info->attrs[NL80211_ATTR_MDID] ||
14847 	    !info->attrs[NL80211_ATTR_IE])
14848 		return -EINVAL;
14849 
14850 	memset(&ft_params, 0, sizeof(ft_params));
14851 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
14852 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
14853 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
14854 
14855 	return rdev_update_ft_ies(rdev, dev, &ft_params);
14856 }
14857 
14858 static int nl80211_crit_protocol_start(struct sk_buff *skb,
14859 				       struct genl_info *info)
14860 {
14861 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14862 	struct wireless_dev *wdev = info->user_ptr[1];
14863 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
14864 	u16 duration;
14865 	int ret;
14866 
14867 	if (!rdev->ops->crit_proto_start)
14868 		return -EOPNOTSUPP;
14869 
14870 	if (WARN_ON(!rdev->ops->crit_proto_stop))
14871 		return -EINVAL;
14872 
14873 	if (rdev->crit_proto_nlportid)
14874 		return -EBUSY;
14875 
14876 	/* determine protocol if provided */
14877 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
14878 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
14879 
14880 	if (proto >= NUM_NL80211_CRIT_PROTO)
14881 		return -EINVAL;
14882 
14883 	/* timeout must be provided */
14884 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
14885 		return -EINVAL;
14886 
14887 	duration =
14888 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
14889 
14890 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
14891 	if (!ret)
14892 		rdev->crit_proto_nlportid = info->snd_portid;
14893 
14894 	return ret;
14895 }
14896 
14897 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
14898 				      struct genl_info *info)
14899 {
14900 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14901 	struct wireless_dev *wdev = info->user_ptr[1];
14902 
14903 	if (!rdev->ops->crit_proto_stop)
14904 		return -EOPNOTSUPP;
14905 
14906 	if (rdev->crit_proto_nlportid) {
14907 		rdev->crit_proto_nlportid = 0;
14908 		rdev_crit_proto_stop(rdev, wdev);
14909 	}
14910 	return 0;
14911 }
14912 
14913 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
14914 				       struct nlattr *attr,
14915 				       struct netlink_ext_ack *extack)
14916 {
14917 	if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
14918 		if (attr->nla_type & NLA_F_NESTED) {
14919 			NL_SET_ERR_MSG_ATTR(extack, attr,
14920 					    "unexpected nested data");
14921 			return -EINVAL;
14922 		}
14923 
14924 		return 0;
14925 	}
14926 
14927 	if (!(attr->nla_type & NLA_F_NESTED)) {
14928 		NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
14929 		return -EINVAL;
14930 	}
14931 
14932 	return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
14933 }
14934 
14935 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
14936 {
14937 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14938 	struct wireless_dev *wdev =
14939 		__cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
14940 					   info->attrs);
14941 	int i, err;
14942 	u32 vid, subcmd;
14943 
14944 	if (!rdev->wiphy.vendor_commands)
14945 		return -EOPNOTSUPP;
14946 
14947 	if (IS_ERR(wdev)) {
14948 		err = PTR_ERR(wdev);
14949 		if (err != -EINVAL)
14950 			return err;
14951 		wdev = NULL;
14952 	} else if (wdev->wiphy != &rdev->wiphy) {
14953 		return -EINVAL;
14954 	}
14955 
14956 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
14957 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
14958 		return -EINVAL;
14959 
14960 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
14961 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
14962 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
14963 		const struct wiphy_vendor_command *vcmd;
14964 		void *data = NULL;
14965 		int len = 0;
14966 
14967 		vcmd = &rdev->wiphy.vendor_commands[i];
14968 
14969 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
14970 			continue;
14971 
14972 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
14973 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
14974 			if (!wdev)
14975 				return -EINVAL;
14976 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
14977 			    !wdev->netdev)
14978 				return -EINVAL;
14979 
14980 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
14981 				if (!wdev_running(wdev))
14982 					return -ENETDOWN;
14983 			}
14984 		} else {
14985 			wdev = NULL;
14986 		}
14987 
14988 		if (!vcmd->doit)
14989 			return -EOPNOTSUPP;
14990 
14991 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
14992 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
14993 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
14994 
14995 			err = nl80211_vendor_check_policy(vcmd,
14996 					info->attrs[NL80211_ATTR_VENDOR_DATA],
14997 					info->extack);
14998 			if (err)
14999 				return err;
15000 		}
15001 
15002 		rdev->cur_cmd_info = info;
15003 		err = vcmd->doit(&rdev->wiphy, wdev, data, len);
15004 		rdev->cur_cmd_info = NULL;
15005 		return err;
15006 	}
15007 
15008 	return -EOPNOTSUPP;
15009 }
15010 
15011 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
15012 				       struct netlink_callback *cb,
15013 				       struct cfg80211_registered_device **rdev,
15014 				       struct wireless_dev **wdev)
15015 {
15016 	struct nlattr **attrbuf;
15017 	u32 vid, subcmd;
15018 	unsigned int i;
15019 	int vcmd_idx = -1;
15020 	int err;
15021 	void *data = NULL;
15022 	unsigned int data_len = 0;
15023 
15024 	if (cb->args[0]) {
15025 		/* subtract the 1 again here */
15026 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
15027 		struct wireless_dev *tmp;
15028 
15029 		if (!wiphy)
15030 			return -ENODEV;
15031 		*rdev = wiphy_to_rdev(wiphy);
15032 		*wdev = NULL;
15033 
15034 		if (cb->args[1]) {
15035 			list_for_each_entry(tmp, &wiphy->wdev_list, list) {
15036 				if (tmp->identifier == cb->args[1] - 1) {
15037 					*wdev = tmp;
15038 					break;
15039 				}
15040 			}
15041 		}
15042 
15043 		/* keep rtnl locked in successful case */
15044 		return 0;
15045 	}
15046 
15047 	attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
15048 	if (!attrbuf)
15049 		return -ENOMEM;
15050 
15051 	err = nlmsg_parse_deprecated(cb->nlh,
15052 				     GENL_HDRLEN + nl80211_fam.hdrsize,
15053 				     attrbuf, nl80211_fam.maxattr,
15054 				     nl80211_policy, NULL);
15055 	if (err)
15056 		goto out;
15057 
15058 	if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
15059 	    !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
15060 		err = -EINVAL;
15061 		goto out;
15062 	}
15063 
15064 	*wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf);
15065 	if (IS_ERR(*wdev))
15066 		*wdev = NULL;
15067 
15068 	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
15069 	if (IS_ERR(*rdev)) {
15070 		err = PTR_ERR(*rdev);
15071 		goto out;
15072 	}
15073 
15074 	vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
15075 	subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
15076 
15077 	for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
15078 		const struct wiphy_vendor_command *vcmd;
15079 
15080 		vcmd = &(*rdev)->wiphy.vendor_commands[i];
15081 
15082 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
15083 			continue;
15084 
15085 		if (!vcmd->dumpit) {
15086 			err = -EOPNOTSUPP;
15087 			goto out;
15088 		}
15089 
15090 		vcmd_idx = i;
15091 		break;
15092 	}
15093 
15094 	if (vcmd_idx < 0) {
15095 		err = -EOPNOTSUPP;
15096 		goto out;
15097 	}
15098 
15099 	if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
15100 		data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
15101 		data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
15102 
15103 		err = nl80211_vendor_check_policy(
15104 				&(*rdev)->wiphy.vendor_commands[vcmd_idx],
15105 				attrbuf[NL80211_ATTR_VENDOR_DATA],
15106 				cb->extack);
15107 		if (err)
15108 			goto out;
15109 	}
15110 
15111 	/* 0 is the first index - add 1 to parse only once */
15112 	cb->args[0] = (*rdev)->wiphy_idx + 1;
15113 	/* add 1 to know if it was NULL */
15114 	cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
15115 	cb->args[2] = vcmd_idx;
15116 	cb->args[3] = (unsigned long)data;
15117 	cb->args[4] = data_len;
15118 
15119 	/* keep rtnl locked in successful case */
15120 	err = 0;
15121 out:
15122 	kfree(attrbuf);
15123 	return err;
15124 }
15125 
15126 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
15127 				   struct netlink_callback *cb)
15128 {
15129 	struct cfg80211_registered_device *rdev;
15130 	struct wireless_dev *wdev;
15131 	unsigned int vcmd_idx;
15132 	const struct wiphy_vendor_command *vcmd;
15133 	void *data;
15134 	int data_len;
15135 	int err;
15136 	struct nlattr *vendor_data;
15137 
15138 	rtnl_lock();
15139 	err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
15140 	if (err)
15141 		goto out;
15142 
15143 	vcmd_idx = cb->args[2];
15144 	data = (void *)cb->args[3];
15145 	data_len = cb->args[4];
15146 	vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
15147 
15148 	if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
15149 			   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
15150 		if (!wdev) {
15151 			err = -EINVAL;
15152 			goto out;
15153 		}
15154 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
15155 		    !wdev->netdev) {
15156 			err = -EINVAL;
15157 			goto out;
15158 		}
15159 
15160 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
15161 			if (!wdev_running(wdev)) {
15162 				err = -ENETDOWN;
15163 				goto out;
15164 			}
15165 		}
15166 	}
15167 
15168 	while (1) {
15169 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
15170 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
15171 					   NL80211_CMD_VENDOR);
15172 		if (!hdr)
15173 			break;
15174 
15175 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15176 		    (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
15177 					       wdev_id(wdev),
15178 					       NL80211_ATTR_PAD))) {
15179 			genlmsg_cancel(skb, hdr);
15180 			break;
15181 		}
15182 
15183 		vendor_data = nla_nest_start_noflag(skb,
15184 						    NL80211_ATTR_VENDOR_DATA);
15185 		if (!vendor_data) {
15186 			genlmsg_cancel(skb, hdr);
15187 			break;
15188 		}
15189 
15190 		err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
15191 				   (unsigned long *)&cb->args[5]);
15192 		nla_nest_end(skb, vendor_data);
15193 
15194 		if (err == -ENOBUFS || err == -ENOENT) {
15195 			genlmsg_cancel(skb, hdr);
15196 			break;
15197 		} else if (err <= 0) {
15198 			genlmsg_cancel(skb, hdr);
15199 			goto out;
15200 		}
15201 
15202 		genlmsg_end(skb, hdr);
15203 	}
15204 
15205 	err = skb->len;
15206  out:
15207 	rtnl_unlock();
15208 	return err;
15209 }
15210 
15211 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
15212 					   enum nl80211_commands cmd,
15213 					   enum nl80211_attrs attr,
15214 					   int approxlen)
15215 {
15216 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15217 
15218 	if (WARN_ON(!rdev->cur_cmd_info))
15219 		return NULL;
15220 
15221 	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
15222 					   rdev->cur_cmd_info->snd_portid,
15223 					   rdev->cur_cmd_info->snd_seq,
15224 					   cmd, attr, NULL, GFP_KERNEL);
15225 }
15226 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
15227 
15228 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
15229 {
15230 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
15231 	void *hdr = ((void **)skb->cb)[1];
15232 	struct nlattr *data = ((void **)skb->cb)[2];
15233 
15234 	/* clear CB data for netlink core to own from now on */
15235 	memset(skb->cb, 0, sizeof(skb->cb));
15236 
15237 	if (WARN_ON(!rdev->cur_cmd_info)) {
15238 		kfree_skb(skb);
15239 		return -EINVAL;
15240 	}
15241 
15242 	nla_nest_end(skb, data);
15243 	genlmsg_end(skb, hdr);
15244 	return genlmsg_reply(skb, rdev->cur_cmd_info);
15245 }
15246 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
15247 
15248 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
15249 {
15250 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15251 
15252 	if (WARN_ON(!rdev->cur_cmd_info))
15253 		return 0;
15254 
15255 	return rdev->cur_cmd_info->snd_portid;
15256 }
15257 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
15258 
15259 static int nl80211_set_qos_map(struct sk_buff *skb,
15260 			       struct genl_info *info)
15261 {
15262 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15263 	struct cfg80211_qos_map *qos_map = NULL;
15264 	struct net_device *dev = info->user_ptr[1];
15265 	u8 *pos, len, num_des, des_len, des;
15266 	int ret;
15267 
15268 	if (!rdev->ops->set_qos_map)
15269 		return -EOPNOTSUPP;
15270 
15271 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
15272 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
15273 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
15274 
15275 		if (len % 2)
15276 			return -EINVAL;
15277 
15278 		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
15279 		if (!qos_map)
15280 			return -ENOMEM;
15281 
15282 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
15283 		if (num_des) {
15284 			des_len = num_des *
15285 				sizeof(struct cfg80211_dscp_exception);
15286 			memcpy(qos_map->dscp_exception, pos, des_len);
15287 			qos_map->num_des = num_des;
15288 			for (des = 0; des < num_des; des++) {
15289 				if (qos_map->dscp_exception[des].up > 7) {
15290 					kfree(qos_map);
15291 					return -EINVAL;
15292 				}
15293 			}
15294 			pos += des_len;
15295 		}
15296 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
15297 	}
15298 
15299 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
15300 	if (!ret)
15301 		ret = rdev_set_qos_map(rdev, dev, qos_map);
15302 
15303 	kfree(qos_map);
15304 	return ret;
15305 }
15306 
15307 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
15308 {
15309 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15310 	struct net_device *dev = info->user_ptr[1];
15311 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15312 	const u8 *peer;
15313 	u8 tsid, up;
15314 	u16 admitted_time = 0;
15315 
15316 	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
15317 		return -EOPNOTSUPP;
15318 
15319 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
15320 	    !info->attrs[NL80211_ATTR_USER_PRIO])
15321 		return -EINVAL;
15322 
15323 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
15324 	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
15325 
15326 	/* WMM uses TIDs 0-7 even for TSPEC */
15327 	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
15328 		/* TODO: handle 802.11 TSPEC/admission control
15329 		 * need more attributes for that (e.g. BA session requirement);
15330 		 * change the WMM adminssion test above to allow both then
15331 		 */
15332 		return -EINVAL;
15333 	}
15334 
15335 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
15336 
15337 	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
15338 		admitted_time =
15339 			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
15340 		if (!admitted_time)
15341 			return -EINVAL;
15342 	}
15343 
15344 	switch (wdev->iftype) {
15345 	case NL80211_IFTYPE_STATION:
15346 	case NL80211_IFTYPE_P2P_CLIENT:
15347 		if (wdev->connected)
15348 			break;
15349 		return -ENOTCONN;
15350 	default:
15351 		return -EOPNOTSUPP;
15352 	}
15353 
15354 	return rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
15355 }
15356 
15357 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
15358 {
15359 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15360 	struct net_device *dev = info->user_ptr[1];
15361 	const u8 *peer;
15362 	u8 tsid;
15363 
15364 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
15365 		return -EINVAL;
15366 
15367 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
15368 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
15369 
15370 	return rdev_del_tx_ts(rdev, dev, tsid, peer);
15371 }
15372 
15373 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
15374 				       struct genl_info *info)
15375 {
15376 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15377 	struct net_device *dev = info->user_ptr[1];
15378 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15379 	struct cfg80211_chan_def chandef = {};
15380 	const u8 *addr;
15381 	u8 oper_class;
15382 	int err;
15383 
15384 	if (!rdev->ops->tdls_channel_switch ||
15385 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
15386 		return -EOPNOTSUPP;
15387 
15388 	switch (dev->ieee80211_ptr->iftype) {
15389 	case NL80211_IFTYPE_STATION:
15390 	case NL80211_IFTYPE_P2P_CLIENT:
15391 		break;
15392 	default:
15393 		return -EOPNOTSUPP;
15394 	}
15395 
15396 	if (!info->attrs[NL80211_ATTR_MAC] ||
15397 	    !info->attrs[NL80211_ATTR_OPER_CLASS])
15398 		return -EINVAL;
15399 
15400 	err = nl80211_parse_chandef(rdev, info, &chandef);
15401 	if (err)
15402 		return err;
15403 
15404 	/*
15405 	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
15406 	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
15407 	 * specification is not defined for them.
