xref: /linux/net/wireless/nl80211.c (revision 9ee0034b8f49aaaa7e7c2da8db1038915db99c19) 
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  * Copyright 2013-2014  Intel Mobile Communications GmbH
6  * Copyright 2015-2016	Intel Deutschland GmbH
7  */
8 
9 #include <linux/if.h>
10 #include <linux/module.h>
11 #include <linux/err.h>
12 #include <linux/slab.h>
13 #include <linux/list.h>
14 #include <linux/if_ether.h>
15 #include <linux/ieee80211.h>
16 #include <linux/nl80211.h>
17 #include <linux/rtnetlink.h>
18 #include <linux/netlink.h>
19 #include <linux/etherdevice.h>
20 #include <net/net_namespace.h>
21 #include <net/genetlink.h>
22 #include <net/cfg80211.h>
23 #include <net/sock.h>
24 #include <net/inet_connection_sock.h>
25 #include "core.h"
26 #include "nl80211.h"
27 #include "reg.h"
28 #include "rdev-ops.h"
29 
30 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
31 				   struct genl_info *info,
32 				   struct cfg80211_crypto_settings *settings,
33 				   int cipher_limit);
34 
35 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
36 			    struct genl_info *info);
37 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
38 			      struct genl_info *info);
39 
40 /* the netlink family */
41 static struct genl_family nl80211_fam = {
42 	.id = GENL_ID_GENERATE,		/* don't bother with a hardcoded ID */
43 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
44 	.hdrsize = 0,			/* no private header */
45 	.version = 1,			/* no particular meaning now */
46 	.maxattr = NL80211_ATTR_MAX,
47 	.netnsok = true,
48 	.pre_doit = nl80211_pre_doit,
49 	.post_doit = nl80211_post_doit,
50 };
51 
52 /* multicast groups */
53 enum nl80211_multicast_groups {
54 	NL80211_MCGRP_CONFIG,
55 	NL80211_MCGRP_SCAN,
56 	NL80211_MCGRP_REGULATORY,
57 	NL80211_MCGRP_MLME,
58 	NL80211_MCGRP_VENDOR,
59 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
60 };
61 
62 static const struct genl_multicast_group nl80211_mcgrps[] = {
63 	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
64 	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
65 	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
66 	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
67 	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
68 #ifdef CONFIG_NL80211_TESTMODE
69 	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
70 #endif
71 };
72 
73 /* returns ERR_PTR values */
74 static struct wireless_dev *
75 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
76 {
77 	struct cfg80211_registered_device *rdev;
78 	struct wireless_dev *result = NULL;
79 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
80 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
81 	u64 wdev_id;
82 	int wiphy_idx = -1;
83 	int ifidx = -1;
84 
85 	ASSERT_RTNL();
86 
87 	if (!have_ifidx && !have_wdev_id)
88 		return ERR_PTR(-EINVAL);
89 
90 	if (have_ifidx)
91 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
92 	if (have_wdev_id) {
93 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
94 		wiphy_idx = wdev_id >> 32;
95 	}
96 
97 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
98 		struct wireless_dev *wdev;
99 
100 		if (wiphy_net(&rdev->wiphy) != netns)
101 			continue;
102 
103 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
104 			continue;
105 
106 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
107 			if (have_ifidx && wdev->netdev &&
108 			    wdev->netdev->ifindex == ifidx) {
109 				result = wdev;
110 				break;
111 			}
112 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
113 				result = wdev;
114 				break;
115 			}
116 		}
117 
118 		if (result)
119 			break;
120 	}
121 
122 	if (result)
123 		return result;
124 	return ERR_PTR(-ENODEV);
125 }
126 
127 static struct cfg80211_registered_device *
128 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
129 {
130 	struct cfg80211_registered_device *rdev = NULL, *tmp;
131 	struct net_device *netdev;
132 
133 	ASSERT_RTNL();
134 
135 	if (!attrs[NL80211_ATTR_WIPHY] &&
136 	    !attrs[NL80211_ATTR_IFINDEX] &&
137 	    !attrs[NL80211_ATTR_WDEV])
138 		return ERR_PTR(-EINVAL);
139 
140 	if (attrs[NL80211_ATTR_WIPHY])
141 		rdev = cfg80211_rdev_by_wiphy_idx(
142 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
143 
144 	if (attrs[NL80211_ATTR_WDEV]) {
145 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
146 		struct wireless_dev *wdev;
147 		bool found = false;
148 
149 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
150 		if (tmp) {
151 			/* make sure wdev exists */
152 			list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
153 				if (wdev->identifier != (u32)wdev_id)
154 					continue;
155 				found = true;
156 				break;
157 			}
158 
159 			if (!found)
160 				tmp = NULL;
161 
162 			if (rdev && tmp != rdev)
163 				return ERR_PTR(-EINVAL);
164 			rdev = tmp;
165 		}
166 	}
167 
168 	if (attrs[NL80211_ATTR_IFINDEX]) {
169 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
170 
171 		netdev = __dev_get_by_index(netns, ifindex);
172 		if (netdev) {
173 			if (netdev->ieee80211_ptr)
174 				tmp = wiphy_to_rdev(
175 					netdev->ieee80211_ptr->wiphy);
176 			else
177 				tmp = NULL;
178 
179 			/* not wireless device -- return error */
180 			if (!tmp)
181 				return ERR_PTR(-EINVAL);
182 
183 			/* mismatch -- return error */
184 			if (rdev && tmp != rdev)
185 				return ERR_PTR(-EINVAL);
186 
187 			rdev = tmp;
188 		}
189 	}
190 
191 	if (!rdev)
192 		return ERR_PTR(-ENODEV);
193 
194 	if (netns != wiphy_net(&rdev->wiphy))
195 		return ERR_PTR(-ENODEV);
196 
197 	return rdev;
198 }
199 
200 /*
201  * This function returns a pointer to the driver
202  * that the genl_info item that is passed refers to.
203  *
204  * The result of this can be a PTR_ERR and hence must
205  * be checked with IS_ERR() for errors.
206  */
207 static struct cfg80211_registered_device *
208 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
209 {
210 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
211 }
212 
213 /* policy for the attributes */
214 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
215 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
216 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
217 				      .len = 20-1 },
218 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
219 
220 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
221 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
222 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
223 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
224 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
225 
226 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
227 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
228 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
229 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
230 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
231 	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
232 
233 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
234 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
235 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
236 
237 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
238 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
239 
240 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
241 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
242 				    .len = WLAN_MAX_KEY_LEN },
243 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
244 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
245 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
246 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
247 	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
248 
249 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
250 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
251 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
252 				       .len = IEEE80211_MAX_DATA_LEN },
253 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
254 				       .len = IEEE80211_MAX_DATA_LEN },
255 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
256 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
257 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
258 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
259 					       .len = NL80211_MAX_SUPP_RATES },
260 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
261 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
262 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
263 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
264 				   .len = IEEE80211_MAX_MESH_ID_LEN },
265 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
266 
267 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
268 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
269 
270 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
271 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
272 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
273 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
274 					   .len = NL80211_MAX_SUPP_RATES },
275 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
276 
277 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
278 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
279 
280 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
281 
282 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
283 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
284 			      .len = IEEE80211_MAX_DATA_LEN },
285 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
286 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
287 
288 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
289 				.len = IEEE80211_MAX_SSID_LEN },
290 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
291 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
292 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
293 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
294 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
295 	[NL80211_ATTR_STA_FLAGS2] = {
296 		.len = sizeof(struct nl80211_sta_flag_update),
297 	},
298 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
299 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
300 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
301 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
302 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
303 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
304 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
305 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
306 	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
307 				 .len = WLAN_PMKID_LEN },
308 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
309 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
310 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
311 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
312 				 .len = IEEE80211_MAX_DATA_LEN },
313 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
314 	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
315 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
316 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
317 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
318 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
319 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
320 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
321 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
322 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
323 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
324 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
325 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
326 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
327 	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
328 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
329 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
330 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
331 	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
332 	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
333 					 .len = IEEE80211_MAX_DATA_LEN },
334 	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
335 					 .len = IEEE80211_MAX_DATA_LEN },
336 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
337 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
338 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
339 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
340 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
341 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
342 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
343 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
344 	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
345 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
346 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
347 				      .len = IEEE80211_MAX_DATA_LEN },
348 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
349 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
350 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
351 		.len = NL80211_HT_CAPABILITY_LEN
352 	},
353 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
354 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
355 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
356 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
357 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
358 	[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
359 	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
360 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
361 	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
362 	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
363 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
364 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
365 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
366 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
367 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
368 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
369 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
370 		.len = NL80211_VHT_CAPABILITY_LEN,
371 	},
372 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
373 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
374 				  .len = IEEE80211_MAX_DATA_LEN },
375 	[NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
376 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
377 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
378 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
379 	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
380 	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
381 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
382 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
383 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
384 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
385 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
386 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
387 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
388 	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
389 				   .len = IEEE80211_QOS_MAP_LEN_MAX },
390 	[NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
391 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
392 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
393 	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
394 	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
395 	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
396 	[NL80211_ATTR_TSID] = { .type = NLA_U8 },
397 	[NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
398 	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
399 	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
400 	[NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
401 	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
402 	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
403 	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
404 	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
405 	[NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
406 	[NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
407 	[NL80211_ATTR_STA_SUPPORT_P2P_PS] = { .type = NLA_U8 },
408 	[NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
409 		.len = VHT_MUMIMO_GROUPS_DATA_LEN
410 	},
411 	[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
412 };
413 
414 /* policy for the key attributes */
415 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
416 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
417 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
418 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
419 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
420 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
421 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
422 	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
423 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
424 };
425 
426 /* policy for the key default flags */
427 static const struct nla_policy
428 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
429 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
430 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
431 };
432 
433 /* policy for WoWLAN attributes */
434 static const struct nla_policy
435 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
436 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
437 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
438 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
439 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
440 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
441 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
442 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
443 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
444 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
445 	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
446 };
447 
448 static const struct nla_policy
449 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
450 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
451 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
452 	[NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
453 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
454 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
455 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
456 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
457 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
458 	},
459 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
460 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
461 	},
462 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
463 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
464 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
465 };
466 
467 /* policy for coalesce rule attributes */
468 static const struct nla_policy
469 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
470 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
471 	[NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
472 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
473 };
474 
475 /* policy for GTK rekey offload attributes */
476 static const struct nla_policy
477 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
478 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
479 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
480 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
481 };
482 
483 static const struct nla_policy
484 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
485 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
486 						 .len = IEEE80211_MAX_SSID_LEN },
487 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
488 };
489 
490 static const struct nla_policy
491 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
492 	[NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
493 	[NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
494 };
495 
496 static const struct nla_policy
497 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
498 	[NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
499 	[NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
500 	[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
501 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
502 	},
503 };
504 
505 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
506 				     struct netlink_callback *cb,
507 				     struct cfg80211_registered_device **rdev,
508 				     struct wireless_dev **wdev)
509 {
510 	int err;
511 
512 	rtnl_lock();
513 
514 	if (!cb->args[0]) {
515 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
516 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
517 				  nl80211_policy);
518 		if (err)
519 			goto out_unlock;
520 
521 		*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
522 						   nl80211_fam.attrbuf);
523 		if (IS_ERR(*wdev)) {
524 			err = PTR_ERR(*wdev);
525 			goto out_unlock;
526 		}
527 		*rdev = wiphy_to_rdev((*wdev)->wiphy);
528 		/* 0 is the first index - add 1 to parse only once */
529 		cb->args[0] = (*rdev)->wiphy_idx + 1;
530 		cb->args[1] = (*wdev)->identifier;
531 	} else {
532 		/* subtract the 1 again here */
533 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
534 		struct wireless_dev *tmp;
535 
536 		if (!wiphy) {
537 			err = -ENODEV;
538 			goto out_unlock;
539 		}
540 		*rdev = wiphy_to_rdev(wiphy);
541 		*wdev = NULL;
542 
543 		list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
544 			if (tmp->identifier == cb->args[1]) {
545 				*wdev = tmp;
546 				break;
547 			}
548 		}
549 
550 		if (!*wdev) {
551 			err = -ENODEV;
552 			goto out_unlock;
553 		}
554 	}
555 
556 	return 0;
557  out_unlock:
558 	rtnl_unlock();
559 	return err;
560 }
561 
562 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
563 {
564 	rtnl_unlock();
565 }
566 
567 /* IE validation */
568 static bool is_valid_ie_attr(const struct nlattr *attr)
569 {
570 	const u8 *pos;
571 	int len;
572 
573 	if (!attr)
574 		return true;
575 
576 	pos = nla_data(attr);
577 	len = nla_len(attr);
578 
579 	while (len) {
580 		u8 elemlen;
581 
582 		if (len < 2)
583 			return false;
584 		len -= 2;
585 
586 		elemlen = pos[1];
587 		if (elemlen > len)
588 			return false;
589 
590 		len -= elemlen;
591 		pos += 2 + elemlen;
592 	}
593 
594 	return true;
595 }
596 
597 /* message building helper */
598 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
599 				   int flags, u8 cmd)
600 {
601 	/* since there is no private header just add the generic one */
602 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
603 }
604 
605 static int nl80211_msg_put_channel(struct sk_buff *msg,
606 				   struct ieee80211_channel *chan,
607 				   bool large)
608 {
609 	/* Some channels must be completely excluded from the
610 	 * list to protect old user-space tools from breaking
611 	 */
612 	if (!large && chan->flags &
613 	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
614 		return 0;
615 
616 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
617 			chan->center_freq))
618 		goto nla_put_failure;
619 
620 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
621 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
622 		goto nla_put_failure;
623 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
624 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
625 			goto nla_put_failure;
626 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
627 			goto nla_put_failure;
628 	}
629 	if (chan->flags & IEEE80211_CHAN_RADAR) {
630 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
631 			goto nla_put_failure;
632 		if (large) {
633 			u32 time;
634 
635 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
636 
637 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
638 					chan->dfs_state))
639 				goto nla_put_failure;
640 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
641 					time))
642 				goto nla_put_failure;
643 			if (nla_put_u32(msg,
644 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
645 					chan->dfs_cac_ms))
646 				goto nla_put_failure;
647 		}
648 	}
649 
650 	if (large) {
651 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
652 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
653 			goto nla_put_failure;
654 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
655 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
656 			goto nla_put_failure;
657 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
658 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
659 			goto nla_put_failure;
660 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
661 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
662 			goto nla_put_failure;
663 		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
664 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
665 			goto nla_put_failure;
666 		if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
667 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
668 			goto nla_put_failure;
669 		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
670 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
671 			goto nla_put_failure;
672 		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
673 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
674 			goto nla_put_failure;
675 	}
676 
677 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
678 			DBM_TO_MBM(chan->max_power)))
679 		goto nla_put_failure;
680 
681 	return 0;
682 
683  nla_put_failure:
684 	return -ENOBUFS;
685 }
686 
687 /* netlink command implementations */
688 
689 struct key_parse {
690 	struct key_params p;
691 	int idx;
692 	int type;
693 	bool def, defmgmt;
694 	bool def_uni, def_multi;
695 };
696 
697 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
698 {
699 	struct nlattr *tb[NL80211_KEY_MAX + 1];
700 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
701 				   nl80211_key_policy);
702 	if (err)
703 		return err;
704 
705 	k->def = !!tb[NL80211_KEY_DEFAULT];
706 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
707 
708 	if (k->def) {
709 		k->def_uni = true;
710 		k->def_multi = true;
711 	}
712 	if (k->defmgmt)
713 		k->def_multi = true;
714 
715 	if (tb[NL80211_KEY_IDX])
716 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
717 
718 	if (tb[NL80211_KEY_DATA]) {
719 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
720 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
721 	}
722 
723 	if (tb[NL80211_KEY_SEQ]) {
724 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
725 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
726 	}
727 
728 	if (tb[NL80211_KEY_CIPHER])
729 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
730 
731 	if (tb[NL80211_KEY_TYPE]) {
732 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
733 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
734 			return -EINVAL;
735 	}
736 
737 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
738 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
739 
740 		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
741 				       tb[NL80211_KEY_DEFAULT_TYPES],
742 				       nl80211_key_default_policy);
743 		if (err)
744 			return err;
745 
746 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
747 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
748 	}
749 
750 	return 0;
751 }
752 
753 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
754 {
755 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
756 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
757 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
758 	}
759 
760 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
761 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
762 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
763 	}
764 
765 	if (info->attrs[NL80211_ATTR_KEY_IDX])
766 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
767 
768 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
769 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
770 
771 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
772 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
773 
774 	if (k->def) {
775 		k->def_uni = true;
776 		k->def_multi = true;
777 	}
778 	if (k->defmgmt)
779 		k->def_multi = true;
780 
781 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
782 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
783 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
784 			return -EINVAL;
785 	}
786 
787 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
788 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
789 		int err = nla_parse_nested(
790 				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
791 				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
792 				nl80211_key_default_policy);
793 		if (err)
794 			return err;
795 
796 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
797 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
798 	}
799 
800 	return 0;
801 }
802 
803 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
804 {
805 	int err;
806 
807 	memset(k, 0, sizeof(*k));
808 	k->idx = -1;
809 	k->type = -1;
810 
811 	if (info->attrs[NL80211_ATTR_KEY])
812 		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
813 	else
814 		err = nl80211_parse_key_old(info, k);
815 
816 	if (err)
817 		return err;
818 
819 	if (k->def && k->defmgmt)
820 		return -EINVAL;
821 
822 	if (k->defmgmt) {
823 		if (k->def_uni || !k->def_multi)
824 			return -EINVAL;
825 	}
826 
827 	if (k->idx != -1) {
828 		if (k->defmgmt) {
829 			if (k->idx < 4 || k->idx > 5)
830 				return -EINVAL;
831 		} else if (k->def) {
832 			if (k->idx < 0 || k->idx > 3)
833 				return -EINVAL;
834 		} else {
835 			if (k->idx < 0 || k->idx > 5)
836 				return -EINVAL;
837 		}
838 	}
839 
840 	return 0;
841 }
842 
843 static struct cfg80211_cached_keys *
844 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
845 		       struct nlattr *keys, bool *no_ht)
846 {
847 	struct key_parse parse;
848 	struct nlattr *key;
849 	struct cfg80211_cached_keys *result;
850 	int rem, err, def = 0;
851 
852 	result = kzalloc(sizeof(*result), GFP_KERNEL);
853 	if (!result)
854 		return ERR_PTR(-ENOMEM);
855 
856 	result->def = -1;
857 	result->defmgmt = -1;
858 
859 	nla_for_each_nested(key, keys, rem) {
860 		memset(&parse, 0, sizeof(parse));
861 		parse.idx = -1;
862 
863 		err = nl80211_parse_key_new(key, &parse);
864 		if (err)
865 			goto error;
866 		err = -EINVAL;
867 		if (!parse.p.key)
868 			goto error;
869 		if (parse.idx < 0 || parse.idx > 4)
870 			goto error;
871 		if (parse.def) {
872 			if (def)
873 				goto error;
874 			def = 1;
875 			result->def = parse.idx;
876 			if (!parse.def_uni || !parse.def_multi)
877 				goto error;
878 		} else if (parse.defmgmt)
879 			goto error;
880 		err = cfg80211_validate_key_settings(rdev, &parse.p,
881 						     parse.idx, false, NULL);
882 		if (err)
883 			goto error;
884 		result->params[parse.idx].cipher = parse.p.cipher;
885 		result->params[parse.idx].key_len = parse.p.key_len;
886 		result->params[parse.idx].key = result->data[parse.idx];
887 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
888 
889 		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
890 		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
891 			if (no_ht)
892 				*no_ht = true;
893 		}
894 	}
895 
896 	return result;
897  error:
898 	kfree(result);
899 	return ERR_PTR(err);
900 }
901 
902 static int nl80211_key_allowed(struct wireless_dev *wdev)
903 {
904 	ASSERT_WDEV_LOCK(wdev);
905 
906 	switch (wdev->iftype) {
907 	case NL80211_IFTYPE_AP:
908 	case NL80211_IFTYPE_AP_VLAN:
909 	case NL80211_IFTYPE_P2P_GO:
910 	case NL80211_IFTYPE_MESH_POINT:
911 		break;
912 	case NL80211_IFTYPE_ADHOC:
913 	case NL80211_IFTYPE_STATION:
914 	case NL80211_IFTYPE_P2P_CLIENT:
915 		if (!wdev->current_bss)
916 			return -ENOLINK;
917 		break;
918 	case NL80211_IFTYPE_UNSPECIFIED:
919 	case NL80211_IFTYPE_OCB:
920 	case NL80211_IFTYPE_MONITOR:
921 	case NL80211_IFTYPE_P2P_DEVICE:
922 	case NL80211_IFTYPE_WDS:
923 	case NUM_NL80211_IFTYPES:
924 		return -EINVAL;
925 	}
926 
927 	return 0;
928 }
929 
930 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
931 							struct nlattr *tb)
932 {
933 	struct ieee80211_channel *chan;
934 
935 	if (tb == NULL)
936 		return NULL;
937 	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
938 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
939 		return NULL;
940 	return chan;
941 }
942 
943 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
944 {
945 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
946 	int i;
947 
948 	if (!nl_modes)
949 		goto nla_put_failure;
950 
951 	i = 0;
952 	while (ifmodes) {
953 		if ((ifmodes & 1) && nla_put_flag(msg, i))
954 			goto nla_put_failure;
955 		ifmodes >>= 1;
956 		i++;
957 	}
958 
959 	nla_nest_end(msg, nl_modes);
960 	return 0;
961 
962 nla_put_failure:
963 	return -ENOBUFS;
964 }
965 
966 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
967 					  struct sk_buff *msg,
968 					  bool large)
969 {
970 	struct nlattr *nl_combis;
971 	int i, j;
972 
973 	nl_combis = nla_nest_start(msg,
974 				NL80211_ATTR_INTERFACE_COMBINATIONS);
975 	if (!nl_combis)
976 		goto nla_put_failure;
977 
978 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
979 		const struct ieee80211_iface_combination *c;
980 		struct nlattr *nl_combi, *nl_limits;
981 
982 		c = &wiphy->iface_combinations[i];
983 
984 		nl_combi = nla_nest_start(msg, i + 1);
985 		if (!nl_combi)
986 			goto nla_put_failure;
987 
988 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
989 		if (!nl_limits)
990 			goto nla_put_failure;
991 
992 		for (j = 0; j < c->n_limits; j++) {
993 			struct nlattr *nl_limit;
994 
995 			nl_limit = nla_nest_start(msg, j + 1);
996 			if (!nl_limit)
997 				goto nla_put_failure;
998 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
999 					c->limits[j].max))
1000 				goto nla_put_failure;
1001 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1002 						c->limits[j].types))
1003 				goto nla_put_failure;
1004 			nla_nest_end(msg, nl_limit);
1005 		}
1006 
1007 		nla_nest_end(msg, nl_limits);
1008 
1009 		if (c->beacon_int_infra_match &&
1010 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1011 			goto nla_put_failure;
1012 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1013 				c->num_different_channels) ||
1014 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1015 				c->max_interfaces))
1016 			goto nla_put_failure;
1017 		if (large &&
1018 		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1019 				c->radar_detect_widths) ||
1020 		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1021 				c->radar_detect_regions)))
1022 			goto nla_put_failure;
1023 
1024 		nla_nest_end(msg, nl_combi);
1025 	}
1026 
1027 	nla_nest_end(msg, nl_combis);
1028 
1029 	return 0;
1030 nla_put_failure:
1031 	return -ENOBUFS;
1032 }
1033 
1034 #ifdef CONFIG_PM
1035 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1036 					struct sk_buff *msg)
1037 {
1038 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1039 	struct nlattr *nl_tcp;
1040 
1041 	if (!tcp)
1042 		return 0;
1043 
1044 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1045 	if (!nl_tcp)
1046 		return -ENOBUFS;
1047 
1048 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1049 			tcp->data_payload_max))
1050 		return -ENOBUFS;
1051 
1052 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1053 			tcp->data_payload_max))
1054 		return -ENOBUFS;
1055 
1056 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1057 		return -ENOBUFS;
1058 
1059 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1060 				sizeof(*tcp->tok), tcp->tok))
1061 		return -ENOBUFS;
1062 
1063 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1064 			tcp->data_interval_max))
1065 		return -ENOBUFS;
1066 
1067 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1068 			tcp->wake_payload_max))
1069 		return -ENOBUFS;
1070 
1071 	nla_nest_end(msg, nl_tcp);
1072 	return 0;
1073 }
1074 
1075 static int nl80211_send_wowlan(struct sk_buff *msg,
1076 			       struct cfg80211_registered_device *rdev,
1077 			       bool large)
1078 {
1079 	struct nlattr *nl_wowlan;
1080 
1081 	if (!rdev->wiphy.wowlan)
1082 		return 0;
1083 
1084 	nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1085 	if (!nl_wowlan)
1086 		return -ENOBUFS;
1087 
1088 	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1089 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1090 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1091 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1092 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1093 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1094 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1095 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1096 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1097 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1098 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1099 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1100 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1101 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1102 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1103 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1104 		return -ENOBUFS;
1105 
1106 	if (rdev->wiphy.wowlan->n_patterns) {
1107 		struct nl80211_pattern_support pat = {
1108 			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1109 			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1110 			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1111 			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1112 		};
1113 
1114 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1115 			    sizeof(pat), &pat))
1116 			return -ENOBUFS;
1117 	}
1118 
1119 	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1120 	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1121 			rdev->wiphy.wowlan->max_nd_match_sets))
1122 		return -ENOBUFS;
1123 
1124 	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1125 		return -ENOBUFS;
1126 
1127 	nla_nest_end(msg, nl_wowlan);
1128 
1129 	return 0;
1130 }
1131 #endif
1132 
1133 static int nl80211_send_coalesce(struct sk_buff *msg,
1134 				 struct cfg80211_registered_device *rdev)
1135 {
1136 	struct nl80211_coalesce_rule_support rule;
1137 
1138 	if (!rdev->wiphy.coalesce)
1139 		return 0;
1140 
1141 	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1142 	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1143 	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1144 	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1145 	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1146 	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1147 
1148 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1149 		return -ENOBUFS;
1150 
1151 	return 0;
1152 }
1153 
1154 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1155 				      struct ieee80211_supported_band *sband)
1156 {
1157 	struct nlattr *nl_rates, *nl_rate;
1158 	struct ieee80211_rate *rate;
1159 	int i;
1160 
1161 	/* add HT info */
1162 	if (sband->ht_cap.ht_supported &&
1163 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1164 		     sizeof(sband->ht_cap.mcs),
1165 		     &sband->ht_cap.mcs) ||
1166 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1167 			 sband->ht_cap.cap) ||
1168 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1169 			sband->ht_cap.ampdu_factor) ||
1170 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1171 			sband->ht_cap.ampdu_density)))
1172 		return -ENOBUFS;
1173 
1174 	/* add VHT info */
1175 	if (sband->vht_cap.vht_supported &&
1176 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1177 		     sizeof(sband->vht_cap.vht_mcs),
1178 		     &sband->vht_cap.vht_mcs) ||
1179 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1180 			 sband->vht_cap.cap)))
1181 		return -ENOBUFS;
1182 
1183 	/* add bitrates */
1184 	nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1185 	if (!nl_rates)
1186 		return -ENOBUFS;
1187 
1188 	for (i = 0; i < sband->n_bitrates; i++) {
1189 		nl_rate = nla_nest_start(msg, i);
1190 		if (!nl_rate)
1191 			return -ENOBUFS;
1192 
1193 		rate = &sband->bitrates[i];
1194 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1195 				rate->bitrate))
1196 			return -ENOBUFS;
1197 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1198 		    nla_put_flag(msg,
1199 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1200 			return -ENOBUFS;
1201 
1202 		nla_nest_end(msg, nl_rate);
1203 	}
1204 
1205 	nla_nest_end(msg, nl_rates);
1206 
1207 	return 0;
1208 }
1209 
1210 static int
1211 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1212 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1213 {
1214 	u16 stypes;
1215 	struct nlattr *nl_ftypes, *nl_ifs;
1216 	enum nl80211_iftype ift;
1217 	int i;
1218 
1219 	if (!mgmt_stypes)
1220 		return 0;
1221 
1222 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1223 	if (!nl_ifs)
1224 		return -ENOBUFS;
1225 
1226 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1227 		nl_ftypes = nla_nest_start(msg, ift);
1228 		if (!nl_ftypes)
1229 			return -ENOBUFS;
1230 		i = 0;
1231 		stypes = mgmt_stypes[ift].tx;
1232 		while (stypes) {
1233 			if ((stypes & 1) &&
1234 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1235 					(i << 4) | IEEE80211_FTYPE_MGMT))
1236 				return -ENOBUFS;
1237 			stypes >>= 1;
1238 			i++;
1239 		}
1240 		nla_nest_end(msg, nl_ftypes);
1241 	}
1242 
1243 	nla_nest_end(msg, nl_ifs);
1244 
1245 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1246 	if (!nl_ifs)
1247 		return -ENOBUFS;
1248 
1249 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1250 		nl_ftypes = nla_nest_start(msg, ift);
1251 		if (!nl_ftypes)
1252 			return -ENOBUFS;
1253 		i = 0;
1254 		stypes = mgmt_stypes[ift].rx;
1255 		while (stypes) {
1256 			if ((stypes & 1) &&
1257 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1258 					(i << 4) | IEEE80211_FTYPE_MGMT))
1259 				return -ENOBUFS;
1260 			stypes >>= 1;
1261 			i++;
1262 		}
1263 		nla_nest_end(msg, nl_ftypes);
1264 	}
1265 	nla_nest_end(msg, nl_ifs);
1266 
1267 	return 0;
1268 }
1269 
1270 struct nl80211_dump_wiphy_state {
1271 	s64 filter_wiphy;
1272 	long start;
1273 	long split_start, band_start, chan_start, capa_start;
1274 	bool split;
1275 };
1276 
1277 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1278 			      enum nl80211_commands cmd,
1279 			      struct sk_buff *msg, u32 portid, u32 seq,
1280 			      int flags, struct nl80211_dump_wiphy_state *state)
1281 {
1282 	void *hdr;
1283 	struct nlattr *nl_bands, *nl_band;
1284 	struct nlattr *nl_freqs, *nl_freq;
1285 	struct nlattr *nl_cmds;
1286 	enum nl80211_band band;
1287 	struct ieee80211_channel *chan;
1288 	int i;
1289 	const struct ieee80211_txrx_stypes *mgmt_stypes =
1290 				rdev->wiphy.mgmt_stypes;
1291 	u32 features;
1292 
1293 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1294 	if (!hdr)
1295 		return -ENOBUFS;
1296 
1297 	if (WARN_ON(!state))
1298 		return -EINVAL;
1299 
1300 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1301 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1302 			   wiphy_name(&rdev->wiphy)) ||
1303 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1304 			cfg80211_rdev_list_generation))
1305 		goto nla_put_failure;
1306 
1307 	if (cmd != NL80211_CMD_NEW_WIPHY)
1308 		goto finish;
1309 
1310 	switch (state->split_start) {
1311 	case 0:
1312 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1313 			       rdev->wiphy.retry_short) ||
1314 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1315 			       rdev->wiphy.retry_long) ||
1316 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1317 				rdev->wiphy.frag_threshold) ||
1318 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1319 				rdev->wiphy.rts_threshold) ||
1320 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1321 			       rdev->wiphy.coverage_class) ||
1322 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1323 			       rdev->wiphy.max_scan_ssids) ||
1324 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1325 			       rdev->wiphy.max_sched_scan_ssids) ||
1326 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1327 				rdev->wiphy.max_scan_ie_len) ||
1328 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1329 				rdev->wiphy.max_sched_scan_ie_len) ||
1330 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1331 			       rdev->wiphy.max_match_sets) ||
1332 		    nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1333 				rdev->wiphy.max_sched_scan_plans) ||
1334 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1335 				rdev->wiphy.max_sched_scan_plan_interval) ||
1336 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1337 				rdev->wiphy.max_sched_scan_plan_iterations))
1338 			goto nla_put_failure;
1339 
1340 		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1341 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1342 			goto nla_put_failure;
1343 		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1344 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1345 			goto nla_put_failure;
1346 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1347 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1348 			goto nla_put_failure;
1349 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1350 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1351 			goto nla_put_failure;
1352 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1353 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1354 			goto nla_put_failure;
1355 		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1356 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1357 			goto nla_put_failure;
1358 		state->split_start++;
1359 		if (state->split)
1360 			break;
1361 	case 1:
1362 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1363 			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
1364 			    rdev->wiphy.cipher_suites))
1365 			goto nla_put_failure;
1366 
1367 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1368 			       rdev->wiphy.max_num_pmkids))
1369 			goto nla_put_failure;
1370 
1371 		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1372 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1373 			goto nla_put_failure;
1374 
1375 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1376 				rdev->wiphy.available_antennas_tx) ||
1377 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1378 				rdev->wiphy.available_antennas_rx))
1379 			goto nla_put_failure;
1380 
1381 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1382 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1383 				rdev->wiphy.probe_resp_offload))
1384 			goto nla_put_failure;
1385 
1386 		if ((rdev->wiphy.available_antennas_tx ||
1387 		     rdev->wiphy.available_antennas_rx) &&
1388 		    rdev->ops->get_antenna) {
1389 			u32 tx_ant = 0, rx_ant = 0;
1390 			int res;
1391 
1392 			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1393 			if (!res) {
1394 				if (nla_put_u32(msg,
1395 						NL80211_ATTR_WIPHY_ANTENNA_TX,
1396 						tx_ant) ||
1397 				    nla_put_u32(msg,
1398 						NL80211_ATTR_WIPHY_ANTENNA_RX,
1399 						rx_ant))
1400 					goto nla_put_failure;
1401 			}
1402 		}
1403 
1404 		state->split_start++;
1405 		if (state->split)
1406 			break;
1407 	case 2:
1408 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1409 					rdev->wiphy.interface_modes))
1410 				goto nla_put_failure;
1411 		state->split_start++;
1412 		if (state->split)
1413 			break;
1414 	case 3:
1415 		nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1416 		if (!nl_bands)
1417 			goto nla_put_failure;
1418 
1419 		for (band = state->band_start;
1420 		     band < NUM_NL80211_BANDS; band++) {
1421 			struct ieee80211_supported_band *sband;
1422 
1423 			sband = rdev->wiphy.bands[band];
1424 
1425 			if (!sband)
1426 				continue;
1427 
1428 			nl_band = nla_nest_start(msg, band);
1429 			if (!nl_band)
1430 				goto nla_put_failure;
1431 
1432 			switch (state->chan_start) {
1433 			case 0:
1434 				if (nl80211_send_band_rateinfo(msg, sband))
1435 					goto nla_put_failure;
1436 				state->chan_start++;
1437 				if (state->split)
1438 					break;
1439 			default:
1440 				/* add frequencies */
1441 				nl_freqs = nla_nest_start(
1442 					msg, NL80211_BAND_ATTR_FREQS);
1443 				if (!nl_freqs)
1444 					goto nla_put_failure;
1445 
1446 				for (i = state->chan_start - 1;
1447 				     i < sband->n_channels;
1448 				     i++) {
1449 					nl_freq = nla_nest_start(msg, i);
1450 					if (!nl_freq)
1451 						goto nla_put_failure;
1452 
1453 					chan = &sband->channels[i];
1454 
1455 					if (nl80211_msg_put_channel(
1456 							msg, chan,
1457 							state->split))
1458 						goto nla_put_failure;
1459 
1460 					nla_nest_end(msg, nl_freq);
1461 					if (state->split)
1462 						break;
1463 				}
1464 				if (i < sband->n_channels)
1465 					state->chan_start = i + 2;
1466 				else
1467 					state->chan_start = 0;
1468 				nla_nest_end(msg, nl_freqs);
1469 			}
1470 
1471 			nla_nest_end(msg, nl_band);
1472 
1473 			if (state->split) {
1474 				/* start again here */
1475 				if (state->chan_start)
1476 					band--;
1477 				break;
1478 			}
1479 		}
1480 		nla_nest_end(msg, nl_bands);
1481 
1482 		if (band < NUM_NL80211_BANDS)
1483 			state->band_start = band + 1;
1484 		else
1485 			state->band_start = 0;
1486 
1487 		/* if bands & channels are done, continue outside */
1488 		if (state->band_start == 0 && state->chan_start == 0)
1489 			state->split_start++;
1490 		if (state->split)
1491 			break;
1492 	case 4:
1493 		nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1494 		if (!nl_cmds)
1495 			goto nla_put_failure;
1496 
1497 		i = 0;
1498 #define CMD(op, n)							\
1499 		 do {							\
1500 			if (rdev->ops->op) {				\
1501 				i++;					\
1502 				if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1503 					goto nla_put_failure;		\
1504 			}						\
1505 		} while (0)
1506 
1507 		CMD(add_virtual_intf, NEW_INTERFACE);
1508 		CMD(change_virtual_intf, SET_INTERFACE);
1509 		CMD(add_key, NEW_KEY);
1510 		CMD(start_ap, START_AP);
1511 		CMD(add_station, NEW_STATION);
1512 		CMD(add_mpath, NEW_MPATH);
1513 		CMD(update_mesh_config, SET_MESH_CONFIG);
1514 		CMD(change_bss, SET_BSS);
1515 		CMD(auth, AUTHENTICATE);
1516 		CMD(assoc, ASSOCIATE);
1517 		CMD(deauth, DEAUTHENTICATE);
1518 		CMD(disassoc, DISASSOCIATE);
1519 		CMD(join_ibss, JOIN_IBSS);
1520 		CMD(join_mesh, JOIN_MESH);
1521 		CMD(set_pmksa, SET_PMKSA);
1522 		CMD(del_pmksa, DEL_PMKSA);
1523 		CMD(flush_pmksa, FLUSH_PMKSA);
1524 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1525 			CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1526 		CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1527 		CMD(mgmt_tx, FRAME);
1528 		CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1529 		if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1530 			i++;
1531 			if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1532 				goto nla_put_failure;
1533 		}
1534 		if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1535 		    rdev->ops->join_mesh) {
1536 			i++;
1537 			if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1538 				goto nla_put_failure;
1539 		}
1540 		CMD(set_wds_peer, SET_WDS_PEER);
1541 		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1542 			CMD(tdls_mgmt, TDLS_MGMT);
1543 			CMD(tdls_oper, TDLS_OPER);
1544 		}
1545 		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1546 			CMD(sched_scan_start, START_SCHED_SCAN);
1547 		CMD(probe_client, PROBE_CLIENT);
1548 		CMD(set_noack_map, SET_NOACK_MAP);
1549 		if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1550 			i++;
1551 			if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1552 				goto nla_put_failure;
1553 		}
1554 		CMD(start_p2p_device, START_P2P_DEVICE);
1555 		CMD(set_mcast_rate, SET_MCAST_RATE);
1556 #ifdef CONFIG_NL80211_TESTMODE
1557 		CMD(testmode_cmd, TESTMODE);
1558 #endif
1559 		if (state->split) {
1560 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
1561 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1562 			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1563 				CMD(channel_switch, CHANNEL_SWITCH);
1564 			CMD(set_qos_map, SET_QOS_MAP);
1565 			if (rdev->wiphy.features &
1566 					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1567 				CMD(add_tx_ts, ADD_TX_TS);
1568 		}
1569 		/* add into the if now */
1570 #undef CMD
1571 
1572 		if (rdev->ops->connect || rdev->ops->auth) {
1573 			i++;
1574 			if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1575 				goto nla_put_failure;
1576 		}
1577 
1578 		if (rdev->ops->disconnect || rdev->ops->deauth) {
1579 			i++;
1580 			if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1581 				goto nla_put_failure;
1582 		}
1583 
1584 		nla_nest_end(msg, nl_cmds);
1585 		state->split_start++;
1586 		if (state->split)
1587 			break;
1588 	case 5:
1589 		if (rdev->ops->remain_on_channel &&
1590 		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1591 		    nla_put_u32(msg,
1592 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1593 				rdev->wiphy.max_remain_on_channel_duration))
1594 			goto nla_put_failure;
1595 
1596 		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1597 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1598 			goto nla_put_failure;
1599 
1600 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1601 			goto nla_put_failure;
1602 		state->split_start++;
1603 		if (state->split)
1604 			break;
1605 	case 6:
1606 #ifdef CONFIG_PM
1607 		if (nl80211_send_wowlan(msg, rdev, state->split))
1608 			goto nla_put_failure;
1609 		state->split_start++;
1610 		if (state->split)
1611 			break;
1612 #else
1613 		state->split_start++;
1614 #endif
1615 	case 7:
1616 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1617 					rdev->wiphy.software_iftypes))
1618 			goto nla_put_failure;
1619 
1620 		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1621 						   state->split))
1622 			goto nla_put_failure;
1623 
1624 		state->split_start++;
1625 		if (state->split)
1626 			break;
1627 	case 8:
1628 		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1629 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1630 				rdev->wiphy.ap_sme_capa))
1631 			goto nla_put_failure;
1632 
1633 		features = rdev->wiphy.features;
1634 		/*
1635 		 * We can only add the per-channel limit information if the
1636 		 * dump is split, otherwise it makes it too big. Therefore
1637 		 * only advertise it in that case.
1638 		 */
1639 		if (state->split)
1640 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1641 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1642 			goto nla_put_failure;
1643 
1644 		if (rdev->wiphy.ht_capa_mod_mask &&
1645 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1646 			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
1647 			    rdev->wiphy.ht_capa_mod_mask))
1648 			goto nla_put_failure;
1649 
1650 		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1651 		    rdev->wiphy.max_acl_mac_addrs &&
1652 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1653 				rdev->wiphy.max_acl_mac_addrs))
1654 			goto nla_put_failure;
1655 
1656 		/*
1657 		 * Any information below this point is only available to
1658 		 * applications that can deal with it being split. This
1659 		 * helps ensure that newly added capabilities don't break
1660 		 * older tools by overrunning their buffers.
1661 		 *
1662 		 * We still increment split_start so that in the split
1663 		 * case we'll continue with more data in the next round,
1664 		 * but break unconditionally so unsplit data stops here.
1665 		 */
1666 		state->split_start++;
1667 		break;
1668 	case 9:
1669 		if (rdev->wiphy.extended_capabilities &&
1670 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1671 			     rdev->wiphy.extended_capabilities_len,
1672 			     rdev->wiphy.extended_capabilities) ||
1673 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1674 			     rdev->wiphy.extended_capabilities_len,
1675 			     rdev->wiphy.extended_capabilities_mask)))
1676 			goto nla_put_failure;
1677 
1678 		if (rdev->wiphy.vht_capa_mod_mask &&
1679 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1680 			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
1681 			    rdev->wiphy.vht_capa_mod_mask))
1682 			goto nla_put_failure;
1683 
1684 		state->split_start++;
1685 		break;
1686 	case 10:
1687 		if (nl80211_send_coalesce(msg, rdev))
1688 			goto nla_put_failure;
1689 
1690 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1691 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1692 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1693 			goto nla_put_failure;
1694 
1695 		if (rdev->wiphy.max_ap_assoc_sta &&
1696 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1697 				rdev->wiphy.max_ap_assoc_sta))
1698 			goto nla_put_failure;
1699 
1700 		state->split_start++;
1701 		break;
1702 	case 11:
1703 		if (rdev->wiphy.n_vendor_commands) {
1704 			const struct nl80211_vendor_cmd_info *info;
1705 			struct nlattr *nested;
1706 
1707 			nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1708 			if (!nested)
1709 				goto nla_put_failure;
1710 
1711 			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1712 				info = &rdev->wiphy.vendor_commands[i].info;
1713 				if (nla_put(msg, i + 1, sizeof(*info), info))
1714 					goto nla_put_failure;
1715 			}
1716 			nla_nest_end(msg, nested);
1717 		}
1718 
1719 		if (rdev->wiphy.n_vendor_events) {
1720 			const struct nl80211_vendor_cmd_info *info;
1721 			struct nlattr *nested;
1722 
1723 			nested = nla_nest_start(msg,
1724 						NL80211_ATTR_VENDOR_EVENTS);
1725 			if (!nested)
1726 				goto nla_put_failure;
1727 
1728 			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1729 				info = &rdev->wiphy.vendor_events[i];
1730 				if (nla_put(msg, i + 1, sizeof(*info), info))
1731 					goto nla_put_failure;
1732 			}
1733 			nla_nest_end(msg, nested);
1734 		}
1735 		state->split_start++;
1736 		break;
1737 	case 12:
1738 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1739 		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1740 			       rdev->wiphy.max_num_csa_counters))
1741 			goto nla_put_failure;
1742 
1743 		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1744 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1745 			goto nla_put_failure;
1746 
1747 		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
1748 			    sizeof(rdev->wiphy.ext_features),
1749 			    rdev->wiphy.ext_features))
1750 			goto nla_put_failure;
1751 
1752 		if (rdev->wiphy.bss_select_support) {
1753 			struct nlattr *nested;
1754 			u32 bss_select_support = rdev->wiphy.bss_select_support;
1755 
1756 			nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT);
1757 			if (!nested)
1758 				goto nla_put_failure;
1759 
1760 			i = 0;
1761 			while (bss_select_support) {
1762 				if ((bss_select_support & 1) &&
1763 				    nla_put_flag(msg, i))
1764 					goto nla_put_failure;
1765 				i++;
1766 				bss_select_support >>= 1;
1767 			}
1768 			nla_nest_end(msg, nested);
1769 		}
1770 
1771 		state->split_start++;
1772 		break;
1773 	case 13:
1774 		if (rdev->wiphy.num_iftype_ext_capab &&
1775 		    rdev->wiphy.iftype_ext_capab) {
1776 			struct nlattr *nested_ext_capab, *nested;
1777 
1778 			nested = nla_nest_start(msg,
1779 						NL80211_ATTR_IFTYPE_EXT_CAPA);
1780 			if (!nested)
1781 				goto nla_put_failure;
1782 
1783 			for (i = state->capa_start;
1784 			     i < rdev->wiphy.num_iftype_ext_capab; i++) {
1785 				const struct wiphy_iftype_ext_capab *capab;
1786 
1787 				capab = &rdev->wiphy.iftype_ext_capab[i];
1788 
1789 				nested_ext_capab = nla_nest_start(msg, i);
1790 				if (!nested_ext_capab ||
1791 				    nla_put_u32(msg, NL80211_ATTR_IFTYPE,
1792 						capab->iftype) ||
1793 				    nla_put(msg, NL80211_ATTR_EXT_CAPA,
1794 					    capab->extended_capabilities_len,
1795 					    capab->extended_capabilities) ||
1796 				    nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1797 					    capab->extended_capabilities_len,
1798 					    capab->extended_capabilities_mask))
1799 					goto nla_put_failure;
1800 
1801 				nla_nest_end(msg, nested_ext_capab);
1802 				if (state->split)
1803 					break;
1804 			}
1805 			nla_nest_end(msg, nested);
1806 			if (i < rdev->wiphy.num_iftype_ext_capab) {
1807 				state->capa_start = i + 1;
1808 				break;
1809 			}
1810 		}
1811 
1812 		/* done */
1813 		state->split_start = 0;
1814 		break;
1815 	}
1816  finish:
1817 	genlmsg_end(msg, hdr);
1818 	return 0;
1819 
1820  nla_put_failure:
1821 	genlmsg_cancel(msg, hdr);
1822 	return -EMSGSIZE;
1823 }
1824 
1825 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1826 				    struct netlink_callback *cb,
1827 				    struct nl80211_dump_wiphy_state *state)
1828 {
1829 	struct nlattr **tb = nl80211_fam.attrbuf;
1830 	int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1831 			      tb, nl80211_fam.maxattr, nl80211_policy);
1832 	/* ignore parse errors for backward compatibility */
1833 	if (ret)
1834 		return 0;
1835 
1836 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1837 	if (tb[NL80211_ATTR_WIPHY])
1838 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1839 	if (tb[NL80211_ATTR_WDEV])
1840 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1841 	if (tb[NL80211_ATTR_IFINDEX]) {
1842 		struct net_device *netdev;
1843 		struct cfg80211_registered_device *rdev;
1844 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1845 
1846 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1847 		if (!netdev)
1848 			return -ENODEV;
1849 		if (netdev->ieee80211_ptr) {
1850 			rdev = wiphy_to_rdev(
1851 				netdev->ieee80211_ptr->wiphy);
1852 			state->filter_wiphy = rdev->wiphy_idx;
1853 		}
1854 	}
1855 
1856 	return 0;
1857 }
1858 
1859 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1860 {
1861 	int idx = 0, ret;
1862 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1863 	struct cfg80211_registered_device *rdev;
1864 
1865 	rtnl_lock();
1866 	if (!state) {
1867 		state = kzalloc(sizeof(*state), GFP_KERNEL);
1868 		if (!state) {
1869 			rtnl_unlock();
1870 			return -ENOMEM;
1871 		}
1872 		state->filter_wiphy = -1;
1873 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
1874 		if (ret) {
1875 			kfree(state);
1876 			rtnl_unlock();
1877 			return ret;
1878 		}
1879 		cb->args[0] = (long)state;
1880 	}
1881 
1882 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1883 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1884 			continue;
1885 		if (++idx <= state->start)
1886 			continue;
1887 		if (state->filter_wiphy != -1 &&
1888 		    state->filter_wiphy != rdev->wiphy_idx)
1889 			continue;
1890 		/* attempt to fit multiple wiphy data chunks into the skb */
1891 		do {
1892 			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
1893 						 skb,
1894 						 NETLINK_CB(cb->skb).portid,
1895 						 cb->nlh->nlmsg_seq,
1896 						 NLM_F_MULTI, state);
1897 			if (ret < 0) {
1898 				/*
1899 				 * If sending the wiphy data didn't fit (ENOBUFS
1900 				 * or EMSGSIZE returned), this SKB is still
1901 				 * empty (so it's not too big because another
1902 				 * wiphy dataset is already in the skb) and
1903 				 * we've not tried to adjust the dump allocation
1904 				 * yet ... then adjust the alloc size to be
1905 				 * bigger, and return 1 but with the empty skb.
