xref: /linux/net/wireless/nl80211.c (revision b43ab901d671e3e3cad425ea5e9a3c74e266dcdd) 
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  */
6 
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include "core.h"
23 #include "nl80211.h"
24 #include "reg.h"
25 
26 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type);
27 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
28 				   struct genl_info *info,
29 				   struct cfg80211_crypto_settings *settings,
30 				   int cipher_limit);
31 
32 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
33 			    struct genl_info *info);
34 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
35 			      struct genl_info *info);
36 
37 /* the netlink family */
38 static struct genl_family nl80211_fam = {
39 	.id = GENL_ID_GENERATE,	/* don't bother with a hardcoded ID */
40 	.name = "nl80211",	/* have users key off the name instead */
41 	.hdrsize = 0,		/* no private header */
42 	.version = 1,		/* no particular meaning now */
43 	.maxattr = NL80211_ATTR_MAX,
44 	.netnsok = true,
45 	.pre_doit = nl80211_pre_doit,
46 	.post_doit = nl80211_post_doit,
47 };
48 
49 /* internal helper: get rdev and dev */
50 static int get_rdev_dev_by_ifindex(struct net *netns, struct nlattr **attrs,
51 				   struct cfg80211_registered_device **rdev,
52 				   struct net_device **dev)
53 {
54 	int ifindex;
55 
56 	if (!attrs[NL80211_ATTR_IFINDEX])
57 		return -EINVAL;
58 
59 	ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
60 	*dev = dev_get_by_index(netns, ifindex);
61 	if (!*dev)
62 		return -ENODEV;
63 
64 	*rdev = cfg80211_get_dev_from_ifindex(netns, ifindex);
65 	if (IS_ERR(*rdev)) {
66 		dev_put(*dev);
67 		return PTR_ERR(*rdev);
68 	}
69 
70 	return 0;
71 }
72 
73 /* policy for the attributes */
74 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
75 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
76 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
77 				      .len = 20-1 },
78 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
79 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
80 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
81 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
82 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
83 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
84 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
85 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
86 
87 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
88 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
89 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
90 
91 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
92 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
93 
94 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
95 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
96 				    .len = WLAN_MAX_KEY_LEN },
97 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
98 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
99 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
100 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
101 	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
102 
103 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
104 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
105 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
106 				       .len = IEEE80211_MAX_DATA_LEN },
107 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
108 				       .len = IEEE80211_MAX_DATA_LEN },
109 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
110 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
111 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
112 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
113 					       .len = NL80211_MAX_SUPP_RATES },
114 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
115 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
116 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
117 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
118 				.len = IEEE80211_MAX_MESH_ID_LEN },
119 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
120 
121 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
122 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
123 
124 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
125 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
126 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
127 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
128 					   .len = NL80211_MAX_SUPP_RATES },
129 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
130 
131 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
132 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
133 
134 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
135 
136 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
137 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
138 			      .len = IEEE80211_MAX_DATA_LEN },
139 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
140 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
141 
142 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
143 				.len = IEEE80211_MAX_SSID_LEN },
144 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
145 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
146 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
147 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
148 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
149 	[NL80211_ATTR_STA_FLAGS2] = {
150 		.len = sizeof(struct nl80211_sta_flag_update),
151 	},
152 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
153 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
154 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
155 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
156 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
157 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
158 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
159 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
160 	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
161 				 .len = WLAN_PMKID_LEN },
162 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
163 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
164 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
165 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
166 				 .len = IEEE80211_MAX_DATA_LEN },
167 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
168 	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
169 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
170 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
171 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
172 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
173 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
174 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
175 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
176 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
177 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
178 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
179 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
180 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
181 	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
182 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
183 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
184 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
185 	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
186 	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
187 					 .len = IEEE80211_MAX_DATA_LEN },
188 	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
189 					 .len = IEEE80211_MAX_DATA_LEN },
190 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
191 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
192 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
193 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
194 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
195 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
196 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
197 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
198 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
199 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
200 				      .len = IEEE80211_MAX_DATA_LEN },
201 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
202 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
203 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
204 		.len = NL80211_HT_CAPABILITY_LEN
205 	},
206 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
207 };
208 
209 /* policy for the key attributes */
210 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
211 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
212 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
213 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
214 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
215 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
216 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
217 	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
218 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
219 };
220 
221 /* policy for the key default flags */
222 static const struct nla_policy
223 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
224 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
225 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
226 };
227 
228 /* policy for WoWLAN attributes */
229 static const struct nla_policy
230 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
231 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
232 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
233 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
234 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
235 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
236 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
237 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
238 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
239 };
240 
241 /* policy for GTK rekey offload attributes */
242 static const struct nla_policy
243 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
244 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
245 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
246 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
247 };
248 
249 static const struct nla_policy
250 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
251 	[NL80211_ATTR_SCHED_SCAN_MATCH_SSID] = { .type = NLA_BINARY,
252 						 .len = IEEE80211_MAX_SSID_LEN },
253 };
254 
255 /* ifidx get helper */
256 static int nl80211_get_ifidx(struct netlink_callback *cb)
257 {
258 	int res;
259 
260 	res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
261 			  nl80211_fam.attrbuf, nl80211_fam.maxattr,
262 			  nl80211_policy);
263 	if (res)
264 		return res;
265 
266 	if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
267 		return -EINVAL;
268 
269 	res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
270 	if (!res)
271 		return -EINVAL;
272 	return res;
273 }
274 
275 static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
276 				       struct netlink_callback *cb,
277 				       struct cfg80211_registered_device **rdev,
278 				       struct net_device **dev)
279 {
280 	int ifidx = cb->args[0];
281 	int err;
282 
283 	if (!ifidx)
284 		ifidx = nl80211_get_ifidx(cb);
285 	if (ifidx < 0)
286 		return ifidx;
287 
288 	cb->args[0] = ifidx;
289 
290 	rtnl_lock();
291 
292 	*dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
293 	if (!*dev) {
294 		err = -ENODEV;
295 		goto out_rtnl;
296 	}
297 
298 	*rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
299 	if (IS_ERR(*rdev)) {
300 		err = PTR_ERR(*rdev);
301 		goto out_rtnl;
302 	}
303 
304 	return 0;
305  out_rtnl:
306 	rtnl_unlock();
307 	return err;
308 }
309 
310 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
311 {
312 	cfg80211_unlock_rdev(rdev);
313 	rtnl_unlock();
314 }
315 
316 /* IE validation */
317 static bool is_valid_ie_attr(const struct nlattr *attr)
318 {
319 	const u8 *pos;
320 	int len;
321 
322 	if (!attr)
323 		return true;
324 
325 	pos = nla_data(attr);
326 	len = nla_len(attr);
327 
328 	while (len) {
329 		u8 elemlen;
330 
331 		if (len < 2)
332 			return false;
333 		len -= 2;
334 
335 		elemlen = pos[1];
336 		if (elemlen > len)
337 			return false;
338 
339 		len -= elemlen;
340 		pos += 2 + elemlen;
341 	}
342 
343 	return true;
344 }
345 
346 /* message building helper */
347 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
348 				   int flags, u8 cmd)
349 {
350 	/* since there is no private header just add the generic one */
351 	return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
352 }
353 
354 static int nl80211_msg_put_channel(struct sk_buff *msg,
355 				   struct ieee80211_channel *chan)
356 {
357 	NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
358 		    chan->center_freq);
359 
360 	if (chan->flags & IEEE80211_CHAN_DISABLED)
361 		NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
362 	if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
363 		NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
364 	if (chan->flags & IEEE80211_CHAN_NO_IBSS)
365 		NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
366 	if (chan->flags & IEEE80211_CHAN_RADAR)
367 		NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
368 
369 	NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
370 		    DBM_TO_MBM(chan->max_power));
371 
372 	return 0;
373 
374  nla_put_failure:
375 	return -ENOBUFS;
376 }
377 
378 /* netlink command implementations */
379 
380 struct key_parse {
381 	struct key_params p;
382 	int idx;
383 	int type;
384 	bool def, defmgmt;
385 	bool def_uni, def_multi;
386 };
387 
388 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