15408 	 */
15409 	if (chandef.chan->band == NL80211_BAND_2GHZ &&
15410 	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
15411 	    chandef.width != NL80211_CHAN_WIDTH_20)
15412 		return -EINVAL;
15413 
15414 	/* we will be active on the TDLS link */
15415 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
15416 					   wdev->iftype))
15417 		return -EINVAL;
15418 
15419 	/* don't allow switching to DFS channels */
15420 	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
15421 		return -EINVAL;
15422 
15423 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
15424 	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
15425 
15426 	return rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
15427 }
15428 
15429 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
15430 					      struct genl_info *info)
15431 {
15432 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15433 	struct net_device *dev = info->user_ptr[1];
15434 	const u8 *addr;
15435 
15436 	if (!rdev->ops->tdls_channel_switch ||
15437 	    !rdev->ops->tdls_cancel_channel_switch ||
15438 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
15439 		return -EOPNOTSUPP;
15440 
15441 	switch (dev->ieee80211_ptr->iftype) {
15442 	case NL80211_IFTYPE_STATION:
15443 	case NL80211_IFTYPE_P2P_CLIENT:
15444 		break;
15445 	default:
15446 		return -EOPNOTSUPP;
15447 	}
15448 
15449 	if (!info->attrs[NL80211_ATTR_MAC])
15450 		return -EINVAL;
15451 
15452 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
15453 
15454 	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
15455 
15456 	return 0;
15457 }
15458 
15459 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
15460 					    struct genl_info *info)
15461 {
15462 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15463 	struct net_device *dev = info->user_ptr[1];
15464 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15465 	const struct nlattr *nla;
15466 	bool enabled;
15467 
15468 	if (!rdev->ops->set_multicast_to_unicast)
15469 		return -EOPNOTSUPP;
15470 
15471 	if (wdev->iftype != NL80211_IFTYPE_AP &&
15472 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
15473 		return -EOPNOTSUPP;
15474 
15475 	nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
15476 	enabled = nla_get_flag(nla);
15477 
15478 	return rdev_set_multicast_to_unicast(rdev, dev, enabled);
15479 }
15480 
15481 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
15482 {
15483 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15484 	struct net_device *dev = info->user_ptr[1];
15485 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15486 	struct cfg80211_pmk_conf pmk_conf = {};
15487 
15488 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
15489 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
15490 		return -EOPNOTSUPP;
15491 
15492 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
15493 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
15494 		return -EOPNOTSUPP;
15495 
15496 	if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
15497 		return -EINVAL;
15498 
15499 	if (!wdev->connected)
15500 		return -ENOTCONN;
15501 
15502 	pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
15503 	if (memcmp(pmk_conf.aa, wdev->u.client.connected_addr, ETH_ALEN))
15504 		return -EINVAL;
15505 
15506 	pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
15507 	pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
15508 	if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
15509 	    pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192)
15510 		return -EINVAL;
15511 
15512 	if (info->attrs[NL80211_ATTR_PMKR0_NAME])
15513 		pmk_conf.pmk_r0_name =
15514 			nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
15515 
15516 	return rdev_set_pmk(rdev, dev, &pmk_conf);
15517 }
15518 
15519 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
15520 {
15521 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15522 	struct net_device *dev = info->user_ptr[1];
15523 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15524 	const u8 *aa;
15525 
15526 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
15527 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
15528 		return -EOPNOTSUPP;
15529 
15530 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
15531 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
15532 		return -EOPNOTSUPP;
15533 
15534 	if (!info->attrs[NL80211_ATTR_MAC])
15535 		return -EINVAL;
15536 
15537 	aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
15538 	return rdev_del_pmk(rdev, dev, aa);
15539 }
15540 
15541 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
15542 {
15543 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15544 	struct net_device *dev = info->user_ptr[1];
15545 	struct cfg80211_external_auth_params params;
15546 
15547 	if (!rdev->ops->external_auth)
15548 		return -EOPNOTSUPP;
15549 
15550 	if (!info->attrs[NL80211_ATTR_SSID] &&
15551 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
15552 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
15553 		return -EINVAL;
15554 
15555 	if (!info->attrs[NL80211_ATTR_BSSID])
15556 		return -EINVAL;
15557 
15558 	if (!info->attrs[NL80211_ATTR_STATUS_CODE])
15559 		return -EINVAL;
15560 
15561 	memset(&params, 0, sizeof(params));
15562 
15563 	if (info->attrs[NL80211_ATTR_SSID]) {
15564 		params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
15565 		if (params.ssid.ssid_len == 0)
15566 			return -EINVAL;
15567 		memcpy(params.ssid.ssid,
15568 		       nla_data(info->attrs[NL80211_ATTR_SSID]),
15569 		       params.ssid.ssid_len);
15570 	}
15571 
15572 	memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
15573 	       ETH_ALEN);
15574 
15575 	params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
15576 
15577 	if (info->attrs[NL80211_ATTR_PMKID])
15578 		params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
15579 
15580 	return rdev_external_auth(rdev, dev, &params);
15581 }
15582 
15583 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
15584 {
15585 	bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
15586 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15587 	struct net_device *dev = info->user_ptr[1];
15588 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15589 	const u8 *buf;
15590 	size_t len;
15591 	u8 *dest;
15592 	u16 proto;
15593 	bool noencrypt;
15594 	u64 cookie = 0;
15595 	int link_id;
15596 	int err;
15597 
15598 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
15599 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
15600 		return -EOPNOTSUPP;
15601 
15602 	if (!rdev->ops->tx_control_port)
15603 		return -EOPNOTSUPP;
15604 
15605 	if (!info->attrs[NL80211_ATTR_FRAME] ||
15606 	    !info->attrs[NL80211_ATTR_MAC] ||
15607 	    !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
15608 		GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
15609 		return -EINVAL;
15610 	}
15611 
15612 	switch (wdev->iftype) {
15613 	case NL80211_IFTYPE_AP:
15614 	case NL80211_IFTYPE_P2P_GO:
15615 	case NL80211_IFTYPE_MESH_POINT:
15616 		break;
15617 	case NL80211_IFTYPE_ADHOC:
15618 		if (wdev->u.ibss.current_bss)
15619 			break;
15620 		return -ENOTCONN;
15621 	case NL80211_IFTYPE_STATION:
15622 	case NL80211_IFTYPE_P2P_CLIENT:
15623 		if (wdev->connected)
15624 			break;
15625 		return -ENOTCONN;
15626 	default:
15627 		return -EOPNOTSUPP;
15628 	}
15629 
15630 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
15631 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
15632 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
15633 	proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
15634 	noencrypt =
15635 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
15636 
15637 	link_id = nl80211_link_id_or_invalid(info->attrs);
15638 
15639 	err = rdev_tx_control_port(rdev, dev, buf, len,
15640 				   dest, cpu_to_be16(proto), noencrypt, link_id,
15641 				   dont_wait_for_ack ? NULL : &cookie);
15642 	if (!err && !dont_wait_for_ack)
15643 		nl_set_extack_cookie_u64(info->extack, cookie);
15644 	return err;
15645 }
15646 
15647 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
15648 					   struct genl_info *info)
15649 {
15650 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15651 	struct net_device *dev = info->user_ptr[1];
15652 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15653 	struct cfg80211_ftm_responder_stats ftm_stats = {};
15654 	unsigned int link_id = nl80211_link_id(info->attrs);
15655 	struct sk_buff *msg;
15656 	void *hdr;
15657 	struct nlattr *ftm_stats_attr;
15658 	int err;
15659 
15660 	if (wdev->iftype != NL80211_IFTYPE_AP ||
15661 	    !wdev->links[link_id].ap.beacon_interval)
15662 		return -EOPNOTSUPP;
15663 
15664 	err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
15665 	if (err)
15666 		return err;
15667 
15668 	if (!ftm_stats.filled)
15669 		return -ENODATA;
15670 
15671 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15672 	if (!msg)
15673 		return -ENOMEM;
15674 
15675 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15676 			     NL80211_CMD_GET_FTM_RESPONDER_STATS);
15677 	if (!hdr)
15678 		goto nla_put_failure;
15679 
15680 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15681 		goto nla_put_failure;
15682 
15683 	ftm_stats_attr = nla_nest_start_noflag(msg,
15684 					       NL80211_ATTR_FTM_RESPONDER_STATS);
15685 	if (!ftm_stats_attr)
15686 		goto nla_put_failure;
15687 
15688 #define SET_FTM(field, name, type)					 \
15689 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
15690 	    nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name,		 \
15691 			     ftm_stats.field))				 \
15692 		goto nla_put_failure; } while (0)
15693 #define SET_FTM_U64(field, name)					 \
15694 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
15695 	    nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name,		 \
15696 			      ftm_stats.field, NL80211_FTM_STATS_PAD))	 \
15697 		goto nla_put_failure; } while (0)
15698 
15699 	SET_FTM(success_num, SUCCESS_NUM, u32);
15700 	SET_FTM(partial_num, PARTIAL_NUM, u32);
15701 	SET_FTM(failed_num, FAILED_NUM, u32);
15702 	SET_FTM(asap_num, ASAP_NUM, u32);
15703 	SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
15704 	SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
15705 	SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
15706 	SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
15707 	SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
15708 #undef SET_FTM
15709 
15710 	nla_nest_end(msg, ftm_stats_attr);
15711 
15712 	genlmsg_end(msg, hdr);
15713 	return genlmsg_reply(msg, info);
15714 
15715 nla_put_failure:
15716 	nlmsg_free(msg);
15717 	return -ENOBUFS;
15718 }
15719 
15720 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
15721 {
15722 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15723 	struct cfg80211_update_owe_info owe_info;
15724 	struct net_device *dev = info->user_ptr[1];
15725 
15726 	if (!rdev->ops->update_owe_info)
15727 		return -EOPNOTSUPP;
15728 
15729 	if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
15730 	    !info->attrs[NL80211_ATTR_MAC])
15731 		return -EINVAL;
15732 
15733 	memset(&owe_info, 0, sizeof(owe_info));
15734 	owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
15735 	nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
15736 
15737 	if (info->attrs[NL80211_ATTR_IE]) {
15738 		owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
15739 		owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
15740 	}
15741 
15742 	return rdev_update_owe_info(rdev, dev, &owe_info);
15743 }
15744 
15745 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
15746 {
15747 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15748 	struct net_device *dev = info->user_ptr[1];
15749 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15750 	struct station_info sinfo = {};
15751 	const u8 *buf;
15752 	size_t len;
15753 	u8 *dest;
15754 	int err;
15755 
15756 	if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
15757 		return -EOPNOTSUPP;
15758 
15759 	if (!info->attrs[NL80211_ATTR_MAC] ||
15760 	    !info->attrs[NL80211_ATTR_FRAME]) {
15761 		GENL_SET_ERR_MSG(info, "Frame or MAC missing");
15762 		return -EINVAL;
15763 	}
15764 
15765 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
15766 		return -EOPNOTSUPP;
15767 
15768 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
15769 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
15770 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
15771 
15772 	if (len < sizeof(struct ethhdr))
15773 		return -EINVAL;
15774 
15775 	if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
15776 	    !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
15777 		return -EINVAL;
15778 
15779 	err = rdev_get_station(rdev, dev, dest, &sinfo);
15780 	if (err)
15781 		return err;
15782 
15783 	cfg80211_sinfo_release_content(&sinfo);
15784 
15785 	return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
15786 }
15787 
15788 static int parse_tid_conf(struct cfg80211_registered_device *rdev,
15789 			  struct nlattr *attrs[], struct net_device *dev,
15790 			  struct cfg80211_tid_cfg *tid_conf,
15791 			  struct genl_info *info, const u8 *peer,
15792 			  unsigned int link_id)
15793 {
15794 	struct netlink_ext_ack *extack = info->extack;
15795 	u64 mask;
15796 	int err;
15797 
15798 	if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
15799 		return -EINVAL;
15800 
15801 	tid_conf->config_override =
15802 			nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
15803 	tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
15804 
15805 	if (tid_conf->config_override) {
15806 		if (rdev->ops->reset_tid_config) {
15807 			err = rdev_reset_tid_config(rdev, dev, peer,
15808 						    tid_conf->tids);
15809 			if (err)
15810 				return err;
15811 		} else {
15812 			return -EINVAL;
15813 		}
15814 	}
15815 
15816 	if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
15817 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
15818 		tid_conf->noack =
15819 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
15820 	}
15821 
15822 	if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
15823 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
15824 		tid_conf->retry_short =
15825 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
15826 
15827 		if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
15828 			return -EINVAL;
15829 	}
15830 
15831 	if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
15832 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
15833 		tid_conf->retry_long =
15834 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
15835 
15836 		if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
15837 			return -EINVAL;
15838 	}
15839 
15840 	if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
15841 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
15842 		tid_conf->ampdu =
15843 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
15844 	}
15845 
15846 	if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
15847 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
15848 		tid_conf->rtscts =
15849 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
15850 	}
15851 
15852 	if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
15853 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
15854 		tid_conf->amsdu =
15855 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
15856 	}
15857 
15858 	if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
15859 		u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
15860 
15861 		tid_conf->txrate_type = nla_get_u8(attrs[idx]);
15862 
15863 		if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
15864 			attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
15865 			err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
15866 						    &tid_conf->txrate_mask, dev,
15867 						    true, link_id);
15868 			if (err)
15869 				return err;
15870 
15871 			tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
15872 		}
15873 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
15874 	}
15875 
15876 	if (peer)
15877 		mask = rdev->wiphy.tid_config_support.peer;
15878 	else
15879 		mask = rdev->wiphy.tid_config_support.vif;
15880 
15881 	if (tid_conf->mask & ~mask) {
15882 		NL_SET_ERR_MSG(extack, "unsupported TID configuration");
15883 		return -EOPNOTSUPP;
15884 	}
15885 
15886 	return 0;
15887 }
15888 
15889 static int nl80211_set_tid_config(struct sk_buff *skb,
15890 				  struct genl_info *info)
15891 {
15892 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15893 	struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
15894 	unsigned int link_id = nl80211_link_id(info->attrs);
15895 	struct net_device *dev = info->user_ptr[1];
15896 	struct cfg80211_tid_config *tid_config;
15897 	struct nlattr *tid;
15898 	int conf_idx = 0, rem_conf;
15899 	int ret = -EINVAL;
15900 	u32 num_conf = 0;
15901 
15902 	if (!info->attrs[NL80211_ATTR_TID_CONFIG])
15903 		return -EINVAL;
15904 
15905 	if (!rdev->ops->set_tid_config)
15906 		return -EOPNOTSUPP;
15907 
15908 	nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
15909 			    rem_conf)
15910 		num_conf++;
15911 
15912 	tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
15913 			     GFP_KERNEL);
15914 	if (!tid_config)
15915 		return -ENOMEM;
15916 
15917 	tid_config->n_tid_conf = num_conf;
15918 
15919 	if (info->attrs[NL80211_ATTR_MAC])
15920 		tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
15921 
15922 	nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
15923 			    rem_conf) {
15924 		ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
15925 				       tid, NULL, NULL);
15926 
15927 		if (ret)
15928 			goto bad_tid_conf;
15929 
15930 		ret = parse_tid_conf(rdev, attrs, dev,
15931 				     &tid_config->tid_conf[conf_idx],
15932 				     info, tid_config->peer, link_id);
15933 		if (ret)
15934 			goto bad_tid_conf;
15935 
15936 		conf_idx++;
15937 	}
15938 
15939 	ret = rdev_set_tid_config(rdev, dev, tid_config);
15940 
15941 bad_tid_conf:
15942 	kfree(tid_config);
15943 	return ret;
15944 }
15945 
15946 static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info)
15947 {
15948 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15949 	struct cfg80211_color_change_settings params = {};
15950 	struct net_device *dev = info->user_ptr[1];
15951 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15952 	struct nlattr **tb;
15953 	u16 offset;
15954 	int err;
15955 
15956 	if (!rdev->ops->color_change)
15957 		return -EOPNOTSUPP;
15958 
15959 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
15960 				     NL80211_EXT_FEATURE_BSS_COLOR))
15961 		return -EOPNOTSUPP;
15962 
15963 	if (wdev->iftype != NL80211_IFTYPE_AP)
15964 		return -EOPNOTSUPP;
15965 
15966 	if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] ||
15967 	    !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] ||
15968 	    !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS])
15969 		return -EINVAL;
15970 
15971 	params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]);
15972 	params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]);
15973 
15974 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_next,
15975 				   info->extack);
15976 	if (err)
15977 		return err;
15978 
15979 	tb = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*tb), GFP_KERNEL);
15980 	if (!tb)
15981 		return -ENOMEM;
15982 
15983 	err = nla_parse_nested(tb, NL80211_ATTR_MAX,
15984 			       info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS],
15985 			       nl80211_policy, info->extack);
15986 	if (err)
15987 		goto out;
15988 
15989 	err = nl80211_parse_beacon(rdev, tb, &params.beacon_color_change,
15990 				   info->extack);
15991 	if (err)
15992 		goto out;
15993 
15994 	if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
15995 		err = -EINVAL;
15996 		goto out;
15997 	}
15998 
15999 	if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) {
16000 		err = -EINVAL;
16001 		goto out;
16002 	}
16003 
16004 	offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
16005 	if (offset >= params.beacon_color_change.tail_len) {
16006 		err = -EINVAL;
16007 		goto out;
16008 	}
16009 
16010 	if (params.beacon_color_change.tail[offset] != params.count) {
16011 		err = -EINVAL;
16012 		goto out;
16013 	}
16014 
16015 	params.counter_offset_beacon = offset;
16016 
16017 	if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
16018 		if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) !=
16019 		    sizeof(u16)) {
16020 			err = -EINVAL;
16021 			goto out;
16022 		}
16023 
16024 		offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
16025 		if (offset >= params.beacon_color_change.probe_resp_len) {
16026 			err = -EINVAL;
16027 			goto out;
16028 		}
16029 
16030 		if (params.beacon_color_change.probe_resp[offset] !=
16031 		    params.count) {
16032 			err = -EINVAL;
16033 			goto out;
16034 		}
16035 
16036 		params.counter_offset_presp = offset;
16037 	}
16038 
16039 	params.link_id = nl80211_link_id(info->attrs);
16040 	err = rdev_color_change(rdev, dev, &params);
16041 
16042 out:
16043 	kfree(params.beacon_next.mbssid_ies);
16044 	kfree(params.beacon_color_change.mbssid_ies);
16045 	kfree(params.beacon_next.rnr_ies);
16046 	kfree(params.beacon_color_change.rnr_ies);
16047 	kfree(tb);
16048 	return err;
16049 }
16050 
16051 static int nl80211_set_fils_aad(struct sk_buff *skb,
16052 				struct genl_info *info)
16053 {
16054 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16055 	struct net_device *dev = info->user_ptr[1];
16056 	struct cfg80211_fils_aad fils_aad = {};
16057 	u8 *nonces;
16058 
16059 	if (!info->attrs[NL80211_ATTR_MAC] ||
16060 	    !info->attrs[NL80211_ATTR_FILS_KEK] ||
16061 	    !info->attrs[NL80211_ATTR_FILS_NONCES])
16062 		return -EINVAL;
16063 
16064 	fils_aad.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
16065 	fils_aad.kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
16066 	fils_aad.kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
16067 	nonces = nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
16068 	fils_aad.snonce = nonces;
16069 	fils_aad.anonce = nonces + FILS_NONCE_LEN;
16070 
16071 	return rdev_set_fils_aad(rdev, dev, &fils_aad);
16072 }
16073 
16074 static int nl80211_add_link(struct sk_buff *skb, struct genl_info *info)
16075 {
16076 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16077 	unsigned int link_id = nl80211_link_id(info->attrs);
16078 	struct net_device *dev = info->user_ptr[1];
16079 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16080 	int ret;
16081 
16082 	if (!(wdev->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO))
16083 		return -EINVAL;
16084 
16085 	switch (wdev->iftype) {
16086 	case NL80211_IFTYPE_AP:
16087 		break;
16088 	default:
16089 		return -EINVAL;
16090 	}
16091 
16092 	if (!info->attrs[NL80211_ATTR_MAC] ||
16093 	    !is_valid_ether_addr(nla_data(info->attrs[NL80211_ATTR_MAC])))
16094 		return -EINVAL;
16095 
16096 	wdev->valid_links |= BIT(link_id);
16097 	ether_addr_copy(wdev->links[link_id].addr,
16098 			nla_data(info->attrs[NL80211_ATTR_MAC]));