1906 				 * This results in an empty message being RX'ed
1907 				 * in userspace, but that is ignored.
1908 				 *
1909 				 * We can then retry with the larger buffer.
1910 				 */
1911 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1912 				    !skb->len && !state->split &&
1913 				    cb->min_dump_alloc < 4096) {
1914 					cb->min_dump_alloc = 4096;
1915 					state->split_start = 0;
1916 					rtnl_unlock();
1917 					return 1;
1918 				}
1919 				idx--;
1920 				break;
1921 			}
1922 		} while (state->split_start > 0);
1923 		break;
1924 	}
1925 	rtnl_unlock();
1926 
1927 	state->start = idx;
1928 
1929 	return skb->len;
1930 }
1931 
1932 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1933 {
1934 	kfree((void *)cb->args[0]);
1935 	return 0;
1936 }
1937 
1938 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1939 {
1940 	struct sk_buff *msg;
1941 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1942 	struct nl80211_dump_wiphy_state state = {};
1943 
1944 	msg = nlmsg_new(4096, GFP_KERNEL);
1945 	if (!msg)
1946 		return -ENOMEM;
1947 
1948 	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
1949 			       info->snd_portid, info->snd_seq, 0,
1950 			       &state) < 0) {
1951 		nlmsg_free(msg);
1952 		return -ENOBUFS;
1953 	}
1954 
1955 	return genlmsg_reply(msg, info);
1956 }
1957 
1958 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1959 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1960 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1961 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1962 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1963 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1964 };
1965 
1966 static int parse_txq_params(struct nlattr *tb[],
1967 			    struct ieee80211_txq_params *txq_params)
1968 {
1969 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1970 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1971 	    !tb[NL80211_TXQ_ATTR_AIFS])
1972 		return -EINVAL;
1973 
1974 	txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1975 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1976 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1977 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1978 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1979 
1980 	if (txq_params->ac >= NL80211_NUM_ACS)
1981 		return -EINVAL;
1982 
1983 	return 0;
1984 }
1985 
1986 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1987 {
1988 	/*
1989 	 * You can only set the channel explicitly for WDS interfaces,
1990 	 * all others have their channel managed via their respective
1991 	 * "establish a connection" command (connect, join, ...)
1992 	 *
1993 	 * For AP/GO and mesh mode, the channel can be set with the
1994 	 * channel userspace API, but is only stored and passed to the
1995 	 * low-level driver when the AP starts or the mesh is joined.
1996 	 * This is for backward compatibility, userspace can also give
1997 	 * the channel in the start-ap or join-mesh commands instead.
1998 	 *
1999 	 * Monitors are special as they are normally slaved to
2000 	 * whatever else is going on, so they have their own special
2001 	 * operation to set the monitor channel if possible.
2002 	 */
2003 	return !wdev ||
2004 		wdev->iftype == NL80211_IFTYPE_AP ||
2005 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2006 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
2007 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
2008 }
2009 
2010 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2011 				 struct genl_info *info,
2012 				 struct cfg80211_chan_def *chandef)
2013 {
2014 	u32 control_freq;
2015 
2016 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
2017 		return -EINVAL;
2018 
2019 	control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
2020 
2021 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2022 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2023 	chandef->center_freq1 = control_freq;
2024 	chandef->center_freq2 = 0;
2025 
2026 	/* Primary channel not allowed */
2027 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
2028 		return -EINVAL;
2029 
2030 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2031 		enum nl80211_channel_type chantype;
2032 
2033 		chantype = nla_get_u32(
2034 				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2035 
2036 		switch (chantype) {
2037 		case NL80211_CHAN_NO_HT:
2038 		case NL80211_CHAN_HT20:
2039 		case NL80211_CHAN_HT40PLUS:
2040 		case NL80211_CHAN_HT40MINUS:
2041 			cfg80211_chandef_create(chandef, chandef->chan,
2042 						chantype);
2043 			break;
2044 		default:
2045 			return -EINVAL;
2046 		}
2047 	} else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2048 		chandef->width =
2049 			nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2050 		if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
2051 			chandef->center_freq1 =
2052 				nla_get_u32(
2053 					info->attrs[NL80211_ATTR_CENTER_FREQ1]);
2054 		if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
2055 			chandef->center_freq2 =
2056 				nla_get_u32(
2057 					info->attrs[NL80211_ATTR_CENTER_FREQ2]);
2058 	}
2059 
2060 	if (!cfg80211_chandef_valid(chandef))
2061 		return -EINVAL;
2062 
2063 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2064 				     IEEE80211_CHAN_DISABLED))
2065 		return -EINVAL;
2066 
2067 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2068 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
2069 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
2070 		return -EINVAL;
2071 
2072 	return 0;
2073 }
2074 
2075 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2076 				 struct net_device *dev,
2077 				 struct genl_info *info)
2078 {
2079 	struct cfg80211_chan_def chandef;
2080 	int result;
2081 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2082 	struct wireless_dev *wdev = NULL;
2083 
2084 	if (dev)
2085 		wdev = dev->ieee80211_ptr;
2086 	if (!nl80211_can_set_dev_channel(wdev))
2087 		return -EOPNOTSUPP;
2088 	if (wdev)
2089 		iftype = wdev->iftype;
2090 
2091 	result = nl80211_parse_chandef(rdev, info, &chandef);
2092 	if (result)
2093 		return result;
2094 
2095 	switch (iftype) {
2096 	case NL80211_IFTYPE_AP:
2097 	case NL80211_IFTYPE_P2P_GO:
2098 		if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2099 						   iftype)) {
2100 			result = -EINVAL;
2101 			break;
2102 		}
2103 		if (wdev->beacon_interval) {
2104 			if (!dev || !rdev->ops->set_ap_chanwidth ||
2105 			    !(rdev->wiphy.features &
2106 			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2107 				result = -EBUSY;
2108 				break;
2109 			}
2110 
2111 			/* Only allow dynamic channel width changes */
2112 			if (chandef.chan != wdev->preset_chandef.chan) {
2113 				result = -EBUSY;
2114 				break;
2115 			}
2116 			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2117 			if (result)
2118 				break;
2119 		}
2120 		wdev->preset_chandef = chandef;
2121 		result = 0;
2122 		break;
2123 	case NL80211_IFTYPE_MESH_POINT:
2124 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2125 		break;
2126 	case NL80211_IFTYPE_MONITOR:
2127 		result = cfg80211_set_monitor_channel(rdev, &chandef);
2128 		break;
2129 	default:
2130 		result = -EINVAL;
2131 	}
2132 
2133 	return result;
2134 }
2135 
2136 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2137 {
2138 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2139 	struct net_device *netdev = info->user_ptr[1];
2140 
2141 	return __nl80211_set_channel(rdev, netdev, info);
2142 }
2143 
2144 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2145 {
2146 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2147 	struct net_device *dev = info->user_ptr[1];
2148 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2149 	const u8 *bssid;
2150 
2151 	if (!info->attrs[NL80211_ATTR_MAC])
2152 		return -EINVAL;
2153 
2154 	if (netif_running(dev))
2155 		return -EBUSY;
2156 
2157 	if (!rdev->ops->set_wds_peer)
2158 		return -EOPNOTSUPP;
2159 
2160 	if (wdev->iftype != NL80211_IFTYPE_WDS)
2161 		return -EOPNOTSUPP;
2162 
2163 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2164 	return rdev_set_wds_peer(rdev, dev, bssid);
2165 }
2166 
2167 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2168 {
2169 	struct cfg80211_registered_device *rdev;
2170 	struct net_device *netdev = NULL;
2171 	struct wireless_dev *wdev;
2172 	int result = 0, rem_txq_params = 0;
2173 	struct nlattr *nl_txq_params;
2174 	u32 changed;
2175 	u8 retry_short = 0, retry_long = 0;
2176 	u32 frag_threshold = 0, rts_threshold = 0;
2177 	u8 coverage_class = 0;
2178 
2179 	ASSERT_RTNL();
2180 
2181 	/*
2182 	 * Try to find the wiphy and netdev. Normally this
2183 	 * function shouldn't need the netdev, but this is
2184 	 * done for backward compatibility -- previously
2185 	 * setting the channel was done per wiphy, but now
2186 	 * it is per netdev. Previous userland like hostapd
2187 	 * also passed a netdev to set_wiphy, so that it is
2188 	 * possible to let that go to the right netdev!
2189 	 */
2190 
2191 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
2192 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2193 
2194 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2195 		if (netdev && netdev->ieee80211_ptr)
2196 			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2197 		else
2198 			netdev = NULL;
2199 	}
2200 
2201 	if (!netdev) {
2202 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2203 						  info->attrs);
2204 		if (IS_ERR(rdev))
2205 			return PTR_ERR(rdev);
2206 		wdev = NULL;
2207 		netdev = NULL;
2208 		result = 0;
2209 	} else
2210 		wdev = netdev->ieee80211_ptr;
2211 
2212 	/*
2213 	 * end workaround code, by now the rdev is available
2214 	 * and locked, and wdev may or may not be NULL.
2215 	 */
2216 
2217 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2218 		result = cfg80211_dev_rename(
2219 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2220 
2221 	if (result)
2222 		return result;
2223 
2224 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2225 		struct ieee80211_txq_params txq_params;
2226 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2227 
2228 		if (!rdev->ops->set_txq_params)
2229 			return -EOPNOTSUPP;
2230 
2231 		if (!netdev)
2232 			return -EINVAL;
2233 
2234 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2235 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2236 			return -EINVAL;
2237 
2238 		if (!netif_running(netdev))
2239 			return -ENETDOWN;
2240 
2241 		nla_for_each_nested(nl_txq_params,
2242 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2243 				    rem_txq_params) {
2244 			result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2245 					   nla_data(nl_txq_params),
2246 					   nla_len(nl_txq_params),
2247 					   txq_params_policy);
2248 			if (result)
2249 				return result;
2250 			result = parse_txq_params(tb, &txq_params);
2251 			if (result)
2252 				return result;
2253 
2254 			result = rdev_set_txq_params(rdev, netdev,
2255 						     &txq_params);
2256 			if (result)
2257 				return result;
2258 		}
2259 	}
2260 
2261 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2262 		result = __nl80211_set_channel(
2263 			rdev,
2264 			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2265 			info);
2266 		if (result)
2267 			return result;
2268 	}
2269 
2270 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2271 		struct wireless_dev *txp_wdev = wdev;
2272 		enum nl80211_tx_power_setting type;
2273 		int idx, mbm = 0;
2274 
2275 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2276 			txp_wdev = NULL;
2277 
2278 		if (!rdev->ops->set_tx_power)
2279 			return -EOPNOTSUPP;
2280 
2281 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2282 		type = nla_get_u32(info->attrs[idx]);
2283 
2284 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2285 		    (type != NL80211_TX_POWER_AUTOMATIC))
2286 			return -EINVAL;
2287 
2288 		if (type != NL80211_TX_POWER_AUTOMATIC) {
2289 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2290 			mbm = nla_get_u32(info->attrs[idx]);
2291 		}
2292 
2293 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2294 		if (result)
2295 			return result;
2296 	}
2297 
2298 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2299 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2300 		u32 tx_ant, rx_ant;
2301 
2302 		if ((!rdev->wiphy.available_antennas_tx &&
2303 		     !rdev->wiphy.available_antennas_rx) ||
2304 		    !rdev->ops->set_antenna)
2305 			return -EOPNOTSUPP;
2306 
2307 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2308 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2309 
2310 		/* reject antenna configurations which don't match the
2311 		 * available antenna masks, except for the "all" mask */
2312 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2313 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2314 			return -EINVAL;
2315 
2316 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2317 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2318 
2319 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2320 		if (result)
2321 			return result;
2322 	}
2323 
2324 	changed = 0;
2325 
2326 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2327 		retry_short = nla_get_u8(
2328 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2329 		if (retry_short == 0)
2330 			return -EINVAL;
2331 
2332 		changed |= WIPHY_PARAM_RETRY_SHORT;
2333 	}
2334 
2335 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2336 		retry_long = nla_get_u8(
2337 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2338 		if (retry_long == 0)
2339 			return -EINVAL;
2340 
2341 		changed |= WIPHY_PARAM_RETRY_LONG;
2342 	}
2343 
2344 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2345 		frag_threshold = nla_get_u32(
2346 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2347 		if (frag_threshold < 256)
2348 			return -EINVAL;
2349 
2350 		if (frag_threshold != (u32) -1) {
2351 			/*
2352 			 * Fragments (apart from the last one) are required to
2353 			 * have even length. Make the fragmentation code
2354 			 * simpler by stripping LSB should someone try to use
2355 			 * odd threshold value.
2356 			 */
2357 			frag_threshold &= ~0x1;
2358 		}
2359 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2360 	}
2361 
2362 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2363 		rts_threshold = nla_get_u32(
2364 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2365 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2366 	}
2367 
2368 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2369 		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2370 			return -EINVAL;
2371 
2372 		coverage_class = nla_get_u8(
2373 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2374 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2375 	}
2376 
2377 	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2378 		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2379 			return -EOPNOTSUPP;
2380 
2381 		changed |= WIPHY_PARAM_DYN_ACK;
2382 	}
2383 
2384 	if (changed) {
2385 		u8 old_retry_short, old_retry_long;
2386 		u32 old_frag_threshold, old_rts_threshold;
2387 		u8 old_coverage_class;
2388 
2389 		if (!rdev->ops->set_wiphy_params)
2390 			return -EOPNOTSUPP;
2391 
2392 		old_retry_short = rdev->wiphy.retry_short;
2393 		old_retry_long = rdev->wiphy.retry_long;
2394 		old_frag_threshold = rdev->wiphy.frag_threshold;
2395 		old_rts_threshold = rdev->wiphy.rts_threshold;
2396 		old_coverage_class = rdev->wiphy.coverage_class;
2397 
2398 		if (changed & WIPHY_PARAM_RETRY_SHORT)
2399 			rdev->wiphy.retry_short = retry_short;
2400 		if (changed & WIPHY_PARAM_RETRY_LONG)
2401 			rdev->wiphy.retry_long = retry_long;
2402 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2403 			rdev->wiphy.frag_threshold = frag_threshold;
2404 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2405 			rdev->wiphy.rts_threshold = rts_threshold;
2406 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2407 			rdev->wiphy.coverage_class = coverage_class;
2408 
2409 		result = rdev_set_wiphy_params(rdev, changed);
2410 		if (result) {
2411 			rdev->wiphy.retry_short = old_retry_short;
2412 			rdev->wiphy.retry_long = old_retry_long;
2413 			rdev->wiphy.frag_threshold = old_frag_threshold;
2414 			rdev->wiphy.rts_threshold = old_rts_threshold;
2415 			rdev->wiphy.coverage_class = old_coverage_class;
2416 			return result;
2417 		}
2418 	}
2419 	return 0;
2420 }
2421 
2422 static inline u64 wdev_id(struct wireless_dev *wdev)
2423 {
2424 	return (u64)wdev->identifier |
2425 	       ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2426 }
2427 
2428 static int nl80211_send_chandef(struct sk_buff *msg,
2429 				const struct cfg80211_chan_def *chandef)
2430 {
2431 	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2432 		return -EINVAL;
2433 
2434 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2435 			chandef->chan->center_freq))
2436 		return -ENOBUFS;
2437 	switch (chandef->width) {
2438 	case NL80211_CHAN_WIDTH_20_NOHT:
2439 	case NL80211_CHAN_WIDTH_20:
2440 	case NL80211_CHAN_WIDTH_40:
2441 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2442 				cfg80211_get_chandef_type(chandef)))
2443 			return -ENOBUFS;
2444 		break;
2445 	default:
2446 		break;
2447 	}
2448 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2449 		return -ENOBUFS;
2450 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2451 		return -ENOBUFS;
2452 	if (chandef->center_freq2 &&
2453 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2454 		return -ENOBUFS;
2455 	return 0;
2456 }
2457 
2458 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2459 			      struct cfg80211_registered_device *rdev,
2460 			      struct wireless_dev *wdev, bool removal)
2461 {
2462 	struct net_device *dev = wdev->netdev;
2463 	u8 cmd = NL80211_CMD_NEW_INTERFACE;
2464 	void *hdr;
2465 
2466 	if (removal)
2467 		cmd = NL80211_CMD_DEL_INTERFACE;
2468 
2469 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2470 	if (!hdr)
2471 		return -1;
2472 
2473 	if (dev &&
2474 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2475 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2476 		goto nla_put_failure;
2477 
2478 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2479 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2480 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
2481 			      NL80211_ATTR_PAD) ||
2482 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2483 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
2484 			rdev->devlist_generation ^
2485 			(cfg80211_rdev_list_generation << 2)))
2486 		goto nla_put_failure;
2487 
2488 	if (rdev->ops->get_channel) {
2489 		int ret;
2490 		struct cfg80211_chan_def chandef;
2491 
2492 		ret = rdev_get_channel(rdev, wdev, &chandef);
2493 		if (ret == 0) {
2494 			if (nl80211_send_chandef(msg, &chandef))
2495 				goto nla_put_failure;
2496 		}
2497 	}
2498 
2499 	if (rdev->ops->get_tx_power) {
2500 		int dbm, ret;
2501 
2502 		ret = rdev_get_tx_power(rdev, wdev, &dbm);
2503 		if (ret == 0 &&
2504 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2505 				DBM_TO_MBM(dbm)))
2506 			goto nla_put_failure;
2507 	}
2508 
2509 	if (wdev->ssid_len) {
2510 		if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2511 			goto nla_put_failure;
2512 	}
2513 
2514 	genlmsg_end(msg, hdr);
2515 	return 0;
2516 
2517  nla_put_failure:
2518 	genlmsg_cancel(msg, hdr);
2519 	return -EMSGSIZE;
2520 }
2521 
2522 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2523 {
2524 	int wp_idx = 0;
2525 	int if_idx = 0;
2526 	int wp_start = cb->args[0];
2527 	int if_start = cb->args[1];
2528 	struct cfg80211_registered_device *rdev;
2529 	struct wireless_dev *wdev;
2530 
2531 	rtnl_lock();
2532 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2533 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2534 			continue;
2535 		if (wp_idx < wp_start) {
2536 			wp_idx++;
2537 			continue;
2538 		}
2539 		if_idx = 0;
2540 
2541 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
2542 			if (if_idx < if_start) {
2543 				if_idx++;
2544 				continue;
2545 			}
2546 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2547 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2548 					       rdev, wdev, false) < 0) {
2549 				goto out;
2550 			}
2551 			if_idx++;
2552 		}
2553 
2554 		wp_idx++;
2555 	}
2556  out:
2557 	rtnl_unlock();
2558 
2559 	cb->args[0] = wp_idx;
2560 	cb->args[1] = if_idx;
2561 
2562 	return skb->len;
2563 }
2564 
2565 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2566 {
2567 	struct sk_buff *msg;
2568 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2569 	struct wireless_dev *wdev = info->user_ptr[1];
2570 
2571 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2572 	if (!msg)
2573 		return -ENOMEM;
2574 
2575 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2576 			       rdev, wdev, false) < 0) {
2577 		nlmsg_free(msg);
2578 		return -ENOBUFS;
2579 	}
2580 
2581 	return genlmsg_reply(msg, info);
2582 }
2583 
2584 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2585 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2586 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2587 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2588 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2589 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2590 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2591 };
2592 
2593 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2594 {
2595 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2596 	int flag;
2597 
2598 	*mntrflags = 0;
2599 
2600 	if (!nla)
2601 		return -EINVAL;
2602 
2603 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2604 			     nla, mntr_flags_policy))
2605 		return -EINVAL;
2606 
2607 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2608 		if (flags[flag])
2609 			*mntrflags |= (1<<flag);
2610 
2611 	return 0;
2612 }
2613 
2614 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2615 			       struct net_device *netdev, u8 use_4addr,
2616 			       enum nl80211_iftype iftype)
2617 {
2618 	if (!use_4addr) {
2619 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2620 			return -EBUSY;
2621 		return 0;
2622 	}
2623 
2624 	switch (iftype) {
2625 	case NL80211_IFTYPE_AP_VLAN:
2626 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2627 			return 0;
2628 		break;
2629 	case NL80211_IFTYPE_STATION:
2630 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2631 			return 0;
2632 		break;
2633 	default:
2634 		break;
2635 	}
2636 
2637 	return -EOPNOTSUPP;
2638 }
2639 
2640 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2641 {
2642 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2643 	struct vif_params params;
2644 	int err;
2645 	enum nl80211_iftype otype, ntype;
2646 	struct net_device *dev = info->user_ptr[1];
2647 	u32 _flags, *flags = NULL;
2648 	bool change = false;
2649 
2650 	memset(&params, 0, sizeof(params));
2651 
2652 	otype = ntype = dev->ieee80211_ptr->iftype;
2653 
2654 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2655 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2656 		if (otype != ntype)
2657 			change = true;
2658 		if (ntype > NL80211_IFTYPE_MAX)
2659 			return -EINVAL;
2660 	}
2661 
2662 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
2663 		struct wireless_dev *wdev = dev->ieee80211_ptr;
2664 
2665 		if (ntype != NL80211_IFTYPE_MESH_POINT)
2666 			return -EINVAL;
2667 		if (netif_running(dev))
2668 			return -EBUSY;
2669 
2670 		wdev_lock(wdev);
2671 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2672 			     IEEE80211_MAX_MESH_ID_LEN);
2673 		wdev->mesh_id_up_len =
2674 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2675 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2676 		       wdev->mesh_id_up_len);
2677 		wdev_unlock(wdev);
2678 	}
2679 
2680 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2681 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2682 		change = true;
2683 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2684 		if (err)
2685 			return err;
2686 	} else {
2687 		params.use_4addr = -1;
2688 	}
2689 
2690 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2691 		if (ntype != NL80211_IFTYPE_MONITOR)
2692 			return -EINVAL;
2693 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2694 					  &_flags);
2695 		if (err)
2696 			return err;
2697 
2698 		flags = &_flags;
2699 		change = true;
2700 	}
2701 
2702 	if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
2703 		const u8 *mumimo_groups;
2704 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2705 
2706 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2707 			return -EOPNOTSUPP;
2708 
2709 		mumimo_groups =
2710 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
2711 
2712 		/* bits 0 and 63 are reserved and must be zero */
2713 		if ((mumimo_groups[0] & BIT(7)) ||
2714 		    (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(0)))
2715 			return -EINVAL;
2716 
2717 		memcpy(params.vht_mumimo_groups, mumimo_groups,
2718 		       VHT_MUMIMO_GROUPS_DATA_LEN);
2719 		change = true;
2720 	}
2721 
2722 	if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
2723 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2724 
2725 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2726 			return -EOPNOTSUPP;
2727 
2728 		nla_memcpy(params.macaddr,
2729 			   info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR],
2730 			   ETH_ALEN);
2731 		change = true;
2732 	}
2733 
2734 	if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2735 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2736 		return -EOPNOTSUPP;
2737 
2738 	if (change)
2739 		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2740 	else
2741 		err = 0;
2742 
2743 	if (!err && params.use_4addr != -1)
2744 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
2745 
2746 	return err;
2747 }
2748 
2749 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2750 {
2751 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2752 	struct vif_params params;
2753 	struct wireless_dev *wdev;
2754 	struct sk_buff *msg;
2755 	int err;
2756 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2757 	u32 flags;
2758 
2759 	/* to avoid failing a new interface creation due to pending removal */
2760 	cfg80211_destroy_ifaces(rdev);
2761 
2762 	memset(&params, 0, sizeof(params));
2763 
2764 	if (!info->attrs[NL80211_ATTR_IFNAME])
2765 		return -EINVAL;
2766 
2767 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2768 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2769 		if (type > NL80211_IFTYPE_MAX)
2770 			return -EINVAL;
2771 	}
2772 
2773 	if (!rdev->ops->add_virtual_intf ||
2774 	    !(rdev->wiphy.interface_modes & (1 << type)))
2775 		return -EOPNOTSUPP;
2776 
2777 	if ((type == NL80211_IFTYPE_P2P_DEVICE ||
2778 	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
2779 	    info->attrs[NL80211_ATTR_MAC]) {
2780 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2781 			   ETH_ALEN);
2782 		if (!is_valid_ether_addr(params.macaddr))
2783 			return -EADDRNOTAVAIL;
2784 	}
2785 
2786 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2787 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2788 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2789 		if (err)
2790 			return err;
2791 	}
2792 
2793 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2794 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2795 				  &flags);
2796 
2797 	if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2798 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2799 		return -EOPNOTSUPP;
2800 
2801 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2802 	if (!msg)
2803 		return -ENOMEM;
2804 
2805 	wdev = rdev_add_virtual_intf(rdev,
2806 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2807 				NET_NAME_USER, type, err ? NULL : &flags,
2808 				&params);
2809 	if (WARN_ON(!wdev)) {
2810 		nlmsg_free(msg);
2811 		return -EPROTO;
2812 	} else if (IS_ERR(wdev)) {
2813 		nlmsg_free(msg);
2814 		return PTR_ERR(wdev);
2815 	}
2816 
2817 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
2818 		wdev->owner_nlportid = info->snd_portid;
2819 
2820 	switch (type) {
2821 	case NL80211_IFTYPE_MESH_POINT:
2822 		if (!info->attrs[NL80211_ATTR_MESH_ID])
2823 			break;
2824 		wdev_lock(wdev);
2825 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2826 			     IEEE80211_MAX_MESH_ID_LEN);
2827 		wdev->mesh_id_up_len =
2828 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2829 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2830 		       wdev->mesh_id_up_len);
2831 		wdev_unlock(wdev);
2832 		break;
2833 	case NL80211_IFTYPE_P2P_DEVICE:
2834 		/*
2835 		 * P2P Device doesn't have a netdev, so doesn't go
2836 		 * through the netdev notifier and must be added here
2837 		 */
2838 		mutex_init(&wdev->mtx);
2839 		INIT_LIST_HEAD(&wdev->event_list);
2840 		spin_lock_init(&wdev->event_lock);
2841 		INIT_LIST_HEAD(&wdev->mgmt_registrations);
2842 		spin_lock_init(&wdev->mgmt_registrations_lock);
2843 
2844 		wdev->identifier = ++rdev->wdev_id;
2845 		list_add_rcu(&wdev->list, &rdev->wiphy.wdev_list);
2846 		rdev->devlist_generation++;
2847 		break;
2848 	default:
2849 		break;
2850 	}
2851 
2852 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2853 			       rdev, wdev, false) < 0) {
2854 		nlmsg_free(msg);
2855 		return -ENOBUFS;
2856 	}
2857 
2858 	/*
2859 	 * For wdevs which have no associated netdev object (e.g. of type
2860 	 * NL80211_IFTYPE_P2P_DEVICE), emit the NEW_INTERFACE event here.
2861 	 * For all other types, the event will be generated from the
2862 	 * netdev notifier
2863 	 */
2864 	if (!wdev->netdev)
2865 		nl80211_notify_iface(rdev, wdev, NL80211_CMD_NEW_INTERFACE);
2866 
2867 	return genlmsg_reply(msg, info);
2868 }
2869 
2870 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2871 {
2872 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2873 	struct wireless_dev *wdev = info->user_ptr[1];
2874 
2875 	if (!rdev->ops->del_virtual_intf)
2876 		return -EOPNOTSUPP;
2877 
2878 	/*
2879 	 * If we remove a wireless device without a netdev then clear
2880 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
2881 	 * to check if it needs to do dev_put(). Otherwise it crashes
2882 	 * since the wdev has been freed, unlike with a netdev where
2883 	 * we need the dev_put() for the netdev to really be freed.
2884 	 */
2885 	if (!wdev->netdev)
2886 		info->user_ptr[1] = NULL;
2887 
2888 	return rdev_del_virtual_intf(rdev, wdev);
2889 }
2890 
2891 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2892 {
2893 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2894 	struct net_device *dev = info->user_ptr[1];
2895 	u16 noack_map;
2896 
2897 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2898 		return -EINVAL;
2899 
2900 	if (!rdev->ops->set_noack_map)
2901 		return -EOPNOTSUPP;
2902 
2903 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2904 
2905 	return rdev_set_noack_map(rdev, dev, noack_map);
2906 }
2907 
2908 struct get_key_cookie {
2909 	struct sk_buff *msg;
2910 	int error;
2911 	int idx;
2912 };
2913 
2914 static void get_key_callback(void *c, struct key_params *params)
2915 {
2916 	struct nlattr *key;
2917 	struct get_key_cookie *cookie = c;
2918 
2919 	if ((params->key &&
2920 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2921 		     params->key_len, params->key)) ||
2922 	    (params->seq &&
2923 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2924 		     params->seq_len, params->seq)) ||
2925 	    (params->cipher &&
2926 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2927 			 params->cipher)))
2928 		goto nla_put_failure;
2929 
2930 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2931 	if (!key)
2932 		goto nla_put_failure;
2933 
2934 	if ((params->key &&
2935 	     nla_put(cookie->msg, NL80211_KEY_DATA,
2936 		     params->key_len, params->key)) ||
2937 	    (params->seq &&
2938 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
2939 		     params->seq_len, params->seq)) ||
2940 	    (params->cipher &&
2941 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2942 			 params->cipher)))
2943 		goto nla_put_failure;
2944 
2945 	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2946 		goto nla_put_failure;
2947 
2948 	nla_nest_end(cookie->msg, key);
2949 
2950 	return;
2951  nla_put_failure:
2952 	cookie->error = 1;
2953 }
2954 
2955 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2956 {
2957 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2958 	int err;
2959 	struct net_device *dev = info->user_ptr[1];
2960 	u8 key_idx = 0;
2961 	const u8 *mac_addr = NULL;
2962 	bool pairwise;
2963 	struct get_key_cookie cookie = {
2964 		.error = 0,
2965 	};
2966 	void *hdr;
2967 	struct sk_buff *msg;
2968 
2969 	if (info->attrs[NL80211_ATTR_KEY_IDX])
2970 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2971 
2972 	if (key_idx > 5)
2973 		return -EINVAL;
2974 
2975 	if (info->attrs[NL80211_ATTR_MAC])
2976 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2977 
2978 	pairwise = !!mac_addr;
2979 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2980 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2981 
2982 		if (kt >= NUM_NL80211_KEYTYPES)
2983 			return -EINVAL;
2984 		if (kt != NL80211_KEYTYPE_GROUP &&
2985 		    kt != NL80211_KEYTYPE_PAIRWISE)
2986 			return -EINVAL;
2987 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2988 	}
2989 
2990 	if (!rdev->ops->get_key)
2991 		return -EOPNOTSUPP;
2992 
2993 	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2994 		return -ENOENT;
2995 
2996 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2997 	if (!msg)
2998 		return -ENOMEM;
2999 
3000 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3001 			     NL80211_CMD_NEW_KEY);
3002 	if (!hdr)
3003 		goto nla_put_failure;
3004 
3005 	cookie.msg = msg;
3006 	cookie.idx = key_idx;
3007 
3008 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3009 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3010 		goto nla_put_failure;
3011 	if (mac_addr &&
3012 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3013 		goto nla_put_failure;
3014 
3015 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3016 			   get_key_callback);
3017 
3018 	if (err)
3019 		goto free_msg;
3020 
3021 	if (cookie.error)
3022 		goto nla_put_failure;
3023 
3024 	genlmsg_end(msg, hdr);
3025 	return genlmsg_reply(msg, info);
3026 
3027  nla_put_failure:
3028 	err = -ENOBUFS;
3029  free_msg:
3030 	nlmsg_free(msg);
3031 	return err;
3032 }
3033 
3034 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3035 {
3036 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3037 	struct key_parse key;
3038 	int err;
3039 	struct net_device *dev = info->user_ptr[1];
3040 
3041 	err = nl80211_parse_key(info, &key);
3042 	if (err)
3043 		return err;
3044 
3045 	if (key.idx < 0)
3046 		return -EINVAL;
3047 
3048 	/* only support setting default key */
3049 	if (!key.def && !key.defmgmt)
3050 		return -EINVAL;
3051 
3052 	wdev_lock(dev->ieee80211_ptr);
3053 
3054 	if (key.def) {
3055 		if (!rdev->ops->set_default_key) {
3056 			err = -EOPNOTSUPP;
3057 			goto out;
3058 		}
3059 
3060 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3061 		if (err)
3062 			goto out;
3063 
3064 		err = rdev_set_default_key(rdev, dev, key.idx,
3065 						 key.def_uni, key.def_multi);
3066 
3067 		if (err)
3068 			goto out;
3069 
3070 #ifdef CONFIG_CFG80211_WEXT
3071 		dev->ieee80211_ptr->wext.default_key = key.idx;
3072 #endif
3073 	} else {
3074 		if (key.def_uni || !key.def_multi) {
3075 			err = -EINVAL;
3076 			goto out;
3077 		}
3078 
3079 		if (!rdev->ops->set_default_mgmt_key) {
3080 			err = -EOPNOTSUPP;
3081 			goto out;
3082 		}
3083 
3084 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3085 		if (err)
3086 			goto out;
3087 
3088 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3089 		if (err)
3090 			goto out;
3091 
3092 #ifdef CONFIG_CFG80211_WEXT
3093 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3094 #endif
3095 	}
3096 
3097  out:
3098 	wdev_unlock(dev->ieee80211_ptr);
3099 
3100 	return err;
3101 }
3102 
3103 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3104 {
3105 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3106 	int err;
3107 	struct net_device *dev = info->user_ptr[1];
3108 	struct key_parse key;
3109 	const u8 *mac_addr = NULL;
3110 
3111 	err = nl80211_parse_key(info, &key);
3112 	if (err)
3113 		return err;
3114 
3115 	if (!key.p.key)
3116 		return -EINVAL;
3117 
3118 	if (info->attrs[NL80211_ATTR_MAC])
3119 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3120 
3121 	if (key.type == -1) {
3122 		if (mac_addr)
3123 			key.type = NL80211_KEYTYPE_PAIRWISE;
3124 		else
3125 			key.type = NL80211_KEYTYPE_GROUP;
3126 	}
3127 
3128 	/* for now */
3129 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3130 	    key.type != NL80211_KEYTYPE_GROUP)
3131 		return -EINVAL;
3132 
3133 	if (!rdev->ops->add_key)
3134 		return -EOPNOTSUPP;
3135 
3136 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3137 					   key.type == NL80211_KEYTYPE_PAIRWISE,
3138 					   mac_addr))
3139 		return -EINVAL;
3140 
3141 	wdev_lock(dev->ieee80211_ptr);
3142 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3143 	if (!err)
3144 		err = rdev_add_key(rdev, dev, key.idx,
3145 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3146 				    mac_addr, &key.p);
3147 	wdev_unlock(dev->ieee80211_ptr);
3148 
3149 	return err;
3150 }
3151 
3152 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3153 {
3154 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3155 	int err;
3156 	struct net_device *dev = info->user_ptr[1];
3157 	u8 *mac_addr = NULL;
3158 	struct key_parse key;
3159 
3160 	err = nl80211_parse_key(info, &key);
3161 	if (err)
3162 		return err;
3163 
3164 	if (info->attrs[NL80211_ATTR_MAC])
3165 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3166 
3167 	if (key.type == -1) {
3168 		if (mac_addr)
3169 			key.type = NL80211_KEYTYPE_PAIRWISE;
3170 		else
3171 			key.type = NL80211_KEYTYPE_GROUP;
3172 	}
3173 
3174 	/* for now */
3175 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3176 	    key.type != NL80211_KEYTYPE_GROUP)
3177 		return -EINVAL;
3178 
3179 	if (!rdev->ops->del_key)
3180 		return -EOPNOTSUPP;
3181 
3182 	wdev_lock(dev->ieee80211_ptr);
3183 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3184 
3185 	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3186 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3187 		err = -ENOENT;
3188 
3189 	if (!err)
3190 		err = rdev_del_key(rdev, dev, key.idx,
3191 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3192 				   mac_addr);
3193 
3194 #ifdef CONFIG_CFG80211_WEXT
3195 	if (!err) {
3196 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
3197 			dev->ieee80211_ptr->wext.default_key = -1;
3198 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3199 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3200 	}
3201 #endif
3202 	wdev_unlock(dev->ieee80211_ptr);
3203 
3204 	return err;
3205 }
3206 
3207 /* This function returns an error or the number of nested attributes */
3208 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3209 {
3210 	struct nlattr *attr;
3211 	int n_entries = 0, tmp;
3212 
3213 	nla_for_each_nested(attr, nl_attr, tmp) {
3214 		if (nla_len(attr) != ETH_ALEN)
3215 			return -EINVAL;
3216 
3217 		n_entries++;
3218 	}
3219 
3220 	return n_entries;
3221 }
3222 
3223 /*
3224  * This function parses ACL information and allocates memory for ACL data.
3225  * On successful return, the calling function is responsible to free the
3226  * ACL buffer returned by this function.
3227  */
3228 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3229 						struct genl_info *info)
3230 {
3231 	enum nl80211_acl_policy acl_policy;
3232 	struct nlattr *attr;
3233 	struct cfg80211_acl_data *acl;
3234 	int i = 0, n_entries, tmp;
3235 
3236 	if (!wiphy->max_acl_mac_addrs)
3237 		return ERR_PTR(-EOPNOTSUPP);
3238 
3239 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3240 		return ERR_PTR(-EINVAL);
3241 
3242 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3243 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3244 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3245 		return ERR_PTR(-EINVAL);
3246 
3247 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3248 		return ERR_PTR(-EINVAL);
3249 
3250 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3251 	if (n_entries < 0)
3252 		return ERR_PTR(n_entries);
3253 
3254 	if (n_entries > wiphy->max_acl_mac_addrs)
3255 		return ERR_PTR(-ENOTSUPP);
3256 
3257 	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3258 		      GFP_KERNEL);
3259 	if (!acl)
3260 		return ERR_PTR(-ENOMEM);
3261 
3262 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3263 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3264 		i++;
3265 	}
3266 
3267 	acl->n_acl_entries = n_entries;
3268 	acl->acl_policy = acl_policy;
3269 
3270 	return acl;
3271 }
3272 
3273 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3274 {
3275 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3276 	struct net_device *dev = info->user_ptr[1];
3277 	struct cfg80211_acl_data *acl;
3278 	int err;
3279 
3280 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3281 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3282 		return -EOPNOTSUPP;
3283 
3284 	if (!dev->ieee80211_ptr->beacon_interval)
3285 		return -EINVAL;
3286 
3287 	acl = parse_acl_data(&rdev->wiphy, info);
3288 	if (IS_ERR(acl))
3289 		return PTR_ERR(acl);
3290 
3291 	err = rdev_set_mac_acl(rdev, dev, acl);
3292 
3293 	kfree(acl);
3294 
3295 	return err;
3296 }
3297 
3298 static int nl80211_parse_beacon(struct nlattr *attrs[],
3299 				struct cfg80211_beacon_data *bcn)
3300 {
3301 	bool haveinfo = false;
3302 
3303 	if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3304 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3305 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3306 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3307 		return -EINVAL;
3308 
3309 	memset(bcn, 0, sizeof(*bcn));
3310 
3311 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3312 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3313 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3314 		if (!bcn->head_len)
3315 			return -EINVAL;
3316 		haveinfo = true;
3317 	}
3318 
3319 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3320 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3321 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3322 		haveinfo = true;
3323 	}
3324 
3325 	if (!haveinfo)
3326 		return -EINVAL;
3327 
3328 	if (attrs[NL80211_ATTR_IE]) {
3329 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3330 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3331 	}
3332 
3333 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3334 		bcn->proberesp_ies =
3335 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3336 		bcn->proberesp_ies_len =
3337 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3338 	}
3339 
3340 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3341 		bcn->assocresp_ies =
3342 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3343 		bcn->assocresp_ies_len =
3344 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3345 	}
3346 
3347 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
3348 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3349 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3350 	}
3351 
3352 	return 0;
3353 }
3354 
3355 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3356 				   struct cfg80211_ap_settings *params)
3357 {
3358 	struct wireless_dev *wdev;
3359 	bool ret = false;
3360 
3361 	list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3362 		if (wdev->iftype != NL80211_IFTYPE_AP &&
3363 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
3364 			continue;
3365 
3366 		if (!wdev->preset_chandef.chan)
3367 			continue;
3368 
3369 		params->chandef = wdev->preset_chandef;
3370 		ret = true;
3371 		break;
3372 	}
3373 
3374 	return ret;
3375 }
3376 
3377 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3378 				    enum nl80211_auth_type auth_type,
3379 				    enum nl80211_commands cmd)
3380 {
3381 	if (auth_type > NL80211_AUTHTYPE_MAX)
3382 		return false;
3383 
3384 	switch (cmd) {
3385 	case NL80211_CMD_AUTHENTICATE:
3386 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3387 		    auth_type == NL80211_AUTHTYPE_SAE)
3388 			return false;
3389 		return true;
3390 	case NL80211_CMD_CONNECT:
3391 	case NL80211_CMD_START_AP:
3392 		/* SAE not supported yet */
3393 		if (auth_type == NL80211_AUTHTYPE_SAE)
3394 			return false;
3395 		return true;
3396 	default:
3397 		return false;
3398 	}
3399 }
3400 
3401 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3402 {
3403 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3404 	struct net_device *dev = info->user_ptr[1];
3405 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3406 	struct cfg80211_ap_settings params;
3407 	int err;
3408 
3409 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3410 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3411 		return -EOPNOTSUPP;
3412 
3413 	if (!rdev->ops->start_ap)
3414 		return -EOPNOTSUPP;
3415 
3416 	if (wdev->beacon_interval)
3417 		return -EALREADY;
3418 
3419 	memset(&params, 0, sizeof(params));
3420 
3421 	/* these are required for START_AP */
3422 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3423 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3424 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
3425 		return -EINVAL;
3426 
3427 	err = nl80211_parse_beacon(info->attrs, &params.beacon);
3428 	if (err)
3429 		return err;
3430 
3431 	params.beacon_interval =
3432 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3433 	params.dtim_period =
3434 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3435 
3436 	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3437 	if (err)
3438 		return err;
3439 
3440 	/*
3441 	 * In theory, some of these attributes should be required here
3442 	 * but since they were not used when the command was originally
3443 	 * added, keep them optional for old user space programs to let
3444 	 * them continue to work with drivers that do not need the
3445 	 * additional information -- drivers must check!
3446 	 */
3447 	if (info->attrs[NL80211_ATTR_SSID]) {
3448 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3449 		params.ssid_len =
3450 			nla_len(info->attrs[NL80211_ATTR_SSID]);
3451 		if (params.ssid_len == 0 ||
3452 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
3453 			return -EINVAL;
3454 	}
3455 
3456 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3457 		params.hidden_ssid = nla_get_u32(
3458 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3459 		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3460 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3461 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3462 			return -EINVAL;
3463 	}
3464 
3465 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3466 
3467 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3468 		params.auth_type = nla_get_u32(
3469 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
3470 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
3471 					     NL80211_CMD_START_AP))
3472 			return -EINVAL;
3473 	} else
3474 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3475 
3476 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
3477 				      NL80211_MAX_NR_CIPHER_SUITES);
3478 	if (err)
3479 		return err;
3480 
3481 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3482 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3483 			return -EOPNOTSUPP;
3484 		params.inactivity_timeout = nla_get_u16(
3485 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3486 	}
3487 
3488 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3489 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3490 			return -EINVAL;
3491 		params.p2p_ctwindow =
3492 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3493 		if (params.p2p_ctwindow > 127)
3494 			return -EINVAL;
3495 		if (params.p2p_ctwindow != 0 &&
3496 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3497 			return -EINVAL;
3498 	}
3499 
3500 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3501 		u8 tmp;
3502 
3503 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3504 			return -EINVAL;
3505 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3506 		if (tmp > 1)
3507 			return -EINVAL;
3508 		params.p2p_opp_ps = tmp;
3509 		if (params.p2p_opp_ps != 0 &&
3510 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3511 			return -EINVAL;
3512 	}
3513 
3514 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3515 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
3516 		if (err)
3517 			return err;
3518 	} else if (wdev->preset_chandef.chan) {
3519 		params.chandef = wdev->preset_chandef;
3520 	} else if (!nl80211_get_ap_channel(rdev, &params))
3521 		return -EINVAL;
3522 
3523 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
3524 					   wdev->iftype))
3525 		return -EINVAL;
3526 
3527 	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
3528 		params.smps_mode =
3529 			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
3530 		switch (params.smps_mode) {
3531 		case NL80211_SMPS_OFF:
3532 			break;
3533 		case NL80211_SMPS_STATIC:
3534 			if (!(rdev->wiphy.features &
3535 			      NL80211_FEATURE_STATIC_SMPS))
3536 				return -EINVAL;
3537 			break;
3538 		case NL80211_SMPS_DYNAMIC:
3539 			if (!(rdev->wiphy.features &
3540 			      NL80211_FEATURE_DYNAMIC_SMPS))
3541 				return -EINVAL;
3542 			break;
3543 		default:
3544 			return -EINVAL;
3545 		}
3546 	} else {
3547 		params.smps_mode = NL80211_SMPS_OFF;
3548 	}
3549 
3550 	params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
3551 	if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
3552 		return -EOPNOTSUPP;
3553 
3554 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3555 		params.acl = parse_acl_data(&rdev->wiphy, info);
3556 		if (IS_ERR(params.acl))
3557 			return PTR_ERR(params.acl);
3558 	}
3559 
3560 	wdev_lock(wdev);
3561 	err = rdev_start_ap(rdev, dev, &params);
3562 	if (!err) {
3563 		wdev->preset_chandef = params.chandef;
3564 		wdev->beacon_interval = params.beacon_interval;
3565 		wdev->chandef = params.chandef;
3566 		wdev->ssid_len = params.ssid_len;
3567 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3568 	}
3569 	wdev_unlock(wdev);
3570 
3571 	kfree(params.acl);
3572 
3573 	return err;
3574 }
3575 
3576 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3577 {
3578 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3579 	struct net_device *dev = info->user_ptr[1];
3580 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3581 	struct cfg80211_beacon_data params;
3582 	int err;
3583 
3584 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3585 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3586 		return -EOPNOTSUPP;
3587 
3588 	if (!rdev->ops->change_beacon)
3589 		return -EOPNOTSUPP;
3590 
3591 	if (!wdev->beacon_interval)
3592 		return -EINVAL;
3593 
3594 	err = nl80211_parse_beacon(info->attrs, &params);
3595 	if (err)
3596 		return err;
3597 
3598 	wdev_lock(wdev);
3599 	err = rdev_change_beacon(rdev, dev, &params);
3600 	wdev_unlock(wdev);
3601 
3602 	return err;
3603 }
3604 
3605 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3606 {
3607 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3608 	struct net_device *dev = info->user_ptr[1];
3609 
3610 	return cfg80211_stop_ap(rdev, dev, false);
3611 }
3612 
3613 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3614 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3615 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3616 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3617 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3618 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3619 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3620 };
3621 
3622 static int parse_station_flags(struct genl_info *info,
3623 			       enum nl80211_iftype iftype,
3624 			       struct station_parameters *params)
3625 {
3626 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3627 	struct nlattr *nla;
3628 	int flag;
3629 
3630 	/*
3631 	 * Try parsing the new attribute first so userspace
3632 	 * can specify both for older kernels.