389 {
390 	struct nlattr *tb[NL80211_KEY_MAX + 1];
391 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
392 				   nl80211_key_policy);
393 	if (err)
394 		return err;
395 
396 	k->def = !!tb[NL80211_KEY_DEFAULT];
397 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
398 
399 	if (k->def) {
400 		k->def_uni = true;
401 		k->def_multi = true;
402 	}
403 	if (k->defmgmt)
404 		k->def_multi = true;
405 
406 	if (tb[NL80211_KEY_IDX])
407 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
408 
409 	if (tb[NL80211_KEY_DATA]) {
410 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
411 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
412 	}
413 
414 	if (tb[NL80211_KEY_SEQ]) {
415 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
416 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
417 	}
418 
419 	if (tb[NL80211_KEY_CIPHER])
420 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
421 
422 	if (tb[NL80211_KEY_TYPE]) {
423 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
424 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
425 			return -EINVAL;
426 	}
427 
428 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
429 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
430 		int err = nla_parse_nested(kdt,
431 					   NUM_NL80211_KEY_DEFAULT_TYPES - 1,
432 					   tb[NL80211_KEY_DEFAULT_TYPES],
433 					   nl80211_key_default_policy);
434 		if (err)
435 			return err;
436 
437 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
438 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
439 	}
440 
441 	return 0;
442 }
443 
444 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
445 {
446 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
447 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
448 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
449 	}
450 
451 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
452 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
453 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
454 	}
455 
456 	if (info->attrs[NL80211_ATTR_KEY_IDX])
457 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
458 
459 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
460 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
461 
462 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
463 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
464 
465 	if (k->def) {
466 		k->def_uni = true;
467 		k->def_multi = true;
468 	}
469 	if (k->defmgmt)
470 		k->def_multi = true;
471 
472 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
473 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
474 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
475 			return -EINVAL;
476 	}
477 
478 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
479 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
480 		int err = nla_parse_nested(
481 				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
482 				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
483 				nl80211_key_default_policy);
484 		if (err)
485 			return err;
486 
487 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
488 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
489 	}
490 
491 	return 0;
492 }
493 
494 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
495 {
496 	int err;
497 
498 	memset(k, 0, sizeof(*k));
499 	k->idx = -1;
500 	k->type = -1;
501 
502 	if (info->attrs[NL80211_ATTR_KEY])
503 		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
504 	else
505 		err = nl80211_parse_key_old(info, k);
506 
507 	if (err)
508 		return err;
509 
510 	if (k->def && k->defmgmt)
511 		return -EINVAL;
512 
513 	if (k->defmgmt) {
514 		if (k->def_uni || !k->def_multi)
515 			return -EINVAL;
516 	}
517 
518 	if (k->idx != -1) {
519 		if (k->defmgmt) {
520 			if (k->idx < 4 || k->idx > 5)
521 				return -EINVAL;
522 		} else if (k->def) {
523 			if (k->idx < 0 || k->idx > 3)
524 				return -EINVAL;
525 		} else {
526 			if (k->idx < 0 || k->idx > 5)
527 				return -EINVAL;
528 		}
529 	}
530 
531 	return 0;
532 }
533 
534 static struct cfg80211_cached_keys *
535 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
536 		       struct nlattr *keys)
537 {
538 	struct key_parse parse;
539 	struct nlattr *key;
540 	struct cfg80211_cached_keys *result;
541 	int rem, err, def = 0;
542 
543 	result = kzalloc(sizeof(*result), GFP_KERNEL);
544 	if (!result)
545 		return ERR_PTR(-ENOMEM);
546 
547 	result->def = -1;
548 	result->defmgmt = -1;
549 
550 	nla_for_each_nested(key, keys, rem) {
551 		memset(&parse, 0, sizeof(parse));
552 		parse.idx = -1;
553 
554 		err = nl80211_parse_key_new(key, &parse);
555 		if (err)
556 			goto error;
557 		err = -EINVAL;
558 		if (!parse.p.key)
559 			goto error;
560 		if (parse.idx < 0 || parse.idx > 4)
561 			goto error;
562 		if (parse.def) {
563 			if (def)
564 				goto error;
565 			def = 1;
566 			result->def = parse.idx;
567 			if (!parse.def_uni || !parse.def_multi)
568 				goto error;
569 		} else if (parse.defmgmt)
570 			goto error;
571 		err = cfg80211_validate_key_settings(rdev, &parse.p,
572 						     parse.idx, false, NULL);
573 		if (err)
574 			goto error;
575 		result->params[parse.idx].cipher = parse.p.cipher;
576 		result->params[parse.idx].key_len = parse.p.key_len;
577 		result->params[parse.idx].key = result->data[parse.idx];
578 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
579 	}
580 
581 	return result;
582  error:
583 	kfree(result);
584 	return ERR_PTR(err);
585 }
586 
587 static int nl80211_key_allowed(struct wireless_dev *wdev)
588 {
589 	ASSERT_WDEV_LOCK(wdev);
590 
591 	switch (wdev->iftype) {
592 	case NL80211_IFTYPE_AP:
593 	case NL80211_IFTYPE_AP_VLAN:
594 	case NL80211_IFTYPE_P2P_GO:
595 	case NL80211_IFTYPE_MESH_POINT:
596 		break;
597 	case NL80211_IFTYPE_ADHOC:
598 		if (!wdev->current_bss)
599 			return -ENOLINK;
600 		break;
601 	case NL80211_IFTYPE_STATION:
602 	case NL80211_IFTYPE_P2P_CLIENT:
603 		if (wdev->sme_state != CFG80211_SME_CONNECTED)
604 			return -ENOLINK;
605 		break;
606 	default:
607 		return -EINVAL;
608 	}
609 
610 	return 0;
611 }
612 
613 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
614 {
615 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
616 	int i;
617 
618 	if (!nl_modes)
619 		goto nla_put_failure;
620 
621 	i = 0;
622 	while (ifmodes) {
623 		if (ifmodes & 1)
624 			NLA_PUT_FLAG(msg, i);
625 		ifmodes >>= 1;
626 		i++;
627 	}
628 
629 	nla_nest_end(msg, nl_modes);
630 	return 0;
631 
632 nla_put_failure:
633 	return -ENOBUFS;
634 }
635 
636 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
637 					  struct sk_buff *msg)
638 {
639 	struct nlattr *nl_combis;
640 	int i, j;
641 
642 	nl_combis = nla_nest_start(msg,
643 				NL80211_ATTR_INTERFACE_COMBINATIONS);
644 	if (!nl_combis)
645 		goto nla_put_failure;
646 
647 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
648 		const struct ieee80211_iface_combination *c;
649 		struct nlattr *nl_combi, *nl_limits;
650 
651 		c = &wiphy->iface_combinations[i];
652 
653 		nl_combi = nla_nest_start(msg, i + 1);
654 		if (!nl_combi)
655 			goto nla_put_failure;
656 
657 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
658 		if (!nl_limits)
659 			goto nla_put_failure;
660 
661 		for (j = 0; j < c->n_limits; j++) {
662 			struct nlattr *nl_limit;
663 
664 			nl_limit = nla_nest_start(msg, j + 1);
665 			if (!nl_limit)
666 				goto nla_put_failure;
667 			NLA_PUT_U32(msg, NL80211_IFACE_LIMIT_MAX,
668 				    c->limits[j].max);
669 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
670 						c->limits[j].types))
671 				goto nla_put_failure;
672 			nla_nest_end(msg, nl_limit);
673 		}
674 
675 		nla_nest_end(msg, nl_limits);
676 
677 		if (c->beacon_int_infra_match)
678 			NLA_PUT_FLAG(msg,
679 				NL80211_IFACE_COMB_STA_AP_BI_MATCH);
680 		NLA_PUT_U32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
681 			    c->num_different_channels);
682 		NLA_PUT_U32(msg, NL80211_IFACE_COMB_MAXNUM,
683 			    c->max_interfaces);
684 
685 		nla_nest_end(msg, nl_combi);
686 	}
687 
688 	nla_nest_end(msg, nl_combis);
689 
690 	return 0;
691 nla_put_failure:
692 	return -ENOBUFS;
693 }
694 
695 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
696 			      struct cfg80211_registered_device *dev)
697 {
698 	void *hdr;
699 	struct nlattr *nl_bands, *nl_band;
700 	struct nlattr *nl_freqs, *nl_freq;
701 	struct nlattr *nl_rates, *nl_rate;
702 	struct nlattr *nl_cmds;
703 	enum ieee80211_band band;
704 	struct ieee80211_channel *chan;
705 	struct ieee80211_rate *rate;
706 	int i;
707 	const struct ieee80211_txrx_stypes *mgmt_stypes =
708 				dev->wiphy.mgmt_stypes;
709 
710 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
711 	if (!hdr)
712 		return -1;
713 
714 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
715 	NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
716 
717 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
718 		    cfg80211_rdev_list_generation);
719 
720 	NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
721 		   dev->wiphy.retry_short);
722 	NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
723 		   dev->wiphy.retry_long);
724 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
725 		    dev->wiphy.frag_threshold);
726 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
727 		    dev->wiphy.rts_threshold);
728 	NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
729 		    dev->wiphy.coverage_class);
730 	NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
731 		   dev->wiphy.max_scan_ssids);
732 	NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
733 		   dev->wiphy.max_sched_scan_ssids);
734 	NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
735 		    dev->wiphy.max_scan_ie_len);
736 	NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
737 		    dev->wiphy.max_sched_scan_ie_len);
738 	NLA_PUT_U8(msg, NL80211_ATTR_MAX_MATCH_SETS,
739 		   dev->wiphy.max_match_sets);
740 
741 	if (dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)
742 		NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_IBSS_RSN);
743 	if (dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH)
744 		NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH);
745 	if (dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD)
746 		NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_AP_UAPSD);
747 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)
748 		NLA_PUT_FLAG(msg, NL80211_ATTR_ROAM_SUPPORT);
749 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)
750 		NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_SUPPORT);
751 	if (dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)
752 		NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP);
753 
754 	NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
755 		sizeof(u32) * dev->wiphy.n_cipher_suites,
756 		dev->wiphy.cipher_suites);
757 
758 	NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
759 		   dev->wiphy.max_num_pmkids);
760 
761 	if (dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL)
762 		NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE);
763 
764 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
765 		    dev->wiphy.available_antennas_tx);
766 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
767 		    dev->wiphy.available_antennas_rx);
768 
769 	if (dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD)
770 		NLA_PUT_U32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
771 			    dev->wiphy.probe_resp_offload);
772 
773 	if ((dev->wiphy.available_antennas_tx ||
774 	     dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
775 		u32 tx_ant = 0, rx_ant = 0;
776 		int res;
777 		res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant);
778 		if (!res) {
779 			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, tx_ant);
780 			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, rx_ant);
781 		}
782 	}
783 
784 	if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
785 				dev->wiphy.interface_modes))
786 		goto nla_put_failure;
787 
788 	nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
789 	if (!nl_bands)
790 		goto nla_put_failure;
791 
792 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
793 		if (!dev->wiphy.bands[band])
794 			continue;
795 
796 		nl_band = nla_nest_start(msg, band);
797 		if (!nl_band)
798 			goto nla_put_failure;
799 
800 		/* add HT info */
801 		if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
802 			NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
803 				sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
804 				&dev->wiphy.bands[band]->ht_cap.mcs);
805 			NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
806 				dev->wiphy.bands[band]->ht_cap.cap);
807 			NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
808 				dev->wiphy.bands[band]->ht_cap.ampdu_factor);
809 			NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
810 				dev->wiphy.bands[band]->ht_cap.ampdu_density);
811 		}
812 
813 		/* add frequencies */
814 		nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
815 		if (!nl_freqs)
816 			goto nla_put_failure;
817 
818 		for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
819 			nl_freq = nla_nest_start(msg, i);
820 			if (!nl_freq)
821 				goto nla_put_failure;
822 
823 			chan = &dev->wiphy.bands[band]->channels[i];
824 
825 			if (nl80211_msg_put_channel(msg, chan))
826 				goto nla_put_failure;
827 
828 			nla_nest_end(msg, nl_freq);
829 		}
830 
831 		nla_nest_end(msg, nl_freqs);
832 
833 		/* add bitrates */
834 		nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
835 		if (!nl_rates)
836 			goto nla_put_failure;
837 
838 		for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
839 			nl_rate = nla_nest_start(msg, i);
840 			if (!nl_rate)
841 				goto nla_put_failure;
842 
