xref: /linux/net/wireless/nl80211.c (revision 89e47d3b8a273b0eac21e4bf6d7fdb86b654fa16) 
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  */
6 
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include <net/inet_connection_sock.h>
23 #include "core.h"
24 #include "nl80211.h"
25 #include "reg.h"
26 #include "rdev-ops.h"
27 
28 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
29 				   struct genl_info *info,
30 				   struct cfg80211_crypto_settings *settings,
31 				   int cipher_limit);
32 
33 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
34 			    struct genl_info *info);
35 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
36 			      struct genl_info *info);
37 
38 /* the netlink family */
39 static struct genl_family nl80211_fam = {
40 	.id = GENL_ID_GENERATE,		/* don't bother with a hardcoded ID */
41 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
42 	.hdrsize = 0,			/* no private header */
43 	.version = 1,			/* no particular meaning now */
44 	.maxattr = NL80211_ATTR_MAX,
45 	.netnsok = true,
46 	.pre_doit = nl80211_pre_doit,
47 	.post_doit = nl80211_post_doit,
48 };
49 
50 /* multicast groups */
51 enum nl80211_multicast_groups {
52 	NL80211_MCGRP_CONFIG,
53 	NL80211_MCGRP_SCAN,
54 	NL80211_MCGRP_REGULATORY,
55 	NL80211_MCGRP_MLME,
56 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
57 };
58 
59 static const struct genl_multicast_group nl80211_mcgrps[] = {
60 	[NL80211_MCGRP_CONFIG] = { .name = "config", },
61 	[NL80211_MCGRP_SCAN] = { .name = "scan", },
62 	[NL80211_MCGRP_REGULATORY] = { .name = "regulatory", },
63 	[NL80211_MCGRP_MLME] = { .name = "mlme", },
64 #ifdef CONFIG_NL80211_TESTMODE
65 	[NL80211_MCGRP_TESTMODE] = { .name = "testmode", }
66 #endif
67 };
68 
69 /* returns ERR_PTR values */
70 static struct wireless_dev *
71 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
72 {
73 	struct cfg80211_registered_device *rdev;
74 	struct wireless_dev *result = NULL;
75 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
76 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
77 	u64 wdev_id;
78 	int wiphy_idx = -1;
79 	int ifidx = -1;
80 
81 	ASSERT_RTNL();
82 
83 	if (!have_ifidx && !have_wdev_id)
84 		return ERR_PTR(-EINVAL);
85 
86 	if (have_ifidx)
87 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
88 	if (have_wdev_id) {
89 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
90 		wiphy_idx = wdev_id >> 32;
91 	}
92 
93 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
94 		struct wireless_dev *wdev;
95 
96 		if (wiphy_net(&rdev->wiphy) != netns)
97 			continue;
98 
99 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
100 			continue;
101 
102 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
103 			if (have_ifidx && wdev->netdev &&
104 			    wdev->netdev->ifindex == ifidx) {
105 				result = wdev;
106 				break;
107 			}
108 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
109 				result = wdev;
110 				break;
111 			}
112 		}
113 
114 		if (result)
115 			break;
116 	}
117 
118 	if (result)
119 		return result;
120 	return ERR_PTR(-ENODEV);
121 }
122 
123 static struct cfg80211_registered_device *
124 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
125 {
126 	struct cfg80211_registered_device *rdev = NULL, *tmp;
127 	struct net_device *netdev;
128 
129 	ASSERT_RTNL();
130 
131 	if (!attrs[NL80211_ATTR_WIPHY] &&
132 	    !attrs[NL80211_ATTR_IFINDEX] &&
133 	    !attrs[NL80211_ATTR_WDEV])
134 		return ERR_PTR(-EINVAL);
135 
136 	if (attrs[NL80211_ATTR_WIPHY])
137 		rdev = cfg80211_rdev_by_wiphy_idx(
138 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
139 
140 	if (attrs[NL80211_ATTR_WDEV]) {
141 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
142 		struct wireless_dev *wdev;
143 		bool found = false;
144 
145 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
146 		if (tmp) {
147 			/* make sure wdev exists */
148 			list_for_each_entry(wdev, &tmp->wdev_list, list) {
149 				if (wdev->identifier != (u32)wdev_id)
150 					continue;
151 				found = true;
152 				break;
153 			}
154 
155 			if (!found)
156 				tmp = NULL;
157 
158 			if (rdev && tmp != rdev)
159 				return ERR_PTR(-EINVAL);
160 			rdev = tmp;
161 		}
162 	}
163 
164 	if (attrs[NL80211_ATTR_IFINDEX]) {
165 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
166 		netdev = dev_get_by_index(netns, ifindex);
167 		if (netdev) {
168 			if (netdev->ieee80211_ptr)
169 				tmp = wiphy_to_dev(
170 						netdev->ieee80211_ptr->wiphy);
171 			else
172 				tmp = NULL;
173 
174 			dev_put(netdev);
175 
176 			/* not wireless device -- return error */
177 			if (!tmp)
178 				return ERR_PTR(-EINVAL);
179 
180 			/* mismatch -- return error */
181 			if (rdev && tmp != rdev)
182 				return ERR_PTR(-EINVAL);
183 
184 			rdev = tmp;
185 		}
186 	}
187 
188 	if (!rdev)
189 		return ERR_PTR(-ENODEV);
190 
191 	if (netns != wiphy_net(&rdev->wiphy))
192 		return ERR_PTR(-ENODEV);
193 
194 	return rdev;
195 }
196 
197 /*
198  * This function returns a pointer to the driver
199  * that the genl_info item that is passed refers to.
200  *
201  * The result of this can be a PTR_ERR and hence must
202  * be checked with IS_ERR() for errors.
203  */
204 static struct cfg80211_registered_device *
205 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
206 {
207 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
208 }
209 
210 /* policy for the attributes */
211 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
212 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
213 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
214 				      .len = 20-1 },
215 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
216 
217 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
218 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
219 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
220 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
221 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
222 
223 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
224 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
225 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
226 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
227 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
228 
229 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
230 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
231 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
232 
233 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
234 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
235 
236 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
237 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
238 				    .len = WLAN_MAX_KEY_LEN },
239 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
240 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
241 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
242 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
243 	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
244 
245 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
246 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
247 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
248 				       .len = IEEE80211_MAX_DATA_LEN },
249 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
250 				       .len = IEEE80211_MAX_DATA_LEN },
251 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
252 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
253 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
254 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
255 					       .len = NL80211_MAX_SUPP_RATES },
256 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
257 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
258 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
259 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
260 				   .len = IEEE80211_MAX_MESH_ID_LEN },
261 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
262 
263 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
264 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
265 
266 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
267 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
268 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
269 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
270 					   .len = NL80211_MAX_SUPP_RATES },
271 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
272 
273 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
274 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
275 
276 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
277 
278 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
279 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
280 			      .len = IEEE80211_MAX_DATA_LEN },
281 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
282 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
283 
284 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
285 				.len = IEEE80211_MAX_SSID_LEN },
286 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
287 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
288 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
289 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
290 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
291 	[NL80211_ATTR_STA_FLAGS2] = {
292 		.len = sizeof(struct nl80211_sta_flag_update),
293 	},
294 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
295 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
296 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
297 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
298 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
299 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
300 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
301 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
302 	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
303 				 .len = WLAN_PMKID_LEN },
304 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
305 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
306 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
307 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
308 				 .len = IEEE80211_MAX_DATA_LEN },
309 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
310 	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
311 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
312 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
313 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
314 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
315 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
316 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
317 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
318 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
319 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
320 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
321 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
322 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
323 	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
324 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
325 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
326 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
327 	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
328 	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
329 					 .len = IEEE80211_MAX_DATA_LEN },
330 	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
331 					 .len = IEEE80211_MAX_DATA_LEN },
332 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
333 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
334 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
335 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
336 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
337 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
338 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
339 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
340 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
341 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
342 				      .len = IEEE80211_MAX_DATA_LEN },
343 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
344 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
345 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
346 		.len = NL80211_HT_CAPABILITY_LEN
347 	},
348 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
349 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
350 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
351 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
352 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
353 	[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
354 	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
355 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
356 	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
357 	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
358 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
359 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
360 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
361 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
362 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
363 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
364 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
365 		.len = NL80211_VHT_CAPABILITY_LEN,
366 	},
367 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
368 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
369 				  .len = IEEE80211_MAX_DATA_LEN },
370 	[NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
371 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
372 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
373 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
374 	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_U16 },
375 	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_U16 },
376 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
377 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
378 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
379 };
380 
381 /* policy for the key attributes */
382 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
383 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
384 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
385 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
386 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
387 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
388 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
389 	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
390 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
391 };
392 
393 /* policy for the key default flags */
394 static const struct nla_policy
395 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
396 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
397 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
398 };
399 
400 /* policy for WoWLAN attributes */
401 static const struct nla_policy
402 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
403 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
404 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
405 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
406 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
407 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
408 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
409 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
410 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
411 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
412 };
413 
414 static const struct nla_policy
415 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
416 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
417 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
418 	[NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
419 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
420 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
421 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
422 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
423 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
424 	},
425 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
426 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
427 	},
428 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
429 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
430 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
431 };
432 
433 /* policy for coalesce rule attributes */
434 static const struct nla_policy
435 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
436 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
437 	[NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
438 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
439 };
440 
441 /* policy for GTK rekey offload attributes */
442 static const struct nla_policy
443 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
444 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
445 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
446 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
447 };
448 
449 static const struct nla_policy
450 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
451 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
452 						 .len = IEEE80211_MAX_SSID_LEN },
453 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
454 };
455 
456 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
457 				     struct netlink_callback *cb,
458 				     struct cfg80211_registered_device **rdev,
459 				     struct wireless_dev **wdev)
460 {
461 	int err;
462 
463 	rtnl_lock();
464 
465 	if (!cb->args[0]) {
466 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
467 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
468 				  nl80211_policy);
469 		if (err)
470 			goto out_unlock;
471 
472 		*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
473 						   nl80211_fam.attrbuf);
474 		if (IS_ERR(*wdev)) {
475 			err = PTR_ERR(*wdev);
476 			goto out_unlock;
477 		}
478 		*rdev = wiphy_to_dev((*wdev)->wiphy);
479 		/* 0 is the first index - add 1 to parse only once */
480 		cb->args[0] = (*rdev)->wiphy_idx + 1;
481 		cb->args[1] = (*wdev)->identifier;
482 	} else {
483 		/* subtract the 1 again here */
484 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
485 		struct wireless_dev *tmp;
486 
487 		if (!wiphy) {
488 			err = -ENODEV;
489 			goto out_unlock;
490 		}
491 		*rdev = wiphy_to_dev(wiphy);
492 		*wdev = NULL;
493 
494 		list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
495 			if (tmp->identifier == cb->args[1]) {
496 				*wdev = tmp;
497 				break;
498 			}
499 		}
500 
501 		if (!*wdev) {
502 			err = -ENODEV;
503 			goto out_unlock;
504 		}
505 	}
506 
507 	return 0;
508  out_unlock:
509 	rtnl_unlock();
510 	return err;
511 }
512 
513 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
514 {
515 	rtnl_unlock();
516 }
517 
518 /* IE validation */
519 static bool is_valid_ie_attr(const struct nlattr *attr)
520 {
521 	const u8 *pos;
522 	int len;
523 
524 	if (!attr)
525 		return true;
526 
527 	pos = nla_data(attr);
528 	len = nla_len(attr);
529 
530 	while (len) {
531 		u8 elemlen;
532 
533 		if (len < 2)
534 			return false;
535 		len -= 2;
536 
537 		elemlen = pos[1];
538 		if (elemlen > len)
539 			return false;
540 
541 		len -= elemlen;
542 		pos += 2 + elemlen;
543 	}
544 
545 	return true;
546 }
547 
548 /* message building helper */
549 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
550 				   int flags, u8 cmd)
551 {
552 	/* since there is no private header just add the generic one */
553 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
554 }
555 
556 static int nl80211_msg_put_channel(struct sk_buff *msg,
557 				   struct ieee80211_channel *chan,
558 				   bool large)
559 {
560 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
561 			chan->center_freq))
562 		goto nla_put_failure;
563 
564 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
565 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
566 		goto nla_put_failure;
567 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
568 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
569 			goto nla_put_failure;
570 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
571 			goto nla_put_failure;
572 	}
573 	if (chan->flags & IEEE80211_CHAN_RADAR) {
574 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
575 			goto nla_put_failure;
576 		if (large) {
577 			u32 time;
578 
579 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
580 
581 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
582 					chan->dfs_state))
583 				goto nla_put_failure;
584 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
585 					time))
586 				goto nla_put_failure;
587 		}
588 	}
589 
590 	if (large) {
591 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
592 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
593 			goto nla_put_failure;
594 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
595 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
596 			goto nla_put_failure;
597 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
598 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
599 			goto nla_put_failure;
600 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
601 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
602 			goto nla_put_failure;
603 	}
604 
605 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
606 			DBM_TO_MBM(chan->max_power)))
607 		goto nla_put_failure;
608 
609 	return 0;
610 
611  nla_put_failure:
612 	return -ENOBUFS;
613 }
614 
615 /* netlink command implementations */
616 
617 struct key_parse {
618 	struct key_params p;
619 	int idx;
620 	int type;
621 	bool def, defmgmt;
622 	bool def_uni, def_multi;
623 };
624 
625 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
626 {
627 	struct nlattr *tb[NL80211_KEY_MAX + 1];
628 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
629 				   nl80211_key_policy);
630 	if (err)
631 		return err;
632 
633 	k->def = !!tb[NL80211_KEY_DEFAULT];
634 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
635 
636 	if (k->def) {
637 		k->def_uni = true;
638 		k->def_multi = true;
639 	}
640 	if (k->defmgmt)
641 		k->def_multi = true;
642 
643 	if (tb[NL80211_KEY_IDX])
644 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
645 
646 	if (tb[NL80211_KEY_DATA]) {
647 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
648 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
649 	}
650 
651 	if (tb[NL80211_KEY_SEQ]) {
652 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
653 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
654 	}
655 
656 	if (tb[NL80211_KEY_CIPHER])
657 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
658 
659 	if (tb[NL80211_KEY_TYPE]) {
660 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
661 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
662 			return -EINVAL;
663 	}
664 
665 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
666 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
667 		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
668 				       tb[NL80211_KEY_DEFAULT_TYPES],
669 				       nl80211_key_default_policy);
670 		if (err)
671 			return err;
672 
673 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
674 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
675 	}
676 
677 	return 0;
678 }
679 
680 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
681 {
682 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
683 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
684 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
685 	}
686 
687 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
688 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
689 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
690 	}
691 
692 	if (info->attrs[NL80211_ATTR_KEY_IDX])
693 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
694 
695 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
696 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
697 
698 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
699 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
700 
701 	if (k->def) {
702 		k->def_uni = true;
703 		k->def_multi = true;
704 	}
705 	if (k->defmgmt)
706 		k->def_multi = true;
707 
708 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
709 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
710 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
711 			return -EINVAL;
712 	}
713 
714 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
715 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
716 		int err = nla_parse_nested(
717 				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
718 				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
719 				nl80211_key_default_policy);
720 		if (err)
721 			return err;
722 
723 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
724 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
725 	}
726 
727 	return 0;
728 }
729 
730 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
731 {
732 	int err;
733 
734 	memset(k, 0, sizeof(*k));
735 	k->idx = -1;
736 	k->type = -1;
737 
738 	if (info->attrs[NL80211_ATTR_KEY])
739 		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
740 	else
741 		err = nl80211_parse_key_old(info, k);
742 
743 	if (err)
744 		return err;
745 
746 	if (k->def && k->defmgmt)
747 		return -EINVAL;
748 
749 	if (k->defmgmt) {
750 		if (k->def_uni || !k->def_multi)
751 			return -EINVAL;
752 	}
753 
754 	if (k->idx != -1) {
755 		if (k->defmgmt) {
756 			if (k->idx < 4 || k->idx > 5)
757 				return -EINVAL;
758 		} else if (k->def) {
759 			if (k->idx < 0 || k->idx > 3)
760 				return -EINVAL;
761 		} else {
762 			if (k->idx < 0 || k->idx > 5)
763 				return -EINVAL;
764 		}
765 	}
766 
767 	return 0;
768 }
769 
770 static struct cfg80211_cached_keys *
771 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
772 		       struct nlattr *keys, bool *no_ht)
773 {
774 	struct key_parse parse;
775 	struct nlattr *key;
776 	struct cfg80211_cached_keys *result;
777 	int rem, err, def = 0;
778 
779 	result = kzalloc(sizeof(*result), GFP_KERNEL);
780 	if (!result)
781 		return ERR_PTR(-ENOMEM);
782 
783 	result->def = -1;
784 	result->defmgmt = -1;
785 
786 	nla_for_each_nested(key, keys, rem) {
787 		memset(&parse, 0, sizeof(parse));
788 		parse.idx = -1;
789 
790 		err = nl80211_parse_key_new(key, &parse);
791 		if (err)
792 			goto error;
793 		err = -EINVAL;
794 		if (!parse.p.key)
795 			goto error;
796 		if (parse.idx < 0 || parse.idx > 4)
797 			goto error;
798 		if (parse.def) {
799 			if (def)
800 				goto error;
801 			def = 1;
802 			result->def = parse.idx;
803 			if (!parse.def_uni || !parse.def_multi)
804 				goto error;
805 		} else if (parse.defmgmt)
806 			goto error;
807 		err = cfg80211_validate_key_settings(rdev, &parse.p,
808 						     parse.idx, false, NULL);
809 		if (err)
810 			goto error;
811 		result->params[parse.idx].cipher = parse.p.cipher;
812 		result->params[parse.idx].key_len = parse.p.key_len;
813 		result->params[parse.idx].key = result->data[parse.idx];
814 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
815 
816 		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
817 		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
818 			if (no_ht)
819 				*no_ht = true;
820 		}
821 	}
822 
823 	return result;
824  error:
825 	kfree(result);
826 	return ERR_PTR(err);
827 }
828 
829 static int nl80211_key_allowed(struct wireless_dev *wdev)
830 {
831 	ASSERT_WDEV_LOCK(wdev);
832 
833 	switch (wdev->iftype) {
834 	case NL80211_IFTYPE_AP:
835 	case NL80211_IFTYPE_AP_VLAN:
836 	case NL80211_IFTYPE_P2P_GO:
837 	case NL80211_IFTYPE_MESH_POINT:
838 		break;
839 	case NL80211_IFTYPE_ADHOC:
840 	case NL80211_IFTYPE_STATION:
841 	case NL80211_IFTYPE_P2P_CLIENT:
842 		if (!wdev->current_bss)
843 			return -ENOLINK;
844 		break;
845 	default:
846 		return -EINVAL;
847 	}
848 
849 	return 0;
850 }
851 
852 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
853 {
854 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
855 	int i;
856 
857 	if (!nl_modes)
858 		goto nla_put_failure;
859 
860 	i = 0;
861 	while (ifmodes) {
862 		if ((ifmodes & 1) && nla_put_flag(msg, i))
863 			goto nla_put_failure;
864 		ifmodes >>= 1;
865 		i++;
866 	}
867 
868 	nla_nest_end(msg, nl_modes);
869 	return 0;
870 
871 nla_put_failure:
872 	return -ENOBUFS;
873 }
874 
875 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
876 					  struct sk_buff *msg,
877 					  bool large)
878 {
879 	struct nlattr *nl_combis;
880 	int i, j;
881 
882 	nl_combis = nla_nest_start(msg,
883 				NL80211_ATTR_INTERFACE_COMBINATIONS);
884 	if (!nl_combis)
885 		goto nla_put_failure;
886 
887 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
888 		const struct ieee80211_iface_combination *c;
889 		struct nlattr *nl_combi, *nl_limits;
890 
891 		c = &wiphy->iface_combinations[i];
892 
893 		nl_combi = nla_nest_start(msg, i + 1);
894 		if (!nl_combi)
895 			goto nla_put_failure;
896 
897 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
898 		if (!nl_limits)
899 			goto nla_put_failure;
900 
901 		for (j = 0; j < c->n_limits; j++) {
902 			struct nlattr *nl_limit;
903 
904 			nl_limit = nla_nest_start(msg, j + 1);
905 			if (!nl_limit)
906 				goto nla_put_failure;
907 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
908 					c->limits[j].max))
909 				goto nla_put_failure;
910 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
911 						c->limits[j].types))
912 				goto nla_put_failure;
913 			nla_nest_end(msg, nl_limit);
914 		}
915 
916 		nla_nest_end(msg, nl_limits);
917 
918 		if (c->beacon_int_infra_match &&
919 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
920 			goto nla_put_failure;
921 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
922 				c->num_different_channels) ||
923 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
924 				c->max_interfaces))
925 			goto nla_put_failure;
926 		if (large &&
927 		    nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
928 				c->radar_detect_widths))
929 			goto nla_put_failure;
930 
931 		nla_nest_end(msg, nl_combi);
932 	}
933 
934 	nla_nest_end(msg, nl_combis);
935 
936 	return 0;
937 nla_put_failure:
938 	return -ENOBUFS;
939 }
940 
941 #ifdef CONFIG_PM
942 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
943 					struct sk_buff *msg)
944 {
945 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
946 	struct nlattr *nl_tcp;
947 
948 	if (!tcp)
949 		return 0;
950 
951 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
952 	if (!nl_tcp)
953 		return -ENOBUFS;
954 
955 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
956 			tcp->data_payload_max))
957 		return -ENOBUFS;
958 
959 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
960 			tcp->data_payload_max))
961 		return -ENOBUFS;
962 
963 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
964 		return -ENOBUFS;
965 
966 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
967 				sizeof(*tcp->tok), tcp->tok))
968 		return -ENOBUFS;
969 
970 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
971 			tcp->data_interval_max))
972 		return -ENOBUFS;
973 
974 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
975 			tcp->wake_payload_max))
976 		return -ENOBUFS;
977 
978 	nla_nest_end(msg, nl_tcp);
979 	return 0;
980 }
981 
982 static int nl80211_send_wowlan(struct sk_buff *msg,
983 			       struct cfg80211_registered_device *dev,
984 			       bool large)
985 {
986 	struct nlattr *nl_wowlan;
987 
988 	if (!dev->wiphy.wowlan)
989 		return 0;
990 
991 	nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
992 	if (!nl_wowlan)
993 		return -ENOBUFS;
994 
995 	if (((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
996 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
997 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
998 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
999 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1000 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1001 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1002 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1003 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1004 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1005 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1006 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1007 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1008 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1009 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1010 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1011 		return -ENOBUFS;
1012 
1013 	if (dev->wiphy.wowlan->n_patterns) {
1014 		struct nl80211_pattern_support pat = {
1015 			.max_patterns = dev->wiphy.wowlan->n_patterns,
1016 			.min_pattern_len = dev->wiphy.wowlan->pattern_min_len,
1017 			.max_pattern_len = dev->wiphy.wowlan->pattern_max_len,
1018 			.max_pkt_offset = dev->wiphy.wowlan->max_pkt_offset,
1019 		};
1020 
1021 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1022 			    sizeof(pat), &pat))
1023 			return -ENOBUFS;
1024 	}
1025 
1026 	if (large && nl80211_send_wowlan_tcp_caps(dev, msg))
1027 		return -ENOBUFS;
1028 
1029 	nla_nest_end(msg, nl_wowlan);
1030 
1031 	return 0;
1032 }
1033 #endif
1034 
1035 static int nl80211_send_coalesce(struct sk_buff *msg,
1036 				 struct cfg80211_registered_device *dev)
1037 {
1038 	struct nl80211_coalesce_rule_support rule;
1039 
1040 	if (!dev->wiphy.coalesce)
1041 		return 0;
1042 
1043 	rule.max_rules = dev->wiphy.coalesce->n_rules;
1044 	rule.max_delay = dev->wiphy.coalesce->max_delay;
1045 	rule.pat.max_patterns = dev->wiphy.coalesce->n_patterns;
1046 	rule.pat.min_pattern_len = dev->wiphy.coalesce->pattern_min_len;
1047 	rule.pat.max_pattern_len = dev->wiphy.coalesce->pattern_max_len;
1048 	rule.pat.max_pkt_offset = dev->wiphy.coalesce->max_pkt_offset;
1049 
1050 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1051 		return -ENOBUFS;
1052 
1053 	return 0;
1054 }
1055 
1056 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1057 				      struct ieee80211_supported_band *sband)
1058 {
1059 	struct nlattr *nl_rates, *nl_rate;
1060 	struct ieee80211_rate *rate;
1061 	int i;
1062 
1063 	/* add HT info */
1064 	if (sband->ht_cap.ht_supported &&
1065 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1066 		     sizeof(sband->ht_cap.mcs),
1067 		     &sband->ht_cap.mcs) ||
1068 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1069 			 sband->ht_cap.cap) ||
1070 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1071 			sband->ht_cap.ampdu_factor) ||
1072 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1073 			sband->ht_cap.ampdu_density)))
1074 		return -ENOBUFS;
1075 
1076 	/* add VHT info */
1077 	if (sband->vht_cap.vht_supported &&
1078 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1079 		     sizeof(sband->vht_cap.vht_mcs),
1080 		     &sband->vht_cap.vht_mcs) ||
1081 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1082 			 sband->vht_cap.cap)))
1083 		return -ENOBUFS;
1084 
1085 	/* add bitrates */
1086 	nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1087 	if (!nl_rates)
1088 		return -ENOBUFS;
1089 
1090 	for (i = 0; i < sband->n_bitrates; i++) {
1091 		nl_rate = nla_nest_start(msg, i);
1092 		if (!nl_rate)
1093 			return -ENOBUFS;
1094 
1095 		rate = &sband->bitrates[i];
1096 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1097 				rate->bitrate))
1098 			return -ENOBUFS;
1099 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1100 		    nla_put_flag(msg,
1101 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1102 			return -ENOBUFS;
1103 
1104 		nla_nest_end(msg, nl_rate);
1105 	}
1106 
1107 	nla_nest_end(msg, nl_rates);
1108 
1109 	return 0;
1110 }
1111 
1112 static int
1113 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1114 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1115 {
1116 	u16 stypes;
1117 	struct nlattr *nl_ftypes, *nl_ifs;
1118 	enum nl80211_iftype ift;
1119 	int i;
1120 
1121 	if (!mgmt_stypes)
1122 		return 0;
1123 
1124 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1125 	if (!nl_ifs)
1126 		return -ENOBUFS;
1127 
1128 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1129 		nl_ftypes = nla_nest_start(msg, ift);
1130 		if (!nl_ftypes)
1131 			return -ENOBUFS;
1132 		i = 0;
1133 		stypes = mgmt_stypes[ift].tx;
1134 		while (stypes) {
1135 			if ((stypes & 1) &&
1136 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1137 					(i << 4) | IEEE80211_FTYPE_MGMT))
1138 				return -ENOBUFS;
1139 			stypes >>= 1;
1140 			i++;
1141 		}
1142 		nla_nest_end(msg, nl_ftypes);
1143 	}
1144 
1145 	nla_nest_end(msg, nl_ifs);
1146 
1147 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1148 	if (!nl_ifs)
1149 		return -ENOBUFS;
1150 
1151 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1152 		nl_ftypes = nla_nest_start(msg, ift);
1153 		if (!nl_ftypes)
1154 			return -ENOBUFS;
1155 		i = 0;
1156 		stypes = mgmt_stypes[ift].rx;
1157 		while (stypes) {
1158 			if ((stypes & 1) &&
1159 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1160 					(i << 4) | IEEE80211_FTYPE_MGMT))
1161 				return -ENOBUFS;
1162 			stypes >>= 1;
1163 			i++;
1164 		}
1165 		nla_nest_end(msg, nl_ftypes);
1166 	}
1167 	nla_nest_end(msg, nl_ifs);
1168 
1169 	return 0;
1170 }
1171 
1172 struct nl80211_dump_wiphy_state {
1173 	s64 filter_wiphy;
1174 	long start;
1175 	long split_start, band_start, chan_start;
1176 	bool split;
1177 };
1178 
1179 static int nl80211_send_wiphy(struct cfg80211_registered_device *dev,
1180 			      struct sk_buff *msg, u32 portid, u32 seq,
1181 			      int flags, struct nl80211_dump_wiphy_state *state)
1182 {
1183 	void *hdr;
1184 	struct nlattr *nl_bands, *nl_band;
1185 	struct nlattr *nl_freqs, *nl_freq;
1186 	struct nlattr *nl_cmds;
1187 	enum ieee80211_band band;
1188 	struct ieee80211_channel *chan;
1189 	int i;
1190 	const struct ieee80211_txrx_stypes *mgmt_stypes =
1191 				dev->wiphy.mgmt_stypes;
1192 	u32 features;
1193 
1194 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY);
1195 	if (!hdr)
1196 		return -ENOBUFS;
1197 
1198 	if (WARN_ON(!state))
1199 		return -EINVAL;
1200 
1201 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
1202 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1203 			   wiphy_name(&dev->wiphy)) ||
1204 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1205 			cfg80211_rdev_list_generation))
1206 		goto nla_put_failure;
1207 
1208 	switch (state->split_start) {
1209 	case 0:
1210 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1211 			       dev->wiphy.retry_short) ||
1212 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1213 			       dev->wiphy.retry_long) ||
1214 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1215 				dev->wiphy.frag_threshold) ||
1216 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1217 				dev->wiphy.rts_threshold) ||
1218 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1219 			       dev->wiphy.coverage_class) ||
1220 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1221 			       dev->wiphy.max_scan_ssids) ||
1222 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1223 			       dev->wiphy.max_sched_scan_ssids) ||
1224 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1225 				dev->wiphy.max_scan_ie_len) ||
1226 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1227 				dev->wiphy.max_sched_scan_ie_len) ||
1228 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1229 			       dev->wiphy.max_match_sets))
1230 			goto nla_put_failure;
1231 
1232 		if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1233 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1234 			goto nla_put_failure;
1235 		if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1236 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1237 			goto nla_put_failure;
1238 		if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1239 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1240 			goto nla_put_failure;
1241 		if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1242 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1243 			goto nla_put_failure;
1244 		if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1245 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1246 			goto nla_put_failure;
1247 		if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1248 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1249 			goto nla_put_failure;
1250 		state->split_start++;
1251 		if (state->split)
1252 			break;
1253 	case 1:
1254 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1255 			    sizeof(u32) * dev->wiphy.n_cipher_suites,
1256 			    dev->wiphy.cipher_suites))
1257 			goto nla_put_failure;
1258 
1259 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1260 			       dev->wiphy.max_num_pmkids))
1261 			goto nla_put_failure;
1262 
1263 		if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1264 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1265 			goto nla_put_failure;
1266 
1267 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1268 				dev->wiphy.available_antennas_tx) ||
1269 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1270 				dev->wiphy.available_antennas_rx))
1271 			goto nla_put_failure;
1272 
1273 		if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1274 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1275 				dev->wiphy.probe_resp_offload))
1276 			goto nla_put_failure;
1277 
1278 		if ((dev->wiphy.available_antennas_tx ||
1279 		     dev->wiphy.available_antennas_rx) &&
1280 		    dev->ops->get_antenna) {
1281 			u32 tx_ant = 0, rx_ant = 0;
1282 			int res;
1283 			res = rdev_get_antenna(dev, &tx_ant, &rx_ant);
1284 			if (!res) {
1285 				if (nla_put_u32(msg,
1286 						NL80211_ATTR_WIPHY_ANTENNA_TX,
1287 						tx_ant) ||
1288 				    nla_put_u32(msg,
1289 						NL80211_ATTR_WIPHY_ANTENNA_RX,
1290 						rx_ant))
1291 					goto nla_put_failure;
1292 			}
1293 		}
1294 
1295 		state->split_start++;
1296 		if (state->split)
1297 			break;
1298 	case 2:
1299 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1300 					dev->wiphy.interface_modes))
1301 				goto nla_put_failure;
1302 		state->split_start++;
1303 		if (state->split)
1304 			break;
1305 	case 3:
1306 		nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1307 		if (!nl_bands)
1308 			goto nla_put_failure;
1309 
1310 		for (band = state->band_start;
1311 		     band < IEEE80211_NUM_BANDS; band++) {
1312 			struct ieee80211_supported_band *sband;
1313 
1314 			sband = dev->wiphy.bands[band];
1315 
1316 			if (!sband)
1317 				continue;
1318 
1319 			nl_band = nla_nest_start(msg, band);
1320 			if (!nl_band)
1321 				goto nla_put_failure;
1322 
1323 			switch (state->chan_start) {
1324 			case 0:
1325 				if (nl80211_send_band_rateinfo(msg, sband))
1326 					goto nla_put_failure;
1327 				state->chan_start++;
1328 				if (state->split)
1329 					break;
1330 			default:
1331 				/* add frequencies */
1332 				nl_freqs = nla_nest_start(
1333 					msg, NL80211_BAND_ATTR_FREQS);
1334 				if (!nl_freqs)
1335 					goto nla_put_failure;
1336 
1337 				for (i = state->chan_start - 1;
1338 				     i < sband->n_channels;
1339 				     i++) {
1340 					nl_freq = nla_nest_start(msg, i);
1341 					if (!nl_freq)
1342 						goto nla_put_failure;
1343 
1344 					chan = &sband->channels[i];
1345 
1346 					if (nl80211_msg_put_channel(
1347 							msg, chan,
1348 							state->split))
1349 						goto nla_put_failure;
1350 
1351 					nla_nest_end(msg, nl_freq);
1352 					if (state->split)
1353 						break;
1354 				}
1355 				if (i < sband->n_channels)
1356 					state->chan_start = i + 2;
1357 				else
1358 					state->chan_start = 0;
1359 				nla_nest_end(msg, nl_freqs);
1360 			}
1361 
1362 			nla_nest_end(msg, nl_band);
1363 
1364 			if (state->split) {
1365 				/* start again here */
1366 				if (state->chan_start)
1367 					band--;
1368 				break;
1369 			}
1370 		}
1371 		nla_nest_end(msg, nl_bands);
1372 
1373 		if (band < IEEE80211_NUM_BANDS)
1374 			state->band_start = band + 1;
1375 		else
1376 			state->band_start = 0;
1377 
1378 		/* if bands & channels are done, continue outside */
1379 		if (state->band_start == 0 && state->chan_start == 0)
1380 			state->split_start++;
1381 		if (state->split)
1382 			break;
1383 	case 4:
1384 		nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1385 		if (!nl_cmds)
1386 			goto nla_put_failure;
1387 
1388 		i = 0;
1389 #define CMD(op, n)							\
1390 		 do {							\
1391 			if (dev->ops->op) {				\
1392 				i++;					\
1393 				if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1394 					goto nla_put_failure;		\
1395 			}						\
1396 		} while (0)
1397 
1398 		CMD(add_virtual_intf, NEW_INTERFACE);
1399 		CMD(change_virtual_intf, SET_INTERFACE);
1400 		CMD(add_key, NEW_KEY);
1401 		CMD(start_ap, START_AP);
1402 		CMD(add_station, NEW_STATION);
1403 		CMD(add_mpath, NEW_MPATH);
1404 		CMD(update_mesh_config, SET_MESH_CONFIG);
1405 		CMD(change_bss, SET_BSS);
1406 		CMD(auth, AUTHENTICATE);
1407 		CMD(assoc, ASSOCIATE);
1408 		CMD(deauth, DEAUTHENTICATE);
1409 		CMD(disassoc, DISASSOCIATE);
1410 		CMD(join_ibss, JOIN_IBSS);
1411 		CMD(join_mesh, JOIN_MESH);
1412 		CMD(set_pmksa, SET_PMKSA);
1413 		CMD(del_pmksa, DEL_PMKSA);
1414 		CMD(flush_pmksa, FLUSH_PMKSA);
1415 		if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1416 			CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1417 		CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1418 		CMD(mgmt_tx, FRAME);
1419 		CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1420 		if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1421 			i++;
1422 			if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1423 				goto nla_put_failure;
1424 		}
1425 		if (dev->ops->set_monitor_channel || dev->ops->start_ap ||
1426 		    dev->ops->join_mesh) {
1427 			i++;
1428 			if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1429 				goto nla_put_failure;
1430 		}
1431 		CMD(set_wds_peer, SET_WDS_PEER);
1432 		if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1433 			CMD(tdls_mgmt, TDLS_MGMT);
1434 			CMD(tdls_oper, TDLS_OPER);
1435 		}
1436 		if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1437 			CMD(sched_scan_start, START_SCHED_SCAN);
1438 		CMD(probe_client, PROBE_CLIENT);
1439 		CMD(set_noack_map, SET_NOACK_MAP);
1440 		if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1441 			i++;
1442 			if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1443 				goto nla_put_failure;
1444 		}
1445 		CMD(start_p2p_device, START_P2P_DEVICE);
1446 		CMD(set_mcast_rate, SET_MCAST_RATE);
1447 		if (state->split) {
1448 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
1449 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1450 			if (dev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1451 				CMD(channel_switch, CHANNEL_SWITCH);
1452 		}
1453 
1454 #ifdef CONFIG_NL80211_TESTMODE
1455 		CMD(testmode_cmd, TESTMODE);
1456 #endif
1457 
1458 #undef CMD
1459 
1460 		if (dev->ops->connect || dev->ops->auth) {
1461 			i++;
1462 			if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1463 				goto nla_put_failure;
1464 		}
1465 
1466 		if (dev->ops->disconnect || dev->ops->deauth) {
1467 			i++;
1468 			if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1469 				goto nla_put_failure;
1470 		}
1471 
1472 		nla_nest_end(msg, nl_cmds);
1473 		state->split_start++;
1474 		if (state->split)
1475 			break;
1476 	case 5:
1477 		if (dev->ops->remain_on_channel &&
1478 		    (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1479 		    nla_put_u32(msg,
1480 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1481 				dev->wiphy.max_remain_on_channel_duration))
1482 			goto nla_put_failure;
1483 
1484 		if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1485 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1486 			goto nla_put_failure;
1487 
1488 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1489 			goto nla_put_failure;
1490 		state->split_start++;
1491 		if (state->split)
1492 			break;
1493 	case 6:
1494 #ifdef CONFIG_PM
1495 		if (nl80211_send_wowlan(msg, dev, state->split))
1496 			goto nla_put_failure;
1497 		state->split_start++;
1498 		if (state->split)
1499 			break;
1500 #else
1501 		state->split_start++;
1502 #endif
1503 	case 7:
1504 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1505 					dev->wiphy.software_iftypes))
1506 			goto nla_put_failure;
1507 
1508 		if (nl80211_put_iface_combinations(&dev->wiphy, msg,
1509 						   state->split))
1510 			goto nla_put_failure;
1511 
1512 		state->split_start++;
1513 		if (state->split)
1514 			break;
1515 	case 8:
1516 		if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1517 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1518 				dev->wiphy.ap_sme_capa))
1519 			goto nla_put_failure;
1520 
1521 		features = dev->wiphy.features;
1522 		/*
1523 		 * We can only add the per-channel limit information if the
1524 		 * dump is split, otherwise it makes it too big. Therefore
1525 		 * only advertise it in that case.