16099 
16100 	ret = rdev_add_intf_link(rdev, wdev, link_id);
16101 	if (ret) {
16102 		wdev->valid_links &= ~BIT(link_id);
16103 		eth_zero_addr(wdev->links[link_id].addr);
16104 	}
16105 
16106 	return ret;
16107 }
16108 
16109 static int nl80211_remove_link(struct sk_buff *skb, struct genl_info *info)
16110 {
16111 	unsigned int link_id = nl80211_link_id(info->attrs);
16112 	struct net_device *dev = info->user_ptr[1];
16113 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16114 
16115 	/* cannot remove if there's no link */
16116 	if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
16117 		return -EINVAL;
16118 
16119 	switch (wdev->iftype) {
16120 	case NL80211_IFTYPE_AP:
16121 		break;
16122 	default:
16123 		return -EINVAL;
16124 	}
16125 
16126 	cfg80211_remove_link(wdev, link_id);
16127 
16128 	return 0;
16129 }
16130 
16131 static int
16132 nl80211_add_mod_link_station(struct sk_buff *skb, struct genl_info *info,
16133 			     bool add)
16134 {
16135 	struct link_station_parameters params = {};
16136 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16137 	struct net_device *dev = info->user_ptr[1];
16138 	int err;
16139 
16140 	if ((add && !rdev->ops->add_link_station) ||
16141 	    (!add && !rdev->ops->mod_link_station))
16142 		return -EOPNOTSUPP;
16143 
16144 	if (add && !info->attrs[NL80211_ATTR_MAC])
16145 		return -EINVAL;
16146 
16147 	if (!info->attrs[NL80211_ATTR_MLD_ADDR])
16148 		return -EINVAL;
16149 
16150 	if (add && !info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
16151 		return -EINVAL;
16152 
16153 	params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
16154 
16155 	if (info->attrs[NL80211_ATTR_MAC]) {
16156 		params.link_mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
16157 		if (!is_valid_ether_addr(params.link_mac))
16158 			return -EINVAL;
16159 	}
16160 
16161 	if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
16162 		return -EINVAL;
16163 
16164 	params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
16165 
16166 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
16167 		params.supported_rates =
16168 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
16169 		params.supported_rates_len =
16170 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
16171 	}
16172 
16173 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
16174 		params.ht_capa =
16175 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
16176 
16177 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
16178 		params.vht_capa =
16179 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
16180 
16181 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
16182 		params.he_capa =
16183 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
16184 		params.he_capa_len =
16185 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
16186 
16187 		if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
16188 			params.eht_capa =
16189 				nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
16190 			params.eht_capa_len =
16191 				nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
16192 
16193 			if (!ieee80211_eht_capa_size_ok((const u8 *)params.he_capa,
16194 							(const u8 *)params.eht_capa,
16195 							params.eht_capa_len,
16196 							false))
16197 				return -EINVAL;
16198 		}
16199 	}
16200 
16201 	if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
16202 		params.he_6ghz_capa =
16203 			nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
16204 
16205 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
16206 		params.opmode_notif_used = true;
16207 		params.opmode_notif =
16208 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
16209 	}
16210 
16211 	err = nl80211_parse_sta_txpower_setting(info, &params.txpwr,
16212 						&params.txpwr_set);
16213 	if (err)
16214 		return err;
16215 
16216 	if (add)
16217 		return rdev_add_link_station(rdev, dev, &params);
16218 
16219 	return rdev_mod_link_station(rdev, dev, &params);
16220 }
16221 
16222 static int
16223 nl80211_add_link_station(struct sk_buff *skb, struct genl_info *info)
16224 {
16225 	return nl80211_add_mod_link_station(skb, info, true);
16226 }
16227 
16228 static int
16229 nl80211_modify_link_station(struct sk_buff *skb, struct genl_info *info)
16230 {
16231 	return nl80211_add_mod_link_station(skb, info, false);
16232 }
16233 
16234 static int
16235 nl80211_remove_link_station(struct sk_buff *skb, struct genl_info *info)
16236 {
16237 	struct link_station_del_parameters params = {};
16238 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16239 	struct net_device *dev = info->user_ptr[1];
16240 
16241 	if (!rdev->ops->del_link_station)
16242 		return -EOPNOTSUPP;
16243 
16244 	if (!info->attrs[NL80211_ATTR_MLD_ADDR] ||
16245 	    !info->attrs[NL80211_ATTR_MLO_LINK_ID])
16246 		return -EINVAL;
16247 
16248 	params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
16249 	params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
16250 
16251 	return rdev_del_link_station(rdev, dev, &params);
16252 }
16253 
16254 static int nl80211_set_hw_timestamp(struct sk_buff *skb,
16255 				    struct genl_info *info)
16256 {
16257 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16258 	struct net_device *dev = info->user_ptr[1];
16259 	struct cfg80211_set_hw_timestamp hwts = {};
16260 
16261 	if (!rdev->wiphy.hw_timestamp_max_peers)
16262 		return -EOPNOTSUPP;
16263 
16264 	if (!info->attrs[NL80211_ATTR_MAC] &&
16265 	    rdev->wiphy.hw_timestamp_max_peers != CFG80211_HW_TIMESTAMP_ALL_PEERS)
16266 		return -EOPNOTSUPP;
16267 
16268 	if (info->attrs[NL80211_ATTR_MAC])
16269 		hwts.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
16270 
16271 	hwts.enable =
16272 		nla_get_flag(info->attrs[NL80211_ATTR_HW_TIMESTAMP_ENABLED]);
16273 
16274 	return rdev_set_hw_timestamp(rdev, dev, &hwts);
16275 }
16276 
16277 static int
16278 nl80211_set_ttlm(struct sk_buff *skb, struct genl_info *info)
16279 {
16280 	struct cfg80211_ttlm_params params = {};
16281 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16282 	struct net_device *dev = info->user_ptr[1];
16283 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16284 
16285 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
16286 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
16287 		return -EOPNOTSUPP;
16288 
16289 	if (!wdev->connected)
16290 		return -ENOLINK;
16291 
16292 	if (!info->attrs[NL80211_ATTR_MLO_TTLM_DLINK] ||
16293 	    !info->attrs[NL80211_ATTR_MLO_TTLM_ULINK])
16294 		return -EINVAL;
16295 
16296 	nla_memcpy(params.dlink,
16297 		   info->attrs[NL80211_ATTR_MLO_TTLM_DLINK],
16298 		   sizeof(params.dlink));
16299 	nla_memcpy(params.ulink,
16300 		   info->attrs[NL80211_ATTR_MLO_TTLM_ULINK],
16301 		   sizeof(params.ulink));
16302 
16303 	return rdev_set_ttlm(rdev, dev, &params);
16304 }
16305 
16306 #define NL80211_FLAG_NEED_WIPHY		0x01
16307 #define NL80211_FLAG_NEED_NETDEV	0x02
16308 #define NL80211_FLAG_NEED_RTNL		0x04
16309 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
16310 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
16311 					 NL80211_FLAG_CHECK_NETDEV_UP)
16312 #define NL80211_FLAG_NEED_WDEV		0x10
16313 /* If a netdev is associated, it must be UP, P2P must be started */
16314 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
16315 					 NL80211_FLAG_CHECK_NETDEV_UP)
16316 #define NL80211_FLAG_CLEAR_SKB		0x20
16317 #define NL80211_FLAG_NO_WIPHY_MTX	0x40
16318 #define NL80211_FLAG_MLO_VALID_LINK_ID	0x80
16319 #define NL80211_FLAG_MLO_UNSUPPORTED	0x100
16320 
16321 #define INTERNAL_FLAG_SELECTORS(__sel)			\
16322 	SELECTOR(__sel, NONE, 0) /* must be first */	\
16323 	SELECTOR(__sel, WIPHY,				\
16324 		 NL80211_FLAG_NEED_WIPHY)		\
16325 	SELECTOR(__sel, WDEV,				\
16326 		 NL80211_FLAG_NEED_WDEV)		\
16327 	SELECTOR(__sel, NETDEV,				\
16328 		 NL80211_FLAG_NEED_NETDEV)		\
16329 	SELECTOR(__sel, NETDEV_LINK,			\
16330 		 NL80211_FLAG_NEED_NETDEV |		\
16331 		 NL80211_FLAG_MLO_VALID_LINK_ID)	\
16332 	SELECTOR(__sel, NETDEV_NO_MLO,			\
16333 		 NL80211_FLAG_NEED_NETDEV |		\
16334 		 NL80211_FLAG_MLO_UNSUPPORTED)	\
16335 	SELECTOR(__sel, WIPHY_RTNL,			\
16336 		 NL80211_FLAG_NEED_WIPHY |		\
16337 		 NL80211_FLAG_NEED_RTNL)		\
16338 	SELECTOR(__sel, WIPHY_RTNL_NOMTX,		\
16339 		 NL80211_FLAG_NEED_WIPHY |		\
16340 		 NL80211_FLAG_NEED_RTNL |		\
16341 		 NL80211_FLAG_NO_WIPHY_MTX)		\
16342 	SELECTOR(__sel, WDEV_RTNL,			\
16343 		 NL80211_FLAG_NEED_WDEV |		\
16344 		 NL80211_FLAG_NEED_RTNL)		\
16345 	SELECTOR(__sel, NETDEV_RTNL,			\
16346 		 NL80211_FLAG_NEED_NETDEV |		\
16347 		 NL80211_FLAG_NEED_RTNL)		\
16348 	SELECTOR(__sel, NETDEV_UP,			\
16349 		 NL80211_FLAG_NEED_NETDEV_UP)		\
16350 	SELECTOR(__sel, NETDEV_UP_LINK,			\
16351 		 NL80211_FLAG_NEED_NETDEV_UP |		\
16352 		 NL80211_FLAG_MLO_VALID_LINK_ID)	\
16353 	SELECTOR(__sel, NETDEV_UP_NO_MLO,		\
16354 		 NL80211_FLAG_NEED_NETDEV_UP |		\
16355 		 NL80211_FLAG_MLO_UNSUPPORTED)		\
16356 	SELECTOR(__sel, NETDEV_UP_NO_MLO_CLEAR,		\
16357 		 NL80211_FLAG_NEED_NETDEV_UP |		\
16358 		 NL80211_FLAG_CLEAR_SKB |		\
16359 		 NL80211_FLAG_MLO_UNSUPPORTED)		\
16360 	SELECTOR(__sel, NETDEV_UP_NOTMX,		\
16361 		 NL80211_FLAG_NEED_NETDEV_UP |		\
16362 		 NL80211_FLAG_NO_WIPHY_MTX)		\
16363 	SELECTOR(__sel, NETDEV_UP_NOTMX_NOMLO,		\
16364 		 NL80211_FLAG_NEED_NETDEV_UP |		\
16365 		 NL80211_FLAG_NO_WIPHY_MTX |		\
16366 		 NL80211_FLAG_MLO_UNSUPPORTED)		\
16367 	SELECTOR(__sel, NETDEV_UP_CLEAR,		\
16368 		 NL80211_FLAG_NEED_NETDEV_UP |		\
16369 		 NL80211_FLAG_CLEAR_SKB)		\
16370 	SELECTOR(__sel, WDEV_UP,			\
16371 		 NL80211_FLAG_NEED_WDEV_UP)		\
16372 	SELECTOR(__sel, WDEV_UP_LINK,			\
16373 		 NL80211_FLAG_NEED_WDEV_UP |		\
16374 		 NL80211_FLAG_MLO_VALID_LINK_ID)	\
16375 	SELECTOR(__sel, WDEV_UP_RTNL,			\
16376 		 NL80211_FLAG_NEED_WDEV_UP |		\
16377 		 NL80211_FLAG_NEED_RTNL)		\
16378 	SELECTOR(__sel, WIPHY_CLEAR,			\
16379 		 NL80211_FLAG_NEED_WIPHY |		\
16380 		 NL80211_FLAG_CLEAR_SKB)
16381 
16382 enum nl80211_internal_flags_selector {
16383 #define SELECTOR(_, name, value)	NL80211_IFL_SEL_##name,
16384 	INTERNAL_FLAG_SELECTORS(_)
16385 #undef SELECTOR
16386 };
16387 
16388 static u32 nl80211_internal_flags[] = {
16389 #define SELECTOR(_, name, value)	[NL80211_IFL_SEL_##name] = value,
16390 	INTERNAL_FLAG_SELECTORS(_)
16391 #undef SELECTOR
16392 };
16393 
16394 static int nl80211_pre_doit(const struct genl_split_ops *ops,
16395 			    struct sk_buff *skb,
16396 			    struct genl_info *info)
16397 {
16398 	struct cfg80211_registered_device *rdev = NULL;
16399 	struct wireless_dev *wdev = NULL;
16400 	struct net_device *dev = NULL;
16401 	u32 internal_flags;
16402 	int err;
16403 
16404 	if (WARN_ON(ops->internal_flags >= ARRAY_SIZE(nl80211_internal_flags)))
16405 		return -EINVAL;
16406 
16407 	internal_flags = nl80211_internal_flags[ops->internal_flags];
16408 
16409 	rtnl_lock();
16410 	if (internal_flags & NL80211_FLAG_NEED_WIPHY) {
16411 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
16412 		if (IS_ERR(rdev)) {
16413 			err = PTR_ERR(rdev);
16414 			goto out_unlock;
16415 		}
16416 		info->user_ptr[0] = rdev;
16417 	} else if (internal_flags & NL80211_FLAG_NEED_NETDEV ||
16418 		   internal_flags & NL80211_FLAG_NEED_WDEV) {
16419 		wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info),
16420 						  info->attrs);
16421 		if (IS_ERR(wdev)) {
16422 			err = PTR_ERR(wdev);
16423 			goto out_unlock;
16424 		}
16425 
16426 		dev = wdev->netdev;
16427 		dev_hold(dev);
16428 		rdev = wiphy_to_rdev(wdev->wiphy);
16429 
16430 		if (internal_flags & NL80211_FLAG_NEED_NETDEV) {
16431 			if (!dev) {
16432 				err = -EINVAL;
16433 				goto out_unlock;
16434 			}
16435 
16436 			info->user_ptr[1] = dev;
16437 		} else {
16438 			info->user_ptr[1] = wdev;
16439 		}
16440 
16441 		if (internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
16442 		    !wdev_running(wdev)) {
16443 			err = -ENETDOWN;
16444 			goto out_unlock;
16445 		}
16446 
16447 		info->user_ptr[0] = rdev;
16448 	}
16449 
16450 	if (internal_flags & NL80211_FLAG_MLO_VALID_LINK_ID) {
16451 		struct nlattr *link_id = info->attrs[NL80211_ATTR_MLO_LINK_ID];
16452 
16453 		if (!wdev) {
16454 			err = -EINVAL;
16455 			goto out_unlock;
16456 		}
16457 
16458 		/* MLO -> require valid link ID */
16459 		if (wdev->valid_links &&
16460 		    (!link_id ||
16461 		     !(wdev->valid_links & BIT(nla_get_u8(link_id))))) {
16462 			err = -EINVAL;
16463 			goto out_unlock;
16464 		}
16465 
16466 		/* non-MLO -> no link ID attribute accepted */
16467 		if (!wdev->valid_links && link_id) {
16468 			err = -EINVAL;
16469 			goto out_unlock;
16470 		}
16471 	}
16472 
16473 	if (internal_flags & NL80211_FLAG_MLO_UNSUPPORTED) {
16474 		if (info->attrs[NL80211_ATTR_MLO_LINK_ID] ||
16475 		    (wdev && wdev->valid_links)) {
16476 			err = -EINVAL;
16477 			goto out_unlock;
16478 		}
16479 	}
16480 
16481 	if (rdev && !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
16482 		wiphy_lock(&rdev->wiphy);
16483 		/* we keep the mutex locked until post_doit */
16484 		__release(&rdev->wiphy.mtx);
16485 	}
16486 	if (!(internal_flags & NL80211_FLAG_NEED_RTNL))
16487 		rtnl_unlock();
16488 
16489 	return 0;
16490 out_unlock:
16491 	rtnl_unlock();
16492 	dev_put(dev);
16493 	return err;
16494 }
16495 
16496 static void nl80211_post_doit(const struct genl_split_ops *ops,
16497 			      struct sk_buff *skb,
16498 			      struct genl_info *info)
16499 {
16500 	u32 internal_flags = nl80211_internal_flags[ops->internal_flags];
16501 
16502 	if (info->user_ptr[1]) {
16503 		if (internal_flags & NL80211_FLAG_NEED_WDEV) {
16504 			struct wireless_dev *wdev = info->user_ptr[1];
16505 
16506 			dev_put(wdev->netdev);
16507 		} else {
16508 			dev_put(info->user_ptr[1]);
16509 		}
16510 	}
16511 
16512 	if (info->user_ptr[0] &&
16513 	    !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
16514 		struct cfg80211_registered_device *rdev = info->user_ptr[0];
16515 
16516 		/* we kept the mutex locked since pre_doit */
16517 		__acquire(&rdev->wiphy.mtx);
16518 		wiphy_unlock(&rdev->wiphy);
16519 	}
16520 
16521 	if (internal_flags & NL80211_FLAG_NEED_RTNL)
16522 		rtnl_unlock();
16523 
16524 	/* If needed, clear the netlink message payload from the SKB
16525 	 * as it might contain key data that shouldn't stick around on
16526 	 * the heap after the SKB is freed. The netlink message header
16527 	 * is still needed for further processing, so leave it intact.
16528 	 */
16529 	if (internal_flags & NL80211_FLAG_CLEAR_SKB) {
16530 		struct nlmsghdr *nlh = nlmsg_hdr(skb);
16531 
16532 		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
16533 	}
16534 }
16535 
16536 static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
16537 				     struct cfg80211_sar_specs *sar_specs,
16538 				     struct nlattr *spec[], int index)
16539 {
16540 	u32 range_index, i;
16541 
16542 	if (!sar_specs || !spec)
16543 		return -EINVAL;
16544 
16545 	if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
16546 	    !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
16547 		return -EINVAL;
16548 
16549 	range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
16550 
16551 	/* check if range_index exceeds num_freq_ranges */
16552 	if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
16553 		return -EINVAL;
16554 
16555 	/* check if range_index duplicates */
16556 	for (i = 0; i < index; i++) {
16557 		if (sar_specs->sub_specs[i].freq_range_index == range_index)
16558 			return -EINVAL;
16559 	}
16560 
16561 	sar_specs->sub_specs[index].power =
16562 		nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
16563 
16564 	sar_specs->sub_specs[index].freq_range_index = range_index;
16565 
16566 	return 0;
16567 }
16568 
16569 static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
16570 {
16571 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16572 	struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
16573 	struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
16574 	struct cfg80211_sar_specs *sar_spec;
16575 	enum nl80211_sar_type type;
16576 	struct nlattr *spec_list;
16577 	u32 specs;
16578 	int rem, err;
16579 
16580 	if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
16581 		return -EOPNOTSUPP;
16582 
16583 	if (!info->attrs[NL80211_ATTR_SAR_SPEC])
16584 		return -EINVAL;
16585 
16586 	nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
16587 			 info->attrs[NL80211_ATTR_SAR_SPEC],
16588 			 NULL, NULL);
16589 
16590 	if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
16591 		return -EINVAL;
16592 
16593 	type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
16594 	if (type != rdev->wiphy.sar_capa->type)
16595 		return -EINVAL;
16596 
16597 	specs = 0;
16598 	nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
16599 		specs++;
16600 
16601 	if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
16602 		return -EINVAL;
16603 
16604 	sar_spec = kzalloc(struct_size(sar_spec, sub_specs, specs), GFP_KERNEL);
16605 	if (!sar_spec)
16606 		return -ENOMEM;
16607 
16608 	sar_spec->type = type;
16609 	specs = 0;
16610 	nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
16611 		nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
16612 				 spec_list, NULL, NULL);
16613 
16614 		switch (type) {
16615 		case NL80211_SAR_TYPE_POWER:
16616 			if (nl80211_set_sar_sub_specs(rdev, sar_spec,
16617 						      spec, specs)) {
16618 				err = -EINVAL;
16619 				goto error;
16620 			}
16621 			break;
16622 		default:
16623 			err = -EINVAL;
16624 			goto error;
16625 		}
16626 		specs++;
16627 	}
16628 
16629 	sar_spec->num_sub_specs = specs;
16630 
16631 	rdev->cur_cmd_info = info;
16632 	err = rdev_set_sar_specs(rdev, sar_spec);
16633 	rdev->cur_cmd_info = NULL;
16634 error:
16635 	kfree(sar_spec);
16636 	return err;
16637 }
16638 
16639 #define SELECTOR(__sel, name, value) \
16640 	((__sel) == (value)) ? NL80211_IFL_SEL_##name :
16641 int __missing_selector(void);
16642 #define IFLAGS(__val) INTERNAL_FLAG_SELECTORS(__val) __missing_selector()
16643 
16644 static const struct genl_ops nl80211_ops[] = {
16645 	{
16646 		.cmd = NL80211_CMD_GET_WIPHY,
16647 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16648 		.doit = nl80211_get_wiphy,
16649 		.dumpit = nl80211_dump_wiphy,
16650 		.done = nl80211_dump_wiphy_done,
16651 		/* can be retrieved by unprivileged users */
16652 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
16653 	},
16654 };
16655 
16656 static const struct genl_small_ops nl80211_small_ops[] = {
16657 	{
16658 		.cmd = NL80211_CMD_SET_WIPHY,
16659 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16660 		.doit = nl80211_set_wiphy,
16661 		.flags = GENL_UNS_ADMIN_PERM,
16662 	},
16663 	{
16664 		.cmd = NL80211_CMD_GET_INTERFACE,
16665 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16666 		.doit = nl80211_get_interface,
16667 		.dumpit = nl80211_dump_interface,
16668 		/* can be retrieved by unprivileged users */
16669 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
16670 	},
16671 	{
16672 		.cmd = NL80211_CMD_SET_INTERFACE,
16673 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16674 		.doit = nl80211_set_interface,
16675 		.flags = GENL_UNS_ADMIN_PERM,
16676 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
16677 					 NL80211_FLAG_NEED_RTNL),
16678 	},
16679 	{
16680 		.cmd = NL80211_CMD_NEW_INTERFACE,
16681 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16682 		.doit = nl80211_new_interface,
16683 		.flags = GENL_UNS_ADMIN_PERM,
16684 		.internal_flags =
16685 			IFLAGS(NL80211_FLAG_NEED_WIPHY |
16686 			       NL80211_FLAG_NEED_RTNL |
16687 			       /* we take the wiphy mutex later ourselves */
16688 			       NL80211_FLAG_NO_WIPHY_MTX),
16689 	},
16690 	{
16691 		.cmd = NL80211_CMD_DEL_INTERFACE,
16692 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16693 		.doit = nl80211_del_interface,
16694 		.flags = GENL_UNS_ADMIN_PERM,
16695 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
16696 					 NL80211_FLAG_NEED_RTNL),
16697 	},
16698 	{
16699 		.cmd = NL80211_CMD_GET_KEY,
16700 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16701 		.doit = nl80211_get_key,
16702 		.flags = GENL_UNS_ADMIN_PERM,
16703 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16704 	},
16705 	{
16706 		.cmd = NL80211_CMD_SET_KEY,
16707 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16708 		.doit = nl80211_set_key,
16709 		.flags = GENL_UNS_ADMIN_PERM,
16710 		/* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on key */
16711 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16712 					 NL80211_FLAG_CLEAR_SKB),
16713 	},
16714 	{
16715 		.cmd = NL80211_CMD_NEW_KEY,
16716 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16717 		.doit = nl80211_new_key,
16718 		.flags = GENL_UNS_ADMIN_PERM,
16719 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16720 					 NL80211_FLAG_CLEAR_SKB),
16721 	},
16722 	{
16723 		.cmd = NL80211_CMD_DEL_KEY,
16724 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16725 		.doit = nl80211_del_key,
16726 		.flags = GENL_UNS_ADMIN_PERM,
16727 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16728 	},
16729 	{
16730 		.cmd = NL80211_CMD_SET_BEACON,
16731 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16732 		.flags = GENL_UNS_ADMIN_PERM,
16733 		.doit = nl80211_set_beacon,
16734 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16735 					 NL80211_FLAG_MLO_VALID_LINK_ID),
16736 	},
16737 	{
16738 		.cmd = NL80211_CMD_START_AP,
16739 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16740 		.flags = GENL_UNS_ADMIN_PERM,
16741 		.doit = nl80211_start_ap,
16742 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16743 					 NL80211_FLAG_MLO_VALID_LINK_ID),
16744 	},
16745 	{
16746 		.cmd = NL80211_CMD_STOP_AP,
16747 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16748 		.flags = GENL_UNS_ADMIN_PERM,
16749 		.doit = nl80211_stop_ap,
16750 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16751 					 NL80211_FLAG_MLO_VALID_LINK_ID),
16752 	},
16753 	{
16754 		.cmd = NL80211_CMD_GET_STATION,
16755 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16756 		.doit = nl80211_get_station,
16757 		.dumpit = nl80211_dump_station,
16758 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
16759 	},
16760 	{
16761 		.cmd = NL80211_CMD_SET_STATION,
16762 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16763 		.doit = nl80211_set_station,
16764 		.flags = GENL_UNS_ADMIN_PERM,
16765 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16766 	},
16767 	{
16768 		.cmd = NL80211_CMD_NEW_STATION,
16769 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16770 		.doit = nl80211_new_station,
16771 		.flags = GENL_UNS_ADMIN_PERM,
16772 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16773 	},
16774 	{
16775 		.cmd = NL80211_CMD_DEL_STATION,
16776 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16777 		.doit = nl80211_del_station,
16778 		.flags = GENL_UNS_ADMIN_PERM,
16779 		/* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on
16780 		 * whether MAC address is passed or not. If MAC address is
16781 		 * passed, then even during MLO, link ID is not required.