843 			rate = &dev->wiphy.bands[band]->bitrates[i];
844 			NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
845 				    rate->bitrate);
846 			if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
847 				NLA_PUT_FLAG(msg,
848 					NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
849 
850 			nla_nest_end(msg, nl_rate);
851 		}
852 
853 		nla_nest_end(msg, nl_rates);
854 
855 		nla_nest_end(msg, nl_band);
856 	}
857 	nla_nest_end(msg, nl_bands);
858 
859 	nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
860 	if (!nl_cmds)
861 		goto nla_put_failure;
862 
863 	i = 0;
864 #define CMD(op, n)						\
865 	 do {							\
866 		if (dev->ops->op) {				\
867 			i++;					\
868 			NLA_PUT_U32(msg, i, NL80211_CMD_ ## n);	\
869 		}						\
870 	} while (0)
871 
872 	CMD(add_virtual_intf, NEW_INTERFACE);
873 	CMD(change_virtual_intf, SET_INTERFACE);
874 	CMD(add_key, NEW_KEY);
875 	CMD(add_beacon, NEW_BEACON);
876 	CMD(add_station, NEW_STATION);
877 	CMD(add_mpath, NEW_MPATH);
878 	CMD(update_mesh_config, SET_MESH_CONFIG);
879 	CMD(change_bss, SET_BSS);
880 	CMD(auth, AUTHENTICATE);
881 	CMD(assoc, ASSOCIATE);
882 	CMD(deauth, DEAUTHENTICATE);
883 	CMD(disassoc, DISASSOCIATE);
884 	CMD(join_ibss, JOIN_IBSS);
885 	CMD(join_mesh, JOIN_MESH);
886 	CMD(set_pmksa, SET_PMKSA);
887 	CMD(del_pmksa, DEL_PMKSA);
888 	CMD(flush_pmksa, FLUSH_PMKSA);
889 	if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
890 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
891 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
892 	CMD(mgmt_tx, FRAME);
893 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
894 	if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
895 		i++;
896 		NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
897 	}
898 	CMD(set_channel, SET_CHANNEL);
899 	CMD(set_wds_peer, SET_WDS_PEER);
900 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
901 		CMD(tdls_mgmt, TDLS_MGMT);
902 		CMD(tdls_oper, TDLS_OPER);
903 	}
904 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
905 		CMD(sched_scan_start, START_SCHED_SCAN);
906 	CMD(probe_client, PROBE_CLIENT);
907 	CMD(set_noack_map, SET_NOACK_MAP);
908 	if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
909 		i++;
910 		NLA_PUT_U32(msg, i, NL80211_CMD_REGISTER_BEACONS);
911 	}
912 
913 #ifdef CONFIG_NL80211_TESTMODE
914 	CMD(testmode_cmd, TESTMODE);
915 #endif
916 
917 #undef CMD
918 
919 	if (dev->ops->connect || dev->ops->auth) {
920 		i++;
921 		NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
922 	}
923 
924 	if (dev->ops->disconnect || dev->ops->deauth) {
925 		i++;
926 		NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
927 	}
928 
929 	nla_nest_end(msg, nl_cmds);
930 
931 	if (dev->ops->remain_on_channel &&
932 	    dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
933 		NLA_PUT_U32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
934 			    dev->wiphy.max_remain_on_channel_duration);
935 
936 	if (dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)
937 		NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
938 
939 	if (mgmt_stypes) {
940 		u16 stypes;
941 		struct nlattr *nl_ftypes, *nl_ifs;
942 		enum nl80211_iftype ift;
943 
944 		nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
945 		if (!nl_ifs)
946 			goto nla_put_failure;
947 
948 		for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
949 			nl_ftypes = nla_nest_start(msg, ift);
950 			if (!nl_ftypes)
951 				goto nla_put_failure;
952 			i = 0;
953 			stypes = mgmt_stypes[ift].tx;
954 			while (stypes) {
955 				if (stypes & 1)
956 					NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
957 						    (i << 4) | IEEE80211_FTYPE_MGMT);
958 				stypes >>= 1;
959 				i++;
960 			}
961 			nla_nest_end(msg, nl_ftypes);
962 		}
963 
964 		nla_nest_end(msg, nl_ifs);
965 
966 		nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
967 		if (!nl_ifs)
968 			goto nla_put_failure;
969 
970 		for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
971 			nl_ftypes = nla_nest_start(msg, ift);
972 			if (!nl_ftypes)
973 				goto nla_put_failure;
974 			i = 0;
975 			stypes = mgmt_stypes[ift].rx;
976 			while (stypes) {
977 				if (stypes & 1)
978 					NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
979 						    (i << 4) | IEEE80211_FTYPE_MGMT);
980 				stypes >>= 1;
981 				i++;
982 			}
983 			nla_nest_end(msg, nl_ftypes);
984 		}
985 		nla_nest_end(msg, nl_ifs);
986 	}
987 
988 	if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
989 		struct nlattr *nl_wowlan;
990 
991 		nl_wowlan = nla_nest_start(msg,
992 				NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
993 		if (!nl_wowlan)
994 			goto nla_put_failure;
995 
996 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY)
997 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
998 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT)
999 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
1000 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT)
1001 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
1002 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY)
1003 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED);
1004 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)
1005 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE);
1006 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)
1007 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST);
1008 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)
1009 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE);
1010 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE)
1011 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE);
1012 		if (dev->wiphy.wowlan.n_patterns) {
1013 			struct nl80211_wowlan_pattern_support pat = {
1014 				.max_patterns = dev->wiphy.wowlan.n_patterns,
1015 				.min_pattern_len =
1016 					dev->wiphy.wowlan.pattern_min_len,
1017 				.max_pattern_len =
1018 					dev->wiphy.wowlan.pattern_max_len,
1019 			};
1020 			NLA_PUT(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1021 				sizeof(pat), &pat);
1022 		}
1023 
1024 		nla_nest_end(msg, nl_wowlan);
1025 	}
1026 
1027 	if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1028 				dev->wiphy.software_iftypes))
1029 		goto nla_put_failure;
1030 
1031 	if (nl80211_put_iface_combinations(&dev->wiphy, msg))
1032 		goto nla_put_failure;
1033 
1034 	if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME)
1035 		NLA_PUT_U32(msg, NL80211_ATTR_DEVICE_AP_SME,
1036 			    dev->wiphy.ap_sme_capa);
1037 
1038 	NLA_PUT_U32(msg, NL80211_ATTR_FEATURE_FLAGS, dev->wiphy.features);
1039 
1040 	if (dev->wiphy.ht_capa_mod_mask)
1041 		NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1042 			sizeof(*dev->wiphy.ht_capa_mod_mask),
1043 			dev->wiphy.ht_capa_mod_mask);
1044 
1045 	return genlmsg_end(msg, hdr);
1046 
1047  nla_put_failure:
1048 	genlmsg_cancel(msg, hdr);
1049 	return -EMSGSIZE;
1050 }
1051 
1052 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1053 {
1054 	int idx = 0;
1055 	int start = cb->args[0];
1056 	struct cfg80211_registered_device *dev;
1057 
1058 	mutex_lock(&cfg80211_mutex);
1059 	list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1060 		if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1061 			continue;
1062 		if (++idx <= start)
1063 			continue;
1064 		if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
1065 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
1066 				       dev) < 0) {
1067 			idx--;
1068 			break;
1069 		}
1070 	}
1071 	mutex_unlock(&cfg80211_mutex);
1072 
1073 	cb->args[0] = idx;
1074 
1075 	return skb->len;
1076 }
1077 
1078 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1079 {
1080 	struct sk_buff *msg;
1081 	struct cfg80211_registered_device *dev = info->user_ptr[0];
1082 
1083 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1084 	if (!msg)
1085 		return -ENOMEM;
1086 
1087 	if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) {
1088 		nlmsg_free(msg);
1089 		return -ENOBUFS;
1090 	}
1091 
1092 	return genlmsg_reply(msg, info);
1093 }
1094 
1095 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1096 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1097 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1098 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1099 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1100 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1101 };
1102 
1103 static int parse_txq_params(struct nlattr *tb[],
1104 			    struct ieee80211_txq_params *txq_params)
1105 {
1106 	if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1107 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1108 	    !tb[NL80211_TXQ_ATTR_AIFS])
1109 		return -EINVAL;
1110 
1111 	txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]);
1112 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1113 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1114 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1115 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1116 
1117 	return 0;
1118 }
1119 
1120 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1121 {
1122 	/*
1123 	 * You can only set the channel explicitly for AP, mesh
1124 	 * and WDS type interfaces; all others have their channel
1125 	 * managed via their respective "establish a connection"
1126 	 * command (connect, join, ...)
1127 	 *
1128 	 * Monitors are special as they are normally slaved to
1129 	 * whatever else is going on, so they behave as though
1130 	 * you tried setting the wiphy channel itself.
1131 	 */
1132 	return !wdev ||
1133 		wdev->iftype == NL80211_IFTYPE_AP ||
1134 		wdev->iftype == NL80211_IFTYPE_WDS ||
1135 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1136 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
1137 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1138 }
1139 
1140 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1141 				 struct wireless_dev *wdev,
1142 				 struct genl_info *info)
1143 {
1144 	enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
1145 	u32 freq;
1146 	int result;
1147 
1148 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1149 		return -EINVAL;
1150 
1151 	if (!nl80211_can_set_dev_channel(wdev))
1152 		return -EOPNOTSUPP;
1153 
1154 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1155 		channel_type = nla_get_u32(info->attrs[
1156 				   NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1157 		if (channel_type != NL80211_CHAN_NO_HT &&
1158 		    channel_type != NL80211_CHAN_HT20 &&
1159 		    channel_type != NL80211_CHAN_HT40PLUS &&
1160 		    channel_type != NL80211_CHAN_HT40MINUS)
1161 			return -EINVAL;
1162 	}
1163 
1164 	freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1165 
1166 	mutex_lock(&rdev->devlist_mtx);
1167 	if (wdev) {
1168 		wdev_lock(wdev);
1169 		result = cfg80211_set_freq(rdev, wdev, freq, channel_type);
1170 		wdev_unlock(wdev);
1171 	} else {
1172 		result = cfg80211_set_freq(rdev, NULL, freq, channel_type);
1173 	}
1174 	mutex_unlock(&rdev->devlist_mtx);
1175 
1176 	return result;
1177 }
1178 
1179 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1180 {
1181 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1182 	struct net_device *netdev = info->user_ptr[1];
1183 
1184 	return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1185 }
1186 
1187 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1188 {
1189 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1190 	struct net_device *dev = info->user_ptr[1];
1191 	struct wireless_dev *wdev = dev->ieee80211_ptr;
1192 	const u8 *bssid;
1193 
1194 	if (!info->attrs[NL80211_ATTR_MAC])
1195 		return -EINVAL;
1196 
1197 	if (netif_running(dev))
1198 		return -EBUSY;
1199 
1200 	if (!rdev->ops->set_wds_peer)
1201 		return -EOPNOTSUPP;
1202 
1203 	if (wdev->iftype != NL80211_IFTYPE_WDS)
1204 		return -EOPNOTSUPP;
1205 
1206 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1207 	return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid);
1208 }
1209 
1210 
1211 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1212 {
1213 	struct cfg80211_registered_device *rdev;
1214 	struct net_device *netdev = NULL;
1215 	struct wireless_dev *wdev;
1216 	int result = 0, rem_txq_params = 0;
1217 	struct nlattr *nl_txq_params;
1218 	u32 changed;
1219 	u8 retry_short = 0, retry_long = 0;
1220 	u32 frag_threshold = 0, rts_threshold = 0;
1221 	u8 coverage_class = 0;
1222 
1223 	/*
1224 	 * Try to find the wiphy and netdev. Normally this
1225 	 * function shouldn't need the netdev, but this is
1226 	 * done for backward compatibility -- previously
1227 	 * setting the channel was done per wiphy, but now
1228 	 * it is per netdev. Previous userland like hostapd
1229 	 * also passed a netdev to set_wiphy, so that it is
1230 	 * possible to let that go to the right netdev!
1231 	 */
1232 	mutex_lock(&cfg80211_mutex);
1233 
1234 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
1235 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1236 
1237 		netdev = dev_get_by_index(genl_info_net(info), ifindex);
1238 		if (netdev && netdev->ieee80211_ptr) {
1239 			rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1240 			mutex_lock(&rdev->mtx);
1241 		} else
1242 			netdev = NULL;
1243 	}
1244 
1245 	if (!netdev) {
1246 		rdev = __cfg80211_rdev_from_info(info);
1247 		if (IS_ERR(rdev)) {
1248 			mutex_unlock(&cfg80211_mutex);
1249 			return PTR_ERR(rdev);
1250 		}
1251 		wdev = NULL;
1252 		netdev = NULL;
1253 		result = 0;
1254 
1255 		mutex_lock(&rdev->mtx);
1256 	} else if (netif_running(netdev) &&
1257 		   nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
1258 		wdev = netdev->ieee80211_ptr;
1259 	else
1260 		wdev = NULL;
1261 
1262 	/*
1263 	 * end workaround code, by now the rdev is available
1264 	 * and locked, and wdev may or may not be NULL.