1526 		 */
1527 		if (state->split)
1528 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1529 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1530 			goto nla_put_failure;
1531 
1532 		if (dev->wiphy.ht_capa_mod_mask &&
1533 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1534 			    sizeof(*dev->wiphy.ht_capa_mod_mask),
1535 			    dev->wiphy.ht_capa_mod_mask))
1536 			goto nla_put_failure;
1537 
1538 		if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1539 		    dev->wiphy.max_acl_mac_addrs &&
1540 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1541 				dev->wiphy.max_acl_mac_addrs))
1542 			goto nla_put_failure;
1543 
1544 		/*
1545 		 * Any information below this point is only available to
1546 		 * applications that can deal with it being split. This
1547 		 * helps ensure that newly added capabilities don't break
1548 		 * older tools by overrunning their buffers.
1549 		 *
1550 		 * We still increment split_start so that in the split
1551 		 * case we'll continue with more data in the next round,
1552 		 * but break unconditionally so unsplit data stops here.
1553 		 */
1554 		state->split_start++;
1555 		break;
1556 	case 9:
1557 		if (dev->wiphy.extended_capabilities &&
1558 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1559 			     dev->wiphy.extended_capabilities_len,
1560 			     dev->wiphy.extended_capabilities) ||
1561 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1562 			     dev->wiphy.extended_capabilities_len,
1563 			     dev->wiphy.extended_capabilities_mask)))
1564 			goto nla_put_failure;
1565 
1566 		if (dev->wiphy.vht_capa_mod_mask &&
1567 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1568 			    sizeof(*dev->wiphy.vht_capa_mod_mask),
1569 			    dev->wiphy.vht_capa_mod_mask))
1570 			goto nla_put_failure;
1571 
1572 		state->split_start++;
1573 		break;
1574 	case 10:
1575 		if (nl80211_send_coalesce(msg, dev))
1576 			goto nla_put_failure;
1577 
1578 		if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1579 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1580 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1581 			goto nla_put_failure;
1582 
1583 		/* done */
1584 		state->split_start = 0;
1585 		break;
1586 	}
1587 	return genlmsg_end(msg, hdr);
1588 
1589  nla_put_failure:
1590 	genlmsg_cancel(msg, hdr);
1591 	return -EMSGSIZE;
1592 }
1593 
1594 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1595 				    struct netlink_callback *cb,
1596 				    struct nl80211_dump_wiphy_state *state)
1597 {
1598 	struct nlattr **tb = nl80211_fam.attrbuf;
1599 	int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1600 			      tb, nl80211_fam.maxattr, nl80211_policy);
1601 	/* ignore parse errors for backward compatibility */
1602 	if (ret)
1603 		return 0;
1604 
1605 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1606 	if (tb[NL80211_ATTR_WIPHY])
1607 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1608 	if (tb[NL80211_ATTR_WDEV])
1609 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1610 	if (tb[NL80211_ATTR_IFINDEX]) {
1611 		struct net_device *netdev;
1612 		struct cfg80211_registered_device *rdev;
1613 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1614 
1615 		netdev = dev_get_by_index(sock_net(skb->sk), ifidx);
1616 		if (!netdev)
1617 			return -ENODEV;
1618 		if (netdev->ieee80211_ptr) {
1619 			rdev = wiphy_to_dev(
1620 				netdev->ieee80211_ptr->wiphy);
1621 			state->filter_wiphy = rdev->wiphy_idx;
1622 		}
1623 		dev_put(netdev);
1624 	}
1625 
1626 	return 0;
1627 }
1628 
1629 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1630 {
1631 	int idx = 0, ret;
1632 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1633 	struct cfg80211_registered_device *dev;
1634 
1635 	rtnl_lock();
1636 	if (!state) {
1637 		state = kzalloc(sizeof(*state), GFP_KERNEL);
1638 		if (!state) {
1639 			rtnl_unlock();
1640 			return -ENOMEM;
1641 		}
1642 		state->filter_wiphy = -1;
1643 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
1644 		if (ret) {
1645 			kfree(state);
1646 			rtnl_unlock();
1647 			return ret;
1648 		}
1649 		cb->args[0] = (long)state;
1650 	}
1651 
1652 	list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1653 		if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1654 			continue;
1655 		if (++idx <= state->start)
1656 			continue;
1657 		if (state->filter_wiphy != -1 &&
1658 		    state->filter_wiphy != dev->wiphy_idx)
1659 			continue;
1660 		/* attempt to fit multiple wiphy data chunks into the skb */
1661 		do {
1662 			ret = nl80211_send_wiphy(dev, skb,
1663 						 NETLINK_CB(cb->skb).portid,
1664 						 cb->nlh->nlmsg_seq,
1665 						 NLM_F_MULTI, state);
1666 			if (ret < 0) {
1667 				/*
1668 				 * If sending the wiphy data didn't fit (ENOBUFS
1669 				 * or EMSGSIZE returned), this SKB is still
1670 				 * empty (so it's not too big because another
1671 				 * wiphy dataset is already in the skb) and
1672 				 * we've not tried to adjust the dump allocation
1673 				 * yet ... then adjust the alloc size to be
1674 				 * bigger, and return 1 but with the empty skb.
1675 				 * This results in an empty message being RX'ed
1676 				 * in userspace, but that is ignored.
1677 				 *
1678 				 * We can then retry with the larger buffer.
1679 				 */
1680 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1681 				    !skb->len &&
1682 				    cb->min_dump_alloc < 4096) {
1683 					cb->min_dump_alloc = 4096;
1684 					rtnl_unlock();
1685 					return 1;
1686 				}
1687 				idx--;
1688 				break;
1689 			}
1690 		} while (state->split_start > 0);
1691 		break;
1692 	}
1693 	rtnl_unlock();
1694 
1695 	state->start = idx;
1696 
1697 	return skb->len;
1698 }
1699 
1700 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1701 {
1702 	kfree((void *)cb->args[0]);
1703 	return 0;
1704 }
1705 
1706 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1707 {
1708 	struct sk_buff *msg;
1709 	struct cfg80211_registered_device *dev = info->user_ptr[0];
1710 	struct nl80211_dump_wiphy_state state = {};
1711 
1712 	msg = nlmsg_new(4096, GFP_KERNEL);
1713 	if (!msg)
1714 		return -ENOMEM;
1715 
1716 	if (nl80211_send_wiphy(dev, msg, info->snd_portid, info->snd_seq, 0,
1717 			       &state) < 0) {
1718 		nlmsg_free(msg);
1719 		return -ENOBUFS;
1720 	}
1721 
1722 	return genlmsg_reply(msg, info);
1723 }
1724 
1725 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1726 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1727 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1728 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1729 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1730 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1731 };
1732 
1733 static int parse_txq_params(struct nlattr *tb[],
1734 			    struct ieee80211_txq_params *txq_params)
1735 {
1736 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1737 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1738 	    !tb[NL80211_TXQ_ATTR_AIFS])
1739 		return -EINVAL;
1740 
1741 	txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1742 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1743 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1744 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1745 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1746 
1747 	if (txq_params->ac >= NL80211_NUM_ACS)
1748 		return -EINVAL;
1749 
1750 	return 0;
1751 }
1752 
1753 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1754 {
1755 	/*
1756 	 * You can only set the channel explicitly for WDS interfaces,
1757 	 * all others have their channel managed via their respective
1758 	 * "establish a connection" command (connect, join, ...)
1759 	 *
1760 	 * For AP/GO and mesh mode, the channel can be set with the
1761 	 * channel userspace API, but is only stored and passed to the
1762 	 * low-level driver when the AP starts or the mesh is joined.
1763 	 * This is for backward compatibility, userspace can also give
1764 	 * the channel in the start-ap or join-mesh commands instead.
1765 	 *
1766 	 * Monitors are special as they are normally slaved to
1767 	 * whatever else is going on, so they have their own special
1768 	 * operation to set the monitor channel if possible.
1769 	 */
1770 	return !wdev ||
1771 		wdev->iftype == NL80211_IFTYPE_AP ||
1772 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1773 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
1774 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1775 }
1776 
1777 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1778 				 struct genl_info *info,
1779 				 struct cfg80211_chan_def *chandef)
1780 {
1781 	u32 control_freq;
1782 
1783 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1784 		return -EINVAL;
1785 
1786 	control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1787 
1788 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1789 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1790 	chandef->center_freq1 = control_freq;
1791 	chandef->center_freq2 = 0;
1792 
1793 	/* Primary channel not allowed */
1794 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1795 		return -EINVAL;
1796 
1797 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1798 		enum nl80211_channel_type chantype;
1799 
1800 		chantype = nla_get_u32(
1801 				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1802 
1803 		switch (chantype) {
1804 		case NL80211_CHAN_NO_HT:
1805 		case NL80211_CHAN_HT20:
1806 		case NL80211_CHAN_HT40PLUS:
1807 		case NL80211_CHAN_HT40MINUS:
1808 			cfg80211_chandef_create(chandef, chandef->chan,
1809 						chantype);
1810 			break;
1811 		default:
1812 			return -EINVAL;
1813 		}
1814 	} else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1815 		chandef->width =
1816 			nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1817 		if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1818 			chandef->center_freq1 =
1819 				nla_get_u32(
1820 					info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1821 		if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1822 			chandef->center_freq2 =
1823 				nla_get_u32(
1824 					info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1825 	}
1826 
1827 	if (!cfg80211_chandef_valid(chandef))
1828 		return -EINVAL;
1829 
1830 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1831 				     IEEE80211_CHAN_DISABLED))
1832 		return -EINVAL;
1833 
1834 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1835 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
1836 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1837 		return -EINVAL;
1838 
1839 	return 0;
1840 }
1841 
1842 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1843 				 struct wireless_dev *wdev,
1844 				 struct genl_info *info)
1845 {
1846 	struct cfg80211_chan_def chandef;
1847 	int result;
1848 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1849 
1850 	if (wdev)
1851 		iftype = wdev->iftype;
1852 
1853 	if (!nl80211_can_set_dev_channel(wdev))
1854 		return -EOPNOTSUPP;
1855 
1856 	result = nl80211_parse_chandef(rdev, info, &chandef);
1857 	if (result)
1858 		return result;
1859 
1860 	switch (iftype) {
1861 	case NL80211_IFTYPE_AP:
1862 	case NL80211_IFTYPE_P2P_GO:
1863 		if (wdev->beacon_interval) {
1864 			result = -EBUSY;
1865 			break;
1866 		}
1867 		if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef)) {
1868 			result = -EINVAL;
1869 			break;
1870 		}
1871 		wdev->preset_chandef = chandef;
1872 		result = 0;
1873 		break;
1874 	case NL80211_IFTYPE_MESH_POINT:
1875 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
1876 		break;
1877 	case NL80211_IFTYPE_MONITOR:
1878 		result = cfg80211_set_monitor_channel(rdev, &chandef);
1879 		break;
1880 	default:
1881 		result = -EINVAL;
1882 	}
1883 
1884 	return result;
1885 }
1886 
1887 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1888 {
1889 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1890 	struct net_device *netdev = info->user_ptr[1];
1891 
1892 	return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1893 }
1894 
1895 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1896 {
1897 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1898 	struct net_device *dev = info->user_ptr[1];
1899 	struct wireless_dev *wdev = dev->ieee80211_ptr;
1900 	const u8 *bssid;
1901 
1902 	if (!info->attrs[NL80211_ATTR_MAC])
1903 		return -EINVAL;
1904 
1905 	if (netif_running(dev))
1906 		return -EBUSY;
1907 
1908 	if (!rdev->ops->set_wds_peer)
1909 		return -EOPNOTSUPP;
1910 
1911 	if (wdev->iftype != NL80211_IFTYPE_WDS)
1912 		return -EOPNOTSUPP;
1913 
1914 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1915 	return rdev_set_wds_peer(rdev, dev, bssid);
1916 }
1917 
1918 
1919 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1920 {
1921 	struct cfg80211_registered_device *rdev;
1922 	struct net_device *netdev = NULL;
1923 	struct wireless_dev *wdev;
1924 	int result = 0, rem_txq_params = 0;
1925 	struct nlattr *nl_txq_params;
1926 	u32 changed;
1927 	u8 retry_short = 0, retry_long = 0;
1928 	u32 frag_threshold = 0, rts_threshold = 0;
1929 	u8 coverage_class = 0;
1930 
1931 	ASSERT_RTNL();
1932 
1933 	/*
1934 	 * Try to find the wiphy and netdev. Normally this
1935 	 * function shouldn't need the netdev, but this is
1936 	 * done for backward compatibility -- previously
1937 	 * setting the channel was done per wiphy, but now
1938 	 * it is per netdev. Previous userland like hostapd
1939 	 * also passed a netdev to set_wiphy, so that it is
1940 	 * possible to let that go to the right netdev!
1941 	 */
1942 
1943 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
1944 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1945 
1946 		netdev = dev_get_by_index(genl_info_net(info), ifindex);
1947 		if (netdev && netdev->ieee80211_ptr)
1948 			rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1949 		else
1950 			netdev = NULL;
1951 	}
1952 
1953 	if (!netdev) {
1954 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
1955 						  info->attrs);
1956 		if (IS_ERR(rdev))
1957 			return PTR_ERR(rdev);
1958 		wdev = NULL;
1959 		netdev = NULL;
1960 		result = 0;
1961 	} else
1962 		wdev = netdev->ieee80211_ptr;
1963 
1964 	/*
1965 	 * end workaround code, by now the rdev is available
1966 	 * and locked, and wdev may or may not be NULL.
1967 	 */
1968 
1969 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1970 		result = cfg80211_dev_rename(
1971 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1972 
1973 	if (result)
1974 		goto bad_res;
1975 
1976 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1977 		struct ieee80211_txq_params txq_params;
1978 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1979 
1980 		if (!rdev->ops->set_txq_params) {
1981 			result = -EOPNOTSUPP;
1982 			goto bad_res;
1983 		}
1984 
1985 		if (!netdev) {
1986 			result = -EINVAL;
1987 			goto bad_res;
1988 		}
1989 
1990 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1991 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1992 			result = -EINVAL;
1993 			goto bad_res;
1994 		}
1995 
1996 		if (!netif_running(netdev)) {
1997 			result = -ENETDOWN;
1998 			goto bad_res;
1999 		}
2000 
2001 		nla_for_each_nested(nl_txq_params,
2002 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2003 				    rem_txq_params) {
2004 			nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2005 				  nla_data(nl_txq_params),
2006 				  nla_len(nl_txq_params),
2007 				  txq_params_policy);
2008 			result = parse_txq_params(tb, &txq_params);
2009 			if (result)
2010 				goto bad_res;
2011 
2012 			result = rdev_set_txq_params(rdev, netdev,
2013 						     &txq_params);
2014 			if (result)
2015 				goto bad_res;
2016 		}
2017 	}
2018 
2019 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2020 		result = __nl80211_set_channel(rdev,
2021 				nl80211_can_set_dev_channel(wdev) ? wdev : NULL,
2022 				info);
2023 		if (result)
2024 			goto bad_res;
2025 	}
2026 
2027 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2028 		struct wireless_dev *txp_wdev = wdev;
2029 		enum nl80211_tx_power_setting type;
2030 		int idx, mbm = 0;
2031 
2032 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2033 			txp_wdev = NULL;
2034 
2035 		if (!rdev->ops->set_tx_power) {
2036 			result = -EOPNOTSUPP;
2037 			goto bad_res;
2038 		}
2039 
2040 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2041 		type = nla_get_u32(info->attrs[idx]);
2042 
2043 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2044 		    (type != NL80211_TX_POWER_AUTOMATIC)) {
2045 			result = -EINVAL;
2046 			goto bad_res;
2047 		}
2048 
2049 		if (type != NL80211_TX_POWER_AUTOMATIC) {
2050 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2051 			mbm = nla_get_u32(info->attrs[idx]);
2052 		}
2053 
2054 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2055 		if (result)
2056 			goto bad_res;
2057 	}
2058 
2059 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2060 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2061 		u32 tx_ant, rx_ant;
2062 		if ((!rdev->wiphy.available_antennas_tx &&
2063 		     !rdev->wiphy.available_antennas_rx) ||
2064 		    !rdev->ops->set_antenna) {
2065 			result = -EOPNOTSUPP;
2066 			goto bad_res;
2067 		}
2068 
2069 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2070 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2071 
2072 		/* reject antenna configurations which don't match the
2073 		 * available antenna masks, except for the "all" mask */
2074 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2075 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
2076 			result = -EINVAL;
2077 			goto bad_res;
2078 		}
2079 
2080 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2081 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2082 
2083 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2084 		if (result)
2085 			goto bad_res;
2086 	}
2087 
2088 	changed = 0;
2089 
2090 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2091 		retry_short = nla_get_u8(
2092 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2093 		if (retry_short == 0) {
2094 			result = -EINVAL;
2095 			goto bad_res;
2096 		}
2097 		changed |= WIPHY_PARAM_RETRY_SHORT;
2098 	}
2099 
2100 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2101 		retry_long = nla_get_u8(
2102 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2103 		if (retry_long == 0) {
2104 			result = -EINVAL;
2105 			goto bad_res;
2106 		}
2107 		changed |= WIPHY_PARAM_RETRY_LONG;
2108 	}
2109 
2110 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2111 		frag_threshold = nla_get_u32(
2112 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2113 		if (frag_threshold < 256) {
2114 			result = -EINVAL;
2115 			goto bad_res;
2116 		}
2117 		if (frag_threshold != (u32) -1) {
2118 			/*
2119 			 * Fragments (apart from the last one) are required to
2120 			 * have even length. Make the fragmentation code
2121 			 * simpler by stripping LSB should someone try to use
2122 			 * odd threshold value.
2123 			 */
2124 			frag_threshold &= ~0x1;
2125 		}
2126 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2127 	}
2128 
2129 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2130 		rts_threshold = nla_get_u32(
2131 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2132 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2133 	}
2134 
2135 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2136 		coverage_class = nla_get_u8(
2137 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2138 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2139 	}
2140 
2141 	if (changed) {
2142 		u8 old_retry_short, old_retry_long;
2143 		u32 old_frag_threshold, old_rts_threshold;
2144 		u8 old_coverage_class;
2145 
2146 		if (!rdev->ops->set_wiphy_params) {
2147 			result = -EOPNOTSUPP;
2148 			goto bad_res;
2149 		}
2150 
2151 		old_retry_short = rdev->wiphy.retry_short;
2152 		old_retry_long = rdev->wiphy.retry_long;
2153 		old_frag_threshold = rdev->wiphy.frag_threshold;
2154 		old_rts_threshold = rdev->wiphy.rts_threshold;
2155 		old_coverage_class = rdev->wiphy.coverage_class;
2156 
2157 		if (changed & WIPHY_PARAM_RETRY_SHORT)
2158 			rdev->wiphy.retry_short = retry_short;
2159 		if (changed & WIPHY_PARAM_RETRY_LONG)
2160 			rdev->wiphy.retry_long = retry_long;
2161 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2162 			rdev->wiphy.frag_threshold = frag_threshold;
2163 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2164 			rdev->wiphy.rts_threshold = rts_threshold;
2165 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2166 			rdev->wiphy.coverage_class = coverage_class;
2167 
2168 		result = rdev_set_wiphy_params(rdev, changed);
2169 		if (result) {
2170 			rdev->wiphy.retry_short = old_retry_short;
2171 			rdev->wiphy.retry_long = old_retry_long;
2172 			rdev->wiphy.frag_threshold = old_frag_threshold;
2173 			rdev->wiphy.rts_threshold = old_rts_threshold;
2174 			rdev->wiphy.coverage_class = old_coverage_class;
2175 		}
2176 	}
2177 
2178  bad_res:
2179 	if (netdev)
2180 		dev_put(netdev);
2181 	return result;
2182 }
2183 
2184 static inline u64 wdev_id(struct wireless_dev *wdev)
2185 {
2186 	return (u64)wdev->identifier |
2187 	       ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32);
2188 }
2189 
2190 static int nl80211_send_chandef(struct sk_buff *msg,
2191 				const struct cfg80211_chan_def *chandef)
2192 {
2193 	WARN_ON(!cfg80211_chandef_valid(chandef));
2194 
2195 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2196 			chandef->chan->center_freq))
2197 		return -ENOBUFS;
2198 	switch (chandef->width) {
2199 	case NL80211_CHAN_WIDTH_20_NOHT:
2200 	case NL80211_CHAN_WIDTH_20:
2201 	case NL80211_CHAN_WIDTH_40:
2202 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2203 				cfg80211_get_chandef_type(chandef)))
2204 			return -ENOBUFS;
2205 		break;
2206 	default:
2207 		break;
2208 	}
2209 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2210 		return -ENOBUFS;
2211 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2212 		return -ENOBUFS;
2213 	if (chandef->center_freq2 &&
2214 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2215 		return -ENOBUFS;
2216 	return 0;
2217 }
2218 
2219 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2220 			      struct cfg80211_registered_device *rdev,
2221 			      struct wireless_dev *wdev)
2222 {
2223 	struct net_device *dev = wdev->netdev;
2224 	void *hdr;
2225 
2226 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
2227 	if (!hdr)
2228 		return -1;
2229 
2230 	if (dev &&
2231 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2232 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2233 		goto nla_put_failure;
2234 
2235 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2236 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2237 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2238 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2239 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
2240 			rdev->devlist_generation ^
2241 			(cfg80211_rdev_list_generation << 2)))
2242 		goto nla_put_failure;
2243 
2244 	if (rdev->ops->get_channel) {
2245 		int ret;
2246 		struct cfg80211_chan_def chandef;
2247 
2248 		ret = rdev_get_channel(rdev, wdev, &chandef);
2249 		if (ret == 0) {
2250 			if (nl80211_send_chandef(msg, &chandef))
2251 				goto nla_put_failure;
2252 		}
2253 	}
2254 
2255 	if (wdev->ssid_len) {
2256 		if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2257 			goto nla_put_failure;
2258 	}
2259 
2260 	return genlmsg_end(msg, hdr);
2261 
2262  nla_put_failure:
2263 	genlmsg_cancel(msg, hdr);
2264 	return -EMSGSIZE;
2265 }
2266 
2267 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2268 {
2269 	int wp_idx = 0;
2270 	int if_idx = 0;
2271 	int wp_start = cb->args[0];
2272 	int if_start = cb->args[1];
2273 	struct cfg80211_registered_device *rdev;
2274 	struct wireless_dev *wdev;
2275 
2276 	rtnl_lock();
2277 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2278 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2279 			continue;
2280 		if (wp_idx < wp_start) {
2281 			wp_idx++;
2282 			continue;
2283 		}
2284 		if_idx = 0;
2285 
2286 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
2287 			if (if_idx < if_start) {
2288 				if_idx++;
2289 				continue;
2290 			}
2291 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2292 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2293 					       rdev, wdev) < 0) {
2294 				goto out;
2295 			}
2296 			if_idx++;
2297 		}
2298 
2299 		wp_idx++;
2300 	}
2301  out:
2302 	rtnl_unlock();
2303 
2304 	cb->args[0] = wp_idx;
2305 	cb->args[1] = if_idx;
2306 
2307 	return skb->len;
2308 }
2309 
2310 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2311 {
2312 	struct sk_buff *msg;
2313 	struct cfg80211_registered_device *dev = info->user_ptr[0];
2314 	struct wireless_dev *wdev = info->user_ptr[1];
2315 
2316 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2317 	if (!msg)
2318 		return -ENOMEM;
2319 
2320 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2321 			       dev, wdev) < 0) {
2322 		nlmsg_free(msg);
2323 		return -ENOBUFS;
2324 	}
2325 
2326 	return genlmsg_reply(msg, info);
2327 }
2328 
2329 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2330 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2331 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2332 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2333 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2334 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2335 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2336 };
2337 
2338 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2339 {
2340 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2341 	int flag;
2342 
2343 	*mntrflags = 0;
2344 
2345 	if (!nla)
2346 		return -EINVAL;
2347 
2348 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2349 			     nla, mntr_flags_policy))
2350 		return -EINVAL;
2351 
2352 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2353 		if (flags[flag])
2354 			*mntrflags |= (1<<flag);
2355 
2356 	return 0;
2357 }
2358 
2359 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2360 			       struct net_device *netdev, u8 use_4addr,
2361 			       enum nl80211_iftype iftype)
2362 {
2363 	if (!use_4addr) {
2364 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2365 			return -EBUSY;
2366 		return 0;
2367 	}
2368 
2369 	switch (iftype) {
2370 	case NL80211_IFTYPE_AP_VLAN:
2371 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2372 			return 0;
2373 		break;
2374 	case NL80211_IFTYPE_STATION:
2375 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2376 			return 0;
2377 		break;
2378 	default:
2379 		break;
2380 	}
2381 
2382 	return -EOPNOTSUPP;
2383 }
2384 
2385 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2386 {
2387 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2388 	struct vif_params params;
2389 	int err;
2390 	enum nl80211_iftype otype, ntype;
2391 	struct net_device *dev = info->user_ptr[1];
2392 	u32 _flags, *flags = NULL;
2393 	bool change = false;
2394 
2395 	memset(&params, 0, sizeof(params));
2396 
2397 	otype = ntype = dev->ieee80211_ptr->iftype;
2398 
2399 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2400 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2401 		if (otype != ntype)
2402 			change = true;
2403 		if (ntype > NL80211_IFTYPE_MAX)
2404 			return -EINVAL;
2405 	}
2406 
2407 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
2408 		struct wireless_dev *wdev = dev->ieee80211_ptr;
2409 
2410 		if (ntype != NL80211_IFTYPE_MESH_POINT)
2411 			return -EINVAL;
2412 		if (netif_running(dev))
2413 			return -EBUSY;
2414 
2415 		wdev_lock(wdev);
2416 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2417 			     IEEE80211_MAX_MESH_ID_LEN);
2418 		wdev->mesh_id_up_len =
2419 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2420 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2421 		       wdev->mesh_id_up_len);
2422 		wdev_unlock(wdev);
2423 	}
2424 
2425 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2426 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2427 		change = true;
2428 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2429 		if (err)
2430 			return err;
2431 	} else {
2432 		params.use_4addr = -1;
2433 	}
2434 
2435 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2436 		if (ntype != NL80211_IFTYPE_MONITOR)
2437 			return -EINVAL;
2438 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2439 					  &_flags);
2440 		if (err)
2441 			return err;
2442 
2443 		flags = &_flags;
2444 		change = true;
2445 	}
2446 
2447 	if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2448 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2449 		return -EOPNOTSUPP;
2450 
2451 	if (change)
2452 		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2453 	else
2454 		err = 0;
2455 
2456 	if (!err && params.use_4addr != -1)
2457 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
2458 
2459 	return err;
2460 }
2461 
2462 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2463 {
2464 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2465 	struct vif_params params;
2466 	struct wireless_dev *wdev;
2467 	struct sk_buff *msg;
2468 	int err;
2469 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2470 	u32 flags;
2471 
2472 	memset(&params, 0, sizeof(params));
2473 
2474 	if (!info->attrs[NL80211_ATTR_IFNAME])
2475 		return -EINVAL;
2476 
2477 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2478 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2479 		if (type > NL80211_IFTYPE_MAX)
2480 			return -EINVAL;
2481 	}
2482 
2483 	if (!rdev->ops->add_virtual_intf ||
2484 	    !(rdev->wiphy.interface_modes & (1 << type)))
2485 		return -EOPNOTSUPP;
2486 
2487 	if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) {
2488 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2489 			   ETH_ALEN);
2490 		if (!is_valid_ether_addr(params.macaddr))
2491 			return -EADDRNOTAVAIL;
2492 	}
2493 
2494 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2495 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2496 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2497 		if (err)
2498 			return err;
2499 	}
2500 
2501 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2502 	if (!msg)
2503 		return -ENOMEM;
2504 
2505 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2506 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2507 				  &flags);
2508 
2509 	if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2510 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2511 		return -EOPNOTSUPP;
2512 
2513 	wdev = rdev_add_virtual_intf(rdev,
2514 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2515 				type, err ? NULL : &flags, &params);
2516 	if (IS_ERR(wdev)) {
2517 		nlmsg_free(msg);
2518 		return PTR_ERR(wdev);
2519 	}
2520 
2521 	switch (type) {
2522 	case NL80211_IFTYPE_MESH_POINT:
2523 		if (!info->attrs[NL80211_ATTR_MESH_ID])
2524 			break;
2525 		wdev_lock(wdev);
2526 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2527 			     IEEE80211_MAX_MESH_ID_LEN);
2528 		wdev->mesh_id_up_len =
2529 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2530 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2531 		       wdev->mesh_id_up_len);
2532 		wdev_unlock(wdev);
2533 		break;
2534 	case NL80211_IFTYPE_P2P_DEVICE:
2535 		/*
2536 		 * P2P Device doesn't have a netdev, so doesn't go
2537 		 * through the netdev notifier and must be added here
2538 		 */
2539 		mutex_init(&wdev->mtx);
2540 		INIT_LIST_HEAD(&wdev->event_list);
2541 		spin_lock_init(&wdev->event_lock);
2542 		INIT_LIST_HEAD(&wdev->mgmt_registrations);
2543 		spin_lock_init(&wdev->mgmt_registrations_lock);
2544 
2545 		wdev->identifier = ++rdev->wdev_id;
2546 		list_add_rcu(&wdev->list, &rdev->wdev_list);
2547 		rdev->devlist_generation++;
2548 		break;
2549 	default:
2550 		break;
2551 	}
2552 
2553 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2554 			       rdev, wdev) < 0) {
2555 		nlmsg_free(msg);
2556 		return -ENOBUFS;
2557 	}
2558 
2559 	return genlmsg_reply(msg, info);
2560 }
2561 
2562 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2563 {
2564 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2565 	struct wireless_dev *wdev = info->user_ptr[1];
2566 
2567 	if (!rdev->ops->del_virtual_intf)
2568 		return -EOPNOTSUPP;
2569 
2570 	/*
2571 	 * If we remove a wireless device without a netdev then clear
2572 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
2573 	 * to check if it needs to do dev_put(). Otherwise it crashes
2574 	 * since the wdev has been freed, unlike with a netdev where
2575 	 * we need the dev_put() for the netdev to really be freed.
2576 	 */
2577 	if (!wdev->netdev)
2578 		info->user_ptr[1] = NULL;
2579 
2580 	return rdev_del_virtual_intf(rdev, wdev);
2581 }
2582 
2583 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2584 {
2585 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2586 	struct net_device *dev = info->user_ptr[1];
2587 	u16 noack_map;
2588 
2589 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2590 		return -EINVAL;
2591 
2592 	if (!rdev->ops->set_noack_map)
2593 		return -EOPNOTSUPP;
2594 
2595 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2596 
2597 	return rdev_set_noack_map(rdev, dev, noack_map);
2598 }
2599 
2600 struct get_key_cookie {
2601 	struct sk_buff *msg;
2602 	int error;
2603 	int idx;
2604 };
2605 
2606 static void get_key_callback(void *c, struct key_params *params)
2607 {
2608 	struct nlattr *key;
2609 	struct get_key_cookie *cookie = c;
2610 
2611 	if ((params->key &&
2612 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2613 		     params->key_len, params->key)) ||
2614 	    (params->seq &&
2615 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2616 		     params->seq_len, params->seq)) ||
2617 	    (params->cipher &&
2618 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2619 			 params->cipher)))
2620 		goto nla_put_failure;
2621 
2622 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2623 	if (!key)
2624 		goto nla_put_failure;
2625 
2626 	if ((params->key &&
2627 	     nla_put(cookie->msg, NL80211_KEY_DATA,
2628 		     params->key_len, params->key)) ||
2629 	    (params->seq &&
2630 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
2631 		     params->seq_len, params->seq)) ||
2632 	    (params->cipher &&
2633 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2634 			 params->cipher)))
2635 		goto nla_put_failure;
2636 
2637 	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2638 		goto nla_put_failure;
2639 
2640 	nla_nest_end(cookie->msg, key);
2641 
2642 	return;
2643  nla_put_failure:
2644 	cookie->error = 1;
2645 }
2646 
2647 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2648 {
2649 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2650 	int err;
2651 	struct net_device *dev = info->user_ptr[1];
2652 	u8 key_idx = 0;
2653 	const u8 *mac_addr = NULL;
2654 	bool pairwise;
2655 	struct get_key_cookie cookie = {
2656 		.error = 0,
2657 	};
2658 	void *hdr;
2659 	struct sk_buff *msg;
2660 
2661 	if (info->attrs[NL80211_ATTR_KEY_IDX])
2662 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2663 
2664 	if (key_idx > 5)
2665 		return -EINVAL;
2666 
2667 	if (info->attrs[NL80211_ATTR_MAC])
2668 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2669 
2670 	pairwise = !!mac_addr;
2671 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2672 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2673 		if (kt >= NUM_NL80211_KEYTYPES)
2674 			return -EINVAL;
2675 		if (kt != NL80211_KEYTYPE_GROUP &&
2676 		    kt != NL80211_KEYTYPE_PAIRWISE)
2677 			return -EINVAL;
2678 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2679 	}
2680 
2681 	if (!rdev->ops->get_key)
2682 		return -EOPNOTSUPP;
2683 
2684 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2685 	if (!msg)
2686 		return -ENOMEM;
2687 
2688 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2689 			     NL80211_CMD_NEW_KEY);
2690 	if (!hdr)
2691 		goto nla_put_failure;
2692 
2693 	cookie.msg = msg;
2694 	cookie.idx = key_idx;
2695 
2696 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2697 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2698 		goto nla_put_failure;
2699 	if (mac_addr &&
2700 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2701 		goto nla_put_failure;
2702 
2703 	if (pairwise && mac_addr &&
2704 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2705 		return -ENOENT;
2706 
2707 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2708 			   get_key_callback);
2709 
2710 	if (err)
2711 		goto free_msg;
2712 
2713 	if (cookie.error)
2714 		goto nla_put_failure;
2715 
2716 	genlmsg_end(msg, hdr);
2717 	return genlmsg_reply(msg, info);
2718 
2719  nla_put_failure:
2720 	err = -ENOBUFS;
2721  free_msg:
2722 	nlmsg_free(msg);
2723 	return err;
2724 }
2725 
2726 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2727 {
2728 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2729 	struct key_parse key;
2730 	int err;
2731 	struct net_device *dev = info->user_ptr[1];
2732 
2733 	err = nl80211_parse_key(info, &key);
2734 	if (err)
2735 		return err;
2736 
2737 	if (key.idx < 0)
2738 		return -EINVAL;
2739 
2740 	/* only support setting default key */
2741 	if (!key.def && !key.defmgmt)
2742 		return -EINVAL;
2743 
2744 	wdev_lock(dev->ieee80211_ptr);
2745 
2746 	if (key.def) {
2747 		if (!rdev->ops->set_default_key) {
2748 			err = -EOPNOTSUPP;
2749 			goto out;
2750 		}
2751 
2752 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2753 		if (err)
2754 			goto out;
2755 
2756 		err = rdev_set_default_key(rdev, dev, key.idx,
2757 						 key.def_uni, key.def_multi);
2758 
2759 		if (err)
2760 			goto out;
2761 
2762 #ifdef CONFIG_CFG80211_WEXT
2763 		dev->ieee80211_ptr->wext.default_key = key.idx;
2764 #endif
2765 	} else {
2766 		if (key.def_uni || !key.def_multi) {
2767 			err = -EINVAL;
2768 			goto out;
2769 		}
2770 
2771 		if (!rdev->ops->set_default_mgmt_key) {
2772 			err = -EOPNOTSUPP;
2773 			goto out;
2774 		}
2775 
2776 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2777 		if (err)
2778 			goto out;
2779 
2780 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2781 		if (err)
2782 			goto out;
2783 
2784 #ifdef CONFIG_CFG80211_WEXT
2785 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2786 #endif
2787 	}
2788 
2789  out:
2790 	wdev_unlock(dev->ieee80211_ptr);
2791 
2792 	return err;
2793 }
2794 
2795 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2796 {
2797 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2798 	int err;
2799 	struct net_device *dev = info->user_ptr[1];
2800 	struct key_parse key;
2801 	const u8 *mac_addr = NULL;
2802 
2803 	err = nl80211_parse_key(info, &key);
2804 	if (err)
2805 		return err;
2806 
2807 	if (!key.p.key)
2808 		return -EINVAL;
2809 
2810 	if (info->attrs[NL80211_ATTR_MAC])
2811 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2812 
2813 	if (key.type == -1) {
2814 		if (mac_addr)
2815 			key.type = NL80211_KEYTYPE_PAIRWISE;
2816 		else
2817 			key.type = NL80211_KEYTYPE_GROUP;
2818 	}
2819 
2820 	/* for now */
2821 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2822 	    key.type != NL80211_KEYTYPE_GROUP)
2823 		return -EINVAL;
2824 
2825 	if (!rdev->ops->add_key)
2826 		return -EOPNOTSUPP;
2827 
2828 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2829 					   key.type == NL80211_KEYTYPE_PAIRWISE,
2830 					   mac_addr))
2831 		return -EINVAL;
2832 
2833 	wdev_lock(dev->ieee80211_ptr);
2834 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2835 	if (!err)
2836 		err = rdev_add_key(rdev, dev, key.idx,
2837 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2838 				    mac_addr, &key.p);
2839 	wdev_unlock(dev->ieee80211_ptr);
2840 
2841 	return err;
2842 }
2843 
2844 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2845 {
2846 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2847 	int err;
2848 	struct net_device *dev = info->user_ptr[1];
2849 	u8 *mac_addr = NULL;
2850 	struct key_parse key;
2851 
2852 	err = nl80211_parse_key(info, &key);
2853 	if (err)
2854 		return err;
2855 
2856 	if (info->attrs[NL80211_ATTR_MAC])
2857 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2858 
2859 	if (key.type == -1) {
2860 		if (mac_addr)
2861 			key.type = NL80211_KEYTYPE_PAIRWISE;
2862 		else
2863 			key.type = NL80211_KEYTYPE_GROUP;
2864 	}
2865 
2866 	/* for now */
2867 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2868 	    key.type != NL80211_KEYTYPE_GROUP)
2869 		return -EINVAL;
2870 
2871 	if (!rdev->ops->del_key)
2872 		return -EOPNOTSUPP;
2873 
2874 	wdev_lock(dev->ieee80211_ptr);
2875 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2876 
2877 	if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2878 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2879 		err = -ENOENT;
2880 
2881 	if (!err)
2882 		err = rdev_del_key(rdev, dev, key.idx,
2883 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2884 				   mac_addr);
2885 
2886 #ifdef CONFIG_CFG80211_WEXT
2887 	if (!err) {
2888 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
2889 			dev->ieee80211_ptr->wext.default_key = -1;
2890 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2891 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2892 	}
2893 #endif
2894 	wdev_unlock(dev->ieee80211_ptr);
2895 
2896 	return err;
2897 }
2898 
2899 /* This function returns an error or the number of nested attributes */
2900 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
2901 {
2902 	struct nlattr *attr;
2903 	int n_entries = 0, tmp;
2904 
2905 	nla_for_each_nested(attr, nl_attr, tmp) {
2906 		if (nla_len(attr) != ETH_ALEN)
2907 			return -EINVAL;
2908 
2909 		n_entries++;
2910 	}
2911 
2912 	return n_entries;
2913 }
2914 
2915 /*
2916  * This function parses ACL information and allocates memory for ACL data.