3633 	 */
3634 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3635 	if (nla) {
3636 		struct nl80211_sta_flag_update *sta_flags;
3637 
3638 		sta_flags = nla_data(nla);
3639 		params->sta_flags_mask = sta_flags->mask;
3640 		params->sta_flags_set = sta_flags->set;
3641 		params->sta_flags_set &= params->sta_flags_mask;
3642 		if ((params->sta_flags_mask |
3643 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3644 			return -EINVAL;
3645 		return 0;
3646 	}
3647 
3648 	/* if present, parse the old attribute */
3649 
3650 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3651 	if (!nla)
3652 		return 0;
3653 
3654 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3655 			     nla, sta_flags_policy))
3656 		return -EINVAL;
3657 
3658 	/*
3659 	 * Only allow certain flags for interface types so that
3660 	 * other attributes are silently ignored. Remember that
3661 	 * this is backward compatibility code with old userspace
3662 	 * and shouldn't be hit in other cases anyway.
3663 	 */
3664 	switch (iftype) {
3665 	case NL80211_IFTYPE_AP:
3666 	case NL80211_IFTYPE_AP_VLAN:
3667 	case NL80211_IFTYPE_P2P_GO:
3668 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3669 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3670 					 BIT(NL80211_STA_FLAG_WME) |
3671 					 BIT(NL80211_STA_FLAG_MFP);
3672 		break;
3673 	case NL80211_IFTYPE_P2P_CLIENT:
3674 	case NL80211_IFTYPE_STATION:
3675 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3676 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
3677 		break;
3678 	case NL80211_IFTYPE_MESH_POINT:
3679 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3680 					 BIT(NL80211_STA_FLAG_MFP) |
3681 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
3682 	default:
3683 		return -EINVAL;
3684 	}
3685 
3686 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3687 		if (flags[flag]) {
3688 			params->sta_flags_set |= (1<<flag);
3689 
3690 			/* no longer support new API additions in old API */
3691 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3692 				return -EINVAL;
3693 		}
3694 	}
3695 
3696 	return 0;
3697 }
3698 
3699 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3700 				 int attr)
3701 {
3702 	struct nlattr *rate;
3703 	u32 bitrate;
3704 	u16 bitrate_compat;
3705 	enum nl80211_attrs rate_flg;
3706 
3707 	rate = nla_nest_start(msg, attr);
3708 	if (!rate)
3709 		return false;
3710 
3711 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3712 	bitrate = cfg80211_calculate_bitrate(info);
3713 	/* report 16-bit bitrate only if we can */
3714 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3715 	if (bitrate > 0 &&
3716 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3717 		return false;
3718 	if (bitrate_compat > 0 &&
3719 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3720 		return false;
3721 
3722 	switch (info->bw) {
3723 	case RATE_INFO_BW_5:
3724 		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
3725 		break;
3726 	case RATE_INFO_BW_10:
3727 		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
3728 		break;
3729 	default:
3730 		WARN_ON(1);
3731 		/* fall through */
3732 	case RATE_INFO_BW_20:
3733 		rate_flg = 0;
3734 		break;
3735 	case RATE_INFO_BW_40:
3736 		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
3737 		break;
3738 	case RATE_INFO_BW_80:
3739 		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
3740 		break;
3741 	case RATE_INFO_BW_160:
3742 		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
3743 		break;
3744 	}
3745 
3746 	if (rate_flg && nla_put_flag(msg, rate_flg))
3747 		return false;
3748 
3749 	if (info->flags & RATE_INFO_FLAGS_MCS) {
3750 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3751 			return false;
3752 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3753 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3754 			return false;
3755 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3756 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3757 			return false;
3758 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3759 			return false;
3760 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3761 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3762 			return false;
3763 	}
3764 
3765 	nla_nest_end(msg, rate);
3766 	return true;
3767 }
3768 
3769 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3770 			       int id)
3771 {
3772 	void *attr;
3773 	int i = 0;
3774 
3775 	if (!mask)
3776 		return true;
3777 
3778 	attr = nla_nest_start(msg, id);
3779 	if (!attr)
3780 		return false;
3781 
3782 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3783 		if (!(mask & BIT(i)))
3784 			continue;
3785 
3786 		if (nla_put_u8(msg, i, signal[i]))
3787 			return false;
3788 	}
3789 
3790 	nla_nest_end(msg, attr);
3791 
3792 	return true;
3793 }
3794 
3795 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
3796 				u32 seq, int flags,
3797 				struct cfg80211_registered_device *rdev,
3798 				struct net_device *dev,
3799 				const u8 *mac_addr, struct station_info *sinfo)
3800 {
3801 	void *hdr;
3802 	struct nlattr *sinfoattr, *bss_param;
3803 
3804 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3805 	if (!hdr)
3806 		return -1;
3807 
3808 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3809 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3810 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3811 		goto nla_put_failure;
3812 
3813 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3814 	if (!sinfoattr)
3815 		goto nla_put_failure;
3816 
3817 #define PUT_SINFO(attr, memb, type) do {				\
3818 	BUILD_BUG_ON(sizeof(type) == sizeof(u64));			\
3819 	if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) &&	\
3820 	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
3821 			     sinfo->memb))				\
3822 		goto nla_put_failure;					\
3823 	} while (0)
3824 #define PUT_SINFO_U64(attr, memb) do {					\
3825 	if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) &&	\
3826 	    nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr,		\
3827 			      sinfo->memb, NL80211_STA_INFO_PAD))	\
3828 		goto nla_put_failure;					\
3829 	} while (0)
3830 
3831 	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
3832 	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
3833 
3834 	if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) |
3835 			     BIT(NL80211_STA_INFO_RX_BYTES64)) &&
3836 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3837 			(u32)sinfo->rx_bytes))
3838 		goto nla_put_failure;
3839 
3840 	if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) |
3841 			     BIT(NL80211_STA_INFO_TX_BYTES64)) &&
3842 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3843 			(u32)sinfo->tx_bytes))
3844 		goto nla_put_failure;
3845 
3846 	PUT_SINFO_U64(RX_BYTES64, rx_bytes);
3847 	PUT_SINFO_U64(TX_BYTES64, tx_bytes);
3848 	PUT_SINFO(LLID, llid, u16);
3849 	PUT_SINFO(PLID, plid, u16);
3850 	PUT_SINFO(PLINK_STATE, plink_state, u8);
3851 	PUT_SINFO_U64(RX_DURATION, rx_duration);
3852 
3853 	switch (rdev->wiphy.signal_type) {
3854 	case CFG80211_SIGNAL_TYPE_MBM:
3855 		PUT_SINFO(SIGNAL, signal, u8);
3856 		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
3857 		break;
3858 	default:
3859 		break;
3860 	}
3861 	if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) {
3862 		if (!nl80211_put_signal(msg, sinfo->chains,
3863 					sinfo->chain_signal,
3864 					NL80211_STA_INFO_CHAIN_SIGNAL))
3865 			goto nla_put_failure;
3866 	}
3867 	if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
3868 		if (!nl80211_put_signal(msg, sinfo->chains,
3869 					sinfo->chain_signal_avg,
3870 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3871 			goto nla_put_failure;
3872 	}
3873 	if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
3874 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3875 					  NL80211_STA_INFO_TX_BITRATE))
3876 			goto nla_put_failure;
3877 	}
3878 	if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) {
3879 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3880 					  NL80211_STA_INFO_RX_BITRATE))
3881 			goto nla_put_failure;
3882 	}
3883 
3884 	PUT_SINFO(RX_PACKETS, rx_packets, u32);
3885 	PUT_SINFO(TX_PACKETS, tx_packets, u32);
3886 	PUT_SINFO(TX_RETRIES, tx_retries, u32);
3887 	PUT_SINFO(TX_FAILED, tx_failed, u32);
3888 	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
3889 	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
3890 	PUT_SINFO(LOCAL_PM, local_pm, u32);
3891 	PUT_SINFO(PEER_PM, peer_pm, u32);
3892 	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
3893 
3894 	if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) {
3895 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3896 		if (!bss_param)
3897 			goto nla_put_failure;
3898 
3899 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3900 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3901 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3902 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3903 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3904 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3905 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3906 			       sinfo->bss_param.dtim_period) ||
3907 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3908 				sinfo->bss_param.beacon_interval))
3909 			goto nla_put_failure;
3910 
3911 		nla_nest_end(msg, bss_param);
3912 	}
3913 	if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) &&
3914 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3915 		    sizeof(struct nl80211_sta_flag_update),
3916 		    &sinfo->sta_flags))
3917 		goto nla_put_failure;
3918 
3919 	PUT_SINFO_U64(T_OFFSET, t_offset);
3920 	PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
3921 	PUT_SINFO_U64(BEACON_RX, rx_beacon);
3922 	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
3923 
3924 #undef PUT_SINFO
3925 #undef PUT_SINFO_U64
3926 
3927 	if (sinfo->filled & BIT(NL80211_STA_INFO_TID_STATS)) {
3928 		struct nlattr *tidsattr;
3929 		int tid;
3930 
3931 		tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
3932 		if (!tidsattr)
3933 			goto nla_put_failure;
3934 
3935 		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
3936 			struct cfg80211_tid_stats *tidstats;
3937 			struct nlattr *tidattr;
3938 
3939 			tidstats = &sinfo->pertid[tid];
3940 
3941 			if (!tidstats->filled)
3942 				continue;
3943 
3944 			tidattr = nla_nest_start(msg, tid + 1);
3945 			if (!tidattr)
3946 				goto nla_put_failure;
3947 
3948 #define PUT_TIDVAL_U64(attr, memb) do {					\
3949 	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
3950 	    nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr,		\
3951 			      tidstats->memb, NL80211_TID_STATS_PAD))	\
3952 		goto nla_put_failure;					\
3953 	} while (0)
3954 
3955 			PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
3956 			PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
3957 			PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
3958 			PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
3959 
3960 #undef PUT_TIDVAL_U64
3961 			nla_nest_end(msg, tidattr);
3962 		}
3963 
3964 		nla_nest_end(msg, tidsattr);
3965 	}
3966 
3967 	nla_nest_end(msg, sinfoattr);
3968 
3969 	if (sinfo->assoc_req_ies_len &&
3970 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3971 		    sinfo->assoc_req_ies))
3972 		goto nla_put_failure;
3973 
3974 	genlmsg_end(msg, hdr);
3975 	return 0;
3976 
3977  nla_put_failure:
3978 	genlmsg_cancel(msg, hdr);
3979 	return -EMSGSIZE;
3980 }
3981 
3982 static int nl80211_dump_station(struct sk_buff *skb,
3983 				struct netlink_callback *cb)
3984 {
3985 	struct station_info sinfo;
3986 	struct cfg80211_registered_device *rdev;
3987 	struct wireless_dev *wdev;
3988 	u8 mac_addr[ETH_ALEN];
3989 	int sta_idx = cb->args[2];
3990 	int err;
3991 
3992 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
3993 	if (err)
3994 		return err;
3995 
3996 	if (!wdev->netdev) {
3997 		err = -EINVAL;
3998 		goto out_err;
3999 	}
4000 
4001 	if (!rdev->ops->dump_station) {
4002 		err = -EOPNOTSUPP;
4003 		goto out_err;
4004 	}
4005 
4006 	while (1) {
4007 		memset(&sinfo, 0, sizeof(sinfo));
4008 		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
4009 					mac_addr, &sinfo);
4010 		if (err == -ENOENT)
4011 			break;
4012 		if (err)
4013 			goto out_err;
4014 
4015 		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
4016 				NETLINK_CB(cb->skb).portid,
4017 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
4018 				rdev, wdev->netdev, mac_addr,
4019 				&sinfo) < 0)
4020 			goto out;
4021 
4022 		sta_idx++;
4023 	}
4024 
4025  out:
4026 	cb->args[2] = sta_idx;
4027 	err = skb->len;
4028  out_err:
4029 	nl80211_finish_wdev_dump(rdev);
4030 
4031 	return err;
4032 }
4033 
4034 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
4035 {
4036 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4037 	struct net_device *dev = info->user_ptr[1];
4038 	struct station_info sinfo;
4039 	struct sk_buff *msg;
4040 	u8 *mac_addr = NULL;
4041 	int err;
4042 
4043 	memset(&sinfo, 0, sizeof(sinfo));
4044 
4045 	if (!info->attrs[NL80211_ATTR_MAC])
4046 		return -EINVAL;
4047 
4048 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4049 
4050 	if (!rdev->ops->get_station)
4051 		return -EOPNOTSUPP;
4052 
4053 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
4054 	if (err)
4055 		return err;
4056 
4057 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4058 	if (!msg)
4059 		return -ENOMEM;
4060 
4061 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
4062 				 info->snd_portid, info->snd_seq, 0,
4063 				 rdev, dev, mac_addr, &sinfo) < 0) {
4064 		nlmsg_free(msg);
4065 		return -ENOBUFS;
4066 	}
4067 
4068 	return genlmsg_reply(msg, info);
4069 }
4070 
4071 int cfg80211_check_station_change(struct wiphy *wiphy,
4072 				  struct station_parameters *params,
4073 				  enum cfg80211_station_type statype)
4074 {
4075 	if (params->listen_interval != -1 &&
4076 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4077 		return -EINVAL;
4078 
4079 	if (params->support_p2p_ps != -1 &&
4080 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4081 		return -EINVAL;
4082 
4083 	if (params->aid &&
4084 	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
4085 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4086 		return -EINVAL;
4087 
4088 	/* When you run into this, adjust the code below for the new flag */
4089 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4090 
4091 	switch (statype) {
4092 	case CFG80211_STA_MESH_PEER_KERNEL:
4093 	case CFG80211_STA_MESH_PEER_USER:
4094 		/*
4095 		 * No ignoring the TDLS flag here -- the userspace mesh
4096 		 * code doesn't have the bug of including TDLS in the
4097 		 * mask everywhere.
4098 		 */
4099 		if (params->sta_flags_mask &
4100 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4101 				  BIT(NL80211_STA_FLAG_MFP) |
4102 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
4103 			return -EINVAL;
4104 		break;
4105 	case CFG80211_STA_TDLS_PEER_SETUP:
4106 	case CFG80211_STA_TDLS_PEER_ACTIVE:
4107 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4108 			return -EINVAL;
4109 		/* ignore since it can't change */
4110 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4111 		break;
4112 	default:
4113 		/* disallow mesh-specific things */
4114 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
4115 			return -EINVAL;
4116 		if (params->local_pm)
4117 			return -EINVAL;
4118 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4119 			return -EINVAL;
4120 	}
4121 
4122 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4123 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
4124 		/* TDLS can't be set, ... */
4125 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
4126 			return -EINVAL;
4127 		/*
4128 		 * ... but don't bother the driver with it. This works around
4129 		 * a hostapd/wpa_supplicant issue -- it always includes the
4130 		 * TLDS_PEER flag in the mask even for AP mode.
4131 		 */
4132 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4133 	}
4134 
4135 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4136 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4137 		/* reject other things that can't change */
4138 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
4139 			return -EINVAL;
4140 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
4141 			return -EINVAL;
4142 		if (params->supported_rates)
4143 			return -EINVAL;
4144 		if (params->ext_capab || params->ht_capa || params->vht_capa)
4145 			return -EINVAL;
4146 	}
4147 
4148 	if (statype != CFG80211_STA_AP_CLIENT &&
4149 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4150 		if (params->vlan)
4151 			return -EINVAL;
4152 	}
4153 
4154 	switch (statype) {
4155 	case CFG80211_STA_AP_MLME_CLIENT:
4156 		/* Use this only for authorizing/unauthorizing a station */
4157 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
4158 			return -EOPNOTSUPP;
4159 		break;
4160 	case CFG80211_STA_AP_CLIENT:
4161 	case CFG80211_STA_AP_CLIENT_UNASSOC:
4162 		/* accept only the listed bits */
4163 		if (params->sta_flags_mask &
4164 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4165 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4166 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
4167 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4168 				  BIT(NL80211_STA_FLAG_WME) |
4169 				  BIT(NL80211_STA_FLAG_MFP)))
4170 			return -EINVAL;
4171 
4172 		/* but authenticated/associated only if driver handles it */
4173 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4174 		    params->sta_flags_mask &
4175 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4176 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4177 			return -EINVAL;
4178 		break;
4179 	case CFG80211_STA_IBSS:
4180 	case CFG80211_STA_AP_STA:
4181 		/* reject any changes other than AUTHORIZED */
4182 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
4183 			return -EINVAL;
4184 		break;
4185 	case CFG80211_STA_TDLS_PEER_SETUP:
4186 		/* reject any changes other than AUTHORIZED or WME */
4187 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4188 					       BIT(NL80211_STA_FLAG_WME)))
4189 			return -EINVAL;
4190 		/* force (at least) rates when authorizing */
4191 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
4192 		    !params->supported_rates)
4193 			return -EINVAL;
4194 		break;
4195 	case CFG80211_STA_TDLS_PEER_ACTIVE:
4196 		/* reject any changes */
4197 		return -EINVAL;
4198 	case CFG80211_STA_MESH_PEER_KERNEL:
4199 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4200 			return -EINVAL;
4201 		break;
4202 	case CFG80211_STA_MESH_PEER_USER:
4203 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
4204 		    params->plink_action != NL80211_PLINK_ACTION_BLOCK)
4205 			return -EINVAL;
4206 		break;
4207 	}
4208 
4209 	return 0;
4210 }
4211 EXPORT_SYMBOL(cfg80211_check_station_change);
4212 
4213 /*
4214  * Get vlan interface making sure it is running and on the right wiphy.
4215  */
4216 static struct net_device *get_vlan(struct genl_info *info,
4217 				   struct cfg80211_registered_device *rdev)
4218 {
4219 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
4220 	struct net_device *v;
4221 	int ret;
4222 
4223 	if (!vlanattr)
4224 		return NULL;
4225 
4226 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
4227 	if (!v)
4228 		return ERR_PTR(-ENODEV);
4229 
4230 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
4231 		ret = -EINVAL;
4232 		goto error;
4233 	}
4234 
4235 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4236 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4237 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
4238 		ret = -EINVAL;
4239 		goto error;
4240 	}
4241 
4242 	if (!netif_running(v)) {
4243 		ret = -ENETDOWN;
4244 		goto error;
4245 	}
4246 
4247 	return v;
4248  error:
4249 	dev_put(v);
4250 	return ERR_PTR(ret);
4251 }
4252 
4253 static const struct nla_policy
4254 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4255 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
4256 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
4257 };
4258 
4259 static int nl80211_parse_sta_wme(struct genl_info *info,
4260 				 struct station_parameters *params)
4261 {
4262 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
4263 	struct nlattr *nla;
4264 	int err;
4265 
4266 	/* parse WME attributes if present */
4267 	if (!info->attrs[NL80211_ATTR_STA_WME])
4268 		return 0;
4269 
4270 	nla = info->attrs[NL80211_ATTR_STA_WME];
4271 	err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4272 			       nl80211_sta_wme_policy);
4273 	if (err)
4274 		return err;
4275 
4276 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4277 		params->uapsd_queues = nla_get_u8(
4278 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
4279 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4280 		return -EINVAL;
4281 
4282 	if (tb[NL80211_STA_WME_MAX_SP])
4283 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4284 
4285 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4286 		return -EINVAL;
4287 
4288 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4289 
4290 	return 0;
4291 }
4292 
4293 static int nl80211_parse_sta_channel_info(struct genl_info *info,
4294 				      struct station_parameters *params)
4295 {
4296 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4297 		params->supported_channels =
4298 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4299 		params->supported_channels_len =
4300 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4301 		/*
4302 		 * Need to include at least one (first channel, number of
4303 		 * channels) tuple for each subband, and must have proper
4304 		 * tuples for the rest of the data as well.
4305 		 */
4306 		if (params->supported_channels_len < 2)
4307 			return -EINVAL;
4308 		if (params->supported_channels_len % 2)
4309 			return -EINVAL;
4310 	}
4311 
4312 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4313 		params->supported_oper_classes =
4314 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4315 		params->supported_oper_classes_len =
4316 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4317 		/*
4318 		 * The value of the Length field of the Supported Operating
4319 		 * Classes element is between 2 and 253.
4320 		 */
4321 		if (params->supported_oper_classes_len < 2 ||
4322 		    params->supported_oper_classes_len > 253)
4323 			return -EINVAL;
4324 	}
4325 	return 0;
4326 }
4327 
4328 static int nl80211_set_station_tdls(struct genl_info *info,
4329 				    struct station_parameters *params)
4330 {
4331 	int err;
4332 	/* Dummy STA entry gets updated once the peer capabilities are known */
4333 	if (info->attrs[NL80211_ATTR_PEER_AID])
4334 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4335 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4336 		params->ht_capa =
4337 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4338 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4339 		params->vht_capa =
4340 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4341 
4342 	err = nl80211_parse_sta_channel_info(info, params);
4343 	if (err)
4344 		return err;
4345 
4346 	return nl80211_parse_sta_wme(info, params);
4347 }
4348 
4349 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4350 {
4351 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4352 	struct net_device *dev = info->user_ptr[1];
4353 	struct station_parameters params;
4354 	u8 *mac_addr;
4355 	int err;
4356 
4357 	memset(&params, 0, sizeof(params));
4358 
4359 	if (!rdev->ops->change_station)
4360 		return -EOPNOTSUPP;
4361 
4362 	/*
4363 	 * AID and listen_interval properties can be set only for unassociated
4364 	 * station. Include these parameters here and will check them in
4365 	 * cfg80211_check_station_change().
4366 	 */
4367 	if (info->attrs[NL80211_ATTR_STA_AID])
4368 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4369 
4370 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4371 		params.listen_interval =
4372 		     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4373 	else
4374 		params.listen_interval = -1;
4375 
4376 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
4377 		u8 tmp;
4378 
4379 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
4380 		if (tmp >= NUM_NL80211_P2P_PS_STATUS)
4381 			return -EINVAL;
4382 
4383 		params.support_p2p_ps = tmp;
4384 	} else {
4385 		params.support_p2p_ps = -1;
4386 	}
4387 
4388 	if (!info->attrs[NL80211_ATTR_MAC])
4389 		return -EINVAL;
4390 
4391 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4392 
4393 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4394 		params.supported_rates =
4395 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4396 		params.supported_rates_len =
4397 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4398 	}
4399 
4400 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4401 		params.capability =
4402 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4403 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4404 	}
4405 
4406 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4407 		params.ext_capab =
4408 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4409 		params.ext_capab_len =
4410 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4411 	}
4412 
4413 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4414 		return -EINVAL;
4415 
4416 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4417 		params.plink_action =
4418 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4419 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4420 			return -EINVAL;
4421 	}
4422 
4423 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4424 		params.plink_state =
4425 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4426 		if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4427 			return -EINVAL;
4428 		if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) {
4429 			params.peer_aid = nla_get_u16(
4430 				info->attrs[NL80211_ATTR_MESH_PEER_AID]);
4431 			if (params.peer_aid > IEEE80211_MAX_AID)
4432 				return -EINVAL;
4433 		}
4434 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4435 	}
4436 
4437 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4438 		enum nl80211_mesh_power_mode pm = nla_get_u32(
4439 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4440 
4441 		if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4442 		    pm > NL80211_MESH_POWER_MAX)
4443 			return -EINVAL;
4444 
4445 		params.local_pm = pm;
4446 	}
4447 
4448 	/* Include parameters for TDLS peer (will check later) */
4449 	err = nl80211_set_station_tdls(info, &params);
4450 	if (err)
4451 		return err;
4452 
4453 	params.vlan = get_vlan(info, rdev);
4454 	if (IS_ERR(params.vlan))
4455 		return PTR_ERR(params.vlan);
4456 
4457 	switch (dev->ieee80211_ptr->iftype) {
4458 	case NL80211_IFTYPE_AP:
4459 	case NL80211_IFTYPE_AP_VLAN:
4460 	case NL80211_IFTYPE_P2P_GO:
4461 	case NL80211_IFTYPE_P2P_CLIENT:
4462 	case NL80211_IFTYPE_STATION:
4463 	case NL80211_IFTYPE_ADHOC:
4464 	case NL80211_IFTYPE_MESH_POINT:
4465 		break;
4466 	default:
4467 		err = -EOPNOTSUPP;
4468 		goto out_put_vlan;
4469 	}
4470 
4471 	/* driver will call cfg80211_check_station_change() */
4472 	err = rdev_change_station(rdev, dev, mac_addr, &params);
4473 
4474  out_put_vlan:
4475 	if (params.vlan)
4476 		dev_put(params.vlan);
4477 
4478 	return err;
4479 }
4480 
4481 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4482 {
4483 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4484 	int err;
4485 	struct net_device *dev = info->user_ptr[1];
4486 	struct station_parameters params;
4487 	u8 *mac_addr = NULL;
4488 	u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4489 			 BIT(NL80211_STA_FLAG_ASSOCIATED);
4490 
4491 	memset(&params, 0, sizeof(params));
4492 
4493 	if (!rdev->ops->add_station)
4494 		return -EOPNOTSUPP;
4495 
4496 	if (!info->attrs[NL80211_ATTR_MAC])
4497 		return -EINVAL;
4498 
4499 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4500 		return -EINVAL;
4501 
4502 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4503 		return -EINVAL;
4504 
4505 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
4506 	    !info->attrs[NL80211_ATTR_PEER_AID])
4507 		return -EINVAL;
4508 
4509 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4510 	params.supported_rates =
4511 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4512 	params.supported_rates_len =
4513 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4514 	params.listen_interval =
4515 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4516 
4517 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
4518 		u8 tmp;
4519 
4520 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
4521 		if (tmp >= NUM_NL80211_P2P_PS_STATUS)
4522 			return -EINVAL;
4523 
4524 		params.support_p2p_ps = tmp;
4525 	} else {
4526 		/*
4527 		 * if not specified, assume it's supported for P2P GO interface,
4528 		 * and is NOT supported for AP interface
4529 		 */
4530 		params.support_p2p_ps =
4531 			dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
4532 	}
4533 
4534 	if (info->attrs[NL80211_ATTR_PEER_AID])
4535 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4536 	else
4537 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4538 	if (!params.aid || params.aid > IEEE80211_MAX_AID)
4539 		return -EINVAL;
4540 
4541 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4542 		params.capability =
4543 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4544 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4545 	}
4546 
4547 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4548 		params.ext_capab =
4549 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4550 		params.ext_capab_len =
4551 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4552 	}
4553 
4554 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4555 		params.ht_capa =
4556 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4557 
4558 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4559 		params.vht_capa =
4560 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4561 
4562 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4563 		params.opmode_notif_used = true;
4564 		params.opmode_notif =
4565 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4566 	}
4567 
4568 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4569 		params.plink_action =
4570 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4571 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4572 			return -EINVAL;
4573 	}
4574 
4575 	err = nl80211_parse_sta_channel_info(info, &params);
4576 	if (err)
4577 		return err;
4578 
4579 	err = nl80211_parse_sta_wme(info, &params);
4580 	if (err)
4581 		return err;
4582 
4583 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4584 		return -EINVAL;
4585 
4586 	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
4587 	 * as userspace might just pass through the capabilities from the IEs
4588 	 * directly, rather than enforcing this restriction and returning an
4589 	 * error in this case.
4590 	 */
4591 	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
4592 		params.ht_capa = NULL;
4593 		params.vht_capa = NULL;
4594 	}
4595 
4596 	/* When you run into this, adjust the code below for the new flag */
4597 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4598 
4599 	switch (dev->ieee80211_ptr->iftype) {
4600 	case NL80211_IFTYPE_AP:
4601 	case NL80211_IFTYPE_AP_VLAN:
4602 	case NL80211_IFTYPE_P2P_GO:
4603 		/* ignore WME attributes if iface/sta is not capable */
4604 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4605 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4606 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4607 
4608 		/* TDLS peers cannot be added */
4609 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4610 		    info->attrs[NL80211_ATTR_PEER_AID])
4611 			return -EINVAL;
4612 		/* but don't bother the driver with it */
4613 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4614 
4615 		/* allow authenticated/associated only if driver handles it */
4616 		if (!(rdev->wiphy.features &
4617 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4618 		    params.sta_flags_mask & auth_assoc)
4619 			return -EINVAL;
4620 
4621 		/* Older userspace, or userspace wanting to be compatible with
4622 		 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
4623 		 * and assoc flags in the mask, but assumes the station will be
4624 		 * added as associated anyway since this was the required driver
4625 		 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
4626 		 * introduced.
4627 		 * In order to not bother drivers with this quirk in the API
4628 		 * set the flags in both the mask and set for new stations in
4629 		 * this case.
4630 		 */
4631 		if (!(params.sta_flags_mask & auth_assoc)) {
4632 			params.sta_flags_mask |= auth_assoc;
4633 			params.sta_flags_set |= auth_assoc;
4634 		}
4635 
4636 		/* must be last in here for error handling */
4637 		params.vlan = get_vlan(info, rdev);
4638 		if (IS_ERR(params.vlan))
4639 			return PTR_ERR(params.vlan);
4640 		break;
4641 	case NL80211_IFTYPE_MESH_POINT:
4642 		/* ignore uAPSD data */
4643 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4644 
4645 		/* associated is disallowed */
4646 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4647 			return -EINVAL;
4648 		/* TDLS peers cannot be added */
4649 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4650 		    info->attrs[NL80211_ATTR_PEER_AID])
4651 			return -EINVAL;
4652 		break;
4653 	case NL80211_IFTYPE_STATION:
4654 	case NL80211_IFTYPE_P2P_CLIENT:
4655 		/* ignore uAPSD data */
4656 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4657 
4658 		/* these are disallowed */
4659 		if (params.sta_flags_mask &
4660 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
4661 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4662 			return -EINVAL;
4663 		/* Only TDLS peers can be added */
4664 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4665 			return -EINVAL;
4666 		/* Can only add if TDLS ... */
4667 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4668 			return -EOPNOTSUPP;
4669 		/* ... with external setup is supported */
4670 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4671 			return -EOPNOTSUPP;
4672 		/*
4673 		 * Older wpa_supplicant versions always mark the TDLS peer
4674 		 * as authorized, but it shouldn't yet be.
4675 		 */
4676 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4677 		break;
4678 	default:
4679 		return -EOPNOTSUPP;
4680 	}
4681 
4682 	/* be aware of params.vlan when changing code here */
4683 
4684 	err = rdev_add_station(rdev, dev, mac_addr, &params);
4685 
4686 	if (params.vlan)
4687 		dev_put(params.vlan);
4688 	return err;
4689 }
4690 
4691 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4692 {
4693 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4694 	struct net_device *dev = info->user_ptr[1];
4695 	struct station_del_parameters params;
4696 
4697 	memset(&params, 0, sizeof(params));
4698 
4699 	if (info->attrs[NL80211_ATTR_MAC])
4700 		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
4701 
4702 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4703 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4704 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4705 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4706 		return -EINVAL;
4707 
4708 	if (!rdev->ops->del_station)
4709 		return -EOPNOTSUPP;
4710 
4711 	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
4712 		params.subtype =
4713 			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
4714 		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
4715 		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
4716 			return -EINVAL;
4717 	} else {
4718 		/* Default to Deauthentication frame */
4719 		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
4720 	}
4721 
4722 	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
4723 		params.reason_code =
4724 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4725 		if (params.reason_code == 0)
4726 			return -EINVAL; /* 0 is reserved */
4727 	} else {
4728 		/* Default to reason code 2 */
4729 		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
4730 	}
4731 
4732 	return rdev_del_station(rdev, dev, &params);
4733 }
4734 
4735 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4736 				int flags, struct net_device *dev,
4737 				u8 *dst, u8 *next_hop,
4738 				struct mpath_info *pinfo)
4739 {
4740 	void *hdr;
4741 	struct nlattr *pinfoattr;
4742 
4743 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
4744 	if (!hdr)
4745 		return -1;
4746 
4747 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4748 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4749 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4750 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4751 		goto nla_put_failure;
4752 
4753 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4754 	if (!pinfoattr)
4755 		goto nla_put_failure;
4756 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4757 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4758 			pinfo->frame_qlen))
4759 		goto nla_put_failure;
4760 	if (((pinfo->filled & MPATH_INFO_SN) &&
4761 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4762 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
4763 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4764 			 pinfo->metric)) ||
4765 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4766 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4767 			 pinfo->exptime)) ||
4768 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
4769 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4770 			pinfo->flags)) ||
4771 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4772 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4773 			 pinfo->discovery_timeout)) ||
4774 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4775 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4776 			pinfo->discovery_retries)))
4777 		goto nla_put_failure;
4778 
4779 	nla_nest_end(msg, pinfoattr);
4780 
4781 	genlmsg_end(msg, hdr);
4782 	return 0;
4783 
4784  nla_put_failure:
4785 	genlmsg_cancel(msg, hdr);
4786 	return -EMSGSIZE;
4787 }
4788 
4789 static int nl80211_dump_mpath(struct sk_buff *skb,
4790 			      struct netlink_callback *cb)
4791 {
4792 	struct mpath_info pinfo;
4793 	struct cfg80211_registered_device *rdev;
4794 	struct wireless_dev *wdev;
4795 	u8 dst[ETH_ALEN];
4796 	u8 next_hop[ETH_ALEN];
4797 	int path_idx = cb->args[2];
4798 	int err;
4799 
4800 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4801 	if (err)
4802 		return err;
4803 
4804 	if (!rdev->ops->dump_mpath) {
4805 		err = -EOPNOTSUPP;
4806 		goto out_err;
4807 	}
4808 
4809 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4810 		err = -EOPNOTSUPP;
4811 		goto out_err;
4812 	}
4813 
4814 	while (1) {
4815 		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
4816 				      next_hop, &pinfo);
4817 		if (err == -ENOENT)
4818 			break;
4819 		if (err)
4820 			goto out_err;
4821 
4822 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4823 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4824 				       wdev->netdev, dst, next_hop,
4825 				       &pinfo) < 0)
4826 			goto out;
4827 
4828 		path_idx++;
4829 	}
4830 
4831  out:
4832 	cb->args[2] = path_idx;
4833 	err = skb->len;
4834  out_err:
4835 	nl80211_finish_wdev_dump(rdev);
4836 	return err;
4837 }
4838 
4839 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4840 {
4841 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4842 	int err;
4843 	struct net_device *dev = info->user_ptr[1];
4844 	struct mpath_info pinfo;
4845 	struct sk_buff *msg;
4846 	u8 *dst = NULL;
4847 	u8 next_hop[ETH_ALEN];
4848 
4849 	memset(&pinfo, 0, sizeof(pinfo));
4850 
4851 	if (!info->attrs[NL80211_ATTR_MAC])
4852 		return -EINVAL;
4853 
4854 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4855 
4856 	if (!rdev->ops->get_mpath)
4857 		return -EOPNOTSUPP;
4858 
4859 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4860 		return -EOPNOTSUPP;
4861 
4862 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4863 	if (err)
4864 		return err;
4865 
4866 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4867 	if (!msg)
4868 		return -ENOMEM;
4869 
4870 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4871 				 dev, dst, next_hop, &pinfo) < 0) {
4872 		nlmsg_free(msg);
4873 		return -ENOBUFS;
4874 	}
4875 
4876 	return genlmsg_reply(msg, info);
4877 }
4878 
4879 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4880 {
4881 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4882 	struct net_device *dev = info->user_ptr[1];
4883 	u8 *dst = NULL;
4884 	u8 *next_hop = NULL;
4885 
4886 	if (!info->attrs[NL80211_ATTR_MAC])
4887 		return -EINVAL;
4888 
4889 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4890 		return -EINVAL;
4891 
4892 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4893 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4894 
4895 	if (!rdev->ops->change_mpath)
4896 		return -EOPNOTSUPP;
4897 
4898 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4899 		return -EOPNOTSUPP;
4900 
4901 	return rdev_change_mpath(rdev, dev, dst, next_hop);
4902 }
4903 
4904 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4905 {
4906 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4907 	struct net_device *dev = info->user_ptr[1];
4908 	u8 *dst = NULL;
4909 	u8 *next_hop = NULL;
4910 
4911 	if (!info->attrs[NL80211_ATTR_MAC])
4912 		return -EINVAL;
4913 
4914 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4915 		return -EINVAL;
4916 
4917 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4918 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4919 
4920 	if (!rdev->ops->add_mpath)
4921 		return -EOPNOTSUPP;
4922 
4923 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4924 		return -EOPNOTSUPP;
4925 
4926 	return rdev_add_mpath(rdev, dev, dst, next_hop);
4927 }
4928 
4929 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4930 {
4931 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4932 	struct net_device *dev = info->user_ptr[1];
4933 	u8 *dst = NULL;
4934 
4935 	if (info->attrs[NL80211_ATTR_MAC])
4936 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4937 
4938 	if (!rdev->ops->del_mpath)
4939 		return -EOPNOTSUPP;
4940 
4941 	return rdev_del_mpath(rdev, dev, dst);
4942 }
4943 
4944 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
4945 {
4946 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4947 	int err;
4948 	struct net_device *dev = info->user_ptr[1];
4949 	struct mpath_info pinfo;
4950 	struct sk_buff *msg;
4951 	u8 *dst = NULL;
4952 	u8 mpp[ETH_ALEN];
4953 
4954 	memset(&pinfo, 0, sizeof(pinfo));
4955 
4956 	if (!info->attrs[NL80211_ATTR_MAC])
4957 		return -EINVAL;
4958 
4959 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4960 
4961 	if (!rdev->ops->get_mpp)
4962 		return -EOPNOTSUPP;
4963 
4964 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4965 		return -EOPNOTSUPP;
4966 
4967 	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
4968 	if (err)
4969 		return err;
4970 
4971 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4972 	if (!msg)
4973 		return -ENOMEM;
4974 
4975 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4976 			       dev, dst, mpp, &pinfo) < 0) {
4977 		nlmsg_free(msg);
4978 		return -ENOBUFS;
4979 	}
4980 
4981 	return genlmsg_reply(msg, info);
4982 }
4983 
4984 static int nl80211_dump_mpp(struct sk_buff *skb,
4985 			    struct netlink_callback *cb)
4986 {
4987 	struct mpath_info pinfo;
4988 	struct cfg80211_registered_device *rdev;
4989 	struct wireless_dev *wdev;
4990 	u8 dst[ETH_ALEN];
4991 	u8 mpp[ETH_ALEN];
4992 	int path_idx = cb->args[2];
4993 	int err;
4994 
4995 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4996 	if (err)
4997 		return err;
4998 
4999 	if (!rdev->ops->dump_mpp) {
5000 		err = -EOPNOTSUPP;
5001 		goto out_err;
5002 	}
5003 
5004 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5005 		err = -EOPNOTSUPP;
5006 		goto out_err;
5007 	}
5008 
5009 	while (1) {
5010 		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
5011 				    mpp, &pinfo);
5012 		if (err == -ENOENT)
5013 			break;
5014 		if (err)
5015 			goto out_err;
5016 
5017 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5018 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
5019 				       wdev->netdev, dst, mpp,
5020 				       &pinfo) < 0)
5021 			goto out;
5022 
5023 		path_idx++;
5024 	}
5025 
5026  out:
5027 	cb->args[2] = path_idx;
5028 	err = skb->len;
5029  out_err:
5030 	nl80211_finish_wdev_dump(rdev);
5031 	return err;
5032 }
5033 
5034 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
5035 {
5036 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5037 	struct net_device *dev = info->user_ptr[1];
5038 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5039 	struct bss_parameters params;
5040 	int err;
5041 
5042 	memset(&params, 0, sizeof(params));
5043 	/* default to not changing parameters */
5044 	params.use_cts_prot = -1;
5045 	params.use_short_preamble = -1;
5046 	params.use_short_slot_time = -1;
5047 	params.ap_isolate = -1;
5048 	params.ht_opmode = -1;
5049 	params.p2p_ctwindow = -1;
5050 	params.p2p_opp_ps = -1;
5051 
5052 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
5053 		params.use_cts_prot =
5054 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
5055 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
5056 		params.use_short_preamble =
5057 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
5058 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
5059 		params.use_short_slot_time =
5060 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
5061 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
5062 		params.basic_rates =
5063 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5064 		params.basic_rates_len =
5065 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5066 	}
5067 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
5068 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
5069 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
5070 		params.ht_opmode =
5071 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
5072 
5073 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
5074 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5075 			return -EINVAL;
5076 		params.p2p_ctwindow =
5077 			nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
5078 		if (params.p2p_ctwindow < 0)
5079 			return -EINVAL;
5080 		if (params.p2p_ctwindow != 0 &&
5081 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
5082 			return -EINVAL;
5083 	}
5084 
5085 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
5086 		u8 tmp;
5087 
5088 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5089 			return -EINVAL;
5090 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
5091 		if (tmp > 1)
5092 			return -EINVAL;
5093 		params.p2p_opp_ps = tmp;
5094 		if (params.p2p_opp_ps &&
5095 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
5096 			return -EINVAL;
5097 	}
5098 
5099 	if (!rdev->ops->change_bss)
5100 		return -EOPNOTSUPP;
5101 
5102 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5103 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5104 		return -EOPNOTSUPP;
5105 
5106 	wdev_lock(wdev);
5107 	err = rdev_change_bss(rdev, dev, &params);
5108 	wdev_unlock(wdev);
5109 
5110 	return err;
5111 }
5112 
5113 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
5114 {
5115 	char *data = NULL;
5116 	bool is_indoor;
5117 	enum nl80211_user_reg_hint_type user_reg_hint_type;
5118 	u32 owner_nlportid;
5119 
5120 	/*
5121 	 * You should only get this when cfg80211 hasn't yet initialized
5122 	 * completely when built-in to the kernel right between the time
5123 	 * window between nl80211_init() and regulatory_init(), if that is
5124 	 * even possible.
5125 	 */
5126 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
5127 		return -EINPROGRESS;
5128 
5129 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
5130 		user_reg_hint_type =
5131 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
5132 	else
5133 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
5134 
5135 	switch (user_reg_hint_type) {
5136 	case NL80211_USER_REG_HINT_USER:
5137 	case NL80211_USER_REG_HINT_CELL_BASE:
5138 		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5139 			return -EINVAL;
5140 
5141 		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5142 		return regulatory_hint_user(data, user_reg_hint_type);
5143 	case NL80211_USER_REG_HINT_INDOOR:
5144 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
5145 			owner_nlportid = info->snd_portid;
5146 			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
5147 		} else {
5148 			owner_nlportid = 0;
5149 			is_indoor = true;
5150 		}
5151 
5152 		return regulatory_hint_indoor(is_indoor, owner_nlportid);
5153 	default:
5154 		return -EINVAL;
5155 	}
5156 }
5157 
5158 static int nl80211_get_mesh_config(struct sk_buff *skb,
5159 				   struct genl_info *info)
5160 {
5161 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5162 	struct net_device *dev = info->user_ptr[1];
5163 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5164 	struct mesh_config cur_params;
5165 	int err = 0;
5166 	void *hdr;
5167 	struct nlattr *pinfoattr;
5168 	struct sk_buff *msg;
5169 
5170 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5171 		return -EOPNOTSUPP;
5172 
5173 	if (!rdev->ops->get_mesh_config)
5174 		return -EOPNOTSUPP;
5175 
5176 	wdev_lock(wdev);
5177 	/* If not connected, get default parameters */
5178 	if (!wdev->mesh_id_len)
5179 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
5180 	else
5181 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
5182 	wdev_unlock(wdev);
5183 
5184 	if (err)
5185 		return err;
5186 
5187 	/* Draw up a netlink message to send back */
5188 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5189 	if (!msg)
5190 		return -ENOMEM;
5191 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5192 			     NL80211_CMD_GET_MESH_CONFIG);
5193 	if (!hdr)
5194 		goto out;
5195 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
5196 	if (!pinfoattr)
5197 		goto nla_put_failure;
5198 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5199 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
5200 			cur_params.dot11MeshRetryTimeout) ||
5201 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5202 			cur_params.dot11MeshConfirmTimeout) ||
5203 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
5204 			cur_params.dot11MeshHoldingTimeout) ||
5205 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
5206 			cur_params.dot11MeshMaxPeerLinks) ||
5207 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
5208 		       cur_params.dot11MeshMaxRetries) ||
5209 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
5210 		       cur_params.dot11MeshTTL) ||
5211 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
5212 		       cur_params.element_ttl) ||
5213 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5214 		       cur_params.auto_open_plinks) ||
5215 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5216 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
5217 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5218 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
5219 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
5220 			cur_params.path_refresh_time) ||
5221 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5222 			cur_params.min_discovery_timeout) ||
5223 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5224 			cur_params.dot11MeshHWMPactivePathTimeout) ||
5225 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5226 			cur_params.dot11MeshHWMPpreqMinInterval) ||
5227 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5228 			cur_params.dot11MeshHWMPperrMinInterval) ||
5229 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5230 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
5231 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
5232 		       cur_params.dot11MeshHWMPRootMode) ||
5233 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5234 			cur_params.dot11MeshHWMPRannInterval) ||
5235 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5236 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
5237 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
5238 		       cur_params.dot11MeshForwarding) ||
5239 	    nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
5240 			cur_params.rssi_threshold) ||
5241 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
5242 			cur_params.ht_opmode) ||
5243 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5244 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
5245 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5246 			cur_params.dot11MeshHWMProotInterval) ||
5247 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5248 			cur_params.dot11MeshHWMPconfirmationInterval) ||
5249 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
5250 			cur_params.power_mode) ||
5251 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
5252 			cur_params.dot11MeshAwakeWindowDuration) ||
5253 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
5254 			cur_params.plink_timeout))
5255 		goto nla_put_failure;
5256 	nla_nest_end(msg, pinfoattr);
5257 	genlmsg_end(msg, hdr);
5258 	return genlmsg_reply(msg, info);
5259 
5260  nla_put_failure:
5261 	genlmsg_cancel(msg, hdr);
5262  out:
5263 	nlmsg_free(msg);
5264 	return -ENOBUFS;
5265 }
5266 
5267 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
5268 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
5269 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
5270 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
5271 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
5272 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
5273 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
5274 	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
5275 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
5276 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
5277 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
5278 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
5279 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
5280 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
5281 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
5282 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
5283 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
5284 	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
5285 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
5286 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
5287 	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
5288 	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
5289 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
5290 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
5291 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
5292 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
5293 	[NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
5294 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
5295 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
5296 };
5297 
5298 static const struct nla_policy
5299 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
5300 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
5301 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
5302 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
5303 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
5304 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
5305 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
5306 	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
5307 				    .len = IEEE80211_MAX_DATA_LEN },
5308 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
5309 };
5310 
5311 static int nl80211_check_bool(const struct nlattr *nla, u8 min, u8 max, bool *out)
5312 {
5313 	u8 val = nla_get_u8(nla);
5314 	if (val < min || val > max)
5315 		return -EINVAL;
5316 	*out = val;
5317 	return 0;
5318 }
5319 
5320 static int nl80211_check_u8(const struct nlattr *nla, u8 min, u8 max, u8 *out)
5321 {
5322 	u8 val = nla_get_u8(nla);
5323 	if (val < min || val > max)
5324 		return -EINVAL;
5325 	*out = val;
5326 	return 0;
5327 }
5328 
5329 static int nl80211_check_u16(const struct nlattr *nla, u16 min, u16 max, u16 *out)
5330 {
5331 	u16 val = nla_get_u16(nla);
5332 	if (val < min || val > max)
5333 		return -EINVAL;
5334 	*out = val;
5335 	return 0;
5336 }
5337 
5338 static int nl80211_check_u32(const struct nlattr *nla, u32 min, u32 max, u32 *out)
5339 {
5340 	u32 val = nla_get_u32(nla);
5341 	if (val < min || val > max)
5342 		return -EINVAL;
5343 	*out = val;
5344 	return 0;
5345 }
5346 
5347 static int nl80211_check_s32(const struct nlattr *nla, s32 min, s32 max, s32 *out)
5348 {
5349 	s32 val = nla_get_s32(nla);
5350 	if (val < min || val > max)
5351 		return -EINVAL;
5352 	*out = val;
5353 	return 0;
5354 }
5355 
5356 static int nl80211_check_power_mode(const struct nlattr *nla,
5357 				    enum nl80211_mesh_power_mode min,
5358 				    enum nl80211_mesh_power_mode max,
5359 				    enum nl80211_mesh_power_mode *out)
5360 {
5361 	u32 val = nla_get_u32(nla);
5362 	if (val < min || val > max)
5363 		return -EINVAL;
5364 	*out = val;
5365 	return 0;
5366 }
5367 
5368 static int nl80211_parse_mesh_config(struct genl_info *info,
5369 				     struct mesh_config *cfg,
5370 				     u32 *mask_out)
5371 {
5372 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
5373 	u32 mask = 0;
5374 	u16 ht_opmode;
5375 
5376 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
5377 do {									    \
5378 	if (tb[attr]) {							    \
5379 		if (fn(tb[attr], min, max, &cfg->param))		    \
5380 			return -EINVAL;					    \
5381 		mask |= (1 << (attr - 1));				    \
5382 	}								    \
5383 } while (0)
5384 
5385 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
5386 		return -EINVAL;
5387 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
5388 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
5389 			     nl80211_meshconf_params_policy))
5390 		return -EINVAL;
5391 
5392 	/* This makes sure that there aren't more than 32 mesh config
5393 	 * parameters (otherwise our bitfield scheme would not work.) */
5394 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
5395 
5396 	/* Fill in the params struct */
5397 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
5398 				  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
5399 				  nl80211_check_u16);
5400 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
5401 				  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5402 				  nl80211_check_u16);
5403 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
5404 				  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
5405 				  nl80211_check_u16);
5406 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
5407 				  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
5408 				  nl80211_check_u16);
5409 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
5410 				  mask, NL80211_MESHCONF_MAX_RETRIES,
5411 				  nl80211_check_u8);
5412 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
5413 				  mask, NL80211_MESHCONF_TTL, nl80211_check_u8);
5414 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
5415 				  mask, NL80211_MESHCONF_ELEMENT_TTL,
5416 				  nl80211_check_u8);
5417 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
5418 				  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5419 				  nl80211_check_bool);
5420 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
5421 				  1, 255, mask,
5422 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5423 				  nl80211_check_u32);
5424 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
5425 				  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5426 				  nl80211_check_u8);
5427 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
5428 				  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
5429 				  nl80211_check_u32);
5430 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
5431 				  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5432 				  nl80211_check_u16);
5433 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
5434 				  1, 65535, mask,
5435 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5436 				  nl80211_check_u32);
5437 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
5438 				  1, 65535, mask,
5439 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5440 				  nl80211_check_u16);
5441 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
5442 				  1, 65535, mask,
5443 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5444 				  nl80211_check_u16);
5445 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5446 				  dot11MeshHWMPnetDiameterTraversalTime,
5447 				  1, 65535, mask,
5448 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5449 				  nl80211_check_u16);
5450 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
5451 				  mask, NL80211_MESHCONF_HWMP_ROOTMODE,
5452 				  nl80211_check_u8);
5453 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
5454 				  mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5455 				  nl80211_check_u16);
5456 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5457 				  dot11MeshGateAnnouncementProtocol, 0, 1,
5458 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5459 				  nl80211_check_bool);
5460 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
5461 				  mask, NL80211_MESHCONF_FORWARDING,
5462 				  nl80211_check_bool);
5463 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
5464 				  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
5465 				  nl80211_check_s32);
5466 	/*
5467 	 * Check HT operation mode based on
5468 	 * IEEE 802.11 2012 8.4.2.59 HT Operation element.