1265 	 */
1266 
1267 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1268 		result = cfg80211_dev_rename(
1269 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1270 
1271 	mutex_unlock(&cfg80211_mutex);
1272 
1273 	if (result)
1274 		goto bad_res;
1275 
1276 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1277 		struct ieee80211_txq_params txq_params;
1278 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1279 
1280 		if (!rdev->ops->set_txq_params) {
1281 			result = -EOPNOTSUPP;
1282 			goto bad_res;
1283 		}
1284 
1285 		if (!netdev) {
1286 			result = -EINVAL;
1287 			goto bad_res;
1288 		}
1289 
1290 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1291 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1292 			result = -EINVAL;
1293 			goto bad_res;
1294 		}
1295 
1296 		nla_for_each_nested(nl_txq_params,
1297 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1298 				    rem_txq_params) {
1299 			nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1300 				  nla_data(nl_txq_params),
1301 				  nla_len(nl_txq_params),
1302 				  txq_params_policy);
1303 			result = parse_txq_params(tb, &txq_params);
1304 			if (result)
1305 				goto bad_res;
1306 
1307 			result = rdev->ops->set_txq_params(&rdev->wiphy,
1308 							   netdev,
1309 							   &txq_params);
1310 			if (result)
1311 				goto bad_res;
1312 		}
1313 	}
1314 
1315 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1316 		result = __nl80211_set_channel(rdev, wdev, info);
1317 		if (result)
1318 			goto bad_res;
1319 	}
1320 
1321 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1322 		enum nl80211_tx_power_setting type;
1323 		int idx, mbm = 0;
1324 
1325 		if (!rdev->ops->set_tx_power) {
1326 			result = -EOPNOTSUPP;
1327 			goto bad_res;
1328 		}
1329 
1330 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1331 		type = nla_get_u32(info->attrs[idx]);
1332 
1333 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1334 		    (type != NL80211_TX_POWER_AUTOMATIC)) {
1335 			result = -EINVAL;
1336 			goto bad_res;
1337 		}
1338 
1339 		if (type != NL80211_TX_POWER_AUTOMATIC) {
1340 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1341 			mbm = nla_get_u32(info->attrs[idx]);
1342 		}
1343 
1344 		result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
1345 		if (result)
1346 			goto bad_res;
1347 	}
1348 
1349 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1350 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1351 		u32 tx_ant, rx_ant;
1352 		if ((!rdev->wiphy.available_antennas_tx &&
1353 		     !rdev->wiphy.available_antennas_rx) ||
1354 		    !rdev->ops->set_antenna) {
1355 			result = -EOPNOTSUPP;
1356 			goto bad_res;
1357 		}
1358 
1359 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
1360 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
1361 
1362 		/* reject antenna configurations which don't match the
1363 		 * available antenna masks, except for the "all" mask */
1364 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
1365 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
1366 			result = -EINVAL;
1367 			goto bad_res;
1368 		}
1369 
1370 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
1371 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
1372 
1373 		result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant);
1374 		if (result)
1375 			goto bad_res;
1376 	}
1377 
1378 	changed = 0;
1379 
1380 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
1381 		retry_short = nla_get_u8(
1382 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
1383 		if (retry_short == 0) {
1384 			result = -EINVAL;
1385 			goto bad_res;
1386 		}
1387 		changed |= WIPHY_PARAM_RETRY_SHORT;
1388 	}
1389 
1390 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
1391 		retry_long = nla_get_u8(
1392 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
1393 		if (retry_long == 0) {
1394 			result = -EINVAL;
1395 			goto bad_res;
1396 		}
1397 		changed |= WIPHY_PARAM_RETRY_LONG;
1398 	}
1399 
1400 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
1401 		frag_threshold = nla_get_u32(
1402 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
1403 		if (frag_threshold < 256) {
1404 			result = -EINVAL;
1405 			goto bad_res;
1406 		}
1407 		if (frag_threshold != (u32) -1) {
1408 			/*
1409 			 * Fragments (apart from the last one) are required to
1410 			 * have even length. Make the fragmentation code
1411 			 * simpler by stripping LSB should someone try to use
1412 			 * odd threshold value.
1413 			 */
1414 			frag_threshold &= ~0x1;
1415 		}
1416 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1417 	}
1418 
1419 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1420 		rts_threshold = nla_get_u32(
1421 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1422 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
1423 	}
1424 
1425 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1426 		coverage_class = nla_get_u8(
1427 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1428 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
1429 	}
1430 
1431 	if (changed) {
1432 		u8 old_retry_short, old_retry_long;
1433 		u32 old_frag_threshold, old_rts_threshold;
1434 		u8 old_coverage_class;
1435 
1436 		if (!rdev->ops->set_wiphy_params) {
1437 			result = -EOPNOTSUPP;
1438 			goto bad_res;
1439 		}
1440 
1441 		old_retry_short = rdev->wiphy.retry_short;
1442 		old_retry_long = rdev->wiphy.retry_long;
1443 		old_frag_threshold = rdev->wiphy.frag_threshold;
1444 		old_rts_threshold = rdev->wiphy.rts_threshold;
1445 		old_coverage_class = rdev->wiphy.coverage_class;
1446 
1447 		if (changed & WIPHY_PARAM_RETRY_SHORT)
1448 			rdev->wiphy.retry_short = retry_short;
1449 		if (changed & WIPHY_PARAM_RETRY_LONG)
1450 			rdev->wiphy.retry_long = retry_long;
1451 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1452 			rdev->wiphy.frag_threshold = frag_threshold;
1453 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1454 			rdev->wiphy.rts_threshold = rts_threshold;
1455 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1456 			rdev->wiphy.coverage_class = coverage_class;
1457 
1458 		result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
1459 		if (result) {
1460 			rdev->wiphy.retry_short = old_retry_short;
1461 			rdev->wiphy.retry_long = old_retry_long;
1462 			rdev->wiphy.frag_threshold = old_frag_threshold;
1463 			rdev->wiphy.rts_threshold = old_rts_threshold;
1464 			rdev->wiphy.coverage_class = old_coverage_class;
1465 		}
1466 	}
1467 
1468  bad_res:
1469 	mutex_unlock(&rdev->mtx);
1470 	if (netdev)
1471 		dev_put(netdev);
1472 	return result;
1473 }
1474 
1475 
1476 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1477 			      struct cfg80211_registered_device *rdev,
1478 			      struct net_device *dev)
1479 {
1480 	void *hdr;
1481 
1482 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1483 	if (!hdr)
1484 		return -1;
1485 
1486 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1487 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
1488 	NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
1489 	NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
1490 
1491 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
1492 		    rdev->devlist_generation ^
1493 			(cfg80211_rdev_list_generation << 2));
1494 
1495 	return genlmsg_end(msg, hdr);
1496 
1497  nla_put_failure:
1498 	genlmsg_cancel(msg, hdr);
1499 	return -EMSGSIZE;
1500 }
1501 
1502 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1503 {
1504 	int wp_idx = 0;
1505 	int if_idx = 0;
1506 	int wp_start = cb->args[0];
1507 	int if_start = cb->args[1];
1508 	struct cfg80211_registered_device *rdev;
1509 	struct wireless_dev *wdev;
1510 
1511 	mutex_lock(&cfg80211_mutex);
1512 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1513 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1514 			continue;
1515 		if (wp_idx < wp_start) {
1516 			wp_idx++;
1517 			continue;
1518 		}
1519 		if_idx = 0;
1520 
1521 		mutex_lock(&rdev->devlist_mtx);
1522 		list_for_each_entry(wdev, &rdev->netdev_list, list) {
1523 			if (if_idx < if_start) {
1524 				if_idx++;
1525 				continue;
1526 			}
1527 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
1528 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
1529 					       rdev, wdev->netdev) < 0) {
1530 				mutex_unlock(&rdev->devlist_mtx);
1531 				goto out;
1532 			}
1533 			if_idx++;
1534 		}
1535 		mutex_unlock(&rdev->devlist_mtx);
1536 
1537 		wp_idx++;
1538 	}
1539  out:
1540 	mutex_unlock(&cfg80211_mutex);
1541 
1542 	cb->args[0] = wp_idx;
1543 	cb->args[1] = if_idx;
1544 
1545 	return skb->len;
1546 }
1547 
1548 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1549 {
1550 	struct sk_buff *msg;
1551 	struct cfg80211_registered_device *dev = info->user_ptr[0];
1552 	struct net_device *netdev = info->user_ptr[1];
1553 
1554 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1555 	if (!msg)
1556 		return -ENOMEM;
1557 
1558 	if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
1559 			       dev, netdev) < 0) {
1560 		nlmsg_free(msg);
1561 		return -ENOBUFS;
1562 	}
1563 
1564 	return genlmsg_reply(msg, info);
1565 }
1566 
1567 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1568 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1569 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1570 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1571 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1572 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1573 };
1574 
1575 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1576 {
1577 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1578 	int flag;
1579 
1580 	*mntrflags = 0;
1581 
1582 	if (!nla)
1583 		return -EINVAL;
1584 
1585 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1586 			     nla, mntr_flags_policy))
1587 		return -EINVAL;
1588 
1589 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1590 		if (flags[flag])
1591 			*mntrflags |= (1<<flag);
1592 
1593 	return 0;
1594 }
1595 
1596 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1597 			       struct net_device *netdev, u8 use_4addr,
1598 			       enum nl80211_iftype iftype)
1599 {
1600 	if (!use_4addr) {
1601 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1602 			return -EBUSY;
1603 		return 0;
1604 	}
1605 
1606 	switch (iftype) {
1607 	case NL80211_IFTYPE_AP_VLAN:
1608 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1609 			return 0;
1610 		break;
1611 	case NL80211_IFTYPE_STATION:
1612 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1613 			return 0;
1614 		break;
1615 	default:
1616 		break;
1617 	}
1618 
1619 	return -EOPNOTSUPP;
1620 }
1621 
1622 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1623 {
1624 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1625 	struct vif_params params;
1626 	int err;
1627 	enum nl80211_iftype otype, ntype;
1628 	struct net_device *dev = info->user_ptr[1];
1629 	u32 _flags, *flags = NULL;
1630 	bool change = false;
1631 
1632 	memset(&params, 0, sizeof(params));
1633 
1634 	otype = ntype = dev->ieee80211_ptr->iftype;
1635 
1636 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
1637 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1638 		if (otype != ntype)
1639 			change = true;
1640 		if (ntype > NL80211_IFTYPE_MAX)
1641 			return -EINVAL;
1642 	}
1643 
1644 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
1645 		struct wireless_dev *wdev = dev->ieee80211_ptr;
1646 
1647 		if (ntype != NL80211_IFTYPE_MESH_POINT)
1648 			return -EINVAL;
1649 		if (netif_running(dev))
1650 			return -EBUSY;
1651 
1652 		wdev_lock(wdev);
1653 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1654 			     IEEE80211_MAX_MESH_ID_LEN);
1655 		wdev->mesh_id_up_len =
1656 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1657 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1658 		       wdev->mesh_id_up_len);
1659 		wdev_unlock(wdev);
1660 	}
1661 
1662 	if (info->attrs[NL80211_ATTR_4ADDR]) {
1663 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1664 		change = true;
1665 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1666 		if (err)
1667 			return err;
1668 	} else {
1669 		params.use_4addr = -1;
1670 	}
1671 
1672 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1673 		if (ntype != NL80211_IFTYPE_MONITOR)
1674 			return -EINVAL;
1675 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1676 					  &_flags);
1677 		if (err)
1678 			return err;
1679 
1680 		flags = &_flags;
1681 		change = true;
1682 	}
1683 
1684 	if (change)
1685 		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1686 	else
1687 		err = 0;