2917  * On successful return, the calling function is responsible to free the
2918  * ACL buffer returned by this function.
2919  */
2920 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
2921 						struct genl_info *info)
2922 {
2923 	enum nl80211_acl_policy acl_policy;
2924 	struct nlattr *attr;
2925 	struct cfg80211_acl_data *acl;
2926 	int i = 0, n_entries, tmp;
2927 
2928 	if (!wiphy->max_acl_mac_addrs)
2929 		return ERR_PTR(-EOPNOTSUPP);
2930 
2931 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
2932 		return ERR_PTR(-EINVAL);
2933 
2934 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
2935 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
2936 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
2937 		return ERR_PTR(-EINVAL);
2938 
2939 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
2940 		return ERR_PTR(-EINVAL);
2941 
2942 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
2943 	if (n_entries < 0)
2944 		return ERR_PTR(n_entries);
2945 
2946 	if (n_entries > wiphy->max_acl_mac_addrs)
2947 		return ERR_PTR(-ENOTSUPP);
2948 
2949 	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
2950 		      GFP_KERNEL);
2951 	if (!acl)
2952 		return ERR_PTR(-ENOMEM);
2953 
2954 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
2955 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
2956 		i++;
2957 	}
2958 
2959 	acl->n_acl_entries = n_entries;
2960 	acl->acl_policy = acl_policy;
2961 
2962 	return acl;
2963 }
2964 
2965 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
2966 {
2967 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2968 	struct net_device *dev = info->user_ptr[1];
2969 	struct cfg80211_acl_data *acl;
2970 	int err;
2971 
2972 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2973 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2974 		return -EOPNOTSUPP;
2975 
2976 	if (!dev->ieee80211_ptr->beacon_interval)
2977 		return -EINVAL;
2978 
2979 	acl = parse_acl_data(&rdev->wiphy, info);
2980 	if (IS_ERR(acl))
2981 		return PTR_ERR(acl);
2982 
2983 	err = rdev_set_mac_acl(rdev, dev, acl);
2984 
2985 	kfree(acl);
2986 
2987 	return err;
2988 }
2989 
2990 static int nl80211_parse_beacon(struct nlattr *attrs[],
2991 				struct cfg80211_beacon_data *bcn)
2992 {
2993 	bool haveinfo = false;
2994 
2995 	if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
2996 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
2997 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
2998 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
2999 		return -EINVAL;
3000 
3001 	memset(bcn, 0, sizeof(*bcn));
3002 
3003 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3004 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3005 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3006 		if (!bcn->head_len)
3007 			return -EINVAL;
3008 		haveinfo = true;
3009 	}
3010 
3011 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3012 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3013 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3014 		haveinfo = true;
3015 	}
3016 
3017 	if (!haveinfo)
3018 		return -EINVAL;
3019 
3020 	if (attrs[NL80211_ATTR_IE]) {
3021 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3022 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3023 	}
3024 
3025 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3026 		bcn->proberesp_ies =
3027 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3028 		bcn->proberesp_ies_len =
3029 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3030 	}
3031 
3032 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3033 		bcn->assocresp_ies =
3034 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3035 		bcn->assocresp_ies_len =
3036 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3037 	}
3038 
3039 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
3040 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3041 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3042 	}
3043 
3044 	return 0;
3045 }
3046 
3047 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3048 				   struct cfg80211_ap_settings *params)
3049 {
3050 	struct wireless_dev *wdev;
3051 	bool ret = false;
3052 
3053 	list_for_each_entry(wdev, &rdev->wdev_list, list) {
3054 		if (wdev->iftype != NL80211_IFTYPE_AP &&
3055 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
3056 			continue;
3057 
3058 		if (!wdev->preset_chandef.chan)
3059 			continue;
3060 
3061 		params->chandef = wdev->preset_chandef;
3062 		ret = true;
3063 		break;
3064 	}
3065 
3066 	return ret;
3067 }
3068 
3069 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3070 				    enum nl80211_auth_type auth_type,
3071 				    enum nl80211_commands cmd)
3072 {
3073 	if (auth_type > NL80211_AUTHTYPE_MAX)
3074 		return false;
3075 
3076 	switch (cmd) {
3077 	case NL80211_CMD_AUTHENTICATE:
3078 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3079 		    auth_type == NL80211_AUTHTYPE_SAE)
3080 			return false;
3081 		return true;
3082 	case NL80211_CMD_CONNECT:
3083 	case NL80211_CMD_START_AP:
3084 		/* SAE not supported yet */
3085 		if (auth_type == NL80211_AUTHTYPE_SAE)
3086 			return false;
3087 		return true;
3088 	default:
3089 		return false;
3090 	}
3091 }
3092 
3093 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3094 {
3095 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3096 	struct net_device *dev = info->user_ptr[1];
3097 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3098 	struct cfg80211_ap_settings params;
3099 	int err;
3100 	u8 radar_detect_width = 0;
3101 
3102 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3103 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3104 		return -EOPNOTSUPP;
3105 
3106 	if (!rdev->ops->start_ap)
3107 		return -EOPNOTSUPP;
3108 
3109 	if (wdev->beacon_interval)
3110 		return -EALREADY;
3111 
3112 	memset(&params, 0, sizeof(params));
3113 
3114 	/* these are required for START_AP */
3115 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3116 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3117 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
3118 		return -EINVAL;
3119 
3120 	err = nl80211_parse_beacon(info->attrs, &params.beacon);
3121 	if (err)
3122 		return err;
3123 
3124 	params.beacon_interval =
3125 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3126 	params.dtim_period =
3127 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3128 
3129 	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3130 	if (err)
3131 		return err;
3132 
3133 	/*
3134 	 * In theory, some of these attributes should be required here
3135 	 * but since they were not used when the command was originally
3136 	 * added, keep them optional for old user space programs to let
3137 	 * them continue to work with drivers that do not need the
3138 	 * additional information -- drivers must check!
3139 	 */
3140 	if (info->attrs[NL80211_ATTR_SSID]) {
3141 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3142 		params.ssid_len =
3143 			nla_len(info->attrs[NL80211_ATTR_SSID]);
3144 		if (params.ssid_len == 0 ||
3145 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
3146 			return -EINVAL;
3147 	}
3148 
3149 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3150 		params.hidden_ssid = nla_get_u32(
3151 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3152 		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3153 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3154 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3155 			return -EINVAL;
3156 	}
3157 
3158 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3159 
3160 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3161 		params.auth_type = nla_get_u32(
3162 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
3163 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
3164 					     NL80211_CMD_START_AP))
3165 			return -EINVAL;
3166 	} else
3167 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3168 
3169 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
3170 				      NL80211_MAX_NR_CIPHER_SUITES);
3171 	if (err)
3172 		return err;
3173 
3174 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3175 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3176 			return -EOPNOTSUPP;
3177 		params.inactivity_timeout = nla_get_u16(
3178 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3179 	}
3180 
3181 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3182 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3183 			return -EINVAL;
3184 		params.p2p_ctwindow =
3185 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3186 		if (params.p2p_ctwindow > 127)
3187 			return -EINVAL;
3188 		if (params.p2p_ctwindow != 0 &&
3189 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3190 			return -EINVAL;
3191 	}
3192 
3193 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3194 		u8 tmp;
3195 
3196 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3197 			return -EINVAL;
3198 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3199 		if (tmp > 1)
3200 			return -EINVAL;
3201 		params.p2p_opp_ps = tmp;
3202 		if (params.p2p_opp_ps != 0 &&
3203 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3204 			return -EINVAL;
3205 	}
3206 
3207 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3208 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
3209 		if (err)
3210 			return err;
3211 	} else if (wdev->preset_chandef.chan) {
3212 		params.chandef = wdev->preset_chandef;
3213 	} else if (!nl80211_get_ap_channel(rdev, &params))
3214 		return -EINVAL;
3215 
3216 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef))
3217 		return -EINVAL;
3218 
3219 	err = cfg80211_chandef_dfs_required(wdev->wiphy, &params.chandef);
3220 	if (err < 0)
3221 		return err;
3222 	if (err) {
3223 		radar_detect_width = BIT(params.chandef.width);
3224 		params.radar_required = true;
3225 	}
3226 
3227 	err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
3228 					   params.chandef.chan,
3229 					   CHAN_MODE_SHARED,
3230 					   radar_detect_width);
3231 	if (err)
3232 		return err;
3233 
3234 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3235 		params.acl = parse_acl_data(&rdev->wiphy, info);
3236 		if (IS_ERR(params.acl))
3237 			return PTR_ERR(params.acl);
3238 	}
3239 
3240 	wdev_lock(wdev);
3241 	err = rdev_start_ap(rdev, dev, &params);
3242 	if (!err) {
3243 		wdev->preset_chandef = params.chandef;
3244 		wdev->beacon_interval = params.beacon_interval;
3245 		wdev->channel = params.chandef.chan;
3246 		wdev->ssid_len = params.ssid_len;
3247 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3248 	}
3249 	wdev_unlock(wdev);
3250 
3251 	kfree(params.acl);
3252 
3253 	return err;
3254 }
3255 
3256 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3257 {
3258 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3259 	struct net_device *dev = info->user_ptr[1];
3260 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3261 	struct cfg80211_beacon_data params;
3262 	int err;
3263 
3264 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3265 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3266 		return -EOPNOTSUPP;
3267 
3268 	if (!rdev->ops->change_beacon)
3269 		return -EOPNOTSUPP;
3270 
3271 	if (!wdev->beacon_interval)
3272 		return -EINVAL;
3273 
3274 	err = nl80211_parse_beacon(info->attrs, &params);
3275 	if (err)
3276 		return err;
3277 
3278 	wdev_lock(wdev);
3279 	err = rdev_change_beacon(rdev, dev, &params);
3280 	wdev_unlock(wdev);
3281 
3282 	return err;
3283 }
3284 
3285 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3286 {
3287 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3288 	struct net_device *dev = info->user_ptr[1];
3289 
3290 	return cfg80211_stop_ap(rdev, dev);
3291 }
3292 
3293 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3294 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3295 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3296 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3297 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3298 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3299 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3300 };
3301 
3302 static int parse_station_flags(struct genl_info *info,
3303 			       enum nl80211_iftype iftype,
3304 			       struct station_parameters *params)
3305 {
3306 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3307 	struct nlattr *nla;
3308 	int flag;
3309 
3310 	/*
3311 	 * Try parsing the new attribute first so userspace
3312 	 * can specify both for older kernels.
3313 	 */
3314 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3315 	if (nla) {
3316 		struct nl80211_sta_flag_update *sta_flags;
3317 
3318 		sta_flags = nla_data(nla);
3319 		params->sta_flags_mask = sta_flags->mask;
3320 		params->sta_flags_set = sta_flags->set;
3321 		params->sta_flags_set &= params->sta_flags_mask;
3322 		if ((params->sta_flags_mask |
3323 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3324 			return -EINVAL;
3325 		return 0;
3326 	}
3327 
3328 	/* if present, parse the old attribute */
3329 
3330 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3331 	if (!nla)
3332 		return 0;
3333 
3334 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3335 			     nla, sta_flags_policy))
3336 		return -EINVAL;
3337 
3338 	/*
3339 	 * Only allow certain flags for interface types so that
3340 	 * other attributes are silently ignored. Remember that
3341 	 * this is backward compatibility code with old userspace
3342 	 * and shouldn't be hit in other cases anyway.
3343 	 */
3344 	switch (iftype) {
3345 	case NL80211_IFTYPE_AP:
3346 	case NL80211_IFTYPE_AP_VLAN:
3347 	case NL80211_IFTYPE_P2P_GO:
3348 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3349 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3350 					 BIT(NL80211_STA_FLAG_WME) |
3351 					 BIT(NL80211_STA_FLAG_MFP);
3352 		break;
3353 	case NL80211_IFTYPE_P2P_CLIENT:
3354 	case NL80211_IFTYPE_STATION:
3355 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3356 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
3357 		break;
3358 	case NL80211_IFTYPE_MESH_POINT:
3359 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3360 					 BIT(NL80211_STA_FLAG_MFP) |
3361 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
3362 	default:
3363 		return -EINVAL;
3364 	}
3365 
3366 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3367 		if (flags[flag]) {
3368 			params->sta_flags_set |= (1<<flag);
3369 
3370 			/* no longer support new API additions in old API */
3371 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3372 				return -EINVAL;
3373 		}
3374 	}
3375 
3376 	return 0;
3377 }
3378 
3379 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3380 				 int attr)
3381 {
3382 	struct nlattr *rate;
3383 	u32 bitrate;
3384 	u16 bitrate_compat;
3385 
3386 	rate = nla_nest_start(msg, attr);
3387 	if (!rate)
3388 		return false;
3389 
3390 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3391 	bitrate = cfg80211_calculate_bitrate(info);
3392 	/* report 16-bit bitrate only if we can */
3393 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3394 	if (bitrate > 0 &&
3395 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3396 		return false;
3397 	if (bitrate_compat > 0 &&
3398 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3399 		return false;
3400 
3401 	if (info->flags & RATE_INFO_FLAGS_MCS) {
3402 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3403 			return false;
3404 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3405 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3406 			return false;
3407 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3408 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3409 			return false;
3410 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3411 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3412 			return false;
3413 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3414 			return false;
3415 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3416 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3417 			return false;
3418 		if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH &&
3419 		    nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH))
3420 			return false;
3421 		if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH &&
3422 		    nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH))
3423 			return false;
3424 		if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH &&
3425 		    nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH))
3426 			return false;
3427 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3428 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3429 			return false;
3430 	}
3431 
3432 	nla_nest_end(msg, rate);
3433 	return true;
3434 }
3435 
3436 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3437 			       int id)
3438 {
3439 	void *attr;
3440 	int i = 0;
3441 
3442 	if (!mask)
3443 		return true;
3444 
3445 	attr = nla_nest_start(msg, id);
3446 	if (!attr)
3447 		return false;
3448 
3449 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3450 		if (!(mask & BIT(i)))
3451 			continue;
3452 
3453 		if (nla_put_u8(msg, i, signal[i]))
3454 			return false;
3455 	}
3456 
3457 	nla_nest_end(msg, attr);
3458 
3459 	return true;
3460 }
3461 
3462 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
3463 				int flags,
3464 				struct cfg80211_registered_device *rdev,
3465 				struct net_device *dev,
3466 				const u8 *mac_addr, struct station_info *sinfo)
3467 {
3468 	void *hdr;
3469 	struct nlattr *sinfoattr, *bss_param;
3470 
3471 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3472 	if (!hdr)
3473 		return -1;
3474 
3475 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3476 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3477 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3478 		goto nla_put_failure;
3479 
3480 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3481 	if (!sinfoattr)
3482 		goto nla_put_failure;
3483 	if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
3484 	    nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
3485 			sinfo->connected_time))
3486 		goto nla_put_failure;
3487 	if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
3488 	    nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
3489 			sinfo->inactive_time))
3490 		goto nla_put_failure;
3491 	if ((sinfo->filled & (STATION_INFO_RX_BYTES |
3492 			      STATION_INFO_RX_BYTES64)) &&
3493 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3494 			(u32)sinfo->rx_bytes))
3495 		goto nla_put_failure;
3496 	if ((sinfo->filled & (STATION_INFO_TX_BYTES |
3497 			      STATION_INFO_TX_BYTES64)) &&
3498 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3499 			(u32)sinfo->tx_bytes))
3500 		goto nla_put_failure;
3501 	if ((sinfo->filled & STATION_INFO_RX_BYTES64) &&
3502 	    nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64,
3503 			sinfo->rx_bytes))
3504 		goto nla_put_failure;
3505 	if ((sinfo->filled & STATION_INFO_TX_BYTES64) &&
3506 	    nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64,
3507 			sinfo->tx_bytes))
3508 		goto nla_put_failure;
3509 	if ((sinfo->filled & STATION_INFO_LLID) &&
3510 	    nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
3511 		goto nla_put_failure;
3512 	if ((sinfo->filled & STATION_INFO_PLID) &&
3513 	    nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
3514 		goto nla_put_failure;
3515 	if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
3516 	    nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
3517 		       sinfo->plink_state))
3518 		goto nla_put_failure;
3519 	switch (rdev->wiphy.signal_type) {
3520 	case CFG80211_SIGNAL_TYPE_MBM:
3521 		if ((sinfo->filled & STATION_INFO_SIGNAL) &&
3522 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
3523 			       sinfo->signal))
3524 			goto nla_put_failure;
3525 		if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
3526 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
3527 			       sinfo->signal_avg))
3528 			goto nla_put_failure;
3529 		break;
3530 	default:
3531 		break;
3532 	}
3533 	if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL) {
3534 		if (!nl80211_put_signal(msg, sinfo->chains,
3535 					sinfo->chain_signal,
3536 					NL80211_STA_INFO_CHAIN_SIGNAL))
3537 			goto nla_put_failure;
3538 	}
3539 	if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL_AVG) {
3540 		if (!nl80211_put_signal(msg, sinfo->chains,
3541 					sinfo->chain_signal_avg,
3542 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3543 			goto nla_put_failure;
3544 	}
3545 	if (sinfo->filled & STATION_INFO_TX_BITRATE) {
3546 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3547 					  NL80211_STA_INFO_TX_BITRATE))
3548 			goto nla_put_failure;
3549 	}
3550 	if (sinfo->filled & STATION_INFO_RX_BITRATE) {
3551 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3552 					  NL80211_STA_INFO_RX_BITRATE))
3553 			goto nla_put_failure;
3554 	}
3555 	if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
3556 	    nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
3557 			sinfo->rx_packets))
3558 		goto nla_put_failure;
3559 	if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
3560 	    nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
3561 			sinfo->tx_packets))
3562 		goto nla_put_failure;
3563 	if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
3564 	    nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
3565 			sinfo->tx_retries))
3566 		goto nla_put_failure;
3567 	if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
3568 	    nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
3569 			sinfo->tx_failed))
3570 		goto nla_put_failure;
3571 	if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
3572 	    nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
3573 			sinfo->beacon_loss_count))
3574 		goto nla_put_failure;
3575 	if ((sinfo->filled & STATION_INFO_LOCAL_PM) &&
3576 	    nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM,
3577 			sinfo->local_pm))
3578 		goto nla_put_failure;
3579 	if ((sinfo->filled & STATION_INFO_PEER_PM) &&
3580 	    nla_put_u32(msg, NL80211_STA_INFO_PEER_PM,
3581 			sinfo->peer_pm))
3582 		goto nla_put_failure;
3583 	if ((sinfo->filled & STATION_INFO_NONPEER_PM) &&
3584 	    nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM,
3585 			sinfo->nonpeer_pm))
3586 		goto nla_put_failure;
3587 	if (sinfo->filled & STATION_INFO_BSS_PARAM) {
3588 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3589 		if (!bss_param)
3590 			goto nla_put_failure;
3591 
3592 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3593 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3594 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3595 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3596 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3597 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3598 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3599 			       sinfo->bss_param.dtim_period) ||
3600 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3601 				sinfo->bss_param.beacon_interval))
3602 			goto nla_put_failure;
3603 
3604 		nla_nest_end(msg, bss_param);
3605 	}
3606 	if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
3607 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3608 		    sizeof(struct nl80211_sta_flag_update),
3609 		    &sinfo->sta_flags))
3610 		goto nla_put_failure;
3611 	if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
3612 		nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
3613 			    sinfo->t_offset))
3614 		goto nla_put_failure;
3615 	nla_nest_end(msg, sinfoattr);
3616 
3617 	if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
3618 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3619 		    sinfo->assoc_req_ies))
3620 		goto nla_put_failure;
3621 
3622 	return genlmsg_end(msg, hdr);
3623 
3624  nla_put_failure:
3625 	genlmsg_cancel(msg, hdr);
3626 	return -EMSGSIZE;
3627 }
3628 
3629 static int nl80211_dump_station(struct sk_buff *skb,
3630 				struct netlink_callback *cb)
3631 {
3632 	struct station_info sinfo;
3633 	struct cfg80211_registered_device *dev;
3634 	struct wireless_dev *wdev;
3635 	u8 mac_addr[ETH_ALEN];
3636 	int sta_idx = cb->args[2];
3637 	int err;
3638 
3639 	err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
3640 	if (err)
3641 		return err;
3642 
3643 	if (!wdev->netdev) {
3644 		err = -EINVAL;
3645 		goto out_err;
3646 	}
3647 
3648 	if (!dev->ops->dump_station) {
3649 		err = -EOPNOTSUPP;
3650 		goto out_err;
3651 	}
3652 
3653 	while (1) {
3654 		memset(&sinfo, 0, sizeof(sinfo));
3655 		err = rdev_dump_station(dev, wdev->netdev, sta_idx,
3656 					mac_addr, &sinfo);
3657 		if (err == -ENOENT)
3658 			break;
3659 		if (err)
3660 			goto out_err;
3661 
3662 		if (nl80211_send_station(skb,
3663 				NETLINK_CB(cb->skb).portid,
3664 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
3665 				dev, wdev->netdev, mac_addr,
3666 				&sinfo) < 0)
3667 			goto out;
3668 
3669 		sta_idx++;
3670 	}
3671 
3672 
3673  out:
3674 	cb->args[2] = sta_idx;
3675 	err = skb->len;
3676  out_err:
3677 	nl80211_finish_wdev_dump(dev);
3678 
3679 	return err;
3680 }
3681 
3682 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3683 {
3684 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3685 	struct net_device *dev = info->user_ptr[1];
3686 	struct station_info sinfo;
3687 	struct sk_buff *msg;
3688 	u8 *mac_addr = NULL;
3689 	int err;
3690 
3691 	memset(&sinfo, 0, sizeof(sinfo));
3692 
3693 	if (!info->attrs[NL80211_ATTR_MAC])
3694 		return -EINVAL;
3695 
3696 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3697 
3698 	if (!rdev->ops->get_station)
3699 		return -EOPNOTSUPP;
3700 
3701 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3702 	if (err)
3703 		return err;
3704 
3705 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3706 	if (!msg)
3707 		return -ENOMEM;
3708 
3709 	if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
3710 				 rdev, dev, mac_addr, &sinfo) < 0) {
3711 		nlmsg_free(msg);
3712 		return -ENOBUFS;
3713 	}
3714 
3715 	return genlmsg_reply(msg, info);
3716 }
3717 
3718 int cfg80211_check_station_change(struct wiphy *wiphy,
3719 				  struct station_parameters *params,
3720 				  enum cfg80211_station_type statype)
3721 {
3722 	if (params->listen_interval != -1)
3723 		return -EINVAL;
3724 	if (params->aid)
3725 		return -EINVAL;
3726 
3727 	/* When you run into this, adjust the code below for the new flag */
3728 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3729 
3730 	switch (statype) {
3731 	case CFG80211_STA_MESH_PEER_KERNEL:
3732 	case CFG80211_STA_MESH_PEER_USER:
3733 		/*
3734 		 * No ignoring the TDLS flag here -- the userspace mesh
3735 		 * code doesn't have the bug of including TDLS in the
3736 		 * mask everywhere.
3737 		 */
3738 		if (params->sta_flags_mask &
3739 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3740 				  BIT(NL80211_STA_FLAG_MFP) |
3741 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
3742 			return -EINVAL;
3743 		break;
3744 	case CFG80211_STA_TDLS_PEER_SETUP:
3745 	case CFG80211_STA_TDLS_PEER_ACTIVE:
3746 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3747 			return -EINVAL;
3748 		/* ignore since it can't change */
3749 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3750 		break;
3751 	default:
3752 		/* disallow mesh-specific things */
3753 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3754 			return -EINVAL;
3755 		if (params->local_pm)
3756 			return -EINVAL;
3757 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3758 			return -EINVAL;
3759 	}
3760 
3761 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
3762 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
3763 		/* TDLS can't be set, ... */
3764 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3765 			return -EINVAL;
3766 		/*
3767 		 * ... but don't bother the driver with it. This works around
3768 		 * a hostapd/wpa_supplicant issue -- it always includes the
3769 		 * TLDS_PEER flag in the mask even for AP mode.
3770 		 */
3771 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3772 	}
3773 
3774 	if (statype != CFG80211_STA_TDLS_PEER_SETUP) {
3775 		/* reject other things that can't change */
3776 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
3777 			return -EINVAL;
3778 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
3779 			return -EINVAL;
3780 		if (params->supported_rates)
3781 			return -EINVAL;
3782 		if (params->ext_capab || params->ht_capa || params->vht_capa)
3783 			return -EINVAL;
3784 	}
3785 
3786 	if (statype != CFG80211_STA_AP_CLIENT) {
3787 		if (params->vlan)
3788 			return -EINVAL;
3789 	}
3790 
3791 	switch (statype) {
3792 	case CFG80211_STA_AP_MLME_CLIENT:
3793 		/* Use this only for authorizing/unauthorizing a station */
3794 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
3795 			return -EOPNOTSUPP;
3796 		break;
3797 	case CFG80211_STA_AP_CLIENT:
3798 		/* accept only the listed bits */
3799 		if (params->sta_flags_mask &
3800 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3801 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3802 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
3803 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3804 				  BIT(NL80211_STA_FLAG_WME) |
3805 				  BIT(NL80211_STA_FLAG_MFP)))
3806 			return -EINVAL;
3807 
3808 		/* but authenticated/associated only if driver handles it */
3809 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
3810 		    params->sta_flags_mask &
3811 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3812 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
3813 			return -EINVAL;
3814 		break;
3815 	case CFG80211_STA_IBSS:
3816 	case CFG80211_STA_AP_STA:
3817 		/* reject any changes other than AUTHORIZED */
3818 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3819 			return -EINVAL;
3820 		break;
3821 	case CFG80211_STA_TDLS_PEER_SETUP:
3822 		/* reject any changes other than AUTHORIZED or WME */
3823 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3824 					       BIT(NL80211_STA_FLAG_WME)))
3825 			return -EINVAL;
3826 		/* force (at least) rates when authorizing */
3827 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
3828 		    !params->supported_rates)
3829 			return -EINVAL;
3830 		break;
3831 	case CFG80211_STA_TDLS_PEER_ACTIVE:
3832 		/* reject any changes */
3833 		return -EINVAL;
3834 	case CFG80211_STA_MESH_PEER_KERNEL:
3835 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3836 			return -EINVAL;
3837 		break;
3838 	case CFG80211_STA_MESH_PEER_USER:
3839 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3840 			return -EINVAL;
3841 		break;
3842 	}
3843 
3844 	return 0;
3845 }
3846 EXPORT_SYMBOL(cfg80211_check_station_change);
3847 
3848 /*
3849  * Get vlan interface making sure it is running and on the right wiphy.
3850  */
3851 static struct net_device *get_vlan(struct genl_info *info,
3852 				   struct cfg80211_registered_device *rdev)
3853 {
3854 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
3855 	struct net_device *v;
3856 	int ret;
3857 
3858 	if (!vlanattr)
3859 		return NULL;
3860 
3861 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
3862 	if (!v)
3863 		return ERR_PTR(-ENODEV);
3864 
3865 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
3866 		ret = -EINVAL;
3867 		goto error;
3868 	}
3869 
3870 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3871 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3872 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3873 		ret = -EINVAL;
3874 		goto error;
3875 	}
3876 
3877 	if (!netif_running(v)) {
3878 		ret = -ENETDOWN;
3879 		goto error;
3880 	}
3881 
3882 	return v;
3883  error:
3884 	dev_put(v);
3885 	return ERR_PTR(ret);
3886 }
3887 
3888 static struct nla_policy
3889 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
3890 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
3891 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
3892 };
3893 
3894 static int nl80211_parse_sta_wme(struct genl_info *info,
3895 				 struct station_parameters *params)
3896 {
3897 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3898 	struct nlattr *nla;
3899 	int err;
3900 
3901 	/* parse WME attributes if present */
3902 	if (!info->attrs[NL80211_ATTR_STA_WME])
3903 		return 0;
3904 
3905 	nla = info->attrs[NL80211_ATTR_STA_WME];
3906 	err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
3907 			       nl80211_sta_wme_policy);
3908 	if (err)
3909 		return err;
3910 
3911 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
3912 		params->uapsd_queues = nla_get_u8(
3913 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
3914 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
3915 		return -EINVAL;
3916 
3917 	if (tb[NL80211_STA_WME_MAX_SP])
3918 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
3919 
3920 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
3921 		return -EINVAL;
3922 
3923 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
3924 
3925 	return 0;
3926 }
3927 
3928 static int nl80211_parse_sta_channel_info(struct genl_info *info,
3929 				      struct station_parameters *params)
3930 {
3931 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
3932 		params->supported_channels =
3933 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
3934 		params->supported_channels_len =
3935 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
3936 		/*
3937 		 * Need to include at least one (first channel, number of
3938 		 * channels) tuple for each subband, and must have proper
3939 		 * tuples for the rest of the data as well.
3940 		 */
3941 		if (params->supported_channels_len < 2)
3942 			return -EINVAL;
3943 		if (params->supported_channels_len % 2)
3944 			return -EINVAL;
3945 	}
3946 
3947 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
3948 		params->supported_oper_classes =
3949 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
3950 		params->supported_oper_classes_len =
3951 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
3952 		/*
3953 		 * The value of the Length field of the Supported Operating
3954 		 * Classes element is between 2 and 253.
3955 		 */
3956 		if (params->supported_oper_classes_len < 2 ||
3957 		    params->supported_oper_classes_len > 253)
3958 			return -EINVAL;
3959 	}
3960 	return 0;
3961 }
3962 
3963 static int nl80211_set_station_tdls(struct genl_info *info,
3964 				    struct station_parameters *params)
3965 {
3966 	int err;
3967 	/* Dummy STA entry gets updated once the peer capabilities are known */
3968 	if (info->attrs[NL80211_ATTR_PEER_AID])
3969 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
3970 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
3971 		params->ht_capa =
3972 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
3973 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
3974 		params->vht_capa =
3975 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
3976 
3977 	err = nl80211_parse_sta_channel_info(info, params);
3978 	if (err)
3979 		return err;
3980 
3981 	return nl80211_parse_sta_wme(info, params);
3982 }
3983 
3984 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
3985 {
3986 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3987 	struct net_device *dev = info->user_ptr[1];
3988 	struct station_parameters params;
3989 	u8 *mac_addr;
3990 	int err;
3991 
3992 	memset(&params, 0, sizeof(params));
3993 
3994 	params.listen_interval = -1;
3995 
3996 	if (!rdev->ops->change_station)
3997 		return -EOPNOTSUPP;
3998 
3999 	if (info->attrs[NL80211_ATTR_STA_AID])
4000 		return -EINVAL;
4001 
4002 	if (!info->attrs[NL80211_ATTR_MAC])
4003 		return -EINVAL;
4004 
4005 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4006 
4007 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4008 		params.supported_rates =
4009 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4010 		params.supported_rates_len =
4011 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4012 	}
4013 
4014 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4015 		params.capability =
4016 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4017 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4018 	}
4019 
4020 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4021 		params.ext_capab =
4022 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4023 		params.ext_capab_len =
4024 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4025 	}
4026 
4027 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4028 		return -EINVAL;
4029 
4030 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4031 		return -EINVAL;
4032 
4033 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4034 		params.plink_action =
4035 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4036 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4037 			return -EINVAL;
4038 	}
4039 
4040 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4041 		params.plink_state =
4042 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4043 		if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4044 			return -EINVAL;
4045 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4046 	}
4047 
4048 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4049 		enum nl80211_mesh_power_mode pm = nla_get_u32(
4050 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4051 
4052 		if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4053 		    pm > NL80211_MESH_POWER_MAX)
4054 			return -EINVAL;
4055 
4056 		params.local_pm = pm;
4057 	}
4058 
4059 	/* Include parameters for TDLS peer (will check later) */
4060 	err = nl80211_set_station_tdls(info, &params);
4061 	if (err)
4062 		return err;
4063 
4064 	params.vlan = get_vlan(info, rdev);
4065 	if (IS_ERR(params.vlan))
4066 		return PTR_ERR(params.vlan);
4067 
4068 	switch (dev->ieee80211_ptr->iftype) {
4069 	case NL80211_IFTYPE_AP:
4070 	case NL80211_IFTYPE_AP_VLAN:
4071 	case NL80211_IFTYPE_P2P_GO:
4072 	case NL80211_IFTYPE_P2P_CLIENT:
4073 	case NL80211_IFTYPE_STATION:
4074 	case NL80211_IFTYPE_ADHOC:
4075 	case NL80211_IFTYPE_MESH_POINT:
4076 		break;
4077 	default:
4078 		err = -EOPNOTSUPP;
4079 		goto out_put_vlan;
4080 	}
4081 
4082 	/* driver will call cfg80211_check_station_change() */
4083 	err = rdev_change_station(rdev, dev, mac_addr, &params);
4084 
4085  out_put_vlan:
4086 	if (params.vlan)
4087 		dev_put(params.vlan);
4088 
4089 	return err;
4090 }
4091 
4092 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4093 {
4094 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4095 	int err;
4096 	struct net_device *dev = info->user_ptr[1];
4097 	struct station_parameters params;
4098 	u8 *mac_addr = NULL;
4099 
4100 	memset(&params, 0, sizeof(params));
4101 
4102 	if (!rdev->ops->add_station)
4103 		return -EOPNOTSUPP;
4104 
4105 	if (!info->attrs[NL80211_ATTR_MAC])
4106 		return -EINVAL;
4107 
4108 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4109 		return -EINVAL;
4110 
4111 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4112 		return -EINVAL;
4113 
4114 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
4115 	    !info->attrs[NL80211_ATTR_PEER_AID])
4116 		return -EINVAL;
4117 
4118 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4119 	params.supported_rates =
4120 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4121 	params.supported_rates_len =
4122 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4123 	params.listen_interval =
4124 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4125 
4126 	if (info->attrs[NL80211_ATTR_PEER_AID])
4127 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4128 	else
4129 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4130 	if (!params.aid || params.aid > IEEE80211_MAX_AID)
4131 		return -EINVAL;
4132 
4133 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4134 		params.capability =
4135 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4136 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4137 	}
4138 
4139 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4140 		params.ext_capab =
4141 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4142 		params.ext_capab_len =
4143 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4144 	}
4145 
4146 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4147 		params.ht_capa =
4148 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4149 
4150 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4151 		params.vht_capa =
4152 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4153 
4154 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4155 		params.plink_action =
4156 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4157 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4158 			return -EINVAL;
4159 	}
4160 
4161 	err = nl80211_parse_sta_channel_info(info, &params);
4162 	if (err)
4163 		return err;
4164 
4165 	err = nl80211_parse_sta_wme(info, &params);
4166 	if (err)
4167 		return err;
4168 
4169 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4170 		return -EINVAL;
4171 
4172 	/* When you run into this, adjust the code below for the new flag */
4173 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4174 
4175 	switch (dev->ieee80211_ptr->iftype) {
4176 	case NL80211_IFTYPE_AP:
4177 	case NL80211_IFTYPE_AP_VLAN:
4178 	case NL80211_IFTYPE_P2P_GO:
4179 		/* ignore WME attributes if iface/sta is not capable */
4180 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4181 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4182 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4183 
4184 		/* TDLS peers cannot be added */
4185 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4186 		    info->attrs[NL80211_ATTR_PEER_AID])
4187 			return -EINVAL;
4188 		/* but don't bother the driver with it */
4189 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4190 
4191 		/* allow authenticated/associated only if driver handles it */
4192 		if (!(rdev->wiphy.features &
4193 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4194 		    params.sta_flags_mask &
4195 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4196 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4197 			return -EINVAL;
4198 
4199 		/* must be last in here for error handling */
4200 		params.vlan = get_vlan(info, rdev);
4201 		if (IS_ERR(params.vlan))
4202 			return PTR_ERR(params.vlan);
4203 		break;
4204 	case NL80211_IFTYPE_MESH_POINT:
4205 		/* ignore uAPSD data */
4206 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4207 
4208 		/* associated is disallowed */
4209 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4210 			return -EINVAL;
4211 		/* TDLS peers cannot be added */
4212 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4213 		    info->attrs[NL80211_ATTR_PEER_AID])
4214 			return -EINVAL;
4215 		break;
4216 	case NL80211_IFTYPE_STATION:
4217 	case NL80211_IFTYPE_P2P_CLIENT:
4218 		/* ignore uAPSD data */
4219 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4220 
4221 		/* these are disallowed */
4222 		if (params.sta_flags_mask &
4223 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
4224 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4225 			return -EINVAL;
4226 		/* Only TDLS peers can be added */
4227 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4228 			return -EINVAL;
4229 		/* Can only add if TDLS ... */
4230 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4231 			return -EOPNOTSUPP;
4232 		/* ... with external setup is supported */
4233 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4234 			return -EOPNOTSUPP;
4235 		/*
4236 		 * Older wpa_supplicant versions always mark the TDLS peer
4237 		 * as authorized, but it shouldn't yet be.