5469 	 */
5470 	if (tb[NL80211_MESHCONF_HT_OPMODE]) {
5471 		ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
5472 
5473 		if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
5474 				  IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
5475 				  IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
5476 			return -EINVAL;
5477 
5478 		if ((ht_opmode & IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT) &&
5479 		    (ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
5480 			return -EINVAL;
5481 
5482 		switch (ht_opmode & IEEE80211_HT_OP_MODE_PROTECTION) {
5483 		case IEEE80211_HT_OP_MODE_PROTECTION_NONE:
5484 		case IEEE80211_HT_OP_MODE_PROTECTION_20MHZ:
5485 			if (ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT)
5486 				return -EINVAL;
5487 			break;
5488 		case IEEE80211_HT_OP_MODE_PROTECTION_NONMEMBER:
5489 		case IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED:
5490 			if (!(ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
5491 				return -EINVAL;
5492 			break;
5493 		}
5494 		cfg->ht_opmode = ht_opmode;
5495 	}
5496 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
5497 				  1, 65535, mask,
5498 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5499 				  nl80211_check_u32);
5500 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
5501 				  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5502 				  nl80211_check_u16);
5503 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5504 				  dot11MeshHWMPconfirmationInterval,
5505 				  1, 65535, mask,
5506 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5507 				  nl80211_check_u16);
5508 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
5509 				  NL80211_MESH_POWER_ACTIVE,
5510 				  NL80211_MESH_POWER_MAX,
5511 				  mask, NL80211_MESHCONF_POWER_MODE,
5512 				  nl80211_check_power_mode);
5513 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
5514 				  0, 65535, mask,
5515 				  NL80211_MESHCONF_AWAKE_WINDOW, nl80211_check_u16);
5516 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
5517 				  mask, NL80211_MESHCONF_PLINK_TIMEOUT,
5518 				  nl80211_check_u32);
5519 	if (mask_out)
5520 		*mask_out = mask;
5521 
5522 	return 0;
5523 
5524 #undef FILL_IN_MESH_PARAM_IF_SET
5525 }
5526 
5527 static int nl80211_parse_mesh_setup(struct genl_info *info,
5528 				     struct mesh_setup *setup)
5529 {
5530 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5531 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
5532 
5533 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
5534 		return -EINVAL;
5535 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
5536 			     info->attrs[NL80211_ATTR_MESH_SETUP],
5537 			     nl80211_mesh_setup_params_policy))
5538 		return -EINVAL;
5539 
5540 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
5541 		setup->sync_method =
5542 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
5543 		 IEEE80211_SYNC_METHOD_VENDOR :
5544 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
5545 
5546 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
5547 		setup->path_sel_proto =
5548 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
5549 		 IEEE80211_PATH_PROTOCOL_VENDOR :
5550 		 IEEE80211_PATH_PROTOCOL_HWMP;
5551 
5552 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
5553 		setup->path_metric =
5554 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
5555 		 IEEE80211_PATH_METRIC_VENDOR :
5556 		 IEEE80211_PATH_METRIC_AIRTIME;
5557 
5558 	if (tb[NL80211_MESH_SETUP_IE]) {
5559 		struct nlattr *ieattr =
5560 			tb[NL80211_MESH_SETUP_IE];
5561 		if (!is_valid_ie_attr(ieattr))
5562 			return -EINVAL;
5563 		setup->ie = nla_data(ieattr);
5564 		setup->ie_len = nla_len(ieattr);
5565 	}
5566 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
5567 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
5568 		return -EINVAL;
5569 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
5570 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
5571 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
5572 	if (setup->is_secure)
5573 		setup->user_mpm = true;
5574 
5575 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
5576 		if (!setup->user_mpm)
5577 			return -EINVAL;
5578 		setup->auth_id =
5579 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
5580 	}
5581 
5582 	return 0;
5583 }
5584 
5585 static int nl80211_update_mesh_config(struct sk_buff *skb,
5586 				      struct genl_info *info)
5587 {
5588 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5589 	struct net_device *dev = info->user_ptr[1];
5590 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5591 	struct mesh_config cfg;
5592 	u32 mask;
5593 	int err;
5594 
5595 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5596 		return -EOPNOTSUPP;
5597 
5598 	if (!rdev->ops->update_mesh_config)
5599 		return -EOPNOTSUPP;
5600 
5601 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
5602 	if (err)
5603 		return err;
5604 
5605 	wdev_lock(wdev);
5606 	if (!wdev->mesh_id_len)
5607 		err = -ENOLINK;
5608 
5609 	if (!err)
5610 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5611 
5612 	wdev_unlock(wdev);
5613 
5614 	return err;
5615 }
5616 
5617 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
5618 			      struct sk_buff *msg)
5619 {
5620 	struct nlattr *nl_reg_rules;
5621 	unsigned int i;
5622 
5623 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
5624 	    (regdom->dfs_region &&
5625 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
5626 		goto nla_put_failure;
5627 
5628 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
5629 	if (!nl_reg_rules)
5630 		goto nla_put_failure;
5631 
5632 	for (i = 0; i < regdom->n_reg_rules; i++) {
5633 		struct nlattr *nl_reg_rule;
5634 		const struct ieee80211_reg_rule *reg_rule;
5635 		const struct ieee80211_freq_range *freq_range;
5636 		const struct ieee80211_power_rule *power_rule;
5637 		unsigned int max_bandwidth_khz;
5638 
5639 		reg_rule = &regdom->reg_rules[i];
5640 		freq_range = &reg_rule->freq_range;
5641 		power_rule = &reg_rule->power_rule;
5642 
5643 		nl_reg_rule = nla_nest_start(msg, i);
5644 		if (!nl_reg_rule)
5645 			goto nla_put_failure;
5646 
5647 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
5648 		if (!max_bandwidth_khz)
5649 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
5650 								  reg_rule);
5651 
5652 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
5653 				reg_rule->flags) ||
5654 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
5655 				freq_range->start_freq_khz) ||
5656 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
5657 				freq_range->end_freq_khz) ||
5658 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5659 				max_bandwidth_khz) ||
5660 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
5661 				power_rule->max_antenna_gain) ||
5662 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5663 				power_rule->max_eirp) ||
5664 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
5665 				reg_rule->dfs_cac_ms))
5666 			goto nla_put_failure;
5667 
5668 		nla_nest_end(msg, nl_reg_rule);
5669 	}
5670 
5671 	nla_nest_end(msg, nl_reg_rules);
5672 	return 0;
5673 
5674 nla_put_failure:
5675 	return -EMSGSIZE;
5676 }
5677 
5678 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
5679 {
5680 	const struct ieee80211_regdomain *regdom = NULL;
5681 	struct cfg80211_registered_device *rdev;
5682 	struct wiphy *wiphy = NULL;
5683 	struct sk_buff *msg;
5684 	void *hdr;
5685 
5686 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5687 	if (!msg)
5688 		return -ENOBUFS;
5689 
5690 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5691 			     NL80211_CMD_GET_REG);
5692 	if (!hdr)
5693 		goto put_failure;
5694 
5695 	if (info->attrs[NL80211_ATTR_WIPHY]) {
5696 		bool self_managed;
5697 
5698 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
5699 		if (IS_ERR(rdev)) {
5700 			nlmsg_free(msg);
5701 			return PTR_ERR(rdev);
5702 		}
5703 
5704 		wiphy = &rdev->wiphy;
5705 		self_managed = wiphy->regulatory_flags &
5706 			       REGULATORY_WIPHY_SELF_MANAGED;
5707 		regdom = get_wiphy_regdom(wiphy);
5708 
5709 		/* a self-managed-reg device must have a private regdom */
5710 		if (WARN_ON(!regdom && self_managed)) {
5711 			nlmsg_free(msg);
5712 			return -EINVAL;
5713 		}
5714 
5715 		if (regdom &&
5716 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
5717 			goto nla_put_failure;
5718 	}
5719 
5720 	if (!wiphy && reg_last_request_cell_base() &&
5721 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5722 			NL80211_USER_REG_HINT_CELL_BASE))
5723 		goto nla_put_failure;
5724 
5725 	rcu_read_lock();
5726 
5727 	if (!regdom)
5728 		regdom = rcu_dereference(cfg80211_regdomain);
5729 
5730 	if (nl80211_put_regdom(regdom, msg))
5731 		goto nla_put_failure_rcu;
5732 
5733 	rcu_read_unlock();
5734 
5735 	genlmsg_end(msg, hdr);
5736 	return genlmsg_reply(msg, info);
5737 
5738 nla_put_failure_rcu:
5739 	rcu_read_unlock();
5740 nla_put_failure:
5741 	genlmsg_cancel(msg, hdr);
5742 put_failure:
5743 	nlmsg_free(msg);
5744 	return -EMSGSIZE;
5745 }
5746 
5747 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
5748 			       u32 seq, int flags, struct wiphy *wiphy,
5749 			       const struct ieee80211_regdomain *regdom)
5750 {
5751 	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5752 				   NL80211_CMD_GET_REG);
5753 
5754 	if (!hdr)
5755 		return -1;
5756 
5757 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5758 
5759 	if (nl80211_put_regdom(regdom, msg))
5760 		goto nla_put_failure;
5761 
5762 	if (!wiphy && reg_last_request_cell_base() &&
5763 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5764 			NL80211_USER_REG_HINT_CELL_BASE))
5765 		goto nla_put_failure;
5766 
5767 	if (wiphy &&
5768 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
5769 		goto nla_put_failure;
5770 
5771 	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
5772 	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
5773 		goto nla_put_failure;
5774 
5775 	genlmsg_end(msg, hdr);
5776 	return 0;
5777 
5778 nla_put_failure:
5779 	genlmsg_cancel(msg, hdr);
5780 	return -EMSGSIZE;
5781 }
5782 
5783 static int nl80211_get_reg_dump(struct sk_buff *skb,
5784 				struct netlink_callback *cb)
5785 {
5786 	const struct ieee80211_regdomain *regdom = NULL;
5787 	struct cfg80211_registered_device *rdev;
5788 	int err, reg_idx, start = cb->args[2];
5789 
5790 	rtnl_lock();
5791 
5792 	if (cfg80211_regdomain && start == 0) {
5793 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
5794 					  NLM_F_MULTI, NULL,
5795 					  rtnl_dereference(cfg80211_regdomain));
5796 		if (err < 0)
5797 			goto out_err;
5798 	}
5799 
5800 	/* the global regdom is idx 0 */
5801 	reg_idx = 1;
5802 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
5803 		regdom = get_wiphy_regdom(&rdev->wiphy);
5804 		if (!regdom)
5805 			continue;
5806 
5807 		if (++reg_idx <= start)
5808 			continue;
5809 
5810 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
5811 					  NLM_F_MULTI, &rdev->wiphy, regdom);
5812 		if (err < 0) {
5813 			reg_idx--;
5814 			break;
5815 		}
5816 	}
5817 
5818 	cb->args[2] = reg_idx;
5819 	err = skb->len;
5820 out_err:
5821 	rtnl_unlock();
5822 	return err;
5823 }
5824 
5825 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
5826 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
5827 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
5828 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
5829 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
5830 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
5831 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
5832 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
5833 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
5834 };
5835 
5836 static int parse_reg_rule(struct nlattr *tb[],
5837 	struct ieee80211_reg_rule *reg_rule)
5838 {
5839 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
5840 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
5841 
5842 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
5843 		return -EINVAL;
5844 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
5845 		return -EINVAL;
5846 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
5847 		return -EINVAL;
5848 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
5849 		return -EINVAL;
5850 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
5851 		return -EINVAL;
5852 
5853 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
5854 
5855 	freq_range->start_freq_khz =
5856 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
5857 	freq_range->end_freq_khz =
5858 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
5859 	freq_range->max_bandwidth_khz =
5860 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
5861 
5862 	power_rule->max_eirp =
5863 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
5864 
5865 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
5866 		power_rule->max_antenna_gain =
5867 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
5868 
5869 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
5870 		reg_rule->dfs_cac_ms =
5871 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
5872 
5873 	return 0;
5874 }
5875 
5876 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5877 {
5878 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5879 	struct nlattr *nl_reg_rule;
5880 	char *alpha2;
5881 	int rem_reg_rules, r;
5882 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
5883 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5884 	struct ieee80211_regdomain *rd;
5885 
5886 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5887 		return -EINVAL;
5888 
5889 	if (!info->attrs[NL80211_ATTR_REG_RULES])
5890 		return -EINVAL;
5891 
5892 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5893 
5894 	if (info->attrs[NL80211_ATTR_DFS_REGION])
5895 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5896 
5897 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5898 			    rem_reg_rules) {
5899 		num_rules++;
5900 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5901 			return -EINVAL;
5902 	}
5903 
5904 	if (!reg_is_valid_request(alpha2))
5905 		return -EINVAL;
5906 
5907 	size_of_regd = sizeof(struct ieee80211_regdomain) +
5908 		       num_rules * sizeof(struct ieee80211_reg_rule);
5909 
5910 	rd = kzalloc(size_of_regd, GFP_KERNEL);
5911 	if (!rd)
5912 		return -ENOMEM;
5913 
5914 	rd->n_reg_rules = num_rules;
5915 	rd->alpha2[0] = alpha2[0];
5916 	rd->alpha2[1] = alpha2[1];
5917 
5918 	/*
5919 	 * Disable DFS master mode if the DFS region was
5920 	 * not supported or known on this kernel.
5921 	 */
5922 	if (reg_supported_dfs_region(dfs_region))
5923 		rd->dfs_region = dfs_region;
5924 
5925 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5926 			    rem_reg_rules) {
5927 		r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5928 			      nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5929 			      reg_rule_policy);
5930 		if (r)
5931 			goto bad_reg;
5932 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5933 		if (r)
5934 			goto bad_reg;
5935 
5936 		rule_idx++;
5937 
5938 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5939 			r = -EINVAL;
5940 			goto bad_reg;
5941 		}
5942 	}
5943 
5944 	/* set_regdom takes ownership of rd */
5945 	return set_regdom(rd, REGD_SOURCE_CRDA);
5946  bad_reg:
5947 	kfree(rd);
5948 	return r;
5949 }
5950 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
5951 
5952 static int validate_scan_freqs(struct nlattr *freqs)
5953 {
5954 	struct nlattr *attr1, *attr2;
5955 	int n_channels = 0, tmp1, tmp2;
5956 
5957 	nla_for_each_nested(attr1, freqs, tmp1) {
5958 		n_channels++;
5959 		/*
5960 		 * Some hardware has a limited channel list for
5961 		 * scanning, and it is pretty much nonsensical
5962 		 * to scan for a channel twice, so disallow that
5963 		 * and don't require drivers to check that the
5964 		 * channel list they get isn't longer than what
5965 		 * they can scan, as long as they can scan all
5966 		 * the channels they registered at once.
5967 		 */
5968 		nla_for_each_nested(attr2, freqs, tmp2)
5969 			if (attr1 != attr2 &&
5970 			    nla_get_u32(attr1) == nla_get_u32(attr2))
5971 				return 0;
5972 	}
5973 
5974 	return n_channels;
5975 }
5976 
5977 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
5978 {
5979 	return b < NUM_NL80211_BANDS && wiphy->bands[b];
5980 }
5981 
5982 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
5983 			    struct cfg80211_bss_selection *bss_select)
5984 {
5985 	struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
5986 	struct nlattr *nest;
5987 	int err;
5988 	bool found = false;
5989 	int i;
5990 
5991 	/* only process one nested attribute */
5992 	nest = nla_data(nla);
5993 	if (!nla_ok(nest, nla_len(nest)))
5994 		return -EINVAL;
5995 
5996 	err = nla_parse(attr, NL80211_BSS_SELECT_ATTR_MAX, nla_data(nest),
5997 			nla_len(nest), nl80211_bss_select_policy);
5998 	if (err)
5999 		return err;
6000 
6001 	/* only one attribute may be given */
6002 	for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
6003 		if (attr[i]) {
6004 			if (found)
6005 				return -EINVAL;
6006 			found = true;
6007 		}
6008 	}
6009 
6010 	bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
6011 
6012 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
6013 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
6014 
6015 	if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
6016 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
6017 		bss_select->param.band_pref =
6018 			nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
6019 		if (!is_band_valid(wiphy, bss_select->param.band_pref))
6020 			return -EINVAL;
6021 	}
6022 
6023 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
6024 		struct nl80211_bss_select_rssi_adjust *adj_param;
6025 
6026 		adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
6027 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
6028 		bss_select->param.adjust.band = adj_param->band;
6029 		bss_select->param.adjust.delta = adj_param->delta;
6030 		if (!is_band_valid(wiphy, bss_select->param.adjust.band))
6031 			return -EINVAL;
6032 	}
6033 
6034 	/* user-space did not provide behaviour attribute */
6035 	if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
6036 		return -EINVAL;
6037 
6038 	if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
6039 		return -EINVAL;
6040 
6041 	return 0;
6042 }
6043 
6044 static int nl80211_parse_random_mac(struct nlattr **attrs,
6045 				    u8 *mac_addr, u8 *mac_addr_mask)
6046 {
6047 	int i;
6048 
6049 	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
6050 		eth_zero_addr(mac_addr);
6051 		eth_zero_addr(mac_addr_mask);
6052 		mac_addr[0] = 0x2;
6053 		mac_addr_mask[0] = 0x3;
6054 
6055 		return 0;
6056 	}
6057 
6058 	/* need both or none */
6059 	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
6060 		return -EINVAL;
6061 
6062 	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
6063 	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
6064 
6065 	/* don't allow or configure an mcast address */
6066 	if (!is_multicast_ether_addr(mac_addr_mask) ||
6067 	    is_multicast_ether_addr(mac_addr))
6068 		return -EINVAL;
6069 
6070 	/*
6071 	 * allow users to pass a MAC address that has bits set outside
6072 	 * of the mask, but don't bother drivers with having to deal
6073 	 * with such bits
6074 	 */
6075 	for (i = 0; i < ETH_ALEN; i++)
6076 		mac_addr[i] &= mac_addr_mask[i];
6077 
6078 	return 0;
6079 }
6080 
6081 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
6082 {
6083 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6084 	struct wireless_dev *wdev = info->user_ptr[1];
6085 	struct cfg80211_scan_request *request;
6086 	struct nlattr *attr;
6087 	struct wiphy *wiphy;
6088 	int err, tmp, n_ssids = 0, n_channels, i;
6089 	size_t ie_len;
6090 
6091 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6092 		return -EINVAL;
6093 
6094 	wiphy = &rdev->wiphy;
6095 
6096 	if (!rdev->ops->scan)
6097 		return -EOPNOTSUPP;
6098 
6099 	if (rdev->scan_req || rdev->scan_msg) {
6100 		err = -EBUSY;
6101 		goto unlock;
6102 	}
6103 
6104 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6105 		n_channels = validate_scan_freqs(
6106 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
6107 		if (!n_channels) {
6108 			err = -EINVAL;
6109 			goto unlock;
6110 		}
6111 	} else {
6112 		n_channels = ieee80211_get_num_supported_channels(wiphy);
6113 	}
6114 
6115 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
6116 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
6117 			n_ssids++;
6118 
6119 	if (n_ssids > wiphy->max_scan_ssids) {
6120 		err = -EINVAL;
6121 		goto unlock;
6122 	}
6123 
6124 	if (info->attrs[NL80211_ATTR_IE])
6125 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6126 	else
6127 		ie_len = 0;
6128 
6129 	if (ie_len > wiphy->max_scan_ie_len) {
6130 		err = -EINVAL;
6131 		goto unlock;
6132 	}
6133 
6134 	request = kzalloc(sizeof(*request)
6135 			+ sizeof(*request->ssids) * n_ssids
6136 			+ sizeof(*request->channels) * n_channels
6137 			+ ie_len, GFP_KERNEL);
6138 	if (!request) {
6139 		err = -ENOMEM;
6140 		goto unlock;
6141 	}
6142 
6143 	if (n_ssids)
6144 		request->ssids = (void *)&request->channels[n_channels];
6145 	request->n_ssids = n_ssids;
6146 	if (ie_len) {
6147 		if (n_ssids)
6148 			request->ie = (void *)(request->ssids + n_ssids);
6149 		else
6150 			request->ie = (void *)(request->channels + n_channels);
6151 	}
6152 
6153 	i = 0;
6154 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6155 		/* user specified, bail out if channel not found */
6156 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
6157 			struct ieee80211_channel *chan;
6158 
6159 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
6160 
6161 			if (!chan) {
6162 				err = -EINVAL;
6163 				goto out_free;
6164 			}
6165 
6166 			/* ignore disabled channels */
6167 			if (chan->flags & IEEE80211_CHAN_DISABLED)
6168 				continue;
6169 
6170 			request->channels[i] = chan;
6171 			i++;
6172 		}
6173 	} else {
6174 		enum nl80211_band band;
6175 
6176 		/* all channels */
6177 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
6178 			int j;
6179 
6180 			if (!wiphy->bands[band])
6181 				continue;
6182 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
6183 				struct ieee80211_channel *chan;
6184 
6185 				chan = &wiphy->bands[band]->channels[j];
6186 
6187 				if (chan->flags & IEEE80211_CHAN_DISABLED)
6188 					continue;
6189 
6190 				request->channels[i] = chan;
6191 				i++;
6192 			}
6193 		}
6194 	}
6195 
6196 	if (!i) {
6197 		err = -EINVAL;
6198 		goto out_free;
6199 	}
6200 
6201 	request->n_channels = i;
6202 
6203 	i = 0;
6204 	if (n_ssids) {
6205 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
6206 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
6207 				err = -EINVAL;
6208 				goto out_free;
6209 			}
6210 			request->ssids[i].ssid_len = nla_len(attr);
6211 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
6212 			i++;
6213 		}
6214 	}
6215 
6216 	if (info->attrs[NL80211_ATTR_IE]) {
6217 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6218 		memcpy((void *)request->ie,
6219 		       nla_data(info->attrs[NL80211_ATTR_IE]),
6220 		       request->ie_len);
6221 	}
6222 
6223 	for (i = 0; i < NUM_NL80211_BANDS; i++)
6224 		if (wiphy->bands[i])
6225 			request->rates[i] =
6226 				(1 << wiphy->bands[i]->n_bitrates) - 1;
6227 
6228 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
6229 		nla_for_each_nested(attr,
6230 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
6231 				    tmp) {
6232 			enum nl80211_band band = nla_type(attr);
6233 
6234 			if (band < 0 || band >= NUM_NL80211_BANDS) {
6235 				err = -EINVAL;
6236 				goto out_free;
6237 			}
6238 
6239 			if (!wiphy->bands[band])
6240 				continue;
6241 
6242 			err = ieee80211_get_ratemask(wiphy->bands[band],
6243 						     nla_data(attr),
6244 						     nla_len(attr),
6245 						     &request->rates[band]);
6246 			if (err)
6247 				goto out_free;
6248 		}
6249 	}
6250 
6251 	if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
6252 		if (!wiphy_ext_feature_isset(wiphy,
6253 					NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
6254 			err = -EOPNOTSUPP;
6255 			goto out_free;
6256 		}
6257 
6258 		request->duration =
6259 			nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
6260 		request->duration_mandatory =
6261 			nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
6262 	}
6263 
6264 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
6265 		request->flags = nla_get_u32(
6266 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
6267 		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
6268 		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
6269 			err = -EOPNOTSUPP;
6270 			goto out_free;
6271 		}
6272 
6273 		if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6274 			if (!(wiphy->features &
6275 					NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR)) {
6276 				err = -EOPNOTSUPP;
6277 				goto out_free;
6278 			}
6279 
6280 			if (wdev->current_bss) {
6281 				err = -EOPNOTSUPP;
6282 				goto out_free;
6283 			}
6284 
6285 			err = nl80211_parse_random_mac(info->attrs,
6286 						       request->mac_addr,
6287 						       request->mac_addr_mask);
6288 			if (err)
6289 				goto out_free;
6290 		}
6291 	}
6292 
6293 	request->no_cck =
6294 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
6295 
6296 	if (info->attrs[NL80211_ATTR_MAC])
6297 		memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
6298 		       ETH_ALEN);
6299 	else
6300 		eth_broadcast_addr(request->bssid);
6301 
6302 	request->wdev = wdev;
6303 	request->wiphy = &rdev->wiphy;
6304 	request->scan_start = jiffies;
6305 
6306 	rdev->scan_req = request;
6307 	err = rdev_scan(rdev, request);
6308 
6309 	if (!err) {
6310 		nl80211_send_scan_start(rdev, wdev);
6311 		if (wdev->netdev)
6312 			dev_hold(wdev->netdev);
6313 	} else {
6314  out_free:
6315 		rdev->scan_req = NULL;
6316 		kfree(request);
6317 	}
6318 
6319  unlock:
6320 	return err;
6321 }
6322 
6323 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
6324 {
6325 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6326 	struct wireless_dev *wdev = info->user_ptr[1];
6327 
6328 	if (!rdev->ops->abort_scan)
6329 		return -EOPNOTSUPP;
6330 
6331 	if (rdev->scan_msg)
6332 		return 0;
6333 
6334 	if (!rdev->scan_req)
6335 		return -ENOENT;
6336 
6337 	rdev_abort_scan(rdev, wdev);
6338 	return 0;
6339 }
6340 
6341 static int
6342 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
6343 			       struct cfg80211_sched_scan_request *request,
6344 			       struct nlattr **attrs)
6345 {
6346 	int tmp, err, i = 0;
6347 	struct nlattr *attr;
6348 
6349 	if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6350 		u32 interval;
6351 
6352 		/*
6353 		 * If scan plans are not specified,
6354 		 * %NL80211_ATTR_SCHED_SCAN_INTERVAL must be specified. In this
6355 		 * case one scan plan will be set with the specified scan
6356 		 * interval and infinite number of iterations.
6357 		 */
6358 		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6359 			return -EINVAL;
6360 
6361 		interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
6362 		if (!interval)
6363 			return -EINVAL;
6364 
6365 		request->scan_plans[0].interval =
6366 			DIV_ROUND_UP(interval, MSEC_PER_SEC);
6367 		if (!request->scan_plans[0].interval)
6368 			return -EINVAL;
6369 
6370 		if (request->scan_plans[0].interval >
6371 		    wiphy->max_sched_scan_plan_interval)
6372 			request->scan_plans[0].interval =
6373 				wiphy->max_sched_scan_plan_interval;
6374 
6375 		return 0;
6376 	}
6377 
6378 	nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
6379 		struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
6380 
6381 		if (WARN_ON(i >= n_plans))
6382 			return -EINVAL;
6383 
6384 		err = nla_parse(plan, NL80211_SCHED_SCAN_PLAN_MAX,
6385 				nla_data(attr), nla_len(attr),
6386 				nl80211_plan_policy);
6387 		if (err)
6388 			return err;
6389 
6390 		if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
6391 			return -EINVAL;
6392 
6393 		request->scan_plans[i].interval =
6394 			nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
6395 		if (!request->scan_plans[i].interval ||
6396 		    request->scan_plans[i].interval >
6397 		    wiphy->max_sched_scan_plan_interval)
6398 			return -EINVAL;
6399 
6400 		if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
6401 			request->scan_plans[i].iterations =
6402 				nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
6403 			if (!request->scan_plans[i].iterations ||
6404 			    (request->scan_plans[i].iterations >
6405 			     wiphy->max_sched_scan_plan_iterations))
6406 				return -EINVAL;
6407 		} else if (i < n_plans - 1) {
6408 			/*
6409 			 * All scan plans but the last one must specify
6410 			 * a finite number of iterations
6411 			 */
6412 			return -EINVAL;
6413 		}
6414 
6415 		i++;
6416 	}
6417 
6418 	/*
6419 	 * The last scan plan must not specify the number of
6420 	 * iterations, it is supposed to run infinitely
6421 	 */
6422 	if (request->scan_plans[n_plans - 1].iterations)
6423 		return  -EINVAL;
6424 
6425 	return 0;
6426 }
6427 
6428 static struct cfg80211_sched_scan_request *
6429 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
6430 			 struct nlattr **attrs)
6431 {
6432 	struct cfg80211_sched_scan_request *request;
6433 	struct nlattr *attr;
6434 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
6435 	enum nl80211_band band;
6436 	size_t ie_len;
6437 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
6438 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
6439 
6440 	if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
6441 		return ERR_PTR(-EINVAL);
6442 
6443 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6444 		n_channels = validate_scan_freqs(
6445 				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
6446 		if (!n_channels)
6447 			return ERR_PTR(-EINVAL);
6448 	} else {
6449 		n_channels = ieee80211_get_num_supported_channels(wiphy);
6450 	}
6451 
6452 	if (attrs[NL80211_ATTR_SCAN_SSIDS])
6453 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
6454 				    tmp)
6455 			n_ssids++;
6456 
6457 	if (n_ssids > wiphy->max_sched_scan_ssids)
6458 		return ERR_PTR(-EINVAL);
6459 
6460 	/*
6461 	 * First, count the number of 'real' matchsets. Due to an issue with
6462 	 * the old implementation, matchsets containing only the RSSI attribute
6463 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
6464 	 * RSSI for all matchsets, rather than their own matchset for reporting
6465 	 * all APs with a strong RSSI. This is needed to be compatible with
6466 	 * older userspace that treated a matchset with only the RSSI as the
6467 	 * global RSSI for all other matchsets - if there are other matchsets.
6468 	 */
6469 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
6470 		nla_for_each_nested(attr,
6471 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
6472 				    tmp) {
6473 			struct nlattr *rssi;
6474 
6475 			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
6476 					nla_data(attr), nla_len(attr),
6477 					nl80211_match_policy);
6478 			if (err)
6479 				return ERR_PTR(err);
6480 			/* add other standalone attributes here */
6481 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
6482 				n_match_sets++;
6483 				continue;
6484 			}
6485 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
6486 			if (rssi)
6487 				default_match_rssi = nla_get_s32(rssi);
6488 		}
6489 	}
6490 
6491 	/* However, if there's no other matchset, add the RSSI one */
6492 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
6493 		n_match_sets = 1;
6494 
6495 	if (n_match_sets > wiphy->max_match_sets)
6496 		return ERR_PTR(-EINVAL);
6497 
6498 	if (attrs[NL80211_ATTR_IE])
6499 		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
6500 	else
6501 		ie_len = 0;
6502 
6503 	if (ie_len > wiphy->max_sched_scan_ie_len)
6504 		return ERR_PTR(-EINVAL);
6505 
6506 	if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6507 		/*
6508 		 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
6509 		 * each scan plan already specifies its own interval
6510 		 */
6511 		if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6512 			return ERR_PTR(-EINVAL);
6513 
6514 		nla_for_each_nested(attr,
6515 				    attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
6516 			n_plans++;
6517 	} else {
6518 		/*
6519 		 * The scan interval attribute is kept for backward
6520 		 * compatibility. If no scan plans are specified and sched scan
6521 		 * interval is specified, one scan plan will be set with this
6522 		 * scan interval and infinite number of iterations.
6523 		 */
6524 		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6525 			return ERR_PTR(-EINVAL);
6526 
6527 		n_plans = 1;
6528 	}
6529 
6530 	if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
6531 		return ERR_PTR(-EINVAL);
6532 
6533 	request = kzalloc(sizeof(*request)
6534 			+ sizeof(*request->ssids) * n_ssids
6535 			+ sizeof(*request->match_sets) * n_match_sets
6536 			+ sizeof(*request->scan_plans) * n_plans
6537 			+ sizeof(*request->channels) * n_channels
6538 			+ ie_len, GFP_KERNEL);
6539 	if (!request)
6540 		return ERR_PTR(-ENOMEM);
6541 
6542 	if (n_ssids)
6543 		request->ssids = (void *)&request->channels[n_channels];
6544 	request->n_ssids = n_ssids;
6545 	if (ie_len) {
6546 		if (n_ssids)
6547 			request->ie = (void *)(request->ssids + n_ssids);
6548 		else
6549 			request->ie = (void *)(request->channels + n_channels);
6550 	}
6551 
6552 	if (n_match_sets) {
6553 		if (request->ie)
6554 			request->match_sets = (void *)(request->ie + ie_len);
6555 		else if (n_ssids)
6556 			request->match_sets =
6557 				(void *)(request->ssids + n_ssids);
6558 		else
6559 			request->match_sets =
6560 				(void *)(request->channels + n_channels);
6561 	}
6562 	request->n_match_sets = n_match_sets;
6563 
6564 	if (n_match_sets)
6565 		request->scan_plans = (void *)(request->match_sets +
6566 					       n_match_sets);
6567 	else if (request->ie)
6568 		request->scan_plans = (void *)(request->ie + ie_len);
6569 	else if (n_ssids)
6570 		request->scan_plans = (void *)(request->ssids + n_ssids);
6571 	else
6572 		request->scan_plans = (void *)(request->channels + n_channels);
6573 
6574 	request->n_scan_plans = n_plans;
6575 
6576 	i = 0;
6577 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6578 		/* user specified, bail out if channel not found */
6579 		nla_for_each_nested(attr,
6580 				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
6581 				    tmp) {
6582 			struct ieee80211_channel *chan;
6583 
6584 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
6585 
6586 			if (!chan) {
6587 				err = -EINVAL;
6588 				goto out_free;
6589 			}
6590 
6591 			/* ignore disabled channels */
6592 			if (chan->flags & IEEE80211_CHAN_DISABLED)
6593 				continue;
6594 
6595 			request->channels[i] = chan;
6596 			i++;
6597 		}
6598 	} else {
6599 		/* all channels */
6600 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
6601 			int j;
6602 
6603 			if (!wiphy->bands[band])
6604 				continue;
6605 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
6606 				struct ieee80211_channel *chan;
6607 
6608 				chan = &wiphy->bands[band]->channels[j];
6609 
6610 				if (chan->flags & IEEE80211_CHAN_DISABLED)
6611 					continue;
6612 
6613 				request->channels[i] = chan;
6614 				i++;
6615 			}
6616 		}
6617 	}
6618 
6619 	if (!i) {
6620 		err = -EINVAL;
6621 		goto out_free;
6622 	}
6623 
6624 	request->n_channels = i;
6625 
6626 	i = 0;
6627 	if (n_ssids) {
6628 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
6629 				    tmp) {
6630 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
6631 				err = -EINVAL;
6632 				goto out_free;
6633 			}
6634 			request->ssids[i].ssid_len = nla_len(attr);
6635 			memcpy(request->ssids[i].ssid, nla_data(attr),
6636 			       nla_len(attr));
6637 			i++;
6638 		}
6639 	}
6640 
6641 	i = 0;
6642 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
6643 		nla_for_each_nested(attr,
6644 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
6645 				    tmp) {
6646 			struct nlattr *ssid, *rssi;
6647 
6648 			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
6649 					nla_data(attr), nla_len(attr),
6650 					nl80211_match_policy);
6651 			if (err)
6652 				goto out_free;
6653 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
6654 			if (ssid) {
6655 				if (WARN_ON(i >= n_match_sets)) {
6656 					/* this indicates a programming error,
6657 					 * the loop above should have verified
6658 					 * things properly
6659 					 */
6660 					err = -EINVAL;
6661 					goto out_free;
6662 				}
6663 
6664 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
6665 					err = -EINVAL;
6666 					goto out_free;
6667 				}
6668 				memcpy(request->match_sets[i].ssid.ssid,
6669 				       nla_data(ssid), nla_len(ssid));
6670 				request->match_sets[i].ssid.ssid_len =
6671 					nla_len(ssid);
6672 				/* special attribute - old implementation w/a */
6673 				request->match_sets[i].rssi_thold =
6674 					default_match_rssi;
6675 				rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
6676 				if (rssi)
6677 					request->match_sets[i].rssi_thold =
6678 						nla_get_s32(rssi);
6679 			}
6680 			i++;
6681 		}
6682 
6683 		/* there was no other matchset, so the RSSI one is alone */
6684 		if (i == 0 && n_match_sets)
6685 			request->match_sets[0].rssi_thold = default_match_rssi;
6686 
6687 		request->min_rssi_thold = INT_MAX;
6688 		for (i = 0; i < n_match_sets; i++)
6689 			request->min_rssi_thold =
6690 				min(request->match_sets[i].rssi_thold,
6691 				    request->min_rssi_thold);
6692 	} else {
6693 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
6694 	}
6695 
6696 	if (ie_len) {
6697 		request->ie_len = ie_len;
6698 		memcpy((void *)request->ie,
6699 		       nla_data(attrs[NL80211_ATTR_IE]),
6700 		       request->ie_len);
6701 	}
6702 
6703 	if (attrs[NL80211_ATTR_SCAN_FLAGS]) {
6704 		request->flags = nla_get_u32(
6705 			attrs[NL80211_ATTR_SCAN_FLAGS]);
6706 		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
6707 		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
6708 			err = -EOPNOTSUPP;
6709 			goto out_free;
6710 		}
6711 
6712 		if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6713 			u32 flg = NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
6714 
6715 			if (!wdev) /* must be net-detect */
6716 				flg = NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
6717 
6718 			if (!(wiphy->features & flg)) {
6719 				err = -EOPNOTSUPP;
6720 				goto out_free;
6721 			}
6722 
6723 			if (wdev && wdev->current_bss) {
6724 				err = -EOPNOTSUPP;
6725 				goto out_free;
6726 			}
6727 
6728 			err = nl80211_parse_random_mac(attrs, request->mac_addr,
6729 						       request->mac_addr_mask);
6730 			if (err)
6731 				goto out_free;
6732 		}
6733 	}
6734 
6735 	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
6736 		request->delay =
6737 			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
6738 
6739 	err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
6740 	if (err)
6741 		goto out_free;
6742 
6743 	request->scan_start = jiffies;
6744 
6745 	return request;
6746 
6747 out_free:
6748 	kfree(request);
6749 	return ERR_PTR(err);
6750 }
6751 
6752 static int nl80211_start_sched_scan(struct sk_buff *skb,
6753 				    struct genl_info *info)
6754 {
6755 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6756 	struct net_device *dev = info->user_ptr[1];
6757 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6758 	struct cfg80211_sched_scan_request *sched_scan_req;
6759 	int err;
6760 
6761 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
6762 	    !rdev->ops->sched_scan_start)
6763 		return -EOPNOTSUPP;
6764 
6765 	if (rdev->sched_scan_req)
6766 		return -EINPROGRESS;
6767 
6768 	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
6769 						  info->attrs);
6770 
6771 	err = PTR_ERR_OR_ZERO(sched_scan_req);
6772 	if (err)
6773 		goto out_err;
6774 
6775 	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
6776 	if (err)
6777 		goto out_free;
6778 
6779 	sched_scan_req->dev = dev;
6780 	sched_scan_req->wiphy = &rdev->wiphy;
6781 
6782 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
6783 		sched_scan_req->owner_nlportid = info->snd_portid;
6784 
6785 	rcu_assign_pointer(rdev->sched_scan_req, sched_scan_req);
6786 
6787 	nl80211_send_sched_scan(rdev, dev,
6788 				NL80211_CMD_START_SCHED_SCAN);
6789 	return 0;
6790 
6791 out_free:
6792 	kfree(sched_scan_req);
6793 out_err:
6794 	return err;
6795 }
6796 
6797 static int nl80211_stop_sched_scan(struct sk_buff *skb,
6798 				   struct genl_info *info)
6799 {
6800 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6801 
6802 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
6803 	    !rdev->ops->sched_scan_stop)
6804 		return -EOPNOTSUPP;
6805 
6806 	return __cfg80211_stop_sched_scan(rdev, false);
6807 }
6808 
6809 static int nl80211_start_radar_detection(struct sk_buff *skb,
6810 					 struct genl_info *info)
6811 {
6812 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6813 	struct net_device *dev = info->user_ptr[1];
6814 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6815 	struct cfg80211_chan_def chandef;
6816 	enum nl80211_dfs_regions dfs_region;
6817 	unsigned int cac_time_ms;
6818 	int err;
6819 
6820 	dfs_region = reg_get_dfs_region(wdev->wiphy);
6821 	if (dfs_region == NL80211_DFS_UNSET)
6822 		return -EINVAL;
6823 
6824 	err = nl80211_parse_chandef(rdev, info, &chandef);
6825 	if (err)
6826 		return err;
6827 
6828 	if (netif_carrier_ok(dev))
6829 		return -EBUSY;
6830 
6831 	if (wdev->cac_started)
6832 		return -EBUSY;
6833 
6834 	err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
6835 					    wdev->iftype);
6836 	if (err < 0)
6837 		return err;
6838 
6839 	if (err == 0)
6840 		return -EINVAL;
6841 
6842 	if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
6843 		return -EINVAL;
6844 
6845 	if (!rdev->ops->start_radar_detection)
6846 		return -EOPNOTSUPP;
6847 
6848 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
6849 	if (WARN_ON(!cac_time_ms))
6850 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
6851 
6852 	err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
6853 	if (!err) {
6854 		wdev->chandef = chandef;
6855 		wdev->cac_started = true;
6856 		wdev->cac_start_time = jiffies;
6857 		wdev->cac_time_ms = cac_time_ms;
6858 	}
6859 	return err;
6860 }
6861 
6862 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
6863 {
6864 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6865 	struct net_device *dev = info->user_ptr[1];
6866 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6867 	struct cfg80211_csa_settings params;
6868 	/* csa_attrs is defined static to avoid waste of stack size - this
6869 	 * function is called under RTNL lock, so this should not be a problem.
6870 	 */
6871 	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
6872 	int err;
6873 	bool need_new_beacon = false;
6874 	int len, i;
6875 	u32 cs_count;
6876 
6877 	if (!rdev->ops->channel_switch ||
6878 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
6879 		return -EOPNOTSUPP;
6880 
6881 	switch (dev->ieee80211_ptr->iftype) {
6882 	case NL80211_IFTYPE_AP:
6883 	case NL80211_IFTYPE_P2P_GO:
6884 		need_new_beacon = true;
6885 
6886 		/* useless if AP is not running */
6887 		if (!wdev->beacon_interval)
6888 			return -ENOTCONN;
6889 		break;
6890 	case NL80211_IFTYPE_ADHOC:
6891 		if (!wdev->ssid_len)
6892 			return -ENOTCONN;
6893 		break;
6894 	case NL80211_IFTYPE_MESH_POINT:
6895 		if (!wdev->mesh_id_len)
6896 			return -ENOTCONN;
6897 		break;
6898 	default:
6899 		return -EOPNOTSUPP;
6900 	}
6901 
6902 	memset(&params, 0, sizeof(params));
6903 
6904 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
6905 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
6906 		return -EINVAL;
6907 
6908 	/* only important for AP, IBSS and mesh create IEs internally */
6909 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
6910 		return -EINVAL;
6911 
6912 	/* Even though the attribute is u32, the specification says
6913 	 * u8, so let's make sure we don't overflow.