16782 		 */
16783 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16784 	},
16785 	{
16786 		.cmd = NL80211_CMD_GET_MPATH,
16787 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16788 		.doit = nl80211_get_mpath,
16789 		.dumpit = nl80211_dump_mpath,
16790 		.flags = GENL_UNS_ADMIN_PERM,
16791 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16792 	},
16793 	{
16794 		.cmd = NL80211_CMD_GET_MPP,
16795 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16796 		.doit = nl80211_get_mpp,
16797 		.dumpit = nl80211_dump_mpp,
16798 		.flags = GENL_UNS_ADMIN_PERM,
16799 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16800 	},
16801 	{
16802 		.cmd = NL80211_CMD_SET_MPATH,
16803 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16804 		.doit = nl80211_set_mpath,
16805 		.flags = GENL_UNS_ADMIN_PERM,
16806 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16807 	},
16808 	{
16809 		.cmd = NL80211_CMD_NEW_MPATH,
16810 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16811 		.doit = nl80211_new_mpath,
16812 		.flags = GENL_UNS_ADMIN_PERM,
16813 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16814 	},
16815 	{
16816 		.cmd = NL80211_CMD_DEL_MPATH,
16817 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16818 		.doit = nl80211_del_mpath,
16819 		.flags = GENL_UNS_ADMIN_PERM,
16820 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16821 	},
16822 	{
16823 		.cmd = NL80211_CMD_SET_BSS,
16824 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16825 		.doit = nl80211_set_bss,
16826 		.flags = GENL_UNS_ADMIN_PERM,
16827 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16828 					 NL80211_FLAG_MLO_VALID_LINK_ID),
16829 	},
16830 	{
16831 		.cmd = NL80211_CMD_GET_REG,
16832 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16833 		.doit = nl80211_get_reg_do,
16834 		.dumpit = nl80211_get_reg_dump,
16835 		/* can be retrieved by unprivileged users */
16836 	},
16837 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
16838 	{
16839 		.cmd = NL80211_CMD_SET_REG,
16840 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16841 		.doit = nl80211_set_reg,
16842 		.flags = GENL_ADMIN_PERM,
16843 	},
16844 #endif
16845 	{
16846 		.cmd = NL80211_CMD_REQ_SET_REG,
16847 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16848 		.doit = nl80211_req_set_reg,
16849 		.flags = GENL_ADMIN_PERM,
16850 	},
16851 	{
16852 		.cmd = NL80211_CMD_RELOAD_REGDB,
16853 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16854 		.doit = nl80211_reload_regdb,
16855 		.flags = GENL_ADMIN_PERM,
16856 	},
16857 	{
16858 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
16859 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16860 		.doit = nl80211_get_mesh_config,
16861 		/* can be retrieved by unprivileged users */
16862 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16863 	},
16864 	{
16865 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
16866 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16867 		.doit = nl80211_update_mesh_config,
16868 		.flags = GENL_UNS_ADMIN_PERM,
16869 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16870 	},
16871 	{
16872 		.cmd = NL80211_CMD_TRIGGER_SCAN,
16873 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16874 		.doit = nl80211_trigger_scan,
16875 		.flags = GENL_UNS_ADMIN_PERM,
16876 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
16877 	},
16878 	{
16879 		.cmd = NL80211_CMD_ABORT_SCAN,
16880 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16881 		.doit = nl80211_abort_scan,
16882 		.flags = GENL_UNS_ADMIN_PERM,
16883 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
16884 	},
16885 	{
16886 		.cmd = NL80211_CMD_GET_SCAN,
16887 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16888 		.dumpit = nl80211_dump_scan,
16889 	},
16890 	{
16891 		.cmd = NL80211_CMD_START_SCHED_SCAN,
16892 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16893 		.doit = nl80211_start_sched_scan,
16894 		.flags = GENL_UNS_ADMIN_PERM,
16895 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16896 	},
16897 	{
16898 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
16899 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16900 		.doit = nl80211_stop_sched_scan,
16901 		.flags = GENL_UNS_ADMIN_PERM,
16902 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16903 	},
16904 	{
16905 		.cmd = NL80211_CMD_AUTHENTICATE,
16906 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16907 		.doit = nl80211_authenticate,
16908 		.flags = GENL_UNS_ADMIN_PERM,
16909 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16910 					 NL80211_FLAG_CLEAR_SKB),
16911 	},
16912 	{
16913 		.cmd = NL80211_CMD_ASSOCIATE,
16914 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16915 		.doit = nl80211_associate,
16916 		.flags = GENL_UNS_ADMIN_PERM,
16917 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16918 					 NL80211_FLAG_CLEAR_SKB),
16919 	},
16920 	{
16921 		.cmd = NL80211_CMD_DEAUTHENTICATE,
16922 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16923 		.doit = nl80211_deauthenticate,
16924 		.flags = GENL_UNS_ADMIN_PERM,
16925 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16926 	},
16927 	{
16928 		.cmd = NL80211_CMD_DISASSOCIATE,
16929 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16930 		.doit = nl80211_disassociate,
16931 		.flags = GENL_UNS_ADMIN_PERM,
16932 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16933 	},
16934 	{
16935 		.cmd = NL80211_CMD_JOIN_IBSS,
16936 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16937 		.doit = nl80211_join_ibss,
16938 		.flags = GENL_UNS_ADMIN_PERM,
16939 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16940 	},
16941 	{
16942 		.cmd = NL80211_CMD_LEAVE_IBSS,
16943 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16944 		.doit = nl80211_leave_ibss,
16945 		.flags = GENL_UNS_ADMIN_PERM,
16946 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16947 	},
16948 #ifdef CONFIG_NL80211_TESTMODE
16949 	{
16950 		.cmd = NL80211_CMD_TESTMODE,
16951 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16952 		.doit = nl80211_testmode_do,
16953 		.dumpit = nl80211_testmode_dump,
16954 		.flags = GENL_UNS_ADMIN_PERM,
16955 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
16956 	},
16957 #endif
16958 	{
16959 		.cmd = NL80211_CMD_CONNECT,
16960 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16961 		.doit = nl80211_connect,
16962 		.flags = GENL_UNS_ADMIN_PERM,
16963 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16964 					 NL80211_FLAG_CLEAR_SKB),
16965 	},
16966 	{
16967 		.cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
16968 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16969 		.doit = nl80211_update_connect_params,
16970 		.flags = GENL_ADMIN_PERM,
16971 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16972 					 NL80211_FLAG_CLEAR_SKB),
16973 	},
16974 	{
16975 		.cmd = NL80211_CMD_DISCONNECT,
16976 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16977 		.doit = nl80211_disconnect,
16978 		.flags = GENL_UNS_ADMIN_PERM,
16979 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16980 	},
16981 	{
16982 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
16983 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16984 		.doit = nl80211_wiphy_netns,
16985 		.flags = GENL_UNS_ADMIN_PERM,
16986 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
16987 					 NL80211_FLAG_NEED_RTNL |
16988 					 NL80211_FLAG_NO_WIPHY_MTX),
16989 	},
16990 	{
16991 		.cmd = NL80211_CMD_GET_SURVEY,
16992 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16993 		.dumpit = nl80211_dump_survey,
16994 	},
16995 	{
16996 		.cmd = NL80211_CMD_SET_PMKSA,
16997 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16998 		.doit = nl80211_set_pmksa,
16999 		.flags = GENL_UNS_ADMIN_PERM,
17000 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17001 					 NL80211_FLAG_CLEAR_SKB),
17002 	},
17003 	{
17004 		.cmd = NL80211_CMD_DEL_PMKSA,
17005 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17006 		.doit = nl80211_del_pmksa,
17007 		.flags = GENL_UNS_ADMIN_PERM,
17008 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17009 	},
17010 	{
17011 		.cmd = NL80211_CMD_FLUSH_PMKSA,
17012 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17013 		.doit = nl80211_flush_pmksa,
17014 		.flags = GENL_UNS_ADMIN_PERM,
17015 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17016 	},
17017 	{
17018 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
17019 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17020 		.doit = nl80211_remain_on_channel,
17021 		.flags = GENL_UNS_ADMIN_PERM,
17022 		/* FIXME: requiring a link ID here is probably not good */
17023 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
17024 					 NL80211_FLAG_MLO_VALID_LINK_ID),
17025 	},
17026 	{
17027 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
17028 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17029 		.doit = nl80211_cancel_remain_on_channel,
17030 		.flags = GENL_UNS_ADMIN_PERM,
17031 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17032 	},
17033 	{
17034 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
17035 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17036 		.doit = nl80211_set_tx_bitrate_mask,
17037 		.flags = GENL_UNS_ADMIN_PERM,
17038 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17039 					 NL80211_FLAG_MLO_VALID_LINK_ID),
17040 	},
17041 	{
17042 		.cmd = NL80211_CMD_REGISTER_FRAME,
17043 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17044 		.doit = nl80211_register_mgmt,
17045 		.flags = GENL_UNS_ADMIN_PERM,
17046 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
17047 	},
17048 	{
17049 		.cmd = NL80211_CMD_FRAME,
17050 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17051 		.doit = nl80211_tx_mgmt,
17052 		.flags = GENL_UNS_ADMIN_PERM,
17053 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17054 	},
17055 	{
17056 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
17057 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17058 		.doit = nl80211_tx_mgmt_cancel_wait,
17059 		.flags = GENL_UNS_ADMIN_PERM,
17060 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17061 	},
17062 	{
17063 		.cmd = NL80211_CMD_SET_POWER_SAVE,
17064 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17065 		.doit = nl80211_set_power_save,
17066 		.flags = GENL_UNS_ADMIN_PERM,
17067 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17068 	},
17069 	{
17070 		.cmd = NL80211_CMD_GET_POWER_SAVE,
17071 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17072 		.doit = nl80211_get_power_save,
17073 		/* can be retrieved by unprivileged users */
17074 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17075 	},
17076 	{
17077 		.cmd = NL80211_CMD_SET_CQM,
17078 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17079 		.doit = nl80211_set_cqm,
17080 		.flags = GENL_UNS_ADMIN_PERM,
17081 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17082 	},
17083 	{
17084 		.cmd = NL80211_CMD_SET_CHANNEL,
17085 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17086 		.doit = nl80211_set_channel,
17087 		.flags = GENL_UNS_ADMIN_PERM,
17088 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17089 					 NL80211_FLAG_MLO_VALID_LINK_ID),
17090 	},
17091 	{
17092 		.cmd = NL80211_CMD_JOIN_MESH,
17093 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17094 		.doit = nl80211_join_mesh,
17095 		.flags = GENL_UNS_ADMIN_PERM,
17096 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17097 	},
17098 	{
17099 		.cmd = NL80211_CMD_LEAVE_MESH,
17100 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17101 		.doit = nl80211_leave_mesh,
17102 		.flags = GENL_UNS_ADMIN_PERM,
17103 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17104 	},
17105 	{
17106 		.cmd = NL80211_CMD_JOIN_OCB,
17107 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17108 		.doit = nl80211_join_ocb,
17109 		.flags = GENL_UNS_ADMIN_PERM,
17110 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17111 	},
17112 	{
17113 		.cmd = NL80211_CMD_LEAVE_OCB,
17114 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17115 		.doit = nl80211_leave_ocb,
17116 		.flags = GENL_UNS_ADMIN_PERM,
17117 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17118 	},
17119 #ifdef CONFIG_PM
17120 	{
17121 		.cmd = NL80211_CMD_GET_WOWLAN,
17122 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17123 		.doit = nl80211_get_wowlan,
17124 		/* can be retrieved by unprivileged users */
17125 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17126 	},
17127 	{
17128 		.cmd = NL80211_CMD_SET_WOWLAN,
17129 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17130 		.doit = nl80211_set_wowlan,
17131 		.flags = GENL_UNS_ADMIN_PERM,
17132 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17133 	},
17134 #endif
17135 	{
17136 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
17137 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17138 		.doit = nl80211_set_rekey_data,
17139 		.flags = GENL_UNS_ADMIN_PERM,
17140 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17141 					 NL80211_FLAG_CLEAR_SKB),
17142 	},
17143 	{
17144 		.cmd = NL80211_CMD_TDLS_MGMT,
17145 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17146 		.doit = nl80211_tdls_mgmt,
17147 		.flags = GENL_UNS_ADMIN_PERM,
17148 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17149 					 NL80211_FLAG_MLO_VALID_LINK_ID),
17150 	},
17151 	{
17152 		.cmd = NL80211_CMD_TDLS_OPER,
17153 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17154 		.doit = nl80211_tdls_oper,
17155 		.flags = GENL_UNS_ADMIN_PERM,
17156 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17157 	},
17158 	{
17159 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
17160 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17161 		.doit = nl80211_register_unexpected_frame,
17162 		.flags = GENL_UNS_ADMIN_PERM,
17163 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17164 	},
17165 	{
17166 		.cmd = NL80211_CMD_PROBE_CLIENT,
17167 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17168 		.doit = nl80211_probe_client,
17169 		.flags = GENL_UNS_ADMIN_PERM,
17170 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17171 	},
17172 	{
17173 		.cmd = NL80211_CMD_REGISTER_BEACONS,
17174 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17175 		.doit = nl80211_register_beacons,
17176 		.flags = GENL_UNS_ADMIN_PERM,
17177 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17178 	},
17179 	{
17180 		.cmd = NL80211_CMD_SET_NOACK_MAP,
17181 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17182 		.doit = nl80211_set_noack_map,
17183 		.flags = GENL_UNS_ADMIN_PERM,
17184 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17185 	},
17186 	{
17187 		.cmd = NL80211_CMD_START_P2P_DEVICE,
17188 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17189 		.doit = nl80211_start_p2p_device,
17190 		.flags = GENL_UNS_ADMIN_PERM,
17191 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
17192 					 NL80211_FLAG_NEED_RTNL),
17193 	},
17194 	{
17195 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
17196 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17197 		.doit = nl80211_stop_p2p_device,
17198 		.flags = GENL_UNS_ADMIN_PERM,
17199 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
17200 					 NL80211_FLAG_NEED_RTNL),
17201 	},
17202 	{
17203 		.cmd = NL80211_CMD_START_NAN,
17204 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17205 		.doit = nl80211_start_nan,
17206 		.flags = GENL_ADMIN_PERM,
17207 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
17208 					 NL80211_FLAG_NEED_RTNL),
17209 	},
17210 	{
17211 		.cmd = NL80211_CMD_STOP_NAN,
17212 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17213 		.doit = nl80211_stop_nan,
17214 		.flags = GENL_ADMIN_PERM,
17215 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
17216 					 NL80211_FLAG_NEED_RTNL),
17217 	},
17218 	{
17219 		.cmd = NL80211_CMD_ADD_NAN_FUNCTION,
17220 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17221 		.doit = nl80211_nan_add_func,
17222 		.flags = GENL_ADMIN_PERM,
17223 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17224 	},
17225 	{
17226 		.cmd = NL80211_CMD_DEL_NAN_FUNCTION,
17227 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17228 		.doit = nl80211_nan_del_func,
17229 		.flags = GENL_ADMIN_PERM,
17230 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17231 	},
17232 	{
17233 		.cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
17234 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17235 		.doit = nl80211_nan_change_config,
17236 		.flags = GENL_ADMIN_PERM,
17237 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17238 	},
17239 	{
17240 		.cmd = NL80211_CMD_SET_MCAST_RATE,
17241 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17242 		.doit = nl80211_set_mcast_rate,
17243 		.flags = GENL_UNS_ADMIN_PERM,
17244 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17245 	},
17246 	{
17247 		.cmd = NL80211_CMD_SET_MAC_ACL,
17248 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17249 		.doit = nl80211_set_mac_acl,
17250 		.flags = GENL_UNS_ADMIN_PERM,
17251 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17252 					 NL80211_FLAG_MLO_UNSUPPORTED),
17253 	},
17254 	{
17255 		.cmd = NL80211_CMD_RADAR_DETECT,
17256 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17257 		.doit = nl80211_start_radar_detection,
17258 		.flags = GENL_UNS_ADMIN_PERM,
17259 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17260 					 NL80211_FLAG_NO_WIPHY_MTX |
17261 					 NL80211_FLAG_MLO_UNSUPPORTED),
17262 	},
17263 	{
17264 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
17265 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17266 		.doit = nl80211_get_protocol_features,
17267 	},
17268 	{
17269 		.cmd = NL80211_CMD_UPDATE_FT_IES,
17270 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17271 		.doit = nl80211_update_ft_ies,
17272 		.flags = GENL_UNS_ADMIN_PERM,
17273 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17274 	},
17275 	{
17276 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
17277 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17278 		.doit = nl80211_crit_protocol_start,
17279 		.flags = GENL_UNS_ADMIN_PERM,
17280 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17281 	},
17282 	{
17283 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
17284 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17285 		.doit = nl80211_crit_protocol_stop,
17286 		.flags = GENL_UNS_ADMIN_PERM,
17287 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17288 	},
17289 	{
17290 		.cmd = NL80211_CMD_GET_COALESCE,
17291 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17292 		.doit = nl80211_get_coalesce,
17293 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17294 	},
17295 	{
17296 		.cmd = NL80211_CMD_SET_COALESCE,
17297 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17298 		.doit = nl80211_set_coalesce,
17299 		.flags = GENL_UNS_ADMIN_PERM,
17300 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17301 	},
17302 	{
17303 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
17304 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17305 		.doit = nl80211_channel_switch,
17306 		.flags = GENL_UNS_ADMIN_PERM,
17307 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17308 					 NL80211_FLAG_MLO_VALID_LINK_ID),
17309 	},
17310 	{
17311 		.cmd = NL80211_CMD_VENDOR,
17312 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17313 		.doit = nl80211_vendor_cmd,
17314 		.dumpit = nl80211_vendor_cmd_dump,
17315 		.flags = GENL_UNS_ADMIN_PERM,
17316 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
17317 					 NL80211_FLAG_CLEAR_SKB),
17318 	},
17319 	{
17320 		.cmd = NL80211_CMD_SET_QOS_MAP,
17321 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17322 		.doit = nl80211_set_qos_map,
17323 		.flags = GENL_UNS_ADMIN_PERM,
17324 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17325 	},
17326 	{
17327 		.cmd = NL80211_CMD_ADD_TX_TS,
17328 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17329 		.doit = nl80211_add_tx_ts,
17330 		.flags = GENL_UNS_ADMIN_PERM,
17331 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17332 					 NL80211_FLAG_MLO_UNSUPPORTED),
17333 	},
17334 	{
17335 		.cmd = NL80211_CMD_DEL_TX_TS,
17336 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17337 		.doit = nl80211_del_tx_ts,
17338 		.flags = GENL_UNS_ADMIN_PERM,
17339 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17340 	},
17341 	{
17342 		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
17343 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17344 		.doit = nl80211_tdls_channel_switch,
17345 		.flags = GENL_UNS_ADMIN_PERM,
17346 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17347 	},
17348 	{
17349 		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
17350 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17351 		.doit = nl80211_tdls_cancel_channel_switch,
17352 		.flags = GENL_UNS_ADMIN_PERM,
17353 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17354 	},
17355 	{
17356 		.cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
17357 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17358 		.doit = nl80211_set_multicast_to_unicast,
17359 		.flags = GENL_UNS_ADMIN_PERM,
17360 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17361 	},
17362 	{
17363 		.cmd = NL80211_CMD_SET_PMK,
17364 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17365 		.doit = nl80211_set_pmk,
17366 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17367 					 NL80211_FLAG_CLEAR_SKB),
17368 	},
17369 	{
17370 		.cmd = NL80211_CMD_DEL_PMK,
17371 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17372 		.doit = nl80211_del_pmk,
17373 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17374 	},