4238 		 */
4239 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4240 		break;
4241 	default:
4242 		return -EOPNOTSUPP;
4243 	}
4244 
4245 	/* be aware of params.vlan when changing code here */
4246 
4247 	err = rdev_add_station(rdev, dev, mac_addr, &params);
4248 
4249 	if (params.vlan)
4250 		dev_put(params.vlan);
4251 	return err;
4252 }
4253 
4254 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4255 {
4256 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4257 	struct net_device *dev = info->user_ptr[1];
4258 	u8 *mac_addr = NULL;
4259 
4260 	if (info->attrs[NL80211_ATTR_MAC])
4261 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4262 
4263 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4264 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4265 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4266 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4267 		return -EINVAL;
4268 
4269 	if (!rdev->ops->del_station)
4270 		return -EOPNOTSUPP;
4271 
4272 	return rdev_del_station(rdev, dev, mac_addr);
4273 }
4274 
4275 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4276 				int flags, struct net_device *dev,
4277 				u8 *dst, u8 *next_hop,
4278 				struct mpath_info *pinfo)
4279 {
4280 	void *hdr;
4281 	struct nlattr *pinfoattr;
4282 
4283 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
4284 	if (!hdr)
4285 		return -1;
4286 
4287 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4288 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4289 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4290 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4291 		goto nla_put_failure;
4292 
4293 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4294 	if (!pinfoattr)
4295 		goto nla_put_failure;
4296 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4297 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4298 			pinfo->frame_qlen))
4299 		goto nla_put_failure;
4300 	if (((pinfo->filled & MPATH_INFO_SN) &&
4301 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4302 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
4303 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4304 			 pinfo->metric)) ||
4305 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4306 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4307 			 pinfo->exptime)) ||
4308 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
4309 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4310 			pinfo->flags)) ||
4311 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4312 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4313 			 pinfo->discovery_timeout)) ||
4314 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4315 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4316 			pinfo->discovery_retries)))
4317 		goto nla_put_failure;
4318 
4319 	nla_nest_end(msg, pinfoattr);
4320 
4321 	return genlmsg_end(msg, hdr);
4322 
4323  nla_put_failure:
4324 	genlmsg_cancel(msg, hdr);
4325 	return -EMSGSIZE;
4326 }
4327 
4328 static int nl80211_dump_mpath(struct sk_buff *skb,
4329 			      struct netlink_callback *cb)
4330 {
4331 	struct mpath_info pinfo;
4332 	struct cfg80211_registered_device *dev;
4333 	struct wireless_dev *wdev;
4334 	u8 dst[ETH_ALEN];
4335 	u8 next_hop[ETH_ALEN];
4336 	int path_idx = cb->args[2];
4337 	int err;
4338 
4339 	err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
4340 	if (err)
4341 		return err;
4342 
4343 	if (!dev->ops->dump_mpath) {
4344 		err = -EOPNOTSUPP;
4345 		goto out_err;
4346 	}
4347 
4348 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4349 		err = -EOPNOTSUPP;
4350 		goto out_err;
4351 	}
4352 
4353 	while (1) {
4354 		err = rdev_dump_mpath(dev, wdev->netdev, path_idx, dst,
4355 				      next_hop, &pinfo);
4356 		if (err == -ENOENT)
4357 			break;
4358 		if (err)
4359 			goto out_err;
4360 
4361 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4362 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4363 				       wdev->netdev, dst, next_hop,
4364 				       &pinfo) < 0)
4365 			goto out;
4366 
4367 		path_idx++;
4368 	}
4369 
4370 
4371  out:
4372 	cb->args[2] = path_idx;
4373 	err = skb->len;
4374  out_err:
4375 	nl80211_finish_wdev_dump(dev);
4376 	return err;
4377 }
4378 
4379 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4380 {
4381 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4382 	int err;
4383 	struct net_device *dev = info->user_ptr[1];
4384 	struct mpath_info pinfo;
4385 	struct sk_buff *msg;
4386 	u8 *dst = NULL;
4387 	u8 next_hop[ETH_ALEN];
4388 
4389 	memset(&pinfo, 0, sizeof(pinfo));
4390 
4391 	if (!info->attrs[NL80211_ATTR_MAC])
4392 		return -EINVAL;
4393 
4394 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4395 
4396 	if (!rdev->ops->get_mpath)
4397 		return -EOPNOTSUPP;
4398 
4399 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4400 		return -EOPNOTSUPP;
4401 
4402 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4403 	if (err)
4404 		return err;
4405 
4406 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4407 	if (!msg)
4408 		return -ENOMEM;
4409 
4410 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4411 				 dev, dst, next_hop, &pinfo) < 0) {
4412 		nlmsg_free(msg);
4413 		return -ENOBUFS;
4414 	}
4415 
4416 	return genlmsg_reply(msg, info);
4417 }
4418 
4419 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4420 {
4421 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4422 	struct net_device *dev = info->user_ptr[1];
4423 	u8 *dst = NULL;
4424 	u8 *next_hop = NULL;
4425 
4426 	if (!info->attrs[NL80211_ATTR_MAC])
4427 		return -EINVAL;
4428 
4429 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4430 		return -EINVAL;
4431 
4432 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4433 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4434 
4435 	if (!rdev->ops->change_mpath)
4436 		return -EOPNOTSUPP;
4437 
4438 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4439 		return -EOPNOTSUPP;
4440 
4441 	return rdev_change_mpath(rdev, dev, dst, next_hop);
4442 }
4443 
4444 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4445 {
4446 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4447 	struct net_device *dev = info->user_ptr[1];
4448 	u8 *dst = NULL;
4449 	u8 *next_hop = NULL;
4450 
4451 	if (!info->attrs[NL80211_ATTR_MAC])
4452 		return -EINVAL;
4453 
4454 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4455 		return -EINVAL;
4456 
4457 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4458 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4459 
4460 	if (!rdev->ops->add_mpath)
4461 		return -EOPNOTSUPP;
4462 
4463 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4464 		return -EOPNOTSUPP;
4465 
4466 	return rdev_add_mpath(rdev, dev, dst, next_hop);
4467 }
4468 
4469 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4470 {
4471 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4472 	struct net_device *dev = info->user_ptr[1];
4473 	u8 *dst = NULL;
4474 
4475 	if (info->attrs[NL80211_ATTR_MAC])
4476 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4477 
4478 	if (!rdev->ops->del_mpath)
4479 		return -EOPNOTSUPP;
4480 
4481 	return rdev_del_mpath(rdev, dev, dst);
4482 }
4483 
4484 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4485 {
4486 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4487 	struct net_device *dev = info->user_ptr[1];
4488 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4489 	struct bss_parameters params;
4490 	int err;
4491 
4492 	memset(&params, 0, sizeof(params));
4493 	/* default to not changing parameters */
4494 	params.use_cts_prot = -1;
4495 	params.use_short_preamble = -1;
4496 	params.use_short_slot_time = -1;
4497 	params.ap_isolate = -1;
4498 	params.ht_opmode = -1;
4499 	params.p2p_ctwindow = -1;
4500 	params.p2p_opp_ps = -1;
4501 
4502 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4503 		params.use_cts_prot =
4504 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4505 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4506 		params.use_short_preamble =
4507 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4508 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4509 		params.use_short_slot_time =
4510 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4511 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4512 		params.basic_rates =
4513 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4514 		params.basic_rates_len =
4515 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4516 	}
4517 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4518 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4519 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4520 		params.ht_opmode =
4521 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4522 
4523 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4524 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4525 			return -EINVAL;
4526 		params.p2p_ctwindow =
4527 			nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4528 		if (params.p2p_ctwindow < 0)
4529 			return -EINVAL;
4530 		if (params.p2p_ctwindow != 0 &&
4531 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4532 			return -EINVAL;
4533 	}
4534 
4535 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4536 		u8 tmp;
4537 
4538 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4539 			return -EINVAL;
4540 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4541 		if (tmp > 1)
4542 			return -EINVAL;
4543 		params.p2p_opp_ps = tmp;
4544 		if (params.p2p_opp_ps &&
4545 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4546 			return -EINVAL;
4547 	}
4548 
4549 	if (!rdev->ops->change_bss)
4550 		return -EOPNOTSUPP;
4551 
4552 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4553 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4554 		return -EOPNOTSUPP;
4555 
4556 	wdev_lock(wdev);
4557 	err = rdev_change_bss(rdev, dev, &params);
4558 	wdev_unlock(wdev);
4559 
4560 	return err;
4561 }
4562 
4563 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
4564 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
4565 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
4566 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
4567 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
4568 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
4569 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
4570 };
4571 
4572 static int parse_reg_rule(struct nlattr *tb[],
4573 	struct ieee80211_reg_rule *reg_rule)
4574 {
4575 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
4576 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
4577 
4578 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
4579 		return -EINVAL;
4580 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
4581 		return -EINVAL;
4582 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
4583 		return -EINVAL;
4584 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
4585 		return -EINVAL;
4586 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
4587 		return -EINVAL;
4588 
4589 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
4590 
4591 	freq_range->start_freq_khz =
4592 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
4593 	freq_range->end_freq_khz =
4594 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
4595 	freq_range->max_bandwidth_khz =
4596 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
4597 
4598 	power_rule->max_eirp =
4599 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
4600 
4601 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
4602 		power_rule->max_antenna_gain =
4603 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
4604 
4605 	return 0;
4606 }
4607 
4608 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4609 {
4610 	int r;
4611 	char *data = NULL;
4612 	enum nl80211_user_reg_hint_type user_reg_hint_type;
4613 
4614 	/*
4615 	 * You should only get this when cfg80211 hasn't yet initialized
4616 	 * completely when built-in to the kernel right between the time
4617 	 * window between nl80211_init() and regulatory_init(), if that is
4618 	 * even possible.
4619 	 */
4620 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4621 		return -EINPROGRESS;
4622 
4623 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4624 		return -EINVAL;
4625 
4626 	data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4627 
4628 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4629 		user_reg_hint_type =
4630 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4631 	else
4632 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4633 
4634 	switch (user_reg_hint_type) {
4635 	case NL80211_USER_REG_HINT_USER:
4636 	case NL80211_USER_REG_HINT_CELL_BASE:
4637 		break;
4638 	default:
4639 		return -EINVAL;
4640 	}
4641 
4642 	r = regulatory_hint_user(data, user_reg_hint_type);
4643 
4644 	return r;
4645 }
4646 
4647 static int nl80211_get_mesh_config(struct sk_buff *skb,
4648 				   struct genl_info *info)
4649 {
4650 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4651 	struct net_device *dev = info->user_ptr[1];
4652 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4653 	struct mesh_config cur_params;
4654 	int err = 0;
4655 	void *hdr;
4656 	struct nlattr *pinfoattr;
4657 	struct sk_buff *msg;
4658 
4659 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4660 		return -EOPNOTSUPP;
4661 
4662 	if (!rdev->ops->get_mesh_config)
4663 		return -EOPNOTSUPP;
4664 
4665 	wdev_lock(wdev);
4666 	/* If not connected, get default parameters */
4667 	if (!wdev->mesh_id_len)
4668 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
4669 	else
4670 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
4671 	wdev_unlock(wdev);
4672 
4673 	if (err)
4674 		return err;
4675 
4676 	/* Draw up a netlink message to send back */
4677 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4678 	if (!msg)
4679 		return -ENOMEM;
4680 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4681 			     NL80211_CMD_GET_MESH_CONFIG);
4682 	if (!hdr)
4683 		goto out;
4684 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
4685 	if (!pinfoattr)
4686 		goto nla_put_failure;
4687 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4688 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
4689 			cur_params.dot11MeshRetryTimeout) ||
4690 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4691 			cur_params.dot11MeshConfirmTimeout) ||
4692 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
4693 			cur_params.dot11MeshHoldingTimeout) ||
4694 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
4695 			cur_params.dot11MeshMaxPeerLinks) ||
4696 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
4697 		       cur_params.dot11MeshMaxRetries) ||
4698 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
4699 		       cur_params.dot11MeshTTL) ||
4700 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
4701 		       cur_params.element_ttl) ||
4702 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4703 		       cur_params.auto_open_plinks) ||
4704 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4705 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
4706 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4707 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
4708 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
4709 			cur_params.path_refresh_time) ||
4710 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4711 			cur_params.min_discovery_timeout) ||
4712 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4713 			cur_params.dot11MeshHWMPactivePathTimeout) ||
4714 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4715 			cur_params.dot11MeshHWMPpreqMinInterval) ||
4716 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4717 			cur_params.dot11MeshHWMPperrMinInterval) ||
4718 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4719 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
4720 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
4721 		       cur_params.dot11MeshHWMPRootMode) ||
4722 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4723 			cur_params.dot11MeshHWMPRannInterval) ||
4724 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4725 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
4726 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
4727 		       cur_params.dot11MeshForwarding) ||
4728 	    nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
4729 			cur_params.rssi_threshold) ||
4730 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
4731 			cur_params.ht_opmode) ||
4732 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4733 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
4734 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4735 			cur_params.dot11MeshHWMProotInterval) ||
4736 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4737 			cur_params.dot11MeshHWMPconfirmationInterval) ||
4738 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
4739 			cur_params.power_mode) ||
4740 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
4741 			cur_params.dot11MeshAwakeWindowDuration) ||
4742 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
4743 			cur_params.plink_timeout))
4744 		goto nla_put_failure;
4745 	nla_nest_end(msg, pinfoattr);
4746 	genlmsg_end(msg, hdr);
4747 	return genlmsg_reply(msg, info);
4748 
4749  nla_put_failure:
4750 	genlmsg_cancel(msg, hdr);
4751  out:
4752 	nlmsg_free(msg);
4753 	return -ENOBUFS;
4754 }
4755 
4756 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
4757 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
4758 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
4759 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
4760 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
4761 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
4762 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
4763 	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
4764 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
4765 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
4766 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
4767 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
4768 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
4769 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
4770 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
4771 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
4772 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
4773 	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
4774 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
4775 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
4776 	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
4777 	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
4778 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
4779 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
4780 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
4781 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
4782 	[NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
4783 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
4784 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
4785 };
4786 
4787 static const struct nla_policy
4788 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
4789 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
4790 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
4791 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
4792 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
4793 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
4794 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
4795 	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
4796 				    .len = IEEE80211_MAX_DATA_LEN },
4797 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
4798 };
4799 
4800 static int nl80211_parse_mesh_config(struct genl_info *info,
4801 				     struct mesh_config *cfg,
4802 				     u32 *mask_out)
4803 {
4804 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
4805 	u32 mask = 0;
4806 
4807 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
4808 do {									    \
4809 	if (tb[attr]) {							    \
4810 		if (fn(tb[attr]) < min || fn(tb[attr]) > max)		    \
4811 			return -EINVAL;					    \
4812 		cfg->param = fn(tb[attr]);				    \
4813 		mask |= (1 << (attr - 1));				    \
4814 	}								    \
4815 } while (0)
4816 
4817 
4818 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
4819 		return -EINVAL;
4820 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
4821 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
4822 			     nl80211_meshconf_params_policy))
4823 		return -EINVAL;
4824 
4825 	/* This makes sure that there aren't more than 32 mesh config
4826 	 * parameters (otherwise our bitfield scheme would not work.) */
4827 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
4828 
4829 	/* Fill in the params struct */
4830 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
4831 				  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
4832 				  nla_get_u16);
4833 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
4834 				  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4835 				  nla_get_u16);
4836 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
4837 				  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
4838 				  nla_get_u16);
4839 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
4840 				  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
4841 				  nla_get_u16);
4842 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
4843 				  mask, NL80211_MESHCONF_MAX_RETRIES,
4844 				  nla_get_u8);
4845 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
4846 				  mask, NL80211_MESHCONF_TTL, nla_get_u8);
4847 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
4848 				  mask, NL80211_MESHCONF_ELEMENT_TTL,
4849 				  nla_get_u8);
4850 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
4851 				  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4852 				  nla_get_u8);
4853 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
4854 				  1, 255, mask,
4855 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4856 				  nla_get_u32);
4857 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
4858 				  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4859 				  nla_get_u8);
4860 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
4861 				  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
4862 				  nla_get_u32);
4863 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
4864 				  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4865 				  nla_get_u16);
4866 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
4867 				  1, 65535, mask,
4868 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4869 				  nla_get_u32);
4870 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
4871 				  1, 65535, mask,
4872 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4873 				  nla_get_u16);
4874 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
4875 				  1, 65535, mask,
4876 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4877 				  nla_get_u16);
4878 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4879 				  dot11MeshHWMPnetDiameterTraversalTime,
4880 				  1, 65535, mask,
4881 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4882 				  nla_get_u16);
4883 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
4884 				  mask, NL80211_MESHCONF_HWMP_ROOTMODE,
4885 				  nla_get_u8);
4886 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
4887 				  mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4888 				  nla_get_u16);
4889 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4890 				  dot11MeshGateAnnouncementProtocol, 0, 1,
4891 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4892 				  nla_get_u8);
4893 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
4894 				  mask, NL80211_MESHCONF_FORWARDING,
4895 				  nla_get_u8);
4896 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
4897 				  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
4898 				  nla_get_s32);
4899 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
4900 				  mask, NL80211_MESHCONF_HT_OPMODE,
4901 				  nla_get_u16);
4902 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
4903 				  1, 65535, mask,
4904 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4905 				  nla_get_u32);
4906 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
4907 				  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4908 				  nla_get_u16);
4909 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4910 				  dot11MeshHWMPconfirmationInterval,
4911 				  1, 65535, mask,
4912 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4913 				  nla_get_u16);
4914 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
4915 				  NL80211_MESH_POWER_ACTIVE,
4916 				  NL80211_MESH_POWER_MAX,
4917 				  mask, NL80211_MESHCONF_POWER_MODE,
4918 				  nla_get_u32);
4919 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
4920 				  0, 65535, mask,
4921 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
4922 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 1, 0xffffffff,
4923 				  mask, NL80211_MESHCONF_PLINK_TIMEOUT,
4924 				  nla_get_u32);
4925 	if (mask_out)
4926 		*mask_out = mask;
4927 
4928 	return 0;
4929 
4930 #undef FILL_IN_MESH_PARAM_IF_SET
4931 }
4932 
4933 static int nl80211_parse_mesh_setup(struct genl_info *info,
4934 				     struct mesh_setup *setup)
4935 {
4936 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4937 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
4938 
4939 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
4940 		return -EINVAL;
4941 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
4942 			     info->attrs[NL80211_ATTR_MESH_SETUP],
4943 			     nl80211_mesh_setup_params_policy))
4944 		return -EINVAL;
4945 
4946 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
4947 		setup->sync_method =
4948 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
4949 		 IEEE80211_SYNC_METHOD_VENDOR :
4950 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
4951 
4952 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
4953 		setup->path_sel_proto =
4954 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
4955 		 IEEE80211_PATH_PROTOCOL_VENDOR :
4956 		 IEEE80211_PATH_PROTOCOL_HWMP;
4957 
4958 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
4959 		setup->path_metric =
4960 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
4961 		 IEEE80211_PATH_METRIC_VENDOR :
4962 		 IEEE80211_PATH_METRIC_AIRTIME;
4963 
4964 
4965 	if (tb[NL80211_MESH_SETUP_IE]) {
4966 		struct nlattr *ieattr =
4967 			tb[NL80211_MESH_SETUP_IE];
4968 		if (!is_valid_ie_attr(ieattr))
4969 			return -EINVAL;
4970 		setup->ie = nla_data(ieattr);
4971 		setup->ie_len = nla_len(ieattr);
4972 	}
4973 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
4974 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
4975 		return -EINVAL;
4976 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
4977 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
4978 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
4979 	if (setup->is_secure)
4980 		setup->user_mpm = true;
4981 
4982 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
4983 		if (!setup->user_mpm)
4984 			return -EINVAL;
4985 		setup->auth_id =
4986 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
4987 	}
4988 
4989 	return 0;
4990 }
4991 
4992 static int nl80211_update_mesh_config(struct sk_buff *skb,
4993 				      struct genl_info *info)
4994 {
4995 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4996 	struct net_device *dev = info->user_ptr[1];
4997 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4998 	struct mesh_config cfg;
4999 	u32 mask;
5000 	int err;
5001 
5002 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5003 		return -EOPNOTSUPP;
5004 
5005 	if (!rdev->ops->update_mesh_config)
5006 		return -EOPNOTSUPP;
5007 
5008 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
5009 	if (err)
5010 		return err;
5011 
5012 	wdev_lock(wdev);
5013 	if (!wdev->mesh_id_len)
5014 		err = -ENOLINK;
5015 
5016 	if (!err)
5017 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5018 
5019 	wdev_unlock(wdev);
5020 
5021 	return err;
5022 }
5023 
5024 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
5025 {
5026 	const struct ieee80211_regdomain *regdom;
5027 	struct sk_buff *msg;
5028 	void *hdr = NULL;
5029 	struct nlattr *nl_reg_rules;
5030 	unsigned int i;
5031 
5032 	if (!cfg80211_regdomain)
5033 		return -EINVAL;
5034 
5035 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5036 	if (!msg)
5037 		return -ENOBUFS;
5038 
5039 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5040 			     NL80211_CMD_GET_REG);
5041 	if (!hdr)
5042 		goto put_failure;
5043 
5044 	if (reg_last_request_cell_base() &&
5045 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5046 			NL80211_USER_REG_HINT_CELL_BASE))
5047 		goto nla_put_failure;
5048 
5049 	rcu_read_lock();
5050 	regdom = rcu_dereference(cfg80211_regdomain);
5051 
5052 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
5053 	    (regdom->dfs_region &&
5054 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
5055 		goto nla_put_failure_rcu;
5056 
5057 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
5058 	if (!nl_reg_rules)
5059 		goto nla_put_failure_rcu;
5060 
5061 	for (i = 0; i < regdom->n_reg_rules; i++) {
5062 		struct nlattr *nl_reg_rule;
5063 		const struct ieee80211_reg_rule *reg_rule;
5064 		const struct ieee80211_freq_range *freq_range;
5065 		const struct ieee80211_power_rule *power_rule;
5066 
5067 		reg_rule = &regdom->reg_rules[i];
5068 		freq_range = &reg_rule->freq_range;
5069 		power_rule = &reg_rule->power_rule;
5070 
5071 		nl_reg_rule = nla_nest_start(msg, i);
5072 		if (!nl_reg_rule)
5073 			goto nla_put_failure_rcu;
5074 
5075 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
5076 				reg_rule->flags) ||
5077 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
5078 				freq_range->start_freq_khz) ||
5079 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
5080 				freq_range->end_freq_khz) ||
5081 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5082 				freq_range->max_bandwidth_khz) ||
5083 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
5084 				power_rule->max_antenna_gain) ||
5085 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5086 				power_rule->max_eirp))
5087 			goto nla_put_failure_rcu;
5088 
5089 		nla_nest_end(msg, nl_reg_rule);
5090 	}
5091 	rcu_read_unlock();
5092 
5093 	nla_nest_end(msg, nl_reg_rules);
5094 
5095 	genlmsg_end(msg, hdr);
5096 	return genlmsg_reply(msg, info);
5097 
5098 nla_put_failure_rcu:
5099 	rcu_read_unlock();
5100 nla_put_failure:
5101 	genlmsg_cancel(msg, hdr);
5102 put_failure:
5103 	nlmsg_free(msg);
5104 	return -EMSGSIZE;
5105 }
5106 
5107 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5108 {
5109 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5110 	struct nlattr *nl_reg_rule;
5111 	char *alpha2 = NULL;
5112 	int rem_reg_rules = 0, r = 0;
5113 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
5114 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5115 	struct ieee80211_regdomain *rd = NULL;
5116 
5117 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5118 		return -EINVAL;
5119 
5120 	if (!info->attrs[NL80211_ATTR_REG_RULES])
5121 		return -EINVAL;
5122 
5123 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5124 
5125 	if (info->attrs[NL80211_ATTR_DFS_REGION])
5126 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5127 
5128 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5129 			    rem_reg_rules) {
5130 		num_rules++;
5131 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5132 			return -EINVAL;
5133 	}
5134 
5135 	if (!reg_is_valid_request(alpha2))
5136 		return -EINVAL;
5137 
5138 	size_of_regd = sizeof(struct ieee80211_regdomain) +
5139 		       num_rules * sizeof(struct ieee80211_reg_rule);
5140 
5141 	rd = kzalloc(size_of_regd, GFP_KERNEL);
5142 	if (!rd)
5143 		return -ENOMEM;
5144 
5145 	rd->n_reg_rules = num_rules;
5146 	rd->alpha2[0] = alpha2[0];
5147 	rd->alpha2[1] = alpha2[1];
5148 
5149 	/*
5150 	 * Disable DFS master mode if the DFS region was
5151 	 * not supported or known on this kernel.
5152 	 */
5153 	if (reg_supported_dfs_region(dfs_region))
5154 		rd->dfs_region = dfs_region;
5155 
5156 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5157 			    rem_reg_rules) {
5158 		nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5159 			  nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5160 			  reg_rule_policy);
5161 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5162 		if (r)
5163 			goto bad_reg;
5164 
5165 		rule_idx++;
5166 
5167 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5168 			r = -EINVAL;
5169 			goto bad_reg;
5170 		}
5171 	}
5172 
5173 	r = set_regdom(rd);
5174 	/* set_regdom took ownership */
5175 	rd = NULL;
5176 
5177  bad_reg:
5178 	kfree(rd);
5179 	return r;
5180 }
5181 
5182 static int validate_scan_freqs(struct nlattr *freqs)
5183 {
5184 	struct nlattr *attr1, *attr2;
5185 	int n_channels = 0, tmp1, tmp2;
5186 
5187 	nla_for_each_nested(attr1, freqs, tmp1) {
5188 		n_channels++;
5189 		/*
5190 		 * Some hardware has a limited channel list for
5191 		 * scanning, and it is pretty much nonsensical
5192 		 * to scan for a channel twice, so disallow that
5193 		 * and don't require drivers to check that the
5194 		 * channel list they get isn't longer than what
5195 		 * they can scan, as long as they can scan all
5196 		 * the channels they registered at once.
5197 		 */
5198 		nla_for_each_nested(attr2, freqs, tmp2)
5199 			if (attr1 != attr2 &&
5200 			    nla_get_u32(attr1) == nla_get_u32(attr2))
5201 				return 0;
5202 	}
5203 
5204 	return n_channels;
5205 }
5206 
5207 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5208 {
5209 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5210 	struct wireless_dev *wdev = info->user_ptr[1];
5211 	struct cfg80211_scan_request *request;
5212 	struct nlattr *attr;
5213 	struct wiphy *wiphy;
5214 	int err, tmp, n_ssids = 0, n_channels, i;
5215 	size_t ie_len;
5216 
5217 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5218 		return -EINVAL;
5219 
5220 	wiphy = &rdev->wiphy;
5221 
5222 	if (!rdev->ops->scan)
5223 		return -EOPNOTSUPP;
5224 
5225 	if (rdev->scan_req) {
5226 		err = -EBUSY;
5227 		goto unlock;
5228 	}
5229 
5230 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5231 		n_channels = validate_scan_freqs(
5232 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5233 		if (!n_channels) {
5234 			err = -EINVAL;
5235 			goto unlock;
5236 		}
5237 	} else {
5238 		enum ieee80211_band band;
5239 		n_channels = 0;
5240 
5241 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
5242 			if (wiphy->bands[band])
5243 				n_channels += wiphy->bands[band]->n_channels;
5244 	}
5245 
5246 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5247 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5248 			n_ssids++;
5249 
5250 	if (n_ssids > wiphy->max_scan_ssids) {
5251 		err = -EINVAL;
5252 		goto unlock;
5253 	}
5254 
5255 	if (info->attrs[NL80211_ATTR_IE])
5256 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5257 	else
5258 		ie_len = 0;
5259 
5260 	if (ie_len > wiphy->max_scan_ie_len) {
5261 		err = -EINVAL;
5262 		goto unlock;
5263 	}
5264 
5265 	request = kzalloc(sizeof(*request)
5266 			+ sizeof(*request->ssids) * n_ssids
5267 			+ sizeof(*request->channels) * n_channels
5268 			+ ie_len, GFP_KERNEL);
5269 	if (!request) {
5270 		err = -ENOMEM;
5271 		goto unlock;
5272 	}
5273 
5274 	if (n_ssids)
5275 		request->ssids = (void *)&request->channels[n_channels];
5276 	request->n_ssids = n_ssids;
5277 	if (ie_len) {
5278 		if (request->ssids)
5279 			request->ie = (void *)(request->ssids + n_ssids);
5280 		else
5281 			request->ie = (void *)(request->channels + n_channels);
5282 	}
5283 
5284 	i = 0;
5285 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5286 		/* user specified, bail out if channel not found */
5287 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5288 			struct ieee80211_channel *chan;
5289 
5290 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5291 
5292 			if (!chan) {
5293 				err = -EINVAL;
5294 				goto out_free;
5295 			}
5296 
5297 			/* ignore disabled channels */
5298 			if (chan->flags & IEEE80211_CHAN_DISABLED)
5299 				continue;
5300 
5301 			request->channels[i] = chan;
5302 			i++;
5303 		}
5304 	} else {
5305 		enum ieee80211_band band;
5306 
5307 		/* all channels */
5308 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5309 			int j;
5310 			if (!wiphy->bands[band])
5311 				continue;
5312 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5313 				struct ieee80211_channel *chan;
5314 
5315 				chan = &wiphy->bands[band]->channels[j];
5316 
5317 				if (chan->flags & IEEE80211_CHAN_DISABLED)
5318 					continue;
5319 
5320 				request->channels[i] = chan;
5321 				i++;
5322 			}
5323 		}
5324 	}
5325 
5326 	if (!i) {
5327 		err = -EINVAL;
5328 		goto out_free;
5329 	}
5330 
5331 	request->n_channels = i;
5332 
5333 	i = 0;
5334 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5335 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5336 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5337 				err = -EINVAL;
5338 				goto out_free;
5339 			}
5340 			request->ssids[i].ssid_len = nla_len(attr);
5341 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5342 			i++;
5343 		}
5344 	}
5345 
5346 	if (info->attrs[NL80211_ATTR_IE]) {
5347 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5348 		memcpy((void *)request->ie,
5349 		       nla_data(info->attrs[NL80211_ATTR_IE]),
5350 		       request->ie_len);
5351 	}
5352 
5353 	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5354 		if (wiphy->bands[i])
5355 			request->rates[i] =
5356 				(1 << wiphy->bands[i]->n_bitrates) - 1;
5357 
5358 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5359 		nla_for_each_nested(attr,
5360 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5361 				    tmp) {
5362 			enum ieee80211_band band = nla_type(attr);
5363 
5364 			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5365 				err = -EINVAL;
5366 				goto out_free;
5367 			}
5368 
5369 			if (!wiphy->bands[band])
5370 				continue;
5371 
5372 			err = ieee80211_get_ratemask(wiphy->bands[band],
5373 						     nla_data(attr),
5374 						     nla_len(attr),
5375 						     &request->rates[band]);
5376 			if (err)
5377 				goto out_free;
5378 		}
5379 	}
5380 
5381 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5382 		request->flags = nla_get_u32(
5383 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5384 		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5385 		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5386 			err = -EOPNOTSUPP;
5387 			goto out_free;
5388 		}
5389 	}
5390 
5391 	request->no_cck =
5392 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5393 
5394 	request->wdev = wdev;
5395 	request->wiphy = &rdev->wiphy;
5396 	request->scan_start = jiffies;
5397 
5398 	rdev->scan_req = request;
5399 	err = rdev_scan(rdev, request);
5400 
5401 	if (!err) {
5402 		nl80211_send_scan_start(rdev, wdev);
5403 		if (wdev->netdev)
5404 			dev_hold(wdev->netdev);
5405 	} else {
5406  out_free:
5407 		rdev->scan_req = NULL;
5408 		kfree(request);
5409 	}
5410 
5411  unlock:
5412 	return err;
5413 }
5414 
5415 static int nl80211_start_sched_scan(struct sk_buff *skb,
5416 				    struct genl_info *info)
5417 {
5418 	struct cfg80211_sched_scan_request *request;
5419 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5420 	struct net_device *dev = info->user_ptr[1];
5421 	struct nlattr *attr;
5422 	struct wiphy *wiphy;
5423 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
5424 	u32 interval;
5425 	enum ieee80211_band band;
5426 	size_t ie_len;
5427 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
5428 
5429 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5430 	    !rdev->ops->sched_scan_start)
5431 		return -EOPNOTSUPP;
5432 
5433 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5434 		return -EINVAL;
5435 
5436 	if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
5437 		return -EINVAL;
5438 
5439 	interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
5440 	if (interval == 0)
5441 		return -EINVAL;
5442 
5443 	wiphy = &rdev->wiphy;
5444 
5445 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5446 		n_channels = validate_scan_freqs(
5447 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5448 		if (!n_channels)
5449 			return -EINVAL;
5450 	} else {
5451 		n_channels = 0;
5452 
5453 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
5454 			if (wiphy->bands[band])
5455 				n_channels += wiphy->bands[band]->n_channels;
5456 	}
5457 
5458 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5459 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5460 				    tmp)
5461 			n_ssids++;
5462 
5463 	if (n_ssids > wiphy->max_sched_scan_ssids)
5464 		return -EINVAL;
5465 
5466 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
5467 		nla_for_each_nested(attr,
5468 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5469 				    tmp)
5470 			n_match_sets++;
5471 
5472 	if (n_match_sets > wiphy->max_match_sets)
5473 		return -EINVAL;
5474 
5475 	if (info->attrs[NL80211_ATTR_IE])
5476 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5477 	else
5478 		ie_len = 0;
5479 
5480 	if (ie_len > wiphy->max_sched_scan_ie_len)
5481 		return -EINVAL;
5482 
5483 	if (rdev->sched_scan_req) {
5484 		err = -EINPROGRESS;
5485 		goto out;
5486 	}
5487 
5488 	request = kzalloc(sizeof(*request)
5489 			+ sizeof(*request->ssids) * n_ssids
5490 			+ sizeof(*request->match_sets) * n_match_sets
5491 			+ sizeof(*request->channels) * n_channels
5492 			+ ie_len, GFP_KERNEL);
5493 	if (!request) {
5494 		err = -ENOMEM;
5495 		goto out;
5496 	}
5497 
5498 	if (n_ssids)
5499 		request->ssids = (void *)&request->channels[n_channels];
5500 	request->n_ssids = n_ssids;
5501 	if (ie_len) {
5502 		if (request->ssids)
5503 			request->ie = (void *)(request->ssids + n_ssids);
5504 		else
5505 			request->ie = (void *)(request->channels + n_channels);
5506 	}
5507 
5508 	if (n_match_sets) {
5509 		if (request->ie)
5510 			request->match_sets = (void *)(request->ie + ie_len);
5511 		else if (request->ssids)
5512 			request->match_sets =
5513 				(void *)(request->ssids + n_ssids);
5514 		else
5515 			request->match_sets =
5516 				(void *)(request->channels + n_channels);
5517 	}
5518 	request->n_match_sets = n_match_sets;
5519 
5520 	i = 0;
5521 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5522 		/* user specified, bail out if channel not found */
5523 		nla_for_each_nested(attr,
5524 				    info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
5525 				    tmp) {
5526 			struct ieee80211_channel *chan;
5527 
5528 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5529 
5530 			if (!chan) {
5531 				err = -EINVAL;
5532 				goto out_free;
5533 			}
5534 
5535 			/* ignore disabled channels */
5536 			if (chan->flags & IEEE80211_CHAN_DISABLED)
5537 				continue;
5538 
5539 			request->channels[i] = chan;
5540 			i++;
5541 		}
5542 	} else {
5543 		/* all channels */
5544 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5545 			int j;
5546 			if (!wiphy->bands[band])
5547 				continue;
5548 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5549 				struct ieee80211_channel *chan;
5550 
5551 				chan = &wiphy->bands[band]->channels[j];
5552 
5553 				if (chan->flags & IEEE80211_CHAN_DISABLED)
5554 					continue;
5555 
5556 				request->channels[i] = chan;
5557 				i++;
5558 			}
5559 		}
5560 	}
5561 
5562 	if (!i) {
5563 		err = -EINVAL;
5564 		goto out_free;
5565 	}
5566 
5567 	request->n_channels = i;
5568 
5569 	i = 0;
5570 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5571 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5572 				    tmp) {
5573 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5574 				err = -EINVAL;
5575 				goto out_free;
5576 			}
5577 			request->ssids[i].ssid_len = nla_len(attr);
5578 			memcpy(request->ssids[i].ssid, nla_data(attr),
5579 			       nla_len(attr));
5580 			i++;
5581 		}
5582 	}
5583 
5584 	i = 0;
5585 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5586 		nla_for_each_nested(attr,
5587 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5588 				    tmp) {
5589 			struct nlattr *ssid, *rssi;
5590 
5591 			nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5592 				  nla_data(attr), nla_len(attr),
5593 				  nl80211_match_policy);
5594 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
5595 			if (ssid) {
5596 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
5597 					err = -EINVAL;
5598 					goto out_free;
5599 				}
5600 				memcpy(request->match_sets[i].ssid.ssid,
5601 				       nla_data(ssid), nla_len(ssid));
5602 				request->match_sets[i].ssid.ssid_len =
5603 					nla_len(ssid);
5604 			}
5605 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5606 			if (rssi)
5607 				request->rssi_thold = nla_get_u32(rssi);
5608 			else
5609 				request->rssi_thold =
5610 						   NL80211_SCAN_RSSI_THOLD_OFF;
5611 			i++;
5612 		}
5613 	}
5614 
5615 	if (info->attrs[NL80211_ATTR_IE]) {
5616 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5617 		memcpy((void *)request->ie,
5618 		       nla_data(info->attrs[NL80211_ATTR_IE]),
5619 		       request->ie_len);
5620 	}
5621 
5622 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5623 		request->flags = nla_get_u32(
5624 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5625 		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5626 		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5627 			err = -EOPNOTSUPP;
5628 			goto out_free;
5629 		}
5630 	}
5631 
5632 	request->dev = dev;
5633 	request->wiphy = &rdev->wiphy;
5634 	request->interval = interval;
5635 	request->scan_start = jiffies;
5636 
5637 	err = rdev_sched_scan_start(rdev, dev, request);
5638 	if (!err) {
5639 		rdev->sched_scan_req = request;
5640 		nl80211_send_sched_scan(rdev, dev,
5641 					NL80211_CMD_START_SCHED_SCAN);
5642 		goto out;
5643 	}
5644 
5645 out_free:
5646 	kfree(request);
5647 out:
5648 	return err;
5649 }
5650 
5651 static int nl80211_stop_sched_scan(struct sk_buff *skb,
5652 				   struct genl_info *info)
5653 {
5654 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5655 
5656 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5657 	    !rdev->ops->sched_scan_stop)
5658 		return -EOPNOTSUPP;
5659 
5660 	return __cfg80211_stop_sched_scan(rdev, false);
5661 }
5662 
5663 static int nl80211_start_radar_detection(struct sk_buff *skb,
5664 					 struct genl_info *info)
5665 {
5666 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5667 	struct net_device *dev = info->user_ptr[1];
5668 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5669 	struct cfg80211_chan_def chandef;
5670 	int err;
5671 
5672 	err = nl80211_parse_chandef(rdev, info, &chandef);
5673 	if (err)
5674 		return err;
5675 
5676 	if (netif_carrier_ok(dev))
5677 		return -EBUSY;
5678 
5679 	if (wdev->cac_started)
5680 		return -EBUSY;
5681 
5682 	err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef);
5683 	if (err < 0)
5684 		return err;
5685 
5686 	if (err == 0)
5687 		return -EINVAL;
5688 
5689 	if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
5690 		return -EINVAL;
5691 
5692 	if (!rdev->ops->start_radar_detection)
5693 		return -EOPNOTSUPP;
5694 
5695 	err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
5696 					   chandef.chan, CHAN_MODE_SHARED,
5697 					   BIT(chandef.width));
5698 	if (err)
5699 		return err;
5700 
5701 	err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef);
5702 	if (!err) {
5703 		wdev->channel = chandef.chan;
5704 		wdev->cac_started = true;
5705 		wdev->cac_start_time = jiffies;
5706 	}
5707 	return err;
5708 }
5709 
5710 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
5711 {
5712 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5713 	struct net_device *dev = info->user_ptr[1];
5714 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5715 	struct cfg80211_csa_settings params;
5716 	/* csa_attrs is defined static to avoid waste of stack size - this
5717 	 * function is called under RTNL lock, so this should not be a problem.