6914 	 */
6915 	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
6916 	if (cs_count > 255)
6917 		return -EINVAL;
6918 
6919 	params.count = cs_count;
6920 
6921 	if (!need_new_beacon)
6922 		goto skip_beacons;
6923 
6924 	err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
6925 	if (err)
6926 		return err;
6927 
6928 	err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
6929 			       info->attrs[NL80211_ATTR_CSA_IES],
6930 			       nl80211_policy);
6931 	if (err)
6932 		return err;
6933 
6934 	err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
6935 	if (err)
6936 		return err;
6937 
6938 	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
6939 		return -EINVAL;
6940 
6941 	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
6942 	if (!len || (len % sizeof(u16)))
6943 		return -EINVAL;
6944 
6945 	params.n_counter_offsets_beacon = len / sizeof(u16);
6946 	if (rdev->wiphy.max_num_csa_counters &&
6947 	    (params.n_counter_offsets_beacon >
6948 	     rdev->wiphy.max_num_csa_counters))
6949 		return -EINVAL;
6950 
6951 	params.counter_offsets_beacon =
6952 		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
6953 
6954 	/* sanity checks - counters should fit and be the same */
6955 	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
6956 		u16 offset = params.counter_offsets_beacon[i];
6957 
6958 		if (offset >= params.beacon_csa.tail_len)
6959 			return -EINVAL;
6960 
6961 		if (params.beacon_csa.tail[offset] != params.count)
6962 			return -EINVAL;
6963 	}
6964 
6965 	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
6966 		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
6967 		if (!len || (len % sizeof(u16)))
6968 			return -EINVAL;
6969 
6970 		params.n_counter_offsets_presp = len / sizeof(u16);
6971 		if (rdev->wiphy.max_num_csa_counters &&
6972 		    (params.n_counter_offsets_beacon >
6973 		     rdev->wiphy.max_num_csa_counters))
6974 			return -EINVAL;
6975 
6976 		params.counter_offsets_presp =
6977 			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
6978 
6979 		/* sanity checks - counters should fit and be the same */
6980 		for (i = 0; i < params.n_counter_offsets_presp; i++) {
6981 			u16 offset = params.counter_offsets_presp[i];
6982 
6983 			if (offset >= params.beacon_csa.probe_resp_len)
6984 				return -EINVAL;
6985 
6986 			if (params.beacon_csa.probe_resp[offset] !=
6987 			    params.count)
6988 				return -EINVAL;
6989 		}
6990 	}
6991 
6992 skip_beacons:
6993 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
6994 	if (err)
6995 		return err;
6996 
6997 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
6998 					   wdev->iftype))
6999 		return -EINVAL;
7000 
7001 	err = cfg80211_chandef_dfs_required(wdev->wiphy,
7002 					    &params.chandef,
7003 					    wdev->iftype);
7004 	if (err < 0)
7005 		return err;
7006 
7007 	if (err > 0)
7008 		params.radar_required = true;
7009 
7010 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
7011 		params.block_tx = true;
7012 
7013 	wdev_lock(wdev);
7014 	err = rdev_channel_switch(rdev, dev, &params);
7015 	wdev_unlock(wdev);
7016 
7017 	return err;
7018 }
7019 
7020 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
7021 			    u32 seq, int flags,
7022 			    struct cfg80211_registered_device *rdev,
7023 			    struct wireless_dev *wdev,
7024 			    struct cfg80211_internal_bss *intbss)
7025 {
7026 	struct cfg80211_bss *res = &intbss->pub;
7027 	const struct cfg80211_bss_ies *ies;
7028 	void *hdr;
7029 	struct nlattr *bss;
7030 
7031 	ASSERT_WDEV_LOCK(wdev);
7032 
7033 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7034 			     NL80211_CMD_NEW_SCAN_RESULTS);
7035 	if (!hdr)
7036 		return -1;
7037 
7038 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
7039 
7040 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
7041 		goto nla_put_failure;
7042 	if (wdev->netdev &&
7043 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
7044 		goto nla_put_failure;
7045 	if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
7046 			      NL80211_ATTR_PAD))
7047 		goto nla_put_failure;
7048 
7049 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
7050 	if (!bss)
7051 		goto nla_put_failure;
7052 	if ((!is_zero_ether_addr(res->bssid) &&
7053 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
7054 		goto nla_put_failure;
7055 
7056 	rcu_read_lock();
7057 	/* indicate whether we have probe response data or not */
7058 	if (rcu_access_pointer(res->proberesp_ies) &&
7059 	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
7060 		goto fail_unlock_rcu;
7061 
7062 	/* this pointer prefers to be pointed to probe response data
7063 	 * but is always valid
7064 	 */
7065 	ies = rcu_dereference(res->ies);
7066 	if (ies) {
7067 		if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
7068 				      NL80211_BSS_PAD))
7069 			goto fail_unlock_rcu;
7070 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
7071 					ies->len, ies->data))
7072 			goto fail_unlock_rcu;
7073 	}
7074 
7075 	/* and this pointer is always (unless driver didn't know) beacon data */
7076 	ies = rcu_dereference(res->beacon_ies);
7077 	if (ies && ies->from_beacon) {
7078 		if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
7079 				      NL80211_BSS_PAD))
7080 			goto fail_unlock_rcu;
7081 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
7082 					ies->len, ies->data))
7083 			goto fail_unlock_rcu;
7084 	}
7085 	rcu_read_unlock();
7086 
7087 	if (res->beacon_interval &&
7088 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
7089 		goto nla_put_failure;
7090 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
7091 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
7092 	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
7093 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
7094 			jiffies_to_msecs(jiffies - intbss->ts)))
7095 		goto nla_put_failure;
7096 
7097 	if (intbss->parent_tsf &&
7098 	    (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
7099 			       intbss->parent_tsf, NL80211_BSS_PAD) ||
7100 	     nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
7101 		     intbss->parent_bssid)))
7102 		goto nla_put_failure;
7103 
7104 	if (intbss->ts_boottime &&
7105 	    nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
7106 			      intbss->ts_boottime, NL80211_BSS_PAD))
7107 		goto nla_put_failure;
7108 
7109 	switch (rdev->wiphy.signal_type) {
7110 	case CFG80211_SIGNAL_TYPE_MBM:
7111 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
7112 			goto nla_put_failure;
7113 		break;
7114 	case CFG80211_SIGNAL_TYPE_UNSPEC:
7115 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
7116 			goto nla_put_failure;
7117 		break;
7118 	default:
7119 		break;
7120 	}
7121 
7122 	switch (wdev->iftype) {
7123 	case NL80211_IFTYPE_P2P_CLIENT:
7124 	case NL80211_IFTYPE_STATION:
7125 		if (intbss == wdev->current_bss &&
7126 		    nla_put_u32(msg, NL80211_BSS_STATUS,
7127 				NL80211_BSS_STATUS_ASSOCIATED))
7128 			goto nla_put_failure;
7129 		break;
7130 	case NL80211_IFTYPE_ADHOC:
7131 		if (intbss == wdev->current_bss &&
7132 		    nla_put_u32(msg, NL80211_BSS_STATUS,
7133 				NL80211_BSS_STATUS_IBSS_JOINED))
7134 			goto nla_put_failure;
7135 		break;
7136 	default:
7137 		break;
7138 	}
7139 
7140 	nla_nest_end(msg, bss);
7141 
7142 	genlmsg_end(msg, hdr);
7143 	return 0;
7144 
7145  fail_unlock_rcu:
7146 	rcu_read_unlock();
7147  nla_put_failure:
7148 	genlmsg_cancel(msg, hdr);
7149 	return -EMSGSIZE;
7150 }
7151 
7152 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
7153 {
7154 	struct cfg80211_registered_device *rdev;
7155 	struct cfg80211_internal_bss *scan;
7156 	struct wireless_dev *wdev;
7157 	int start = cb->args[2], idx = 0;
7158 	int err;
7159 
7160 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
7161 	if (err)
7162 		return err;
7163 
7164 	wdev_lock(wdev);
7165 	spin_lock_bh(&rdev->bss_lock);
7166 	cfg80211_bss_expire(rdev);
7167 
7168 	cb->seq = rdev->bss_generation;
7169 
7170 	list_for_each_entry(scan, &rdev->bss_list, list) {
7171 		if (++idx <= start)
7172 			continue;
7173 		if (nl80211_send_bss(skb, cb,
7174 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
7175 				rdev, wdev, scan) < 0) {
7176 			idx--;
7177 			break;
7178 		}
7179 	}
7180 
7181 	spin_unlock_bh(&rdev->bss_lock);
7182 	wdev_unlock(wdev);
7183 
7184 	cb->args[2] = idx;
7185 	nl80211_finish_wdev_dump(rdev);
7186 
7187 	return skb->len;
7188 }
7189 
7190 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
7191 			       int flags, struct net_device *dev,
7192 			       bool allow_radio_stats,
7193 			       struct survey_info *survey)
7194 {
7195 	void *hdr;
7196 	struct nlattr *infoattr;
7197 
7198 	/* skip radio stats if userspace didn't request them */
7199 	if (!survey->channel && !allow_radio_stats)
7200 		return 0;
7201 
7202 	hdr = nl80211hdr_put(msg, portid, seq, flags,
7203 			     NL80211_CMD_NEW_SURVEY_RESULTS);
7204 	if (!hdr)
7205 		return -ENOMEM;
7206 
7207 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
7208 		goto nla_put_failure;
7209 
7210 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
7211 	if (!infoattr)
7212 		goto nla_put_failure;
7213 
7214 	if (survey->channel &&
7215 	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
7216 			survey->channel->center_freq))
7217 		goto nla_put_failure;
7218 
7219 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
7220 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
7221 		goto nla_put_failure;
7222 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
7223 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
7224 		goto nla_put_failure;
7225 	if ((survey->filled & SURVEY_INFO_TIME) &&
7226 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
7227 			survey->time, NL80211_SURVEY_INFO_PAD))
7228 		goto nla_put_failure;
7229 	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
7230 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
7231 			      survey->time_busy, NL80211_SURVEY_INFO_PAD))
7232 		goto nla_put_failure;
7233 	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
7234 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
7235 			      survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
7236 		goto nla_put_failure;
7237 	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
7238 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
7239 			      survey->time_rx, NL80211_SURVEY_INFO_PAD))
7240 		goto nla_put_failure;
7241 	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
7242 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
7243 			      survey->time_tx, NL80211_SURVEY_INFO_PAD))
7244 		goto nla_put_failure;
7245 	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
7246 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
7247 			      survey->time_scan, NL80211_SURVEY_INFO_PAD))
7248 		goto nla_put_failure;
7249 
7250 	nla_nest_end(msg, infoattr);
7251 
7252 	genlmsg_end(msg, hdr);
7253 	return 0;
7254 
7255  nla_put_failure:
7256 	genlmsg_cancel(msg, hdr);
7257 	return -EMSGSIZE;
7258 }
7259 
7260 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
7261 {
7262 	struct survey_info survey;
7263 	struct cfg80211_registered_device *rdev;
7264 	struct wireless_dev *wdev;
7265 	int survey_idx = cb->args[2];
7266 	int res;
7267 	bool radio_stats;
7268 
7269 	res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
7270 	if (res)
7271 		return res;
7272 
7273 	/* prepare_wdev_dump parsed the attributes */
7274 	radio_stats = nl80211_fam.attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
7275 
7276 	if (!wdev->netdev) {
7277 		res = -EINVAL;
7278 		goto out_err;
7279 	}
7280 
7281 	if (!rdev->ops->dump_survey) {
7282 		res = -EOPNOTSUPP;
7283 		goto out_err;
7284 	}
7285 
7286 	while (1) {
7287 		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
7288 		if (res == -ENOENT)
7289 			break;
7290 		if (res)
7291 			goto out_err;
7292 
7293 		/* don't send disabled channels, but do send non-channel data */
7294 		if (survey.channel &&
7295 		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
7296 			survey_idx++;
7297 			continue;
7298 		}
7299 
7300 		if (nl80211_send_survey(skb,
7301 				NETLINK_CB(cb->skb).portid,
7302 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
7303 				wdev->netdev, radio_stats, &survey) < 0)
7304 			goto out;
7305 		survey_idx++;
7306 	}
7307 
7308  out:
7309 	cb->args[2] = survey_idx;
7310 	res = skb->len;
7311  out_err:
7312 	nl80211_finish_wdev_dump(rdev);
7313 	return res;
7314 }
7315 
7316 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
7317 {
7318 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
7319 				  NL80211_WPA_VERSION_2));
7320 }
7321 
7322 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
7323 {
7324 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7325 	struct net_device *dev = info->user_ptr[1];
7326 	struct ieee80211_channel *chan;
7327 	const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
7328 	int err, ssid_len, ie_len = 0, sae_data_len = 0;
7329 	enum nl80211_auth_type auth_type;
7330 	struct key_parse key;
7331 	bool local_state_change;
7332 
7333 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7334 		return -EINVAL;
7335 
7336 	if (!info->attrs[NL80211_ATTR_MAC])
7337 		return -EINVAL;
7338 
7339 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
7340 		return -EINVAL;
7341 
7342 	if (!info->attrs[NL80211_ATTR_SSID])
7343 		return -EINVAL;
7344 
7345 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
7346 		return -EINVAL;
7347 
7348 	err = nl80211_parse_key(info, &key);
7349 	if (err)
7350 		return err;
7351 
7352 	if (key.idx >= 0) {
7353 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
7354 			return -EINVAL;
7355 		if (!key.p.key || !key.p.key_len)
7356 			return -EINVAL;
7357 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
7358 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
7359 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
7360 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
7361 			return -EINVAL;
7362 		if (key.idx > 4)
7363 			return -EINVAL;
7364 	} else {
7365 		key.p.key_len = 0;
7366 		key.p.key = NULL;
7367 	}
7368 
7369 	if (key.idx >= 0) {
7370 		int i;
7371 		bool ok = false;
7372 
7373 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
7374 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
7375 				ok = true;
7376 				break;
7377 			}
7378 		}
7379 		if (!ok)
7380 			return -EINVAL;
7381 	}
7382 
7383 	if (!rdev->ops->auth)
7384 		return -EOPNOTSUPP;
7385 
7386 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7387 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7388 		return -EOPNOTSUPP;
7389 
7390 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7391 	chan = nl80211_get_valid_chan(&rdev->wiphy,
7392 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7393 	if (!chan)
7394 		return -EINVAL;
7395 
7396 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7397 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7398 
7399 	if (info->attrs[NL80211_ATTR_IE]) {
7400 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7401 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7402 	}
7403 
7404 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7405 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
7406 		return -EINVAL;
7407 
7408 	if (auth_type == NL80211_AUTHTYPE_SAE &&
7409 	    !info->attrs[NL80211_ATTR_SAE_DATA])
7410 		return -EINVAL;
7411 
7412 	if (info->attrs[NL80211_ATTR_SAE_DATA]) {
7413 		if (auth_type != NL80211_AUTHTYPE_SAE)
7414 			return -EINVAL;
7415 		sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
7416 		sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
7417 		/* need to include at least Auth Transaction and Status Code */
7418 		if (sae_data_len < 4)
7419 			return -EINVAL;
7420 	}
7421 
7422 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7423 
7424 	/*
7425 	 * Since we no longer track auth state, ignore
7426 	 * requests to only change local state.
7427 	 */
7428 	if (local_state_change)
7429 		return 0;
7430 
7431 	wdev_lock(dev->ieee80211_ptr);
7432 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
7433 				 ssid, ssid_len, ie, ie_len,
7434 				 key.p.key, key.p.key_len, key.idx,
7435 				 sae_data, sae_data_len);
7436 	wdev_unlock(dev->ieee80211_ptr);
7437 	return err;
7438 }
7439 
7440 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
7441 				   struct genl_info *info,
7442 				   struct cfg80211_crypto_settings *settings,
7443 				   int cipher_limit)
7444 {
7445 	memset(settings, 0, sizeof(*settings));
7446 
7447 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
7448 
7449 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
7450 		u16 proto;
7451 
7452 		proto = nla_get_u16(
7453 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
7454 		settings->control_port_ethertype = cpu_to_be16(proto);
7455 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
7456 		    proto != ETH_P_PAE)
7457 			return -EINVAL;
7458 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
7459 			settings->control_port_no_encrypt = true;
7460 	} else
7461 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
7462 
7463 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
7464 		void *data;
7465 		int len, i;
7466 
7467 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
7468 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
7469 		settings->n_ciphers_pairwise = len / sizeof(u32);
7470 
7471 		if (len % sizeof(u32))
7472 			return -EINVAL;
7473 
7474 		if (settings->n_ciphers_pairwise > cipher_limit)
7475 			return -EINVAL;
7476 
7477 		memcpy(settings->ciphers_pairwise, data, len);
7478 
7479 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
7480 			if (!cfg80211_supported_cipher_suite(
7481 					&rdev->wiphy,
7482 					settings->ciphers_pairwise[i]))
7483 				return -EINVAL;
7484 	}
7485 
7486 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
7487 		settings->cipher_group =
7488 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
7489 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
7490 						     settings->cipher_group))
7491 			return -EINVAL;
7492 	}
7493 
7494 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
7495 		settings->wpa_versions =
7496 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
7497 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
7498 			return -EINVAL;
7499 	}
7500 
7501 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
7502 		void *data;
7503 		int len;
7504 
7505 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
7506 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
7507 		settings->n_akm_suites = len / sizeof(u32);
7508 
7509 		if (len % sizeof(u32))
7510 			return -EINVAL;
7511 
7512 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
7513 			return -EINVAL;
7514 
7515 		memcpy(settings->akm_suites, data, len);
7516 	}
7517 
7518 	return 0;
7519 }
7520 
7521 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
7522 {
7523 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7524 	struct net_device *dev = info->user_ptr[1];
7525 	struct ieee80211_channel *chan;
7526 	struct cfg80211_assoc_request req = {};
7527 	const u8 *bssid, *ssid;
7528 	int err, ssid_len = 0;
7529 
7530 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7531 		return -EINVAL;
7532 
7533 	if (!info->attrs[NL80211_ATTR_MAC] ||
7534 	    !info->attrs[NL80211_ATTR_SSID] ||
7535 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
7536 		return -EINVAL;
7537 
7538 	if (!rdev->ops->assoc)
7539 		return -EOPNOTSUPP;
7540 
7541 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7542 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7543 		return -EOPNOTSUPP;
7544 
7545 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7546 
7547 	chan = nl80211_get_valid_chan(&rdev->wiphy,
7548 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7549 	if (!chan)
7550 		return -EINVAL;
7551 
7552 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7553 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7554 
7555 	if (info->attrs[NL80211_ATTR_IE]) {
7556 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7557 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7558 	}
7559 
7560 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
7561 		enum nl80211_mfp mfp =
7562 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7563 		if (mfp == NL80211_MFP_REQUIRED)
7564 			req.use_mfp = true;
7565 		else if (mfp != NL80211_MFP_NO)
7566 			return -EINVAL;
7567 	}
7568 
7569 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
7570 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
7571 
7572 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7573 		req.flags |= ASSOC_REQ_DISABLE_HT;
7574 
7575 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7576 		memcpy(&req.ht_capa_mask,
7577 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7578 		       sizeof(req.ht_capa_mask));
7579 
7580 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7581 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7582 			return -EINVAL;
7583 		memcpy(&req.ht_capa,
7584 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7585 		       sizeof(req.ht_capa));
7586 	}
7587 
7588 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7589 		req.flags |= ASSOC_REQ_DISABLE_VHT;
7590 
7591 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7592 		memcpy(&req.vht_capa_mask,
7593 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7594 		       sizeof(req.vht_capa_mask));
7595 
7596 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7597 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7598 			return -EINVAL;
7599 		memcpy(&req.vht_capa,
7600 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7601 		       sizeof(req.vht_capa));
7602 	}
7603 
7604 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
7605 		if (!((rdev->wiphy.features &
7606 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
7607 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
7608 		    !wiphy_ext_feature_isset(&rdev->wiphy,
7609 					     NL80211_EXT_FEATURE_RRM))
7610 			return -EINVAL;
7611 		req.flags |= ASSOC_REQ_USE_RRM;
7612 	}
7613 
7614 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
7615 	if (!err) {
7616 		wdev_lock(dev->ieee80211_ptr);
7617 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
7618 					  ssid, ssid_len, &req);
7619 		wdev_unlock(dev->ieee80211_ptr);
7620 	}
7621 
7622 	return err;
7623 }
7624 
7625 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
7626 {
7627 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7628 	struct net_device *dev = info->user_ptr[1];
7629 	const u8 *ie = NULL, *bssid;
7630 	int ie_len = 0, err;
7631 	u16 reason_code;
7632 	bool local_state_change;
7633 
7634 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7635 		return -EINVAL;
7636 
7637 	if (!info->attrs[NL80211_ATTR_MAC])
7638 		return -EINVAL;
7639 
7640 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7641 		return -EINVAL;
7642 
7643 	if (!rdev->ops->deauth)
7644 		return -EOPNOTSUPP;
7645 
7646 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7647 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7648 		return -EOPNOTSUPP;
7649 
7650 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7651 
7652 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7653 	if (reason_code == 0) {
7654 		/* Reason Code 0 is reserved */
7655 		return -EINVAL;
7656 	}
7657 
7658 	if (info->attrs[NL80211_ATTR_IE]) {
7659 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7660 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7661 	}
7662 
7663 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7664 
7665 	wdev_lock(dev->ieee80211_ptr);
7666 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
7667 				   local_state_change);
7668 	wdev_unlock(dev->ieee80211_ptr);
7669 	return err;
7670 }
7671 
7672 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
7673 {
7674 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7675 	struct net_device *dev = info->user_ptr[1];
7676 	const u8 *ie = NULL, *bssid;
7677 	int ie_len = 0, err;
7678 	u16 reason_code;
7679 	bool local_state_change;
7680 
7681 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7682 		return -EINVAL;
7683 
7684 	if (!info->attrs[NL80211_ATTR_MAC])
7685 		return -EINVAL;
7686 
7687 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7688 		return -EINVAL;
7689 
7690 	if (!rdev->ops->disassoc)
7691 		return -EOPNOTSUPP;
7692 
7693 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7694 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7695 		return -EOPNOTSUPP;
7696 
7697 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7698 
7699 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7700 	if (reason_code == 0) {
7701 		/* Reason Code 0 is reserved */
7702 		return -EINVAL;
7703 	}
7704 
7705 	if (info->attrs[NL80211_ATTR_IE]) {
7706 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7707 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7708 	}
7709 
7710 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7711 
7712 	wdev_lock(dev->ieee80211_ptr);
7713 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
7714 				     local_state_change);
7715 	wdev_unlock(dev->ieee80211_ptr);
7716 	return err;
7717 }
7718 
7719 static bool
7720 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
7721 			 int mcast_rate[NUM_NL80211_BANDS],
7722 			 int rateval)
7723 {
7724 	struct wiphy *wiphy = &rdev->wiphy;
7725 	bool found = false;
7726 	int band, i;
7727 
7728 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
7729 		struct ieee80211_supported_band *sband;
7730 
7731 		sband = wiphy->bands[band];
7732 		if (!sband)
7733 			continue;
7734 
7735 		for (i = 0; i < sband->n_bitrates; i++) {
7736 			if (sband->bitrates[i].bitrate == rateval) {
7737 				mcast_rate[band] = i + 1;
7738 				found = true;
7739 				break;
7740 			}
7741 		}
7742 	}
7743 
7744 	return found;
7745 }
7746 
7747 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
7748 {
7749 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7750 	struct net_device *dev = info->user_ptr[1];
7751 	struct cfg80211_ibss_params ibss;
7752 	struct wiphy *wiphy;
7753 	struct cfg80211_cached_keys *connkeys = NULL;
7754 	int err;
7755 
7756 	memset(&ibss, 0, sizeof(ibss));
7757 
7758 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7759 		return -EINVAL;
7760 
7761 	if (!info->attrs[NL80211_ATTR_SSID] ||
7762 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
7763 		return -EINVAL;
7764 
7765 	ibss.beacon_interval = 100;
7766 
7767 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
7768 		ibss.beacon_interval =
7769 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
7770 
7771 	err = cfg80211_validate_beacon_int(rdev, ibss.beacon_interval);
7772 	if (err)
7773 		return err;
7774 
7775 	if (!rdev->ops->join_ibss)
7776 		return -EOPNOTSUPP;
7777 
7778 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
7779 		return -EOPNOTSUPP;
7780 
7781 	wiphy = &rdev->wiphy;
7782 
7783 	if (info->attrs[NL80211_ATTR_MAC]) {
7784 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7785 
7786 		if (!is_valid_ether_addr(ibss.bssid))
7787 			return -EINVAL;
7788 	}
7789 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7790 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7791 
7792 	if (info->attrs[NL80211_ATTR_IE]) {
7793 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7794 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7795 	}
7796 
7797 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
7798 	if (err)
7799 		return err;
7800 
7801 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
7802 				     NL80211_IFTYPE_ADHOC))
7803 		return -EINVAL;
7804 
7805 	switch (ibss.chandef.width) {
7806 	case NL80211_CHAN_WIDTH_5:
7807 	case NL80211_CHAN_WIDTH_10:
7808 	case NL80211_CHAN_WIDTH_20_NOHT:
7809 		break;
7810 	case NL80211_CHAN_WIDTH_20:
7811 	case NL80211_CHAN_WIDTH_40:
7812 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
7813 			return -EINVAL;
7814 		break;
7815 	case NL80211_CHAN_WIDTH_80:
7816 	case NL80211_CHAN_WIDTH_80P80:
7817 	case NL80211_CHAN_WIDTH_160:
7818 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
7819 			return -EINVAL;
7820 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
7821 					     NL80211_EXT_FEATURE_VHT_IBSS))
7822 			return -EINVAL;
7823 		break;
7824 	default:
7825 		return -EINVAL;
7826 	}
7827 
7828 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
7829 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
7830 
7831 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
7832 		u8 *rates =
7833 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7834 		int n_rates =
7835 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7836 		struct ieee80211_supported_band *sband =
7837 			wiphy->bands[ibss.chandef.chan->band];
7838 
7839 		err = ieee80211_get_ratemask(sband, rates, n_rates,
7840 					     &ibss.basic_rates);
7841 		if (err)
7842 			return err;
7843 	}
7844 
7845 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7846 		memcpy(&ibss.ht_capa_mask,
7847 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7848 		       sizeof(ibss.ht_capa_mask));
7849 
7850 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7851 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7852 			return -EINVAL;
7853 		memcpy(&ibss.ht_capa,
7854 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7855 		       sizeof(ibss.ht_capa));
7856 	}
7857 
7858 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
7859 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
7860 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
7861 		return -EINVAL;
7862 
7863 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7864 		bool no_ht = false;
7865 
7866 		connkeys = nl80211_parse_connkeys(rdev,
7867 					  info->attrs[NL80211_ATTR_KEYS],
7868 					  &no_ht);
7869 		if (IS_ERR(connkeys))
7870 			return PTR_ERR(connkeys);
7871 
7872 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
7873 		    no_ht) {
7874 			kzfree(connkeys);
7875 			return -EINVAL;
7876 		}
7877 	}
7878 
7879 	ibss.control_port =
7880 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
7881 
7882 	ibss.userspace_handles_dfs =
7883 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
7884 
7885 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
7886 	if (err)
7887 		kzfree(connkeys);
7888 	return err;
7889 }
7890 
7891 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
7892 {
7893 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7894 	struct net_device *dev = info->user_ptr[1];
7895 
7896 	if (!rdev->ops->leave_ibss)
7897 		return -EOPNOTSUPP;
7898 
7899 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
7900 		return -EOPNOTSUPP;
7901 
7902 	return cfg80211_leave_ibss(rdev, dev, false);
7903 }
7904 
7905 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
7906 {
7907 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7908 	struct net_device *dev = info->user_ptr[1];
7909 	int mcast_rate[NUM_NL80211_BANDS];
7910 	u32 nla_rate;
7911 	int err;
7912 
7913 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
7914 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
7915 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
7916 		return -EOPNOTSUPP;
7917 
7918 	if (!rdev->ops->set_mcast_rate)
7919 		return -EOPNOTSUPP;
7920 
7921 	memset(mcast_rate, 0, sizeof(mcast_rate));
7922 
7923 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
7924 		return -EINVAL;
7925 
7926 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
7927 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
7928 		return -EINVAL;
7929 
7930 	err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
7931 
7932 	return err;
7933 }
7934 
7935 static struct sk_buff *
7936 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
7937 			    struct wireless_dev *wdev, int approxlen,
7938 			    u32 portid, u32 seq, enum nl80211_commands cmd,
7939 			    enum nl80211_attrs attr,
7940 			    const struct nl80211_vendor_cmd_info *info,
7941 			    gfp_t gfp)
7942 {
7943 	struct sk_buff *skb;
7944 	void *hdr;
7945 	struct nlattr *data;
7946 
7947 	skb = nlmsg_new(approxlen + 100, gfp);
7948 	if (!skb)
7949 		return NULL;
7950 
7951 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
7952 	if (!hdr) {
7953 		kfree_skb(skb);
7954 		return NULL;
7955 	}
7956 
7957 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
7958 		goto nla_put_failure;
7959 
7960 	if (info) {
7961 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
7962 				info->vendor_id))
7963 			goto nla_put_failure;
7964 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
7965 				info->subcmd))
7966 			goto nla_put_failure;
7967 	}
7968 
7969 	if (wdev) {
7970 		if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
7971 				      wdev_id(wdev), NL80211_ATTR_PAD))
7972 			goto nla_put_failure;
7973 		if (wdev->netdev &&
7974 		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
7975 				wdev->netdev->ifindex))
7976 			goto nla_put_failure;
7977 	}
7978 
7979 	data = nla_nest_start(skb, attr);
7980 
7981 	((void **)skb->cb)[0] = rdev;
7982 	((void **)skb->cb)[1] = hdr;
7983 	((void **)skb->cb)[2] = data;
7984 
7985 	return skb;
7986 
7987  nla_put_failure:
7988 	kfree_skb(skb);
7989 	return NULL;
7990 }
7991 
7992 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
7993 					   struct wireless_dev *wdev,
7994 					   enum nl80211_commands cmd,
7995 					   enum nl80211_attrs attr,
7996 					   int vendor_event_idx,
7997 					   int approxlen, gfp_t gfp)
7998 {
7999 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
8000 	const struct nl80211_vendor_cmd_info *info;
8001 
8002 	switch (cmd) {
8003 	case NL80211_CMD_TESTMODE:
8004 		if (WARN_ON(vendor_event_idx != -1))
8005 			return NULL;
8006 		info = NULL;
8007 		break;
8008 	case NL80211_CMD_VENDOR:
8009 		if (WARN_ON(vendor_event_idx < 0 ||
8010 			    vendor_event_idx >= wiphy->n_vendor_events))
8011 			return NULL;
8012 		info = &wiphy->vendor_events[vendor_event_idx];
8013 		break;
8014 	default:
8015 		WARN_ON(1);
8016 		return NULL;
8017 	}
8018 
8019 	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
8020 					   cmd, attr, info, gfp);
8021 }
8022 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
8023 
8024 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
8025 {
8026 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
8027 	void *hdr = ((void **)skb->cb)[1];
8028 	struct nlattr *data = ((void **)skb->cb)[2];
8029 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
8030 
8031 	/* clear CB data for netlink core to own from now on */
8032 	memset(skb->cb, 0, sizeof(skb->cb));
8033 
8034 	nla_nest_end(skb, data);
8035 	genlmsg_end(skb, hdr);
8036 
8037 	if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
8038 		mcgrp = NL80211_MCGRP_VENDOR;
8039 
8040 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
8041 				mcgrp, gfp);
8042 }
8043 EXPORT_SYMBOL(__cfg80211_send_event_skb);
8044 
8045 #ifdef CONFIG_NL80211_TESTMODE
8046 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
8047 {
8048 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8049 	struct wireless_dev *wdev =
8050 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
8051 	int err;
8052 
8053 	if (!rdev->ops->testmode_cmd)
8054 		return -EOPNOTSUPP;
8055 
8056 	if (IS_ERR(wdev)) {
8057 		err = PTR_ERR(wdev);
8058 		if (err != -EINVAL)
8059 			return err;
8060 		wdev = NULL;
8061 	} else if (wdev->wiphy != &rdev->wiphy) {
8062 		return -EINVAL;
8063 	}
8064 
8065 	if (!info->attrs[NL80211_ATTR_TESTDATA])
8066 		return -EINVAL;
8067 
8068 	rdev->cur_cmd_info = info;
8069 	err = rdev_testmode_cmd(rdev, wdev,
8070 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
8071 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
8072 	rdev->cur_cmd_info = NULL;
8073 
8074 	return err;
8075 }
8076 
8077 static int nl80211_testmode_dump(struct sk_buff *skb,
8078 				 struct netlink_callback *cb)
8079 {
8080 	struct cfg80211_registered_device *rdev;
8081 	int err;
8082 	long phy_idx;
8083 	void *data = NULL;
8084 	int data_len = 0;
8085 
8086 	rtnl_lock();
8087 
8088 	if (cb->args[0]) {
8089 		/*
8090 		 * 0 is a valid index, but not valid for args[0],
8091 		 * so we need to offset by 1.
8092 		 */
8093 		phy_idx = cb->args[0] - 1;
8094 	} else {
8095 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
8096 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
8097 				  nl80211_policy);
8098 		if (err)
8099 			goto out_err;
8100 
8101 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
8102 						  nl80211_fam.attrbuf);
8103 		if (IS_ERR(rdev)) {
8104 			err = PTR_ERR(rdev);
8105 			goto out_err;
8106 		}
8107 		phy_idx = rdev->wiphy_idx;
8108 		rdev = NULL;
8109 
8110 		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
8111 			cb->args[1] =
8112 				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
8113 	}
8114 
8115 	if (cb->args[1]) {
8116 		data = nla_data((void *)cb->args[1]);
8117 		data_len = nla_len((void *)cb->args[1]);
8118 	}
8119 
8120 	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
8121 	if (!rdev) {
8122 		err = -ENOENT;
8123 		goto out_err;
8124 	}
8125 
8126 	if (!rdev->ops->testmode_dump) {
8127 		err = -EOPNOTSUPP;
8128 		goto out_err;
8129 	}
8130 
8131 	while (1) {
8132 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
8133 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
8134 					   NL80211_CMD_TESTMODE);
8135 		struct nlattr *tmdata;
8136 
8137 		if (!hdr)
8138 			break;
8139 
8140 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
8141 			genlmsg_cancel(skb, hdr);
8142 			break;
8143 		}
8144 
8145 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
8146 		if (!tmdata) {
8147 			genlmsg_cancel(skb, hdr);
8148 			break;
8149 		}
8150 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
8151 		nla_nest_end(skb, tmdata);
8152 
8153 		if (err == -ENOBUFS || err == -ENOENT) {
8154 			genlmsg_cancel(skb, hdr);
8155 			break;
8156 		} else if (err) {
8157 			genlmsg_cancel(skb, hdr);
8158 			goto out_err;
8159 		}
8160 
8161 		genlmsg_end(skb, hdr);
8162 	}
8163 
8164 	err = skb->len;
8165 	/* see above */
8166 	cb->args[0] = phy_idx + 1;
8167  out_err:
8168 	rtnl_unlock();
8169 	return err;
8170 }
8171 #endif
8172 
8173 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
8174 {
8175 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8176 	struct net_device *dev = info->user_ptr[1];
8177 	struct cfg80211_connect_params connect;
8178 	struct wiphy *wiphy;
8179 	struct cfg80211_cached_keys *connkeys = NULL;
8180 	int err;
8181 
8182 	memset(&connect, 0, sizeof(connect));
8183 
8184 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8185 		return -EINVAL;
8186 
8187 	if (!info->attrs[NL80211_ATTR_SSID] ||
8188 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
8189 		return -EINVAL;
8190 
8191 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
8192 		connect.auth_type =
8193 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8194 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
8195 					     NL80211_CMD_CONNECT))
8196 			return -EINVAL;
8197 	} else
8198 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
8199 
8200 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
8201 
8202 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
8203 				      NL80211_MAX_NR_CIPHER_SUITES);
8204 	if (err)
8205 		return err;
8206 
8207 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8208 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8209 		return -EOPNOTSUPP;
8210 
8211 	wiphy = &rdev->wiphy;
8212 
8213 	connect.bg_scan_period = -1;
8214 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
8215 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
8216 		connect.bg_scan_period =
8217 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
8218 	}
8219 
8220 	if (info->attrs[NL80211_ATTR_MAC])
8221 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8222 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
8223 		connect.bssid_hint =
8224 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
8225 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8226 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8227 
8228 	if (info->attrs[NL80211_ATTR_IE]) {
8229 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8230 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8231 	}
8232 
8233 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
8234 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8235 		if (connect.mfp != NL80211_MFP_REQUIRED &&
8236 		    connect.mfp != NL80211_MFP_NO)
8237 			return -EINVAL;
8238 	} else {
8239 		connect.mfp = NL80211_MFP_NO;
8240 	}
8241 
8242 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
8243 		connect.prev_bssid =
8244 			nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
8245 
8246 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8247 		connect.channel = nl80211_get_valid_chan(
8248 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8249 		if (!connect.channel)
8250 			return -EINVAL;
8251 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
8252 		connect.channel_hint = nl80211_get_valid_chan(
8253 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
8254 		if (!connect.channel_hint)
8255 			return -EINVAL;
8256 	}
8257 
8258 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
8259 		connkeys = nl80211_parse_connkeys(rdev,
8260 					  info->attrs[NL80211_ATTR_KEYS], NULL);
8261 		if (IS_ERR(connkeys))
8262 			return PTR_ERR(connkeys);
8263 	}
8264 
8265 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
8266 		connect.flags |= ASSOC_REQ_DISABLE_HT;
8267 
8268 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8269 		memcpy(&connect.ht_capa_mask,
8270 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8271 		       sizeof(connect.ht_capa_mask));
8272 
8273 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8274 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
8275 			kzfree(connkeys);
8276 			return -EINVAL;
8277 		}
8278 		memcpy(&connect.ht_capa,
8279 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8280 		       sizeof(connect.ht_capa));
8281 	}
8282 
8283 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
8284 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
8285 
8286 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8287 		memcpy(&connect.vht_capa_mask,
8288 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
8289 		       sizeof(connect.vht_capa_mask));
8290 
8291 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
8292 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
8293 			kzfree(connkeys);
8294 			return -EINVAL;
8295 		}
8296 		memcpy(&connect.vht_capa,
8297 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
8298 		       sizeof(connect.vht_capa));
8299 	}
8300 
8301 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
8302 		if (!((rdev->wiphy.features &
8303 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
8304 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
8305 		    !wiphy_ext_feature_isset(&rdev->wiphy,
8306 					     NL80211_EXT_FEATURE_RRM)) {
8307 			kzfree(connkeys);
8308 			return -EINVAL;
8309 		}
8310 		connect.flags |= ASSOC_REQ_USE_RRM;
8311 	}
8312 
8313 	connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
8314 	if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
8315 		kzfree(connkeys);
8316 		return -EOPNOTSUPP;
8317 	}
8318 
8319 	if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
8320 		/* bss selection makes no sense if bssid is set */
8321 		if (connect.bssid) {
8322 			kzfree(connkeys);
8323 			return -EINVAL;
8324 		}
8325 
8326 		err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
8327 				       wiphy, &connect.bss_select);
8328 		if (err) {
8329 			kzfree(connkeys);
8330 			return err;
8331 		}
8332 	}
8333 
8334 	wdev_lock(dev->ieee80211_ptr);
8335 	err = cfg80211_connect(rdev, dev, &connect, connkeys,
8336 			       connect.prev_bssid);
8337 	wdev_unlock(dev->ieee80211_ptr);
8338 	if (err)
8339 		kzfree(connkeys);
8340 	return err;
8341 }
8342 
8343 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
8344 {
8345 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8346 	struct net_device *dev = info->user_ptr[1];
8347 	u16 reason;
8348 	int ret;
8349 
8350 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
8351 		reason = WLAN_REASON_DEAUTH_LEAVING;
8352 	else
8353 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8354 
8355 	if (reason == 0)
8356 		return -EINVAL;
8357 
8358 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8359 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8360 		return -EOPNOTSUPP;
8361 
8362 	wdev_lock(dev->ieee80211_ptr);
8363 	ret = cfg80211_disconnect(rdev, dev, reason, true);
8364 	wdev_unlock(dev->ieee80211_ptr);
8365 	return ret;
8366 }
8367 
8368 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
8369 {
8370 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8371 	struct net *net;
8372 	int err;
8373 
8374 	if (info->attrs[NL80211_ATTR_PID]) {
8375 		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
8376 
8377 		net = get_net_ns_by_pid(pid);
8378 	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
8379 		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
8380 
8381 		net = get_net_ns_by_fd(fd);
8382 	} else {
8383 		return -EINVAL;
8384 	}
8385 
8386 	if (IS_ERR(net))
8387 		return PTR_ERR(net);
8388 
8389 	err = 0;
8390 
8391 	/* check if anything to do */
8392 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
8393 		err = cfg80211_switch_netns(rdev, net);
8394 
8395 	put_net(net);
8396 	return err;
8397 }
8398 
8399 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
8400 {
8401 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8402 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
8403 			struct cfg80211_pmksa *pmksa) = NULL;
8404 	struct net_device *dev = info->user_ptr[1];
8405 	struct cfg80211_pmksa pmksa;
8406 
8407 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
8408 
8409 	if (!info->attrs[NL80211_ATTR_MAC])
8410 		return -EINVAL;
8411 
8412 	if (!info->attrs[NL80211_ATTR_PMKID])
8413 		return -EINVAL;
8414 
8415 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
8416 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8417 
8418 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8419 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8420 		return -EOPNOTSUPP;
8421 
8422 	switch (info->genlhdr->cmd) {
8423 	case NL80211_CMD_SET_PMKSA:
8424 		rdev_ops = rdev->ops->set_pmksa;
8425 		break;
8426 	case NL80211_CMD_DEL_PMKSA:
8427 		rdev_ops = rdev->ops->del_pmksa;
8428 		break;
8429 	default:
8430 		WARN_ON(1);
8431 		break;
8432 	}
8433 
8434 	if (!rdev_ops)
8435 		return -EOPNOTSUPP;
8436 
8437 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
8438 }
8439 
8440 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
8441 {
8442 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8443 	struct net_device *dev = info->user_ptr[1];
8444 
8445 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8446 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8447 		return -EOPNOTSUPP;
8448 
8449 	if (!rdev->ops->flush_pmksa)
8450 		return -EOPNOTSUPP;
8451 
8452 	return rdev_flush_pmksa(rdev, dev);
8453 }
8454 
8455 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
8456 {
8457 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8458 	struct net_device *dev = info->user_ptr[1];
8459 	u8 action_code, dialog_token;
8460 	u32 peer_capability = 0;
8461 	u16 status_code;
8462 	u8 *peer;
8463 	bool initiator;
8464 
8465 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
8466 	    !rdev->ops->tdls_mgmt)
8467 		return -EOPNOTSUPP;
8468 
8469 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
8470 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
8471 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
8472 	    !info->attrs[NL80211_ATTR_IE] ||
8473 	    !info->attrs[NL80211_ATTR_MAC])
8474 		return -EINVAL;
8475 
8476 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
8477 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
8478 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
8479 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
8480 	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
8481 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
8482 		peer_capability =
8483 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
8484 
8485 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
8486 			      dialog_token, status_code, peer_capability,
8487 			      initiator,
8488 			      nla_data(info->attrs[NL80211_ATTR_IE]),
8489 			      nla_len(info->attrs[NL80211_ATTR_IE]));
8490 }
8491 
8492 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
8493 {
8494 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8495 	struct net_device *dev = info->user_ptr[1];
8496 	enum nl80211_tdls_operation operation;
8497 	u8 *peer;
8498 
8499 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
8500 	    !rdev->ops->tdls_oper)
8501 		return -EOPNOTSUPP;
8502 
8503 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
8504 	    !info->attrs[NL80211_ATTR_MAC])
8505 		return -EINVAL;
8506 
8507 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
8508 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
8509 
8510 	return rdev_tdls_oper(rdev, dev, peer, operation);
8511 }
8512 
8513 static int nl80211_remain_on_channel(struct sk_buff *skb,
8514 				     struct genl_info *info)
8515 {
8516 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8517 	struct wireless_dev *wdev = info->user_ptr[1];
8518 	struct cfg80211_chan_def chandef;
8519 	struct sk_buff *msg;
8520 	void *hdr;
8521 	u64 cookie;
8522 	u32 duration;
8523 	int err;
8524 
8525 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8526 	    !info->attrs[NL80211_ATTR_DURATION])
8527 		return -EINVAL;
8528 
8529 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
8530 
8531 	if (!rdev->ops->remain_on_channel ||
8532 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
8533 		return -EOPNOTSUPP;
8534 
8535 	/*
8536 	 * We should be on that channel for at least a minimum amount of
8537 	 * time (10ms) but no longer than the driver supports.
8538 	 */
8539 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
8540 	    duration > rdev->wiphy.max_remain_on_channel_duration)
8541 		return -EINVAL;
8542 
8543 	err = nl80211_parse_chandef(rdev, info, &chandef);
8544 	if (err)
8545 		return err;
8546 
8547 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8548 	if (!msg)
8549 		return -ENOMEM;
8550 
8551 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8552 			     NL80211_CMD_REMAIN_ON_CHANNEL);
8553 	if (!hdr) {
8554 		err = -ENOBUFS;
8555 		goto free_msg;
8556 	}
8557 
8558 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
8559 				     duration, &cookie);
8560 
8561 	if (err)
8562 		goto free_msg;
8563 
8564 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
8565 			      NL80211_ATTR_PAD))
8566 		goto nla_put_failure;
8567 
8568 	genlmsg_end(msg, hdr);
8569 
8570 	return genlmsg_reply(msg, info);
8571 
8572  nla_put_failure:
8573 	err = -ENOBUFS;
8574  free_msg:
8575 	nlmsg_free(msg);
8576 	return err;
8577 }
8578 
8579 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
8580 					    struct genl_info *info)
8581 {
8582 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8583 	struct wireless_dev *wdev = info->user_ptr[1];
8584 	u64 cookie;
8585 
8586 	if (!info->attrs[NL80211_ATTR_COOKIE])
8587 		return -EINVAL;
8588 
8589 	if (!rdev->ops->cancel_remain_on_channel)
8590 		return -EOPNOTSUPP;
8591 
8592 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8593 
8594 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
8595 }
8596 
8597 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
8598 			   u8 *rates, u8 rates_len)
8599 {
8600 	u8 i;
8601 	u32 mask = 0;
8602 
8603 	for (i = 0; i < rates_len; i++) {
8604 		int rate = (rates[i] & 0x7f) * 5;
8605 		int ridx;
8606 
8607 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
8608 			struct ieee80211_rate *srate =
8609 				&sband->bitrates[ridx];
8610 			if (rate == srate->bitrate) {
8611 				mask |= 1 << ridx;
8612 				break;
8613 			}
8614 		}
8615 		if (ridx == sband->n_bitrates)
8616 			return 0; /* rate not found */
8617 	}
8618 
8619 	return mask;
8620 }
8621 
8622 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
8623 			       u8 *rates, u8 rates_len,
8624 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
8625 {
8626 	u8 i;
8627 
8628 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
8629 
8630 	for (i = 0; i < rates_len; i++) {
8631 		int ridx, rbit;
8632 
8633 		ridx = rates[i] / 8;
8634 		rbit = BIT(rates[i] % 8);
8635 
8636 		/* check validity */
8637 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
8638 			return false;
8639 
8640 		/* check availability */
8641 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
8642 			mcs[ridx] |= rbit;
8643 		else
8644 			return false;
8645 	}
8646 
8647 	return true;
8648 }
8649 
8650 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
8651 {
8652 	u16 mcs_mask = 0;
8653 
8654 	switch (vht_mcs_map) {
8655 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
8656 		break;
8657 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
8658 		mcs_mask = 0x00FF;
8659 		break;
8660 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
8661 		mcs_mask = 0x01FF;
8662 		break;
8663 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
8664 		mcs_mask = 0x03FF;
8665 		break;
8666 	default:
8667 		break;
8668 	}
8669 
8670 	return mcs_mask;
8671 }
8672 
8673 static void vht_build_mcs_mask(u16 vht_mcs_map,
8674 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
8675 {
8676 	u8 nss;
8677 
8678 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
8679 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
8680 		vht_mcs_map >>= 2;
8681 	}
8682 }
8683 
8684 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
8685 			     struct nl80211_txrate_vht *txrate,
8686 			     u16 mcs[NL80211_VHT_NSS_MAX])
8687 {
8688 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8689 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
8690 	u8 i;
8691 
8692 	if (!sband->vht_cap.vht_supported)
8693 		return false;
8694 
8695 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
8696 
8697 	/* Build vht_mcs_mask from VHT capabilities */
8698 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
8699 
8700 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8701 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
8702 			mcs[i] = txrate->mcs[i];
8703 		else
8704 			return false;
8705 	}
8706 
8707 	return true;
8708 }
8709 
8710 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
8711 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
8712 				    .len = NL80211_MAX_SUPP_RATES },
8713 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
8714 				.len = NL80211_MAX_SUPP_HT_RATES },
8715 	[NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
8716 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
8717 };
8718 
8719 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
8720 				       struct genl_info *info)
8721 {
8722 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
8723 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8724 	struct cfg80211_bitrate_mask mask;
8725 	int rem, i;
8726 	struct net_device *dev = info->user_ptr[1];
8727 	struct nlattr *tx_rates;
8728 	struct ieee80211_supported_band *sband;
8729 	u16 vht_tx_mcs_map;
8730 
8731 	if (!rdev->ops->set_bitrate_mask)
8732 		return -EOPNOTSUPP;
8733 
8734 	memset(&mask, 0, sizeof(mask));
8735 	/* Default to all rates enabled */
8736 	for (i = 0; i < NUM_NL80211_BANDS; i++) {
8737 		sband = rdev->wiphy.bands[i];
8738 
8739 		if (!sband)
8740 			continue;
8741 
8742 		mask.control[i].legacy = (1 << sband->n_bitrates) - 1;
8743 		memcpy(mask.control[i].ht_mcs,
8744 		       sband->ht_cap.mcs.rx_mask,
8745 		       sizeof(mask.control[i].ht_mcs));
8746 
8747 		if (!sband->vht_cap.vht_supported)
8748 			continue;
8749 
8750 		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8751 		vht_build_mcs_mask(vht_tx_mcs_map, mask.control[i].vht_mcs);
8752 	}
8753 
8754 	/* if no rates are given set it back to the defaults */
8755 	if (!info->attrs[NL80211_ATTR_TX_RATES])
8756 		goto out;
8757 
8758 	/*
8759 	 * The nested attribute uses enum nl80211_band as the index. This maps
8760 	 * directly to the enum nl80211_band values used in cfg80211.