1688 
1689 	if (!err && params.use_4addr != -1)
1690 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
1691 
1692 	return err;
1693 }
1694 
1695 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1696 {
1697 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1698 	struct vif_params params;
1699 	struct net_device *dev;
1700 	int err;
1701 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1702 	u32 flags;
1703 
1704 	memset(&params, 0, sizeof(params));
1705 
1706 	if (!info->attrs[NL80211_ATTR_IFNAME])
1707 		return -EINVAL;
1708 
1709 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
1710 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1711 		if (type > NL80211_IFTYPE_MAX)
1712 			return -EINVAL;
1713 	}
1714 
1715 	if (!rdev->ops->add_virtual_intf ||
1716 	    !(rdev->wiphy.interface_modes & (1 << type)))
1717 		return -EOPNOTSUPP;
1718 
1719 	if (info->attrs[NL80211_ATTR_4ADDR]) {
1720 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1721 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1722 		if (err)
1723 			return err;
1724 	}
1725 
1726 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1727 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1728 				  &flags);
1729 	dev = rdev->ops->add_virtual_intf(&rdev->wiphy,
1730 		nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1731 		type, err ? NULL : &flags, &params);
1732 	if (IS_ERR(dev))
1733 		return PTR_ERR(dev);
1734 
1735 	if (type == NL80211_IFTYPE_MESH_POINT &&
1736 	    info->attrs[NL80211_ATTR_MESH_ID]) {
1737 		struct wireless_dev *wdev = dev->ieee80211_ptr;
1738 
1739 		wdev_lock(wdev);
1740 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1741 			     IEEE80211_MAX_MESH_ID_LEN);
1742 		wdev->mesh_id_up_len =
1743 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1744 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1745 		       wdev->mesh_id_up_len);
1746 		wdev_unlock(wdev);
1747 	}
1748 
1749 	return 0;
1750 }
1751 
1752 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1753 {
1754 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1755 	struct net_device *dev = info->user_ptr[1];
1756 
1757 	if (!rdev->ops->del_virtual_intf)
1758 		return -EOPNOTSUPP;
1759 
1760 	return rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1761 }
1762 
1763 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
1764 {
1765 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1766 	struct net_device *dev = info->user_ptr[1];
1767 	u16 noack_map;
1768 
1769 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
1770 		return -EINVAL;
1771 
1772 	if (!rdev->ops->set_noack_map)
1773 		return -EOPNOTSUPP;
1774 
1775 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
1776 
1777 	return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map);
1778 }
1779 
1780 struct get_key_cookie {
1781 	struct sk_buff *msg;
1782 	int error;
1783 	int idx;
1784 };
1785 
1786 static void get_key_callback(void *c, struct key_params *params)
1787 {
1788 	struct nlattr *key;
1789 	struct get_key_cookie *cookie = c;
1790 
1791 	if (params->key)
1792 		NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
1793 			params->key_len, params->key);
1794 
1795 	if (params->seq)
1796 		NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
1797 			params->seq_len, params->seq);
1798 
1799 	if (params->cipher)
1800 		NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1801 			    params->cipher);
1802 
1803 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1804 	if (!key)
1805 		goto nla_put_failure;
1806 
1807 	if (params->key)
1808 		NLA_PUT(cookie->msg, NL80211_KEY_DATA,
1809 			params->key_len, params->key);
1810 
1811 	if (params->seq)
1812 		NLA_PUT(cookie->msg, NL80211_KEY_SEQ,
1813 			params->seq_len, params->seq);
1814 
1815 	if (params->cipher)
1816 		NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER,
1817 			    params->cipher);
1818 
1819 	NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx);
1820 
1821 	nla_nest_end(cookie->msg, key);
1822 
1823 	return;
1824  nla_put_failure:
1825 	cookie->error = 1;
1826 }
1827 
1828 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1829 {
1830 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1831 	int err;
1832 	struct net_device *dev = info->user_ptr[1];
1833 	u8 key_idx = 0;
1834 	const u8 *mac_addr = NULL;
1835 	bool pairwise;
1836 	struct get_key_cookie cookie = {
1837 		.error = 0,
1838 	};
1839 	void *hdr;
1840 	struct sk_buff *msg;
1841 
1842 	if (info->attrs[NL80211_ATTR_KEY_IDX])
1843 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1844 
1845 	if (key_idx > 5)
1846 		return -EINVAL;
1847 
1848 	if (info->attrs[NL80211_ATTR_MAC])
1849 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1850 
1851 	pairwise = !!mac_addr;
1852 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
1853 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1854 		if (kt >= NUM_NL80211_KEYTYPES)
1855 			return -EINVAL;
1856 		if (kt != NL80211_KEYTYPE_GROUP &&
1857 		    kt != NL80211_KEYTYPE_PAIRWISE)
1858 			return -EINVAL;
1859 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
1860 	}
1861 
1862 	if (!rdev->ops->get_key)
1863 		return -EOPNOTSUPP;
1864 
1865 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1866 	if (!msg)
1867 		return -ENOMEM;
1868 
1869 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1870 			     NL80211_CMD_NEW_KEY);
1871 	if (IS_ERR(hdr))
1872 		return PTR_ERR(hdr);
1873 
1874 	cookie.msg = msg;
1875 	cookie.idx = key_idx;
1876 
1877 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1878 	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1879 	if (mac_addr)
1880 		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1881 
1882 	if (pairwise && mac_addr &&
1883 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
1884 		return -ENOENT;
1885 
1886 	err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise,
1887 				 mac_addr, &cookie, get_key_callback);
1888 
1889 	if (err)
1890 		goto free_msg;
1891 
1892 	if (cookie.error)
1893 		goto nla_put_failure;
1894 
1895 	genlmsg_end(msg, hdr);
1896 	return genlmsg_reply(msg, info);
1897 
1898  nla_put_failure:
1899 	err = -ENOBUFS;
1900  free_msg:
1901 	nlmsg_free(msg);
1902 	return err;
1903 }
1904 
1905 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1906 {
1907 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1908 	struct key_parse key;
1909 	int err;
1910 	struct net_device *dev = info->user_ptr[1];
1911 
1912 	err = nl80211_parse_key(info, &key);
1913 	if (err)
1914 		return err;
1915 
1916 	if (key.idx < 0)
1917 		return -EINVAL;
1918 
1919 	/* only support setting default key */
1920 	if (!key.def && !key.defmgmt)
1921 		return -EINVAL;
1922 
1923 	wdev_lock(dev->ieee80211_ptr);
1924 
1925 	if (key.def) {
1926 		if (!rdev->ops->set_default_key) {
1927 			err = -EOPNOTSUPP;
1928 			goto out;
1929 		}
1930 
1931 		err = nl80211_key_allowed(dev->ieee80211_ptr);
1932 		if (err)
1933 			goto out;
1934 
1935 		err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx,
1936 						 key.def_uni, key.def_multi);
1937 
1938 		if (err)
1939 			goto out;
1940 
1941 #ifdef CONFIG_CFG80211_WEXT
1942 		dev->ieee80211_ptr->wext.default_key = key.idx;
1943 #endif
1944 	} else {
1945 		if (key.def_uni || !key.def_multi) {
1946 			err = -EINVAL;
1947 			goto out;
1948 		}
1949 
1950 		if (!rdev->ops->set_default_mgmt_key) {
1951 			err = -EOPNOTSUPP;
1952 			goto out;
1953 		}
1954 
1955 		err = nl80211_key_allowed(dev->ieee80211_ptr);
1956 		if (err)
1957 			goto out;
1958 
1959 		err = rdev->ops->set_default_mgmt_key(&rdev->wiphy,
1960 						      dev, key.idx);
1961 		if (err)
1962 			goto out;
1963 
1964 #ifdef CONFIG_CFG80211_WEXT
1965 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
1966 #endif
1967 	}
1968 
1969  out:
1970 	wdev_unlock(dev->ieee80211_ptr);
1971 
1972 	return err;
1973 }
1974 
1975 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
1976 {
1977 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1978 	int err;
1979 	struct net_device *dev = info->user_ptr[1];
1980 	struct key_parse key;
1981 	const u8 *mac_addr = NULL;
1982 
1983 	err = nl80211_parse_key(info, &key);
1984 	if (err)
1985 		return err;
1986 
1987 	if (!key.p.key)
1988 		return -EINVAL;
1989 
1990 	if (info->attrs[NL80211_ATTR_MAC])
1991 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1992 
1993 	if (key.type == -1) {
1994 		if (mac_addr)
1995 			key.type = NL80211_KEYTYPE_PAIRWISE;
1996 		else
1997 			key.type = NL80211_KEYTYPE_GROUP;
1998 	}
1999 
2000 	/* for now */
2001 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2002 	    key.type != NL80211_KEYTYPE_GROUP)
2003 		return -EINVAL;
2004 
2005 	if (!rdev->ops->add_key)
2006 		return -EOPNOTSUPP;
2007 
2008 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2009 					   key.type == NL80211_KEYTYPE_PAIRWISE,
2010 					   mac_addr))
2011 		return -EINVAL;
2012 
2013 	wdev_lock(dev->ieee80211_ptr);
2014 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2015 	if (!err)
2016 		err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
2017 					 key.type == NL80211_KEYTYPE_PAIRWISE,
2018 					 mac_addr, &key.p);
2019 	wdev_unlock(dev->ieee80211_ptr);
2020 
2021 	return err;
2022 }
2023 
2024 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2025 {
2026 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2027 	int err;
2028 	struct net_device *dev = info->user_ptr[1];
2029 	u8 *mac_addr = NULL;
2030 	struct key_parse key;
2031 
2032 	err = nl80211_parse_key(info, &key);
2033 	if (err)
2034 		return err;
2035 
2036 	if (info->attrs[NL80211_ATTR_MAC])
2037 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2038 
2039 	if (key.type == -1) {
2040 		if (mac_addr)
2041 			key.type = NL80211_KEYTYPE_PAIRWISE;
2042 		else
2043 			key.type = NL80211_KEYTYPE_GROUP;
2044 	}
2045 
2046 	/* for now */
2047 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2048 	    key.type != NL80211_KEYTYPE_GROUP)
2049 		return -EINVAL;
2050 
2051 	if (!rdev->ops->del_key)
2052 		return -EOPNOTSUPP;
2053 
2054 	wdev_lock(dev->ieee80211_ptr);
2055 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2056 
2057 	if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2058 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2059 		err = -ENOENT;
2060 
2061 	if (!err)
2062 		err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx,
2063 					 key.type == NL80211_KEYTYPE_PAIRWISE,
2064 					 mac_addr);
2065 
2066 #ifdef CONFIG_CFG80211_WEXT
2067 	if (!err) {
2068 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
2069 			dev->ieee80211_ptr->wext.default_key = -1;
2070 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2071 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2072 	}
2073 #endif
2074 	wdev_unlock(dev->ieee80211_ptr);
2075 
2076 	return err;
2077 }
2078 
2079 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
2080 {
2081         int (*call)(struct wiphy *wiphy, struct net_device *dev,
2082 		    struct beacon_parameters *info);
2083 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2084 	struct net_device *dev = info->user_ptr[1];
2085 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2086 	struct beacon_parameters params;
2087 	int haveinfo = 0, err;
2088 
2089 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) ||
2090 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) ||
2091 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
2092 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]))
2093 		return -EINVAL;
2094 
2095 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2096 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2097 		return -EOPNOTSUPP;
2098 
2099 	memset(&params, 0, sizeof(params));
2100 
2101 	switch (info->genlhdr->cmd) {
2102 	case NL80211_CMD_NEW_BEACON:
2103 		/* these are required for NEW_BEACON */
2104 		if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
2105 		    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
2106 		    !info->attrs[NL80211_ATTR_BEACON_HEAD])
2107 			return -EINVAL;
2108 
2109 		params.interval =
2110 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
2111 		params.dtim_period =
2112 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
2113 
2114 		err = cfg80211_validate_beacon_int(rdev, params.interval);
2115 		if (err)
2116 			return err;
2117 
2118 		/*
2119 		 * In theory, some of these attributes could be required for
2120 		 * NEW_BEACON, but since they were not used when the command was
2121 		 * originally added, keep them optional for old user space
2122 		 * programs to work with drivers that do not need the additional
2123 		 * information.