5718 	 */
5719 	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
5720 	u8 radar_detect_width = 0;
5721 	int err;
5722 	bool need_new_beacon = false;
5723 
5724 	if (!rdev->ops->channel_switch ||
5725 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
5726 		return -EOPNOTSUPP;
5727 
5728 	switch (dev->ieee80211_ptr->iftype) {
5729 	case NL80211_IFTYPE_AP:
5730 	case NL80211_IFTYPE_P2P_GO:
5731 		need_new_beacon = true;
5732 
5733 		/* useless if AP is not running */
5734 		if (!wdev->beacon_interval)
5735 			return -EINVAL;
5736 		break;
5737 	case NL80211_IFTYPE_ADHOC:
5738 	case NL80211_IFTYPE_MESH_POINT:
5739 		break;
5740 	default:
5741 		return -EOPNOTSUPP;
5742 	}
5743 
5744 	memset(&params, 0, sizeof(params));
5745 
5746 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
5747 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
5748 		return -EINVAL;
5749 
5750 	/* only important for AP, IBSS and mesh create IEs internally */
5751 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
5752 		return -EINVAL;
5753 
5754 	params.count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
5755 
5756 	if (!need_new_beacon)
5757 		goto skip_beacons;
5758 
5759 	err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
5760 	if (err)
5761 		return err;
5762 
5763 	err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
5764 			       info->attrs[NL80211_ATTR_CSA_IES],
5765 			       nl80211_policy);
5766 	if (err)
5767 		return err;
5768 
5769 	err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
5770 	if (err)
5771 		return err;
5772 
5773 	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
5774 		return -EINVAL;
5775 
5776 	params.counter_offset_beacon =
5777 		nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
5778 	if (params.counter_offset_beacon >= params.beacon_csa.tail_len)
5779 		return -EINVAL;
5780 
5781 	/* sanity check - counters should be the same */
5782 	if (params.beacon_csa.tail[params.counter_offset_beacon] !=
5783 	    params.count)
5784 		return -EINVAL;
5785 
5786 	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
5787 		params.counter_offset_presp =
5788 			nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
5789 		if (params.counter_offset_presp >=
5790 		    params.beacon_csa.probe_resp_len)
5791 			return -EINVAL;
5792 
5793 		if (params.beacon_csa.probe_resp[params.counter_offset_presp] !=
5794 		    params.count)
5795 			return -EINVAL;
5796 	}
5797 
5798 skip_beacons:
5799 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
5800 	if (err)
5801 		return err;
5802 
5803 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef))
5804 		return -EINVAL;
5805 
5806 	if (dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
5807 	    dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO ||
5808 	    dev->ieee80211_ptr->iftype == NL80211_IFTYPE_ADHOC) {
5809 		err = cfg80211_chandef_dfs_required(wdev->wiphy,
5810 						    &params.chandef);
5811 		if (err < 0) {
5812 			return err;
5813 		} else if (err) {
5814 			radar_detect_width = BIT(params.chandef.width);
5815 			params.radar_required = true;
5816 		}
5817 	}
5818 
5819 	err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
5820 					   params.chandef.chan,
5821 					   CHAN_MODE_SHARED,
5822 					   radar_detect_width);
5823 	if (err)
5824 		return err;
5825 
5826 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
5827 		params.block_tx = true;
5828 
5829 	wdev_lock(wdev);
5830 	err = rdev_channel_switch(rdev, dev, &params);
5831 	wdev_unlock(wdev);
5832 
5833 	return err;
5834 }
5835 
5836 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
5837 			    u32 seq, int flags,
5838 			    struct cfg80211_registered_device *rdev,
5839 			    struct wireless_dev *wdev,
5840 			    struct cfg80211_internal_bss *intbss)
5841 {
5842 	struct cfg80211_bss *res = &intbss->pub;
5843 	const struct cfg80211_bss_ies *ies;
5844 	void *hdr;
5845 	struct nlattr *bss;
5846 	bool tsf = false;
5847 
5848 	ASSERT_WDEV_LOCK(wdev);
5849 
5850 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5851 			     NL80211_CMD_NEW_SCAN_RESULTS);
5852 	if (!hdr)
5853 		return -1;
5854 
5855 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5856 
5857 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
5858 		goto nla_put_failure;
5859 	if (wdev->netdev &&
5860 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
5861 		goto nla_put_failure;
5862 	if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
5863 		goto nla_put_failure;
5864 
5865 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
5866 	if (!bss)
5867 		goto nla_put_failure;
5868 	if ((!is_zero_ether_addr(res->bssid) &&
5869 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
5870 		goto nla_put_failure;
5871 
5872 	rcu_read_lock();
5873 	ies = rcu_dereference(res->ies);
5874 	if (ies) {
5875 		if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
5876 			goto fail_unlock_rcu;
5877 		tsf = true;
5878 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
5879 					ies->len, ies->data))
5880 			goto fail_unlock_rcu;
5881 	}
5882 	ies = rcu_dereference(res->beacon_ies);
5883 	if (ies) {
5884 		if (!tsf && nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
5885 			goto fail_unlock_rcu;
5886 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
5887 					ies->len, ies->data))
5888 			goto fail_unlock_rcu;
5889 	}
5890 	rcu_read_unlock();
5891 
5892 	if (res->beacon_interval &&
5893 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
5894 		goto nla_put_failure;
5895 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
5896 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
5897 	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
5898 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
5899 			jiffies_to_msecs(jiffies - intbss->ts)))
5900 		goto nla_put_failure;
5901 
5902 	switch (rdev->wiphy.signal_type) {
5903 	case CFG80211_SIGNAL_TYPE_MBM:
5904 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
5905 			goto nla_put_failure;
5906 		break;
5907 	case CFG80211_SIGNAL_TYPE_UNSPEC:
5908 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
5909 			goto nla_put_failure;
5910 		break;
5911 	default:
5912 		break;
5913 	}
5914 
5915 	switch (wdev->iftype) {
5916 	case NL80211_IFTYPE_P2P_CLIENT:
5917 	case NL80211_IFTYPE_STATION:
5918 		if (intbss == wdev->current_bss &&
5919 		    nla_put_u32(msg, NL80211_BSS_STATUS,
5920 				NL80211_BSS_STATUS_ASSOCIATED))
5921 			goto nla_put_failure;
5922 		break;
5923 	case NL80211_IFTYPE_ADHOC:
5924 		if (intbss == wdev->current_bss &&
5925 		    nla_put_u32(msg, NL80211_BSS_STATUS,
5926 				NL80211_BSS_STATUS_IBSS_JOINED))
5927 			goto nla_put_failure;
5928 		break;
5929 	default:
5930 		break;
5931 	}
5932 
5933 	nla_nest_end(msg, bss);
5934 
5935 	return genlmsg_end(msg, hdr);
5936 
5937  fail_unlock_rcu:
5938 	rcu_read_unlock();
5939  nla_put_failure:
5940 	genlmsg_cancel(msg, hdr);
5941 	return -EMSGSIZE;
5942 }
5943 
5944 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
5945 {
5946 	struct cfg80211_registered_device *rdev;
5947 	struct cfg80211_internal_bss *scan;
5948 	struct wireless_dev *wdev;
5949 	int start = cb->args[2], idx = 0;
5950 	int err;
5951 
5952 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5953 	if (err)
5954 		return err;
5955 
5956 	wdev_lock(wdev);
5957 	spin_lock_bh(&rdev->bss_lock);
5958 	cfg80211_bss_expire(rdev);
5959 
5960 	cb->seq = rdev->bss_generation;
5961 
5962 	list_for_each_entry(scan, &rdev->bss_list, list) {
5963 		if (++idx <= start)
5964 			continue;
5965 		if (nl80211_send_bss(skb, cb,
5966 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
5967 				rdev, wdev, scan) < 0) {
5968 			idx--;
5969 			break;
5970 		}
5971 	}
5972 
5973 	spin_unlock_bh(&rdev->bss_lock);
5974 	wdev_unlock(wdev);
5975 
5976 	cb->args[2] = idx;
5977 	nl80211_finish_wdev_dump(rdev);
5978 
5979 	return skb->len;
5980 }
5981 
5982 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
5983 				int flags, struct net_device *dev,
5984 				struct survey_info *survey)
5985 {
5986 	void *hdr;
5987 	struct nlattr *infoattr;
5988 
5989 	hdr = nl80211hdr_put(msg, portid, seq, flags,
5990 			     NL80211_CMD_NEW_SURVEY_RESULTS);
5991 	if (!hdr)
5992 		return -ENOMEM;
5993 
5994 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
5995 		goto nla_put_failure;
5996 
5997 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
5998 	if (!infoattr)
5999 		goto nla_put_failure;
6000 
6001 	if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
6002 			survey->channel->center_freq))
6003 		goto nla_put_failure;
6004 
6005 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
6006 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
6007 		goto nla_put_failure;
6008 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
6009 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
6010 		goto nla_put_failure;
6011 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
6012 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
6013 			survey->channel_time))
6014 		goto nla_put_failure;
6015 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
6016 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
6017 			survey->channel_time_busy))
6018 		goto nla_put_failure;
6019 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
6020 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
6021 			survey->channel_time_ext_busy))
6022 		goto nla_put_failure;
6023 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
6024 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
6025 			survey->channel_time_rx))
6026 		goto nla_put_failure;
6027 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
6028 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
6029 			survey->channel_time_tx))
6030 		goto nla_put_failure;
6031 
6032 	nla_nest_end(msg, infoattr);
6033 
6034 	return genlmsg_end(msg, hdr);
6035 
6036  nla_put_failure:
6037 	genlmsg_cancel(msg, hdr);
6038 	return -EMSGSIZE;
6039 }
6040 
6041 static int nl80211_dump_survey(struct sk_buff *skb,
6042 			struct netlink_callback *cb)
6043 {
6044 	struct survey_info survey;
6045 	struct cfg80211_registered_device *dev;
6046 	struct wireless_dev *wdev;
6047 	int survey_idx = cb->args[2];
6048 	int res;
6049 
6050 	res = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
6051 	if (res)
6052 		return res;
6053 
6054 	if (!wdev->netdev) {
6055 		res = -EINVAL;
6056 		goto out_err;
6057 	}
6058 
6059 	if (!dev->ops->dump_survey) {
6060 		res = -EOPNOTSUPP;
6061 		goto out_err;
6062 	}
6063 
6064 	while (1) {
6065 		struct ieee80211_channel *chan;
6066 
6067 		res = rdev_dump_survey(dev, wdev->netdev, survey_idx, &survey);
6068 		if (res == -ENOENT)
6069 			break;
6070 		if (res)
6071 			goto out_err;
6072 
6073 		/* Survey without a channel doesn't make sense */
6074 		if (!survey.channel) {
6075 			res = -EINVAL;
6076 			goto out;
6077 		}
6078 
6079 		chan = ieee80211_get_channel(&dev->wiphy,
6080 					     survey.channel->center_freq);
6081 		if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
6082 			survey_idx++;
6083 			continue;
6084 		}
6085 
6086 		if (nl80211_send_survey(skb,
6087 				NETLINK_CB(cb->skb).portid,
6088 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6089 				wdev->netdev, &survey) < 0)
6090 			goto out;
6091 		survey_idx++;
6092 	}
6093 
6094  out:
6095 	cb->args[2] = survey_idx;
6096 	res = skb->len;
6097  out_err:
6098 	nl80211_finish_wdev_dump(dev);
6099 	return res;
6100 }
6101 
6102 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
6103 {
6104 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
6105 				  NL80211_WPA_VERSION_2));
6106 }
6107 
6108 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
6109 {
6110 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6111 	struct net_device *dev = info->user_ptr[1];
6112 	struct ieee80211_channel *chan;
6113 	const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
6114 	int err, ssid_len, ie_len = 0, sae_data_len = 0;
6115 	enum nl80211_auth_type auth_type;
6116 	struct key_parse key;
6117 	bool local_state_change;
6118 
6119 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6120 		return -EINVAL;
6121 
6122 	if (!info->attrs[NL80211_ATTR_MAC])
6123 		return -EINVAL;
6124 
6125 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
6126 		return -EINVAL;
6127 
6128 	if (!info->attrs[NL80211_ATTR_SSID])
6129 		return -EINVAL;
6130 
6131 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
6132 		return -EINVAL;
6133 
6134 	err = nl80211_parse_key(info, &key);
6135 	if (err)
6136 		return err;
6137 
6138 	if (key.idx >= 0) {
6139 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
6140 			return -EINVAL;
6141 		if (!key.p.key || !key.p.key_len)
6142 			return -EINVAL;
6143 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
6144 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
6145 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
6146 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
6147 			return -EINVAL;
6148 		if (key.idx > 4)
6149 			return -EINVAL;
6150 	} else {
6151 		key.p.key_len = 0;
6152 		key.p.key = NULL;
6153 	}
6154 
6155 	if (key.idx >= 0) {
6156 		int i;
6157 		bool ok = false;
6158 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
6159 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
6160 				ok = true;
6161 				break;
6162 			}
6163 		}
6164 		if (!ok)
6165 			return -EINVAL;
6166 	}
6167 
6168 	if (!rdev->ops->auth)
6169 		return -EOPNOTSUPP;
6170 
6171 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6172 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6173 		return -EOPNOTSUPP;
6174 
6175 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6176 	chan = ieee80211_get_channel(&rdev->wiphy,
6177 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
6178 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
6179 		return -EINVAL;
6180 
6181 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6182 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6183 
6184 	if (info->attrs[NL80211_ATTR_IE]) {
6185 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6186 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6187 	}
6188 
6189 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6190 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
6191 		return -EINVAL;
6192 
6193 	if (auth_type == NL80211_AUTHTYPE_SAE &&
6194 	    !info->attrs[NL80211_ATTR_SAE_DATA])
6195 		return -EINVAL;
6196 
6197 	if (info->attrs[NL80211_ATTR_SAE_DATA]) {
6198 		if (auth_type != NL80211_AUTHTYPE_SAE)
6199 			return -EINVAL;
6200 		sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
6201 		sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
6202 		/* need to include at least Auth Transaction and Status Code */
6203 		if (sae_data_len < 4)
6204 			return -EINVAL;
6205 	}
6206 
6207 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6208 
6209 	/*
6210 	 * Since we no longer track auth state, ignore
6211 	 * requests to only change local state.
6212 	 */
6213 	if (local_state_change)
6214 		return 0;
6215 
6216 	wdev_lock(dev->ieee80211_ptr);
6217 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
6218 				 ssid, ssid_len, ie, ie_len,
6219 				 key.p.key, key.p.key_len, key.idx,
6220 				 sae_data, sae_data_len);
6221 	wdev_unlock(dev->ieee80211_ptr);
6222 	return err;
6223 }
6224 
6225 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
6226 				   struct genl_info *info,
6227 				   struct cfg80211_crypto_settings *settings,
6228 				   int cipher_limit)
6229 {
6230 	memset(settings, 0, sizeof(*settings));
6231 
6232 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
6233 
6234 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
6235 		u16 proto;
6236 		proto = nla_get_u16(
6237 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
6238 		settings->control_port_ethertype = cpu_to_be16(proto);
6239 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
6240 		    proto != ETH_P_PAE)
6241 			return -EINVAL;
6242 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
6243 			settings->control_port_no_encrypt = true;
6244 	} else
6245 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
6246 
6247 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
6248 		void *data;
6249 		int len, i;
6250 
6251 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6252 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6253 		settings->n_ciphers_pairwise = len / sizeof(u32);
6254 
6255 		if (len % sizeof(u32))
6256 			return -EINVAL;
6257 
6258 		if (settings->n_ciphers_pairwise > cipher_limit)
6259 			return -EINVAL;
6260 
6261 		memcpy(settings->ciphers_pairwise, data, len);
6262 
6263 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
6264 			if (!cfg80211_supported_cipher_suite(
6265 					&rdev->wiphy,
6266 					settings->ciphers_pairwise[i]))
6267 				return -EINVAL;
6268 	}
6269 
6270 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
6271 		settings->cipher_group =
6272 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
6273 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
6274 						     settings->cipher_group))
6275 			return -EINVAL;
6276 	}
6277 
6278 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
6279 		settings->wpa_versions =
6280 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
6281 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
6282 			return -EINVAL;
6283 	}
6284 
6285 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
6286 		void *data;
6287 		int len;
6288 
6289 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
6290 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
6291 		settings->n_akm_suites = len / sizeof(u32);
6292 
6293 		if (len % sizeof(u32))
6294 			return -EINVAL;
6295 
6296 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
6297 			return -EINVAL;
6298 
6299 		memcpy(settings->akm_suites, data, len);
6300 	}
6301 
6302 	return 0;
6303 }
6304 
6305 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
6306 {
6307 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6308 	struct net_device *dev = info->user_ptr[1];
6309 	struct ieee80211_channel *chan;
6310 	struct cfg80211_assoc_request req = {};
6311 	const u8 *bssid, *ssid;
6312 	int err, ssid_len = 0;
6313 
6314 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6315 		return -EINVAL;
6316 
6317 	if (!info->attrs[NL80211_ATTR_MAC] ||
6318 	    !info->attrs[NL80211_ATTR_SSID] ||
6319 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
6320 		return -EINVAL;
6321 
6322 	if (!rdev->ops->assoc)
6323 		return -EOPNOTSUPP;
6324 
6325 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6326 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6327 		return -EOPNOTSUPP;
6328 
6329 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6330 
6331 	chan = ieee80211_get_channel(&rdev->wiphy,
6332 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
6333 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
6334 		return -EINVAL;
6335 
6336 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6337 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6338 
6339 	if (info->attrs[NL80211_ATTR_IE]) {
6340 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6341 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6342 	}
6343 
6344 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
6345 		enum nl80211_mfp mfp =
6346 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6347 		if (mfp == NL80211_MFP_REQUIRED)
6348 			req.use_mfp = true;
6349 		else if (mfp != NL80211_MFP_NO)
6350 			return -EINVAL;
6351 	}
6352 
6353 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
6354 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
6355 
6356 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6357 		req.flags |= ASSOC_REQ_DISABLE_HT;
6358 
6359 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6360 		memcpy(&req.ht_capa_mask,
6361 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6362 		       sizeof(req.ht_capa_mask));
6363 
6364 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6365 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6366 			return -EINVAL;
6367 		memcpy(&req.ht_capa,
6368 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6369 		       sizeof(req.ht_capa));
6370 	}
6371 
6372 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
6373 		req.flags |= ASSOC_REQ_DISABLE_VHT;
6374 
6375 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6376 		memcpy(&req.vht_capa_mask,
6377 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
6378 		       sizeof(req.vht_capa_mask));
6379 
6380 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
6381 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6382 			return -EINVAL;
6383 		memcpy(&req.vht_capa,
6384 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
6385 		       sizeof(req.vht_capa));
6386 	}
6387 
6388 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
6389 	if (!err) {
6390 		wdev_lock(dev->ieee80211_ptr);
6391 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
6392 					  ssid, ssid_len, &req);
6393 		wdev_unlock(dev->ieee80211_ptr);
6394 	}
6395 
6396 	return err;
6397 }
6398 
6399 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
6400 {
6401 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6402 	struct net_device *dev = info->user_ptr[1];
6403 	const u8 *ie = NULL, *bssid;
6404 	int ie_len = 0, err;
6405 	u16 reason_code;
6406 	bool local_state_change;
6407 
6408 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6409 		return -EINVAL;
6410 
6411 	if (!info->attrs[NL80211_ATTR_MAC])
6412 		return -EINVAL;
6413 
6414 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
6415 		return -EINVAL;
6416 
6417 	if (!rdev->ops->deauth)
6418 		return -EOPNOTSUPP;
6419 
6420 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6421 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6422 		return -EOPNOTSUPP;
6423 
6424 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6425 
6426 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6427 	if (reason_code == 0) {
6428 		/* Reason Code 0 is reserved */
6429 		return -EINVAL;
6430 	}
6431 
6432 	if (info->attrs[NL80211_ATTR_IE]) {
6433 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6434 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6435 	}
6436 
6437 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6438 
6439 	wdev_lock(dev->ieee80211_ptr);
6440 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
6441 				   local_state_change);
6442 	wdev_unlock(dev->ieee80211_ptr);
6443 	return err;
6444 }
6445 
6446 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
6447 {
6448 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6449 	struct net_device *dev = info->user_ptr[1];
6450 	const u8 *ie = NULL, *bssid;
6451 	int ie_len = 0, err;
6452 	u16 reason_code;
6453 	bool local_state_change;
6454 
6455 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6456 		return -EINVAL;
6457 
6458 	if (!info->attrs[NL80211_ATTR_MAC])
6459 		return -EINVAL;
6460 
6461 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
6462 		return -EINVAL;
6463 
6464 	if (!rdev->ops->disassoc)
6465 		return -EOPNOTSUPP;
6466 
6467 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6468 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6469 		return -EOPNOTSUPP;
6470 
6471 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6472 
6473 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6474 	if (reason_code == 0) {
6475 		/* Reason Code 0 is reserved */
6476 		return -EINVAL;
6477 	}
6478 
6479 	if (info->attrs[NL80211_ATTR_IE]) {
6480 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6481 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6482 	}
6483 
6484 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6485 
6486 	wdev_lock(dev->ieee80211_ptr);
6487 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
6488 				     local_state_change);
6489 	wdev_unlock(dev->ieee80211_ptr);
6490 	return err;
6491 }
6492 
6493 static bool
6494 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
6495 			 int mcast_rate[IEEE80211_NUM_BANDS],
6496 			 int rateval)
6497 {
6498 	struct wiphy *wiphy = &rdev->wiphy;
6499 	bool found = false;
6500 	int band, i;
6501 
6502 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6503 		struct ieee80211_supported_band *sband;
6504 
6505 		sband = wiphy->bands[band];
6506 		if (!sband)
6507 			continue;
6508 
6509 		for (i = 0; i < sband->n_bitrates; i++) {
6510 			if (sband->bitrates[i].bitrate == rateval) {
6511 				mcast_rate[band] = i + 1;
6512 				found = true;
6513 				break;
6514 			}
6515 		}
6516 	}
6517 
6518 	return found;
6519 }
6520 
6521 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
6522 {
6523 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6524 	struct net_device *dev = info->user_ptr[1];
6525 	struct cfg80211_ibss_params ibss;
6526 	struct wiphy *wiphy;
6527 	struct cfg80211_cached_keys *connkeys = NULL;
6528 	int err;
6529 
6530 	memset(&ibss, 0, sizeof(ibss));
6531 
6532 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6533 		return -EINVAL;
6534 
6535 	if (!info->attrs[NL80211_ATTR_SSID] ||
6536 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
6537 		return -EINVAL;
6538 
6539 	ibss.beacon_interval = 100;
6540 
6541 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
6542 		ibss.beacon_interval =
6543 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6544 		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
6545 			return -EINVAL;
6546 	}
6547 
6548 	if (!rdev->ops->join_ibss)
6549 		return -EOPNOTSUPP;
6550 
6551 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6552 		return -EOPNOTSUPP;
6553 
6554 	wiphy = &rdev->wiphy;
6555 
6556 	if (info->attrs[NL80211_ATTR_MAC]) {
6557 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6558 
6559 		if (!is_valid_ether_addr(ibss.bssid))
6560 			return -EINVAL;
6561 	}
6562 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6563 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6564 
6565 	if (info->attrs[NL80211_ATTR_IE]) {
6566 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6567 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6568 	}
6569 
6570 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
6571 	if (err)
6572 		return err;
6573 
6574 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef))
6575 		return -EINVAL;
6576 
6577 	switch (ibss.chandef.width) {
6578 	case NL80211_CHAN_WIDTH_5:
6579 	case NL80211_CHAN_WIDTH_10:
6580 	case NL80211_CHAN_WIDTH_20_NOHT:
6581 		break;
6582 	case NL80211_CHAN_WIDTH_20:
6583 	case NL80211_CHAN_WIDTH_40:
6584 		if (rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)
6585 			break;
6586 	default:
6587 		return -EINVAL;
6588 	}
6589 
6590 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
6591 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6592 
6593 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6594 		u8 *rates =
6595 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6596 		int n_rates =
6597 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6598 		struct ieee80211_supported_band *sband =
6599 			wiphy->bands[ibss.chandef.chan->band];
6600 
6601 		err = ieee80211_get_ratemask(sband, rates, n_rates,
6602 					     &ibss.basic_rates);
6603 		if (err)
6604 			return err;
6605 	}
6606 
6607 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6608 		memcpy(&ibss.ht_capa_mask,
6609 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6610 		       sizeof(ibss.ht_capa_mask));
6611 
6612 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6613 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6614 			return -EINVAL;
6615 		memcpy(&ibss.ht_capa,
6616 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6617 		       sizeof(ibss.ht_capa));
6618 	}
6619 
6620 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
6621 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
6622 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
6623 		return -EINVAL;
6624 
6625 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
6626 		bool no_ht = false;
6627 
6628 		connkeys = nl80211_parse_connkeys(rdev,
6629 					  info->attrs[NL80211_ATTR_KEYS],
6630 					  &no_ht);
6631 		if (IS_ERR(connkeys))
6632 			return PTR_ERR(connkeys);
6633 
6634 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
6635 		    no_ht) {
6636 			kfree(connkeys);
6637 			return -EINVAL;
6638 		}
6639 	}
6640 
6641 	ibss.control_port =
6642 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
6643 
6644 	ibss.userspace_handles_dfs =
6645 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
6646 
6647 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
6648 	if (err)
6649 		kfree(connkeys);
6650 	return err;
6651 }
6652 
6653 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
6654 {
6655 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6656 	struct net_device *dev = info->user_ptr[1];
6657 
6658 	if (!rdev->ops->leave_ibss)
6659 		return -EOPNOTSUPP;
6660 
6661 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6662 		return -EOPNOTSUPP;
6663 
6664 	return cfg80211_leave_ibss(rdev, dev, false);
6665 }
6666 
6667 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
6668 {
6669 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6670 	struct net_device *dev = info->user_ptr[1];
6671 	int mcast_rate[IEEE80211_NUM_BANDS];
6672 	u32 nla_rate;
6673 	int err;
6674 
6675 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
6676 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6677 		return -EOPNOTSUPP;
6678 
6679 	if (!rdev->ops->set_mcast_rate)
6680 		return -EOPNOTSUPP;
6681 
6682 	memset(mcast_rate, 0, sizeof(mcast_rate));
6683 
6684 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
6685 		return -EINVAL;
6686 
6687 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
6688 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
6689 		return -EINVAL;
6690 
6691 	err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
6692 
6693 	return err;
6694 }
6695 
6696 
6697 #ifdef CONFIG_NL80211_TESTMODE
6698 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
6699 {
6700 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6701 	struct wireless_dev *wdev =
6702 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
6703 	int err;
6704 
6705 	if (!rdev->ops->testmode_cmd)
6706 		return -EOPNOTSUPP;
6707 
6708 	if (IS_ERR(wdev)) {
6709 		err = PTR_ERR(wdev);
6710 		if (err != -EINVAL)
6711 			return err;
6712 		wdev = NULL;
6713 	} else if (wdev->wiphy != &rdev->wiphy) {
6714 		return -EINVAL;
6715 	}
6716 
6717 	if (!info->attrs[NL80211_ATTR_TESTDATA])
6718 		return -EINVAL;
6719 
6720 	rdev->testmode_info = info;
6721 	err = rdev_testmode_cmd(rdev, wdev,
6722 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
6723 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
6724 	rdev->testmode_info = NULL;
6725 
6726 	return err;
6727 }
6728 
6729 static int nl80211_testmode_dump(struct sk_buff *skb,
6730 				 struct netlink_callback *cb)
6731 {
6732 	struct cfg80211_registered_device *rdev;
6733 	int err;
6734 	long phy_idx;
6735 	void *data = NULL;
6736 	int data_len = 0;
6737 
6738 	rtnl_lock();
6739 
6740 	if (cb->args[0]) {
6741 		/*
6742 		 * 0 is a valid index, but not valid for args[0],
6743 		 * so we need to offset by 1.
6744 		 */
6745 		phy_idx = cb->args[0] - 1;
6746 	} else {
6747 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
6748 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
6749 				  nl80211_policy);
6750 		if (err)
6751 			goto out_err;
6752 
6753 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
6754 						  nl80211_fam.attrbuf);
6755 		if (IS_ERR(rdev)) {
6756 			err = PTR_ERR(rdev);
6757 			goto out_err;
6758 		}
6759 		phy_idx = rdev->wiphy_idx;
6760 		rdev = NULL;
6761 
6762 		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
6763 			cb->args[1] =
6764 				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
6765 	}
6766 
6767 	if (cb->args[1]) {
6768 		data = nla_data((void *)cb->args[1]);
6769 		data_len = nla_len((void *)cb->args[1]);
6770 	}
6771 
6772 	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
6773 	if (!rdev) {
6774 		err = -ENOENT;
6775 		goto out_err;
6776 	}
6777 
6778 	if (!rdev->ops->testmode_dump) {
6779 		err = -EOPNOTSUPP;
6780 		goto out_err;
6781 	}
6782 
6783 	while (1) {
6784 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
6785 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
6786 					   NL80211_CMD_TESTMODE);
6787 		struct nlattr *tmdata;
6788 
6789 		if (!hdr)
6790 			break;
6791 
6792 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
6793 			genlmsg_cancel(skb, hdr);
6794 			break;
6795 		}
6796 
6797 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
6798 		if (!tmdata) {
6799 			genlmsg_cancel(skb, hdr);
6800 			break;
6801 		}
6802 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
6803 		nla_nest_end(skb, tmdata);
6804 
6805 		if (err == -ENOBUFS || err == -ENOENT) {
6806 			genlmsg_cancel(skb, hdr);
6807 			break;
6808 		} else if (err) {
6809 			genlmsg_cancel(skb, hdr);
6810 			goto out_err;
6811 		}
6812 
6813 		genlmsg_end(skb, hdr);
6814 	}
6815 
6816 	err = skb->len;
6817 	/* see above */
6818 	cb->args[0] = phy_idx + 1;
6819  out_err:
6820 	rtnl_unlock();
6821 	return err;
6822 }
6823 
6824 static struct sk_buff *
6825 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
6826 			      int approxlen, u32 portid, u32 seq, gfp_t gfp)
6827 {
6828 	struct sk_buff *skb;
6829 	void *hdr;
6830 	struct nlattr *data;
6831 
6832 	skb = nlmsg_new(approxlen + 100, gfp);
6833 	if (!skb)
6834 		return NULL;
6835 
6836 	hdr = nl80211hdr_put(skb, portid, seq, 0, NL80211_CMD_TESTMODE);
6837 	if (!hdr) {
6838 		kfree_skb(skb);
6839 		return NULL;
6840 	}
6841 
6842 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
6843 		goto nla_put_failure;
6844 	data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
6845 
6846 	((void **)skb->cb)[0] = rdev;
6847 	((void **)skb->cb)[1] = hdr;
6848 	((void **)skb->cb)[2] = data;
6849 
6850 	return skb;
6851 
6852  nla_put_failure:
6853 	kfree_skb(skb);
6854 	return NULL;
6855 }
6856 
6857 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
6858 						  int approxlen)
6859 {
6860 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
6861 
6862 	if (WARN_ON(!rdev->testmode_info))
6863 		return NULL;
6864 
6865 	return __cfg80211_testmode_alloc_skb(rdev, approxlen,
6866 				rdev->testmode_info->snd_portid,
6867 				rdev->testmode_info->snd_seq,
6868 				GFP_KERNEL);
6869 }
6870 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
6871 
6872 int cfg80211_testmode_reply(struct sk_buff *skb)
6873 {
6874 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
6875 	void *hdr = ((void **)skb->cb)[1];
6876 	struct nlattr *data = ((void **)skb->cb)[2];
6877 
6878 	if (WARN_ON(!rdev->testmode_info)) {
6879 		kfree_skb(skb);
6880 		return -EINVAL;
6881 	}
6882 
6883 	nla_nest_end(skb, data);
6884 	genlmsg_end(skb, hdr);
6885 	return genlmsg_reply(skb, rdev->testmode_info);
6886 }
6887 EXPORT_SYMBOL(cfg80211_testmode_reply);
6888 
6889 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
6890 						  int approxlen, gfp_t gfp)
6891 {
6892 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
6893 
6894 	return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
6895 }
6896 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
6897 
6898 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
6899 {
6900 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
6901 	void *hdr = ((void **)skb->cb)[1];
6902 	struct nlattr *data = ((void **)skb->cb)[2];
6903 
6904 	nla_nest_end(skb, data);
6905 	genlmsg_end(skb, hdr);
6906 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
6907 				NL80211_MCGRP_TESTMODE, gfp);
6908 }
6909 EXPORT_SYMBOL(cfg80211_testmode_event);
6910 #endif
6911 
6912 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
6913 {
6914 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6915 	struct net_device *dev = info->user_ptr[1];
6916 	struct cfg80211_connect_params connect;
6917 	struct wiphy *wiphy;
6918 	struct cfg80211_cached_keys *connkeys = NULL;
6919 	int err;
6920 
6921 	memset(&connect, 0, sizeof(connect));
6922 
6923 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6924 		return -EINVAL;
6925 
6926 	if (!info->attrs[NL80211_ATTR_SSID] ||
6927 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
6928 		return -EINVAL;
6929 
6930 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
6931 		connect.auth_type =
6932 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6933 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
6934 					     NL80211_CMD_CONNECT))
6935 			return -EINVAL;
6936 	} else
6937 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
6938 
6939 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
6940 
6941 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
6942 				      NL80211_MAX_NR_CIPHER_SUITES);
6943 	if (err)
6944 		return err;
6945 
6946 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6947 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6948 		return -EOPNOTSUPP;
6949 
6950 	wiphy = &rdev->wiphy;
6951 
6952 	connect.bg_scan_period = -1;
6953 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
6954 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
6955 		connect.bg_scan_period =
6956 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
6957 	}
6958 
6959 	if (info->attrs[NL80211_ATTR_MAC])
6960 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6961 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6962 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6963 
6964 	if (info->attrs[NL80211_ATTR_IE]) {
6965 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6966 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6967 	}
6968 
6969 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
6970 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6971 		if (connect.mfp != NL80211_MFP_REQUIRED &&
6972 		    connect.mfp != NL80211_MFP_NO)
6973 			return -EINVAL;
6974 	} else {
6975 		connect.mfp = NL80211_MFP_NO;
6976 	}
6977 
6978 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
6979 		connect.channel =
6980 			ieee80211_get_channel(wiphy,
6981 			    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
6982 		if (!connect.channel ||
6983 		    connect.channel->flags & IEEE80211_CHAN_DISABLED)
6984 			return -EINVAL;
6985 	}
6986 
6987 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
6988 		connkeys = nl80211_parse_connkeys(rdev,
6989 					  info->attrs[NL80211_ATTR_KEYS], NULL);
6990 		if (IS_ERR(connkeys))
6991 			return PTR_ERR(connkeys);
6992 	}
6993 
6994 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6995 		connect.flags |= ASSOC_REQ_DISABLE_HT;
6996 
6997 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6998 		memcpy(&connect.ht_capa_mask,
6999 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7000 		       sizeof(connect.ht_capa_mask));
7001 
7002 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7003 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
7004 			kfree(connkeys);
7005 			return -EINVAL;
7006 		}
7007 		memcpy(&connect.ht_capa,
7008 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7009 		       sizeof(connect.ht_capa));
7010 	}
7011 
7012 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7013 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
7014 
7015 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7016 		memcpy(&connect.vht_capa_mask,
7017 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7018 		       sizeof(connect.vht_capa_mask));
7019 
7020 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7021 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
7022 			kfree(connkeys);
7023 			return -EINVAL;
7024 		}
7025 		memcpy(&connect.vht_capa,
7026 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7027 		       sizeof(connect.vht_capa));
7028 	}
7029 
7030 	wdev_lock(dev->ieee80211_ptr);
7031 	err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
7032 	wdev_unlock(dev->ieee80211_ptr);
7033 	if (err)
7034 		kfree(connkeys);
7035 	return err;
7036 }
7037 
7038 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
7039 {
7040 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7041 	struct net_device *dev = info->user_ptr[1];
7042 	u16 reason;
7043 	int ret;
7044 
7045 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7046 		reason = WLAN_REASON_DEAUTH_LEAVING;
7047 	else
7048 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7049 
7050 	if (reason == 0)
7051 		return -EINVAL;
7052 
7053 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7054 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7055 		return -EOPNOTSUPP;
7056 
7057 	wdev_lock(dev->ieee80211_ptr);
7058 	ret = cfg80211_disconnect(rdev, dev, reason, true);
7059 	wdev_unlock(dev->ieee80211_ptr);
7060 	return ret;
7061 }
7062 
7063 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
7064 {
7065 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7066 	struct net *net;
7067 	int err;
7068 	u32 pid;
7069 
7070 	if (!info->attrs[NL80211_ATTR_PID])
7071 		return -EINVAL;
7072 
7073 	pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
7074 
7075 	net = get_net_ns_by_pid(pid);
7076 	if (IS_ERR(net))
7077 		return PTR_ERR(net);
7078 
7079 	err = 0;
7080 
7081 	/* check if anything to do */
7082 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
7083 		err = cfg80211_switch_netns(rdev, net);
7084 
7085 	put_net(net);
7086 	return err;
7087 }
7088 
7089 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
7090 {
7091 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7092 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
7093 			struct cfg80211_pmksa *pmksa) = NULL;
7094 	struct net_device *dev = info->user_ptr[1];
7095 	struct cfg80211_pmksa pmksa;
7096 
7097 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
7098 
7099 	if (!info->attrs[NL80211_ATTR_MAC])
7100 		return -EINVAL;
7101 
7102 	if (!info->attrs[NL80211_ATTR_PMKID])
7103 		return -EINVAL;
7104 
7105 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
7106 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7107 
7108 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7109 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7110 		return -EOPNOTSUPP;
7111 
7112 	switch (info->genlhdr->cmd) {
7113 	case NL80211_CMD_SET_PMKSA:
7114 		rdev_ops = rdev->ops->set_pmksa;
7115 		break;
7116 	case NL80211_CMD_DEL_PMKSA:
7117 		rdev_ops = rdev->ops->del_pmksa;
7118 		break;
7119 	default:
7120 		WARN_ON(1);
7121 		break;
7122 	}
7123 
7124 	if (!rdev_ops)
7125 		return -EOPNOTSUPP;
7126 
7127 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
7128 }
7129 
7130 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
7131 {
7132 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7133 	struct net_device *dev = info->user_ptr[1];
7134 
7135 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7136 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7137 		return -EOPNOTSUPP;
7138 
7139 	if (!rdev->ops->flush_pmksa)
7140 		return -EOPNOTSUPP;
7141 
7142 	return rdev_flush_pmksa(rdev, dev);
7143 }
7144 
7145 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
7146 {
7147 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7148 	struct net_device *dev = info->user_ptr[1];
7149 	u8 action_code, dialog_token;
7150 	u16 status_code;
7151 	u8 *peer;
7152 
7153 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7154 	    !rdev->ops->tdls_mgmt)
7155 		return -EOPNOTSUPP;
7156 
7157 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
7158 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
7159 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
7160 	    !info->attrs[NL80211_ATTR_IE] ||
7161 	    !info->attrs[NL80211_ATTR_MAC])
7162 		return -EINVAL;
7163 
7164 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7165 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
7166 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
7167 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
7168 
7169 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
7170 			      dialog_token, status_code,
7171 			      nla_data(info->attrs[NL80211_ATTR_IE]),
7172 			      nla_len(info->attrs[NL80211_ATTR_IE]));
7173 }
7174 
7175 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
7176 {
7177 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7178 	struct net_device *dev = info->user_ptr[1];
7179 	enum nl80211_tdls_operation operation;
7180 	u8 *peer;
7181 
7182 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7183 	    !rdev->ops->tdls_oper)
7184 		return -EOPNOTSUPP;
7185 
7186 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
7187 	    !info->attrs[NL80211_ATTR_MAC])
7188 		return -EINVAL;
7189 
7190 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
7191 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7192 
7193 	return rdev_tdls_oper(rdev, dev, peer, operation);
7194 }
7195 
7196 static int nl80211_remain_on_channel(struct sk_buff *skb,
7197 				     struct genl_info *info)
7198 {
7199 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7200 	struct wireless_dev *wdev = info->user_ptr[1];
7201 	struct cfg80211_chan_def chandef;
7202 	struct sk_buff *msg;
7203 	void *hdr;
7204 	u64 cookie;
7205 	u32 duration;
7206 	int err;
7207 
7208 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7209 	    !info->attrs[NL80211_ATTR_DURATION])
7210 		return -EINVAL;
7211 
7212 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7213 
7214 	if (!rdev->ops->remain_on_channel ||
7215 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
7216 		return -EOPNOTSUPP;
7217 
7218 	/*
7219 	 * We should be on that channel for at least a minimum amount of
7220 	 * time (10ms) but no longer than the driver supports.