8761 	 */
8762 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
8763 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
8764 		enum nl80211_band band = nla_type(tx_rates);
8765 		int err;
8766 
8767 		if (band < 0 || band >= NUM_NL80211_BANDS)
8768 			return -EINVAL;
8769 		sband = rdev->wiphy.bands[band];
8770 		if (sband == NULL)
8771 			return -EINVAL;
8772 		err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
8773 				nla_len(tx_rates), nl80211_txattr_policy);
8774 		if (err)
8775 			return err;
8776 		if (tb[NL80211_TXRATE_LEGACY]) {
8777 			mask.control[band].legacy = rateset_to_mask(
8778 				sband,
8779 				nla_data(tb[NL80211_TXRATE_LEGACY]),
8780 				nla_len(tb[NL80211_TXRATE_LEGACY]));
8781 			if ((mask.control[band].legacy == 0) &&
8782 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
8783 				return -EINVAL;
8784 		}
8785 		if (tb[NL80211_TXRATE_HT]) {
8786 			if (!ht_rateset_to_mask(
8787 					sband,
8788 					nla_data(tb[NL80211_TXRATE_HT]),
8789 					nla_len(tb[NL80211_TXRATE_HT]),
8790 					mask.control[band].ht_mcs))
8791 				return -EINVAL;
8792 		}
8793 		if (tb[NL80211_TXRATE_VHT]) {
8794 			if (!vht_set_mcs_mask(
8795 					sband,
8796 					nla_data(tb[NL80211_TXRATE_VHT]),
8797 					mask.control[band].vht_mcs))
8798 				return -EINVAL;
8799 		}
8800 		if (tb[NL80211_TXRATE_GI]) {
8801 			mask.control[band].gi =
8802 				nla_get_u8(tb[NL80211_TXRATE_GI]);
8803 			if (mask.control[band].gi > NL80211_TXRATE_FORCE_LGI)
8804 				return -EINVAL;
8805 		}
8806 
8807 		if (mask.control[band].legacy == 0) {
8808 			/* don't allow empty legacy rates if HT or VHT
8809 			 * are not even supported.
8810 			 */
8811 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
8812 			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
8813 				return -EINVAL;
8814 
8815 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
8816 				if (mask.control[band].ht_mcs[i])
8817 					goto out;
8818 
8819 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
8820 				if (mask.control[band].vht_mcs[i])
8821 					goto out;
8822 
8823 			/* legacy and mcs rates may not be both empty */
8824 			return -EINVAL;
8825 		}
8826 	}
8827 
8828 out:
8829 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
8830 }
8831 
8832 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
8833 {
8834 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8835 	struct wireless_dev *wdev = info->user_ptr[1];
8836 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
8837 
8838 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
8839 		return -EINVAL;
8840 
8841 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
8842 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
8843 
8844 	switch (wdev->iftype) {
8845 	case NL80211_IFTYPE_STATION:
8846 	case NL80211_IFTYPE_ADHOC:
8847 	case NL80211_IFTYPE_P2P_CLIENT:
8848 	case NL80211_IFTYPE_AP:
8849 	case NL80211_IFTYPE_AP_VLAN:
8850 	case NL80211_IFTYPE_MESH_POINT:
8851 	case NL80211_IFTYPE_P2P_GO:
8852 	case NL80211_IFTYPE_P2P_DEVICE:
8853 		break;
8854 	default:
8855 		return -EOPNOTSUPP;
8856 	}
8857 
8858 	/* not much point in registering if we can't reply */
8859 	if (!rdev->ops->mgmt_tx)
8860 		return -EOPNOTSUPP;
8861 
8862 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
8863 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
8864 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
8865 }
8866 
8867 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
8868 {
8869 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8870 	struct wireless_dev *wdev = info->user_ptr[1];
8871 	struct cfg80211_chan_def chandef;
8872 	int err;
8873 	void *hdr = NULL;
8874 	u64 cookie;
8875 	struct sk_buff *msg = NULL;
8876 	struct cfg80211_mgmt_tx_params params = {
8877 		.dont_wait_for_ack =
8878 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
8879 	};
8880 
8881 	if (!info->attrs[NL80211_ATTR_FRAME])
8882 		return -EINVAL;
8883 
8884 	if (!rdev->ops->mgmt_tx)
8885 		return -EOPNOTSUPP;
8886 
8887 	switch (wdev->iftype) {
8888 	case NL80211_IFTYPE_P2P_DEVICE:
8889 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8890 			return -EINVAL;
8891 	case NL80211_IFTYPE_STATION:
8892 	case NL80211_IFTYPE_ADHOC:
8893 	case NL80211_IFTYPE_P2P_CLIENT:
8894 	case NL80211_IFTYPE_AP:
8895 	case NL80211_IFTYPE_AP_VLAN:
8896 	case NL80211_IFTYPE_MESH_POINT:
8897 	case NL80211_IFTYPE_P2P_GO:
8898 		break;
8899 	default:
8900 		return -EOPNOTSUPP;
8901 	}
8902 
8903 	if (info->attrs[NL80211_ATTR_DURATION]) {
8904 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
8905 			return -EINVAL;
8906 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
8907 
8908 		/*
8909 		 * We should wait on the channel for at least a minimum amount
8910 		 * of time (10ms) but no longer than the driver supports.
8911 		 */
8912 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
8913 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
8914 			return -EINVAL;
8915 	}
8916 
8917 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
8918 
8919 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
8920 		return -EINVAL;
8921 
8922 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
8923 
8924 	/* get the channel if any has been specified, otherwise pass NULL to
8925 	 * the driver. The latter will use the current one
8926 	 */
8927 	chandef.chan = NULL;
8928 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8929 		err = nl80211_parse_chandef(rdev, info, &chandef);
8930 		if (err)
8931 			return err;
8932 	}
8933 
8934 	if (!chandef.chan && params.offchan)
8935 		return -EINVAL;
8936 
8937 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
8938 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
8939 
8940 	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
8941 		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
8942 		int i;
8943 
8944 		if (len % sizeof(u16))
8945 			return -EINVAL;
8946 
8947 		params.n_csa_offsets = len / sizeof(u16);
8948 		params.csa_offsets =
8949 			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
8950 
8951 		/* check that all the offsets fit the frame */
8952 		for (i = 0; i < params.n_csa_offsets; i++) {
8953 			if (params.csa_offsets[i] >= params.len)
8954 				return -EINVAL;
8955 		}
8956 	}
8957 
8958 	if (!params.dont_wait_for_ack) {
8959 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8960 		if (!msg)
8961 			return -ENOMEM;
8962 
8963 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8964 				     NL80211_CMD_FRAME);
8965 		if (!hdr) {
8966 			err = -ENOBUFS;
8967 			goto free_msg;
8968 		}
8969 	}
8970 
8971 	params.chan = chandef.chan;
8972 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
8973 	if (err)
8974 		goto free_msg;
8975 
8976 	if (msg) {
8977 		if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
8978 				      NL80211_ATTR_PAD))
8979 			goto nla_put_failure;
8980 
8981 		genlmsg_end(msg, hdr);
8982 		return genlmsg_reply(msg, info);
8983 	}
8984 
8985 	return 0;
8986 
8987  nla_put_failure:
8988 	err = -ENOBUFS;
8989  free_msg:
8990 	nlmsg_free(msg);
8991 	return err;
8992 }
8993 
8994 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
8995 {
8996 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8997 	struct wireless_dev *wdev = info->user_ptr[1];
8998 	u64 cookie;
8999 
9000 	if (!info->attrs[NL80211_ATTR_COOKIE])
9001 		return -EINVAL;
9002 
9003 	if (!rdev->ops->mgmt_tx_cancel_wait)
9004 		return -EOPNOTSUPP;
9005 
9006 	switch (wdev->iftype) {
9007 	case NL80211_IFTYPE_STATION:
9008 	case NL80211_IFTYPE_ADHOC:
9009 	case NL80211_IFTYPE_P2P_CLIENT:
9010 	case NL80211_IFTYPE_AP:
9011 	case NL80211_IFTYPE_AP_VLAN:
9012 	case NL80211_IFTYPE_P2P_GO:
9013 	case NL80211_IFTYPE_P2P_DEVICE:
9014 		break;
9015 	default:
9016 		return -EOPNOTSUPP;
9017 	}
9018 
9019 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9020 
9021 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
9022 }
9023 
9024 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
9025 {
9026 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9027 	struct wireless_dev *wdev;
9028 	struct net_device *dev = info->user_ptr[1];
9029 	u8 ps_state;
9030 	bool state;
9031 	int err;
9032 
9033 	if (!info->attrs[NL80211_ATTR_PS_STATE])
9034 		return -EINVAL;
9035 
9036 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
9037 
9038 	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
9039 		return -EINVAL;
9040 
9041 	wdev = dev->ieee80211_ptr;
9042 
9043 	if (!rdev->ops->set_power_mgmt)
9044 		return -EOPNOTSUPP;
9045 
9046 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
9047 
9048 	if (state == wdev->ps)
9049 		return 0;
9050 
9051 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
9052 	if (!err)
9053 		wdev->ps = state;
9054 	return err;
9055 }
9056 
9057 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
9058 {
9059 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9060 	enum nl80211_ps_state ps_state;
9061 	struct wireless_dev *wdev;
9062 	struct net_device *dev = info->user_ptr[1];
9063 	struct sk_buff *msg;
9064 	void *hdr;
9065 	int err;
9066 
9067 	wdev = dev->ieee80211_ptr;
9068 
9069 	if (!rdev->ops->set_power_mgmt)
9070 		return -EOPNOTSUPP;
9071 
9072 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9073 	if (!msg)
9074 		return -ENOMEM;
9075 
9076 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9077 			     NL80211_CMD_GET_POWER_SAVE);
9078 	if (!hdr) {
9079 		err = -ENOBUFS;
9080 		goto free_msg;
9081 	}
9082 
9083 	if (wdev->ps)
9084 		ps_state = NL80211_PS_ENABLED;
9085 	else
9086 		ps_state = NL80211_PS_DISABLED;
9087 
9088 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
9089 		goto nla_put_failure;
9090 
9091 	genlmsg_end(msg, hdr);
9092 	return genlmsg_reply(msg, info);
9093 
9094  nla_put_failure:
9095 	err = -ENOBUFS;
9096  free_msg:
9097 	nlmsg_free(msg);
9098 	return err;
9099 }
9100 
9101 static const struct nla_policy
9102 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
9103 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
9104 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
9105 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
9106 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
9107 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
9108 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
9109 };
9110 
9111 static int nl80211_set_cqm_txe(struct genl_info *info,
9112 			       u32 rate, u32 pkts, u32 intvl)
9113 {
9114 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9115 	struct net_device *dev = info->user_ptr[1];
9116 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9117 
9118 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
9119 		return -EINVAL;
9120 
9121 	if (!rdev->ops->set_cqm_txe_config)
9122 		return -EOPNOTSUPP;
9123 
9124 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
9125 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9126 		return -EOPNOTSUPP;
9127 
9128 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
9129 }
9130 
9131 static int nl80211_set_cqm_rssi(struct genl_info *info,
9132 				s32 threshold, u32 hysteresis)
9133 {
9134 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9135 	struct net_device *dev = info->user_ptr[1];
9136 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9137 
9138 	if (threshold > 0)
9139 		return -EINVAL;
9140 
9141 	/* disabling - hysteresis should also be zero then */
9142 	if (threshold == 0)
9143 		hysteresis = 0;
9144 
9145 	if (!rdev->ops->set_cqm_rssi_config)
9146 		return -EOPNOTSUPP;
9147 
9148 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
9149 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9150 		return -EOPNOTSUPP;
9151 
9152 	return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
9153 }
9154 
9155 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
9156 {
9157 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
9158 	struct nlattr *cqm;
9159 	int err;
9160 
9161 	cqm = info->attrs[NL80211_ATTR_CQM];
9162 	if (!cqm)
9163 		return -EINVAL;
9164 
9165 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
9166 			       nl80211_attr_cqm_policy);
9167 	if (err)
9168 		return err;
9169 
9170 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
9171 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
9172 		s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
9173 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
9174 
9175 		return nl80211_set_cqm_rssi(info, threshold, hysteresis);
9176 	}
9177 
9178 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
9179 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
9180 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
9181 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
9182 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
9183 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
9184 
9185 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
9186 	}
9187 
9188 	return -EINVAL;
9189 }
9190 
9191 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
9192 {
9193 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9194 	struct net_device *dev = info->user_ptr[1];
9195 	struct ocb_setup setup = {};
9196 	int err;
9197 
9198 	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
9199 	if (err)
9200 		return err;
9201 
9202 	return cfg80211_join_ocb(rdev, dev, &setup);
9203 }
9204 
9205 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
9206 {
9207 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9208 	struct net_device *dev = info->user_ptr[1];
9209 
9210 	return cfg80211_leave_ocb(rdev, dev);
9211 }
9212 
9213 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
9214 {
9215 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9216 	struct net_device *dev = info->user_ptr[1];
9217 	struct mesh_config cfg;
9218 	struct mesh_setup setup;
9219 	int err;
9220 
9221 	/* start with default */
9222 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
9223 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
9224 
9225 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
9226 		/* and parse parameters if given */
9227 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
9228 		if (err)
9229 			return err;
9230 	}
9231 
9232 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
9233 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
9234 		return -EINVAL;
9235 
9236 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
9237 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
9238 
9239 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9240 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
9241 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9242 			return -EINVAL;
9243 
9244 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
9245 		setup.beacon_interval =
9246 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9247 
9248 		err = cfg80211_validate_beacon_int(rdev, setup.beacon_interval);
9249 		if (err)
9250 			return err;
9251 	}
9252 
9253 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
9254 		setup.dtim_period =
9255 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
9256 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
9257 			return -EINVAL;
9258 	}
9259 
9260 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
9261 		/* parse additional setup parameters if given */
9262 		err = nl80211_parse_mesh_setup(info, &setup);
9263 		if (err)
9264 			return err;
9265 	}
9266 
9267 	if (setup.user_mpm)
9268 		cfg.auto_open_plinks = false;
9269 
9270 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9271 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
9272 		if (err)
9273 			return err;
9274 	} else {
9275 		/* cfg80211_join_mesh() will sort it out */
9276 		setup.chandef.chan = NULL;
9277 	}
9278 
9279 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9280 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9281 		int n_rates =
9282 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9283 		struct ieee80211_supported_band *sband;
9284 
9285 		if (!setup.chandef.chan)
9286 			return -EINVAL;
9287 
9288 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
9289 
9290 		err = ieee80211_get_ratemask(sband, rates, n_rates,
9291 					     &setup.basic_rates);
9292 		if (err)
9293 			return err;
9294 	}
9295 
9296 	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
9297 }
9298 
9299 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
9300 {
9301 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9302 	struct net_device *dev = info->user_ptr[1];
9303 
9304 	return cfg80211_leave_mesh(rdev, dev);
9305 }
9306 
9307 #ifdef CONFIG_PM
9308 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
9309 					struct cfg80211_registered_device *rdev)
9310 {
9311 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
9312 	struct nlattr *nl_pats, *nl_pat;
9313 	int i, pat_len;
9314 
9315 	if (!wowlan->n_patterns)
9316 		return 0;
9317 
9318 	nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
9319 	if (!nl_pats)
9320 		return -ENOBUFS;
9321 
9322 	for (i = 0; i < wowlan->n_patterns; i++) {
9323 		nl_pat = nla_nest_start(msg, i + 1);
9324 		if (!nl_pat)
9325 			return -ENOBUFS;
9326 		pat_len = wowlan->patterns[i].pattern_len;
9327 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
9328 			    wowlan->patterns[i].mask) ||
9329 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
9330 			    wowlan->patterns[i].pattern) ||
9331 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
9332 				wowlan->patterns[i].pkt_offset))
9333 			return -ENOBUFS;
9334 		nla_nest_end(msg, nl_pat);
9335 	}
9336 	nla_nest_end(msg, nl_pats);
9337 
9338 	return 0;
9339 }
9340 
9341 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
9342 				   struct cfg80211_wowlan_tcp *tcp)
9343 {
9344 	struct nlattr *nl_tcp;
9345 
9346 	if (!tcp)
9347 		return 0;
9348 
9349 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
9350 	if (!nl_tcp)
9351 		return -ENOBUFS;
9352 
9353 	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
9354 	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
9355 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
9356 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
9357 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
9358 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
9359 		    tcp->payload_len, tcp->payload) ||
9360 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
9361 			tcp->data_interval) ||
9362 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
9363 		    tcp->wake_len, tcp->wake_data) ||
9364 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
9365 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
9366 		return -ENOBUFS;
9367 
9368 	if (tcp->payload_seq.len &&
9369 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
9370 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
9371 		return -ENOBUFS;
9372 
9373 	if (tcp->payload_tok.len &&
9374 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
9375 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
9376 		    &tcp->payload_tok))
9377 		return -ENOBUFS;
9378 
9379 	nla_nest_end(msg, nl_tcp);
9380 
9381 	return 0;
9382 }
9383 
9384 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
9385 				  struct cfg80211_sched_scan_request *req)
9386 {
9387 	struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
9388 	int i;
9389 
9390 	if (!req)
9391 		return 0;
9392 
9393 	nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
9394 	if (!nd)
9395 		return -ENOBUFS;
9396 
9397 	if (req->n_scan_plans == 1 &&
9398 	    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
9399 			req->scan_plans[0].interval * 1000))
9400 		return -ENOBUFS;
9401 
9402 	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
9403 		return -ENOBUFS;
9404 
9405 	freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
9406 	if (!freqs)
9407 		return -ENOBUFS;
9408 
9409 	for (i = 0; i < req->n_channels; i++)
9410 		nla_put_u32(msg, i, req->channels[i]->center_freq);
9411 
9412 	nla_nest_end(msg, freqs);
9413 
9414 	if (req->n_match_sets) {
9415 		matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
9416 		for (i = 0; i < req->n_match_sets; i++) {
9417 			match = nla_nest_start(msg, i);
9418 			nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
9419 				req->match_sets[i].ssid.ssid_len,
9420 				req->match_sets[i].ssid.ssid);
9421 			nla_nest_end(msg, match);
9422 		}
9423 		nla_nest_end(msg, matches);
9424 	}
9425 
9426 	scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
9427 	if (!scan_plans)
9428 		return -ENOBUFS;
9429 
9430 	for (i = 0; i < req->n_scan_plans; i++) {
9431 		scan_plan = nla_nest_start(msg, i + 1);
9432 		if (!scan_plan ||
9433 		    nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
9434 				req->scan_plans[i].interval) ||
9435 		    (req->scan_plans[i].iterations &&
9436 		     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
9437 				 req->scan_plans[i].iterations)))
9438 			return -ENOBUFS;
9439 		nla_nest_end(msg, scan_plan);
9440 	}
9441 	nla_nest_end(msg, scan_plans);
9442 
9443 	nla_nest_end(msg, nd);
9444 
9445 	return 0;
9446 }
9447 
9448 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
9449 {
9450 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9451 	struct sk_buff *msg;
9452 	void *hdr;
9453 	u32 size = NLMSG_DEFAULT_SIZE;
9454 
9455 	if (!rdev->wiphy.wowlan)
9456 		return -EOPNOTSUPP;
9457 
9458 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
9459 		/* adjust size to have room for all the data */
9460 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
9461 			rdev->wiphy.wowlan_config->tcp->payload_len +
9462 			rdev->wiphy.wowlan_config->tcp->wake_len +
9463 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
9464 	}
9465 
9466 	msg = nlmsg_new(size, GFP_KERNEL);
9467 	if (!msg)
9468 		return -ENOMEM;
9469 
9470 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9471 			     NL80211_CMD_GET_WOWLAN);
9472 	if (!hdr)
9473 		goto nla_put_failure;
9474 
9475 	if (rdev->wiphy.wowlan_config) {
9476 		struct nlattr *nl_wowlan;
9477 
9478 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
9479 		if (!nl_wowlan)
9480 			goto nla_put_failure;
9481 
9482 		if ((rdev->wiphy.wowlan_config->any &&
9483 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
9484 		    (rdev->wiphy.wowlan_config->disconnect &&
9485 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
9486 		    (rdev->wiphy.wowlan_config->magic_pkt &&
9487 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
9488 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
9489 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
9490 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
9491 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
9492 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
9493 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
9494 		    (rdev->wiphy.wowlan_config->rfkill_release &&
9495 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
9496 			goto nla_put_failure;
9497 
9498 		if (nl80211_send_wowlan_patterns(msg, rdev))
9499 			goto nla_put_failure;
9500 
9501 		if (nl80211_send_wowlan_tcp(msg,
9502 					    rdev->wiphy.wowlan_config->tcp))
9503 			goto nla_put_failure;
9504 
9505 		if (nl80211_send_wowlan_nd(
9506 			    msg,
9507 			    rdev->wiphy.wowlan_config->nd_config))
9508 			goto nla_put_failure;
9509 
9510 		nla_nest_end(msg, nl_wowlan);
9511 	}
9512 
9513 	genlmsg_end(msg, hdr);
9514 	return genlmsg_reply(msg, info);
9515 
9516 nla_put_failure:
9517 	nlmsg_free(msg);
9518 	return -ENOBUFS;
9519 }
9520 
9521 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
9522 				    struct nlattr *attr,
9523 				    struct cfg80211_wowlan *trig)
9524 {
9525 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
9526 	struct cfg80211_wowlan_tcp *cfg;
9527 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
9528 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
9529 	u32 size;
9530 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
9531 	int err, port;
9532 
9533 	if (!rdev->wiphy.wowlan->tcp)
9534 		return -EINVAL;
9535 
9536 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
9537 			nla_data(attr), nla_len(attr),
9538 			nl80211_wowlan_tcp_policy);
9539 	if (err)
9540 		return err;
9541 
9542 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
9543 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
9544 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
9545 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
9546 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
9547 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
9548 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
9549 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
9550 		return -EINVAL;
9551 
9552 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
9553 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
9554 		return -EINVAL;
9555 
9556 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
9557 			rdev->wiphy.wowlan->tcp->data_interval_max ||
9558 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
9559 		return -EINVAL;
9560 
9561 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
9562 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
9563 		return -EINVAL;
9564 
9565 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
9566 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
9567 		return -EINVAL;
9568 
9569 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
9570 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
9571 
9572 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
9573 		tokens_size = tokln - sizeof(*tok);
9574 
9575 		if (!tok->len || tokens_size % tok->len)
9576 			return -EINVAL;
9577 		if (!rdev->wiphy.wowlan->tcp->tok)
9578 			return -EINVAL;
9579 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
9580 			return -EINVAL;
9581 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
9582 			return -EINVAL;
9583 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
9584 			return -EINVAL;
9585 		if (tok->offset + tok->len > data_size)
9586 			return -EINVAL;
9587 	}
9588 
9589 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
9590 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
9591 		if (!rdev->wiphy.wowlan->tcp->seq)
9592 			return -EINVAL;
9593 		if (seq->len == 0 || seq->len > 4)
9594 			return -EINVAL;
9595 		if (seq->len + seq->offset > data_size)
9596 			return -EINVAL;
9597 	}
9598 
9599 	size = sizeof(*cfg);
9600 	size += data_size;
9601 	size += wake_size + wake_mask_size;
9602 	size += tokens_size;
9603 
9604 	cfg = kzalloc(size, GFP_KERNEL);
9605 	if (!cfg)
9606 		return -ENOMEM;
9607 	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
9608 	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
9609 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
9610 	       ETH_ALEN);
9611 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
9612 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
9613 	else
9614 		port = 0;
9615 #ifdef CONFIG_INET
9616 	/* allocate a socket and port for it and use it */
9617 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
9618 			    IPPROTO_TCP, &cfg->sock, 1);
9619 	if (err) {
9620 		kfree(cfg);
9621 		return err;
9622 	}
9623 	if (inet_csk_get_port(cfg->sock->sk, port)) {
9624 		sock_release(cfg->sock);
9625 		kfree(cfg);
9626 		return -EADDRINUSE;
9627 	}
9628 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
9629 #else
9630 	if (!port) {
9631 		kfree(cfg);
9632 		return -EINVAL;
9633 	}
9634 	cfg->src_port = port;
9635 #endif
9636 
9637 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
9638 	cfg->payload_len = data_size;
9639 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
9640 	memcpy((void *)cfg->payload,
9641 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
9642 	       data_size);
9643 	if (seq)
9644 		cfg->payload_seq = *seq;
9645 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
9646 	cfg->wake_len = wake_size;
9647 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
9648 	memcpy((void *)cfg->wake_data,
9649 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
9650 	       wake_size);
9651 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
9652 			 data_size + wake_size;
9653 	memcpy((void *)cfg->wake_mask,
9654 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
9655 	       wake_mask_size);
9656 	if (tok) {
9657 		cfg->tokens_size = tokens_size;
9658 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
9659 	}
9660 
9661 	trig->tcp = cfg;
9662 
9663 	return 0;
9664 }
9665 
9666 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
9667 				   const struct wiphy_wowlan_support *wowlan,
9668 				   struct nlattr *attr,
9669 				   struct cfg80211_wowlan *trig)
9670 {
9671 	struct nlattr **tb;
9672 	int err;
9673 
9674 	tb = kzalloc(NUM_NL80211_ATTR * sizeof(*tb), GFP_KERNEL);
9675 	if (!tb)
9676 		return -ENOMEM;
9677 
9678 	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
9679 		err = -EOPNOTSUPP;
9680 		goto out;
9681 	}
9682 
9683 	err = nla_parse(tb, NL80211_ATTR_MAX,
9684 			nla_data(attr), nla_len(attr),
9685 			nl80211_policy);
9686 	if (err)
9687 		goto out;
9688 
9689 	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb);
9690 	err = PTR_ERR_OR_ZERO(trig->nd_config);
9691 	if (err)
9692 		trig->nd_config = NULL;
9693 
9694 out:
9695 	kfree(tb);
9696 	return err;
9697 }
9698 
9699 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
9700 {
9701 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9702 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
9703 	struct cfg80211_wowlan new_triggers = {};
9704 	struct cfg80211_wowlan *ntrig;
9705 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
9706 	int err, i;
9707 	bool prev_enabled = rdev->wiphy.wowlan_config;
9708 	bool regular = false;
9709 
9710 	if (!wowlan)
9711 		return -EOPNOTSUPP;
9712 
9713 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
9714 		cfg80211_rdev_free_wowlan(rdev);
9715 		rdev->wiphy.wowlan_config = NULL;
9716 		goto set_wakeup;
9717 	}
9718 
9719 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
9720 			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
9721 			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
9722 			nl80211_wowlan_policy);
9723 	if (err)
9724 		return err;
9725 
9726 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
9727 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
9728 			return -EINVAL;
9729 		new_triggers.any = true;
9730 	}
9731 
9732 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
9733 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
9734 			return -EINVAL;
9735 		new_triggers.disconnect = true;
9736 		regular = true;
9737 	}
9738 
9739 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
9740 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
9741 			return -EINVAL;
9742 		new_triggers.magic_pkt = true;
9743 		regular = true;
9744 	}
9745 
9746 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
9747 		return -EINVAL;
9748 
9749 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
9750 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
9751 			return -EINVAL;
9752 		new_triggers.gtk_rekey_failure = true;
9753 		regular = true;
9754 	}
9755 
9756 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
9757 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
9758 			return -EINVAL;
9759 		new_triggers.eap_identity_req = true;
9760 		regular = true;
9761 	}
9762 
9763 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
9764 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
9765 			return -EINVAL;
9766 		new_triggers.four_way_handshake = true;
9767 		regular = true;
9768 	}
9769 
9770 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
9771 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
9772 			return -EINVAL;
9773 		new_triggers.rfkill_release = true;
9774 		regular = true;
9775 	}
9776 
9777 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
9778 		struct nlattr *pat;
9779 		int n_patterns = 0;
9780 		int rem, pat_len, mask_len, pkt_offset;
9781 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
9782 
9783 		regular = true;
9784 
9785 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
9786 				    rem)
9787 			n_patterns++;
9788 		if (n_patterns > wowlan->n_patterns)
9789 			return -EINVAL;
9790 
9791 		new_triggers.patterns = kcalloc(n_patterns,
9792 						sizeof(new_triggers.patterns[0]),
9793 						GFP_KERNEL);
9794 		if (!new_triggers.patterns)
9795 			return -ENOMEM;
9796 
9797 		new_triggers.n_patterns = n_patterns;
9798 		i = 0;
9799 
9800 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
9801 				    rem) {
9802 			u8 *mask_pat;
9803 
9804 			nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
9805 				  nla_len(pat), NULL);
9806 			err = -EINVAL;
9807 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
9808 			    !pat_tb[NL80211_PKTPAT_PATTERN])
9809 				goto error;
9810 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
9811 			mask_len = DIV_ROUND_UP(pat_len, 8);
9812 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
9813 				goto error;
9814 			if (pat_len > wowlan->pattern_max_len ||
9815 			    pat_len < wowlan->pattern_min_len)
9816 				goto error;
9817 
9818 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
9819 				pkt_offset = 0;
9820 			else
9821 				pkt_offset = nla_get_u32(
9822 					pat_tb[NL80211_PKTPAT_OFFSET]);
9823 			if (pkt_offset > wowlan->max_pkt_offset)
9824 				goto error;
9825 			new_triggers.patterns[i].pkt_offset = pkt_offset;
9826 
9827 			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
9828 			if (!mask_pat) {
9829 				err = -ENOMEM;
9830 				goto error;
9831 			}
9832 			new_triggers.patterns[i].mask = mask_pat;
9833 			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
9834 			       mask_len);
9835 			mask_pat += mask_len;
9836 			new_triggers.patterns[i].pattern = mask_pat;
9837 			new_triggers.patterns[i].pattern_len = pat_len;
9838 			memcpy(mask_pat,
9839 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
9840 			       pat_len);
9841 			i++;
9842 		}
9843 	}
9844 
9845 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
9846 		regular = true;
9847 		err = nl80211_parse_wowlan_tcp(
9848 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
9849 			&new_triggers);
9850 		if (err)
9851 			goto error;
9852 	}
9853 
9854 	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
9855 		regular = true;
9856 		err = nl80211_parse_wowlan_nd(
9857 			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
9858 			&new_triggers);
9859 		if (err)
9860 			goto error;
9861 	}
9862 
9863 	/* The 'any' trigger means the device continues operating more or less
9864 	 * as in its normal operation mode and wakes up the host on most of the
9865 	 * normal interrupts (like packet RX, ...)
9866 	 * It therefore makes little sense to combine with the more constrained
9867 	 * wakeup trigger modes.
9868 	 */
9869 	if (new_triggers.any && regular) {
9870 		err = -EINVAL;
9871 		goto error;
9872 	}
9873 
9874 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
9875 	if (!ntrig) {
9876 		err = -ENOMEM;
9877 		goto error;
9878 	}
9879 	cfg80211_rdev_free_wowlan(rdev);
9880 	rdev->wiphy.wowlan_config = ntrig;
9881 
9882  set_wakeup:
9883 	if (rdev->ops->set_wakeup &&
9884 	    prev_enabled != !!rdev->wiphy.wowlan_config)
9885 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
9886 
9887 	return 0;
9888  error:
9889 	for (i = 0; i < new_triggers.n_patterns; i++)
9890 		kfree(new_triggers.patterns[i].mask);
9891 	kfree(new_triggers.patterns);
9892 	if (new_triggers.tcp && new_triggers.tcp->sock)
9893 		sock_release(new_triggers.tcp->sock);
9894 	kfree(new_triggers.tcp);
9895 	kfree(new_triggers.nd_config);
9896 	return err;
9897 }
9898 #endif
9899 
9900 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
9901 				       struct cfg80211_registered_device *rdev)
9902 {
9903 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
9904 	int i, j, pat_len;
9905 	struct cfg80211_coalesce_rules *rule;
9906 
9907 	if (!rdev->coalesce->n_rules)
9908 		return 0;
9909 
9910 	nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
9911 	if (!nl_rules)
9912 		return -ENOBUFS;
9913 
9914 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
9915 		nl_rule = nla_nest_start(msg, i + 1);
9916 		if (!nl_rule)
9917 			return -ENOBUFS;
9918 
9919 		rule = &rdev->coalesce->rules[i];
9920 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
9921 				rule->delay))
9922 			return -ENOBUFS;
9923 
9924 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
9925 				rule->condition))
9926 			return -ENOBUFS;
9927 
9928 		nl_pats = nla_nest_start(msg,
9929 				NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
9930 		if (!nl_pats)
9931 			return -ENOBUFS;
9932 
9933 		for (j = 0; j < rule->n_patterns; j++) {
9934 			nl_pat = nla_nest_start(msg, j + 1);
9935 			if (!nl_pat)
9936 				return -ENOBUFS;
9937 			pat_len = rule->patterns[j].pattern_len;
9938 			if (nla_put(msg, NL80211_PKTPAT_MASK,
9939 				    DIV_ROUND_UP(pat_len, 8),
9940 				    rule->patterns[j].mask) ||
9941 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
9942 				    rule->patterns[j].pattern) ||
9943 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
9944 					rule->patterns[j].pkt_offset))
9945 				return -ENOBUFS;
9946 			nla_nest_end(msg, nl_pat);
9947 		}
9948 		nla_nest_end(msg, nl_pats);
9949 		nla_nest_end(msg, nl_rule);
9950 	}
9951 	nla_nest_end(msg, nl_rules);
9952 
9953 	return 0;
9954 }
9955 
9956 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
9957 {
9958 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9959 	struct sk_buff *msg;
9960 	void *hdr;
9961 
9962 	if (!rdev->wiphy.coalesce)
9963 		return -EOPNOTSUPP;
9964 
9965 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9966 	if (!msg)
9967 		return -ENOMEM;
9968 
9969 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9970 			     NL80211_CMD_GET_COALESCE);
9971 	if (!hdr)
9972 		goto nla_put_failure;
9973 
9974 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
9975 		goto nla_put_failure;
9976 
9977 	genlmsg_end(msg, hdr);
9978 	return genlmsg_reply(msg, info);
9979 
9980 nla_put_failure:
9981 	nlmsg_free(msg);
9982 	return -ENOBUFS;
9983 }
9984 
9985 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
9986 {
9987 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
9988 	int i, j;
9989 	struct cfg80211_coalesce_rules *rule;
9990 
9991 	if (!coalesce)
9992 		return;
9993 
9994 	for (i = 0; i < coalesce->n_rules; i++) {
9995 		rule = &coalesce->rules[i];
9996 		for (j = 0; j < rule->n_patterns; j++)
9997 			kfree(rule->patterns[j].mask);
9998 		kfree(rule->patterns);
9999 	}
10000 	kfree(coalesce->rules);
10001 	kfree(coalesce);
10002 	rdev->coalesce = NULL;
10003 }
10004 
10005 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
10006 				       struct nlattr *rule,
10007 				       struct cfg80211_coalesce_rules *new_rule)
10008 {
10009 	int err, i;
10010 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10011 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
10012 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
10013 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
10014 
10015 	err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
10016 			nla_len(rule), nl80211_coalesce_policy);
10017 	if (err)
10018 		return err;
10019 
10020 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
10021 		new_rule->delay =
10022 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
10023 	if (new_rule->delay > coalesce->max_delay)
10024 		return -EINVAL;
10025 
10026 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
10027 		new_rule->condition =
10028 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
10029 	if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
10030 	    new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
10031 		return -EINVAL;
10032 
10033 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
10034 		return -EINVAL;
10035 
10036 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10037 			    rem)
10038 		n_patterns++;
10039 	if (n_patterns > coalesce->n_patterns)
10040 		return -EINVAL;
10041 
10042 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
10043 				     GFP_KERNEL);
10044 	if (!new_rule->patterns)
10045 		return -ENOMEM;
10046 
10047 	new_rule->n_patterns = n_patterns;
10048 	i = 0;
10049 
10050 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10051 			    rem) {
10052 		u8 *mask_pat;
10053 
10054 		nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
10055 			  nla_len(pat), NULL);
10056 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
10057 		    !pat_tb[NL80211_PKTPAT_PATTERN])
10058 			return -EINVAL;
10059 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
10060 		mask_len = DIV_ROUND_UP(pat_len, 8);
10061 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
10062 			return -EINVAL;
10063 		if (pat_len > coalesce->pattern_max_len ||
10064 		    pat_len < coalesce->pattern_min_len)
10065 			return -EINVAL;
10066 
10067 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
10068 			pkt_offset = 0;
10069 		else
10070 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
10071 		if (pkt_offset > coalesce->max_pkt_offset)
10072 			return -EINVAL;
10073 		new_rule->patterns[i].pkt_offset = pkt_offset;
10074 
10075 		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
10076 		if (!mask_pat)
10077 			return -ENOMEM;
10078 
10079 		new_rule->patterns[i].mask = mask_pat;
10080 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
10081 		       mask_len);
10082 
10083 		mask_pat += mask_len;
10084 		new_rule->patterns[i].pattern = mask_pat;
10085 		new_rule->patterns[i].pattern_len = pat_len;
10086 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
10087 		       pat_len);
10088 		i++;
10089 	}
10090 
10091 	return 0;
10092 }
10093 
10094 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
10095 {
10096 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10097 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10098 	struct cfg80211_coalesce new_coalesce = {};
10099 	struct cfg80211_coalesce *n_coalesce;
10100 	int err, rem_rule, n_rules = 0, i, j;
10101 	struct nlattr *rule;
10102 	struct cfg80211_coalesce_rules *tmp_rule;
10103 
10104 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
10105 		return -EOPNOTSUPP;
10106 
10107 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
10108 		cfg80211_rdev_free_coalesce(rdev);
10109 		rdev_set_coalesce(rdev, NULL);
10110 		return 0;
10111 	}
10112 
10113 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10114 			    rem_rule)
10115 		n_rules++;
10116 	if (n_rules > coalesce->n_rules)
10117 		return -EINVAL;
10118 
10119 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
10120 				     GFP_KERNEL);
10121 	if (!new_coalesce.rules)
10122 		return -ENOMEM;
10123 
10124 	new_coalesce.n_rules = n_rules;
10125 	i = 0;
10126 
10127 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10128 			    rem_rule) {
10129 		err = nl80211_parse_coalesce_rule(rdev, rule,
10130 						  &new_coalesce.rules[i]);
10131 		if (err)
10132 			goto error;
10133 
10134 		i++;
10135 	}
10136 
10137 	err = rdev_set_coalesce(rdev, &new_coalesce);
10138 	if (err)
10139 		goto error;
10140 
10141 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
10142 	if (!n_coalesce) {
10143 		err = -ENOMEM;
10144 		goto error;
10145 	}
10146 	cfg80211_rdev_free_coalesce(rdev);
10147 	rdev->coalesce = n_coalesce;
10148 
10149 	return 0;
10150 error:
10151 	for (i = 0; i < new_coalesce.n_rules; i++) {
10152 		tmp_rule = &new_coalesce.rules[i];
10153 		for (j = 0; j < tmp_rule->n_patterns; j++)
10154 			kfree(tmp_rule->patterns[j].mask);
10155 		kfree(tmp_rule->patterns);
10156 	}
10157 	kfree(new_coalesce.rules);
10158 
10159 	return err;
10160 }
10161 
10162 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
10163 {
10164 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10165 	struct net_device *dev = info->user_ptr[1];
10166 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10167 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
10168 	struct cfg80211_gtk_rekey_data rekey_data;
10169 	int err;
10170 
10171 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
10172 		return -EINVAL;
10173 
10174 	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
10175 			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
10176 			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
10177 			nl80211_rekey_policy);
10178 	if (err)
10179 		return err;
10180 
10181 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
10182 		return -ERANGE;
10183 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
10184 		return -ERANGE;
10185 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
10186 		return -ERANGE;
10187 
10188 	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
10189 	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
10190 	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
10191 
10192 	wdev_lock(wdev);
10193 	if (!wdev->current_bss) {
10194 		err = -ENOTCONN;
10195 		goto out;
10196 	}
10197 
10198 	if (!rdev->ops->set_rekey_data) {
10199 		err = -EOPNOTSUPP;
10200 		goto out;
10201 	}
10202 
10203 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
10204  out:
10205 	wdev_unlock(wdev);
10206 	return err;
10207 }
10208 
10209 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
10210 					     struct genl_info *info)
10211 {
10212 	struct net_device *dev = info->user_ptr[1];
10213 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10214 
10215 	if (wdev->iftype != NL80211_IFTYPE_AP &&
10216 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
10217 		return -EINVAL;
10218 
10219 	if (wdev->ap_unexpected_nlportid)
10220 		return -EBUSY;
10221 
10222 	wdev->ap_unexpected_nlportid = info->snd_portid;
10223 	return 0;
10224 }
10225 
10226 static int nl80211_probe_client(struct sk_buff *skb,
10227 				struct genl_info *info)
10228 {
10229 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10230 	struct net_device *dev = info->user_ptr[1];
10231 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10232 	struct sk_buff *msg;
10233 	void *hdr;
10234 	const u8 *addr;
10235 	u64 cookie;
10236 	int err;
10237 
10238 	if (wdev->iftype != NL80211_IFTYPE_AP &&
10239 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
10240 		return -EOPNOTSUPP;
10241 
10242 	if (!info->attrs[NL80211_ATTR_MAC])
10243 		return -EINVAL;
10244 
10245 	if (!rdev->ops->probe_client)
10246 		return -EOPNOTSUPP;
10247 
10248 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10249 	if (!msg)
10250 		return -ENOMEM;
10251 
10252 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10253 			     NL80211_CMD_PROBE_CLIENT);
10254 	if (!hdr) {
10255 		err = -ENOBUFS;
10256 		goto free_msg;
10257 	}
10258 
10259 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10260 
10261 	err = rdev_probe_client(rdev, dev, addr, &cookie);
10262 	if (err)
10263 		goto free_msg;
10264 
10265 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10266 			      NL80211_ATTR_PAD))
10267 		goto nla_put_failure;
10268 
10269 	genlmsg_end(msg, hdr);
10270 
10271 	return genlmsg_reply(msg, info);
10272 
10273  nla_put_failure:
10274 	err = -ENOBUFS;
10275  free_msg:
10276 	nlmsg_free(msg);
10277 	return err;
10278 }
10279 
10280 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
10281 {
10282 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10283 	struct cfg80211_beacon_registration *reg, *nreg;
10284 	int rv;
10285 
10286 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
10287 		return -EOPNOTSUPP;
10288 
10289 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
10290 	if (!nreg)
10291 		return -ENOMEM;
10292 
10293 	/* First, check if already registered. */
10294 	spin_lock_bh(&rdev->beacon_registrations_lock);
10295 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
10296 		if (reg->nlportid == info->snd_portid) {
10297 			rv = -EALREADY;
10298 			goto out_err;
10299 		}
10300 	}
10301 	/* Add it to the list */
10302 	nreg->nlportid = info->snd_portid;
10303 	list_add(&nreg->list, &rdev->beacon_registrations);
10304 
10305 	spin_unlock_bh(&rdev->beacon_registrations_lock);
10306 
10307 	return 0;
10308 out_err:
10309 	spin_unlock_bh(&rdev->beacon_registrations_lock);
10310 	kfree(nreg);
10311 	return rv;
10312 }
10313 
10314 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
10315 {
10316 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10317 	struct wireless_dev *wdev = info->user_ptr[1];
10318 	int err;
10319 
10320 	if (!rdev->ops->start_p2p_device)
10321 		return -EOPNOTSUPP;
10322 
10323 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
10324 		return -EOPNOTSUPP;
10325 
10326 	if (wdev->p2p_started)
10327 		return 0;
10328 
10329 	if (rfkill_blocked(rdev->rfkill))
10330 		return -ERFKILL;
10331 
10332 	err = rdev_start_p2p_device(rdev, wdev);
10333 	if (err)
10334 		return err;
10335 
10336 	wdev->p2p_started = true;
10337 	rdev->opencount++;
10338 
10339 	return 0;
10340 }
10341 
10342 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
10343 {
10344 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10345 	struct wireless_dev *wdev = info->user_ptr[1];
10346 
10347 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
10348 		return -EOPNOTSUPP;
10349 
10350 	if (!rdev->ops->stop_p2p_device)
10351 		return -EOPNOTSUPP;
10352 
10353 	cfg80211_stop_p2p_device(rdev, wdev);
10354 
10355 	return 0;
10356 }
10357 
10358 static int nl80211_get_protocol_features(struct sk_buff *skb,
10359 					 struct genl_info *info)
10360 {
10361 	void *hdr;
10362 	struct sk_buff *msg;
10363 
10364 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10365 	if (!msg)
10366 		return -ENOMEM;
10367 
10368 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10369 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
10370 	if (!hdr)
10371 		goto nla_put_failure;
10372 
10373 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
10374 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
10375 		goto nla_put_failure;
10376 
10377 	genlmsg_end(msg, hdr);
10378 	return genlmsg_reply(msg, info);
10379 
10380  nla_put_failure:
10381 	kfree_skb(msg);
10382 	return -ENOBUFS;
10383 }
10384 
10385 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
10386 {
10387 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10388 	struct cfg80211_update_ft_ies_params ft_params;
10389 	struct net_device *dev = info->user_ptr[1];
10390 
10391 	if (!rdev->ops->update_ft_ies)
10392 		return -EOPNOTSUPP;
10393 
10394 	if (!info->attrs[NL80211_ATTR_MDID] ||
10395 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
10396 		return -EINVAL;
10397 
10398 	memset(&ft_params, 0, sizeof(ft_params));
10399 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
10400 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10401 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10402 
10403 	return rdev_update_ft_ies(rdev, dev, &ft_params);
10404 }
10405 
10406 static int nl80211_crit_protocol_start(struct sk_buff *skb,
10407 				       struct genl_info *info)
10408 {
10409 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10410 	struct wireless_dev *wdev = info->user_ptr[1];
10411 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
10412 	u16 duration;
10413 	int ret;
10414 
10415 	if (!rdev->ops->crit_proto_start)
10416 		return -EOPNOTSUPP;
10417 
10418 	if (WARN_ON(!rdev->ops->crit_proto_stop))
10419 		return -EINVAL;
10420 
10421 	if (rdev->crit_proto_nlportid)
10422 		return -EBUSY;
10423 
10424 	/* determine protocol if provided */
10425 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
10426 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
10427 
10428 	if (proto >= NUM_NL80211_CRIT_PROTO)
10429 		return -EINVAL;
10430 
10431 	/* timeout must be provided */
10432 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
10433 		return -EINVAL;
10434 
10435 	duration =
10436 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
10437 
10438 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
10439 		return -ERANGE;
10440 
10441 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
10442 	if (!ret)
10443 		rdev->crit_proto_nlportid = info->snd_portid;
10444 
10445 	return ret;
10446 }
10447 
10448 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
10449 				      struct genl_info *info)
10450 {
10451 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10452 	struct wireless_dev *wdev = info->user_ptr[1];
10453 
10454 	if (!rdev->ops->crit_proto_stop)
10455 		return -EOPNOTSUPP;
10456 
10457 	if (rdev->crit_proto_nlportid) {
10458 		rdev->crit_proto_nlportid = 0;
10459 		rdev_crit_proto_stop(rdev, wdev);
10460 	}
10461 	return 0;
10462 }
10463 
10464 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
10465 {
10466 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10467 	struct wireless_dev *wdev =
10468 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
10469 	int i, err;
10470 	u32 vid, subcmd;
10471 
10472 	if (!rdev->wiphy.vendor_commands)
10473 		return -EOPNOTSUPP;
10474 
10475 	if (IS_ERR(wdev)) {
10476 		err = PTR_ERR(wdev);
10477 		if (err != -EINVAL)
10478 			return err;
10479 		wdev = NULL;
10480 	} else if (wdev->wiphy != &rdev->wiphy) {
10481 		return -EINVAL;
10482 	}
10483 
10484 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
10485 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
10486 		return -EINVAL;
10487 
10488 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
10489 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
10490 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
10491 		const struct wiphy_vendor_command *vcmd;
10492 		void *data = NULL;
10493 		int len = 0;
10494 
10495 		vcmd = &rdev->wiphy.vendor_commands[i];
10496 
10497 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
10498 			continue;
10499 
10500 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
10501 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
10502 			if (!wdev)
10503 				return -EINVAL;
10504 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
10505 			    !wdev->netdev)
10506 				return -EINVAL;
10507 
10508 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
10509 				if (wdev->netdev &&
10510 				    !netif_running(wdev->netdev))
10511 					return -ENETDOWN;
10512 				if (!wdev->netdev && !wdev->p2p_started)
10513 					return -ENETDOWN;
10514 			}
10515 
10516 			if (!vcmd->doit)
10517 				return -EOPNOTSUPP;
10518 		} else {
10519 			wdev = NULL;
10520 		}
10521 
10522 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
10523 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
10524 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
10525 		}
10526 
10527 		rdev->cur_cmd_info = info;
10528 		err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
10529 							  data, len);
10530 		rdev->cur_cmd_info = NULL;
10531 		return err;
10532 	}
10533 
10534 	return -EOPNOTSUPP;
10535 }
10536 
10537 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
10538 				       struct netlink_callback *cb,
10539 				       struct cfg80211_registered_device **rdev,
10540 				       struct wireless_dev **wdev)
10541 {
10542 	u32 vid, subcmd;
10543 	unsigned int i;
10544 	int vcmd_idx = -1;
10545 	int err;
10546 	void *data = NULL;
10547 	unsigned int data_len = 0;
10548 
10549 	rtnl_lock();
10550 
10551 	if (cb->args[0]) {
10552 		/* subtract the 1 again here */
10553 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
10554 		struct wireless_dev *tmp;
10555 
10556 		if (!wiphy) {
10557 			err = -ENODEV;
10558 			goto out_unlock;
10559 		}
10560 		*rdev = wiphy_to_rdev(wiphy);
10561 		*wdev = NULL;
10562 
10563 		if (cb->args[1]) {
10564 			list_for_each_entry(tmp, &wiphy->wdev_list, list) {
10565 				if (tmp->identifier == cb->args[1] - 1) {
10566 					*wdev = tmp;
10567 					break;
10568 				}
10569 			}
10570 		}
10571 
10572 		/* keep rtnl locked in successful case */
10573 		return 0;
10574 	}
10575 
10576 	err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
10577 			  nl80211_fam.attrbuf, nl80211_fam.maxattr,
10578 			  nl80211_policy);
10579 	if (err)
10580 		goto out_unlock;
10581 
10582 	if (!nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_ID] ||
10583 	    !nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
10584 		err = -EINVAL;
10585 		goto out_unlock;
10586 	}
10587 
10588 	*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
10589 					   nl80211_fam.attrbuf);
10590 	if (IS_ERR(*wdev))
10591 		*wdev = NULL;
10592 
10593 	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
10594 					   nl80211_fam.attrbuf);
10595 	if (IS_ERR(*rdev)) {
10596 		err = PTR_ERR(*rdev);
10597 		goto out_unlock;
10598 	}
10599 
10600 	vid = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_ID]);
10601 	subcmd = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
10602 
10603 	for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
10604 		const struct wiphy_vendor_command *vcmd;
10605 
10606 		vcmd = &(*rdev)->wiphy.vendor_commands[i];
10607 
10608 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
10609 			continue;
10610 
10611 		if (!vcmd->dumpit) {
10612 			err = -EOPNOTSUPP;
10613 			goto out_unlock;
10614 		}
10615 
10616 		vcmd_idx = i;
10617 		break;
10618 	}
10619 
10620 	if (vcmd_idx < 0) {
10621 		err = -EOPNOTSUPP;
10622 		goto out_unlock;
10623 	}
10624 
10625 	if (nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]) {
10626 		data = nla_data(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]);
10627 		data_len = nla_len(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]);
10628 	}
10629 
10630 	/* 0 is the first index - add 1 to parse only once */
10631 	cb->args[0] = (*rdev)->wiphy_idx + 1;
10632 	/* add 1 to know if it was NULL */
10633 	cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
10634 	cb->args[2] = vcmd_idx;
10635 	cb->args[3] = (unsigned long)data;
10636 	cb->args[4] = data_len;
10637 
10638 	/* keep rtnl locked in successful case */
10639 	return 0;
10640  out_unlock:
10641 	rtnl_unlock();
10642 	return err;
10643 }
10644 
10645 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
10646 				   struct netlink_callback *cb)
10647 {
10648 	struct cfg80211_registered_device *rdev;
10649 	struct wireless_dev *wdev;
10650 	unsigned int vcmd_idx;
10651 	const struct wiphy_vendor_command *vcmd;
10652 	void *data;
10653 	int data_len;
10654 	int err;
10655 	struct nlattr *vendor_data;
10656 
10657 	err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
10658 	if (err)
10659 		return err;
10660 
10661 	vcmd_idx = cb->args[2];
10662 	data = (void *)cb->args[3];
10663 	data_len = cb->args[4];
10664 	vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
10665 
10666 	if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
10667 			   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
10668 		if (!wdev)
10669 			return -EINVAL;
10670 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
10671 		    !wdev->netdev)
10672 			return -EINVAL;
10673 
10674 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
10675 			if (wdev->netdev &&
10676 			    !netif_running(wdev->netdev))
10677 				return -ENETDOWN;
10678 			if (!wdev->netdev && !wdev->p2p_started)
10679 				return -ENETDOWN;
10680 		}
10681 	}
10682 
10683 	while (1) {
10684 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
10685 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
10686 					   NL80211_CMD_VENDOR);
10687 		if (!hdr)
10688 			break;
10689 
10690 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10691 		    (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
10692 					       wdev_id(wdev),
10693 					       NL80211_ATTR_PAD))) {
10694 			genlmsg_cancel(skb, hdr);
10695 			break;
10696 		}
10697 
10698 		vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
10699 		if (!vendor_data) {
10700 			genlmsg_cancel(skb, hdr);
10701 			break;
10702 		}
10703 
10704 		err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
10705 				   (unsigned long *)&cb->args[5]);
10706 		nla_nest_end(skb, vendor_data);
10707 
10708 		if (err == -ENOBUFS || err == -ENOENT) {
10709 			genlmsg_cancel(skb, hdr);
10710 			break;
10711 		} else if (err) {
10712 			genlmsg_cancel(skb, hdr);
10713 			goto out;
10714 		}
10715 
10716 		genlmsg_end(skb, hdr);
10717 	}
10718 
10719 	err = skb->len;
10720  out:
10721 	rtnl_unlock();
10722 	return err;
10723 }
10724 
10725 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
10726 					   enum nl80211_commands cmd,
10727 					   enum nl80211_attrs attr,
10728 					   int approxlen)
10729 {
10730 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10731 
10732 	if (WARN_ON(!rdev->cur_cmd_info))
10733 		return NULL;
10734 
10735 	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
10736 					   rdev->cur_cmd_info->snd_portid,
10737 					   rdev->cur_cmd_info->snd_seq,
10738 					   cmd, attr, NULL, GFP_KERNEL);
10739 }
10740 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
10741 
10742 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
10743 {
10744 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
10745 	void *hdr = ((void **)skb->cb)[1];
10746 	struct nlattr *data = ((void **)skb->cb)[2];
10747 
10748 	/* clear CB data for netlink core to own from now on */
10749 	memset(skb->cb, 0, sizeof(skb->cb));
10750 
10751 	if (WARN_ON(!rdev->cur_cmd_info)) {
10752 		kfree_skb(skb);
10753 		return -EINVAL;
10754 	}
10755 
10756 	nla_nest_end(skb, data);
10757 	genlmsg_end(skb, hdr);
10758 	return genlmsg_reply(skb, rdev->cur_cmd_info);
10759 }
10760 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
10761 
10762 static int nl80211_set_qos_map(struct sk_buff *skb,
10763 			       struct genl_info *info)
10764 {
10765 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10766 	struct cfg80211_qos_map *qos_map = NULL;
10767 	struct net_device *dev = info->user_ptr[1];
10768 	u8 *pos, len, num_des, des_len, des;
10769 	int ret;
10770 
10771 	if (!rdev->ops->set_qos_map)
10772 		return -EOPNOTSUPP;
10773 
10774 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
10775 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
10776 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
10777 
10778 		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
10779 		    len > IEEE80211_QOS_MAP_LEN_MAX)
10780 			return -EINVAL;
10781 
10782 		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
10783 		if (!qos_map)
10784 			return -ENOMEM;
10785 
10786 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
10787 		if (num_des) {
10788 			des_len = num_des *
10789 				sizeof(struct cfg80211_dscp_exception);
10790 			memcpy(qos_map->dscp_exception, pos, des_len);
10791 			qos_map->num_des = num_des;
10792 			for (des = 0; des < num_des; des++) {
10793 				if (qos_map->dscp_exception[des].up > 7) {
10794 					kfree(qos_map);
10795 					return -EINVAL;
10796 				}
10797 			}
10798 			pos += des_len;
10799 		}
10800 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
10801 	}
10802 
10803 	wdev_lock(dev->ieee80211_ptr);
10804 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
10805 	if (!ret)
10806 		ret = rdev_set_qos_map(rdev, dev, qos_map);
10807 	wdev_unlock(dev->ieee80211_ptr);
10808 
10809 	kfree(qos_map);
10810 	return ret;
10811 }
10812 
10813 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
10814 {
10815 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10816 	struct net_device *dev = info->user_ptr[1];
10817 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10818 	const u8 *peer;
10819 	u8 tsid, up;
10820 	u16 admitted_time = 0;
10821 	int err;
10822 
10823 	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
10824 		return -EOPNOTSUPP;
10825 
10826 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
10827 	    !info->attrs[NL80211_ATTR_USER_PRIO])
10828 		return -EINVAL;
10829 
10830 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
10831 	if (tsid >= IEEE80211_NUM_TIDS)
10832 		return -EINVAL;
10833 
10834 	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
10835 	if (up >= IEEE80211_NUM_UPS)
10836 		return -EINVAL;
10837 
10838 	/* WMM uses TIDs 0-7 even for TSPEC */
10839 	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
10840 		/* TODO: handle 802.11 TSPEC/admission control
10841 		 * need more attributes for that (e.g. BA session requirement);
10842 		 * change the WMM adminssion test above to allow both then
10843 		 */
10844 		return -EINVAL;
10845 	}
10846 
10847 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10848 
10849 	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
10850 		admitted_time =
10851 			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
10852 		if (!admitted_time)
10853 			return -EINVAL;
10854 	}
10855 
10856 	wdev_lock(wdev);
10857 	switch (wdev->iftype) {
10858 	case NL80211_IFTYPE_STATION:
10859 	case NL80211_IFTYPE_P2P_CLIENT:
10860 		if (wdev->current_bss)
10861 			break;
10862 		err = -ENOTCONN;
10863 		goto out;
10864 	default:
10865 		err = -EOPNOTSUPP;
10866 		goto out;
10867 	}
10868 
10869 	err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
10870 
10871  out:
10872 	wdev_unlock(wdev);
10873 	return err;
10874 }
10875 
10876 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
10877 {
10878 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10879 	struct net_device *dev = info->user_ptr[1];
10880 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10881 	const u8 *peer;
10882 	u8 tsid;
10883 	int err;
10884 
10885 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
10886 		return -EINVAL;
10887 
10888 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
10889 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10890 
10891 	wdev_lock(wdev);
10892 	err = rdev_del_tx_ts(rdev, dev, tsid, peer);
10893 	wdev_unlock(wdev);
10894 
10895 	return err;
10896 }
10897 
10898 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
10899 				       struct genl_info *info)
10900 {
10901 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10902 	struct net_device *dev = info->user_ptr[1];
10903 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10904 	struct cfg80211_chan_def chandef = {};
10905 	const u8 *addr;
10906 	u8 oper_class;
10907 	int err;
10908 
10909 	if (!rdev->ops->tdls_channel_switch ||
10910 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
10911 		return -EOPNOTSUPP;
10912 
10913 	switch (dev->ieee80211_ptr->iftype) {
10914 	case NL80211_IFTYPE_STATION:
10915 	case NL80211_IFTYPE_P2P_CLIENT:
10916 		break;
10917 	default:
10918 		return -EOPNOTSUPP;
10919 	}
10920 
10921 	if (!info->attrs[NL80211_ATTR_MAC] ||
10922 	    !info->attrs[NL80211_ATTR_OPER_CLASS])
10923 		return -EINVAL;
10924 
10925 	err = nl80211_parse_chandef(rdev, info, &chandef);
10926 	if (err)
10927 		return err;
10928 
10929 	/*
10930 	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
10931 	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
10932 	 * specification is not defined for them.