2124 		 */
2125 		if (info->attrs[NL80211_ATTR_SSID]) {
2126 			params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
2127 			params.ssid_len =
2128 				nla_len(info->attrs[NL80211_ATTR_SSID]);
2129 			if (params.ssid_len == 0 ||
2130 			    params.ssid_len > IEEE80211_MAX_SSID_LEN)
2131 				return -EINVAL;
2132 		}
2133 
2134 		if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
2135 			params.hidden_ssid = nla_get_u32(
2136 				info->attrs[NL80211_ATTR_HIDDEN_SSID]);
2137 			if (params.hidden_ssid !=
2138 			    NL80211_HIDDEN_SSID_NOT_IN_USE &&
2139 			    params.hidden_ssid !=
2140 			    NL80211_HIDDEN_SSID_ZERO_LEN &&
2141 			    params.hidden_ssid !=
2142 			    NL80211_HIDDEN_SSID_ZERO_CONTENTS)
2143 				return -EINVAL;
2144 		}
2145 
2146 		params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
2147 
2148 		if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
2149 			params.auth_type = nla_get_u32(
2150 				info->attrs[NL80211_ATTR_AUTH_TYPE]);
2151 			if (!nl80211_valid_auth_type(params.auth_type))
2152 				return -EINVAL;
2153 		} else
2154 			params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
2155 
2156 		err = nl80211_crypto_settings(rdev, info, &params.crypto,
2157 					      NL80211_MAX_NR_CIPHER_SUITES);
2158 		if (err)
2159 			return err;
2160 
2161 		call = rdev->ops->add_beacon;
2162 		break;
2163 	case NL80211_CMD_SET_BEACON:
2164 		call = rdev->ops->set_beacon;
2165 		break;
2166 	default:
2167 		WARN_ON(1);
2168 		return -EOPNOTSUPP;
2169 	}
2170 
2171 	if (!call)
2172 		return -EOPNOTSUPP;
2173 
2174 	if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
2175 		params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2176 		params.head_len =
2177 		    nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2178 		haveinfo = 1;
2179 	}
2180 
2181 	if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
2182 		params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2183 		params.tail_len =
2184 		    nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2185 		haveinfo = 1;
2186 	}
2187 
2188 	if (!haveinfo)
2189 		return -EINVAL;
2190 
2191 	if (info->attrs[NL80211_ATTR_IE]) {
2192 		params.beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]);
2193 		params.beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2194 	}
2195 
2196 	if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) {
2197 		params.proberesp_ies =
2198 			nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2199 		params.proberesp_ies_len =
2200 			nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2201 	}
2202 
2203 	if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
2204 		params.assocresp_ies =
2205 			nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2206 		params.assocresp_ies_len =
2207 			nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2208 	}
2209 
2210 	if (info->attrs[NL80211_ATTR_PROBE_RESP]) {
2211 		params.probe_resp =
2212 			nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]);
2213 		params.probe_resp_len =
2214 			nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]);
2215 	}
2216 
2217 	err = call(&rdev->wiphy, dev, &params);
2218 	if (!err && params.interval)
2219 		wdev->beacon_interval = params.interval;
2220 	return err;
2221 }
2222 
2223 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
2224 {
2225 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2226 	struct net_device *dev = info->user_ptr[1];
2227 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2228 	int err;
2229 
2230 	if (!rdev->ops->del_beacon)
2231 		return -EOPNOTSUPP;
2232 
2233 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2234 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2235 		return -EOPNOTSUPP;
2236 
2237 	err = rdev->ops->del_beacon(&rdev->wiphy, dev);
2238 	if (!err)
2239 		wdev->beacon_interval = 0;
2240 	return err;
2241 }
2242 
2243 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
2244 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
2245 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
2246 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
2247 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
2248 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
2249 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
2250 };
2251 
2252 static int parse_station_flags(struct genl_info *info,
2253 			       enum nl80211_iftype iftype,
2254 			       struct station_parameters *params)
2255 {
2256 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
2257 	struct nlattr *nla;
2258 	int flag;
2259 
2260 	/*
2261 	 * Try parsing the new attribute first so userspace
2262 	 * can specify both for older kernels.
2263 	 */
2264 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
2265 	if (nla) {
2266 		struct nl80211_sta_flag_update *sta_flags;
2267 
2268 		sta_flags = nla_data(nla);
2269 		params->sta_flags_mask = sta_flags->mask;
2270 		params->sta_flags_set = sta_flags->set;
2271 		if ((params->sta_flags_mask |
2272 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
2273 			return -EINVAL;
2274 		return 0;
2275 	}
2276 
2277 	/* if present, parse the old attribute */
2278 
2279 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
2280 	if (!nla)
2281 		return 0;
2282 
2283 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
2284 			     nla, sta_flags_policy))
2285 		return -EINVAL;
2286 
2287 	/*
2288 	 * Only allow certain flags for interface types so that
2289 	 * other attributes are silently ignored. Remember that
2290 	 * this is backward compatibility code with old userspace
2291 	 * and shouldn't be hit in other cases anyway.
2292 	 */
2293 	switch (iftype) {
2294 	case NL80211_IFTYPE_AP:
2295 	case NL80211_IFTYPE_AP_VLAN:
2296 	case NL80211_IFTYPE_P2P_GO:
2297 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2298 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2299 					 BIT(NL80211_STA_FLAG_WME) |
2300 					 BIT(NL80211_STA_FLAG_MFP);
2301 		break;
2302 	case NL80211_IFTYPE_P2P_CLIENT:
2303 	case NL80211_IFTYPE_STATION:
2304 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2305 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
2306 		break;
2307 	case NL80211_IFTYPE_MESH_POINT:
2308 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2309 					 BIT(NL80211_STA_FLAG_MFP) |
2310 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
2311 	default:
2312 		return -EINVAL;
2313 	}
2314 
2315 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
2316 		if (flags[flag])
2317 			params->sta_flags_set |= (1<<flag);
2318 
2319 	return 0;
2320 }
2321 
2322 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
2323 				 int attr)
2324 {
2325 	struct nlattr *rate;
2326 	u16 bitrate;
2327 
2328 	rate = nla_nest_start(msg, attr);
2329 	if (!rate)
2330 		goto nla_put_failure;
2331 
2332 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
2333 	bitrate = cfg80211_calculate_bitrate(info);
2334 	if (bitrate > 0)
2335 		NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
2336 
2337 	if (info->flags & RATE_INFO_FLAGS_MCS)
2338 		NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, info->mcs);
2339 	if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
2340 		NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
2341 	if (info->flags & RATE_INFO_FLAGS_SHORT_GI)
2342 		NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
2343 
2344 	nla_nest_end(msg, rate);
2345 	return true;
2346 
2347 nla_put_failure:
2348 	return false;
2349 }
2350 
2351 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2352 				int flags, struct net_device *dev,
2353 				const u8 *mac_addr, struct station_info *sinfo)
2354 {
2355 	void *hdr;
2356 	struct nlattr *sinfoattr, *bss_param;
2357 
2358 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2359 	if (!hdr)
2360 		return -1;
2361 
2362 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2363 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
2364 
2365 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation);
2366 
2367 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2368 	if (!sinfoattr)
2369 		goto nla_put_failure;
2370 	if (sinfo->filled & STATION_INFO_CONNECTED_TIME)
2371 		NLA_PUT_U32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2372 			    sinfo->connected_time);
2373 	if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
2374 		NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2375 			    sinfo->inactive_time);
2376 	if (sinfo->filled & STATION_INFO_RX_BYTES)
2377 		NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
2378 			    sinfo->rx_bytes);
2379 	if (sinfo->filled & STATION_INFO_TX_BYTES)
2380 		NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
2381 			    sinfo->tx_bytes);
2382 	if (sinfo->filled & STATION_INFO_LLID)
2383 		NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
2384 			    sinfo->llid);
2385 	if (sinfo->filled & STATION_INFO_PLID)
2386 		NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
2387 			    sinfo->plid);
2388 	if (sinfo->filled & STATION_INFO_PLINK_STATE)
2389 		NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
2390 			    sinfo->plink_state);
2391 	if (sinfo->filled & STATION_INFO_SIGNAL)
2392 		NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
2393 			   sinfo->signal);
2394 	if (sinfo->filled & STATION_INFO_SIGNAL_AVG)
2395 		NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL_AVG,
2396 			   sinfo->signal_avg);
2397 	if (sinfo->filled & STATION_INFO_TX_BITRATE) {
2398 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
2399 					  NL80211_STA_INFO_TX_BITRATE))
2400 			goto nla_put_failure;
2401 	}
2402 	if (sinfo->filled & STATION_INFO_RX_BITRATE) {
2403 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
2404 					  NL80211_STA_INFO_RX_BITRATE))
2405 			goto nla_put_failure;
2406 	}
2407 	if (sinfo->filled & STATION_INFO_RX_PACKETS)
2408 		NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
2409 			    sinfo->rx_packets);
2410 	if (sinfo->filled & STATION_INFO_TX_PACKETS)
2411 		NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
2412 			    sinfo->tx_packets);
2413 	if (sinfo->filled & STATION_INFO_TX_RETRIES)
2414 		NLA_PUT_U32(msg, NL80211_STA_INFO_TX_RETRIES,
2415 			    sinfo->tx_retries);
2416 	if (sinfo->filled & STATION_INFO_TX_FAILED)
2417 		NLA_PUT_U32(msg, NL80211_STA_INFO_TX_FAILED,
2418 			    sinfo->tx_failed);
2419 	if (sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT)
2420 		NLA_PUT_U32(msg, NL80211_STA_INFO_BEACON_LOSS,
2421 			    sinfo->beacon_loss_count);
2422 	if (sinfo->filled & STATION_INFO_BSS_PARAM) {
2423 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
2424 		if (!bss_param)
2425 			goto nla_put_failure;
2426 
2427 		if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT)
2428 			NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_CTS_PROT);
2429 		if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE)
2430 			NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE);
2431 		if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME)
2432 			NLA_PUT_FLAG(msg,
2433 				     NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME);
2434 		NLA_PUT_U8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
2435 			   sinfo->bss_param.dtim_period);
2436 		NLA_PUT_U16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
2437 			    sinfo->bss_param.beacon_interval);
2438 
2439 		nla_nest_end(msg, bss_param);
2440 	}
2441 	if (sinfo->filled & STATION_INFO_STA_FLAGS)
2442 		NLA_PUT(msg, NL80211_STA_INFO_STA_FLAGS,
2443 			sizeof(struct nl80211_sta_flag_update),
2444 			&sinfo->sta_flags);
2445 	nla_nest_end(msg, sinfoattr);
2446 
2447 	if (sinfo->filled & STATION_INFO_ASSOC_REQ_IES)
2448 		NLA_PUT(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
2449 			sinfo->assoc_req_ies);
2450 
2451 	return genlmsg_end(msg, hdr);
2452 
2453  nla_put_failure:
2454 	genlmsg_cancel(msg, hdr);
2455 	return -EMSGSIZE;
2456 }
2457 
2458 static int nl80211_dump_station(struct sk_buff *skb,
2459 				struct netlink_callback *cb)
2460 {
2461 	struct station_info sinfo;
2462 	struct cfg80211_registered_device *dev;
2463 	struct net_device *netdev;
2464 	u8 mac_addr[ETH_ALEN];
2465 	int sta_idx = cb->args[1];
2466 	int err;
2467 
2468 	err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2469 	if (err)
2470 		return err;
2471 
2472 	if (!dev->ops->dump_station) {
2473 		err = -EOPNOTSUPP;
2474 		goto out_err;
2475 	}
2476 
2477 	while (1) {
2478 		memset(&sinfo, 0, sizeof(sinfo));
2479 		err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
2480 					     mac_addr, &sinfo);
2481 		if (err == -ENOENT)
2482 			break;
2483 		if (err)
2484 			goto out_err;
2485 
2486 		if (nl80211_send_station(skb,
2487 				NETLINK_CB(cb->skb).pid,
2488 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
2489 				netdev, mac_addr,
2490 				&sinfo) < 0)
2491 			goto out;
2492 
2493 		sta_idx++;
2494 	}
2495 
2496 
2497  out:
2498 	cb->args[1] = sta_idx;
2499 	err = skb->len;
2500  out_err:
2501 	nl80211_finish_netdev_dump(dev);
2502 
2503 	return err;
2504 }
2505 
2506 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
2507 {
2508 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2509 	struct net_device *dev = info->user_ptr[1];
2510 	struct station_info sinfo;
2511 	struct sk_buff *msg;
2512 	u8 *mac_addr = NULL;
2513 	int err;
2514 
2515 	memset(&sinfo, 0, sizeof(sinfo));
2516 
2517 	if (!info->attrs[NL80211_ATTR_MAC])
2518 		return -EINVAL;
2519 
2520 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2521 
2522 	if (!rdev->ops->get_station)
2523 		return -EOPNOTSUPP;
2524 
2525 	err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
2526 	if (err)
2527 		return err;
2528 
2529 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2530 	if (!msg)
2531 		return -ENOMEM;
2532 
2533 	if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
2534 				 dev, mac_addr, &sinfo) < 0) {
2535 		nlmsg_free(msg);
2536 		return -ENOBUFS;
2537 	}
2538 
2539 	return genlmsg_reply(msg, info);
2540 }
2541 
2542 /*
2543  * Get vlan interface making sure it is running and on the right wiphy.