7221 	 */
7222 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7223 	    duration > rdev->wiphy.max_remain_on_channel_duration)
7224 		return -EINVAL;
7225 
7226 	err = nl80211_parse_chandef(rdev, info, &chandef);
7227 	if (err)
7228 		return err;
7229 
7230 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7231 	if (!msg)
7232 		return -ENOMEM;
7233 
7234 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7235 			     NL80211_CMD_REMAIN_ON_CHANNEL);
7236 	if (!hdr) {
7237 		err = -ENOBUFS;
7238 		goto free_msg;
7239 	}
7240 
7241 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
7242 				     duration, &cookie);
7243 
7244 	if (err)
7245 		goto free_msg;
7246 
7247 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7248 		goto nla_put_failure;
7249 
7250 	genlmsg_end(msg, hdr);
7251 
7252 	return genlmsg_reply(msg, info);
7253 
7254  nla_put_failure:
7255 	err = -ENOBUFS;
7256  free_msg:
7257 	nlmsg_free(msg);
7258 	return err;
7259 }
7260 
7261 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
7262 					    struct genl_info *info)
7263 {
7264 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7265 	struct wireless_dev *wdev = info->user_ptr[1];
7266 	u64 cookie;
7267 
7268 	if (!info->attrs[NL80211_ATTR_COOKIE])
7269 		return -EINVAL;
7270 
7271 	if (!rdev->ops->cancel_remain_on_channel)
7272 		return -EOPNOTSUPP;
7273 
7274 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7275 
7276 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
7277 }
7278 
7279 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
7280 			   u8 *rates, u8 rates_len)
7281 {
7282 	u8 i;
7283 	u32 mask = 0;
7284 
7285 	for (i = 0; i < rates_len; i++) {
7286 		int rate = (rates[i] & 0x7f) * 5;
7287 		int ridx;
7288 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
7289 			struct ieee80211_rate *srate =
7290 				&sband->bitrates[ridx];
7291 			if (rate == srate->bitrate) {
7292 				mask |= 1 << ridx;
7293 				break;
7294 			}
7295 		}
7296 		if (ridx == sband->n_bitrates)
7297 			return 0; /* rate not found */
7298 	}
7299 
7300 	return mask;
7301 }
7302 
7303 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
7304 			       u8 *rates, u8 rates_len,
7305 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
7306 {
7307 	u8 i;
7308 
7309 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
7310 
7311 	for (i = 0; i < rates_len; i++) {
7312 		int ridx, rbit;
7313 
7314 		ridx = rates[i] / 8;
7315 		rbit = BIT(rates[i] % 8);
7316 
7317 		/* check validity */
7318 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
7319 			return false;
7320 
7321 		/* check availability */
7322 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
7323 			mcs[ridx] |= rbit;
7324 		else
7325 			return false;
7326 	}
7327 
7328 	return true;
7329 }
7330 
7331 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
7332 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
7333 				    .len = NL80211_MAX_SUPP_RATES },
7334 	[NL80211_TXRATE_MCS] = { .type = NLA_BINARY,
7335 				 .len = NL80211_MAX_SUPP_HT_RATES },
7336 };
7337 
7338 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
7339 				       struct genl_info *info)
7340 {
7341 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
7342 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7343 	struct cfg80211_bitrate_mask mask;
7344 	int rem, i;
7345 	struct net_device *dev = info->user_ptr[1];
7346 	struct nlattr *tx_rates;
7347 	struct ieee80211_supported_band *sband;
7348 
7349 	if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
7350 		return -EINVAL;
7351 
7352 	if (!rdev->ops->set_bitrate_mask)
7353 		return -EOPNOTSUPP;
7354 
7355 	memset(&mask, 0, sizeof(mask));
7356 	/* Default to all rates enabled */
7357 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
7358 		sband = rdev->wiphy.bands[i];
7359 		mask.control[i].legacy =
7360 			sband ? (1 << sband->n_bitrates) - 1 : 0;
7361 		if (sband)
7362 			memcpy(mask.control[i].mcs,
7363 			       sband->ht_cap.mcs.rx_mask,
7364 			       sizeof(mask.control[i].mcs));
7365 		else
7366 			memset(mask.control[i].mcs, 0,
7367 			       sizeof(mask.control[i].mcs));
7368 	}
7369 
7370 	/*
7371 	 * The nested attribute uses enum nl80211_band as the index. This maps
7372 	 * directly to the enum ieee80211_band values used in cfg80211.
7373 	 */
7374 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
7375 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
7376 	{
7377 		enum ieee80211_band band = nla_type(tx_rates);
7378 		if (band < 0 || band >= IEEE80211_NUM_BANDS)
7379 			return -EINVAL;
7380 		sband = rdev->wiphy.bands[band];
7381 		if (sband == NULL)
7382 			return -EINVAL;
7383 		nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
7384 			  nla_len(tx_rates), nl80211_txattr_policy);
7385 		if (tb[NL80211_TXRATE_LEGACY]) {
7386 			mask.control[band].legacy = rateset_to_mask(
7387 				sband,
7388 				nla_data(tb[NL80211_TXRATE_LEGACY]),
7389 				nla_len(tb[NL80211_TXRATE_LEGACY]));
7390 			if ((mask.control[band].legacy == 0) &&
7391 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
7392 				return -EINVAL;
7393 		}
7394 		if (tb[NL80211_TXRATE_MCS]) {
7395 			if (!ht_rateset_to_mask(
7396 					sband,
7397 					nla_data(tb[NL80211_TXRATE_MCS]),
7398 					nla_len(tb[NL80211_TXRATE_MCS]),
7399 					mask.control[band].mcs))
7400 				return -EINVAL;
7401 		}
7402 
7403 		if (mask.control[band].legacy == 0) {
7404 			/* don't allow empty legacy rates if HT
7405 			 * is not even supported. */
7406 			if (!rdev->wiphy.bands[band]->ht_cap.ht_supported)
7407 				return -EINVAL;
7408 
7409 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
7410 				if (mask.control[band].mcs[i])
7411 					break;
7412 
7413 			/* legacy and mcs rates may not be both empty */
7414 			if (i == IEEE80211_HT_MCS_MASK_LEN)
7415 				return -EINVAL;
7416 		}
7417 	}
7418 
7419 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
7420 }
7421 
7422 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
7423 {
7424 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7425 	struct wireless_dev *wdev = info->user_ptr[1];
7426 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
7427 
7428 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
7429 		return -EINVAL;
7430 
7431 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
7432 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
7433 
7434 	switch (wdev->iftype) {
7435 	case NL80211_IFTYPE_STATION:
7436 	case NL80211_IFTYPE_ADHOC:
7437 	case NL80211_IFTYPE_P2P_CLIENT:
7438 	case NL80211_IFTYPE_AP:
7439 	case NL80211_IFTYPE_AP_VLAN:
7440 	case NL80211_IFTYPE_MESH_POINT:
7441 	case NL80211_IFTYPE_P2P_GO:
7442 	case NL80211_IFTYPE_P2P_DEVICE:
7443 		break;
7444 	default:
7445 		return -EOPNOTSUPP;
7446 	}
7447 
7448 	/* not much point in registering if we can't reply */
7449 	if (!rdev->ops->mgmt_tx)
7450 		return -EOPNOTSUPP;
7451 
7452 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
7453 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
7454 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
7455 }
7456 
7457 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
7458 {
7459 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7460 	struct wireless_dev *wdev = info->user_ptr[1];
7461 	struct cfg80211_chan_def chandef;
7462 	int err;
7463 	void *hdr = NULL;
7464 	u64 cookie;
7465 	struct sk_buff *msg = NULL;
7466 	struct cfg80211_mgmt_tx_params params = {
7467 		.dont_wait_for_ack =
7468 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
7469 	};
7470 
7471 	if (!info->attrs[NL80211_ATTR_FRAME])
7472 		return -EINVAL;
7473 
7474 	if (!rdev->ops->mgmt_tx)
7475 		return -EOPNOTSUPP;
7476 
7477 	switch (wdev->iftype) {
7478 	case NL80211_IFTYPE_P2P_DEVICE:
7479 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
7480 			return -EINVAL;
7481 	case NL80211_IFTYPE_STATION:
7482 	case NL80211_IFTYPE_ADHOC:
7483 	case NL80211_IFTYPE_P2P_CLIENT:
7484 	case NL80211_IFTYPE_AP:
7485 	case NL80211_IFTYPE_AP_VLAN:
7486 	case NL80211_IFTYPE_MESH_POINT:
7487 	case NL80211_IFTYPE_P2P_GO:
7488 		break;
7489 	default:
7490 		return -EOPNOTSUPP;
7491 	}
7492 
7493 	if (info->attrs[NL80211_ATTR_DURATION]) {
7494 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7495 			return -EINVAL;
7496 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7497 
7498 		/*
7499 		 * We should wait on the channel for at least a minimum amount
7500 		 * of time (10ms) but no longer than the driver supports.
7501 		 */
7502 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7503 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
7504 			return -EINVAL;
7505 
7506 	}
7507 
7508 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
7509 
7510 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7511 		return -EINVAL;
7512 
7513 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7514 
7515 	/* get the channel if any has been specified, otherwise pass NULL to
7516 	 * the driver. The latter will use the current one
7517 	 */
7518 	chandef.chan = NULL;
7519 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7520 		err = nl80211_parse_chandef(rdev, info, &chandef);
7521 		if (err)
7522 			return err;
7523 	}
7524 
7525 	if (!chandef.chan && params.offchan)
7526 		return -EINVAL;
7527 
7528 	if (!params.dont_wait_for_ack) {
7529 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7530 		if (!msg)
7531 			return -ENOMEM;
7532 
7533 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7534 				     NL80211_CMD_FRAME);
7535 		if (!hdr) {
7536 			err = -ENOBUFS;
7537 			goto free_msg;
7538 		}
7539 	}
7540 
7541 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
7542 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
7543 	params.chan = chandef.chan;
7544 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
7545 	if (err)
7546 		goto free_msg;
7547 
7548 	if (msg) {
7549 		if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7550 			goto nla_put_failure;
7551 
7552 		genlmsg_end(msg, hdr);
7553 		return genlmsg_reply(msg, info);
7554 	}
7555 
7556 	return 0;
7557 
7558  nla_put_failure:
7559 	err = -ENOBUFS;
7560  free_msg:
7561 	nlmsg_free(msg);
7562 	return err;
7563 }
7564 
7565 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
7566 {
7567 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7568 	struct wireless_dev *wdev = info->user_ptr[1];
7569 	u64 cookie;
7570 
7571 	if (!info->attrs[NL80211_ATTR_COOKIE])
7572 		return -EINVAL;
7573 
7574 	if (!rdev->ops->mgmt_tx_cancel_wait)
7575 		return -EOPNOTSUPP;
7576 
7577 	switch (wdev->iftype) {
7578 	case NL80211_IFTYPE_STATION:
7579 	case NL80211_IFTYPE_ADHOC:
7580 	case NL80211_IFTYPE_P2P_CLIENT:
7581 	case NL80211_IFTYPE_AP:
7582 	case NL80211_IFTYPE_AP_VLAN:
7583 	case NL80211_IFTYPE_P2P_GO:
7584 	case NL80211_IFTYPE_P2P_DEVICE:
7585 		break;
7586 	default:
7587 		return -EOPNOTSUPP;
7588 	}
7589 
7590 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7591 
7592 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
7593 }
7594 
7595 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
7596 {
7597 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7598 	struct wireless_dev *wdev;
7599 	struct net_device *dev = info->user_ptr[1];
7600 	u8 ps_state;
7601 	bool state;
7602 	int err;
7603 
7604 	if (!info->attrs[NL80211_ATTR_PS_STATE])
7605 		return -EINVAL;
7606 
7607 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
7608 
7609 	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
7610 		return -EINVAL;
7611 
7612 	wdev = dev->ieee80211_ptr;
7613 
7614 	if (!rdev->ops->set_power_mgmt)
7615 		return -EOPNOTSUPP;
7616 
7617 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
7618 
7619 	if (state == wdev->ps)
7620 		return 0;
7621 
7622 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
7623 	if (!err)
7624 		wdev->ps = state;
7625 	return err;
7626 }
7627 
7628 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
7629 {
7630 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7631 	enum nl80211_ps_state ps_state;
7632 	struct wireless_dev *wdev;
7633 	struct net_device *dev = info->user_ptr[1];
7634 	struct sk_buff *msg;
7635 	void *hdr;
7636 	int err;
7637 
7638 	wdev = dev->ieee80211_ptr;
7639 
7640 	if (!rdev->ops->set_power_mgmt)
7641 		return -EOPNOTSUPP;
7642 
7643 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7644 	if (!msg)
7645 		return -ENOMEM;
7646 
7647 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7648 			     NL80211_CMD_GET_POWER_SAVE);
7649 	if (!hdr) {
7650 		err = -ENOBUFS;
7651 		goto free_msg;
7652 	}
7653 
7654 	if (wdev->ps)
7655 		ps_state = NL80211_PS_ENABLED;
7656 	else
7657 		ps_state = NL80211_PS_DISABLED;
7658 
7659 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
7660 		goto nla_put_failure;
7661 
7662 	genlmsg_end(msg, hdr);
7663 	return genlmsg_reply(msg, info);
7664 
7665  nla_put_failure:
7666 	err = -ENOBUFS;
7667  free_msg:
7668 	nlmsg_free(msg);
7669 	return err;
7670 }
7671 
7672 static struct nla_policy
7673 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
7674 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
7675 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
7676 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
7677 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
7678 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
7679 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
7680 };
7681 
7682 static int nl80211_set_cqm_txe(struct genl_info *info,
7683 			       u32 rate, u32 pkts, u32 intvl)
7684 {
7685 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7686 	struct net_device *dev = info->user_ptr[1];
7687 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7688 
7689 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
7690 		return -EINVAL;
7691 
7692 	if (!rdev->ops->set_cqm_txe_config)
7693 		return -EOPNOTSUPP;
7694 
7695 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
7696 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
7697 		return -EOPNOTSUPP;
7698 
7699 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
7700 }
7701 
7702 static int nl80211_set_cqm_rssi(struct genl_info *info,
7703 				s32 threshold, u32 hysteresis)
7704 {
7705 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7706 	struct net_device *dev = info->user_ptr[1];
7707 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7708 
7709 	if (threshold > 0)
7710 		return -EINVAL;
7711 
7712 	/* disabling - hysteresis should also be zero then */
7713 	if (threshold == 0)
7714 		hysteresis = 0;
7715 
7716 	if (!rdev->ops->set_cqm_rssi_config)
7717 		return -EOPNOTSUPP;
7718 
7719 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
7720 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
7721 		return -EOPNOTSUPP;
7722 
7723 	return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
7724 }
7725 
7726 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
7727 {
7728 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
7729 	struct nlattr *cqm;
7730 	int err;
7731 
7732 	cqm = info->attrs[NL80211_ATTR_CQM];
7733 	if (!cqm)
7734 		return -EINVAL;
7735 
7736 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
7737 			       nl80211_attr_cqm_policy);
7738 	if (err)
7739 		return err;
7740 
7741 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
7742 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
7743 		s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
7744 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
7745 
7746 		return nl80211_set_cqm_rssi(info, threshold, hysteresis);
7747 	}
7748 
7749 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
7750 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
7751 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
7752 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
7753 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
7754 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
7755 
7756 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
7757 	}
7758 
7759 	return -EINVAL;
7760 }
7761 
7762 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
7763 {
7764 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7765 	struct net_device *dev = info->user_ptr[1];
7766 	struct mesh_config cfg;
7767 	struct mesh_setup setup;
7768 	int err;
7769 
7770 	/* start with default */
7771 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
7772 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
7773 
7774 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
7775 		/* and parse parameters if given */
7776 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
7777 		if (err)
7778 			return err;
7779 	}
7780 
7781 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
7782 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
7783 		return -EINVAL;
7784 
7785 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
7786 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
7787 
7788 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
7789 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
7790 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
7791 			return -EINVAL;
7792 
7793 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
7794 		setup.beacon_interval =
7795 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
7796 		if (setup.beacon_interval < 10 ||
7797 		    setup.beacon_interval > 10000)
7798 			return -EINVAL;
7799 	}
7800 
7801 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
7802 		setup.dtim_period =
7803 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
7804 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
7805 			return -EINVAL;
7806 	}
7807 
7808 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
7809 		/* parse additional setup parameters if given */
7810 		err = nl80211_parse_mesh_setup(info, &setup);
7811 		if (err)
7812 			return err;
7813 	}
7814 
7815 	if (setup.user_mpm)
7816 		cfg.auto_open_plinks = false;
7817 
7818 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7819 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
7820 		if (err)
7821 			return err;
7822 	} else {
7823 		/* cfg80211_join_mesh() will sort it out */
7824 		setup.chandef.chan = NULL;
7825 	}
7826 
7827 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
7828 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7829 		int n_rates =
7830 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7831 		struct ieee80211_supported_band *sband;
7832 
7833 		if (!setup.chandef.chan)
7834 			return -EINVAL;
7835 
7836 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
7837 
7838 		err = ieee80211_get_ratemask(sband, rates, n_rates,
7839 					     &setup.basic_rates);
7840 		if (err)
7841 			return err;
7842 	}
7843 
7844 	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
7845 }
7846 
7847 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
7848 {
7849 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7850 	struct net_device *dev = info->user_ptr[1];
7851 
7852 	return cfg80211_leave_mesh(rdev, dev);
7853 }
7854 
7855 #ifdef CONFIG_PM
7856 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
7857 					struct cfg80211_registered_device *rdev)
7858 {
7859 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
7860 	struct nlattr *nl_pats, *nl_pat;
7861 	int i, pat_len;
7862 
7863 	if (!wowlan->n_patterns)
7864 		return 0;
7865 
7866 	nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
7867 	if (!nl_pats)
7868 		return -ENOBUFS;
7869 
7870 	for (i = 0; i < wowlan->n_patterns; i++) {
7871 		nl_pat = nla_nest_start(msg, i + 1);
7872 		if (!nl_pat)
7873 			return -ENOBUFS;
7874 		pat_len = wowlan->patterns[i].pattern_len;
7875 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
7876 			    wowlan->patterns[i].mask) ||
7877 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
7878 			    wowlan->patterns[i].pattern) ||
7879 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
7880 				wowlan->patterns[i].pkt_offset))
7881 			return -ENOBUFS;
7882 		nla_nest_end(msg, nl_pat);
7883 	}
7884 	nla_nest_end(msg, nl_pats);
7885 
7886 	return 0;
7887 }
7888 
7889 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
7890 				   struct cfg80211_wowlan_tcp *tcp)
7891 {
7892 	struct nlattr *nl_tcp;
7893 
7894 	if (!tcp)
7895 		return 0;
7896 
7897 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
7898 	if (!nl_tcp)
7899 		return -ENOBUFS;
7900 
7901 	if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
7902 	    nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
7903 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
7904 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
7905 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
7906 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
7907 		    tcp->payload_len, tcp->payload) ||
7908 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
7909 			tcp->data_interval) ||
7910 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
7911 		    tcp->wake_len, tcp->wake_data) ||
7912 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
7913 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
7914 		return -ENOBUFS;
7915 
7916 	if (tcp->payload_seq.len &&
7917 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
7918 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
7919 		return -ENOBUFS;
7920 
7921 	if (tcp->payload_tok.len &&
7922 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
7923 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
7924 		    &tcp->payload_tok))
7925 		return -ENOBUFS;
7926 
7927 	nla_nest_end(msg, nl_tcp);
7928 
7929 	return 0;
7930 }
7931 
7932 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
7933 {
7934 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7935 	struct sk_buff *msg;
7936 	void *hdr;
7937 	u32 size = NLMSG_DEFAULT_SIZE;
7938 
7939 	if (!rdev->wiphy.wowlan)
7940 		return -EOPNOTSUPP;
7941 
7942 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
7943 		/* adjust size to have room for all the data */
7944 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
7945 			rdev->wiphy.wowlan_config->tcp->payload_len +
7946 			rdev->wiphy.wowlan_config->tcp->wake_len +
7947 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
7948 	}
7949 
7950 	msg = nlmsg_new(size, GFP_KERNEL);
7951 	if (!msg)
7952 		return -ENOMEM;
7953 
7954 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7955 			     NL80211_CMD_GET_WOWLAN);
7956 	if (!hdr)
7957 		goto nla_put_failure;
7958 
7959 	if (rdev->wiphy.wowlan_config) {
7960 		struct nlattr *nl_wowlan;
7961 
7962 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
7963 		if (!nl_wowlan)
7964 			goto nla_put_failure;
7965 
7966 		if ((rdev->wiphy.wowlan_config->any &&
7967 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
7968 		    (rdev->wiphy.wowlan_config->disconnect &&
7969 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
7970 		    (rdev->wiphy.wowlan_config->magic_pkt &&
7971 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
7972 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
7973 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
7974 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
7975 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
7976 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
7977 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
7978 		    (rdev->wiphy.wowlan_config->rfkill_release &&
7979 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
7980 			goto nla_put_failure;
7981 
7982 		if (nl80211_send_wowlan_patterns(msg, rdev))
7983 			goto nla_put_failure;
7984 
7985 		if (nl80211_send_wowlan_tcp(msg,
7986 					    rdev->wiphy.wowlan_config->tcp))
7987 			goto nla_put_failure;
7988 
7989 		nla_nest_end(msg, nl_wowlan);
7990 	}
7991 
7992 	genlmsg_end(msg, hdr);
7993 	return genlmsg_reply(msg, info);
7994 
7995 nla_put_failure:
7996 	nlmsg_free(msg);
7997 	return -ENOBUFS;
7998 }
7999 
8000 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
8001 				    struct nlattr *attr,
8002 				    struct cfg80211_wowlan *trig)
8003 {
8004 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
8005 	struct cfg80211_wowlan_tcp *cfg;
8006 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
8007 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
8008 	u32 size;
8009 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
8010 	int err, port;
8011 
8012 	if (!rdev->wiphy.wowlan->tcp)
8013 		return -EINVAL;
8014 
8015 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
8016 			nla_data(attr), nla_len(attr),
8017 			nl80211_wowlan_tcp_policy);
8018 	if (err)
8019 		return err;
8020 
8021 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
8022 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
8023 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
8024 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
8025 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
8026 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
8027 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
8028 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
8029 		return -EINVAL;
8030 
8031 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
8032 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
8033 		return -EINVAL;
8034 
8035 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
8036 			rdev->wiphy.wowlan->tcp->data_interval_max ||
8037 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
8038 		return -EINVAL;
8039 
8040 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
8041 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
8042 		return -EINVAL;
8043 
8044 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
8045 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
8046 		return -EINVAL;
8047 
8048 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
8049 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8050 
8051 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8052 		tokens_size = tokln - sizeof(*tok);
8053 
8054 		if (!tok->len || tokens_size % tok->len)
8055 			return -EINVAL;
8056 		if (!rdev->wiphy.wowlan->tcp->tok)
8057 			return -EINVAL;
8058 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
8059 			return -EINVAL;
8060 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
8061 			return -EINVAL;
8062 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
8063 			return -EINVAL;
8064 		if (tok->offset + tok->len > data_size)
8065 			return -EINVAL;
8066 	}
8067 
8068 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
8069 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
8070 		if (!rdev->wiphy.wowlan->tcp->seq)
8071 			return -EINVAL;
8072 		if (seq->len == 0 || seq->len > 4)
8073 			return -EINVAL;
8074 		if (seq->len + seq->offset > data_size)
8075 			return -EINVAL;
8076 	}
8077 
8078 	size = sizeof(*cfg);
8079 	size += data_size;
8080 	size += wake_size + wake_mask_size;
8081 	size += tokens_size;
8082 
8083 	cfg = kzalloc(size, GFP_KERNEL);
8084 	if (!cfg)
8085 		return -ENOMEM;
8086 	cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
8087 	cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
8088 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
8089 	       ETH_ALEN);
8090 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
8091 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
8092 	else
8093 		port = 0;
8094 #ifdef CONFIG_INET
8095 	/* allocate a socket and port for it and use it */
8096 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
8097 			    IPPROTO_TCP, &cfg->sock, 1);
8098 	if (err) {
8099 		kfree(cfg);
8100 		return err;
8101 	}
8102 	if (inet_csk_get_port(cfg->sock->sk, port)) {
8103 		sock_release(cfg->sock);
8104 		kfree(cfg);
8105 		return -EADDRINUSE;
8106 	}
8107 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
8108 #else
8109 	if (!port) {
8110 		kfree(cfg);
8111 		return -EINVAL;
8112 	}
8113 	cfg->src_port = port;
8114 #endif
8115 
8116 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
8117 	cfg->payload_len = data_size;
8118 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
8119 	memcpy((void *)cfg->payload,
8120 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
8121 	       data_size);
8122 	if (seq)
8123 		cfg->payload_seq = *seq;
8124 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
8125 	cfg->wake_len = wake_size;
8126 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
8127 	memcpy((void *)cfg->wake_data,
8128 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
8129 	       wake_size);
8130 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
8131 			 data_size + wake_size;
8132 	memcpy((void *)cfg->wake_mask,
8133 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
8134 	       wake_mask_size);
8135 	if (tok) {
8136 		cfg->tokens_size = tokens_size;
8137 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
8138 	}
8139 
8140 	trig->tcp = cfg;
8141 
8142 	return 0;
8143 }
8144 
8145 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
8146 {
8147 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8148 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
8149 	struct cfg80211_wowlan new_triggers = {};
8150 	struct cfg80211_wowlan *ntrig;
8151 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
8152 	int err, i;
8153 	bool prev_enabled = rdev->wiphy.wowlan_config;
8154 
8155 	if (!wowlan)
8156 		return -EOPNOTSUPP;
8157 
8158 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
8159 		cfg80211_rdev_free_wowlan(rdev);
8160 		rdev->wiphy.wowlan_config = NULL;
8161 		goto set_wakeup;
8162 	}
8163 
8164 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
8165 			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8166 			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8167 			nl80211_wowlan_policy);
8168 	if (err)
8169 		return err;
8170 
8171 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
8172 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
8173 			return -EINVAL;
8174 		new_triggers.any = true;
8175 	}
8176 
8177 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
8178 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
8179 			return -EINVAL;
8180 		new_triggers.disconnect = true;
8181 	}
8182 
8183 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
8184 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
8185 			return -EINVAL;
8186 		new_triggers.magic_pkt = true;
8187 	}
8188 
8189 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
8190 		return -EINVAL;
8191 
8192 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
8193 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
8194 			return -EINVAL;
8195 		new_triggers.gtk_rekey_failure = true;
8196 	}
8197 
8198 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
8199 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
8200 			return -EINVAL;
8201 		new_triggers.eap_identity_req = true;
8202 	}
8203 
8204 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
8205 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
8206 			return -EINVAL;
8207 		new_triggers.four_way_handshake = true;
8208 	}
8209 
8210 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
8211 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
8212 			return -EINVAL;
8213 		new_triggers.rfkill_release = true;
8214 	}
8215 
8216 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
8217 		struct nlattr *pat;
8218 		int n_patterns = 0;
8219 		int rem, pat_len, mask_len, pkt_offset;
8220 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8221 
8222 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8223 				    rem)
8224 			n_patterns++;
8225 		if (n_patterns > wowlan->n_patterns)
8226 			return -EINVAL;
8227 
8228 		new_triggers.patterns = kcalloc(n_patterns,
8229 						sizeof(new_triggers.patterns[0]),
8230 						GFP_KERNEL);
8231 		if (!new_triggers.patterns)
8232 			return -ENOMEM;
8233 
8234 		new_triggers.n_patterns = n_patterns;
8235 		i = 0;
8236 
8237 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8238 				    rem) {
8239 			nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8240 				  nla_len(pat), NULL);
8241 			err = -EINVAL;
8242 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
8243 			    !pat_tb[NL80211_PKTPAT_PATTERN])
8244 				goto error;
8245 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8246 			mask_len = DIV_ROUND_UP(pat_len, 8);
8247 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8248 				goto error;
8249 			if (pat_len > wowlan->pattern_max_len ||
8250 			    pat_len < wowlan->pattern_min_len)
8251 				goto error;
8252 
8253 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
8254 				pkt_offset = 0;
8255 			else
8256 				pkt_offset = nla_get_u32(
8257 					pat_tb[NL80211_PKTPAT_OFFSET]);
8258 			if (pkt_offset > wowlan->max_pkt_offset)
8259 				goto error;
8260 			new_triggers.patterns[i].pkt_offset = pkt_offset;
8261 
8262 			new_triggers.patterns[i].mask =
8263 				kmalloc(mask_len + pat_len, GFP_KERNEL);
8264 			if (!new_triggers.patterns[i].mask) {
8265 				err = -ENOMEM;
8266 				goto error;
8267 			}
8268 			new_triggers.patterns[i].pattern =
8269 				new_triggers.patterns[i].mask + mask_len;
8270 			memcpy(new_triggers.patterns[i].mask,
8271 			       nla_data(pat_tb[NL80211_PKTPAT_MASK]),
8272 			       mask_len);
8273 			new_triggers.patterns[i].pattern_len = pat_len;
8274 			memcpy(new_triggers.patterns[i].pattern,
8275 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
8276 			       pat_len);
8277 			i++;
8278 		}
8279 	}
8280 
8281 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
8282 		err = nl80211_parse_wowlan_tcp(
8283 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
8284 			&new_triggers);
8285 		if (err)
8286 			goto error;
8287 	}
8288 
8289 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
8290 	if (!ntrig) {
8291 		err = -ENOMEM;
8292 		goto error;
8293 	}
8294 	cfg80211_rdev_free_wowlan(rdev);
8295 	rdev->wiphy.wowlan_config = ntrig;
8296 
8297  set_wakeup:
8298 	if (rdev->ops->set_wakeup &&
8299 	    prev_enabled != !!rdev->wiphy.wowlan_config)
8300 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
8301 
8302 	return 0;
8303  error:
8304 	for (i = 0; i < new_triggers.n_patterns; i++)
8305 		kfree(new_triggers.patterns[i].mask);
8306 	kfree(new_triggers.patterns);
8307 	if (new_triggers.tcp && new_triggers.tcp->sock)
8308 		sock_release(new_triggers.tcp->sock);
8309 	kfree(new_triggers.tcp);
8310 	return err;
8311 }
8312 #endif
8313 
8314 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
8315 				       struct cfg80211_registered_device *rdev)
8316 {
8317 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
8318 	int i, j, pat_len;
8319 	struct cfg80211_coalesce_rules *rule;
8320 
8321 	if (!rdev->coalesce->n_rules)
8322 		return 0;
8323 
8324 	nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
8325 	if (!nl_rules)
8326 		return -ENOBUFS;
8327 
8328 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
8329 		nl_rule = nla_nest_start(msg, i + 1);
8330 		if (!nl_rule)
8331 			return -ENOBUFS;
8332 
8333 		rule = &rdev->coalesce->rules[i];
8334 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
8335 				rule->delay))
8336 			return -ENOBUFS;
8337 
8338 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
8339 				rule->condition))
8340 			return -ENOBUFS;
8341 
8342 		nl_pats = nla_nest_start(msg,
8343 				NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
8344 		if (!nl_pats)
8345 			return -ENOBUFS;
8346 
8347 		for (j = 0; j < rule->n_patterns; j++) {
8348 			nl_pat = nla_nest_start(msg, j + 1);
8349 			if (!nl_pat)
8350 				return -ENOBUFS;
8351 			pat_len = rule->patterns[j].pattern_len;
8352 			if (nla_put(msg, NL80211_PKTPAT_MASK,
8353 				    DIV_ROUND_UP(pat_len, 8),
8354 				    rule->patterns[j].mask) ||
8355 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8356 				    rule->patterns[j].pattern) ||
8357 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8358 					rule->patterns[j].pkt_offset))
8359 				return -ENOBUFS;
8360 			nla_nest_end(msg, nl_pat);
8361 		}
8362 		nla_nest_end(msg, nl_pats);
8363 		nla_nest_end(msg, nl_rule);
8364 	}
8365 	nla_nest_end(msg, nl_rules);
8366 
8367 	return 0;
8368 }
8369 
8370 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
8371 {
8372 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8373 	struct sk_buff *msg;
8374 	void *hdr;
8375 
8376 	if (!rdev->wiphy.coalesce)
8377 		return -EOPNOTSUPP;
8378 
8379 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8380 	if (!msg)
8381 		return -ENOMEM;
8382 
8383 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8384 			     NL80211_CMD_GET_COALESCE);
8385 	if (!hdr)
8386 		goto nla_put_failure;
8387 
8388 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
8389 		goto nla_put_failure;
8390 
8391 	genlmsg_end(msg, hdr);
8392 	return genlmsg_reply(msg, info);
8393 
8394 nla_put_failure:
8395 	nlmsg_free(msg);
8396 	return -ENOBUFS;
8397 }
8398 
8399 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
8400 {
8401 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
8402 	int i, j;
8403 	struct cfg80211_coalesce_rules *rule;
8404 
8405 	if (!coalesce)
8406 		return;
8407 
8408 	for (i = 0; i < coalesce->n_rules; i++) {
8409 		rule = &coalesce->rules[i];
8410 		for (j = 0; j < rule->n_patterns; j++)
8411 			kfree(rule->patterns[j].mask);
8412 		kfree(rule->patterns);
8413 	}
8414 	kfree(coalesce->rules);
8415 	kfree(coalesce);
8416 	rdev->coalesce = NULL;
8417 }
8418 
8419 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
8420 				       struct nlattr *rule,
8421 				       struct cfg80211_coalesce_rules *new_rule)
8422 {
8423 	int err, i;
8424 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8425 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
8426 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
8427 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8428 
8429 	err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
8430 			nla_len(rule), nl80211_coalesce_policy);
8431 	if (err)
8432 		return err;
8433 
8434 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
8435 		new_rule->delay =
8436 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
8437 	if (new_rule->delay > coalesce->max_delay)
8438 		return -EINVAL;
8439 
8440 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
8441 		new_rule->condition =
8442 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
8443 	if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
8444 	    new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
8445 		return -EINVAL;
8446 
8447 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
8448 		return -EINVAL;
8449 
8450 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8451 			    rem)
8452 		n_patterns++;
8453 	if (n_patterns > coalesce->n_patterns)
8454 		return -EINVAL;
8455 
8456 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
8457 				     GFP_KERNEL);
8458 	if (!new_rule->patterns)
8459 		return -ENOMEM;
8460 
8461 	new_rule->n_patterns = n_patterns;
8462 	i = 0;
8463 
8464 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8465 			    rem) {
8466 		nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8467 			  nla_len(pat), NULL);
8468 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
8469 		    !pat_tb[NL80211_PKTPAT_PATTERN])
8470 			return -EINVAL;
8471 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8472 		mask_len = DIV_ROUND_UP(pat_len, 8);
8473 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8474 			return -EINVAL;
8475 		if (pat_len > coalesce->pattern_max_len ||
8476 		    pat_len < coalesce->pattern_min_len)
8477 			return -EINVAL;
8478 
8479 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
8480 			pkt_offset = 0;
8481 		else
8482 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
8483 		if (pkt_offset > coalesce->max_pkt_offset)
8484 			return -EINVAL;
8485 		new_rule->patterns[i].pkt_offset = pkt_offset;