17375 	{
17376 		.cmd = NL80211_CMD_EXTERNAL_AUTH,
17377 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17378 		.doit = nl80211_external_auth,
17379 		.flags = GENL_ADMIN_PERM,
17380 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17381 	},
17382 	{
17383 		.cmd = NL80211_CMD_CONTROL_PORT_FRAME,
17384 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17385 		.doit = nl80211_tx_control_port,
17386 		.flags = GENL_UNS_ADMIN_PERM,
17387 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17388 	},
17389 	{
17390 		.cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
17391 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17392 		.doit = nl80211_get_ftm_responder_stats,
17393 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17394 					 NL80211_FLAG_MLO_VALID_LINK_ID),
17395 	},
17396 	{
17397 		.cmd = NL80211_CMD_PEER_MEASUREMENT_START,
17398 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17399 		.doit = nl80211_pmsr_start,
17400 		.flags = GENL_UNS_ADMIN_PERM,
17401 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17402 	},
17403 	{
17404 		.cmd = NL80211_CMD_NOTIFY_RADAR,
17405 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17406 		.doit = nl80211_notify_radar_detection,
17407 		.flags = GENL_UNS_ADMIN_PERM,
17408 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17409 	},
17410 	{
17411 		.cmd = NL80211_CMD_UPDATE_OWE_INFO,
17412 		.doit = nl80211_update_owe_info,
17413 		.flags = GENL_ADMIN_PERM,
17414 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17415 	},
17416 	{
17417 		.cmd = NL80211_CMD_PROBE_MESH_LINK,
17418 		.doit = nl80211_probe_mesh_link,
17419 		.flags = GENL_UNS_ADMIN_PERM,
17420 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17421 	},
17422 	{
17423 		.cmd = NL80211_CMD_SET_TID_CONFIG,
17424 		.doit = nl80211_set_tid_config,
17425 		.flags = GENL_UNS_ADMIN_PERM,
17426 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17427 					 NL80211_FLAG_MLO_VALID_LINK_ID),
17428 	},
17429 	{
17430 		.cmd = NL80211_CMD_SET_SAR_SPECS,
17431 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17432 		.doit = nl80211_set_sar_specs,
17433 		.flags = GENL_UNS_ADMIN_PERM,
17434 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
17435 					 NL80211_FLAG_NEED_RTNL),
17436 	},
17437 	{
17438 		.cmd = NL80211_CMD_COLOR_CHANGE_REQUEST,
17439 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17440 		.doit = nl80211_color_change,
17441 		.flags = GENL_UNS_ADMIN_PERM,
17442 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17443 					 NL80211_FLAG_MLO_VALID_LINK_ID),
17444 	},
17445 	{
17446 		.cmd = NL80211_CMD_SET_FILS_AAD,
17447 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17448 		.doit = nl80211_set_fils_aad,
17449 		.flags = GENL_UNS_ADMIN_PERM,
17450 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17451 	},
17452 	{
17453 		.cmd = NL80211_CMD_ADD_LINK,
17454 		.doit = nl80211_add_link,
17455 		.flags = GENL_UNS_ADMIN_PERM,
17456 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17457 	},
17458 	{
17459 		.cmd = NL80211_CMD_REMOVE_LINK,
17460 		.doit = nl80211_remove_link,
17461 		.flags = GENL_UNS_ADMIN_PERM,
17462 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17463 					 NL80211_FLAG_MLO_VALID_LINK_ID),
17464 	},
17465 	{
17466 		.cmd = NL80211_CMD_ADD_LINK_STA,
17467 		.doit = nl80211_add_link_station,
17468 		.flags = GENL_UNS_ADMIN_PERM,
17469 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17470 					 NL80211_FLAG_MLO_VALID_LINK_ID),
17471 	},
17472 	{
17473 		.cmd = NL80211_CMD_MODIFY_LINK_STA,
17474 		.doit = nl80211_modify_link_station,
17475 		.flags = GENL_UNS_ADMIN_PERM,
17476 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17477 					 NL80211_FLAG_MLO_VALID_LINK_ID),
17478 	},
17479 	{
17480 		.cmd = NL80211_CMD_REMOVE_LINK_STA,
17481 		.doit = nl80211_remove_link_station,
17482 		.flags = GENL_UNS_ADMIN_PERM,
17483 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17484 					 NL80211_FLAG_MLO_VALID_LINK_ID),
17485 	},
17486 	{
17487 		.cmd = NL80211_CMD_SET_HW_TIMESTAMP,
17488 		.doit = nl80211_set_hw_timestamp,
17489 		.flags = GENL_UNS_ADMIN_PERM,
17490 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17491 	},
17492 	{
17493 		.cmd = NL80211_CMD_SET_TID_TO_LINK_MAPPING,
17494 		.doit = nl80211_set_ttlm,
17495 		.flags = GENL_UNS_ADMIN_PERM,
17496 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17497 	},
17498 };
17499 
17500 static struct genl_family nl80211_fam __ro_after_init = {
17501 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
17502 	.hdrsize = 0,			/* no private header */
17503 	.version = 1,			/* no particular meaning now */
17504 	.maxattr = NL80211_ATTR_MAX,
17505 	.policy = nl80211_policy,
17506 	.netnsok = true,
17507 	.pre_doit = nl80211_pre_doit,
17508 	.post_doit = nl80211_post_doit,
17509 	.module = THIS_MODULE,
17510 	.ops = nl80211_ops,
17511 	.n_ops = ARRAY_SIZE(nl80211_ops),
17512 	.small_ops = nl80211_small_ops,
17513 	.n_small_ops = ARRAY_SIZE(nl80211_small_ops),
17514 	.resv_start_op = NL80211_CMD_REMOVE_LINK_STA + 1,
17515 	.mcgrps = nl80211_mcgrps,
17516 	.n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
17517 	.parallel_ops = true,
17518 };
17519 
17520 /* notification functions */
17521 
17522 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
17523 			  enum nl80211_commands cmd)
17524 {
17525 	struct sk_buff *msg;
17526 	struct nl80211_dump_wiphy_state state = {};
17527 
17528 	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
17529 		cmd != NL80211_CMD_DEL_WIPHY);
17530 
17531 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17532 	if (!msg)
17533 		return;
17534 
17535 	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
17536 		nlmsg_free(msg);
17537 		return;
17538 	}
17539 
17540 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17541 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
17542 }
17543 
17544 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
17545 				struct wireless_dev *wdev,
17546 				enum nl80211_commands cmd)
17547 {
17548 	struct sk_buff *msg;
17549 
17550 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17551 	if (!msg)
17552 		return;
17553 
17554 	if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
17555 		nlmsg_free(msg);
17556 		return;
17557 	}
17558 
17559 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17560 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
17561 }
17562 
17563 static int nl80211_add_scan_req(struct sk_buff *msg,
17564 				struct cfg80211_registered_device *rdev)
17565 {
17566 	struct cfg80211_scan_request *req = rdev->scan_req;
17567 	struct nlattr *nest;
17568 	int i;
17569 	struct cfg80211_scan_info *info;
17570 
17571 	if (WARN_ON(!req))
17572 		return 0;
17573 
17574 	nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
17575 	if (!nest)
17576 		goto nla_put_failure;
17577 	for (i = 0; i < req->n_ssids; i++) {
17578 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
17579 			goto nla_put_failure;
17580 	}
17581 	nla_nest_end(msg, nest);
17582 
17583 	if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
17584 		nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
17585 		if (!nest)
17586 			goto nla_put_failure;
17587 		for (i = 0; i < req->n_channels; i++) {
17588 			if (nla_put_u32(msg, i,
17589 				   ieee80211_channel_to_khz(req->channels[i])))
17590 				goto nla_put_failure;
17591 		}
17592 		nla_nest_end(msg, nest);
17593 	} else {
17594 		nest = nla_nest_start_noflag(msg,
17595 					     NL80211_ATTR_SCAN_FREQUENCIES);
17596 		if (!nest)
17597 			goto nla_put_failure;
17598 		for (i = 0; i < req->n_channels; i++) {
17599 			if (nla_put_u32(msg, i, req->channels[i]->center_freq))
17600 				goto nla_put_failure;
17601 		}
17602 		nla_nest_end(msg, nest);
17603 	}
17604 
17605 	if (req->ie &&
17606 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
17607 		goto nla_put_failure;
17608 
17609 	if (req->flags &&
17610 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
17611 		goto nla_put_failure;
17612 
17613 	info = rdev->int_scan_req ? &rdev->int_scan_req->info :
17614 		&rdev->scan_req->info;
17615 	if (info->scan_start_tsf &&
17616 	    (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
17617 			       info->scan_start_tsf, NL80211_BSS_PAD) ||
17618 	     nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
17619 		     info->tsf_bssid)))
17620 		goto nla_put_failure;
17621 
17622 	return 0;
17623  nla_put_failure:
17624 	return -ENOBUFS;
17625 }
17626 
17627 static int nl80211_prep_scan_msg(struct sk_buff *msg,
17628 				 struct cfg80211_registered_device *rdev,
17629 				 struct wireless_dev *wdev,
17630 				 u32 portid, u32 seq, int flags,
17631 				 u32 cmd)
17632 {
17633 	void *hdr;
17634 
17635 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
17636 	if (!hdr)
17637 		return -1;
17638 
17639 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17640 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
17641 					 wdev->netdev->ifindex)) ||
17642 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17643 			      NL80211_ATTR_PAD))
17644 		goto nla_put_failure;
17645 
17646 	/* ignore errors and send incomplete event anyway */
17647 	nl80211_add_scan_req(msg, rdev);
17648 
17649 	genlmsg_end(msg, hdr);
17650 	return 0;
17651 
17652  nla_put_failure:
17653 	genlmsg_cancel(msg, hdr);
17654 	return -EMSGSIZE;
17655 }
17656 
17657 static int
17658 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
17659 			    struct cfg80211_sched_scan_request *req, u32 cmd)
17660 {
17661 	void *hdr;
17662 
17663 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
17664 	if (!hdr)
17665 		return -1;
17666 
17667 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
17668 			wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
17669 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
17670 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
17671 			      NL80211_ATTR_PAD))
17672 		goto nla_put_failure;
17673 
17674 	genlmsg_end(msg, hdr);
17675 	return 0;
17676 
17677  nla_put_failure:
17678 	genlmsg_cancel(msg, hdr);
17679 	return -EMSGSIZE;
17680 }
17681 
17682 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
17683 			     struct wireless_dev *wdev)
17684 {
17685 	struct sk_buff *msg;
17686 
17687 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17688 	if (!msg)
17689 		return;
17690 
17691 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
17692 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
17693 		nlmsg_free(msg);
17694 		return;
17695 	}
17696 
17697 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17698 				NL80211_MCGRP_SCAN, GFP_KERNEL);
17699 }
17700 
17701 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
17702 				       struct wireless_dev *wdev, bool aborted)
17703 {
17704 	struct sk_buff *msg;
17705 
17706 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17707 	if (!msg)
17708 		return NULL;
17709 
17710 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
17711 				  aborted ? NL80211_CMD_SCAN_ABORTED :
17712 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
17713 		nlmsg_free(msg);
17714 		return NULL;
17715 	}
17716 
17717 	return msg;
17718 }
17719 
17720 /* send message created by nl80211_build_scan_msg() */
17721 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
17722 			   struct sk_buff *msg)
17723 {
17724 	if (!msg)
17725 		return;
17726 
17727 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17728 				NL80211_MCGRP_SCAN, GFP_KERNEL);
17729 }
17730 
17731 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
17732 {
17733 	struct sk_buff *msg;
17734 
17735 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17736 	if (!msg)
17737 		return;
17738 
17739 	if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
17740 		nlmsg_free(msg);
17741 		return;
17742 	}
17743 
17744 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
17745 				NL80211_MCGRP_SCAN, GFP_KERNEL);
17746 }
17747 
17748 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
17749 					  struct regulatory_request *request)
17750 {
17751 	/* Userspace can always count this one always being set */
17752 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
17753 		goto nla_put_failure;
17754 
17755 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
17756 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
17757 			       NL80211_REGDOM_TYPE_WORLD))
17758 			goto nla_put_failure;
17759 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
17760 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
17761 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
17762 			goto nla_put_failure;
17763 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
17764 		   request->intersect) {
17765 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
17766 			       NL80211_REGDOM_TYPE_INTERSECTION))
17767 			goto nla_put_failure;
17768 	} else {
17769 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
17770 			       NL80211_REGDOM_TYPE_COUNTRY) ||
17771 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
17772 				   request->alpha2))
17773 			goto nla_put_failure;
17774 	}
17775 
17776 	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
17777 		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
17778 
17779 		if (wiphy &&
17780 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
17781 			goto nla_put_failure;
17782 
17783 		if (wiphy &&
17784 		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
17785 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
17786 			goto nla_put_failure;
17787 	}
17788 
17789 	return true;
17790 
17791 nla_put_failure:
17792 	return false;
17793 }
17794 
17795 /*
17796  * This can happen on global regulatory changes or device specific settings
17797  * based on custom regulatory domains.
17798  */
17799 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
17800 				     struct regulatory_request *request)
17801 {
17802 	struct sk_buff *msg;
17803 	void *hdr;
17804 
17805 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17806 	if (!msg)
17807 		return;
17808 
17809 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
17810 	if (!hdr)
17811 		goto nla_put_failure;
17812 
17813 	if (!nl80211_reg_change_event_fill(msg, request))
17814 		goto nla_put_failure;
17815 
17816 	genlmsg_end(msg, hdr);
17817 
17818 	rcu_read_lock();
17819 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
17820 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
17821 	rcu_read_unlock();
17822 
17823 	return;
17824 
17825 nla_put_failure:
17826 	nlmsg_free(msg);
17827 }
17828 
17829 struct nl80211_mlme_event {
17830 	enum nl80211_commands cmd;
17831 	const u8 *buf;
17832 	size_t buf_len;
17833 	int uapsd_queues;
17834 	const u8 *req_ies;
17835 	size_t req_ies_len;
17836 	bool reconnect;
17837 };
17838 
17839 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
17840 				    struct net_device *netdev,
17841 				    const struct nl80211_mlme_event *event,
17842 				    gfp_t gfp)
17843 {
17844 	struct sk_buff *msg;
17845 	void *hdr;
17846 
17847 	msg = nlmsg_new(100 + event->buf_len + event->req_ies_len, gfp);
17848 	if (!msg)
17849 		return;
17850 
17851 	hdr = nl80211hdr_put(msg, 0, 0, 0, event->cmd);
17852 	if (!hdr) {
17853 		nlmsg_free(msg);
17854 		return;
17855 	}
17856 
17857 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17858 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17859 	    nla_put(msg, NL80211_ATTR_FRAME, event->buf_len, event->buf) ||
17860 	    (event->req_ies &&
17861 	     nla_put(msg, NL80211_ATTR_REQ_IE, event->req_ies_len,
17862 		     event->req_ies)))
17863 		goto nla_put_failure;
17864 
17865 	if (event->reconnect &&
17866 	    nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED))
17867 		goto nla_put_failure;
17868 
17869 	if (event->uapsd_queues >= 0) {
17870 		struct nlattr *nla_wmm =
17871 			nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
17872 		if (!nla_wmm)
17873 			goto nla_put_failure;
17874 
17875 		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
17876 			       event->uapsd_queues))
17877 			goto nla_put_failure;
17878 
17879 		nla_nest_end(msg, nla_wmm);
17880 	}
17881 
17882 	genlmsg_end(msg, hdr);
17883 
17884 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17885 				NL80211_MCGRP_MLME, gfp);
17886 	return;
17887 
17888  nla_put_failure:
17889 	nlmsg_free(msg);
17890 }
17891 
17892 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
17893 			  struct net_device *netdev, const u8 *buf,
17894 			  size_t len, gfp_t gfp)
17895 {
17896 	struct nl80211_mlme_event event = {
17897 		.cmd = NL80211_CMD_AUTHENTICATE,
17898 		.buf = buf,
17899 		.buf_len = len,
17900 		.uapsd_queues = -1,
17901 	};
17902 
17903 	nl80211_send_mlme_event(rdev, netdev, &event, gfp);
17904 }
17905 
17906 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
17907 			   struct net_device *netdev,
17908 			   const struct cfg80211_rx_assoc_resp_data *data)
17909 {
17910 	struct nl80211_mlme_event event = {
17911 		.cmd = NL80211_CMD_ASSOCIATE,
17912 		.buf = data->buf,
17913 		.buf_len = data->len,
17914 		.uapsd_queues = data->uapsd_queues,
17915 		.req_ies = data->req_ies,
17916 		.req_ies_len = data->req_ies_len,
17917 	};
17918 
17919 	nl80211_send_mlme_event(rdev, netdev, &event, GFP_KERNEL);
17920 }
17921 
17922 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
17923 			 struct net_device *netdev, const u8 *buf,
17924 			 size_t len, bool reconnect, gfp_t gfp)
17925 {
17926 	struct nl80211_mlme_event event = {
17927 		.cmd = NL80211_CMD_DEAUTHENTICATE,
17928 		.buf = buf,
17929 		.buf_len = len,
17930 		.reconnect = reconnect,
17931 		.uapsd_queues = -1,
17932 	};
17933 
17934 	nl80211_send_mlme_event(rdev, netdev, &event, gfp);
17935 }
17936 
17937 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
17938 			   struct net_device *netdev, const u8 *buf,
17939 			   size_t len, bool reconnect, gfp_t gfp)
17940 {
17941 	struct nl80211_mlme_event event = {
17942 		.cmd = NL80211_CMD_DISASSOCIATE,
17943 		.buf = buf,
17944 		.buf_len = len,
17945 		.reconnect = reconnect,
17946 		.uapsd_queues = -1,
17947 	};
17948 
17949 	nl80211_send_mlme_event(rdev, netdev, &event, gfp);
17950 }
17951 
17952 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
17953 				  size_t len)
17954 {
17955 	struct wireless_dev *wdev = dev->ieee80211_ptr;
17956 	struct wiphy *wiphy = wdev->wiphy;
17957 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17958 	const struct ieee80211_mgmt *mgmt = (void *)buf;
17959 	struct nl80211_mlme_event event = {
17960 		.buf = buf,
17961 		.buf_len = len,
17962 		.uapsd_queues = -1,
17963 	};
17964 
17965 	if (WARN_ON(len < 2))
17966 		return;
17967 
17968 	if (ieee80211_is_deauth(mgmt->frame_control)) {
17969 		event.cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
17970 	} else if (ieee80211_is_disassoc(mgmt->frame_control)) {
17971 		event.cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
17972 	} else if (ieee80211_is_beacon(mgmt->frame_control)) {
17973 		if (wdev->unprot_beacon_reported &&
17974 		    elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
17975 			return;
17976 		event.cmd = NL80211_CMD_UNPROT_BEACON;
17977 		wdev->unprot_beacon_reported = jiffies;
17978 	} else {
17979 		return;
17980 	}
17981 
17982 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
17983 	nl80211_send_mlme_event(rdev, dev, &event, GFP_ATOMIC);
17984 }
17985 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
17986 
17987 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
17988 				      struct net_device *netdev, int cmd,
17989 				      const u8 *addr, gfp_t gfp)
17990 {
17991 	struct sk_buff *msg;
17992 	void *hdr;
17993 
17994 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17995 	if (!msg)
17996 		return;
17997 
17998 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
17999 	if (!hdr) {
18000 		nlmsg_free(msg);
18001 		return;
18002 	}
18003 
18004 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18005 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18006 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
18007 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
18008 		goto nla_put_failure;
18009 
18010 	genlmsg_end(msg, hdr);
18011 
18012 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18013 				NL80211_MCGRP_MLME, gfp);
18014 	return;
18015 
18016  nla_put_failure:
18017 	nlmsg_free(msg);
18018 }
18019 
18020 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
18021 			       struct net_device *netdev, const u8 *addr,
18022 			       gfp_t gfp)
18023 {
18024 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
18025 				  addr, gfp);
18026 }
18027 
18028 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
18029 				struct net_device *netdev, const u8 *addr,
18030 				gfp_t gfp)
18031 {
18032 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
18033 				  addr, gfp);
18034 }
18035 
18036 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
18037 				 struct net_device *netdev,
18038 				 struct cfg80211_connect_resp_params *cr,
18039 				 gfp_t gfp)
18040 {
18041 	struct sk_buff *msg;
18042 	void *hdr;
18043 	unsigned int link;
18044 	size_t link_info_size = 0;
18045 	const u8 *connected_addr = cr->valid_links ?
18046 				   cr->ap_mld_addr : cr->links[0].bssid;
18047 
18048 	if (cr->valid_links) {
18049 		for_each_valid_link(cr, link) {
18050 			/* Nested attribute header */
18051 			link_info_size += NLA_HDRLEN;
18052 			/* Link ID */
18053 			link_info_size += nla_total_size(sizeof(u8));
18054 			link_info_size += cr->links[link].addr ?
18055 					  nla_total_size(ETH_ALEN) : 0;
18056 			link_info_size += (cr->links[link].bssid ||
18057 					   cr->links[link].bss) ?