10933 	 */
10934 	if (chandef.chan->band == NL80211_BAND_2GHZ &&
10935 	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
10936 	    chandef.width != NL80211_CHAN_WIDTH_20)
10937 		return -EINVAL;
10938 
10939 	/* we will be active on the TDLS link */
10940 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
10941 					   wdev->iftype))
10942 		return -EINVAL;
10943 
10944 	/* don't allow switching to DFS channels */
10945 	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
10946 		return -EINVAL;
10947 
10948 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10949 	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
10950 
10951 	wdev_lock(wdev);
10952 	err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
10953 	wdev_unlock(wdev);
10954 
10955 	return err;
10956 }
10957 
10958 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
10959 					      struct genl_info *info)
10960 {
10961 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10962 	struct net_device *dev = info->user_ptr[1];
10963 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10964 	const u8 *addr;
10965 
10966 	if (!rdev->ops->tdls_channel_switch ||
10967 	    !rdev->ops->tdls_cancel_channel_switch ||
10968 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
10969 		return -EOPNOTSUPP;
10970 
10971 	switch (dev->ieee80211_ptr->iftype) {
10972 	case NL80211_IFTYPE_STATION:
10973 	case NL80211_IFTYPE_P2P_CLIENT:
10974 		break;
10975 	default:
10976 		return -EOPNOTSUPP;
10977 	}
10978 
10979 	if (!info->attrs[NL80211_ATTR_MAC])
10980 		return -EINVAL;
10981 
10982 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10983 
10984 	wdev_lock(wdev);
10985 	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
10986 	wdev_unlock(wdev);
10987 
10988 	return 0;
10989 }
10990 
10991 #define NL80211_FLAG_NEED_WIPHY		0x01
10992 #define NL80211_FLAG_NEED_NETDEV	0x02
10993 #define NL80211_FLAG_NEED_RTNL		0x04
10994 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
10995 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
10996 					 NL80211_FLAG_CHECK_NETDEV_UP)
10997 #define NL80211_FLAG_NEED_WDEV		0x10
10998 /* If a netdev is associated, it must be UP, P2P must be started */
10999 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
11000 					 NL80211_FLAG_CHECK_NETDEV_UP)
11001 #define NL80211_FLAG_CLEAR_SKB		0x20
11002 
11003 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
11004 			    struct genl_info *info)
11005 {
11006 	struct cfg80211_registered_device *rdev;
11007 	struct wireless_dev *wdev;
11008 	struct net_device *dev;
11009 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
11010 
11011 	if (rtnl)
11012 		rtnl_lock();
11013 
11014 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
11015 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
11016 		if (IS_ERR(rdev)) {
11017 			if (rtnl)
11018 				rtnl_unlock();
11019 			return PTR_ERR(rdev);
11020 		}
11021 		info->user_ptr[0] = rdev;
11022 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
11023 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
11024 		ASSERT_RTNL();
11025 
11026 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
11027 						  info->attrs);
11028 		if (IS_ERR(wdev)) {
11029 			if (rtnl)
11030 				rtnl_unlock();
11031 			return PTR_ERR(wdev);
11032 		}
11033 
11034 		dev = wdev->netdev;
11035 		rdev = wiphy_to_rdev(wdev->wiphy);
11036 
11037 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
11038 			if (!dev) {
11039 				if (rtnl)
11040 					rtnl_unlock();
11041 				return -EINVAL;
11042 			}
11043 
11044 			info->user_ptr[1] = dev;
11045 		} else {
11046 			info->user_ptr[1] = wdev;
11047 		}
11048 
11049 		if (dev) {
11050 			if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
11051 			    !netif_running(dev)) {
11052 				if (rtnl)
11053 					rtnl_unlock();
11054 				return -ENETDOWN;
11055 			}
11056 
11057 			dev_hold(dev);
11058 		} else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
11059 			if (!wdev->p2p_started) {
11060 				if (rtnl)
11061 					rtnl_unlock();
11062 				return -ENETDOWN;
11063 			}
11064 		}
11065 
11066 		info->user_ptr[0] = rdev;
11067 	}
11068 
11069 	return 0;
11070 }
11071 
11072 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
11073 			      struct genl_info *info)
11074 {
11075 	if (info->user_ptr[1]) {
11076 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
11077 			struct wireless_dev *wdev = info->user_ptr[1];
11078 
11079 			if (wdev->netdev)
11080 				dev_put(wdev->netdev);
11081 		} else {
11082 			dev_put(info->user_ptr[1]);
11083 		}
11084 	}
11085 
11086 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
11087 		rtnl_unlock();
11088 
11089 	/* If needed, clear the netlink message payload from the SKB
11090 	 * as it might contain key data that shouldn't stick around on
11091 	 * the heap after the SKB is freed. The netlink message header
11092 	 * is still needed for further processing, so leave it intact.
11093 	 */
11094 	if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
11095 		struct nlmsghdr *nlh = nlmsg_hdr(skb);
11096 
11097 		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
11098 	}
11099 }
11100 
11101 static const struct genl_ops nl80211_ops[] = {
11102 	{
11103 		.cmd = NL80211_CMD_GET_WIPHY,
11104 		.doit = nl80211_get_wiphy,
11105 		.dumpit = nl80211_dump_wiphy,
11106 		.done = nl80211_dump_wiphy_done,
11107 		.policy = nl80211_policy,
11108 		/* can be retrieved by unprivileged users */
11109 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11110 				  NL80211_FLAG_NEED_RTNL,
11111 	},
11112 	{
11113 		.cmd = NL80211_CMD_SET_WIPHY,
11114 		.doit = nl80211_set_wiphy,
11115 		.policy = nl80211_policy,
11116 		.flags = GENL_UNS_ADMIN_PERM,
11117 		.internal_flags = NL80211_FLAG_NEED_RTNL,
11118 	},
11119 	{
11120 		.cmd = NL80211_CMD_GET_INTERFACE,
11121 		.doit = nl80211_get_interface,
11122 		.dumpit = nl80211_dump_interface,
11123 		.policy = nl80211_policy,
11124 		/* can be retrieved by unprivileged users */
11125 		.internal_flags = NL80211_FLAG_NEED_WDEV |
11126 				  NL80211_FLAG_NEED_RTNL,
11127 	},
11128 	{
11129 		.cmd = NL80211_CMD_SET_INTERFACE,
11130 		.doit = nl80211_set_interface,
11131 		.policy = nl80211_policy,
11132 		.flags = GENL_UNS_ADMIN_PERM,
11133 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11134 				  NL80211_FLAG_NEED_RTNL,
11135 	},
11136 	{
11137 		.cmd = NL80211_CMD_NEW_INTERFACE,
11138 		.doit = nl80211_new_interface,
11139 		.policy = nl80211_policy,
11140 		.flags = GENL_UNS_ADMIN_PERM,
11141 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11142 				  NL80211_FLAG_NEED_RTNL,
11143 	},
11144 	{
11145 		.cmd = NL80211_CMD_DEL_INTERFACE,
11146 		.doit = nl80211_del_interface,
11147 		.policy = nl80211_policy,
11148 		.flags = GENL_UNS_ADMIN_PERM,
11149 		.internal_flags = NL80211_FLAG_NEED_WDEV |
11150 				  NL80211_FLAG_NEED_RTNL,
11151 	},
11152 	{
11153 		.cmd = NL80211_CMD_GET_KEY,
11154 		.doit = nl80211_get_key,
11155 		.policy = nl80211_policy,
11156 		.flags = GENL_UNS_ADMIN_PERM,
11157 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11158 				  NL80211_FLAG_NEED_RTNL,
11159 	},
11160 	{
11161 		.cmd = NL80211_CMD_SET_KEY,
11162 		.doit = nl80211_set_key,
11163 		.policy = nl80211_policy,
11164 		.flags = GENL_UNS_ADMIN_PERM,
11165 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11166 				  NL80211_FLAG_NEED_RTNL |
11167 				  NL80211_FLAG_CLEAR_SKB,
11168 	},
11169 	{
11170 		.cmd = NL80211_CMD_NEW_KEY,
11171 		.doit = nl80211_new_key,
11172 		.policy = nl80211_policy,
11173 		.flags = GENL_UNS_ADMIN_PERM,
11174 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11175 				  NL80211_FLAG_NEED_RTNL |
11176 				  NL80211_FLAG_CLEAR_SKB,
11177 	},
11178 	{
11179 		.cmd = NL80211_CMD_DEL_KEY,
11180 		.doit = nl80211_del_key,
11181 		.policy = nl80211_policy,
11182 		.flags = GENL_UNS_ADMIN_PERM,
11183 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11184 				  NL80211_FLAG_NEED_RTNL,
11185 	},
11186 	{
11187 		.cmd = NL80211_CMD_SET_BEACON,
11188 		.policy = nl80211_policy,
11189 		.flags = GENL_UNS_ADMIN_PERM,
11190 		.doit = nl80211_set_beacon,
11191 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11192 				  NL80211_FLAG_NEED_RTNL,
11193 	},
11194 	{
11195 		.cmd = NL80211_CMD_START_AP,
11196 		.policy = nl80211_policy,
11197 		.flags = GENL_UNS_ADMIN_PERM,
11198 		.doit = nl80211_start_ap,
11199 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11200 				  NL80211_FLAG_NEED_RTNL,
11201 	},
11202 	{
11203 		.cmd = NL80211_CMD_STOP_AP,
11204 		.policy = nl80211_policy,
11205 		.flags = GENL_UNS_ADMIN_PERM,
11206 		.doit = nl80211_stop_ap,
11207 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11208 				  NL80211_FLAG_NEED_RTNL,
11209 	},
11210 	{
11211 		.cmd = NL80211_CMD_GET_STATION,
11212 		.doit = nl80211_get_station,
11213 		.dumpit = nl80211_dump_station,
11214 		.policy = nl80211_policy,
11215 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11216 				  NL80211_FLAG_NEED_RTNL,
11217 	},
11218 	{
11219 		.cmd = NL80211_CMD_SET_STATION,
11220 		.doit = nl80211_set_station,
11221 		.policy = nl80211_policy,
11222 		.flags = GENL_UNS_ADMIN_PERM,
11223 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11224 				  NL80211_FLAG_NEED_RTNL,
11225 	},
11226 	{
11227 		.cmd = NL80211_CMD_NEW_STATION,
11228 		.doit = nl80211_new_station,
11229 		.policy = nl80211_policy,
11230 		.flags = GENL_UNS_ADMIN_PERM,
11231 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11232 				  NL80211_FLAG_NEED_RTNL,
11233 	},
11234 	{
11235 		.cmd = NL80211_CMD_DEL_STATION,
11236 		.doit = nl80211_del_station,
11237 		.policy = nl80211_policy,
11238 		.flags = GENL_UNS_ADMIN_PERM,
11239 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11240 				  NL80211_FLAG_NEED_RTNL,
11241 	},
11242 	{
11243 		.cmd = NL80211_CMD_GET_MPATH,
11244 		.doit = nl80211_get_mpath,
11245 		.dumpit = nl80211_dump_mpath,
11246 		.policy = nl80211_policy,
11247 		.flags = GENL_UNS_ADMIN_PERM,
11248 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11249 				  NL80211_FLAG_NEED_RTNL,
11250 	},
11251 	{
11252 		.cmd = NL80211_CMD_GET_MPP,
11253 		.doit = nl80211_get_mpp,
11254 		.dumpit = nl80211_dump_mpp,
11255 		.policy = nl80211_policy,
11256 		.flags = GENL_UNS_ADMIN_PERM,
11257 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11258 				  NL80211_FLAG_NEED_RTNL,
11259 	},
11260 	{
11261 		.cmd = NL80211_CMD_SET_MPATH,
11262 		.doit = nl80211_set_mpath,
11263 		.policy = nl80211_policy,
11264 		.flags = GENL_UNS_ADMIN_PERM,
11265 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11266 				  NL80211_FLAG_NEED_RTNL,
11267 	},
11268 	{
11269 		.cmd = NL80211_CMD_NEW_MPATH,
11270 		.doit = nl80211_new_mpath,
11271 		.policy = nl80211_policy,
11272 		.flags = GENL_UNS_ADMIN_PERM,
11273 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11274 				  NL80211_FLAG_NEED_RTNL,
11275 	},
11276 	{
11277 		.cmd = NL80211_CMD_DEL_MPATH,
11278 		.doit = nl80211_del_mpath,
11279 		.policy = nl80211_policy,
11280 		.flags = GENL_UNS_ADMIN_PERM,
11281 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11282 				  NL80211_FLAG_NEED_RTNL,
11283 	},
11284 	{
11285 		.cmd = NL80211_CMD_SET_BSS,
11286 		.doit = nl80211_set_bss,
11287 		.policy = nl80211_policy,
11288 		.flags = GENL_UNS_ADMIN_PERM,
11289 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11290 				  NL80211_FLAG_NEED_RTNL,
11291 	},
11292 	{
11293 		.cmd = NL80211_CMD_GET_REG,
11294 		.doit = nl80211_get_reg_do,
11295 		.dumpit = nl80211_get_reg_dump,
11296 		.policy = nl80211_policy,
11297 		.internal_flags = NL80211_FLAG_NEED_RTNL,
11298 		/* can be retrieved by unprivileged users */
11299 	},
11300 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
11301 	{
11302 		.cmd = NL80211_CMD_SET_REG,
11303 		.doit = nl80211_set_reg,
11304 		.policy = nl80211_policy,
11305 		.flags = GENL_ADMIN_PERM,
11306 		.internal_flags = NL80211_FLAG_NEED_RTNL,
11307 	},
11308 #endif
11309 	{
11310 		.cmd = NL80211_CMD_REQ_SET_REG,
11311 		.doit = nl80211_req_set_reg,
11312 		.policy = nl80211_policy,
11313 		.flags = GENL_ADMIN_PERM,
11314 	},
11315 	{
11316 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
11317 		.doit = nl80211_get_mesh_config,
11318 		.policy = nl80211_policy,
11319 		/* can be retrieved by unprivileged users */
11320 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11321 				  NL80211_FLAG_NEED_RTNL,
11322 	},
11323 	{
11324 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
11325 		.doit = nl80211_update_mesh_config,
11326 		.policy = nl80211_policy,
11327 		.flags = GENL_UNS_ADMIN_PERM,
11328 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11329 				  NL80211_FLAG_NEED_RTNL,
11330 	},
11331 	{
11332 		.cmd = NL80211_CMD_TRIGGER_SCAN,
11333 		.doit = nl80211_trigger_scan,
11334 		.policy = nl80211_policy,
11335 		.flags = GENL_UNS_ADMIN_PERM,
11336 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11337 				  NL80211_FLAG_NEED_RTNL,
11338 	},
11339 	{
11340 		.cmd = NL80211_CMD_ABORT_SCAN,
11341 		.doit = nl80211_abort_scan,
11342 		.policy = nl80211_policy,
11343 		.flags = GENL_UNS_ADMIN_PERM,
11344 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11345 				  NL80211_FLAG_NEED_RTNL,
11346 	},
11347 	{
11348 		.cmd = NL80211_CMD_GET_SCAN,
11349 		.policy = nl80211_policy,
11350 		.dumpit = nl80211_dump_scan,
11351 	},
11352 	{
11353 		.cmd = NL80211_CMD_START_SCHED_SCAN,
11354 		.doit = nl80211_start_sched_scan,
11355 		.policy = nl80211_policy,
11356 		.flags = GENL_UNS_ADMIN_PERM,
11357 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11358 				  NL80211_FLAG_NEED_RTNL,
11359 	},
11360 	{
11361 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
11362 		.doit = nl80211_stop_sched_scan,
11363 		.policy = nl80211_policy,
11364 		.flags = GENL_UNS_ADMIN_PERM,
11365 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11366 				  NL80211_FLAG_NEED_RTNL,
11367 	},
11368 	{
11369 		.cmd = NL80211_CMD_AUTHENTICATE,
11370 		.doit = nl80211_authenticate,
11371 		.policy = nl80211_policy,
11372 		.flags = GENL_UNS_ADMIN_PERM,
11373 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11374 				  NL80211_FLAG_NEED_RTNL |
11375 				  NL80211_FLAG_CLEAR_SKB,
11376 	},
11377 	{
11378 		.cmd = NL80211_CMD_ASSOCIATE,
11379 		.doit = nl80211_associate,
11380 		.policy = nl80211_policy,
11381 		.flags = GENL_UNS_ADMIN_PERM,
11382 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11383 				  NL80211_FLAG_NEED_RTNL,
11384 	},
11385 	{
11386 		.cmd = NL80211_CMD_DEAUTHENTICATE,
11387 		.doit = nl80211_deauthenticate,
11388 		.policy = nl80211_policy,
11389 		.flags = GENL_UNS_ADMIN_PERM,
11390 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11391 				  NL80211_FLAG_NEED_RTNL,
11392 	},
11393 	{
11394 		.cmd = NL80211_CMD_DISASSOCIATE,
11395 		.doit = nl80211_disassociate,
11396 		.policy = nl80211_policy,
11397 		.flags = GENL_UNS_ADMIN_PERM,
11398 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11399 				  NL80211_FLAG_NEED_RTNL,
11400 	},
11401 	{
11402 		.cmd = NL80211_CMD_JOIN_IBSS,
11403 		.doit = nl80211_join_ibss,
11404 		.policy = nl80211_policy,
11405 		.flags = GENL_UNS_ADMIN_PERM,
11406 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11407 				  NL80211_FLAG_NEED_RTNL,
11408 	},
11409 	{
11410 		.cmd = NL80211_CMD_LEAVE_IBSS,
11411 		.doit = nl80211_leave_ibss,
11412 		.policy = nl80211_policy,
11413 		.flags = GENL_UNS_ADMIN_PERM,
11414 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11415 				  NL80211_FLAG_NEED_RTNL,
11416 	},
11417 #ifdef CONFIG_NL80211_TESTMODE
11418 	{
11419 		.cmd = NL80211_CMD_TESTMODE,
11420 		.doit = nl80211_testmode_do,
11421 		.dumpit = nl80211_testmode_dump,
11422 		.policy = nl80211_policy,
11423 		.flags = GENL_UNS_ADMIN_PERM,
11424 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11425 				  NL80211_FLAG_NEED_RTNL,
11426 	},
11427 #endif
11428 	{
11429 		.cmd = NL80211_CMD_CONNECT,
11430 		.doit = nl80211_connect,
11431 		.policy = nl80211_policy,
11432 		.flags = GENL_UNS_ADMIN_PERM,
11433 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11434 				  NL80211_FLAG_NEED_RTNL,
11435 	},
11436 	{
11437 		.cmd = NL80211_CMD_DISCONNECT,
11438 		.doit = nl80211_disconnect,
11439 		.policy = nl80211_policy,
11440 		.flags = GENL_UNS_ADMIN_PERM,
11441 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11442 				  NL80211_FLAG_NEED_RTNL,
11443 	},
11444 	{
11445 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
11446 		.doit = nl80211_wiphy_netns,
11447 		.policy = nl80211_policy,
11448 		.flags = GENL_UNS_ADMIN_PERM,
11449 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11450 				  NL80211_FLAG_NEED_RTNL,
11451 	},
11452 	{
11453 		.cmd = NL80211_CMD_GET_SURVEY,
11454 		.policy = nl80211_policy,
11455 		.dumpit = nl80211_dump_survey,
11456 	},
11457 	{
11458 		.cmd = NL80211_CMD_SET_PMKSA,
11459 		.doit = nl80211_setdel_pmksa,
11460 		.policy = nl80211_policy,
11461 		.flags = GENL_UNS_ADMIN_PERM,
11462 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11463 				  NL80211_FLAG_NEED_RTNL,
11464 	},
11465 	{
11466 		.cmd = NL80211_CMD_DEL_PMKSA,
11467 		.doit = nl80211_setdel_pmksa,
11468 		.policy = nl80211_policy,
11469 		.flags = GENL_UNS_ADMIN_PERM,
11470 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11471 				  NL80211_FLAG_NEED_RTNL,
11472 	},
11473 	{
11474 		.cmd = NL80211_CMD_FLUSH_PMKSA,
11475 		.doit = nl80211_flush_pmksa,
11476 		.policy = nl80211_policy,
11477 		.flags = GENL_UNS_ADMIN_PERM,
11478 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11479 				  NL80211_FLAG_NEED_RTNL,
11480 	},
11481 	{
11482 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
11483 		.doit = nl80211_remain_on_channel,
11484 		.policy = nl80211_policy,
11485 		.flags = GENL_UNS_ADMIN_PERM,
11486 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11487 				  NL80211_FLAG_NEED_RTNL,
11488 	},
11489 	{
11490 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
11491 		.doit = nl80211_cancel_remain_on_channel,
11492 		.policy = nl80211_policy,
11493 		.flags = GENL_UNS_ADMIN_PERM,
11494 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11495 				  NL80211_FLAG_NEED_RTNL,
11496 	},
11497 	{
11498 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
11499 		.doit = nl80211_set_tx_bitrate_mask,
11500 		.policy = nl80211_policy,
11501 		.flags = GENL_UNS_ADMIN_PERM,
11502 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11503 				  NL80211_FLAG_NEED_RTNL,
11504 	},
11505 	{
11506 		.cmd = NL80211_CMD_REGISTER_FRAME,
11507 		.doit = nl80211_register_mgmt,
11508 		.policy = nl80211_policy,
11509 		.flags = GENL_UNS_ADMIN_PERM,
11510 		.internal_flags = NL80211_FLAG_NEED_WDEV |
11511 				  NL80211_FLAG_NEED_RTNL,
11512 	},
11513 	{
11514 		.cmd = NL80211_CMD_FRAME,
11515 		.doit = nl80211_tx_mgmt,
11516 		.policy = nl80211_policy,
11517 		.flags = GENL_UNS_ADMIN_PERM,
11518 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11519 				  NL80211_FLAG_NEED_RTNL,
11520 	},
11521 	{
11522 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
11523 		.doit = nl80211_tx_mgmt_cancel_wait,
11524 		.policy = nl80211_policy,
11525 		.flags = GENL_UNS_ADMIN_PERM,
11526 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11527 				  NL80211_FLAG_NEED_RTNL,
11528 	},
11529 	{
11530 		.cmd = NL80211_CMD_SET_POWER_SAVE,
11531 		.doit = nl80211_set_power_save,
11532 		.policy = nl80211_policy,
11533 		.flags = GENL_UNS_ADMIN_PERM,
11534 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11535 				  NL80211_FLAG_NEED_RTNL,
11536 	},
11537 	{
11538 		.cmd = NL80211_CMD_GET_POWER_SAVE,
11539 		.doit = nl80211_get_power_save,
11540 		.policy = nl80211_policy,
11541 		/* can be retrieved by unprivileged users */
11542 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11543 				  NL80211_FLAG_NEED_RTNL,
11544 	},
11545 	{
11546 		.cmd = NL80211_CMD_SET_CQM,
11547 		.doit = nl80211_set_cqm,
11548 		.policy = nl80211_policy,
11549 		.flags = GENL_UNS_ADMIN_PERM,
11550 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11551 				  NL80211_FLAG_NEED_RTNL,
11552 	},
11553 	{
11554 		.cmd = NL80211_CMD_SET_CHANNEL,
11555 		.doit = nl80211_set_channel,
11556 		.policy = nl80211_policy,
11557 		.flags = GENL_UNS_ADMIN_PERM,
11558 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11559 				  NL80211_FLAG_NEED_RTNL,
11560 	},
11561 	{
11562 		.cmd = NL80211_CMD_SET_WDS_PEER,
11563 		.doit = nl80211_set_wds_peer,
11564 		.policy = nl80211_policy,
11565 		.flags = GENL_UNS_ADMIN_PERM,
11566 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11567 				  NL80211_FLAG_NEED_RTNL,
11568 	},
11569 	{
11570 		.cmd = NL80211_CMD_JOIN_MESH,
11571 		.doit = nl80211_join_mesh,
11572 		.policy = nl80211_policy,
11573 		.flags = GENL_UNS_ADMIN_PERM,
11574 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11575 				  NL80211_FLAG_NEED_RTNL,
11576 	},
11577 	{
11578 		.cmd = NL80211_CMD_LEAVE_MESH,
11579 		.doit = nl80211_leave_mesh,
11580 		.policy = nl80211_policy,
11581 		.flags = GENL_UNS_ADMIN_PERM,
11582 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11583 				  NL80211_FLAG_NEED_RTNL,
11584 	},
11585 	{
11586 		.cmd = NL80211_CMD_JOIN_OCB,
11587 		.doit = nl80211_join_ocb,
11588 		.policy = nl80211_policy,
11589 		.flags = GENL_UNS_ADMIN_PERM,
11590 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11591 				  NL80211_FLAG_NEED_RTNL,
11592 	},
11593 	{
11594 		.cmd = NL80211_CMD_LEAVE_OCB,
11595 		.doit = nl80211_leave_ocb,
11596 		.policy = nl80211_policy,
11597 		.flags = GENL_UNS_ADMIN_PERM,
11598 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11599 				  NL80211_FLAG_NEED_RTNL,
11600 	},
11601 #ifdef CONFIG_PM
11602 	{
11603 		.cmd = NL80211_CMD_GET_WOWLAN,
11604 		.doit = nl80211_get_wowlan,
11605 		.policy = nl80211_policy,
11606 		/* can be retrieved by unprivileged users */
11607 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11608 				  NL80211_FLAG_NEED_RTNL,
11609 	},
11610 	{
11611 		.cmd = NL80211_CMD_SET_WOWLAN,
11612 		.doit = nl80211_set_wowlan,
11613 		.policy = nl80211_policy,
11614 		.flags = GENL_UNS_ADMIN_PERM,
11615 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11616 				  NL80211_FLAG_NEED_RTNL,
11617 	},
11618 #endif
11619 	{
11620 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
11621 		.doit = nl80211_set_rekey_data,
11622 		.policy = nl80211_policy,
11623 		.flags = GENL_UNS_ADMIN_PERM,
11624 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11625 				  NL80211_FLAG_NEED_RTNL |
11626 				  NL80211_FLAG_CLEAR_SKB,
11627 	},
11628 	{
11629 		.cmd = NL80211_CMD_TDLS_MGMT,
11630 		.doit = nl80211_tdls_mgmt,
11631 		.policy = nl80211_policy,
11632 		.flags = GENL_UNS_ADMIN_PERM,
11633 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11634 				  NL80211_FLAG_NEED_RTNL,
11635 	},
11636 	{
11637 		.cmd = NL80211_CMD_TDLS_OPER,
11638 		.doit = nl80211_tdls_oper,
11639 		.policy = nl80211_policy,
11640 		.flags = GENL_UNS_ADMIN_PERM,
11641 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11642 				  NL80211_FLAG_NEED_RTNL,
11643 	},
11644 	{
11645 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
11646 		.doit = nl80211_register_unexpected_frame,
11647 		.policy = nl80211_policy,
11648 		.flags = GENL_UNS_ADMIN_PERM,
11649 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11650 				  NL80211_FLAG_NEED_RTNL,
11651 	},
11652 	{
11653 		.cmd = NL80211_CMD_PROBE_CLIENT,
11654 		.doit = nl80211_probe_client,
11655 		.policy = nl80211_policy,
11656 		.flags = GENL_UNS_ADMIN_PERM,
11657 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11658 				  NL80211_FLAG_NEED_RTNL,
11659 	},
11660 	{
11661 		.cmd = NL80211_CMD_REGISTER_BEACONS,
11662 		.doit = nl80211_register_beacons,
11663 		.policy = nl80211_policy,
11664 		.flags = GENL_UNS_ADMIN_PERM,
11665 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11666 				  NL80211_FLAG_NEED_RTNL,
11667 	},
11668 	{
11669 		.cmd = NL80211_CMD_SET_NOACK_MAP,
11670 		.doit = nl80211_set_noack_map,
11671 		.policy = nl80211_policy,
11672 		.flags = GENL_UNS_ADMIN_PERM,
11673 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11674 				  NL80211_FLAG_NEED_RTNL,
11675 	},
11676 	{
11677 		.cmd = NL80211_CMD_START_P2P_DEVICE,
11678 		.doit = nl80211_start_p2p_device,
11679 		.policy = nl80211_policy,
11680 		.flags = GENL_UNS_ADMIN_PERM,
11681 		.internal_flags = NL80211_FLAG_NEED_WDEV |
11682 				  NL80211_FLAG_NEED_RTNL,
11683 	},
11684 	{
11685 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
11686 		.doit = nl80211_stop_p2p_device,
11687 		.policy = nl80211_policy,
11688 		.flags = GENL_UNS_ADMIN_PERM,
11689 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11690 				  NL80211_FLAG_NEED_RTNL,
11691 	},
11692 	{
11693 		.cmd = NL80211_CMD_SET_MCAST_RATE,
11694 		.doit = nl80211_set_mcast_rate,
11695 		.policy = nl80211_policy,
11696 		.flags = GENL_UNS_ADMIN_PERM,
11697 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11698 				  NL80211_FLAG_NEED_RTNL,
11699 	},
11700 	{
11701 		.cmd = NL80211_CMD_SET_MAC_ACL,
11702 		.doit = nl80211_set_mac_acl,
11703 		.policy = nl80211_policy,
11704 		.flags = GENL_UNS_ADMIN_PERM,
11705 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11706 				  NL80211_FLAG_NEED_RTNL,
11707 	},
11708 	{
11709 		.cmd = NL80211_CMD_RADAR_DETECT,
11710 		.doit = nl80211_start_radar_detection,
11711 		.policy = nl80211_policy,
11712 		.flags = GENL_UNS_ADMIN_PERM,
11713 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11714 				  NL80211_FLAG_NEED_RTNL,
11715 	},
11716 	{
11717 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
11718 		.doit = nl80211_get_protocol_features,
11719 		.policy = nl80211_policy,
11720 	},
11721 	{
11722 		.cmd = NL80211_CMD_UPDATE_FT_IES,
11723 		.doit = nl80211_update_ft_ies,
11724 		.policy = nl80211_policy,
11725 		.flags = GENL_UNS_ADMIN_PERM,
11726 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11727 				  NL80211_FLAG_NEED_RTNL,
11728 	},
11729 	{
11730 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
11731 		.doit = nl80211_crit_protocol_start,
11732 		.policy = nl80211_policy,
11733 		.flags = GENL_UNS_ADMIN_PERM,
11734 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11735 				  NL80211_FLAG_NEED_RTNL,
11736 	},
11737 	{
11738 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
11739 		.doit = nl80211_crit_protocol_stop,
11740 		.policy = nl80211_policy,
11741 		.flags = GENL_UNS_ADMIN_PERM,
11742 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11743 				  NL80211_FLAG_NEED_RTNL,
11744 	},
11745 	{
11746 		.cmd = NL80211_CMD_GET_COALESCE,
11747 		.doit = nl80211_get_coalesce,
11748 		.policy = nl80211_policy,
11749 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11750 				  NL80211_FLAG_NEED_RTNL,
11751 	},
11752 	{
11753 		.cmd = NL80211_CMD_SET_COALESCE,
11754 		.doit = nl80211_set_coalesce,
11755 		.policy = nl80211_policy,
11756 		.flags = GENL_UNS_ADMIN_PERM,
11757 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11758 				  NL80211_FLAG_NEED_RTNL,
11759 	},
11760 	{
11761 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
11762 		.doit = nl80211_channel_switch,
11763 		.policy = nl80211_policy,
11764 		.flags = GENL_UNS_ADMIN_PERM,
11765 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11766 				  NL80211_FLAG_NEED_RTNL,
11767 	},
11768 	{
11769 		.cmd = NL80211_CMD_VENDOR,
11770 		.doit = nl80211_vendor_cmd,
11771 		.dumpit = nl80211_vendor_cmd_dump,
11772 		.policy = nl80211_policy,
11773 		.flags = GENL_UNS_ADMIN_PERM,
11774 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11775 				  NL80211_FLAG_NEED_RTNL,
11776 	},
11777 	{
11778 		.cmd = NL80211_CMD_SET_QOS_MAP,
11779 		.doit = nl80211_set_qos_map,
11780 		.policy = nl80211_policy,
11781 		.flags = GENL_UNS_ADMIN_PERM,
11782 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11783 				  NL80211_FLAG_NEED_RTNL,
11784 	},
11785 	{
11786 		.cmd = NL80211_CMD_ADD_TX_TS,
11787 		.doit = nl80211_add_tx_ts,
11788 		.policy = nl80211_policy,
11789 		.flags = GENL_UNS_ADMIN_PERM,
11790 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11791 				  NL80211_FLAG_NEED_RTNL,
11792 	},
11793 	{
11794 		.cmd = NL80211_CMD_DEL_TX_TS,
11795 		.doit = nl80211_del_tx_ts,
11796 		.policy = nl80211_policy,
11797 		.flags = GENL_UNS_ADMIN_PERM,
11798 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11799 				  NL80211_FLAG_NEED_RTNL,
11800 	},
11801 	{
11802 		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
11803 		.doit = nl80211_tdls_channel_switch,
11804 		.policy = nl80211_policy,
11805 		.flags = GENL_UNS_ADMIN_PERM,
11806 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11807 				  NL80211_FLAG_NEED_RTNL,
11808 	},
11809 	{
11810 		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
11811 		.doit = nl80211_tdls_cancel_channel_switch,
11812 		.policy = nl80211_policy,
11813 		.flags = GENL_UNS_ADMIN_PERM,
11814 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11815 				  NL80211_FLAG_NEED_RTNL,
11816 	},
11817 };
11818 
11819 /* notification functions */
11820 
11821 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
11822 			  enum nl80211_commands cmd)
11823 {
11824 	struct sk_buff *msg;
11825 	struct nl80211_dump_wiphy_state state = {};
11826 
11827 	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
11828 		cmd != NL80211_CMD_DEL_WIPHY);
11829 
11830 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11831 	if (!msg)
11832 		return;
11833 
11834 	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
11835 		nlmsg_free(msg);
11836 		return;
11837 	}
11838 
11839 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11840 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
11841 }
11842 
11843 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
11844 				struct wireless_dev *wdev,
11845 				enum nl80211_commands cmd)
11846 {
11847 	struct sk_buff *msg;
11848 
11849 	WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
11850 		cmd != NL80211_CMD_DEL_INTERFACE);
11851 
11852 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11853 	if (!msg)
11854 		return;
11855 
11856 	if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev,
11857 			       cmd == NL80211_CMD_DEL_INTERFACE) < 0) {
11858 		nlmsg_free(msg);
11859 		return;
11860 	}
11861 
11862 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11863 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
11864 }
11865 
11866 static int nl80211_add_scan_req(struct sk_buff *msg,
11867 				struct cfg80211_registered_device *rdev)
11868 {
11869 	struct cfg80211_scan_request *req = rdev->scan_req;
11870 	struct nlattr *nest;
11871 	int i;
11872 
11873 	if (WARN_ON(!req))
11874 		return 0;
11875 
11876 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
11877 	if (!nest)
11878 		goto nla_put_failure;
11879 	for (i = 0; i < req->n_ssids; i++) {
11880 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
11881 			goto nla_put_failure;
11882 	}
11883 	nla_nest_end(msg, nest);
11884 
11885 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11886 	if (!nest)
11887 		goto nla_put_failure;
11888 	for (i = 0; i < req->n_channels; i++) {
11889 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11890 			goto nla_put_failure;
11891 	}
11892 	nla_nest_end(msg, nest);
11893 
11894 	if (req->ie &&
11895 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
11896 		goto nla_put_failure;
11897 
11898 	if (req->flags &&
11899 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
11900 		goto nla_put_failure;
11901 
11902 	if (req->info.scan_start_tsf &&
11903 	    (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
11904 			       req->info.scan_start_tsf, NL80211_BSS_PAD) ||
11905 	     nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
11906 		     req->info.tsf_bssid)))
11907 		goto nla_put_failure;
11908 
11909 	return 0;
11910  nla_put_failure:
11911 	return -ENOBUFS;
11912 }
11913 
11914 static int nl80211_send_scan_msg(struct sk_buff *msg,
11915 				 struct cfg80211_registered_device *rdev,
11916 				 struct wireless_dev *wdev,
11917 				 u32 portid, u32 seq, int flags,
11918 				 u32 cmd)
11919 {
11920 	void *hdr;
11921 
11922 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
11923 	if (!hdr)
11924 		return -1;
11925 
11926 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11927 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11928 					 wdev->netdev->ifindex)) ||
11929 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11930 			      NL80211_ATTR_PAD))
11931 		goto nla_put_failure;
11932 
11933 	/* ignore errors and send incomplete event anyway */
11934 	nl80211_add_scan_req(msg, rdev);
11935 
11936 	genlmsg_end(msg, hdr);
11937 	return 0;
11938 
11939  nla_put_failure:
11940 	genlmsg_cancel(msg, hdr);
11941 	return -EMSGSIZE;
11942 }
11943 
11944 static int
11945 nl80211_send_sched_scan_msg(struct sk_buff *msg,
11946 			    struct cfg80211_registered_device *rdev,
11947 			    struct net_device *netdev,
11948 			    u32 portid, u32 seq, int flags, u32 cmd)
11949 {
11950 	void *hdr;
11951 
11952 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
11953 	if (!hdr)
11954 		return -1;
11955 
11956 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11957 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11958 		goto nla_put_failure;
11959 
11960 	genlmsg_end(msg, hdr);
11961 	return 0;
11962 
11963  nla_put_failure:
11964 	genlmsg_cancel(msg, hdr);
11965 	return -EMSGSIZE;
11966 }
11967 
11968 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
11969 			     struct wireless_dev *wdev)
11970 {
11971 	struct sk_buff *msg;
11972 
11973 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11974 	if (!msg)
11975 		return;
11976 
11977 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
11978 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
11979 		nlmsg_free(msg);
11980 		return;
11981 	}
11982 
11983 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11984 				NL80211_MCGRP_SCAN, GFP_KERNEL);
11985 }
11986 
11987 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
11988 				       struct wireless_dev *wdev, bool aborted)
11989 {
11990 	struct sk_buff *msg;
11991 
11992 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11993 	if (!msg)
11994 		return NULL;
11995 
11996 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
11997 				  aborted ? NL80211_CMD_SCAN_ABORTED :
11998 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
11999 		nlmsg_free(msg);
12000 		return NULL;
12001 	}
12002 
12003 	return msg;
12004 }
12005 
12006 void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
12007 			      struct sk_buff *msg)
12008 {
12009 	if (!msg)
12010 		return;
12011 
12012 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12013 				NL80211_MCGRP_SCAN, GFP_KERNEL);
12014 }
12015 
12016 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
12017 				     struct net_device *netdev)
12018 {
12019 	struct sk_buff *msg;
12020 
12021 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12022 	if (!msg)
12023 		return;
12024 
12025 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
12026 					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
12027 		nlmsg_free(msg);
12028 		return;
12029 	}
12030 
12031 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12032 				NL80211_MCGRP_SCAN, GFP_KERNEL);
12033 }
12034 
12035 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
12036 			     struct net_device *netdev, u32 cmd)
12037 {
12038 	struct sk_buff *msg;
12039 
12040 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12041 	if (!msg)
12042 		return;
12043 
12044 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
12045 		nlmsg_free(msg);
12046 		return;
12047 	}
12048 
12049 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12050 				NL80211_MCGRP_SCAN, GFP_KERNEL);
12051 }
12052 
12053 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
12054 					  struct regulatory_request *request)
12055 {
12056 	/* Userspace can always count this one always being set */
12057 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
12058 		goto nla_put_failure;
12059 
12060 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
12061 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
12062 			       NL80211_REGDOM_TYPE_WORLD))
12063 			goto nla_put_failure;
12064 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
12065 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
12066 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
12067 			goto nla_put_failure;
12068 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
12069 		   request->intersect) {
12070 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
12071 			       NL80211_REGDOM_TYPE_INTERSECTION))
12072 			goto nla_put_failure;
12073 	} else {
12074 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
12075 			       NL80211_REGDOM_TYPE_COUNTRY) ||
12076 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
12077 				   request->alpha2))
12078 			goto nla_put_failure;
12079 	}
12080 
12081 	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
12082 		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
12083 
12084 		if (wiphy &&
12085 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
12086 			goto nla_put_failure;
12087 
12088 		if (wiphy &&
12089 		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
12090 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
12091 			goto nla_put_failure;
12092 	}
12093 
12094 	return true;
12095 
12096 nla_put_failure:
12097 	return false;
12098 }
12099 
12100 /*
12101  * This can happen on global regulatory changes or device specific settings
12102  * based on custom regulatory domains.