8486 
8487 		new_rule->patterns[i].mask =
8488 			kmalloc(mask_len + pat_len, GFP_KERNEL);
8489 		if (!new_rule->patterns[i].mask)
8490 			return -ENOMEM;
8491 		new_rule->patterns[i].pattern =
8492 			new_rule->patterns[i].mask + mask_len;
8493 		memcpy(new_rule->patterns[i].mask,
8494 		       nla_data(pat_tb[NL80211_PKTPAT_MASK]), mask_len);
8495 		new_rule->patterns[i].pattern_len = pat_len;
8496 		memcpy(new_rule->patterns[i].pattern,
8497 		       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), pat_len);
8498 		i++;
8499 	}
8500 
8501 	return 0;
8502 }
8503 
8504 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
8505 {
8506 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8507 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8508 	struct cfg80211_coalesce new_coalesce = {};
8509 	struct cfg80211_coalesce *n_coalesce;
8510 	int err, rem_rule, n_rules = 0, i, j;
8511 	struct nlattr *rule;
8512 	struct cfg80211_coalesce_rules *tmp_rule;
8513 
8514 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
8515 		return -EOPNOTSUPP;
8516 
8517 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
8518 		cfg80211_rdev_free_coalesce(rdev);
8519 		rdev->ops->set_coalesce(&rdev->wiphy, NULL);
8520 		return 0;
8521 	}
8522 
8523 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8524 			    rem_rule)
8525 		n_rules++;
8526 	if (n_rules > coalesce->n_rules)
8527 		return -EINVAL;
8528 
8529 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
8530 				     GFP_KERNEL);
8531 	if (!new_coalesce.rules)
8532 		return -ENOMEM;
8533 
8534 	new_coalesce.n_rules = n_rules;
8535 	i = 0;
8536 
8537 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8538 			    rem_rule) {
8539 		err = nl80211_parse_coalesce_rule(rdev, rule,
8540 						  &new_coalesce.rules[i]);
8541 		if (err)
8542 			goto error;
8543 
8544 		i++;
8545 	}
8546 
8547 	err = rdev->ops->set_coalesce(&rdev->wiphy, &new_coalesce);
8548 	if (err)
8549 		goto error;
8550 
8551 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
8552 	if (!n_coalesce) {
8553 		err = -ENOMEM;
8554 		goto error;
8555 	}
8556 	cfg80211_rdev_free_coalesce(rdev);
8557 	rdev->coalesce = n_coalesce;
8558 
8559 	return 0;
8560 error:
8561 	for (i = 0; i < new_coalesce.n_rules; i++) {
8562 		tmp_rule = &new_coalesce.rules[i];
8563 		for (j = 0; j < tmp_rule->n_patterns; j++)
8564 			kfree(tmp_rule->patterns[j].mask);
8565 		kfree(tmp_rule->patterns);
8566 	}
8567 	kfree(new_coalesce.rules);
8568 
8569 	return err;
8570 }
8571 
8572 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
8573 {
8574 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8575 	struct net_device *dev = info->user_ptr[1];
8576 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8577 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
8578 	struct cfg80211_gtk_rekey_data rekey_data;
8579 	int err;
8580 
8581 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
8582 		return -EINVAL;
8583 
8584 	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
8585 			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
8586 			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
8587 			nl80211_rekey_policy);
8588 	if (err)
8589 		return err;
8590 
8591 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
8592 		return -ERANGE;
8593 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
8594 		return -ERANGE;
8595 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
8596 		return -ERANGE;
8597 
8598 	memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
8599 	       NL80211_KEK_LEN);
8600 	memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
8601 	       NL80211_KCK_LEN);
8602 	memcpy(rekey_data.replay_ctr,
8603 	       nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
8604 	       NL80211_REPLAY_CTR_LEN);
8605 
8606 	wdev_lock(wdev);
8607 	if (!wdev->current_bss) {
8608 		err = -ENOTCONN;
8609 		goto out;
8610 	}
8611 
8612 	if (!rdev->ops->set_rekey_data) {
8613 		err = -EOPNOTSUPP;
8614 		goto out;
8615 	}
8616 
8617 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
8618  out:
8619 	wdev_unlock(wdev);
8620 	return err;
8621 }
8622 
8623 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
8624 					     struct genl_info *info)
8625 {
8626 	struct net_device *dev = info->user_ptr[1];
8627 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8628 
8629 	if (wdev->iftype != NL80211_IFTYPE_AP &&
8630 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
8631 		return -EINVAL;
8632 
8633 	if (wdev->ap_unexpected_nlportid)
8634 		return -EBUSY;
8635 
8636 	wdev->ap_unexpected_nlportid = info->snd_portid;
8637 	return 0;
8638 }
8639 
8640 static int nl80211_probe_client(struct sk_buff *skb,
8641 				struct genl_info *info)
8642 {
8643 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8644 	struct net_device *dev = info->user_ptr[1];
8645 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8646 	struct sk_buff *msg;
8647 	void *hdr;
8648 	const u8 *addr;
8649 	u64 cookie;
8650 	int err;
8651 
8652 	if (wdev->iftype != NL80211_IFTYPE_AP &&
8653 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
8654 		return -EOPNOTSUPP;
8655 
8656 	if (!info->attrs[NL80211_ATTR_MAC])
8657 		return -EINVAL;
8658 
8659 	if (!rdev->ops->probe_client)
8660 		return -EOPNOTSUPP;
8661 
8662 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8663 	if (!msg)
8664 		return -ENOMEM;
8665 
8666 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8667 			     NL80211_CMD_PROBE_CLIENT);
8668 	if (!hdr) {
8669 		err = -ENOBUFS;
8670 		goto free_msg;
8671 	}
8672 
8673 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8674 
8675 	err = rdev_probe_client(rdev, dev, addr, &cookie);
8676 	if (err)
8677 		goto free_msg;
8678 
8679 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8680 		goto nla_put_failure;
8681 
8682 	genlmsg_end(msg, hdr);
8683 
8684 	return genlmsg_reply(msg, info);
8685 
8686  nla_put_failure:
8687 	err = -ENOBUFS;
8688  free_msg:
8689 	nlmsg_free(msg);
8690 	return err;
8691 }
8692 
8693 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
8694 {
8695 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8696 	struct cfg80211_beacon_registration *reg, *nreg;
8697 	int rv;
8698 
8699 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
8700 		return -EOPNOTSUPP;
8701 
8702 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
8703 	if (!nreg)
8704 		return -ENOMEM;
8705 
8706 	/* First, check if already registered. */
8707 	spin_lock_bh(&rdev->beacon_registrations_lock);
8708 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
8709 		if (reg->nlportid == info->snd_portid) {
8710 			rv = -EALREADY;
8711 			goto out_err;
8712 		}
8713 	}
8714 	/* Add it to the list */
8715 	nreg->nlportid = info->snd_portid;
8716 	list_add(&nreg->list, &rdev->beacon_registrations);
8717 
8718 	spin_unlock_bh(&rdev->beacon_registrations_lock);
8719 
8720 	return 0;
8721 out_err:
8722 	spin_unlock_bh(&rdev->beacon_registrations_lock);
8723 	kfree(nreg);
8724 	return rv;
8725 }
8726 
8727 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
8728 {
8729 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8730 	struct wireless_dev *wdev = info->user_ptr[1];
8731 	int err;
8732 
8733 	if (!rdev->ops->start_p2p_device)
8734 		return -EOPNOTSUPP;
8735 
8736 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
8737 		return -EOPNOTSUPP;
8738 
8739 	if (wdev->p2p_started)
8740 		return 0;
8741 
8742 	err = cfg80211_can_add_interface(rdev, wdev->iftype);
8743 	if (err)
8744 		return err;
8745 
8746 	err = rdev_start_p2p_device(rdev, wdev);
8747 	if (err)
8748 		return err;
8749 
8750 	wdev->p2p_started = true;
8751 	rdev->opencount++;
8752 
8753 	return 0;
8754 }
8755 
8756 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
8757 {
8758 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8759 	struct wireless_dev *wdev = info->user_ptr[1];
8760 
8761 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
8762 		return -EOPNOTSUPP;
8763 
8764 	if (!rdev->ops->stop_p2p_device)
8765 		return -EOPNOTSUPP;
8766 
8767 	cfg80211_stop_p2p_device(rdev, wdev);
8768 
8769 	return 0;
8770 }
8771 
8772 static int nl80211_get_protocol_features(struct sk_buff *skb,
8773 					 struct genl_info *info)
8774 {
8775 	void *hdr;
8776 	struct sk_buff *msg;
8777 
8778 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8779 	if (!msg)
8780 		return -ENOMEM;
8781 
8782 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8783 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
8784 	if (!hdr)
8785 		goto nla_put_failure;
8786 
8787 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
8788 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
8789 		goto nla_put_failure;
8790 
8791 	genlmsg_end(msg, hdr);
8792 	return genlmsg_reply(msg, info);
8793 
8794  nla_put_failure:
8795 	kfree_skb(msg);
8796 	return -ENOBUFS;
8797 }
8798 
8799 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
8800 {
8801 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8802 	struct cfg80211_update_ft_ies_params ft_params;
8803 	struct net_device *dev = info->user_ptr[1];
8804 
8805 	if (!rdev->ops->update_ft_ies)
8806 		return -EOPNOTSUPP;
8807 
8808 	if (!info->attrs[NL80211_ATTR_MDID] ||
8809 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8810 		return -EINVAL;
8811 
8812 	memset(&ft_params, 0, sizeof(ft_params));
8813 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
8814 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8815 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8816 
8817 	return rdev_update_ft_ies(rdev, dev, &ft_params);
8818 }
8819 
8820 static int nl80211_crit_protocol_start(struct sk_buff *skb,
8821 				       struct genl_info *info)
8822 {
8823 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8824 	struct wireless_dev *wdev = info->user_ptr[1];
8825 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
8826 	u16 duration;
8827 	int ret;
8828 
8829 	if (!rdev->ops->crit_proto_start)
8830 		return -EOPNOTSUPP;
8831 
8832 	if (WARN_ON(!rdev->ops->crit_proto_stop))
8833 		return -EINVAL;
8834 
8835 	if (rdev->crit_proto_nlportid)
8836 		return -EBUSY;
8837 
8838 	/* determine protocol if provided */
8839 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
8840 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
8841 
8842 	if (proto >= NUM_NL80211_CRIT_PROTO)
8843 		return -EINVAL;
8844 
8845 	/* timeout must be provided */
8846 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
8847 		return -EINVAL;
8848 
8849 	duration =
8850 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
8851 
8852 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
8853 		return -ERANGE;
8854 
8855 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
8856 	if (!ret)
8857 		rdev->crit_proto_nlportid = info->snd_portid;
8858 
8859 	return ret;
8860 }
8861 
8862 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
8863 				      struct genl_info *info)
8864 {
8865 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8866 	struct wireless_dev *wdev = info->user_ptr[1];
8867 
8868 	if (!rdev->ops->crit_proto_stop)
8869 		return -EOPNOTSUPP;
8870 
8871 	if (rdev->crit_proto_nlportid) {
8872 		rdev->crit_proto_nlportid = 0;
8873 		rdev_crit_proto_stop(rdev, wdev);
8874 	}
8875 	return 0;
8876 }
8877 
8878 #define NL80211_FLAG_NEED_WIPHY		0x01
8879 #define NL80211_FLAG_NEED_NETDEV	0x02
8880 #define NL80211_FLAG_NEED_RTNL		0x04
8881 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
8882 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
8883 					 NL80211_FLAG_CHECK_NETDEV_UP)
8884 #define NL80211_FLAG_NEED_WDEV		0x10
8885 /* If a netdev is associated, it must be UP, P2P must be started */
8886 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
8887 					 NL80211_FLAG_CHECK_NETDEV_UP)
8888 
8889 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
8890 			    struct genl_info *info)
8891 {
8892 	struct cfg80211_registered_device *rdev;
8893 	struct wireless_dev *wdev;
8894 	struct net_device *dev;
8895 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
8896 
8897 	if (rtnl)
8898 		rtnl_lock();
8899 
8900 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
8901 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
8902 		if (IS_ERR(rdev)) {
8903 			if (rtnl)
8904 				rtnl_unlock();
8905 			return PTR_ERR(rdev);
8906 		}
8907 		info->user_ptr[0] = rdev;
8908 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
8909 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
8910 		ASSERT_RTNL();
8911 
8912 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
8913 						  info->attrs);
8914 		if (IS_ERR(wdev)) {
8915 			if (rtnl)
8916 				rtnl_unlock();
8917 			return PTR_ERR(wdev);
8918 		}
8919 
8920 		dev = wdev->netdev;
8921 		rdev = wiphy_to_dev(wdev->wiphy);
8922 
8923 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
8924 			if (!dev) {
8925 				if (rtnl)
8926 					rtnl_unlock();
8927 				return -EINVAL;
8928 			}
8929 
8930 			info->user_ptr[1] = dev;
8931 		} else {
8932 			info->user_ptr[1] = wdev;
8933 		}
8934 
8935 		if (dev) {
8936 			if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
8937 			    !netif_running(dev)) {
8938 				if (rtnl)
8939 					rtnl_unlock();
8940 				return -ENETDOWN;
8941 			}
8942 
8943 			dev_hold(dev);
8944 		} else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
8945 			if (!wdev->p2p_started) {
8946 				if (rtnl)
8947 					rtnl_unlock();
8948 				return -ENETDOWN;
8949 			}
8950 		}
8951 
8952 		info->user_ptr[0] = rdev;
8953 	}
8954 
8955 	return 0;
8956 }
8957 
8958 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
8959 			      struct genl_info *info)
8960 {
8961 	if (info->user_ptr[1]) {
8962 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
8963 			struct wireless_dev *wdev = info->user_ptr[1];
8964 
8965 			if (wdev->netdev)
8966 				dev_put(wdev->netdev);
8967 		} else {
8968 			dev_put(info->user_ptr[1]);
8969 		}
8970 	}
8971 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
8972 		rtnl_unlock();
8973 }
8974 
8975 static const struct genl_ops nl80211_ops[] = {
8976 	{
8977 		.cmd = NL80211_CMD_GET_WIPHY,
8978 		.doit = nl80211_get_wiphy,
8979 		.dumpit = nl80211_dump_wiphy,
8980 		.done = nl80211_dump_wiphy_done,
8981 		.policy = nl80211_policy,
8982 		/* can be retrieved by unprivileged users */
8983 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
8984 				  NL80211_FLAG_NEED_RTNL,
8985 	},
8986 	{
8987 		.cmd = NL80211_CMD_SET_WIPHY,
8988 		.doit = nl80211_set_wiphy,
8989 		.policy = nl80211_policy,
8990 		.flags = GENL_ADMIN_PERM,
8991 		.internal_flags = NL80211_FLAG_NEED_RTNL,
8992 	},
8993 	{
8994 		.cmd = NL80211_CMD_GET_INTERFACE,
8995 		.doit = nl80211_get_interface,
8996 		.dumpit = nl80211_dump_interface,
8997 		.policy = nl80211_policy,
8998 		/* can be retrieved by unprivileged users */
8999 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9000 				  NL80211_FLAG_NEED_RTNL,
9001 	},
9002 	{
9003 		.cmd = NL80211_CMD_SET_INTERFACE,
9004 		.doit = nl80211_set_interface,
9005 		.policy = nl80211_policy,
9006 		.flags = GENL_ADMIN_PERM,
9007 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9008 				  NL80211_FLAG_NEED_RTNL,
9009 	},
9010 	{
9011 		.cmd = NL80211_CMD_NEW_INTERFACE,
9012 		.doit = nl80211_new_interface,
9013 		.policy = nl80211_policy,
9014 		.flags = GENL_ADMIN_PERM,
9015 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9016 				  NL80211_FLAG_NEED_RTNL,
9017 	},
9018 	{
9019 		.cmd = NL80211_CMD_DEL_INTERFACE,
9020 		.doit = nl80211_del_interface,
9021 		.policy = nl80211_policy,
9022 		.flags = GENL_ADMIN_PERM,
9023 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9024 				  NL80211_FLAG_NEED_RTNL,
9025 	},
9026 	{
9027 		.cmd = NL80211_CMD_GET_KEY,
9028 		.doit = nl80211_get_key,
9029 		.policy = nl80211_policy,
9030 		.flags = GENL_ADMIN_PERM,
9031 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9032 				  NL80211_FLAG_NEED_RTNL,
9033 	},
9034 	{
9035 		.cmd = NL80211_CMD_SET_KEY,
9036 		.doit = nl80211_set_key,
9037 		.policy = nl80211_policy,
9038 		.flags = GENL_ADMIN_PERM,
9039 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9040 				  NL80211_FLAG_NEED_RTNL,
9041 	},
9042 	{
9043 		.cmd = NL80211_CMD_NEW_KEY,
9044 		.doit = nl80211_new_key,
9045 		.policy = nl80211_policy,
9046 		.flags = GENL_ADMIN_PERM,
9047 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9048 				  NL80211_FLAG_NEED_RTNL,
9049 	},
9050 	{
9051 		.cmd = NL80211_CMD_DEL_KEY,
9052 		.doit = nl80211_del_key,
9053 		.policy = nl80211_policy,
9054 		.flags = GENL_ADMIN_PERM,
9055 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9056 				  NL80211_FLAG_NEED_RTNL,
9057 	},
9058 	{
9059 		.cmd = NL80211_CMD_SET_BEACON,
9060 		.policy = nl80211_policy,
9061 		.flags = GENL_ADMIN_PERM,
9062 		.doit = nl80211_set_beacon,
9063 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9064 				  NL80211_FLAG_NEED_RTNL,
9065 	},
9066 	{
9067 		.cmd = NL80211_CMD_START_AP,
9068 		.policy = nl80211_policy,
9069 		.flags = GENL_ADMIN_PERM,
9070 		.doit = nl80211_start_ap,
9071 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9072 				  NL80211_FLAG_NEED_RTNL,
9073 	},
9074 	{
9075 		.cmd = NL80211_CMD_STOP_AP,
9076 		.policy = nl80211_policy,
9077 		.flags = GENL_ADMIN_PERM,
9078 		.doit = nl80211_stop_ap,
9079 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9080 				  NL80211_FLAG_NEED_RTNL,
9081 	},
9082 	{
9083 		.cmd = NL80211_CMD_GET_STATION,
9084 		.doit = nl80211_get_station,
9085 		.dumpit = nl80211_dump_station,
9086 		.policy = nl80211_policy,
9087 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9088 				  NL80211_FLAG_NEED_RTNL,
9089 	},
9090 	{
9091 		.cmd = NL80211_CMD_SET_STATION,
9092 		.doit = nl80211_set_station,
9093 		.policy = nl80211_policy,
9094 		.flags = GENL_ADMIN_PERM,
9095 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9096 				  NL80211_FLAG_NEED_RTNL,
9097 	},
9098 	{
9099 		.cmd = NL80211_CMD_NEW_STATION,
9100 		.doit = nl80211_new_station,
9101 		.policy = nl80211_policy,
9102 		.flags = GENL_ADMIN_PERM,
9103 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9104 				  NL80211_FLAG_NEED_RTNL,
9105 	},
9106 	{
9107 		.cmd = NL80211_CMD_DEL_STATION,
9108 		.doit = nl80211_del_station,
9109 		.policy = nl80211_policy,
9110 		.flags = GENL_ADMIN_PERM,
9111 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9112 				  NL80211_FLAG_NEED_RTNL,
9113 	},
9114 	{
9115 		.cmd = NL80211_CMD_GET_MPATH,
9116 		.doit = nl80211_get_mpath,
9117 		.dumpit = nl80211_dump_mpath,
9118 		.policy = nl80211_policy,
9119 		.flags = GENL_ADMIN_PERM,
9120 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9121 				  NL80211_FLAG_NEED_RTNL,
9122 	},
9123 	{
9124 		.cmd = NL80211_CMD_SET_MPATH,
9125 		.doit = nl80211_set_mpath,
9126 		.policy = nl80211_policy,
9127 		.flags = GENL_ADMIN_PERM,
9128 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9129 				  NL80211_FLAG_NEED_RTNL,
9130 	},
9131 	{
9132 		.cmd = NL80211_CMD_NEW_MPATH,
9133 		.doit = nl80211_new_mpath,
9134 		.policy = nl80211_policy,
9135 		.flags = GENL_ADMIN_PERM,
9136 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9137 				  NL80211_FLAG_NEED_RTNL,
9138 	},
9139 	{
9140 		.cmd = NL80211_CMD_DEL_MPATH,
9141 		.doit = nl80211_del_mpath,
9142 		.policy = nl80211_policy,
9143 		.flags = GENL_ADMIN_PERM,
9144 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9145 				  NL80211_FLAG_NEED_RTNL,
9146 	},
9147 	{
9148 		.cmd = NL80211_CMD_SET_BSS,
9149 		.doit = nl80211_set_bss,
9150 		.policy = nl80211_policy,
9151 		.flags = GENL_ADMIN_PERM,
9152 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9153 				  NL80211_FLAG_NEED_RTNL,
9154 	},
9155 	{
9156 		.cmd = NL80211_CMD_GET_REG,
9157 		.doit = nl80211_get_reg,
9158 		.policy = nl80211_policy,
9159 		.internal_flags = NL80211_FLAG_NEED_RTNL,
9160 		/* can be retrieved by unprivileged users */
9161 	},
9162 	{
9163 		.cmd = NL80211_CMD_SET_REG,
9164 		.doit = nl80211_set_reg,
9165 		.policy = nl80211_policy,
9166 		.flags = GENL_ADMIN_PERM,
9167 		.internal_flags = NL80211_FLAG_NEED_RTNL,
9168 	},
9169 	{
9170 		.cmd = NL80211_CMD_REQ_SET_REG,
9171 		.doit = nl80211_req_set_reg,
9172 		.policy = nl80211_policy,
9173 		.flags = GENL_ADMIN_PERM,
9174 	},
9175 	{
9176 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
9177 		.doit = nl80211_get_mesh_config,
9178 		.policy = nl80211_policy,
9179 		/* can be retrieved by unprivileged users */
9180 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9181 				  NL80211_FLAG_NEED_RTNL,
9182 	},
9183 	{
9184 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
9185 		.doit = nl80211_update_mesh_config,
9186 		.policy = nl80211_policy,
9187 		.flags = GENL_ADMIN_PERM,
9188 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9189 				  NL80211_FLAG_NEED_RTNL,
9190 	},
9191 	{
9192 		.cmd = NL80211_CMD_TRIGGER_SCAN,
9193 		.doit = nl80211_trigger_scan,
9194 		.policy = nl80211_policy,
9195 		.flags = GENL_ADMIN_PERM,
9196 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9197 				  NL80211_FLAG_NEED_RTNL,
9198 	},
9199 	{
9200 		.cmd = NL80211_CMD_GET_SCAN,
9201 		.policy = nl80211_policy,
9202 		.dumpit = nl80211_dump_scan,
9203 	},
9204 	{
9205 		.cmd = NL80211_CMD_START_SCHED_SCAN,
9206 		.doit = nl80211_start_sched_scan,
9207 		.policy = nl80211_policy,
9208 		.flags = GENL_ADMIN_PERM,
9209 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9210 				  NL80211_FLAG_NEED_RTNL,
9211 	},
9212 	{
9213 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
9214 		.doit = nl80211_stop_sched_scan,
9215 		.policy = nl80211_policy,
9216 		.flags = GENL_ADMIN_PERM,
9217 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9218 				  NL80211_FLAG_NEED_RTNL,
9219 	},
9220 	{
9221 		.cmd = NL80211_CMD_AUTHENTICATE,
9222 		.doit = nl80211_authenticate,
9223 		.policy = nl80211_policy,
9224 		.flags = GENL_ADMIN_PERM,
9225 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9226 				  NL80211_FLAG_NEED_RTNL,
9227 	},
9228 	{
9229 		.cmd = NL80211_CMD_ASSOCIATE,
9230 		.doit = nl80211_associate,
9231 		.policy = nl80211_policy,
9232 		.flags = GENL_ADMIN_PERM,
9233 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9234 				  NL80211_FLAG_NEED_RTNL,
9235 	},
9236 	{
9237 		.cmd = NL80211_CMD_DEAUTHENTICATE,
9238 		.doit = nl80211_deauthenticate,
9239 		.policy = nl80211_policy,
9240 		.flags = GENL_ADMIN_PERM,
9241 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9242 				  NL80211_FLAG_NEED_RTNL,
9243 	},
9244 	{
9245 		.cmd = NL80211_CMD_DISASSOCIATE,
9246 		.doit = nl80211_disassociate,
9247 		.policy = nl80211_policy,
9248 		.flags = GENL_ADMIN_PERM,
9249 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9250 				  NL80211_FLAG_NEED_RTNL,
9251 	},
9252 	{
9253 		.cmd = NL80211_CMD_JOIN_IBSS,
9254 		.doit = nl80211_join_ibss,
9255 		.policy = nl80211_policy,
9256 		.flags = GENL_ADMIN_PERM,
9257 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9258 				  NL80211_FLAG_NEED_RTNL,
9259 	},
9260 	{
9261 		.cmd = NL80211_CMD_LEAVE_IBSS,
9262 		.doit = nl80211_leave_ibss,
9263 		.policy = nl80211_policy,
9264 		.flags = GENL_ADMIN_PERM,
9265 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9266 				  NL80211_FLAG_NEED_RTNL,
9267 	},
9268 #ifdef CONFIG_NL80211_TESTMODE
9269 	{
9270 		.cmd = NL80211_CMD_TESTMODE,
9271 		.doit = nl80211_testmode_do,
9272 		.dumpit = nl80211_testmode_dump,
9273 		.policy = nl80211_policy,
9274 		.flags = GENL_ADMIN_PERM,
9275 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9276 				  NL80211_FLAG_NEED_RTNL,
9277 	},
9278 #endif
9279 	{
9280 		.cmd = NL80211_CMD_CONNECT,
9281 		.doit = nl80211_connect,
9282 		.policy = nl80211_policy,
9283 		.flags = GENL_ADMIN_PERM,
9284 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9285 				  NL80211_FLAG_NEED_RTNL,
9286 	},
9287 	{
9288 		.cmd = NL80211_CMD_DISCONNECT,
9289 		.doit = nl80211_disconnect,
9290 		.policy = nl80211_policy,
9291 		.flags = GENL_ADMIN_PERM,
9292 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9293 				  NL80211_FLAG_NEED_RTNL,
9294 	},
9295 	{
9296 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
9297 		.doit = nl80211_wiphy_netns,
9298 		.policy = nl80211_policy,
9299 		.flags = GENL_ADMIN_PERM,
9300 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9301 				  NL80211_FLAG_NEED_RTNL,
9302 	},
9303 	{
9304 		.cmd = NL80211_CMD_GET_SURVEY,
9305 		.policy = nl80211_policy,
9306 		.dumpit = nl80211_dump_survey,
9307 	},
9308 	{
9309 		.cmd = NL80211_CMD_SET_PMKSA,
9310 		.doit = nl80211_setdel_pmksa,
9311 		.policy = nl80211_policy,
9312 		.flags = GENL_ADMIN_PERM,
9313 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9314 				  NL80211_FLAG_NEED_RTNL,
9315 	},
9316 	{
9317 		.cmd = NL80211_CMD_DEL_PMKSA,
9318 		.doit = nl80211_setdel_pmksa,
9319 		.policy = nl80211_policy,
9320 		.flags = GENL_ADMIN_PERM,
9321 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9322 				  NL80211_FLAG_NEED_RTNL,
9323 	},
9324 	{
9325 		.cmd = NL80211_CMD_FLUSH_PMKSA,
9326 		.doit = nl80211_flush_pmksa,
9327 		.policy = nl80211_policy,
9328 		.flags = GENL_ADMIN_PERM,
9329 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9330 				  NL80211_FLAG_NEED_RTNL,
9331 	},
9332 	{
9333 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
9334 		.doit = nl80211_remain_on_channel,
9335 		.policy = nl80211_policy,
9336 		.flags = GENL_ADMIN_PERM,
9337 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9338 				  NL80211_FLAG_NEED_RTNL,
9339 	},
9340 	{
9341 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
9342 		.doit = nl80211_cancel_remain_on_channel,
9343 		.policy = nl80211_policy,
9344 		.flags = GENL_ADMIN_PERM,
9345 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9346 				  NL80211_FLAG_NEED_RTNL,
9347 	},
9348 	{
9349 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
9350 		.doit = nl80211_set_tx_bitrate_mask,
9351 		.policy = nl80211_policy,
9352 		.flags = GENL_ADMIN_PERM,
9353 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9354 				  NL80211_FLAG_NEED_RTNL,
9355 	},
9356 	{
9357 		.cmd = NL80211_CMD_REGISTER_FRAME,
9358 		.doit = nl80211_register_mgmt,
9359 		.policy = nl80211_policy,
9360 		.flags = GENL_ADMIN_PERM,
9361 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9362 				  NL80211_FLAG_NEED_RTNL,
9363 	},
9364 	{
9365 		.cmd = NL80211_CMD_FRAME,
9366 		.doit = nl80211_tx_mgmt,
9367 		.policy = nl80211_policy,
9368 		.flags = GENL_ADMIN_PERM,
9369 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9370 				  NL80211_FLAG_NEED_RTNL,
9371 	},
9372 	{
9373 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
9374 		.doit = nl80211_tx_mgmt_cancel_wait,
9375 		.policy = nl80211_policy,
9376 		.flags = GENL_ADMIN_PERM,
9377 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9378 				  NL80211_FLAG_NEED_RTNL,
9379 	},
9380 	{
9381 		.cmd = NL80211_CMD_SET_POWER_SAVE,
9382 		.doit = nl80211_set_power_save,
9383 		.policy = nl80211_policy,
9384 		.flags = GENL_ADMIN_PERM,
9385 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9386 				  NL80211_FLAG_NEED_RTNL,
9387 	},
9388 	{
9389 		.cmd = NL80211_CMD_GET_POWER_SAVE,
9390 		.doit = nl80211_get_power_save,
9391 		.policy = nl80211_policy,
9392 		/* can be retrieved by unprivileged users */
9393 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9394 				  NL80211_FLAG_NEED_RTNL,
9395 	},
9396 	{
9397 		.cmd = NL80211_CMD_SET_CQM,
9398 		.doit = nl80211_set_cqm,
9399 		.policy = nl80211_policy,
9400 		.flags = GENL_ADMIN_PERM,
9401 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9402 				  NL80211_FLAG_NEED_RTNL,
9403 	},
9404 	{
9405 		.cmd = NL80211_CMD_SET_CHANNEL,
9406 		.doit = nl80211_set_channel,
9407 		.policy = nl80211_policy,
9408 		.flags = GENL_ADMIN_PERM,
9409 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9410 				  NL80211_FLAG_NEED_RTNL,
9411 	},
9412 	{
9413 		.cmd = NL80211_CMD_SET_WDS_PEER,
9414 		.doit = nl80211_set_wds_peer,
9415 		.policy = nl80211_policy,
9416 		.flags = GENL_ADMIN_PERM,
9417 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9418 				  NL80211_FLAG_NEED_RTNL,
9419 	},
9420 	{
9421 		.cmd = NL80211_CMD_JOIN_MESH,
9422 		.doit = nl80211_join_mesh,
9423 		.policy = nl80211_policy,
9424 		.flags = GENL_ADMIN_PERM,
9425 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9426 				  NL80211_FLAG_NEED_RTNL,
9427 	},
9428 	{
9429 		.cmd = NL80211_CMD_LEAVE_MESH,
9430 		.doit = nl80211_leave_mesh,
9431 		.policy = nl80211_policy,
9432 		.flags = GENL_ADMIN_PERM,
9433 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9434 				  NL80211_FLAG_NEED_RTNL,
9435 	},
9436 #ifdef CONFIG_PM
9437 	{
9438 		.cmd = NL80211_CMD_GET_WOWLAN,
9439 		.doit = nl80211_get_wowlan,
9440 		.policy = nl80211_policy,
9441 		/* can be retrieved by unprivileged users */
9442 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9443 				  NL80211_FLAG_NEED_RTNL,
9444 	},
9445 	{
9446 		.cmd = NL80211_CMD_SET_WOWLAN,
9447 		.doit = nl80211_set_wowlan,
9448 		.policy = nl80211_policy,
9449 		.flags = GENL_ADMIN_PERM,
9450 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9451 				  NL80211_FLAG_NEED_RTNL,
9452 	},
9453 #endif
9454 	{
9455 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
9456 		.doit = nl80211_set_rekey_data,
9457 		.policy = nl80211_policy,
9458 		.flags = GENL_ADMIN_PERM,
9459 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9460 				  NL80211_FLAG_NEED_RTNL,
9461 	},
9462 	{
9463 		.cmd = NL80211_CMD_TDLS_MGMT,
9464 		.doit = nl80211_tdls_mgmt,
9465 		.policy = nl80211_policy,
9466 		.flags = GENL_ADMIN_PERM,
9467 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9468 				  NL80211_FLAG_NEED_RTNL,
9469 	},
9470 	{
9471 		.cmd = NL80211_CMD_TDLS_OPER,
9472 		.doit = nl80211_tdls_oper,
9473 		.policy = nl80211_policy,
9474 		.flags = GENL_ADMIN_PERM,
9475 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9476 				  NL80211_FLAG_NEED_RTNL,
9477 	},
9478 	{
9479 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
9480 		.doit = nl80211_register_unexpected_frame,
9481 		.policy = nl80211_policy,
9482 		.flags = GENL_ADMIN_PERM,
9483 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9484 				  NL80211_FLAG_NEED_RTNL,
9485 	},
9486 	{
9487 		.cmd = NL80211_CMD_PROBE_CLIENT,
9488 		.doit = nl80211_probe_client,
9489 		.policy = nl80211_policy,
9490 		.flags = GENL_ADMIN_PERM,
9491 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9492 				  NL80211_FLAG_NEED_RTNL,
9493 	},
9494 	{
9495 		.cmd = NL80211_CMD_REGISTER_BEACONS,
9496 		.doit = nl80211_register_beacons,
9497 		.policy = nl80211_policy,
9498 		.flags = GENL_ADMIN_PERM,
9499 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9500 				  NL80211_FLAG_NEED_RTNL,
9501 	},
9502 	{
9503 		.cmd = NL80211_CMD_SET_NOACK_MAP,
9504 		.doit = nl80211_set_noack_map,
9505 		.policy = nl80211_policy,
9506 		.flags = GENL_ADMIN_PERM,
9507 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9508 				  NL80211_FLAG_NEED_RTNL,
9509 	},
9510 	{
9511 		.cmd = NL80211_CMD_START_P2P_DEVICE,
9512 		.doit = nl80211_start_p2p_device,
9513 		.policy = nl80211_policy,
9514 		.flags = GENL_ADMIN_PERM,
9515 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9516 				  NL80211_FLAG_NEED_RTNL,
9517 	},
9518 	{
9519 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
9520 		.doit = nl80211_stop_p2p_device,
9521 		.policy = nl80211_policy,
9522 		.flags = GENL_ADMIN_PERM,
9523 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9524 				  NL80211_FLAG_NEED_RTNL,
9525 	},
9526 	{
9527 		.cmd = NL80211_CMD_SET_MCAST_RATE,
9528 		.doit = nl80211_set_mcast_rate,
9529 		.policy = nl80211_policy,
9530 		.flags = GENL_ADMIN_PERM,
9531 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9532 				  NL80211_FLAG_NEED_RTNL,
9533 	},
9534 	{
9535 		.cmd = NL80211_CMD_SET_MAC_ACL,
9536 		.doit = nl80211_set_mac_acl,
9537 		.policy = nl80211_policy,
9538 		.flags = GENL_ADMIN_PERM,
9539 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9540 				  NL80211_FLAG_NEED_RTNL,
9541 	},
9542 	{
9543 		.cmd = NL80211_CMD_RADAR_DETECT,
9544 		.doit = nl80211_start_radar_detection,
9545 		.policy = nl80211_policy,
9546 		.flags = GENL_ADMIN_PERM,
9547 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9548 				  NL80211_FLAG_NEED_RTNL,
9549 	},
9550 	{
9551 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
9552 		.doit = nl80211_get_protocol_features,
9553 		.policy = nl80211_policy,
9554 	},
9555 	{
9556 		.cmd = NL80211_CMD_UPDATE_FT_IES,
9557 		.doit = nl80211_update_ft_ies,
9558 		.policy = nl80211_policy,
9559 		.flags = GENL_ADMIN_PERM,
9560 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9561 				  NL80211_FLAG_NEED_RTNL,
9562 	},
9563 	{
9564 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
9565 		.doit = nl80211_crit_protocol_start,
9566 		.policy = nl80211_policy,
9567 		.flags = GENL_ADMIN_PERM,
9568 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9569 				  NL80211_FLAG_NEED_RTNL,
9570 	},
9571 	{
9572 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
9573 		.doit = nl80211_crit_protocol_stop,
9574 		.policy = nl80211_policy,
9575 		.flags = GENL_ADMIN_PERM,
9576 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9577 				  NL80211_FLAG_NEED_RTNL,
9578 	},
9579 	{
9580 		.cmd = NL80211_CMD_GET_COALESCE,
9581 		.doit = nl80211_get_coalesce,
9582 		.policy = nl80211_policy,
9583 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9584 				  NL80211_FLAG_NEED_RTNL,
9585 	},
9586 	{
9587 		.cmd = NL80211_CMD_SET_COALESCE,
9588 		.doit = nl80211_set_coalesce,
9589 		.policy = nl80211_policy,
9590 		.flags = GENL_ADMIN_PERM,
9591 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9592 				  NL80211_FLAG_NEED_RTNL,
9593 	},
9594 	{
9595 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
9596 		.doit = nl80211_channel_switch,
9597 		.policy = nl80211_policy,
9598 		.flags = GENL_ADMIN_PERM,
9599 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9600 				  NL80211_FLAG_NEED_RTNL,
9601 	},
9602 };
9603 
9604 /* notification functions */
9605 
9606 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
9607 {
9608 	struct sk_buff *msg;
9609 	struct nl80211_dump_wiphy_state state = {};
9610 
9611 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9612 	if (!msg)
9613 		return;
9614 
9615 	if (nl80211_send_wiphy(rdev, msg, 0, 0, 0, &state) < 0) {
9616 		nlmsg_free(msg);
9617 		return;
9618 	}
9619 
9620 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
9621 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
9622 }
9623 
9624 static int nl80211_add_scan_req(struct sk_buff *msg,
9625 				struct cfg80211_registered_device *rdev)
9626 {
9627 	struct cfg80211_scan_request *req = rdev->scan_req;
9628 	struct nlattr *nest;
9629 	int i;
9630 
9631 	if (WARN_ON(!req))
9632 		return 0;
9633 
9634 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
9635 	if (!nest)
9636 		goto nla_put_failure;
9637 	for (i = 0; i < req->n_ssids; i++) {
9638 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
9639 			goto nla_put_failure;
9640 	}
9641 	nla_nest_end(msg, nest);
9642 
9643 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
9644 	if (!nest)
9645 		goto nla_put_failure;
9646 	for (i = 0; i < req->n_channels; i++) {
9647 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
9648 			goto nla_put_failure;
9649 	}
9650 	nla_nest_end(msg, nest);
9651 
9652 	if (req->ie &&
9653 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
9654 		goto nla_put_failure;
9655 
9656 	if (req->flags &&
9657 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
9658 		goto nla_put_failure;
9659 
9660 	return 0;
9661  nla_put_failure:
9662 	return -ENOBUFS;
9663 }
9664 
9665 static int nl80211_send_scan_msg(struct sk_buff *msg,
9666 				 struct cfg80211_registered_device *rdev,
9667 				 struct wireless_dev *wdev,
9668 				 u32 portid, u32 seq, int flags,
9669 				 u32 cmd)
9670 {
9671 	void *hdr;
9672 
9673 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
9674 	if (!hdr)
9675 		return -1;
9676 
9677 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9678 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
9679 					 wdev->netdev->ifindex)) ||
9680 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
9681 		goto nla_put_failure;
9682 
9683 	/* ignore errors and send incomplete event anyway */
9684 	nl80211_add_scan_req(msg, rdev);
9685 
9686 	return genlmsg_end(msg, hdr);
9687 
9688  nla_put_failure:
9689 	genlmsg_cancel(msg, hdr);
9690 	return -EMSGSIZE;
9691 }
9692 
9693 static int
9694 nl80211_send_sched_scan_msg(struct sk_buff *msg,
9695 			    struct cfg80211_registered_device *rdev,
9696 			    struct net_device *netdev,
9697 			    u32 portid, u32 seq, int flags, u32 cmd)
9698 {
9699 	void *hdr;
9700 
9701 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
9702 	if (!hdr)
9703 		return -1;
9704 
9705 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9706 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
9707 		goto nla_put_failure;
9708 
9709 	return genlmsg_end(msg, hdr);
9710 
9711  nla_put_failure:
9712 	genlmsg_cancel(msg, hdr);
9713 	return -EMSGSIZE;
9714 }
9715 
9716 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
9717 			     struct wireless_dev *wdev)
9718 {
9719 	struct sk_buff *msg;
9720 
9721 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9722 	if (!msg)
9723 		return;
9724 
9725 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
9726 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
9727 		nlmsg_free(msg);
9728 		return;
9729 	}
9730 
9731 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
9732 				NL80211_MCGRP_SCAN, GFP_KERNEL);
9733 }
9734 
9735 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
9736 			    struct wireless_dev *wdev)
9737 {
9738 	struct sk_buff *msg;
9739 
9740 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9741 	if (!msg)
9742 		return;
9743 
9744 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
9745 				  NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
9746 		nlmsg_free(msg);
9747 		return;
9748 	}
9749 
9750 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
9751 				NL80211_MCGRP_SCAN, GFP_KERNEL);
9752 }
9753 
9754 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
9755 			       struct wireless_dev *wdev)
9756 {
9757 	struct sk_buff *msg;
9758 
9759 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9760 	if (!msg)
9761 		return;
9762 
9763 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
9764 				  NL80211_CMD_SCAN_ABORTED) < 0) {
9765 		nlmsg_free(msg);
9766 		return;
9767 	}
9768 
9769 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
9770 				NL80211_MCGRP_SCAN, GFP_KERNEL);
9771 }
9772 
9773 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
9774 				     struct net_device *netdev)
9775 {
9776 	struct sk_buff *msg;
9777 
9778 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9779 	if (!msg)
9780 		return;
9781 
9782 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
9783 					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
9784 		nlmsg_free(msg);
9785 		return;
9786 	}
9787 
9788 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
9789 				NL80211_MCGRP_SCAN, GFP_KERNEL);
9790 }
9791 
9792 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
9793 			     struct net_device *netdev, u32 cmd)
9794 {
9795 	struct sk_buff *msg;
9796 
9797 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9798 	if (!msg)
9799 		return;
9800 
9801 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
9802 		nlmsg_free(msg);
9803 		return;
9804 	}
9805 
9806 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
9807 				NL80211_MCGRP_SCAN, GFP_KERNEL);
9808 }
9809 
9810 /*
9811  * This can happen on global regulatory changes or device specific settings
9812  * based on custom world regulatory domains.