18058 					  nla_total_size(ETH_ALEN) : 0;
18059 			link_info_size += nla_total_size(sizeof(u16));
18060 		}
18061 	}
18062 
18063 	msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
18064 			cr->fils.kek_len + cr->fils.pmk_len +
18065 			(cr->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size,
18066 			gfp);
18067 	if (!msg)
18068 		return;
18069 
18070 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
18071 	if (!hdr) {
18072 		nlmsg_free(msg);
18073 		return;
18074 	}
18075 
18076 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18077 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18078 	    (connected_addr &&
18079 	     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr)) ||
18080 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
18081 			cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
18082 			cr->status) ||
18083 	    (cr->status < 0 &&
18084 	     (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
18085 	      nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
18086 			  cr->timeout_reason))) ||
18087 	    (cr->req_ie &&
18088 	     nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
18089 	    (cr->resp_ie &&
18090 	     nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
18091 		     cr->resp_ie)) ||
18092 	    (cr->fils.update_erp_next_seq_num &&
18093 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
18094 			 cr->fils.erp_next_seq_num)) ||
18095 	    (cr->status == WLAN_STATUS_SUCCESS &&
18096 	     ((cr->fils.kek &&
18097 	       nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
18098 		       cr->fils.kek)) ||
18099 	      (cr->fils.pmk &&
18100 	       nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
18101 	      (cr->fils.pmkid &&
18102 	       nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
18103 		goto nla_put_failure;
18104 
18105 	if (cr->valid_links) {
18106 		int i = 1;
18107 		struct nlattr *nested;
18108 
18109 		nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
18110 		if (!nested)
18111 			goto nla_put_failure;
18112 
18113 		for_each_valid_link(cr, link) {
18114 			struct nlattr *nested_mlo_links;
18115 			const u8 *bssid = cr->links[link].bss ?
18116 					  cr->links[link].bss->bssid :
18117 					  cr->links[link].bssid;
18118 
18119 			nested_mlo_links = nla_nest_start(msg, i);
18120 			if (!nested_mlo_links)
18121 				goto nla_put_failure;
18122 
18123 			if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
18124 			    (bssid &&
18125 			     nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
18126 			    (cr->links[link].addr &&
18127 			     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
18128 				     cr->links[link].addr)) ||
18129 			    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
18130 					cr->links[link].status))
18131 				goto nla_put_failure;
18132 
18133 			nla_nest_end(msg, nested_mlo_links);
18134 			i++;
18135 		}
18136 		nla_nest_end(msg, nested);
18137 	}
18138 
18139 	genlmsg_end(msg, hdr);
18140 
18141 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18142 				NL80211_MCGRP_MLME, gfp);
18143 	return;
18144 
18145  nla_put_failure:
18146 	nlmsg_free(msg);
18147 }
18148 
18149 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
18150 			 struct net_device *netdev,
18151 			 struct cfg80211_roam_info *info, gfp_t gfp)
18152 {
18153 	struct sk_buff *msg;
18154 	void *hdr;
18155 	size_t link_info_size = 0;
18156 	unsigned int link;
18157 	const u8 *connected_addr = info->ap_mld_addr ?
18158 				   info->ap_mld_addr :
18159 				   (info->links[0].bss ?
18160 				    info->links[0].bss->bssid :
18161 				    info->links[0].bssid);
18162 
18163 	if (info->valid_links) {
18164 		for_each_valid_link(info, link) {
18165 			/* Nested attribute header */
18166 			link_info_size += NLA_HDRLEN;
18167 			/* Link ID */
18168 			link_info_size += nla_total_size(sizeof(u8));
18169 			link_info_size += info->links[link].addr ?
18170 					  nla_total_size(ETH_ALEN) : 0;
18171 			link_info_size += (info->links[link].bssid ||
18172 					   info->links[link].bss) ?
18173 					  nla_total_size(ETH_ALEN) : 0;
18174 		}
18175 	}
18176 
18177 	msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
18178 			info->fils.kek_len + info->fils.pmk_len +
18179 			(info->fils.pmkid ? WLAN_PMKID_LEN : 0) +
18180 			link_info_size, gfp);
18181 	if (!msg)
18182 		return;
18183 
18184 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
18185 	if (!hdr) {
18186 		nlmsg_free(msg);
18187 		return;
18188 	}
18189 
18190 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18191 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18192 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr) ||
18193 	    (info->req_ie &&
18194 	     nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
18195 		     info->req_ie)) ||
18196 	    (info->resp_ie &&
18197 	     nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
18198 		     info->resp_ie)) ||
18199 	    (info->fils.update_erp_next_seq_num &&
18200 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
18201 			 info->fils.erp_next_seq_num)) ||
18202 	    (info->fils.kek &&
18203 	     nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
18204 		     info->fils.kek)) ||
18205 	    (info->fils.pmk &&
18206 	     nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
18207 	    (info->fils.pmkid &&
18208 	     nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
18209 		goto nla_put_failure;
18210 
18211 	if (info->valid_links) {
18212 		int i = 1;
18213 		struct nlattr *nested;
18214 
18215 		nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
18216 		if (!nested)
18217 			goto nla_put_failure;
18218 
18219 		for_each_valid_link(info, link) {
18220 			struct nlattr *nested_mlo_links;
18221 			const u8 *bssid = info->links[link].bss ?
18222 					  info->links[link].bss->bssid :
18223 					  info->links[link].bssid;
18224 
18225 			nested_mlo_links = nla_nest_start(msg, i);
18226 			if (!nested_mlo_links)
18227 				goto nla_put_failure;
18228 
18229 			if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
18230 			    (bssid &&
18231 			     nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
18232 			    (info->links[link].addr &&
18233 			     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
18234 				     info->links[link].addr)))
18235 				goto nla_put_failure;
18236 
18237 			nla_nest_end(msg, nested_mlo_links);
18238 			i++;
18239 		}
18240 		nla_nest_end(msg, nested);
18241 	}
18242 
18243 	genlmsg_end(msg, hdr);
18244 
18245 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18246 				NL80211_MCGRP_MLME, gfp);
18247 	return;
18248 
18249  nla_put_failure:
18250 	nlmsg_free(msg);
18251 }
18252 
18253 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
18254 				  struct net_device *netdev, const u8 *peer_addr,
18255 				  const u8 *td_bitmap, u8 td_bitmap_len)
18256 {
18257 	struct sk_buff *msg;
18258 	void *hdr;
18259 
18260 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18261 	if (!msg)
18262 		return;
18263 
18264 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
18265 	if (!hdr) {
18266 		nlmsg_free(msg);
18267 		return;
18268 	}
18269 
18270 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18271 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18272 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_addr))
18273 		goto nla_put_failure;
18274 
18275 	if ((td_bitmap_len > 0) && td_bitmap)
18276 		if (nla_put(msg, NL80211_ATTR_TD_BITMAP,
18277 			    td_bitmap_len, td_bitmap))
18278 			goto nla_put_failure;
18279 
18280 	genlmsg_end(msg, hdr);
18281 
18282 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18283 				NL80211_MCGRP_MLME, GFP_KERNEL);
18284 	return;
18285 
18286  nla_put_failure:
18287 	nlmsg_free(msg);
18288 }
18289 
18290 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
18291 			       struct net_device *netdev, u16 reason,
18292 			       const u8 *ie, size_t ie_len, bool from_ap)
18293 {
18294 	struct sk_buff *msg;
18295 	void *hdr;
18296 
18297 	msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
18298 	if (!msg)
18299 		return;
18300 
18301 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
18302 	if (!hdr) {
18303 		nlmsg_free(msg);
18304 		return;
18305 	}
18306 
18307 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18308 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18309 	    (reason &&
18310 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
18311 	    (from_ap &&
18312 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
18313 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
18314 		goto nla_put_failure;
18315 
18316 	genlmsg_end(msg, hdr);
18317 
18318 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18319 				NL80211_MCGRP_MLME, GFP_KERNEL);
18320 	return;
18321 
18322  nla_put_failure:
18323 	nlmsg_free(msg);
18324 }
18325 
18326 void cfg80211_links_removed(struct net_device *dev, u16 link_mask)
18327 {
18328 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18329 	struct wiphy *wiphy = wdev->wiphy;
18330 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18331 	struct sk_buff *msg;
18332 	struct nlattr *links;
18333 	void *hdr;
18334 
18335 	lockdep_assert_wiphy(wdev->wiphy);
18336 	trace_cfg80211_links_removed(dev, link_mask);
18337 
18338 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
18339 		    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
18340 		return;
18341 
18342 	if (WARN_ON(!wdev->valid_links || !link_mask ||
18343 		    (wdev->valid_links & link_mask) != link_mask ||
18344 		    wdev->valid_links == link_mask))
18345 		return;
18346 
18347 	cfg80211_wdev_release_link_bsses(wdev, link_mask);
18348 	wdev->valid_links &= ~link_mask;
18349 
18350 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18351 	if (!msg)
18352 		return;
18353 
18354 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_LINKS_REMOVED);
18355 	if (!hdr) {
18356 		nlmsg_free(msg);
18357 		return;
18358 	}
18359 
18360 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18361 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
18362 		goto nla_put_failure;
18363 
18364 	links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
18365 	if (!links)
18366 		goto nla_put_failure;
18367 
18368 	while (link_mask) {
18369 		struct nlattr *link;
18370 		int link_id = __ffs(link_mask);
18371 
18372 		link = nla_nest_start(msg, link_id + 1);
18373 		if (!link)
18374 			goto nla_put_failure;
18375 
18376 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
18377 			goto nla_put_failure;
18378 
18379 		nla_nest_end(msg, link);
18380 		link_mask &= ~(1 << link_id);
18381 	}
18382 
18383 	nla_nest_end(msg, links);
18384 
18385 	genlmsg_end(msg, hdr);
18386 
18387 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18388 				NL80211_MCGRP_MLME, GFP_KERNEL);
18389 	return;
18390 
18391  nla_put_failure:
18392 	nlmsg_free(msg);
18393 }
18394 EXPORT_SYMBOL(cfg80211_links_removed);
18395 
18396 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
18397 			     struct net_device *netdev, const u8 *bssid,
18398 			     gfp_t gfp)
18399 {
18400 	struct sk_buff *msg;
18401 	void *hdr;
18402 
18403 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18404 	if (!msg)
18405 		return;
18406 
18407 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
18408 	if (!hdr) {
18409 		nlmsg_free(msg);
18410 		return;
18411 	}
18412 
18413 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18414 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18415 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
18416 		goto nla_put_failure;
18417 
18418 	genlmsg_end(msg, hdr);
18419 
18420 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18421 				NL80211_MCGRP_MLME, gfp);
18422 	return;
18423 
18424  nla_put_failure:
18425 	nlmsg_free(msg);
18426 }
18427 
18428 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
18429 					const u8 *ie, u8 ie_len,
18430 					int sig_dbm, gfp_t gfp)
18431 {
18432 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18433 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
18434 	struct sk_buff *msg;
18435 	void *hdr;
18436 
18437 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
18438 		return;
18439 
18440 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
18441 
18442 	msg = nlmsg_new(100 + ie_len, gfp);
18443 	if (!msg)
18444 		return;
18445 
18446 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
18447 	if (!hdr) {
18448 		nlmsg_free(msg);
18449 		return;
18450 	}
18451 
18452 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18453 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18454 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
18455 	    (ie_len && ie &&
18456 	     nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
18457 	    (sig_dbm &&
18458 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
18459 		goto nla_put_failure;
18460 
18461 	genlmsg_end(msg, hdr);
18462 
18463 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18464 				NL80211_MCGRP_MLME, gfp);
18465 	return;
18466 
18467  nla_put_failure:
18468 	nlmsg_free(msg);
18469 }
18470 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
18471 
18472 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
18473 				 struct net_device *netdev, const u8 *addr,
18474 				 enum nl80211_key_type key_type, int key_id,
18475 				 const u8 *tsc, gfp_t gfp)
18476 {
18477 	struct sk_buff *msg;
18478 	void *hdr;
18479 
18480 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18481 	if (!msg)
18482 		return;
18483 
18484 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
18485 	if (!hdr) {
18486 		nlmsg_free(msg);
18487 		return;
18488 	}
18489 
18490 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18491 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18492 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
18493 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
18494 	    (key_id != -1 &&
18495 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
18496 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
18497 		goto nla_put_failure;
18498 
18499 	genlmsg_end(msg, hdr);
18500 
18501 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18502 				NL80211_MCGRP_MLME, gfp);
18503 	return;
18504 
18505  nla_put_failure:
18506 	nlmsg_free(msg);
18507 }
18508 
18509 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
18510 				    struct ieee80211_channel *channel_before,
18511 				    struct ieee80211_channel *channel_after)
18512 {
18513 	struct sk_buff *msg;
18514 	void *hdr;
18515 	struct nlattr *nl_freq;
18516 
18517 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
18518 	if (!msg)
18519 		return;
18520 
18521 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
18522 	if (!hdr) {
18523 		nlmsg_free(msg);
18524 		return;
18525 	}
18526 
18527 	/*
18528 	 * Since we are applying the beacon hint to a wiphy we know its
18529 	 * wiphy_idx is valid
18530 	 */
18531 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
18532 		goto nla_put_failure;
18533 
18534 	/* Before */
18535 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
18536 	if (!nl_freq)
18537 		goto nla_put_failure;
18538 
18539 	if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
18540 		goto nla_put_failure;
18541 	nla_nest_end(msg, nl_freq);
18542 
18543 	/* After */
18544 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
18545 	if (!nl_freq)
18546 		goto nla_put_failure;
18547 
18548 	if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
18549 		goto nla_put_failure;
18550 	nla_nest_end(msg, nl_freq);
18551 
18552 	genlmsg_end(msg, hdr);
18553 
18554 	rcu_read_lock();
18555 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
18556 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
18557 	rcu_read_unlock();
18558 
18559 	return;
18560 
18561 nla_put_failure:
18562 	nlmsg_free(msg);
18563 }
18564 
18565 static void nl80211_send_remain_on_chan_event(
18566 	int cmd, struct cfg80211_registered_device *rdev,
18567 	struct wireless_dev *wdev, u64 cookie,
18568 	struct ieee80211_channel *chan,
18569 	unsigned int duration, gfp_t gfp)
18570 {
18571 	struct sk_buff *msg;
18572 	void *hdr;
18573 
18574 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18575 	if (!msg)
18576 		return;
18577 
18578 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
18579 	if (!hdr) {
18580 		nlmsg_free(msg);
18581 		return;
18582 	}
18583 
18584 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18585 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
18586 					 wdev->netdev->ifindex)) ||
18587 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
18588 			      NL80211_ATTR_PAD) ||
18589 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
18590 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
18591 			NL80211_CHAN_NO_HT) ||
18592 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
18593 			      NL80211_ATTR_PAD))
18594 		goto nla_put_failure;
18595 
18596 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
18597 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
18598 		goto nla_put_failure;
18599 
18600 	genlmsg_end(msg, hdr);
18601 
18602 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18603 				NL80211_MCGRP_MLME, gfp);
18604 	return;
18605 
18606  nla_put_failure:
18607 	nlmsg_free(msg);
18608 }
18609 
18610 void cfg80211_assoc_comeback(struct net_device *netdev,
18611 			     const u8 *ap_addr, u32 timeout)
18612 {
18613 	struct wireless_dev *wdev = netdev->ieee80211_ptr;
18614 	struct wiphy *wiphy = wdev->wiphy;
18615 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18616 	struct sk_buff *msg;
18617 	void *hdr;
18618 
18619 	trace_cfg80211_assoc_comeback(wdev, ap_addr, timeout);
18620 
18621 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18622 	if (!msg)
18623 		return;
18624 
18625 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ASSOC_COMEBACK);
18626 	if (!hdr) {
18627 		nlmsg_free(msg);
18628 		return;
18629 	}
18630 
18631 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18632 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18633 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ap_addr) ||
18634 	    nla_put_u32(msg, NL80211_ATTR_TIMEOUT, timeout))
18635 		goto nla_put_failure;
18636 
18637 	genlmsg_end(msg, hdr);
18638 
18639 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18640 				NL80211_MCGRP_MLME, GFP_KERNEL);
18641 	return;
18642 
18643  nla_put_failure:
18644 	nlmsg_free(msg);
18645 }
18646 EXPORT_SYMBOL(cfg80211_assoc_comeback);
18647 
18648 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
18649 			       struct ieee80211_channel *chan,
18650 			       unsigned int duration, gfp_t gfp)
18651 {
18652 	struct wiphy *wiphy = wdev->wiphy;
18653 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18654 
18655 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
18656 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
18657 					  rdev, wdev, cookie, chan,
18658 					  duration, gfp);
18659 }
18660 EXPORT_SYMBOL(cfg80211_ready_on_channel);
18661 
18662 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
18663 					struct ieee80211_channel *chan,
18664 					gfp_t gfp)
18665 {
18666 	struct wiphy *wiphy = wdev->wiphy;
18667 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18668 
18669 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
18670 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
18671 					  rdev, wdev, cookie, chan, 0, gfp);
18672 }
18673 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
18674 
18675 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
18676 					struct ieee80211_channel *chan,
18677 					gfp_t gfp)
18678 {
18679 	struct wiphy *wiphy = wdev->wiphy;
18680 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18681 
18682 	trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
18683 	nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
18684 					  rdev, wdev, cookie, chan, 0, gfp);
18685 }
18686 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
18687 
18688 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
18689 		      struct station_info *sinfo, gfp_t gfp)
18690 {
18691 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
18692 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18693 	struct sk_buff *msg;
18694 
18695 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
18696 
18697 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18698 	if (!msg)
18699 		return;
18700 
18701 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
18702 				 rdev, dev, mac_addr, sinfo) < 0) {
18703 		nlmsg_free(msg);
18704 		return;
18705 	}
18706 
18707 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18708 				NL80211_MCGRP_MLME, gfp);
18709 }
18710 EXPORT_SYMBOL(cfg80211_new_sta);
18711 
18712 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
18713 			    struct station_info *sinfo, gfp_t gfp)
18714 {
18715 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
18716 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18717 	struct sk_buff *msg;
18718 	struct station_info empty_sinfo = {};
18719 
18720 	if (!sinfo)
18721 		sinfo = &empty_sinfo;
18722 
18723 	trace_cfg80211_del_sta(dev, mac_addr);
18724 
18725 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18726 	if (!msg) {
18727 		cfg80211_sinfo_release_content(sinfo);
18728 		return;
18729 	}
18730 
18731 	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
18732 				 rdev, dev, mac_addr, sinfo) < 0) {
18733 		nlmsg_free(msg);
18734 		return;
18735 	}
18736 
18737 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18738 				NL80211_MCGRP_MLME, gfp);
18739 }
18740 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
18741 
18742 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
18743 			  enum nl80211_connect_failed_reason reason,
18744 			  gfp_t gfp)
18745 {
18746 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
18747 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18748 	struct sk_buff *msg;
18749 	void *hdr;
18750 
18751 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
18752 	if (!msg)
18753 		return;
18754 
18755 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
18756 	if (!hdr) {
18757 		nlmsg_free(msg);
18758 		return;
18759 	}
18760 
18761 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18762 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
18763 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
18764 		goto nla_put_failure;
18765 
18766 	genlmsg_end(msg, hdr);
18767 
18768 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18769 				NL80211_MCGRP_MLME, gfp);
18770 	return;
18771 
18772  nla_put_failure:
18773 	nlmsg_free(msg);
18774 }
18775 EXPORT_SYMBOL(cfg80211_conn_failed);
18776 
18777 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
18778 				       const u8 *addr, gfp_t gfp)
18779 {
18780 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18781 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
18782 	struct sk_buff *msg;
18783 	void *hdr;
18784 	u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
18785 
18786 	if (!nlportid)
18787 		return false;
18788 
18789 	msg = nlmsg_new(100, gfp);
18790 	if (!msg)
18791 		return true;
18792 
18793 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
18794 	if (!hdr) {
18795 		nlmsg_free(msg);
18796 		return true;
18797 	}
18798 
18799 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18800 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18801 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
18802 		goto nla_put_failure;
18803 
18804 	genlmsg_end(msg, hdr);
18805 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
18806 	return true;
18807 
18808  nla_put_failure:
18809 	nlmsg_free(msg);
18810 	return true;
18811 }
18812 
18813 bool cfg80211_rx_spurious_frame(struct net_device *dev,
18814 				const u8 *addr, gfp_t gfp)
18815 {
18816 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18817 	bool ret;
18818 
18819 	trace_cfg80211_rx_spurious_frame(dev, addr);
18820 
18821 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
18822 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
18823 		trace_cfg80211_return_bool(false);
18824 		return false;
18825 	}
18826 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
18827 					 addr, gfp);
18828 	trace_cfg80211_return_bool(ret);
18829 	return ret;
18830 }
18831 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
18832 
18833 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
18834 					const u8 *addr, gfp_t gfp)
18835 {
18836 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18837 	bool ret;
18838 
18839 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
18840 
18841 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
18842 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
18843 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
18844 		trace_cfg80211_return_bool(false);
18845 		return false;
18846 	}
18847 	ret = __nl80211_unexpected_frame(dev,
18848 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
18849 					 addr, gfp);
18850 	trace_cfg80211_return_bool(ret);
18851 	return ret;
18852 }
18853 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
18854 
18855 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
18856 		      struct wireless_dev *wdev, u32 nlportid,
18857 		      struct cfg80211_rx_info *info, gfp_t gfp)
18858 {
18859 	struct net_device *netdev = wdev->netdev;
18860 	struct sk_buff *msg;
18861 	void *hdr;
18862 
18863 	msg = nlmsg_new(100 + info->len, gfp);
18864 	if (!msg)
18865 		return -ENOMEM;
18866 
18867 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
18868 	if (!hdr) {
18869 		nlmsg_free(msg);
18870 		return -ENOMEM;
18871 	}
18872 
18873 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18874 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
18875 					netdev->ifindex)) ||
18876 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
18877 			      NL80211_ATTR_PAD) ||
18878 	    (info->have_link_id &&
18879 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, info->link_id)) ||
18880 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(info->freq)) ||
18881 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, info->freq % 1000) ||
18882 	    (info->sig_dbm &&
18883 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, info->sig_dbm)) ||
18884 	    nla_put(msg, NL80211_ATTR_FRAME, info->len, info->buf) ||
18885 	    (info->flags &&
18886 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, info->flags)) ||
18887 	    (info->rx_tstamp && nla_put_u64_64bit(msg,
18888 						  NL80211_ATTR_RX_HW_TIMESTAMP,
18889 						  info->rx_tstamp,
18890 						  NL80211_ATTR_PAD)) ||