2544  */
2545 static struct net_device *get_vlan(struct genl_info *info,
2546 				   struct cfg80211_registered_device *rdev)
2547 {
2548 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
2549 	struct net_device *v;
2550 	int ret;
2551 
2552 	if (!vlanattr)
2553 		return NULL;
2554 
2555 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
2556 	if (!v)
2557 		return ERR_PTR(-ENODEV);
2558 
2559 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
2560 		ret = -EINVAL;
2561 		goto error;
2562 	}
2563 
2564 	if (!netif_running(v)) {
2565 		ret = -ENETDOWN;
2566 		goto error;
2567 	}
2568 
2569 	return v;
2570  error:
2571 	dev_put(v);
2572 	return ERR_PTR(ret);
2573 }
2574 
2575 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
2576 {
2577 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2578 	int err;
2579 	struct net_device *dev = info->user_ptr[1];
2580 	struct station_parameters params;
2581 	u8 *mac_addr = NULL;
2582 
2583 	memset(&params, 0, sizeof(params));
2584 
2585 	params.listen_interval = -1;
2586 	params.plink_state = -1;
2587 
2588 	if (info->attrs[NL80211_ATTR_STA_AID])
2589 		return -EINVAL;
2590 
2591 	if (!info->attrs[NL80211_ATTR_MAC])
2592 		return -EINVAL;
2593 
2594 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2595 
2596 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
2597 		params.supported_rates =
2598 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2599 		params.supported_rates_len =
2600 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2601 	}
2602 
2603 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2604 		params.listen_interval =
2605 		    nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2606 
2607 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2608 		params.ht_capa =
2609 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2610 
2611 	if (!rdev->ops->change_station)
2612 		return -EOPNOTSUPP;
2613 
2614 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
2615 		return -EINVAL;
2616 
2617 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2618 		params.plink_action =
2619 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2620 
2621 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE])
2622 		params.plink_state =
2623 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
2624 
2625 	switch (dev->ieee80211_ptr->iftype) {
2626 	case NL80211_IFTYPE_AP:
2627 	case NL80211_IFTYPE_AP_VLAN:
2628 	case NL80211_IFTYPE_P2P_GO:
2629 		/* disallow mesh-specific things */
2630 		if (params.plink_action)
2631 			return -EINVAL;
2632 
2633 		/* TDLS can't be set, ... */
2634 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2635 			return -EINVAL;
2636 		/*
2637 		 * ... but don't bother the driver with it. This works around
2638 		 * a hostapd/wpa_supplicant issue -- it always includes the
2639 		 * TLDS_PEER flag in the mask even for AP mode.
2640 		 */
2641 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2642 
2643 		/* accept only the listed bits */
2644 		if (params.sta_flags_mask &
2645 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
2646 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2647 				  BIT(NL80211_STA_FLAG_WME) |
2648 				  BIT(NL80211_STA_FLAG_MFP)))
2649 			return -EINVAL;
2650 
2651 		/* must be last in here for error handling */
2652 		params.vlan = get_vlan(info, rdev);
2653 		if (IS_ERR(params.vlan))
2654 			return PTR_ERR(params.vlan);
2655 		break;
2656 	case NL80211_IFTYPE_P2P_CLIENT:
2657 	case NL80211_IFTYPE_STATION:
2658 		/* disallow things sta doesn't support */
2659 		if (params.plink_action)
2660 			return -EINVAL;
2661 		if (params.ht_capa)
2662 			return -EINVAL;
2663 		if (params.listen_interval >= 0)
2664 			return -EINVAL;
2665 		/*
2666 		 * Don't allow userspace to change the TDLS_PEER flag,
2667 		 * but silently ignore attempts to change it since we
2668 		 * don't have state here to verify that it doesn't try
2669 		 * to change the flag.
2670 		 */
2671 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2672 
2673 		/* reject any changes other than AUTHORIZED */
2674 		if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
2675 			return -EINVAL;
2676 		break;
2677 	case NL80211_IFTYPE_MESH_POINT:
2678 		/* disallow things mesh doesn't support */
2679 		if (params.vlan)
2680 			return -EINVAL;
2681 		if (params.ht_capa)
2682 			return -EINVAL;
2683 		if (params.listen_interval >= 0)
2684 			return -EINVAL;
2685 		/*
2686 		 * No special handling for TDLS here -- the userspace
2687 		 * mesh code doesn't have this bug.
2688 		 */
2689 		if (params.sta_flags_mask &
2690 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2691 				  BIT(NL80211_STA_FLAG_MFP) |
2692 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
2693 			return -EINVAL;
2694 		break;
2695 	default:
2696 		return -EOPNOTSUPP;
2697 	}
2698 
2699 	/* be aware of params.vlan when changing code here */
2700 
2701 	err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
2702 
2703 	if (params.vlan)
2704 		dev_put(params.vlan);
2705 
2706 	return err;
2707 }
2708 
2709 static struct nla_policy
2710 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
2711 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
2712 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
2713 };
2714 
2715 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2716 {
2717 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2718 	int err;
2719 	struct net_device *dev = info->user_ptr[1];
2720 	struct station_parameters params;
2721 	u8 *mac_addr = NULL;
2722 
2723 	memset(&params, 0, sizeof(params));
2724 
2725 	if (!info->attrs[NL80211_ATTR_MAC])
2726 		return -EINVAL;
2727 
2728 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2729 		return -EINVAL;
2730 
2731 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
2732 		return -EINVAL;
2733 
2734 	if (!info->attrs[NL80211_ATTR_STA_AID])
2735 		return -EINVAL;
2736 
2737 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2738 	params.supported_rates =
2739 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2740 	params.supported_rates_len =
2741 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2742 	params.listen_interval =
2743 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2744 
2745 	params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
2746 	if (!params.aid || params.aid > IEEE80211_MAX_AID)
2747 		return -EINVAL;
2748 
2749 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2750 		params.ht_capa =
2751 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2752 
2753 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2754 		params.plink_action =
2755 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2756 
2757 	if (!rdev->ops->add_station)
2758 		return -EOPNOTSUPP;
2759 
2760 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
2761 		return -EINVAL;
2762 
2763 	switch (dev->ieee80211_ptr->iftype) {
2764 	case NL80211_IFTYPE_AP:
2765 	case NL80211_IFTYPE_AP_VLAN:
2766 	case NL80211_IFTYPE_P2P_GO:
2767 		/* parse WME attributes if sta is WME capable */
2768 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2769 		    (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) &&
2770 		    info->attrs[NL80211_ATTR_STA_WME]) {
2771 			struct nlattr *tb[NL80211_STA_WME_MAX + 1];
2772 			struct nlattr *nla;
2773 
2774 			nla = info->attrs[NL80211_ATTR_STA_WME];
2775 			err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
2776 					       nl80211_sta_wme_policy);
2777 			if (err)
2778 				return err;
2779 
2780 			if (tb[NL80211_STA_WME_UAPSD_QUEUES])
2781 				params.uapsd_queues =
2782 				     nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]);
2783 			if (params.uapsd_queues &
2784 					~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
2785 				return -EINVAL;
2786 
2787 			if (tb[NL80211_STA_WME_MAX_SP])
2788 				params.max_sp =
2789 				     nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
2790 
2791 			if (params.max_sp &
2792 					~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
2793 				return -EINVAL;
2794 
2795 			params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
2796 		}
2797 		/* TDLS peers cannot be added */
2798 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2799 			return -EINVAL;
2800 		/* but don't bother the driver with it */
2801 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2802 
2803 		/* must be last in here for error handling */
2804 		params.vlan = get_vlan(info, rdev);
2805 		if (IS_ERR(params.vlan))
2806 			return PTR_ERR(params.vlan);
2807 		break;
2808 	case NL80211_IFTYPE_MESH_POINT:
2809 		/* TDLS peers cannot be added */
2810 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2811 			return -EINVAL;
2812 		break;
2813 	case NL80211_IFTYPE_STATION:
2814 		/* Only TDLS peers can be added */
2815 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
2816 			return -EINVAL;
2817 		/* Can only add if TDLS ... */
2818 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
2819 			return -EOPNOTSUPP;
2820 		/* ... with external setup is supported */
2821 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
2822 			return -EOPNOTSUPP;
2823 		break;
2824 	default:
2825 		return -EOPNOTSUPP;
2826 	}
2827 
2828 	/* be aware of params.vlan when changing code here */
2829 
2830 	err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
2831 
2832 	if (params.vlan)
2833 		dev_put(params.vlan);
2834 	return err;
2835 }
2836 
2837 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2838 {
2839 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2840 	struct net_device *dev = info->user_ptr[1];
2841 	u8 *mac_addr = NULL;
2842 
2843 	if (info->attrs[NL80211_ATTR_MAC])
2844 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2845 
2846 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2847 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2848 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2849 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2850 		return -EINVAL;
2851 
2852 	if (!rdev->ops->del_station)
2853 		return -EOPNOTSUPP;
2854 
2855 	return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
2856 }
2857 
2858 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2859 				int flags, struct net_device *dev,
2860 				u8 *dst, u8 *next_hop,
2861 				struct mpath_info *pinfo)
2862 {
2863 	void *hdr;
2864 	struct nlattr *pinfoattr;
2865 
2866 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2867 	if (!hdr)
2868 		return -1;
2869 
2870 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2871 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
2872 	NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
2873 
2874 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation);
2875 
2876 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2877 	if (!pinfoattr)
2878 		goto nla_put_failure;
2879 	if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2880 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2881 			    pinfo->frame_qlen);
2882 	if (pinfo->filled & MPATH_INFO_SN)
2883 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN,
2884 			    pinfo->sn);
2885 	if (pinfo->filled & MPATH_INFO_METRIC)
2886 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2887 			    pinfo->metric);
2888 	if (pinfo->filled & MPATH_INFO_EXPTIME)
2889 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
2890 			    pinfo->exptime);
2891 	if (pinfo->filled & MPATH_INFO_FLAGS)
2892 		NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
2893 			    pinfo->flags);
2894 	if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
2895 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2896 			    pinfo->discovery_timeout);
2897 	if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
2898 		NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2899 			    pinfo->discovery_retries);
2900 
2901 	nla_nest_end(msg, pinfoattr);
2902 
2903 	return genlmsg_end(msg, hdr);
2904 
2905  nla_put_failure:
2906 	genlmsg_cancel(msg, hdr);
2907 	return -EMSGSIZE;
2908 }
2909 
2910 static int nl80211_dump_mpath(struct sk_buff *skb,
2911 			      struct netlink_callback *cb)
2912 {
2913 	struct mpath_info pinfo;
2914 	struct cfg80211_registered_device *dev;
2915 	struct net_device *netdev;
2916 	u8 dst[ETH_ALEN];
2917 	u8 next_hop[ETH_ALEN];
2918 	int path_idx = cb->args[1];
2919 	int err;
2920 
2921 	err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2922 	if (err)
2923 		return err;
2924 
2925 	if (!dev->ops->dump_mpath) {
2926 		err = -EOPNOTSUPP;
2927 		goto out_err;
2928 	}
2929 
2930 	if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2931 		err = -EOPNOTSUPP;
2932 		goto out_err;
2933 	}
2934 
2935 	while (1) {
2936 		err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
2937 					   dst, next_hop, &pinfo);
2938 		if (err == -ENOENT)
2939 			break;
2940 		if (err)
2941 			goto out_err;
2942 
2943 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
2944 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2945 				       netdev, dst, next_hop,
2946 				       &pinfo) < 0)
2947 			goto out;
2948 
2949 		path_idx++;
2950 	}
2951 
2952 
2953  out:
2954 	cb->args[1] = path_idx;
2955 	err = skb->len;
2956  out_err:
2957 	nl80211_finish_netdev_dump(dev);
2958 	return err;
2959 }
2960 
2961 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
2962 {
2963 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2964 	int err;
2965 	struct net_device *dev = info->user_ptr[1];
2966 	struct mpath_info pinfo;
2967 	struct sk_buff *msg;
2968 	u8 *dst = NULL;
2969 	u8 next_hop[ETH_ALEN];
2970 
2971 	memset(&pinfo, 0, sizeof(pinfo));
2972 
2973 	if (!info->attrs[NL80211_ATTR_MAC])
2974 		return -EINVAL;
2975 