9813  */
9814 void nl80211_send_reg_change_event(struct regulatory_request *request)
9815 {
9816 	struct sk_buff *msg;
9817 	void *hdr;
9818 
9819 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9820 	if (!msg)
9821 		return;
9822 
9823 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
9824 	if (!hdr) {
9825 		nlmsg_free(msg);
9826 		return;
9827 	}
9828 
9829 	/* Userspace can always count this one always being set */
9830 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
9831 		goto nla_put_failure;
9832 
9833 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
9834 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
9835 			       NL80211_REGDOM_TYPE_WORLD))
9836 			goto nla_put_failure;
9837 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
9838 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
9839 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
9840 			goto nla_put_failure;
9841 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
9842 		   request->intersect) {
9843 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
9844 			       NL80211_REGDOM_TYPE_INTERSECTION))
9845 			goto nla_put_failure;
9846 	} else {
9847 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
9848 			       NL80211_REGDOM_TYPE_COUNTRY) ||
9849 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
9850 				   request->alpha2))
9851 			goto nla_put_failure;
9852 	}
9853 
9854 	if (request->wiphy_idx != WIPHY_IDX_INVALID &&
9855 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
9856 		goto nla_put_failure;
9857 
9858 	genlmsg_end(msg, hdr);
9859 
9860 	rcu_read_lock();
9861 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
9862 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
9863 	rcu_read_unlock();
9864 
9865 	return;
9866 
9867 nla_put_failure:
9868 	genlmsg_cancel(msg, hdr);
9869 	nlmsg_free(msg);
9870 }
9871 
9872 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
9873 				    struct net_device *netdev,
9874 				    const u8 *buf, size_t len,
9875 				    enum nl80211_commands cmd, gfp_t gfp)
9876 {
9877 	struct sk_buff *msg;
9878 	void *hdr;
9879 
9880 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9881 	if (!msg)
9882 		return;
9883 
9884 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
9885 	if (!hdr) {
9886 		nlmsg_free(msg);
9887 		return;
9888 	}
9889 
9890 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9891 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9892 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
9893 		goto nla_put_failure;
9894 
9895 	genlmsg_end(msg, hdr);
9896 
9897 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
9898 				NL80211_MCGRP_MLME, gfp);
9899 	return;
9900 
9901  nla_put_failure:
9902 	genlmsg_cancel(msg, hdr);
9903 	nlmsg_free(msg);
9904 }
9905 
9906 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
9907 			  struct net_device *netdev, const u8 *buf,
9908 			  size_t len, gfp_t gfp)
9909 {
9910 	nl80211_send_mlme_event(rdev, netdev, buf, len,
9911 				NL80211_CMD_AUTHENTICATE, gfp);
9912 }
9913 
9914 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
9915 			   struct net_device *netdev, const u8 *buf,
9916 			   size_t len, gfp_t gfp)
9917 {
9918 	nl80211_send_mlme_event(rdev, netdev, buf, len,
9919 				NL80211_CMD_ASSOCIATE, gfp);
9920 }
9921 
9922 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
9923 			 struct net_device *netdev, const u8 *buf,
9924 			 size_t len, gfp_t gfp)
9925 {
9926 	nl80211_send_mlme_event(rdev, netdev, buf, len,
9927 				NL80211_CMD_DEAUTHENTICATE, gfp);
9928 }
9929 
9930 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
9931 			   struct net_device *netdev, const u8 *buf,
9932 			   size_t len, gfp_t gfp)
9933 {
9934 	nl80211_send_mlme_event(rdev, netdev, buf, len,
9935 				NL80211_CMD_DISASSOCIATE, gfp);
9936 }
9937 
9938 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
9939 				  size_t len)
9940 {
9941 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9942 	struct wiphy *wiphy = wdev->wiphy;
9943 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9944 	const struct ieee80211_mgmt *mgmt = (void *)buf;
9945 	u32 cmd;
9946 
9947 	if (WARN_ON(len < 2))
9948 		return;
9949 
9950 	if (ieee80211_is_deauth(mgmt->frame_control))
9951 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
9952 	else
9953 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
9954 
9955 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
9956 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC);
9957 }
9958 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
9959 
9960 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
9961 				      struct net_device *netdev, int cmd,
9962 				      const u8 *addr, gfp_t gfp)
9963 {
9964 	struct sk_buff *msg;
9965 	void *hdr;
9966 
9967 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9968 	if (!msg)
9969 		return;
9970 
9971 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
9972 	if (!hdr) {
9973 		nlmsg_free(msg);
9974 		return;
9975 	}
9976 
9977 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9978 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9979 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
9980 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
9981 		goto nla_put_failure;
9982 
9983 	genlmsg_end(msg, hdr);
9984 
9985 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
9986 				NL80211_MCGRP_MLME, gfp);
9987 	return;
9988 
9989  nla_put_failure:
9990 	genlmsg_cancel(msg, hdr);
9991 	nlmsg_free(msg);
9992 }
9993 
9994 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
9995 			       struct net_device *netdev, const u8 *addr,
9996 			       gfp_t gfp)
9997 {
9998 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
9999 				  addr, gfp);
10000 }
10001 
10002 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
10003 				struct net_device *netdev, const u8 *addr,
10004 				gfp_t gfp)
10005 {
10006 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
10007 				  addr, gfp);
10008 }
10009 
10010 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
10011 				 struct net_device *netdev, const u8 *bssid,
10012 				 const u8 *req_ie, size_t req_ie_len,
10013 				 const u8 *resp_ie, size_t resp_ie_len,
10014 				 u16 status, gfp_t gfp)
10015 {
10016 	struct sk_buff *msg;
10017 	void *hdr;
10018 
10019 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10020 	if (!msg)
10021 		return;
10022 
10023 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
10024 	if (!hdr) {
10025 		nlmsg_free(msg);
10026 		return;
10027 	}
10028 
10029 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10030 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10031 	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
10032 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
10033 	    (req_ie &&
10034 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10035 	    (resp_ie &&
10036 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10037 		goto nla_put_failure;
10038 
10039 	genlmsg_end(msg, hdr);
10040 
10041 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10042 				NL80211_MCGRP_MLME, gfp);
10043 	return;
10044 
10045  nla_put_failure:
10046 	genlmsg_cancel(msg, hdr);
10047 	nlmsg_free(msg);
10048 
10049 }
10050 
10051 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
10052 			 struct net_device *netdev, const u8 *bssid,
10053 			 const u8 *req_ie, size_t req_ie_len,
10054 			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
10055 {
10056 	struct sk_buff *msg;
10057 	void *hdr;
10058 
10059 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10060 	if (!msg)
10061 		return;
10062 
10063 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
10064 	if (!hdr) {
10065 		nlmsg_free(msg);
10066 		return;
10067 	}
10068 
10069 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10070 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10071 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
10072 	    (req_ie &&
10073 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10074 	    (resp_ie &&
10075 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10076 		goto nla_put_failure;
10077 
10078 	genlmsg_end(msg, hdr);
10079 
10080 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10081 				NL80211_MCGRP_MLME, gfp);
10082 	return;
10083 
10084  nla_put_failure:
10085 	genlmsg_cancel(msg, hdr);
10086 	nlmsg_free(msg);
10087 
10088 }
10089 
10090 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
10091 			       struct net_device *netdev, u16 reason,
10092 			       const u8 *ie, size_t ie_len, bool from_ap)
10093 {
10094 	struct sk_buff *msg;
10095 	void *hdr;
10096 
10097 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10098 	if (!msg)
10099 		return;
10100 
10101 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
10102 	if (!hdr) {
10103 		nlmsg_free(msg);
10104 		return;
10105 	}
10106 
10107 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10108 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10109 	    (from_ap && reason &&
10110 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
10111 	    (from_ap &&
10112 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
10113 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
10114 		goto nla_put_failure;
10115 
10116 	genlmsg_end(msg, hdr);
10117 
10118 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10119 				NL80211_MCGRP_MLME, GFP_KERNEL);
10120 	return;
10121 
10122  nla_put_failure:
10123 	genlmsg_cancel(msg, hdr);
10124 	nlmsg_free(msg);
10125 
10126 }
10127 
10128 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
10129 			     struct net_device *netdev, const u8 *bssid,
10130 			     gfp_t gfp)
10131 {
10132 	struct sk_buff *msg;
10133 	void *hdr;
10134 
10135 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10136 	if (!msg)
10137 		return;
10138 
10139 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
10140 	if (!hdr) {
10141 		nlmsg_free(msg);
10142 		return;
10143 	}
10144 
10145 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10146 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10147 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
10148 		goto nla_put_failure;
10149 
10150 	genlmsg_end(msg, hdr);
10151 
10152 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10153 				NL80211_MCGRP_MLME, gfp);
10154 	return;
10155 
10156  nla_put_failure:
10157 	genlmsg_cancel(msg, hdr);
10158 	nlmsg_free(msg);
10159 }
10160 
10161 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
10162 					const u8* ie, u8 ie_len, gfp_t gfp)
10163 {
10164 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10165 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10166 	struct sk_buff *msg;
10167 	void *hdr;
10168 
10169 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
10170 		return;
10171 
10172 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
10173 
10174 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10175 	if (!msg)
10176 		return;
10177 
10178 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
10179 	if (!hdr) {
10180 		nlmsg_free(msg);
10181 		return;
10182 	}
10183 
10184 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10185 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10186 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
10187 	    (ie_len && ie &&
10188 	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
10189 		goto nla_put_failure;
10190 
10191 	genlmsg_end(msg, hdr);
10192 
10193 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10194 				NL80211_MCGRP_MLME, gfp);
10195 	return;
10196 
10197  nla_put_failure:
10198 	genlmsg_cancel(msg, hdr);
10199 	nlmsg_free(msg);
10200 }
10201 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
10202 
10203 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
10204 				 struct net_device *netdev, const u8 *addr,
10205 				 enum nl80211_key_type key_type, int key_id,
10206 				 const u8 *tsc, gfp_t gfp)
10207 {
10208 	struct sk_buff *msg;
10209 	void *hdr;
10210 
10211 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10212 	if (!msg)
10213 		return;
10214 
10215 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
10216 	if (!hdr) {
10217 		nlmsg_free(msg);
10218 		return;
10219 	}
10220 
10221 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10222 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10223 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
10224 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
10225 	    (key_id != -1 &&
10226 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
10227 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
10228 		goto nla_put_failure;
10229 
10230 	genlmsg_end(msg, hdr);
10231 
10232 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10233 				NL80211_MCGRP_MLME, gfp);
10234 	return;
10235 
10236  nla_put_failure:
10237 	genlmsg_cancel(msg, hdr);
10238 	nlmsg_free(msg);
10239 }
10240 
10241 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
10242 				    struct ieee80211_channel *channel_before,
10243 				    struct ieee80211_channel *channel_after)
10244 {
10245 	struct sk_buff *msg;
10246 	void *hdr;
10247 	struct nlattr *nl_freq;
10248 
10249 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
10250 	if (!msg)
10251 		return;
10252 
10253 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
10254 	if (!hdr) {
10255 		nlmsg_free(msg);
10256 		return;
10257 	}
10258 
10259 	/*
10260 	 * Since we are applying the beacon hint to a wiphy we know its
10261 	 * wiphy_idx is valid
10262 	 */
10263 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
10264 		goto nla_put_failure;
10265 
10266 	/* Before */
10267 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
10268 	if (!nl_freq)
10269 		goto nla_put_failure;
10270 	if (nl80211_msg_put_channel(msg, channel_before, false))
10271 		goto nla_put_failure;
10272 	nla_nest_end(msg, nl_freq);
10273 
10274 	/* After */
10275 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
10276 	if (!nl_freq)
10277 		goto nla_put_failure;
10278 	if (nl80211_msg_put_channel(msg, channel_after, false))
10279 		goto nla_put_failure;
10280 	nla_nest_end(msg, nl_freq);
10281 
10282 	genlmsg_end(msg, hdr);
10283 
10284 	rcu_read_lock();
10285 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10286 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10287 	rcu_read_unlock();
10288 
10289 	return;
10290 
10291 nla_put_failure:
10292 	genlmsg_cancel(msg, hdr);
10293 	nlmsg_free(msg);
10294 }
10295 
10296 static void nl80211_send_remain_on_chan_event(
10297 	int cmd, struct cfg80211_registered_device *rdev,
10298 	struct wireless_dev *wdev, u64 cookie,
10299 	struct ieee80211_channel *chan,
10300 	unsigned int duration, gfp_t gfp)
10301 {
10302 	struct sk_buff *msg;
10303 	void *hdr;
10304 
10305 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10306 	if (!msg)
10307 		return;
10308 
10309 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10310 	if (!hdr) {
10311 		nlmsg_free(msg);
10312 		return;
10313 	}
10314 
10315 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10316 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10317 					 wdev->netdev->ifindex)) ||
10318 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10319 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
10320 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
10321 			NL80211_CHAN_NO_HT) ||
10322 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
10323 		goto nla_put_failure;
10324 
10325 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
10326 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
10327 		goto nla_put_failure;
10328 
10329 	genlmsg_end(msg, hdr);
10330 
10331 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10332 				NL80211_MCGRP_MLME, gfp);
10333 	return;
10334 
10335  nla_put_failure:
10336 	genlmsg_cancel(msg, hdr);
10337 	nlmsg_free(msg);
10338 }
10339 
10340 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
10341 			       struct ieee80211_channel *chan,
10342 			       unsigned int duration, gfp_t gfp)
10343 {
10344 	struct wiphy *wiphy = wdev->wiphy;
10345 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10346 
10347 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
10348 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
10349 					  rdev, wdev, cookie, chan,
10350 					  duration, gfp);
10351 }
10352 EXPORT_SYMBOL(cfg80211_ready_on_channel);
10353 
10354 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
10355 					struct ieee80211_channel *chan,
10356 					gfp_t gfp)
10357 {
10358 	struct wiphy *wiphy = wdev->wiphy;
10359 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10360 
10361 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
10362 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
10363 					  rdev, wdev, cookie, chan, 0, gfp);
10364 }
10365 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
10366 
10367 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
10368 		      struct station_info *sinfo, gfp_t gfp)
10369 {
10370 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10371 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10372 	struct sk_buff *msg;
10373 
10374 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
10375 
10376 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10377 	if (!msg)
10378 		return;
10379 
10380 	if (nl80211_send_station(msg, 0, 0, 0,
10381 				 rdev, dev, mac_addr, sinfo) < 0) {
10382 		nlmsg_free(msg);
10383 		return;
10384 	}
10385 
10386 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10387 				NL80211_MCGRP_MLME, gfp);
10388 }
10389 EXPORT_SYMBOL(cfg80211_new_sta);
10390 
10391 void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp)
10392 {
10393 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10394 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10395 	struct sk_buff *msg;
10396 	void *hdr;
10397 
10398 	trace_cfg80211_del_sta(dev, mac_addr);
10399 
10400 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10401 	if (!msg)
10402 		return;
10403 
10404 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
10405 	if (!hdr) {
10406 		nlmsg_free(msg);
10407 		return;
10408 	}
10409 
10410 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10411 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
10412 		goto nla_put_failure;
10413 
10414 	genlmsg_end(msg, hdr);
10415 
10416 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10417 				NL80211_MCGRP_MLME, gfp);
10418 	return;
10419 
10420  nla_put_failure:
10421 	genlmsg_cancel(msg, hdr);
10422 	nlmsg_free(msg);
10423 }
10424 EXPORT_SYMBOL(cfg80211_del_sta);
10425 
10426 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
10427 			  enum nl80211_connect_failed_reason reason,
10428 			  gfp_t gfp)
10429 {
10430 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10431 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10432 	struct sk_buff *msg;
10433 	void *hdr;
10434 
10435 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
10436 	if (!msg)
10437 		return;
10438 
10439 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
10440 	if (!hdr) {
10441 		nlmsg_free(msg);
10442 		return;
10443 	}
10444 
10445 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10446 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
10447 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
10448 		goto nla_put_failure;
10449 
10450 	genlmsg_end(msg, hdr);
10451 
10452 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10453 				NL80211_MCGRP_MLME, gfp);
10454 	return;
10455 
10456  nla_put_failure:
10457 	genlmsg_cancel(msg, hdr);
10458 	nlmsg_free(msg);
10459 }
10460 EXPORT_SYMBOL(cfg80211_conn_failed);
10461 
10462 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
10463 				       const u8 *addr, gfp_t gfp)
10464 {
10465 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10466 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10467 	struct sk_buff *msg;
10468 	void *hdr;
10469 	u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
10470 
10471 	if (!nlportid)
10472 		return false;
10473 
10474 	msg = nlmsg_new(100, gfp);
10475 	if (!msg)
10476 		return true;
10477 
10478 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10479 	if (!hdr) {
10480 		nlmsg_free(msg);
10481 		return true;
10482 	}
10483 
10484 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10485 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10486 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
10487 		goto nla_put_failure;
10488 
10489 	genlmsg_end(msg, hdr);
10490 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10491 	return true;
10492 
10493  nla_put_failure:
10494 	genlmsg_cancel(msg, hdr);
10495 	nlmsg_free(msg);
10496 	return true;
10497 }
10498 
10499 bool cfg80211_rx_spurious_frame(struct net_device *dev,
10500 				const u8 *addr, gfp_t gfp)
10501 {
10502 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10503 	bool ret;
10504 
10505 	trace_cfg80211_rx_spurious_frame(dev, addr);
10506 
10507 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
10508 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
10509 		trace_cfg80211_return_bool(false);
10510 		return false;
10511 	}
10512 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
10513 					 addr, gfp);
10514 	trace_cfg80211_return_bool(ret);
10515 	return ret;
10516 }
10517 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
10518 
10519 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
10520 					const u8 *addr, gfp_t gfp)
10521 {
10522 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10523 	bool ret;
10524 
10525 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
10526 
10527 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
10528 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
10529 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
10530 		trace_cfg80211_return_bool(false);
10531 		return false;
10532 	}
10533 	ret = __nl80211_unexpected_frame(dev,
10534 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
10535 					 addr, gfp);
10536 	trace_cfg80211_return_bool(ret);
10537 	return ret;
10538 }
10539 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
10540 
10541 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
10542 		      struct wireless_dev *wdev, u32 nlportid,
10543 		      int freq, int sig_dbm,
10544 		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
10545 {
10546 	struct net_device *netdev = wdev->netdev;
10547 	struct sk_buff *msg;
10548 	void *hdr;
10549 
10550 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10551 	if (!msg)
10552 		return -ENOMEM;
10553 
10554 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
10555 	if (!hdr) {
10556 		nlmsg_free(msg);
10557 		return -ENOMEM;
10558 	}
10559 
10560 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10561 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10562 					netdev->ifindex)) ||
10563 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10564 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
10565 	    (sig_dbm &&
10566 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
10567 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
10568 	    (flags &&
10569 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
10570 		goto nla_put_failure;
10571 
10572 	genlmsg_end(msg, hdr);
10573 
10574 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10575 
10576  nla_put_failure:
10577 	genlmsg_cancel(msg, hdr);
10578 	nlmsg_free(msg);
10579 	return -ENOBUFS;
10580 }
10581 
10582 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
10583 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
10584 {
10585 	struct wiphy *wiphy = wdev->wiphy;
10586 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10587 	struct net_device *netdev = wdev->netdev;
10588 	struct sk_buff *msg;
10589 	void *hdr;
10590 
10591 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
10592 
10593 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10594 	if (!msg)
10595 		return;
10596 
10597 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
10598 	if (!hdr) {
10599 		nlmsg_free(msg);
10600 		return;
10601 	}
10602 
10603 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10604 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10605 				   netdev->ifindex)) ||
10606 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10607 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
10608 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
10609 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
10610 		goto nla_put_failure;
10611 
10612 	genlmsg_end(msg, hdr);
10613 
10614 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10615 				NL80211_MCGRP_MLME, gfp);
10616 	return;
10617 
10618  nla_put_failure:
10619 	genlmsg_cancel(msg, hdr);
10620 	nlmsg_free(msg);
10621 }
10622 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
10623 
10624 void cfg80211_cqm_rssi_notify(struct net_device *dev,
10625 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
10626 			      gfp_t gfp)
10627 {
10628 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10629 	struct wiphy *wiphy = wdev->wiphy;
10630 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10631 	struct sk_buff *msg;
10632 	struct nlattr *pinfoattr;
10633 	void *hdr;
10634 
10635 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
10636 
10637 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10638 	if (!msg)
10639 		return;
10640 
10641 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
10642 	if (!hdr) {
10643 		nlmsg_free(msg);
10644 		return;
10645 	}
10646 
10647 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10648 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
10649 		goto nla_put_failure;
10650 
10651 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
10652 	if (!pinfoattr)
10653 		goto nla_put_failure;
10654 
10655 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
10656 			rssi_event))
10657 		goto nla_put_failure;
10658 
10659 	nla_nest_end(msg, pinfoattr);
10660 
10661 	genlmsg_end(msg, hdr);
10662 
10663 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10664 				NL80211_MCGRP_MLME, gfp);
10665 	return;
10666 
10667  nla_put_failure:
10668 	genlmsg_cancel(msg, hdr);
10669 	nlmsg_free(msg);
10670 }
10671 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
10672 
10673 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
10674 				     struct net_device *netdev, const u8 *bssid,
10675 				     const u8 *replay_ctr, gfp_t gfp)
10676 {
10677 	struct sk_buff *msg;
10678 	struct nlattr *rekey_attr;
10679 	void *hdr;
10680 
10681 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10682 	if (!msg)
10683 		return;
10684 
10685 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
10686 	if (!hdr) {
10687 		nlmsg_free(msg);
10688 		return;
10689 	}
10690 
10691 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10692 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10693 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
10694 		goto nla_put_failure;
10695 
10696 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
10697 	if (!rekey_attr)
10698 		goto nla_put_failure;
10699 
10700 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
10701 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
10702 		goto nla_put_failure;
10703 
10704 	nla_nest_end(msg, rekey_attr);
10705 
10706 	genlmsg_end(msg, hdr);
10707 
10708 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10709 				NL80211_MCGRP_MLME, gfp);
10710 	return;
10711 
10712  nla_put_failure:
10713 	genlmsg_cancel(msg, hdr);
10714 	nlmsg_free(msg);
10715 }
10716 
10717 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
10718 			       const u8 *replay_ctr, gfp_t gfp)
10719 {
10720 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10721 	struct wiphy *wiphy = wdev->wiphy;
10722 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10723 
10724 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
10725 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
10726 }
10727 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
10728 
10729 static void
10730 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
10731 			       struct net_device *netdev, int index,
10732 			       const u8 *bssid, bool preauth, gfp_t gfp)
10733 {
10734 	struct sk_buff *msg;
10735 	struct nlattr *attr;
10736 	void *hdr;
10737 
10738 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10739 	if (!msg)
10740 		return;
10741 
10742 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
10743 	if (!hdr) {
10744 		nlmsg_free(msg);
10745 		return;
10746 	}
10747 
10748 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10749 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
10750 		goto nla_put_failure;
10751 
10752 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
10753 	if (!attr)
10754 		goto nla_put_failure;
10755 
10756 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
10757 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
10758 	    (preauth &&
10759 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
10760 		goto nla_put_failure;
10761 
10762 	nla_nest_end(msg, attr);
10763 
10764 	genlmsg_end(msg, hdr);
10765 
10766 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10767 				NL80211_MCGRP_MLME, gfp);
10768 	return;
10769 
10770  nla_put_failure:
10771 	genlmsg_cancel(msg, hdr);
10772 	nlmsg_free(msg);
10773 }
10774 
10775 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
10776 				     const u8 *bssid, bool preauth, gfp_t gfp)
10777 {
10778 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10779 	struct wiphy *wiphy = wdev->wiphy;
10780 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10781 
10782 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
10783 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
10784 }
10785 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
10786 
10787 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
10788 				     struct net_device *netdev,
10789 				     struct cfg80211_chan_def *chandef,
10790 				     gfp_t gfp)
10791 {
10792 	struct sk_buff *msg;
10793 	void *hdr;
10794 
10795 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10796 	if (!msg)
10797 		return;
10798 
10799 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY);
10800 	if (!hdr) {
10801 		nlmsg_free(msg);
10802 		return;
10803 	}
10804 
10805 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
10806 		goto nla_put_failure;
10807 
10808 	if (nl80211_send_chandef(msg, chandef))
10809 		goto nla_put_failure;
10810 
10811 	genlmsg_end(msg, hdr);
10812 
10813 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10814 				NL80211_MCGRP_MLME, gfp);
10815 	return;
10816 
10817  nla_put_failure:
10818 	genlmsg_cancel(msg, hdr);
10819 	nlmsg_free(msg);
10820 }
10821 
10822 void cfg80211_ch_switch_notify(struct net_device *dev,
10823 			       struct cfg80211_chan_def *chandef)
10824 {
10825 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10826 	struct wiphy *wiphy = wdev->wiphy;
10827 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10828 
10829 	ASSERT_WDEV_LOCK(wdev);
10830 
10831 	trace_cfg80211_ch_switch_notify(dev, chandef);
10832 
10833 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
10834 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
10835 		    wdev->iftype != NL80211_IFTYPE_ADHOC &&
10836 		    wdev->iftype != NL80211_IFTYPE_MESH_POINT))
10837 		return;
10838 
10839 	wdev->channel = chandef->chan;
10840 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
10841 }
10842 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
10843 
10844 void cfg80211_cqm_txe_notify(struct net_device *dev,
10845 			     const u8 *peer, u32 num_packets,
10846 			     u32 rate, u32 intvl, gfp_t gfp)
10847 {
10848 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10849 	struct wiphy *wiphy = wdev->wiphy;
10850 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10851 	struct sk_buff *msg;
10852 	struct nlattr *pinfoattr;
10853 	void *hdr;
10854 
10855 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
10856 	if (!msg)
10857 		return;
10858 
10859 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
10860 	if (!hdr) {
10861 		nlmsg_free(msg);
10862 		return;
10863 	}
10864 
10865 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10866 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10867 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
10868 		goto nla_put_failure;
10869 
10870 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
10871 	if (!pinfoattr)
10872 		goto nla_put_failure;
10873 
10874 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
10875 		goto nla_put_failure;
10876 
10877 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
10878 		goto nla_put_failure;
10879 
10880 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
10881 		goto nla_put_failure;
10882 
10883 	nla_nest_end(msg, pinfoattr);
10884 
10885 	genlmsg_end(msg, hdr);
10886 
10887 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10888 				NL80211_MCGRP_MLME, gfp);
10889 	return;
10890 
10891  nla_put_failure:
10892 	genlmsg_cancel(msg, hdr);
10893 	nlmsg_free(msg);
10894 }
10895 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
10896 
10897 void
10898 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
10899 		     const struct cfg80211_chan_def *chandef,
10900 		     enum nl80211_radar_event event,
10901 		     struct net_device *netdev, gfp_t gfp)
10902 {
10903 	struct sk_buff *msg;
10904 	void *hdr;
10905 
10906 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10907 	if (!msg)
10908 		return;
10909 
10910 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
10911 	if (!hdr) {
10912 		nlmsg_free(msg);
10913 		return;
10914 	}
10915 
10916 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
10917 		goto nla_put_failure;
10918 
10919 	/* NOP and radar events don't need a netdev parameter */
10920 	if (netdev) {
10921 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
10922 
10923 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10924 		    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10925 			goto nla_put_failure;
10926 	}
10927 
10928 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
10929 		goto nla_put_failure;
10930 
10931 	if (nl80211_send_chandef(msg, chandef))
10932 		goto nla_put_failure;
10933 
10934 	genlmsg_end(msg, hdr);
10935 
10936 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10937 				NL80211_MCGRP_MLME, gfp);
10938 	return;
10939 
10940  nla_put_failure:
10941 	genlmsg_cancel(msg, hdr);
10942 	nlmsg_free(msg);
10943 }
10944 
10945 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
10946 				 const u8 *peer, u32 num_packets, gfp_t gfp)
10947 {
10948 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10949 	struct wiphy *wiphy = wdev->wiphy;
10950 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10951 	struct sk_buff *msg;
10952 	struct nlattr *pinfoattr;
10953 	void *hdr;
10954 
10955 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
10956 
10957 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10958 	if (!msg)
10959 		return;
10960 
10961 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
10962 	if (!hdr) {
10963 		nlmsg_free(msg);
10964 		return;
10965 	}
10966 
10967 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10968 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10969 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
10970 		goto nla_put_failure;
10971 
10972 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
10973 	if (!pinfoattr)
10974 		goto nla_put_failure;
10975 
10976 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
10977 		goto nla_put_failure;
10978 
10979 	nla_nest_end(msg, pinfoattr);
10980 
10981 	genlmsg_end(msg, hdr);
10982 
10983 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10984 				NL80211_MCGRP_MLME, gfp);
10985 	return;
10986 
10987  nla_put_failure:
10988 	genlmsg_cancel(msg, hdr);
10989 	nlmsg_free(msg);
10990 }
10991 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
10992 
10993 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
10994 			   u64 cookie, bool acked, gfp_t gfp)
10995 {
10996 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10997 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10998 	struct sk_buff *msg;
10999 	void *hdr;
11000 
11001 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
11002 
11003 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11004 
11005 	if (!msg)
11006 		return;
11007 
11008 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
11009 	if (!hdr) {
11010 		nlmsg_free(msg);
11011 		return;
11012 	}
11013 
11014 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11015 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11016 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
11017 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
11018 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
11019 		goto nla_put_failure;
11020 
11021 	genlmsg_end(msg, hdr);
11022 
11023 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11024 				NL80211_MCGRP_MLME, gfp);
11025 	return;
11026 
11027  nla_put_failure:
11028 	genlmsg_cancel(msg, hdr);
11029 	nlmsg_free(msg);
11030 }
11031 EXPORT_SYMBOL(cfg80211_probe_status);
11032 
11033 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
11034 				 const u8 *frame, size_t len,
11035 				 int freq, int sig_dbm)
11036 {
11037 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11038 	struct sk_buff *msg;
11039 	void *hdr;
11040 	struct cfg80211_beacon_registration *reg;
11041 
11042 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
11043 
11044 	spin_lock_bh(&rdev->beacon_registrations_lock);
11045 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11046 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
11047 		if (!msg) {
11048 			spin_unlock_bh(&rdev->beacon_registrations_lock);
11049 			return;
11050 		}
11051 
11052 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
11053 		if (!hdr)
11054 			goto nla_put_failure;
11055 
11056 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11057 		    (freq &&
11058 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
11059 		    (sig_dbm &&
11060 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
11061 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
11062 			goto nla_put_failure;
11063 
11064 		genlmsg_end(msg, hdr);
11065 
11066 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
11067 	}
11068 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11069 	return;
11070 
11071  nla_put_failure:
11072 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11073 	if (hdr)
11074 		genlmsg_cancel(msg, hdr);
11075 	nlmsg_free(msg);
11076 }
11077 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
11078 
11079 #ifdef CONFIG_PM
11080 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
11081 				   struct cfg80211_wowlan_wakeup *wakeup,
11082 				   gfp_t gfp)
11083 {
11084 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
11085 	struct sk_buff *msg;
11086 	void *hdr;
11087 	int size = 200;
11088 
11089 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
11090 
11091 	if (wakeup)
11092 		size += wakeup->packet_present_len;
11093 
11094 	msg = nlmsg_new(size, gfp);
11095 	if (!msg)
11096 		return;
11097 
11098 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
11099 	if (!hdr)
11100 		goto free_msg;
11101 
11102 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11103 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11104 		goto free_msg;
11105 
11106 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11107 					wdev->netdev->ifindex))
11108 		goto free_msg;
11109 
11110 	if (wakeup) {
11111 		struct nlattr *reasons;
11112 
11113 		reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
11114 		if (!reasons)
11115 			goto free_msg;
11116 
11117 		if (wakeup->disconnect &&
11118 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
11119 			goto free_msg;
11120 		if (wakeup->magic_pkt &&
11121 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
11122 			goto free_msg;
11123 		if (wakeup->gtk_rekey_failure &&
11124 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
11125 			goto free_msg;
11126 		if (wakeup->eap_identity_req &&
11127 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
11128 			goto free_msg;
11129 		if (wakeup->four_way_handshake &&
11130 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
11131 			goto free_msg;
11132 		if (wakeup->rfkill_release &&
11133 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
11134 			goto free_msg;
11135 
11136 		if (wakeup->pattern_idx >= 0 &&
11137 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
11138 				wakeup->pattern_idx))
11139 			goto free_msg;
11140 
11141 		if (wakeup->tcp_match &&
11142 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
11143 			goto free_msg;
11144 
11145 		if (wakeup->tcp_connlost &&
11146 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
11147 			goto free_msg;
11148 
11149 		if (wakeup->tcp_nomoretokens &&
11150 		    nla_put_flag(msg,
11151 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
11152 			goto free_msg;
11153 
11154 		if (wakeup->packet) {
11155 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
11156 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
11157 
11158 			if (!wakeup->packet_80211) {
11159 				pkt_attr =
11160 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
11161 				len_attr =
11162 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
11163 			}
11164 
11165 			if (wakeup->packet_len &&
11166 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
11167 				goto free_msg;
11168 
11169 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
11170 				    wakeup->packet))
11171 				goto free_msg;
11172 		}
11173 
11174 		nla_nest_end(msg, reasons);
11175 	}
11176 
11177 	genlmsg_end(msg, hdr);
11178 
11179 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11180 				NL80211_MCGRP_MLME, gfp);
11181 	return;
11182 
11183  free_msg:
11184 	nlmsg_free(msg);
11185 }
11186 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
11187 #endif
11188 
11189 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
11190 				enum nl80211_tdls_operation oper,
11191 				u16 reason_code, gfp_t gfp)
11192 {
11193 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11194 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
11195 	struct sk_buff *msg;
11196 	void *hdr;
11197 
11198 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
11199 					 reason_code);
11200 
11201 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11202 	if (!msg)
11203 		return;
11204 
11205 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
11206 	if (!hdr) {
11207 		nlmsg_free(msg);
11208 		return;
11209 	}
11210 
11211 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11212 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11213 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
11214 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
11215 	    (reason_code > 0 &&
11216 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
11217 		goto nla_put_failure;
11218 
11219 	genlmsg_end(msg, hdr);
11220 
11221 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11222 				NL80211_MCGRP_MLME, gfp);
11223 	return;
11224 
11225  nla_put_failure:
11226 	genlmsg_cancel(msg, hdr);
11227 	nlmsg_free(msg);
11228 }
11229 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
11230 
11231 static int nl80211_netlink_notify(struct notifier_block * nb,
11232 				  unsigned long state,
11233 				  void *_notify)
11234 {
11235 	struct netlink_notify *notify = _notify;
11236 	struct cfg80211_registered_device *rdev;
11237 	struct wireless_dev *wdev;
11238 	struct cfg80211_beacon_registration *reg, *tmp;
11239 
11240 	if (state != NETLINK_URELEASE)
11241 		return NOTIFY_DONE;
11242 
11243 	rcu_read_lock();
11244 
11245 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
11246 		list_for_each_entry_rcu(wdev, &rdev->wdev_list, list)
11247 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
11248 
11249 		spin_lock_bh(&rdev->beacon_registrations_lock);
11250 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
11251 					 list) {
11252 			if (reg->nlportid == notify->portid) {
11253 				list_del(&reg->list);
11254 				kfree(reg);
11255 				break;
11256 			}
11257 		}
11258 		spin_unlock_bh(&rdev->beacon_registrations_lock);
11259 	}
11260 
11261 	rcu_read_unlock();
11262 
11263 	return NOTIFY_DONE;
11264 }
11265 
11266 static struct notifier_block nl80211_netlink_notifier = {
11267 	.notifier_call = nl80211_netlink_notify,
11268 };
11269 
11270 void cfg80211_ft_event(struct net_device *netdev,
11271 		       struct cfg80211_ft_event_params *ft_event)
11272 {
11273 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
11274 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11275 	struct sk_buff *msg;
11276 	void *hdr;
11277 
11278 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
11279 
11280 	if (!ft_event->target_ap)
11281 		return;
11282 
11283 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11284 	if (!msg)
11285 		return;
11286 
11287 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
11288 	if (!hdr)
11289 		goto out;
11290 
11291 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11292 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11293 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
11294 		goto out;
11295 
11296 	if (ft_event->ies &&
11297 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
11298 		goto out;
11299 	if (ft_event->ric_ies &&
11300 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
11301 		    ft_event->ric_ies))
11302 		goto out;
11303 
11304 	genlmsg_end(msg, hdr);
11305 
11306 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11307 				NL80211_MCGRP_MLME, GFP_KERNEL);
11308 	return;
11309  out:
11310 	nlmsg_free(msg);
11311 }
11312 EXPORT_SYMBOL(cfg80211_ft_event);
11313 
11314 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
11315 {
11316 	struct cfg80211_registered_device *rdev;
11317 	struct sk_buff *msg;
11318 	void *hdr;
11319 	u32 nlportid;
11320 
11321 	rdev = wiphy_to_dev(wdev->wiphy);
11322 	if (!rdev->crit_proto_nlportid)
11323 		return;
11324 
11325 	nlportid = rdev->crit_proto_nlportid;
11326 	rdev->crit_proto_nlportid = 0;
11327 
11328 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11329 	if (!msg)
11330 		return;
11331 
11332 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
11333 	if (!hdr)
11334 		goto nla_put_failure;
11335 
11336 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11337 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11338 		goto nla_put_failure;
11339 
11340 	genlmsg_end(msg, hdr);
11341 
11342 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11343 	return;
11344 
11345  nla_put_failure:
11346 	if (hdr)
11347 		genlmsg_cancel(msg, hdr);
11348 	nlmsg_free(msg);
11349 
11350 }
11351 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
11352 
11353 /* initialisation/exit functions */
11354 
11355 int nl80211_init(void)
11356 {
11357 	int err;
11358 
11359 	err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
11360 						   nl80211_mcgrps);
11361 	if (err)
11362 		return err;
11363 
11364 	err = netlink_register_notifier(&nl80211_netlink_notifier);
11365 	if (err)
11366 		goto err_out;
11367 
11368 	return 0;
11369  err_out:
11370 	genl_unregister_family(&nl80211_fam);
11371 	return err;
11372 }
11373 
11374 void nl80211_exit(void)
11375 {
11376 	netlink_unregister_notifier(&nl80211_netlink_notifier);
11377 	genl_unregister_family(&nl80211_fam);
11378 }
11379