18891 	    (info->ack_tstamp && nla_put_u64_64bit(msg,
18892 						   NL80211_ATTR_TX_HW_TIMESTAMP,
18893 						   info->ack_tstamp,
18894 						   NL80211_ATTR_PAD)))
18895 		goto nla_put_failure;
18896 
18897 	genlmsg_end(msg, hdr);
18898 
18899 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
18900 
18901  nla_put_failure:
18902 	nlmsg_free(msg);
18903 	return -ENOBUFS;
18904 }
18905 
18906 static void nl80211_frame_tx_status(struct wireless_dev *wdev,
18907 				    struct cfg80211_tx_status *status,
18908 				    gfp_t gfp, enum nl80211_commands command)
18909 {
18910 	struct wiphy *wiphy = wdev->wiphy;
18911 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18912 	struct net_device *netdev = wdev->netdev;
18913 	struct sk_buff *msg;
18914 	void *hdr;
18915 
18916 	if (command == NL80211_CMD_FRAME_TX_STATUS)
18917 		trace_cfg80211_mgmt_tx_status(wdev, status->cookie,
18918 					      status->ack);
18919 	else
18920 		trace_cfg80211_control_port_tx_status(wdev, status->cookie,
18921 						      status->ack);
18922 
18923 	msg = nlmsg_new(100 + status->len, gfp);
18924 	if (!msg)
18925 		return;
18926 
18927 	hdr = nl80211hdr_put(msg, 0, 0, 0, command);
18928 	if (!hdr) {
18929 		nlmsg_free(msg);
18930 		return;
18931 	}
18932 
18933 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18934 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
18935 				   netdev->ifindex)) ||
18936 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
18937 			      NL80211_ATTR_PAD) ||
18938 	    nla_put(msg, NL80211_ATTR_FRAME, status->len, status->buf) ||
18939 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, status->cookie,
18940 			      NL80211_ATTR_PAD) ||
18941 	    (status->ack && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
18942 	    (status->tx_tstamp &&
18943 	     nla_put_u64_64bit(msg, NL80211_ATTR_TX_HW_TIMESTAMP,
18944 			       status->tx_tstamp, NL80211_ATTR_PAD)) ||
18945 	    (status->ack_tstamp &&
18946 	     nla_put_u64_64bit(msg, NL80211_ATTR_RX_HW_TIMESTAMP,
18947 			       status->ack_tstamp, NL80211_ATTR_PAD)))
18948 		goto nla_put_failure;
18949 
18950 	genlmsg_end(msg, hdr);
18951 
18952 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18953 				NL80211_MCGRP_MLME, gfp);
18954 	return;
18955 
18956 nla_put_failure:
18957 	nlmsg_free(msg);
18958 }
18959 
18960 void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
18961 				     const u8 *buf, size_t len, bool ack,
18962 				     gfp_t gfp)
18963 {
18964 	struct cfg80211_tx_status status = {
18965 		.cookie = cookie,
18966 		.buf = buf,
18967 		.len = len,
18968 		.ack = ack
18969 	};
18970 
18971 	nl80211_frame_tx_status(wdev, &status, gfp,
18972 				NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
18973 }
18974 EXPORT_SYMBOL(cfg80211_control_port_tx_status);
18975 
18976 void cfg80211_mgmt_tx_status_ext(struct wireless_dev *wdev,
18977 				 struct cfg80211_tx_status *status, gfp_t gfp)
18978 {
18979 	nl80211_frame_tx_status(wdev, status, gfp, NL80211_CMD_FRAME_TX_STATUS);
18980 }
18981 EXPORT_SYMBOL(cfg80211_mgmt_tx_status_ext);
18982 
18983 static int __nl80211_rx_control_port(struct net_device *dev,
18984 				     struct sk_buff *skb,
18985 				     bool unencrypted,
18986 				     int link_id,
18987 				     gfp_t gfp)
18988 {
18989 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18990 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
18991 	struct ethhdr *ehdr = eth_hdr(skb);
18992 	const u8 *addr = ehdr->h_source;
18993 	u16 proto = be16_to_cpu(skb->protocol);
18994 	struct sk_buff *msg;
18995 	void *hdr;
18996 	struct nlattr *frame;
18997 
18998 	u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
18999 
19000 	if (!nlportid)
19001 		return -ENOENT;
19002 
19003 	msg = nlmsg_new(100 + skb->len, gfp);
19004 	if (!msg)
19005 		return -ENOMEM;
19006 
19007 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
19008 	if (!hdr) {
19009 		nlmsg_free(msg);
19010 		return -ENOBUFS;
19011 	}
19012 
19013 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19014 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19015 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19016 			      NL80211_ATTR_PAD) ||
19017 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
19018 	    nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
19019 	    (link_id >= 0 &&
19020 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) ||
19021 	    (unencrypted && nla_put_flag(msg,
19022 					 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
19023 		goto nla_put_failure;
19024 
19025 	frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
19026 	if (!frame)
19027 		goto nla_put_failure;
19028 
19029 	skb_copy_bits(skb, 0, nla_data(frame), skb->len);
19030 	genlmsg_end(msg, hdr);
19031 
19032 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
19033 
19034  nla_put_failure:
19035 	nlmsg_free(msg);
19036 	return -ENOBUFS;
19037 }
19038 
19039 bool cfg80211_rx_control_port(struct net_device *dev, struct sk_buff *skb,
19040 			      bool unencrypted, int link_id)
19041 {
19042 	int ret;
19043 
19044 	trace_cfg80211_rx_control_port(dev, skb, unencrypted, link_id);
19045 	ret = __nl80211_rx_control_port(dev, skb, unencrypted, link_id,
19046 					GFP_ATOMIC);
19047 	trace_cfg80211_return_bool(ret == 0);
19048 	return ret == 0;
19049 }
19050 EXPORT_SYMBOL(cfg80211_rx_control_port);
19051 
19052 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
19053 					    const char *mac, gfp_t gfp)
19054 {
19055 	struct wireless_dev *wdev = dev->ieee80211_ptr;
19056 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19057 	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19058 	void **cb;
19059 
19060 	if (!msg)
19061 		return NULL;
19062 
19063 	cb = (void **)msg->cb;
19064 
19065 	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
19066 	if (!cb[0]) {
19067 		nlmsg_free(msg);
19068 		return NULL;
19069 	}
19070 
19071 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19072 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
19073 		goto nla_put_failure;
19074 
19075 	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
19076 		goto nla_put_failure;
19077 
19078 	cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
19079 	if (!cb[1])
19080 		goto nla_put_failure;
19081 
19082 	cb[2] = rdev;
19083 
19084 	return msg;
19085  nla_put_failure:
19086 	nlmsg_free(msg);
19087 	return NULL;
19088 }
19089 
19090 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
19091 {
19092 	void **cb = (void **)msg->cb;
19093 	struct cfg80211_registered_device *rdev = cb[2];
19094 
19095 	nla_nest_end(msg, cb[1]);
19096 	genlmsg_end(msg, cb[0]);
19097 
19098 	memset(msg->cb, 0, sizeof(msg->cb));
19099 
19100 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19101 				NL80211_MCGRP_MLME, gfp);
19102 }
19103 
19104 void cfg80211_cqm_rssi_notify(struct net_device *dev,
19105 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
19106 			      s32 rssi_level, gfp_t gfp)
19107 {
19108 	struct wireless_dev *wdev = dev->ieee80211_ptr;
19109 	struct cfg80211_cqm_config *cqm_config;
19110 
19111 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
19112 
19113 	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
19114 		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
19115 		return;
19116 
19117 	rcu_read_lock();
19118 	cqm_config = rcu_dereference(wdev->cqm_config);
19119 	if (cqm_config) {
19120 		cqm_config->last_rssi_event_value = rssi_level;
19121 		cqm_config->last_rssi_event_type = rssi_event;
19122 		wiphy_work_queue(wdev->wiphy, &wdev->cqm_rssi_work);
19123 	}
19124 	rcu_read_unlock();
19125 }
19126 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
19127 
19128 void cfg80211_cqm_rssi_notify_work(struct wiphy *wiphy, struct wiphy_work *work)
19129 {
19130 	struct wireless_dev *wdev = container_of(work, struct wireless_dev,
19131 						 cqm_rssi_work);
19132 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19133 	enum nl80211_cqm_rssi_threshold_event rssi_event;
19134 	struct cfg80211_cqm_config *cqm_config;
19135 	struct sk_buff *msg;
19136 	s32 rssi_level;
19137 
19138 	cqm_config = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
19139 	if (!cqm_config)
19140 		return;
19141 
19142 	if (cqm_config->use_range_api)
19143 		cfg80211_cqm_rssi_update(rdev, wdev->netdev, cqm_config);
19144 
19145 	rssi_level = cqm_config->last_rssi_event_value;
19146 	rssi_event = cqm_config->last_rssi_event_type;
19147 
19148 	msg = cfg80211_prepare_cqm(wdev->netdev, NULL, GFP_KERNEL);
19149 	if (!msg)
19150 		return;
19151 
19152 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
19153 			rssi_event))
19154 		goto nla_put_failure;
19155 
19156 	if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
19157 				      rssi_level))
19158 		goto nla_put_failure;
19159 
19160 	cfg80211_send_cqm(msg, GFP_KERNEL);
19161 
19162 	return;
19163 
19164  nla_put_failure:
19165 	nlmsg_free(msg);
19166 }
19167 
19168 void cfg80211_cqm_txe_notify(struct net_device *dev,
19169 			     const u8 *peer, u32 num_packets,
19170 			     u32 rate, u32 intvl, gfp_t gfp)
19171 {
19172 	struct sk_buff *msg;
19173 
19174 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
19175 	if (!msg)
19176 		return;
19177 
19178 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
19179 		goto nla_put_failure;
19180 
19181 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
19182 		goto nla_put_failure;
19183 
19184 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
19185 		goto nla_put_failure;
19186 
19187 	cfg80211_send_cqm(msg, gfp);
19188 	return;
19189 
19190  nla_put_failure:
19191 	nlmsg_free(msg);
19192 }
19193 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
19194 
19195 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
19196 				 const u8 *peer, u32 num_packets, gfp_t gfp)
19197 {
19198 	struct sk_buff *msg;
19199 
19200 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
19201 
19202 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
19203 	if (!msg)
19204 		return;
19205 
19206 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
19207 		goto nla_put_failure;
19208 
19209 	cfg80211_send_cqm(msg, gfp);
19210 	return;
19211 
19212  nla_put_failure:
19213 	nlmsg_free(msg);
19214 }
19215 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
19216 
19217 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
19218 {
19219 	struct sk_buff *msg;
19220 
19221 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
19222 	if (!msg)
19223 		return;
19224 
19225 	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
19226 		goto nla_put_failure;
19227 
19228 	cfg80211_send_cqm(msg, gfp);
19229 	return;
19230 
19231  nla_put_failure:
19232 	nlmsg_free(msg);
19233 }
19234 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
19235 
19236 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
19237 				     struct net_device *netdev, const u8 *bssid,
19238 				     const u8 *replay_ctr, gfp_t gfp)
19239 {
19240 	struct sk_buff *msg;
19241 	struct nlattr *rekey_attr;
19242 	void *hdr;
19243 
19244 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19245 	if (!msg)
19246 		return;
19247 
19248 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
19249 	if (!hdr) {
19250 		nlmsg_free(msg);
19251 		return;
19252 	}
19253 
19254 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19255 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19256 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
19257 		goto nla_put_failure;
19258 
19259 	rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
19260 	if (!rekey_attr)
19261 		goto nla_put_failure;
19262 
19263 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
19264 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
19265 		goto nla_put_failure;
19266 
19267 	nla_nest_end(msg, rekey_attr);
19268 
19269 	genlmsg_end(msg, hdr);
19270 
19271 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19272 				NL80211_MCGRP_MLME, gfp);
19273 	return;
19274 
19275  nla_put_failure:
19276 	nlmsg_free(msg);
19277 }
19278 
19279 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
19280 			       const u8 *replay_ctr, gfp_t gfp)
19281 {
19282 	struct wireless_dev *wdev = dev->ieee80211_ptr;
19283 	struct wiphy *wiphy = wdev->wiphy;
19284 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19285 
19286 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
19287 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
19288 }
19289 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
19290 
19291 static void
19292 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
19293 			       struct net_device *netdev, int index,
19294 			       const u8 *bssid, bool preauth, gfp_t gfp)
19295 {
19296 	struct sk_buff *msg;
19297 	struct nlattr *attr;
19298 	void *hdr;
19299 
19300 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19301 	if (!msg)
19302 		return;
19303 
19304 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
19305 	if (!hdr) {
19306 		nlmsg_free(msg);
19307 		return;
19308 	}
19309 
19310 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19311 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
19312 		goto nla_put_failure;
19313 
19314 	attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
19315 	if (!attr)
19316 		goto nla_put_failure;
19317 
19318 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
19319 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
19320 	    (preauth &&
19321 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
19322 		goto nla_put_failure;
19323 
19324 	nla_nest_end(msg, attr);
19325 
19326 	genlmsg_end(msg, hdr);
19327 
19328 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19329 				NL80211_MCGRP_MLME, gfp);
19330 	return;
19331 
19332  nla_put_failure:
19333 	nlmsg_free(msg);
19334 }
19335 
19336 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
19337 				     const u8 *bssid, bool preauth, gfp_t gfp)
19338 {
19339 	struct wireless_dev *wdev = dev->ieee80211_ptr;
19340 	struct wiphy *wiphy = wdev->wiphy;
19341 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19342 
19343 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
19344 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
19345 }
19346 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
19347 
19348 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
19349 				     struct net_device *netdev,
19350 				     unsigned int link_id,
19351 				     struct cfg80211_chan_def *chandef,
19352 				     gfp_t gfp,
19353 				     enum nl80211_commands notif,
19354 				     u8 count, bool quiet)
19355 {
19356 	struct wireless_dev *wdev = netdev->ieee80211_ptr;
19357 	struct sk_buff *msg;
19358 	void *hdr;
19359 
19360 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19361 	if (!msg)
19362 		return;
19363 
19364 	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
19365 	if (!hdr) {
19366 		nlmsg_free(msg);
19367 		return;
19368 	}
19369 
19370 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
19371 		goto nla_put_failure;
19372 
19373 	if (wdev->valid_links &&
19374 	    nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
19375 		goto nla_put_failure;
19376 
19377 	if (nl80211_send_chandef(msg, chandef))
19378 		goto nla_put_failure;
19379 
19380 	if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) {
19381 		if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))
19382 			goto nla_put_failure;
19383 		if (quiet &&
19384 		    nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX))
19385 			goto nla_put_failure;
19386 	}
19387 
19388 	genlmsg_end(msg, hdr);
19389 
19390 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19391 				NL80211_MCGRP_MLME, gfp);
19392 	return;
19393 
19394  nla_put_failure:
19395 	nlmsg_free(msg);
19396 }
19397 
19398 void cfg80211_ch_switch_notify(struct net_device *dev,
19399 			       struct cfg80211_chan_def *chandef,
19400 			       unsigned int link_id)
19401 {
19402 	struct wireless_dev *wdev = dev->ieee80211_ptr;
19403 	struct wiphy *wiphy = wdev->wiphy;
19404 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19405 
19406 	lockdep_assert_wiphy(wdev->wiphy);
19407 	WARN_INVALID_LINK_ID(wdev, link_id);
19408 
19409 	trace_cfg80211_ch_switch_notify(dev, chandef, link_id);
19410 
19411 	switch (wdev->iftype) {
19412 	case NL80211_IFTYPE_STATION:
19413 	case NL80211_IFTYPE_P2P_CLIENT:
19414 		if (!WARN_ON(!wdev->links[link_id].client.current_bss))
19415 			cfg80211_update_assoc_bss_entry(wdev, link_id,
19416 							chandef->chan);
19417 		break;
19418 	case NL80211_IFTYPE_MESH_POINT:
19419 		wdev->u.mesh.chandef = *chandef;
19420 		wdev->u.mesh.preset_chandef = *chandef;
19421 		break;
19422 	case NL80211_IFTYPE_AP:
19423 	case NL80211_IFTYPE_P2P_GO:
19424 		wdev->links[link_id].ap.chandef = *chandef;
19425 		break;
19426 	case NL80211_IFTYPE_ADHOC:
19427 		wdev->u.ibss.chandef = *chandef;
19428 		break;
19429 	default:
19430 		WARN_ON(1);
19431 		break;
19432 	}
19433 
19434 	cfg80211_schedule_channels_check(wdev);
19435 	cfg80211_sched_dfs_chan_update(rdev);
19436 
19437 	nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
19438 				 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false);
19439 }
19440 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
19441 
19442 void cfg80211_ch_switch_started_notify(struct net_device *dev,
19443 				       struct cfg80211_chan_def *chandef,
19444 				       unsigned int link_id, u8 count,
19445 				       bool quiet)
19446 {
19447 	struct wireless_dev *wdev = dev->ieee80211_ptr;
19448 	struct wiphy *wiphy = wdev->wiphy;
19449 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19450 
19451 	lockdep_assert_wiphy(wdev->wiphy);
19452 	WARN_INVALID_LINK_ID(wdev, link_id);
19453 
19454 	trace_cfg80211_ch_switch_started_notify(dev, chandef, link_id);
19455 
19456 
19457 	nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
19458 				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY,
19459 				 count, quiet);
19460 }
19461 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
19462 
19463 int cfg80211_bss_color_notify(struct net_device *dev,
19464 			      enum nl80211_commands cmd, u8 count,
19465 			      u64 color_bitmap, u8 link_id)
19466 {
19467 	struct wireless_dev *wdev = dev->ieee80211_ptr;
19468 	struct wiphy *wiphy = wdev->wiphy;
19469 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19470 	struct sk_buff *msg;
19471 	void *hdr;
19472 
19473 	lockdep_assert_wiphy(wdev->wiphy);
19474 
19475 	trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap);
19476 
19477 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19478 	if (!msg)
19479 		return -ENOMEM;
19480 
19481 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
19482 	if (!hdr)
19483 		goto nla_put_failure;
19484 
19485 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
19486 		goto nla_put_failure;
19487 
19488 	if (wdev->valid_links &&
19489 	    nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
19490 		goto nla_put_failure;
19491 
19492 	if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED &&
19493 	    nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count))
19494 		goto nla_put_failure;
19495 
19496 	if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION &&
19497 	    nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP,
19498 			      color_bitmap, NL80211_ATTR_PAD))
19499 		goto nla_put_failure;
19500 
19501 	genlmsg_end(msg, hdr);
19502 
19503 	return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
19504 				       msg, 0, NL80211_MCGRP_MLME, GFP_KERNEL);
19505 
19506 nla_put_failure:
19507 	nlmsg_free(msg);
19508 	return -EINVAL;
19509 }
19510 EXPORT_SYMBOL(cfg80211_bss_color_notify);
19511 
19512 void
19513 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
19514 		     const struct cfg80211_chan_def *chandef,
19515 		     enum nl80211_radar_event event,
19516 		     struct net_device *netdev, gfp_t gfp)
19517 {
19518 	struct sk_buff *msg;
19519 	void *hdr;
19520 
19521 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19522 	if (!msg)
19523 		return;
19524 
19525 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
19526 	if (!hdr) {
19527 		nlmsg_free(msg);
19528 		return;
19529 	}
19530 
19531 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
19532 		goto nla_put_failure;
19533 
19534 	/* NOP and radar events don't need a netdev parameter */
19535 	if (netdev) {
19536 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
19537 
19538 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19539 		    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19540 				      NL80211_ATTR_PAD))
19541 			goto nla_put_failure;
19542 	}
19543 
19544 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
19545 		goto nla_put_failure;
19546 
19547 	if (nl80211_send_chandef(msg, chandef))
19548 		goto nla_put_failure;
19549 
19550 	genlmsg_end(msg, hdr);
19551 
19552 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19553 				NL80211_MCGRP_MLME, gfp);
19554 	return;
19555 
19556  nla_put_failure:
19557 	nlmsg_free(msg);
19558 }
19559 
19560 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
19561 				       struct sta_opmode_info *sta_opmode,
19562 				       gfp_t gfp)
19563 {
19564 	struct sk_buff *msg;
19565 	struct wireless_dev *wdev = dev->ieee80211_ptr;
19566 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19567 	void *hdr;
19568 
19569 	if (WARN_ON(!mac))
19570 		return;
19571 
19572 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19573 	if (!msg)
19574 		return;
19575 
19576 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
19577 	if (!hdr) {
19578 		nlmsg_free(msg);
19579 		return;
19580 	}
19581 
19582 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
19583 		goto nla_put_failure;
19584 
19585 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
19586 		goto nla_put_failure;
19587 
19588 	if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
19589 		goto nla_put_failure;
19590 
19591 	if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
19592 	    nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
19593 		goto nla_put_failure;
19594 
19595 	if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
19596 	    nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
19597 		goto nla_put_failure;
19598 
19599 	if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
19600 	    nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
19601 		goto nla_put_failure;
19602 
19603 	genlmsg_end(msg, hdr);
19604 
19605 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19606 				NL80211_MCGRP_MLME, gfp);
19607 
19608 	return;
19609 
19610 nla_put_failure:
19611 	nlmsg_free(msg);
19612 }
19613 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
19614 
19615 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
19616 			   u64 cookie, bool acked, s32 ack_signal,
19617 			   bool is_valid_ack_signal, gfp_t gfp)
19618 {
19619 	struct wireless_dev *wdev = dev->ieee80211_ptr;
19620 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19621 	struct sk_buff *msg;
19622 	void *hdr;
19623 
19624 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
19625 
19626 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19627 
19628 	if (!msg)
19629 		return;
19630 
19631 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
19632 	if (!hdr) {
19633 		nlmsg_free(msg);
19634 		return;
19635 	}
19636 
19637 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19638 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19639 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
19640 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
19641 			      NL80211_ATTR_PAD) ||
19642 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
19643 	    (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
19644 						ack_signal)))
19645 		goto nla_put_failure;
19646 
19647 	genlmsg_end(msg, hdr);
19648 
19649 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19650 				NL80211_MCGRP_MLME, gfp);
19651 	return;
19652 
19653  nla_put_failure:
19654 	nlmsg_free(msg);
19655 }
19656 EXPORT_SYMBOL(cfg80211_probe_status);
19657 
19658 void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
19659 				     size_t len, int freq, int sig_dbm)
19660 {
19661 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19662 	struct sk_buff *msg;
19663 	void *hdr;
19664 	struct cfg80211_beacon_registration *reg;
19665 
19666 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
19667 
19668 	spin_lock_bh(&rdev->beacon_registrations_lock);
19669 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
19670 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
19671 		if (!msg) {
19672 			spin_unlock_bh(&rdev->beacon_registrations_lock);
19673 			return;
19674 		}
19675 
19676 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
19677 		if (!hdr)
19678 			goto nla_put_failure;
19679 
19680 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19681 		    (freq &&
19682 		     (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
19683 				  KHZ_TO_MHZ(freq)) ||
19684 		      nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
19685 				  freq % 1000))) ||
19686 		    (sig_dbm &&
19687 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
19688 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
19689 			goto nla_put_failure;
19690 
19691 		genlmsg_end(msg, hdr);
19692 
19693 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
19694 	}
19695 	spin_unlock_bh(&rdev->beacon_registrations_lock);
19696 	return;
19697 
19698  nla_put_failure:
19699 	spin_unlock_bh(&rdev->beacon_registrations_lock);
19700 	nlmsg_free(msg);
19701 }
19702 EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
19703 
19704 #ifdef CONFIG_PM
19705 static int cfg80211_net_detect_results(struct sk_buff *msg,
19706 				       struct cfg80211_wowlan_wakeup *wakeup)
19707 {
19708 	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
19709 	struct nlattr *nl_results, *nl_match, *nl_freqs;
19710 	int i, j;
19711 
19712 	nl_results = nla_nest_start_noflag(msg,
19713 					   NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
19714 	if (!nl_results)
19715 		return -EMSGSIZE;
19716 
19717 	for (i = 0; i < nd->n_matches; i++) {
19718 		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
19719 
19720 		nl_match = nla_nest_start_noflag(msg, i);
19721 		if (!nl_match)
19722 			break;
19723 
19724 		/* The SSID attribute is optional in nl80211, but for
19725 		 * simplicity reasons it's always present in the
19726 		 * cfg80211 structure.  If a driver can't pass the
19727 		 * SSID, that needs to be changed.  A zero length SSID
19728 		 * is still a valid SSID (wildcard), so it cannot be
19729 		 * used for this purpose.