12103  */
12104 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
12105 				     struct regulatory_request *request)
12106 {
12107 	struct sk_buff *msg;
12108 	void *hdr;
12109 
12110 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12111 	if (!msg)
12112 		return;
12113 
12114 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
12115 	if (!hdr) {
12116 		nlmsg_free(msg);
12117 		return;
12118 	}
12119 
12120 	if (nl80211_reg_change_event_fill(msg, request) == false)
12121 		goto nla_put_failure;
12122 
12123 	genlmsg_end(msg, hdr);
12124 
12125 	rcu_read_lock();
12126 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
12127 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
12128 	rcu_read_unlock();
12129 
12130 	return;
12131 
12132 nla_put_failure:
12133 	genlmsg_cancel(msg, hdr);
12134 	nlmsg_free(msg);
12135 }
12136 
12137 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
12138 				    struct net_device *netdev,
12139 				    const u8 *buf, size_t len,
12140 				    enum nl80211_commands cmd, gfp_t gfp,
12141 				    int uapsd_queues)
12142 {
12143 	struct sk_buff *msg;
12144 	void *hdr;
12145 
12146 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12147 	if (!msg)
12148 		return;
12149 
12150 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
12151 	if (!hdr) {
12152 		nlmsg_free(msg);
12153 		return;
12154 	}
12155 
12156 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12157 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12158 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
12159 		goto nla_put_failure;
12160 
12161 	if (uapsd_queues >= 0) {
12162 		struct nlattr *nla_wmm =
12163 			nla_nest_start(msg, NL80211_ATTR_STA_WME);
12164 		if (!nla_wmm)
12165 			goto nla_put_failure;
12166 
12167 		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
12168 			       uapsd_queues))
12169 			goto nla_put_failure;
12170 
12171 		nla_nest_end(msg, nla_wmm);
12172 	}
12173 
12174 	genlmsg_end(msg, hdr);
12175 
12176 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12177 				NL80211_MCGRP_MLME, gfp);
12178 	return;
12179 
12180  nla_put_failure:
12181 	genlmsg_cancel(msg, hdr);
12182 	nlmsg_free(msg);
12183 }
12184 
12185 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
12186 			  struct net_device *netdev, const u8 *buf,
12187 			  size_t len, gfp_t gfp)
12188 {
12189 	nl80211_send_mlme_event(rdev, netdev, buf, len,
12190 				NL80211_CMD_AUTHENTICATE, gfp, -1);
12191 }
12192 
12193 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
12194 			   struct net_device *netdev, const u8 *buf,
12195 			   size_t len, gfp_t gfp, int uapsd_queues)
12196 {
12197 	nl80211_send_mlme_event(rdev, netdev, buf, len,
12198 				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
12199 }
12200 
12201 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
12202 			 struct net_device *netdev, const u8 *buf,
12203 			 size_t len, gfp_t gfp)
12204 {
12205 	nl80211_send_mlme_event(rdev, netdev, buf, len,
12206 				NL80211_CMD_DEAUTHENTICATE, gfp, -1);
12207 }
12208 
12209 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
12210 			   struct net_device *netdev, const u8 *buf,
12211 			   size_t len, gfp_t gfp)
12212 {
12213 	nl80211_send_mlme_event(rdev, netdev, buf, len,
12214 				NL80211_CMD_DISASSOCIATE, gfp, -1);
12215 }
12216 
12217 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
12218 				  size_t len)
12219 {
12220 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12221 	struct wiphy *wiphy = wdev->wiphy;
12222 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12223 	const struct ieee80211_mgmt *mgmt = (void *)buf;
12224 	u32 cmd;
12225 
12226 	if (WARN_ON(len < 2))
12227 		return;
12228 
12229 	if (ieee80211_is_deauth(mgmt->frame_control))
12230 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
12231 	else
12232 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
12233 
12234 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
12235 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
12236 }
12237 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
12238 
12239 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
12240 				      struct net_device *netdev, int cmd,
12241 				      const u8 *addr, gfp_t gfp)
12242 {
12243 	struct sk_buff *msg;
12244 	void *hdr;
12245 
12246 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12247 	if (!msg)
12248 		return;
12249 
12250 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
12251 	if (!hdr) {
12252 		nlmsg_free(msg);
12253 		return;
12254 	}
12255 
12256 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12257 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12258 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
12259 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
12260 		goto nla_put_failure;
12261 
12262 	genlmsg_end(msg, hdr);
12263 
12264 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12265 				NL80211_MCGRP_MLME, gfp);
12266 	return;
12267 
12268  nla_put_failure:
12269 	genlmsg_cancel(msg, hdr);
12270 	nlmsg_free(msg);
12271 }
12272 
12273 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
12274 			       struct net_device *netdev, const u8 *addr,
12275 			       gfp_t gfp)
12276 {
12277 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
12278 				  addr, gfp);
12279 }
12280 
12281 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
12282 				struct net_device *netdev, const u8 *addr,
12283 				gfp_t gfp)
12284 {
12285 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
12286 				  addr, gfp);
12287 }
12288 
12289 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
12290 				 struct net_device *netdev, const u8 *bssid,
12291 				 const u8 *req_ie, size_t req_ie_len,
12292 				 const u8 *resp_ie, size_t resp_ie_len,
12293 				 int status, gfp_t gfp)
12294 {
12295 	struct sk_buff *msg;
12296 	void *hdr;
12297 
12298 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12299 	if (!msg)
12300 		return;
12301 
12302 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
12303 	if (!hdr) {
12304 		nlmsg_free(msg);
12305 		return;
12306 	}
12307 
12308 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12309 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12310 	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
12311 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
12312 			status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
12313 			status) ||
12314 	    (status < 0 && nla_put_flag(msg, NL80211_ATTR_TIMED_OUT)) ||
12315 	    (req_ie &&
12316 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
12317 	    (resp_ie &&
12318 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
12319 		goto nla_put_failure;
12320 
12321 	genlmsg_end(msg, hdr);
12322 
12323 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12324 				NL80211_MCGRP_MLME, gfp);
12325 	return;
12326 
12327  nla_put_failure:
12328 	genlmsg_cancel(msg, hdr);
12329 	nlmsg_free(msg);
12330 }
12331 
12332 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
12333 			 struct net_device *netdev, const u8 *bssid,
12334 			 const u8 *req_ie, size_t req_ie_len,
12335 			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
12336 {
12337 	struct sk_buff *msg;
12338 	void *hdr;
12339 
12340 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12341 	if (!msg)
12342 		return;
12343 
12344 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
12345 	if (!hdr) {
12346 		nlmsg_free(msg);
12347 		return;
12348 	}
12349 
12350 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12351 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12352 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
12353 	    (req_ie &&
12354 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
12355 	    (resp_ie &&
12356 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
12357 		goto nla_put_failure;
12358 
12359 	genlmsg_end(msg, hdr);
12360 
12361 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12362 				NL80211_MCGRP_MLME, gfp);
12363 	return;
12364 
12365  nla_put_failure:
12366 	genlmsg_cancel(msg, hdr);
12367 	nlmsg_free(msg);
12368 }
12369 
12370 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
12371 			       struct net_device *netdev, u16 reason,
12372 			       const u8 *ie, size_t ie_len, bool from_ap)
12373 {
12374 	struct sk_buff *msg;
12375 	void *hdr;
12376 
12377 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12378 	if (!msg)
12379 		return;
12380 
12381 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
12382 	if (!hdr) {
12383 		nlmsg_free(msg);
12384 		return;
12385 	}
12386 
12387 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12388 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12389 	    (from_ap && reason &&
12390 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
12391 	    (from_ap &&
12392 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
12393 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
12394 		goto nla_put_failure;
12395 
12396 	genlmsg_end(msg, hdr);
12397 
12398 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12399 				NL80211_MCGRP_MLME, GFP_KERNEL);
12400 	return;
12401 
12402  nla_put_failure:
12403 	genlmsg_cancel(msg, hdr);
12404 	nlmsg_free(msg);
12405 }
12406 
12407 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
12408 			     struct net_device *netdev, const u8 *bssid,
12409 			     gfp_t gfp)
12410 {
12411 	struct sk_buff *msg;
12412 	void *hdr;
12413 
12414 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12415 	if (!msg)
12416 		return;
12417 
12418 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
12419 	if (!hdr) {
12420 		nlmsg_free(msg);
12421 		return;
12422 	}
12423 
12424 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12425 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12426 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
12427 		goto nla_put_failure;
12428 
12429 	genlmsg_end(msg, hdr);
12430 
12431 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12432 				NL80211_MCGRP_MLME, gfp);
12433 	return;
12434 
12435  nla_put_failure:
12436 	genlmsg_cancel(msg, hdr);
12437 	nlmsg_free(msg);
12438 }
12439 
12440 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
12441 					const u8* ie, u8 ie_len, gfp_t gfp)
12442 {
12443 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12444 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12445 	struct sk_buff *msg;
12446 	void *hdr;
12447 
12448 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
12449 		return;
12450 
12451 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
12452 
12453 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12454 	if (!msg)
12455 		return;
12456 
12457 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
12458 	if (!hdr) {
12459 		nlmsg_free(msg);
12460 		return;
12461 	}
12462 
12463 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12464 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12465 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
12466 	    (ie_len && ie &&
12467 	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
12468 		goto nla_put_failure;
12469 
12470 	genlmsg_end(msg, hdr);
12471 
12472 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12473 				NL80211_MCGRP_MLME, gfp);
12474 	return;
12475 
12476  nla_put_failure:
12477 	genlmsg_cancel(msg, hdr);
12478 	nlmsg_free(msg);
12479 }
12480 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
12481 
12482 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
12483 				 struct net_device *netdev, const u8 *addr,
12484 				 enum nl80211_key_type key_type, int key_id,
12485 				 const u8 *tsc, gfp_t gfp)
12486 {
12487 	struct sk_buff *msg;
12488 	void *hdr;
12489 
12490 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12491 	if (!msg)
12492 		return;
12493 
12494 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
12495 	if (!hdr) {
12496 		nlmsg_free(msg);
12497 		return;
12498 	}
12499 
12500 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12501 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12502 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
12503 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
12504 	    (key_id != -1 &&
12505 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
12506 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
12507 		goto nla_put_failure;
12508 
12509 	genlmsg_end(msg, hdr);
12510 
12511 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12512 				NL80211_MCGRP_MLME, gfp);
12513 	return;
12514 
12515  nla_put_failure:
12516 	genlmsg_cancel(msg, hdr);
12517 	nlmsg_free(msg);
12518 }
12519 
12520 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
12521 				    struct ieee80211_channel *channel_before,
12522 				    struct ieee80211_channel *channel_after)
12523 {
12524 	struct sk_buff *msg;
12525 	void *hdr;
12526 	struct nlattr *nl_freq;
12527 
12528 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
12529 	if (!msg)
12530 		return;
12531 
12532 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
12533 	if (!hdr) {
12534 		nlmsg_free(msg);
12535 		return;
12536 	}
12537 
12538 	/*
12539 	 * Since we are applying the beacon hint to a wiphy we know its
12540 	 * wiphy_idx is valid
12541 	 */
12542 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
12543 		goto nla_put_failure;
12544 
12545 	/* Before */
12546 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
12547 	if (!nl_freq)
12548 		goto nla_put_failure;
12549 	if (nl80211_msg_put_channel(msg, channel_before, false))
12550 		goto nla_put_failure;
12551 	nla_nest_end(msg, nl_freq);
12552 
12553 	/* After */
12554 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
12555 	if (!nl_freq)
12556 		goto nla_put_failure;
12557 	if (nl80211_msg_put_channel(msg, channel_after, false))
12558 		goto nla_put_failure;
12559 	nla_nest_end(msg, nl_freq);
12560 
12561 	genlmsg_end(msg, hdr);
12562 
12563 	rcu_read_lock();
12564 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
12565 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
12566 	rcu_read_unlock();
12567 
12568 	return;
12569 
12570 nla_put_failure:
12571 	genlmsg_cancel(msg, hdr);
12572 	nlmsg_free(msg);
12573 }
12574 
12575 static void nl80211_send_remain_on_chan_event(
12576 	int cmd, struct cfg80211_registered_device *rdev,
12577 	struct wireless_dev *wdev, u64 cookie,
12578 	struct ieee80211_channel *chan,
12579 	unsigned int duration, gfp_t gfp)
12580 {
12581 	struct sk_buff *msg;
12582 	void *hdr;
12583 
12584 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12585 	if (!msg)
12586 		return;
12587 
12588 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
12589 	if (!hdr) {
12590 		nlmsg_free(msg);
12591 		return;
12592 	}
12593 
12594 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12595 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12596 					 wdev->netdev->ifindex)) ||
12597 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12598 			      NL80211_ATTR_PAD) ||
12599 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
12600 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
12601 			NL80211_CHAN_NO_HT) ||
12602 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12603 			      NL80211_ATTR_PAD))
12604 		goto nla_put_failure;
12605 
12606 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
12607 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
12608 		goto nla_put_failure;
12609 
12610 	genlmsg_end(msg, hdr);
12611 
12612 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12613 				NL80211_MCGRP_MLME, gfp);
12614 	return;
12615 
12616  nla_put_failure:
12617 	genlmsg_cancel(msg, hdr);
12618 	nlmsg_free(msg);
12619 }
12620 
12621 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
12622 			       struct ieee80211_channel *chan,
12623 			       unsigned int duration, gfp_t gfp)
12624 {
12625 	struct wiphy *wiphy = wdev->wiphy;
12626 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12627 
12628 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
12629 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
12630 					  rdev, wdev, cookie, chan,
12631 					  duration, gfp);
12632 }
12633 EXPORT_SYMBOL(cfg80211_ready_on_channel);
12634 
12635 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
12636 					struct ieee80211_channel *chan,
12637 					gfp_t gfp)
12638 {
12639 	struct wiphy *wiphy = wdev->wiphy;
12640 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12641 
12642 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
12643 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
12644 					  rdev, wdev, cookie, chan, 0, gfp);
12645 }
12646 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
12647 
12648 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
12649 		      struct station_info *sinfo, gfp_t gfp)
12650 {
12651 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12652 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12653 	struct sk_buff *msg;
12654 
12655 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
12656 
12657 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12658 	if (!msg)
12659 		return;
12660 
12661 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
12662 				 rdev, dev, mac_addr, sinfo) < 0) {
12663 		nlmsg_free(msg);
12664 		return;
12665 	}
12666 
12667 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12668 				NL80211_MCGRP_MLME, gfp);
12669 }
12670 EXPORT_SYMBOL(cfg80211_new_sta);
12671 
12672 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
12673 			    struct station_info *sinfo, gfp_t gfp)
12674 {
12675 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12676 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12677 	struct sk_buff *msg;
12678 	struct station_info empty_sinfo = {};
12679 
12680 	if (!sinfo)
12681 		sinfo = &empty_sinfo;
12682 
12683 	trace_cfg80211_del_sta(dev, mac_addr);
12684 
12685 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12686 	if (!msg)
12687 		return;
12688 
12689 	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
12690 				 rdev, dev, mac_addr, sinfo) < 0) {
12691 		nlmsg_free(msg);
12692 		return;
12693 	}
12694 
12695 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12696 				NL80211_MCGRP_MLME, gfp);
12697 }
12698 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
12699 
12700 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
12701 			  enum nl80211_connect_failed_reason reason,
12702 			  gfp_t gfp)
12703 {
12704 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12705 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12706 	struct sk_buff *msg;
12707 	void *hdr;
12708 
12709 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
12710 	if (!msg)
12711 		return;
12712 
12713 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
12714 	if (!hdr) {
12715 		nlmsg_free(msg);
12716 		return;
12717 	}
12718 
12719 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12720 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
12721 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
12722 		goto nla_put_failure;
12723 
12724 	genlmsg_end(msg, hdr);
12725 
12726 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12727 				NL80211_MCGRP_MLME, gfp);
12728 	return;
12729 
12730  nla_put_failure:
12731 	genlmsg_cancel(msg, hdr);
12732 	nlmsg_free(msg);
12733 }
12734 EXPORT_SYMBOL(cfg80211_conn_failed);
12735 
12736 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
12737 				       const u8 *addr, gfp_t gfp)
12738 {
12739 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12740 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12741 	struct sk_buff *msg;
12742 	void *hdr;
12743 	u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
12744 
12745 	if (!nlportid)
12746 		return false;
12747 
12748 	msg = nlmsg_new(100, gfp);
12749 	if (!msg)
12750 		return true;
12751 
12752 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
12753 	if (!hdr) {
12754 		nlmsg_free(msg);
12755 		return true;
12756 	}
12757 
12758 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12759 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12760 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
12761 		goto nla_put_failure;
12762 
12763 	genlmsg_end(msg, hdr);
12764 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
12765 	return true;
12766 
12767  nla_put_failure:
12768 	genlmsg_cancel(msg, hdr);
12769 	nlmsg_free(msg);
12770 	return true;
12771 }
12772 
12773 bool cfg80211_rx_spurious_frame(struct net_device *dev,
12774 				const u8 *addr, gfp_t gfp)
12775 {
12776 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12777 	bool ret;
12778 
12779 	trace_cfg80211_rx_spurious_frame(dev, addr);
12780 
12781 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
12782 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
12783 		trace_cfg80211_return_bool(false);
12784 		return false;
12785 	}
12786 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
12787 					 addr, gfp);
12788 	trace_cfg80211_return_bool(ret);
12789 	return ret;
12790 }
12791 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
12792 
12793 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
12794 					const u8 *addr, gfp_t gfp)
12795 {
12796 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12797 	bool ret;
12798 
12799 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
12800 
12801 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
12802 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
12803 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
12804 		trace_cfg80211_return_bool(false);
12805 		return false;
12806 	}
12807 	ret = __nl80211_unexpected_frame(dev,
12808 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
12809 					 addr, gfp);
12810 	trace_cfg80211_return_bool(ret);
12811 	return ret;
12812 }
12813 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
12814 
12815 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
12816 		      struct wireless_dev *wdev, u32 nlportid,
12817 		      int freq, int sig_dbm,
12818 		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
12819 {
12820 	struct net_device *netdev = wdev->netdev;
12821 	struct sk_buff *msg;
12822 	void *hdr;
12823 
12824 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12825 	if (!msg)
12826 		return -ENOMEM;
12827 
12828 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
12829 	if (!hdr) {
12830 		nlmsg_free(msg);
12831 		return -ENOMEM;
12832 	}
12833 
12834 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12835 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12836 					netdev->ifindex)) ||
12837 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12838 			      NL80211_ATTR_PAD) ||
12839 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
12840 	    (sig_dbm &&
12841 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
12842 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
12843 	    (flags &&
12844 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
12845 		goto nla_put_failure;
12846 
12847 	genlmsg_end(msg, hdr);
12848 
12849 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
12850 
12851  nla_put_failure:
12852 	genlmsg_cancel(msg, hdr);
12853 	nlmsg_free(msg);
12854 	return -ENOBUFS;
12855 }
12856 
12857 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
12858 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
12859 {
12860 	struct wiphy *wiphy = wdev->wiphy;
12861 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12862 	struct net_device *netdev = wdev->netdev;
12863 	struct sk_buff *msg;
12864 	void *hdr;
12865 
12866 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
12867 
12868 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12869 	if (!msg)
12870 		return;
12871 
12872 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
12873 	if (!hdr) {
12874 		nlmsg_free(msg);
12875 		return;
12876 	}
12877 
12878 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12879 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12880 				   netdev->ifindex)) ||
12881 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12882 			      NL80211_ATTR_PAD) ||
12883 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
12884 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12885 			      NL80211_ATTR_PAD) ||
12886 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
12887 		goto nla_put_failure;
12888 
12889 	genlmsg_end(msg, hdr);
12890 
12891 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12892 				NL80211_MCGRP_MLME, gfp);
12893 	return;
12894 
12895  nla_put_failure:
12896 	genlmsg_cancel(msg, hdr);
12897 	nlmsg_free(msg);
12898 }
12899 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
12900 
12901 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
12902 					    const char *mac, gfp_t gfp)
12903 {
12904 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12905 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12906 	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12907 	void **cb;
12908 
12909 	if (!msg)
12910 		return NULL;
12911 
12912 	cb = (void **)msg->cb;
12913 
12914 	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
12915 	if (!cb[0]) {
12916 		nlmsg_free(msg);
12917 		return NULL;
12918 	}
12919 
12920 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12921 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
12922 		goto nla_put_failure;
12923 
12924 	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
12925 		goto nla_put_failure;
12926 
12927 	cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
12928 	if (!cb[1])
12929 		goto nla_put_failure;
12930 
12931 	cb[2] = rdev;
12932 
12933 	return msg;
12934  nla_put_failure:
12935 	nlmsg_free(msg);
12936 	return NULL;
12937 }
12938 
12939 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
12940 {
12941 	void **cb = (void **)msg->cb;
12942 	struct cfg80211_registered_device *rdev = cb[2];
12943 
12944 	nla_nest_end(msg, cb[1]);
12945 	genlmsg_end(msg, cb[0]);
12946 
12947 	memset(msg->cb, 0, sizeof(msg->cb));
12948 
12949 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12950 				NL80211_MCGRP_MLME, gfp);
12951 }
12952 
12953 void cfg80211_cqm_rssi_notify(struct net_device *dev,
12954 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
12955 			      gfp_t gfp)
12956 {
12957 	struct sk_buff *msg;
12958 
12959 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
12960 
12961 	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
12962 		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
12963 		return;
12964 
12965 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
12966 	if (!msg)
12967 		return;
12968 
12969 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
12970 			rssi_event))
12971 		goto nla_put_failure;
12972 
12973 	cfg80211_send_cqm(msg, gfp);
12974 
12975 	return;
12976 
12977  nla_put_failure:
12978 	nlmsg_free(msg);
12979 }
12980 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
12981 
12982 void cfg80211_cqm_txe_notify(struct net_device *dev,
12983 			     const u8 *peer, u32 num_packets,
12984 			     u32 rate, u32 intvl, gfp_t gfp)
12985 {
12986 	struct sk_buff *msg;
12987 
12988 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
12989 	if (!msg)
12990 		return;
12991 
12992 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
12993 		goto nla_put_failure;
12994 
12995 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
12996 		goto nla_put_failure;
12997 
12998 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
12999 		goto nla_put_failure;
13000 
13001 	cfg80211_send_cqm(msg, gfp);
13002 	return;
13003 
13004  nla_put_failure:
13005 	nlmsg_free(msg);
13006 }
13007 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
13008 
13009 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
13010 				 const u8 *peer, u32 num_packets, gfp_t gfp)
13011 {
13012 	struct sk_buff *msg;
13013 
13014 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
13015 
13016 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
13017 	if (!msg)
13018 		return;
13019 
13020 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
13021 		goto nla_put_failure;
13022 
13023 	cfg80211_send_cqm(msg, gfp);
13024 	return;
13025 
13026  nla_put_failure:
13027 	nlmsg_free(msg);
13028 }
13029 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
13030 
13031 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
13032 {
13033 	struct sk_buff *msg;
13034 
13035 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
13036 	if (!msg)
13037 		return;
13038 
13039 	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
13040 		goto nla_put_failure;
13041 
13042 	cfg80211_send_cqm(msg, gfp);
13043 	return;
13044 
13045  nla_put_failure:
13046 	nlmsg_free(msg);
13047 }
13048 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
13049 
13050 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
13051 				     struct net_device *netdev, const u8 *bssid,
13052 				     const u8 *replay_ctr, gfp_t gfp)
13053 {
13054 	struct sk_buff *msg;
13055 	struct nlattr *rekey_attr;
13056 	void *hdr;
13057 
13058 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13059 	if (!msg)
13060 		return;
13061 
13062 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
13063 	if (!hdr) {
13064 		nlmsg_free(msg);
13065 		return;
13066 	}
13067 
13068 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13069 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13070 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
13071 		goto nla_put_failure;
13072 
13073 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
13074 	if (!rekey_attr)
13075 		goto nla_put_failure;
13076 
13077 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
13078 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
13079 		goto nla_put_failure;
13080 
13081 	nla_nest_end(msg, rekey_attr);
13082 
13083 	genlmsg_end(msg, hdr);
13084 
13085 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13086 				NL80211_MCGRP_MLME, gfp);
13087 	return;
13088 
13089  nla_put_failure:
13090 	genlmsg_cancel(msg, hdr);
13091 	nlmsg_free(msg);
13092 }
13093 
13094 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
13095 			       const u8 *replay_ctr, gfp_t gfp)
13096 {
13097 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13098 	struct wiphy *wiphy = wdev->wiphy;
13099 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13100 
13101 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
13102 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
13103 }
13104 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
13105 
13106 static void
13107 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
13108 			       struct net_device *netdev, int index,
13109 			       const u8 *bssid, bool preauth, gfp_t gfp)
13110 {
13111 	struct sk_buff *msg;
13112 	struct nlattr *attr;
13113 	void *hdr;
13114 
13115 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13116 	if (!msg)
13117 		return;
13118 
13119 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
13120 	if (!hdr) {
13121 		nlmsg_free(msg);
13122 		return;
13123 	}
13124 
13125 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13126 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
13127 		goto nla_put_failure;
13128 
13129 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
13130 	if (!attr)
13131 		goto nla_put_failure;
13132 
13133 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
13134 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
13135 	    (preauth &&
13136 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
13137 		goto nla_put_failure;
13138 
13139 	nla_nest_end(msg, attr);
13140 
13141 	genlmsg_end(msg, hdr);
13142 
13143 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13144 				NL80211_MCGRP_MLME, gfp);
13145 	return;
13146 
13147  nla_put_failure:
13148 	genlmsg_cancel(msg, hdr);
13149 	nlmsg_free(msg);
13150 }
13151 
13152 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
13153 				     const u8 *bssid, bool preauth, gfp_t gfp)
13154 {
13155 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13156 	struct wiphy *wiphy = wdev->wiphy;
13157 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13158 
13159 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
13160 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
13161 }
13162 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
13163 
13164 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
13165 				     struct net_device *netdev,
13166 				     struct cfg80211_chan_def *chandef,
13167 				     gfp_t gfp,
13168 				     enum nl80211_commands notif,
13169 				     u8 count)
13170 {
13171 	struct sk_buff *msg;
13172 	void *hdr;
13173 
13174 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13175 	if (!msg)
13176 		return;
13177 
13178 	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
13179 	if (!hdr) {
13180 		nlmsg_free(msg);
13181 		return;
13182 	}
13183 
13184 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
13185 		goto nla_put_failure;
13186 
13187 	if (nl80211_send_chandef(msg, chandef))
13188 		goto nla_put_failure;
13189 
13190 	if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
13191 	    (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
13192 			goto nla_put_failure;
13193 
13194 	genlmsg_end(msg, hdr);
13195 
13196 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13197 				NL80211_MCGRP_MLME, gfp);
13198 	return;
13199 
13200  nla_put_failure:
13201 	genlmsg_cancel(msg, hdr);
13202 	nlmsg_free(msg);
13203 }
13204 
13205 void cfg80211_ch_switch_notify(struct net_device *dev,
13206 			       struct cfg80211_chan_def *chandef)
13207 {
13208 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13209 	struct wiphy *wiphy = wdev->wiphy;
13210 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13211 
13212 	ASSERT_WDEV_LOCK(wdev);
13213 
13214 	trace_cfg80211_ch_switch_notify(dev, chandef);
13215 
13216 	wdev->chandef = *chandef;
13217 	wdev->preset_chandef = *chandef;
13218 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
13219 				 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
13220 }
13221 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
13222 
13223 void cfg80211_ch_switch_started_notify(struct net_device *dev,
13224 				       struct cfg80211_chan_def *chandef,
13225 				       u8 count)
13226 {
13227 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13228 	struct wiphy *wiphy = wdev->wiphy;
13229 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13230 
13231 	trace_cfg80211_ch_switch_started_notify(dev, chandef);
13232 
13233 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
13234 				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
13235 }
13236 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
13237 
13238 void
13239 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
13240 		     const struct cfg80211_chan_def *chandef,
13241 		     enum nl80211_radar_event event,
13242 		     struct net_device *netdev, gfp_t gfp)
13243 {
13244 	struct sk_buff *msg;
13245 	void *hdr;
13246 
13247 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13248 	if (!msg)
13249 		return;
13250 
13251 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
13252 	if (!hdr) {
13253 		nlmsg_free(msg);
13254 		return;
13255 	}
13256 
13257 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
13258 		goto nla_put_failure;
13259 
13260 	/* NOP and radar events don't need a netdev parameter */
13261 	if (netdev) {
13262 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
13263 
13264 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13265 		    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13266 				      NL80211_ATTR_PAD))
13267 			goto nla_put_failure;
13268 	}
13269 
13270 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
13271 		goto nla_put_failure;
13272 
13273 	if (nl80211_send_chandef(msg, chandef))
13274 		goto nla_put_failure;
13275 
13276 	genlmsg_end(msg, hdr);
13277 
13278 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13279 				NL80211_MCGRP_MLME, gfp);
13280 	return;
13281 
13282  nla_put_failure:
13283 	genlmsg_cancel(msg, hdr);
13284 	nlmsg_free(msg);
13285 }
13286 
13287 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
13288 			   u64 cookie, bool acked, gfp_t gfp)
13289 {
13290 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13291 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
13292 	struct sk_buff *msg;
13293 	void *hdr;
13294 
13295 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
13296 
13297 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13298 
13299 	if (!msg)
13300 		return;
13301 
13302 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
13303 	if (!hdr) {
13304 		nlmsg_free(msg);
13305 		return;
13306 	}
13307 
13308 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13309 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
13310 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
13311 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
13312 			      NL80211_ATTR_PAD) ||
13313 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
13314 		goto nla_put_failure;
13315 
13316 	genlmsg_end(msg, hdr);
13317 
13318 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13319 				NL80211_MCGRP_MLME, gfp);
13320 	return;
13321 
13322  nla_put_failure:
13323 	genlmsg_cancel(msg, hdr);
13324 	nlmsg_free(msg);
13325 }
13326 EXPORT_SYMBOL(cfg80211_probe_status);
13327 
13328 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
13329 				 const u8 *frame, size_t len,
13330 				 int freq, int sig_dbm)
13331 {
13332 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13333 	struct sk_buff *msg;
13334 	void *hdr;
13335 	struct cfg80211_beacon_registration *reg;
13336 
13337 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
13338 
13339 	spin_lock_bh(&rdev->beacon_registrations_lock);
13340 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
13341 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
13342 		if (!msg) {
13343 			spin_unlock_bh(&rdev->beacon_registrations_lock);
13344 			return;
13345 		}
13346 
13347 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
13348 		if (!hdr)
13349 			goto nla_put_failure;
13350 
13351 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13352 		    (freq &&
13353 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
13354 		    (sig_dbm &&
13355 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
13356 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
13357 			goto nla_put_failure;
13358 
13359 		genlmsg_end(msg, hdr);
13360 
13361 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
13362 	}
13363 	spin_unlock_bh(&rdev->beacon_registrations_lock);
13364 	return;
13365 
13366  nla_put_failure:
13367 	spin_unlock_bh(&rdev->beacon_registrations_lock);
13368 	if (hdr)
13369 		genlmsg_cancel(msg, hdr);
13370 	nlmsg_free(msg);
13371 }
13372 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
13373 
13374 #ifdef CONFIG_PM
13375 static int cfg80211_net_detect_results(struct sk_buff *msg,
13376 				       struct cfg80211_wowlan_wakeup *wakeup)
13377 {
13378 	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
13379 	struct nlattr *nl_results, *nl_match, *nl_freqs;
13380 	int i, j;
13381 
13382 	nl_results = nla_nest_start(
13383 		msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
13384 	if (!nl_results)
13385 		return -EMSGSIZE;
13386 
13387 	for (i = 0; i < nd->n_matches; i++) {
13388 		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
13389 
13390 		nl_match = nla_nest_start(msg, i);
13391 		if (!nl_match)
13392 			break;
13393 
13394 		/* The SSID attribute is optional in nl80211, but for
13395 		 * simplicity reasons it's always present in the
13396 		 * cfg80211 structure.  If a driver can't pass the
13397 		 * SSID, that needs to be changed.  A zero length SSID
13398 		 * is still a valid SSID (wildcard), so it cannot be
13399 		 * used for this purpose.
13400 		 */
13401 		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
13402 			    match->ssid.ssid)) {
13403 			nla_nest_cancel(msg, nl_match);
13404 			goto out;
13405 		}
13406 
13407 		if (match->n_channels) {
13408 			nl_freqs = nla_nest_start(
13409 				msg, NL80211_ATTR_SCAN_FREQUENCIES);
13410 			if (!nl_freqs) {
13411 				nla_nest_cancel(msg, nl_match);
13412 				goto out;
13413 			}
13414 
13415 			for (j = 0; j < match->n_channels; j++) {
13416 				if (nla_put_u32(msg, j, match->channels[j])) {
13417 					nla_nest_cancel(msg, nl_freqs);
13418 					nla_nest_cancel(msg, nl_match);
13419 					goto out;
13420 				}
13421 			}
13422 
13423 			nla_nest_end(msg, nl_freqs);
13424 		}
13425 
13426 		nla_nest_end(msg, nl_match);
13427 	}
13428 
13429 out:
13430 	nla_nest_end(msg, nl_results);
13431 	return 0;
13432 }
13433 
13434 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
13435 				   struct cfg80211_wowlan_wakeup *wakeup,
13436 				   gfp_t gfp)
13437 {
13438 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
13439 	struct sk_buff *msg;
13440 	void *hdr;
13441 	int size = 200;
13442 
13443 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
13444 
13445 	if (wakeup)
13446 		size += wakeup->packet_present_len;
13447 
13448 	msg = nlmsg_new(size, gfp);
13449 	if (!msg)
13450 		return;
13451 
13452 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
13453 	if (!hdr)
13454 		goto free_msg;
13455 
13456 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13457 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13458 			      NL80211_ATTR_PAD))
13459 		goto free_msg;
13460 
13461 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13462 					wdev->netdev->ifindex))
13463 		goto free_msg;
13464 
13465 	if (wakeup) {
13466 		struct nlattr *reasons;
13467 
13468 		reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
13469 		if (!reasons)
13470 			goto free_msg;
13471 
13472 		if (wakeup->disconnect &&
13473 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
13474 			goto free_msg;
13475 		if (wakeup->magic_pkt &&
13476 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
13477 			goto free_msg;
13478 		if (wakeup->gtk_rekey_failure &&
13479 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
13480 			goto free_msg;
13481 		if (wakeup->eap_identity_req &&
13482 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
13483 			goto free_msg;
13484 		if (wakeup->four_way_handshake &&
13485 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
13486 			goto free_msg;
13487 		if (wakeup->rfkill_release &&
13488 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
13489 			goto free_msg;
13490 
13491 		if (wakeup->pattern_idx >= 0 &&
13492 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
13493 				wakeup->pattern_idx))
13494 			goto free_msg;
13495 
13496 		if (wakeup->tcp_match &&
13497 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
13498 			goto free_msg;
13499 
13500 		if (wakeup->tcp_connlost &&
13501 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
13502 			goto free_msg;
13503 
13504 		if (wakeup->tcp_nomoretokens &&
13505 		    nla_put_flag(msg,
13506 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
13507 			goto free_msg;
13508 
13509 		if (wakeup->packet) {
13510 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
13511 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
13512 
13513 			if (!wakeup->packet_80211) {
13514 				pkt_attr =
13515 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
13516 				len_attr =
13517 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
13518 			}
13519 
13520 			if (wakeup->packet_len &&
13521 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
13522 				goto free_msg;
13523 
13524 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
13525 				    wakeup->packet))
13526 				goto free_msg;
13527 		}
13528 
13529 		if (wakeup->net_detect &&
13530 		    cfg80211_net_detect_results(msg, wakeup))
13531 				goto free_msg;
13532 
13533 		nla_nest_end(msg, reasons);
13534 	}
13535 
13536 	genlmsg_end(msg, hdr);
13537 
13538 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13539 				NL80211_MCGRP_MLME, gfp);
13540 	return;
13541 
13542  free_msg:
13543 	nlmsg_free(msg);
13544 }
13545 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
13546 #endif
13547 
13548 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
13549 				enum nl80211_tdls_operation oper,
13550 				u16 reason_code, gfp_t gfp)
13551 {
13552 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13553 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
13554 	struct sk_buff *msg;
13555 	void *hdr;
13556 
13557 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
13558 					 reason_code);
13559 
13560 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13561 	if (!msg)
13562 		return;
13563 
13564 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
13565 	if (!hdr) {
13566 		nlmsg_free(msg);
13567 		return;
13568 	}
13569 
13570 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13571 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
13572 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
13573 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
13574 	    (reason_code > 0 &&
13575 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
13576 		goto nla_put_failure;
13577 
13578 	genlmsg_end(msg, hdr);
13579 
13580 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13581 				NL80211_MCGRP_MLME, gfp);
13582 	return;
13583 
13584  nla_put_failure:
13585 	genlmsg_cancel(msg, hdr);
13586 	nlmsg_free(msg);
13587 }
13588 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
13589 
13590 static int nl80211_netlink_notify(struct notifier_block * nb,
13591 				  unsigned long state,
13592 				  void *_notify)
13593 {
13594 	struct netlink_notify *notify = _notify;
13595 	struct cfg80211_registered_device *rdev;
13596 	struct wireless_dev *wdev;
13597 	struct cfg80211_beacon_registration *reg, *tmp;
13598 
13599 	if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
13600 		return NOTIFY_DONE;
13601 
13602 	rcu_read_lock();
13603 
13604 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
13605 		bool schedule_destroy_work = false;
13606 		bool schedule_scan_stop = false;
13607 		struct cfg80211_sched_scan_request *sched_scan_req =
13608 			rcu_dereference(rdev->sched_scan_req);
13609 
13610 		if (sched_scan_req && notify->portid &&
13611 		    sched_scan_req->owner_nlportid == notify->portid)
13612 			schedule_scan_stop = true;
13613 
13614 		list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
13615 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
13616 
13617 			if (wdev->owner_nlportid == notify->portid)
13618 				schedule_destroy_work = true;
13619 		}
13620 
13621 		spin_lock_bh(&rdev->beacon_registrations_lock);
13622 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
13623 					 list) {
13624 			if (reg->nlportid == notify->portid) {
13625 				list_del(&reg->list);
13626 				kfree(reg);
13627 				break;
13628 			}
13629 		}
13630 		spin_unlock_bh(&rdev->beacon_registrations_lock);
13631 
13632 		if (schedule_destroy_work) {
13633 			struct cfg80211_iface_destroy *destroy;
13634 
13635 			destroy = kzalloc(sizeof(*destroy), GFP_ATOMIC);
13636 			if (destroy) {
13637 				destroy->nlportid = notify->portid;
13638 				spin_lock(&rdev->destroy_list_lock);
13639 				list_add(&destroy->list, &rdev->destroy_list);
13640 				spin_unlock(&rdev->destroy_list_lock);
13641 				schedule_work(&rdev->destroy_work);
13642 			}
13643 		} else if (schedule_scan_stop) {
13644 			sched_scan_req->owner_nlportid = 0;
13645 
13646 			if (rdev->ops->sched_scan_stop &&
13647 			    rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
13648 				schedule_work(&rdev->sched_scan_stop_wk);
13649 		}
13650 	}
13651 
13652 	rcu_read_unlock();
13653 
13654 	/*
13655 	 * It is possible that the user space process that is controlling the
13656 	 * indoor setting disappeared, so notify the regulatory core.
13657 	 */
13658 	regulatory_netlink_notify(notify->portid);
13659 	return NOTIFY_OK;
13660 }
13661 
13662 static struct notifier_block nl80211_netlink_notifier = {
13663 	.notifier_call = nl80211_netlink_notify,
13664 };
13665 
13666 void cfg80211_ft_event(struct net_device *netdev,
13667 		       struct cfg80211_ft_event_params *ft_event)
13668 {
13669 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
13670 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13671 	struct sk_buff *msg;
13672 	void *hdr;
13673 
13674 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
13675 
13676 	if (!ft_event->target_ap)
13677 		return;
13678 
13679 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13680 	if (!msg)
13681 		return;
13682 
13683 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
13684 	if (!hdr)
13685 		goto out;
13686 
13687 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13688 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13689 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
13690 		goto out;
13691 
13692 	if (ft_event->ies &&
13693 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
13694 		goto out;
13695 	if (ft_event->ric_ies &&
13696 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
13697 		    ft_event->ric_ies))
13698 		goto out;
13699 
13700 	genlmsg_end(msg, hdr);
13701 
13702 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13703 				NL80211_MCGRP_MLME, GFP_KERNEL);
13704 	return;
13705  out:
13706 	nlmsg_free(msg);
13707 }
13708 EXPORT_SYMBOL(cfg80211_ft_event);
13709 
13710 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
13711 {
13712 	struct cfg80211_registered_device *rdev;
13713 	struct sk_buff *msg;
13714 	void *hdr;
13715 	u32 nlportid;
13716 
13717 	rdev = wiphy_to_rdev(wdev->wiphy);
13718 	if (!rdev->crit_proto_nlportid)
13719 		return;
13720 
13721 	nlportid = rdev->crit_proto_nlportid;
13722 	rdev->crit_proto_nlportid = 0;
13723 
13724 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13725 	if (!msg)
13726 		return;
13727 
13728 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
13729 	if (!hdr)
13730 		goto nla_put_failure;
13731 
13732 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13733 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13734 			      NL80211_ATTR_PAD))
13735 		goto nla_put_failure;
13736 
13737 	genlmsg_end(msg, hdr);
13738 
13739 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
13740 	return;
13741 
13742  nla_put_failure:
13743 	if (hdr)
13744 		genlmsg_cancel(msg, hdr);
13745 	nlmsg_free(msg);
13746 }
13747 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
13748 
13749 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
13750 {
13751 	struct wiphy *wiphy = wdev->wiphy;
13752 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13753 	struct sk_buff *msg;
13754 	void *hdr;
13755 
13756 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13757 	if (!msg)
13758 		return;
13759 
13760 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
13761 	if (!hdr)
13762 		goto out;
13763 
13764 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13765 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
13766 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13767 			      NL80211_ATTR_PAD))
13768 		goto out;
13769 
13770 	genlmsg_end(msg, hdr);
13771 
13772 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
13773 				NL80211_MCGRP_MLME, GFP_KERNEL);
13774 	return;
13775  out:
13776 	nlmsg_free(msg);
13777 }
13778 
13779 /* initialisation/exit functions */
13780 
13781 int nl80211_init(void)
13782 {
13783 	int err;
13784 
13785 	err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
13786 						   nl80211_mcgrps);
13787 	if (err)
13788 		return err;
13789 
13790 	err = netlink_register_notifier(&nl80211_netlink_notifier);
13791 	if (err)
13792 		goto err_out;
13793 
13794 	return 0;
13795  err_out:
13796 	genl_unregister_family(&nl80211_fam);
13797 	return err;
13798 }
13799 
13800 void nl80211_exit(void)
13801 {
13802 	netlink_unregister_notifier(&nl80211_netlink_notifier);
13803 	genl_unregister_family(&nl80211_fam);
13804 }
13805