19730 		 */
19731 		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
19732 			    match->ssid.ssid)) {
19733 			nla_nest_cancel(msg, nl_match);
19734 			goto out;
19735 		}
19736 
19737 		if (match->n_channels) {
19738 			nl_freqs = nla_nest_start_noflag(msg,
19739 							 NL80211_ATTR_SCAN_FREQUENCIES);
19740 			if (!nl_freqs) {
19741 				nla_nest_cancel(msg, nl_match);
19742 				goto out;
19743 			}
19744 
19745 			for (j = 0; j < match->n_channels; j++) {
19746 				if (nla_put_u32(msg, j, match->channels[j])) {
19747 					nla_nest_cancel(msg, nl_freqs);
19748 					nla_nest_cancel(msg, nl_match);
19749 					goto out;
19750 				}
19751 			}
19752 
19753 			nla_nest_end(msg, nl_freqs);
19754 		}
19755 
19756 		nla_nest_end(msg, nl_match);
19757 	}
19758 
19759 out:
19760 	nla_nest_end(msg, nl_results);
19761 	return 0;
19762 }
19763 
19764 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
19765 				   struct cfg80211_wowlan_wakeup *wakeup,
19766 				   gfp_t gfp)
19767 {
19768 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19769 	struct sk_buff *msg;
19770 	void *hdr;
19771 	int size = 200;
19772 
19773 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
19774 
19775 	if (wakeup)
19776 		size += wakeup->packet_present_len;
19777 
19778 	msg = nlmsg_new(size, gfp);
19779 	if (!msg)
19780 		return;
19781 
19782 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
19783 	if (!hdr)
19784 		goto free_msg;
19785 
19786 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19787 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19788 			      NL80211_ATTR_PAD))
19789 		goto free_msg;
19790 
19791 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
19792 					wdev->netdev->ifindex))
19793 		goto free_msg;
19794 
19795 	if (wakeup) {
19796 		struct nlattr *reasons;
19797 
19798 		reasons = nla_nest_start_noflag(msg,
19799 						NL80211_ATTR_WOWLAN_TRIGGERS);
19800 		if (!reasons)
19801 			goto free_msg;
19802 
19803 		if (wakeup->disconnect &&
19804 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
19805 			goto free_msg;
19806 		if (wakeup->magic_pkt &&
19807 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
19808 			goto free_msg;
19809 		if (wakeup->gtk_rekey_failure &&
19810 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
19811 			goto free_msg;
19812 		if (wakeup->eap_identity_req &&
19813 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
19814 			goto free_msg;
19815 		if (wakeup->four_way_handshake &&
19816 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
19817 			goto free_msg;
19818 		if (wakeup->rfkill_release &&
19819 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
19820 			goto free_msg;
19821 
19822 		if (wakeup->pattern_idx >= 0 &&
19823 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
19824 				wakeup->pattern_idx))
19825 			goto free_msg;
19826 
19827 		if (wakeup->tcp_match &&
19828 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
19829 			goto free_msg;
19830 
19831 		if (wakeup->tcp_connlost &&
19832 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
19833 			goto free_msg;
19834 
19835 		if (wakeup->tcp_nomoretokens &&
19836 		    nla_put_flag(msg,
19837 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
19838 			goto free_msg;
19839 
19840 		if (wakeup->unprot_deauth_disassoc &&
19841 		    nla_put_flag(msg,
19842 				 NL80211_WOWLAN_TRIG_UNPROTECTED_DEAUTH_DISASSOC))
19843 			goto free_msg;
19844 
19845 		if (wakeup->packet) {
19846 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
19847 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
19848 
19849 			if (!wakeup->packet_80211) {
19850 				pkt_attr =
19851 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
19852 				len_attr =
19853 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
19854 			}
19855 
19856 			if (wakeup->packet_len &&
19857 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
19858 				goto free_msg;
19859 
19860 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
19861 				    wakeup->packet))
19862 				goto free_msg;
19863 		}
19864 
19865 		if (wakeup->net_detect &&
19866 		    cfg80211_net_detect_results(msg, wakeup))
19867 				goto free_msg;
19868 
19869 		nla_nest_end(msg, reasons);
19870 	}
19871 
19872 	genlmsg_end(msg, hdr);
19873 
19874 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19875 				NL80211_MCGRP_MLME, gfp);
19876 	return;
19877 
19878  free_msg:
19879 	nlmsg_free(msg);
19880 }
19881 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
19882 #endif
19883 
19884 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
19885 				enum nl80211_tdls_operation oper,
19886 				u16 reason_code, gfp_t gfp)
19887 {
19888 	struct wireless_dev *wdev = dev->ieee80211_ptr;
19889 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19890 	struct sk_buff *msg;
19891 	void *hdr;
19892 
19893 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
19894 					 reason_code);
19895 
19896 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19897 	if (!msg)
19898 		return;
19899 
19900 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
19901 	if (!hdr) {
19902 		nlmsg_free(msg);
19903 		return;
19904 	}
19905 
19906 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19907 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19908 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
19909 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
19910 	    (reason_code > 0 &&
19911 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
19912 		goto nla_put_failure;
19913 
19914 	genlmsg_end(msg, hdr);
19915 
19916 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19917 				NL80211_MCGRP_MLME, gfp);
19918 	return;
19919 
19920  nla_put_failure:
19921 	nlmsg_free(msg);
19922 }
19923 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
19924 
19925 static int nl80211_netlink_notify(struct notifier_block * nb,
19926 				  unsigned long state,
19927 				  void *_notify)
19928 {
19929 	struct netlink_notify *notify = _notify;
19930 	struct cfg80211_registered_device *rdev;
19931 	struct wireless_dev *wdev;
19932 	struct cfg80211_beacon_registration *reg, *tmp;
19933 
19934 	if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
19935 		return NOTIFY_DONE;
19936 
19937 	rcu_read_lock();
19938 
19939 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
19940 		struct cfg80211_sched_scan_request *sched_scan_req;
19941 
19942 		list_for_each_entry_rcu(sched_scan_req,
19943 					&rdev->sched_scan_req_list,
19944 					list) {
19945 			if (sched_scan_req->owner_nlportid == notify->portid) {
19946 				sched_scan_req->nl_owner_dead = true;
19947 				wiphy_work_queue(&rdev->wiphy,
19948 						 &rdev->sched_scan_stop_wk);
19949 			}
19950 		}
19951 
19952 		list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
19953 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
19954 
19955 			if (wdev->owner_nlportid == notify->portid) {
19956 				wdev->nl_owner_dead = true;
19957 				schedule_work(&rdev->destroy_work);
19958 			} else if (wdev->conn_owner_nlportid == notify->portid) {
19959 				schedule_work(&wdev->disconnect_wk);
19960 			}
19961 
19962 			cfg80211_release_pmsr(wdev, notify->portid);
19963 		}
19964 
19965 		spin_lock_bh(&rdev->beacon_registrations_lock);
19966 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
19967 					 list) {
19968 			if (reg->nlportid == notify->portid) {
19969 				list_del(&reg->list);
19970 				kfree(reg);
19971 				break;
19972 			}
19973 		}
19974 		spin_unlock_bh(&rdev->beacon_registrations_lock);
19975 	}
19976 
19977 	rcu_read_unlock();
19978 
19979 	/*
19980 	 * It is possible that the user space process that is controlling the
19981 	 * indoor setting disappeared, so notify the regulatory core.
19982 	 */
19983 	regulatory_netlink_notify(notify->portid);
19984 	return NOTIFY_OK;
19985 }
19986 
19987 static struct notifier_block nl80211_netlink_notifier = {
19988 	.notifier_call = nl80211_netlink_notify,
19989 };
19990 
19991 void cfg80211_ft_event(struct net_device *netdev,
19992 		       struct cfg80211_ft_event_params *ft_event)
19993 {
19994 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
19995 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19996 	struct sk_buff *msg;
19997 	void *hdr;
19998 
19999 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
20000 
20001 	if (!ft_event->target_ap)
20002 		return;
20003 
20004 	msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
20005 			GFP_KERNEL);
20006 	if (!msg)
20007 		return;
20008 
20009 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
20010 	if (!hdr)
20011 		goto out;
20012 
20013 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20014 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20015 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
20016 		goto out;
20017 
20018 	if (ft_event->ies &&
20019 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
20020 		goto out;
20021 	if (ft_event->ric_ies &&
20022 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
20023 		    ft_event->ric_ies))
20024 		goto out;
20025 
20026 	genlmsg_end(msg, hdr);
20027 
20028 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20029 				NL80211_MCGRP_MLME, GFP_KERNEL);
20030 	return;
20031  out:
20032 	nlmsg_free(msg);
20033 }
20034 EXPORT_SYMBOL(cfg80211_ft_event);
20035 
20036 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
20037 {
20038 	struct cfg80211_registered_device *rdev;
20039 	struct sk_buff *msg;
20040 	void *hdr;
20041 	u32 nlportid;
20042 
20043 	rdev = wiphy_to_rdev(wdev->wiphy);
20044 	if (!rdev->crit_proto_nlportid)
20045 		return;
20046 
20047 	nlportid = rdev->crit_proto_nlportid;
20048 	rdev->crit_proto_nlportid = 0;
20049 
20050 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20051 	if (!msg)
20052 		return;
20053 
20054 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
20055 	if (!hdr)
20056 		goto nla_put_failure;
20057 
20058 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20059 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20060 			      NL80211_ATTR_PAD))
20061 		goto nla_put_failure;
20062 
20063 	genlmsg_end(msg, hdr);
20064 
20065 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
20066 	return;
20067 
20068  nla_put_failure:
20069 	nlmsg_free(msg);
20070 }
20071 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
20072 
20073 void nl80211_send_ap_stopped(struct wireless_dev *wdev, unsigned int link_id)
20074 {
20075 	struct wiphy *wiphy = wdev->wiphy;
20076 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20077 	struct sk_buff *msg;
20078 	void *hdr;
20079 
20080 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20081 	if (!msg)
20082 		return;
20083 
20084 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
20085 	if (!hdr)
20086 		goto out;
20087 
20088 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20089 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
20090 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20091 			      NL80211_ATTR_PAD) ||
20092 	    (wdev->valid_links &&
20093 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
20094 		goto out;
20095 
20096 	genlmsg_end(msg, hdr);
20097 
20098 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
20099 				NL80211_MCGRP_MLME, GFP_KERNEL);
20100 	return;
20101  out:
20102 	nlmsg_free(msg);
20103 }
20104 
20105 int cfg80211_external_auth_request(struct net_device *dev,
20106 				   struct cfg80211_external_auth_params *params,
20107 				   gfp_t gfp)
20108 {
20109 	struct wireless_dev *wdev = dev->ieee80211_ptr;
20110 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20111 	struct sk_buff *msg;
20112 	void *hdr;
20113 
20114 	if (!wdev->conn_owner_nlportid)
20115 		return -EINVAL;
20116 
20117 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20118 	if (!msg)
20119 		return -ENOMEM;
20120 
20121 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
20122 	if (!hdr)
20123 		goto nla_put_failure;
20124 
20125 	/* Some historical mistakes in drivers <-> userspace interface (notably
20126 	 * between drivers and wpa_supplicant) led to a big-endian conversion
20127 	 * being needed on NL80211_ATTR_AKM_SUITES _only_ when its value is
20128 	 * WLAN_AKM_SUITE_SAE. This is now fixed on userspace side, but for the
20129 	 * benefit of older wpa_supplicant versions, send this particular value
20130 	 * in big-endian. Note that newer wpa_supplicant will also detect this
20131 	 * particular value in big endian still, so it all continues to work.
20132 	 */
20133 	if (params->key_mgmt_suite == WLAN_AKM_SUITE_SAE) {
20134 		if (nla_put_be32(msg, NL80211_ATTR_AKM_SUITES,
20135 				 cpu_to_be32(WLAN_AKM_SUITE_SAE)))
20136 			goto nla_put_failure;
20137 	} else {
20138 		if (nla_put_u32(msg, NL80211_ATTR_AKM_SUITES,
20139 				params->key_mgmt_suite))
20140 			goto nla_put_failure;
20141 	}
20142 
20143 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20144 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20145 	    nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
20146 			params->action) ||
20147 	    nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
20148 	    nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
20149 		    params->ssid.ssid) ||
20150 	    (!is_zero_ether_addr(params->mld_addr) &&
20151 	     nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, params->mld_addr)))
20152 		goto nla_put_failure;
20153 
20154 	genlmsg_end(msg, hdr);
20155 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
20156 			wdev->conn_owner_nlportid);
20157 	return 0;
20158 
20159  nla_put_failure:
20160 	nlmsg_free(msg);
20161 	return -ENOBUFS;
20162 }
20163 EXPORT_SYMBOL(cfg80211_external_auth_request);
20164 
20165 void cfg80211_update_owe_info_event(struct net_device *netdev,
20166 				    struct cfg80211_update_owe_info *owe_info,
20167 				    gfp_t gfp)
20168 {
20169 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
20170 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20171 	struct sk_buff *msg;
20172 	void *hdr;
20173 
20174 	trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
20175 
20176 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20177 	if (!msg)
20178 		return;
20179 
20180 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
20181 	if (!hdr)
20182 		goto nla_put_failure;
20183 
20184 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20185 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20186 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
20187 		goto nla_put_failure;
20188 
20189 	if (!owe_info->ie_len ||
20190 	    nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
20191 		goto nla_put_failure;
20192 
20193 	if (owe_info->assoc_link_id != -1) {
20194 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
20195 			       owe_info->assoc_link_id))
20196 			goto nla_put_failure;
20197 
20198 		if (!is_zero_ether_addr(owe_info->peer_mld_addr) &&
20199 		    nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
20200 			    owe_info->peer_mld_addr))
20201 			goto nla_put_failure;
20202 	}
20203 
20204 	genlmsg_end(msg, hdr);
20205 
20206 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20207 				NL80211_MCGRP_MLME, gfp);
20208 	return;
20209 
20210 nla_put_failure:
20211 	genlmsg_cancel(msg, hdr);
20212 	nlmsg_free(msg);
20213 }
20214 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
20215 
20216 void cfg80211_schedule_channels_check(struct wireless_dev *wdev)
20217 {
20218 	struct wiphy *wiphy = wdev->wiphy;
20219 
20220 	/* Schedule channels check if NO_IR or DFS relaxations are supported */
20221 	if (wdev->iftype == NL80211_IFTYPE_STATION &&
20222 	    (wiphy_ext_feature_isset(wiphy,
20223 				     NL80211_EXT_FEATURE_DFS_CONCURRENT) ||
20224 	    (IS_ENABLED(CONFIG_CFG80211_REG_RELAX_NO_IR) &&
20225 	     wiphy->regulatory_flags & REGULATORY_ENABLE_RELAX_NO_IR)))
20226 		reg_check_channels();
20227 }
20228 EXPORT_SYMBOL(cfg80211_schedule_channels_check);
20229 
20230 /* initialisation/exit functions */
20231 
20232 int __init nl80211_init(void)
20233 {
20234 	int err;
20235 
20236 	err = genl_register_family(&nl80211_fam);
20237 	if (err)
20238 		return err;
20239 
20240 	err = netlink_register_notifier(&nl80211_netlink_notifier);
20241 	if (err)
20242 		goto err_out;
20243 
20244 	return 0;
20245  err_out:
20246 	genl_unregister_family(&nl80211_fam);
20247 	return err;
20248 }
20249 
20250 void nl80211_exit(void)
20251 {
20252 	netlink_unregister_notifier(&nl80211_netlink_notifier);
20253 	genl_unregister_family(&nl80211_fam);
20254 }
20255