2976 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2977 
2978 	if (!rdev->ops->get_mpath)
2979 		return -EOPNOTSUPP;
2980 
2981 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
2982 		return -EOPNOTSUPP;
2983 
2984 	err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
2985 	if (err)
2986 		return err;
2987 
2988 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2989 	if (!msg)
2990 		return -ENOMEM;
2991 
2992 	if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
2993 				 dev, dst, next_hop, &pinfo) < 0) {
2994 		nlmsg_free(msg);
2995 		return -ENOBUFS;
2996 	}
2997 
2998 	return genlmsg_reply(msg, info);
2999 }
3000 
3001 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
3002 {
3003 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3004 	struct net_device *dev = info->user_ptr[1];
3005 	u8 *dst = NULL;
3006 	u8 *next_hop = NULL;
3007 
3008 	if (!info->attrs[NL80211_ATTR_MAC])
3009 		return -EINVAL;
3010 
3011 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3012 		return -EINVAL;
3013 
3014 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3015 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3016 
3017 	if (!rdev->ops->change_mpath)
3018 		return -EOPNOTSUPP;
3019 
3020 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3021 		return -EOPNOTSUPP;
3022 
3023 	return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
3024 }
3025 
3026 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
3027 {
3028 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3029 	struct net_device *dev = info->user_ptr[1];
3030 	u8 *dst = NULL;
3031 	u8 *next_hop = NULL;
3032 
3033 	if (!info->attrs[NL80211_ATTR_MAC])
3034 		return -EINVAL;
3035 
3036 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3037 		return -EINVAL;
3038 
3039 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3040 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3041 
3042 	if (!rdev->ops->add_mpath)
3043 		return -EOPNOTSUPP;
3044 
3045 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3046 		return -EOPNOTSUPP;
3047 
3048 	return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
3049 }
3050 
3051 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
3052 {
3053 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3054 	struct net_device *dev = info->user_ptr[1];
3055 	u8 *dst = NULL;
3056 
3057 	if (info->attrs[NL80211_ATTR_MAC])
3058 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3059 
3060 	if (!rdev->ops->del_mpath)
3061 		return -EOPNOTSUPP;
3062 
3063 	return rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
3064 }
3065 
3066 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
3067 {
3068 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3069 	struct net_device *dev = info->user_ptr[1];
3070 	struct bss_parameters params;
3071 
3072 	memset(&params, 0, sizeof(params));
3073 	/* default to not changing parameters */
3074 	params.use_cts_prot = -1;
3075 	params.use_short_preamble = -1;
3076 	params.use_short_slot_time = -1;
3077 	params.ap_isolate = -1;
3078 	params.ht_opmode = -1;
3079 
3080 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
3081 		params.use_cts_prot =
3082 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
3083 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
3084 		params.use_short_preamble =
3085 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
3086 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
3087 		params.use_short_slot_time =
3088 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
3089 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
3090 		params.basic_rates =
3091 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3092 		params.basic_rates_len =
3093 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3094 	}
3095 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
3096 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
3097 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
3098 		params.ht_opmode =
3099 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
3100 
3101 	if (!rdev->ops->change_bss)
3102 		return -EOPNOTSUPP;
3103 
3104 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3105 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3106 		return -EOPNOTSUPP;
3107 
3108 	return rdev->ops->change_bss(&rdev->wiphy, dev, &params);
3109 }
3110 
3111 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
3112 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
3113 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
3114 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
3115 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
3116 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
3117 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
3118 };
3119 
3120 static int parse_reg_rule(struct nlattr *tb[],
3121 	struct ieee80211_reg_rule *reg_rule)
3122 {
3123 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
3124 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
3125 
3126 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
3127 		return -EINVAL;
3128 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
3129 		return -EINVAL;
3130 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
3131 		return -EINVAL;
3132 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
3133 		return -EINVAL;
3134 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
3135 		return -EINVAL;
3136 
3137 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
3138 
3139 	freq_range->start_freq_khz =
3140 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
3141 	freq_range->end_freq_khz =
3142 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
3143 	freq_range->max_bandwidth_khz =
3144 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
3145 
3146 	power_rule->max_eirp =
3147 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
3148 
3149 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
3150 		power_rule->max_antenna_gain =
3151 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
3152 
3153 	return 0;
3154 }
3155 
3156 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
3157 {
3158 	int r;
3159 	char *data = NULL;
3160 
3161 	/*
3162 	 * You should only get this when cfg80211 hasn't yet initialized
3163 	 * completely when built-in to the kernel right between the time
3164 	 * window between nl80211_init() and regulatory_init(), if that is
3165 	 * even possible.
3166 	 */
3167 	mutex_lock(&cfg80211_mutex);
3168 	if (unlikely(!cfg80211_regdomain)) {
3169 		mutex_unlock(&cfg80211_mutex);
3170 		return -EINPROGRESS;
3171 	}
3172 	mutex_unlock(&cfg80211_mutex);
3173 
3174 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3175 		return -EINVAL;
3176 
3177 	data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3178 
3179 	r = regulatory_hint_user(data);
3180 
3181 	return r;
3182 }
3183 
3184 static int nl80211_get_mesh_config(struct sk_buff *skb,
3185 				   struct genl_info *info)
3186 {
3187 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3188 	struct net_device *dev = info->user_ptr[1];
3189 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3190 	struct mesh_config cur_params;
3191 	int err = 0;
3192 	void *hdr;
3193 	struct nlattr *pinfoattr;
3194 	struct sk_buff *msg;
3195 
3196 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3197 		return -EOPNOTSUPP;
3198 
3199 	if (!rdev->ops->get_mesh_config)
3200 		return -EOPNOTSUPP;
3201 
3202 	wdev_lock(wdev);
3203 	/* If not connected, get default parameters */
3204 	if (!wdev->mesh_id_len)
3205 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
3206 	else
3207 		err = rdev->ops->get_mesh_config(&rdev->wiphy, dev,
3208 						 &cur_params);
3209 	wdev_unlock(wdev);
3210 
3211 	if (err)
3212 		return err;
3213 
3214 	/* Draw up a netlink message to send back */
3215 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3216 	if (!msg)
3217 		return -ENOMEM;
3218 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3219 			     NL80211_CMD_GET_MESH_CONFIG);
3220 	if (!hdr)
3221 		goto out;
3222 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
3223 	if (!pinfoattr)
3224 		goto nla_put_failure;
3225 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
3226 	NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
3227 			cur_params.dot11MeshRetryTimeout);
3228 	NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
3229 			cur_params.dot11MeshConfirmTimeout);
3230 	NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
3231 			cur_params.dot11MeshHoldingTimeout);
3232 	NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
3233 			cur_params.dot11MeshMaxPeerLinks);
3234 	NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
3235 			cur_params.dot11MeshMaxRetries);
3236 	NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
3237 			cur_params.dot11MeshTTL);
3238 	NLA_PUT_U8(msg, NL80211_MESHCONF_ELEMENT_TTL,
3239 			cur_params.element_ttl);
3240 	NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
3241 			cur_params.auto_open_plinks);
3242 	NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3243 			cur_params.dot11MeshHWMPmaxPREQretries);
3244 	NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
3245 			cur_params.path_refresh_time);
3246 	NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3247 			cur_params.min_discovery_timeout);
3248 	NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3249 			cur_params.dot11MeshHWMPactivePathTimeout);
3250 	NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3251 			cur_params.dot11MeshHWMPpreqMinInterval);
3252 	NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3253 			cur_params.dot11MeshHWMPperrMinInterval);
3254 	NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3255 			cur_params.dot11MeshHWMPnetDiameterTraversalTime);
3256 	NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
3257 			cur_params.dot11MeshHWMPRootMode);
3258 	NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3259 			cur_params.dot11MeshHWMPRannInterval);
3260 	NLA_PUT_U8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3261 			cur_params.dot11MeshGateAnnouncementProtocol);
3262 	nla_nest_end(msg, pinfoattr);
3263 	genlmsg_end(msg, hdr);
3264 	return genlmsg_reply(msg, info);
3265 
3266  nla_put_failure:
3267 	genlmsg_cancel(msg, hdr);
3268  out:
3269 	nlmsg_free(msg);
3270 	return -ENOBUFS;
3271 }
3272 
3273 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
3274 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
3275 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
3276 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
3277 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
3278 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
3279 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
3280 	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
3281 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
3282 
3283 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
3284 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
3285 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
3286 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
3287 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
3288 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
3289 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
3290 	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
3291 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
3292 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
3293 };
3294 
3295 static const struct nla_policy
3296 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
3297 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
3298 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
3299 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
3300 	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
3301 		.len = IEEE80211_MAX_DATA_LEN },
3302 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
3303 };
3304 
3305 static int nl80211_parse_mesh_config(struct genl_info *info,
3306 				     struct mesh_config *cfg,
3307 				     u32 *mask_out)
3308 {
3309 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
3310 	u32 mask = 0;
3311 
3312 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
3313 do {\
3314 	if (table[attr_num]) {\
3315 		cfg->param = nla_fn(table[attr_num]); \
3316 		mask |= (1 << (attr_num - 1)); \
3317 	} \
3318 } while (0);\
3319 
3320 
3321 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
3322 		return -EINVAL;
3323 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
3324 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
3325 			     nl80211_meshconf_params_policy))
3326 		return -EINVAL;
3327 
3328 	/* This makes sure that there aren't more than 32 mesh config
3329 	 * parameters (otherwise our bitfield scheme would not work.) */
3330 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
3331 
3332 	/* Fill in the params struct */
3333 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
3334 			mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
3335 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
3336 			mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
3337 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
3338 			mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
3339 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
3340 			mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
3341 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
3342 			mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
3343 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
3344 			mask, NL80211_MESHCONF_TTL, nla_get_u8);
3345 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl,
3346 			mask, NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
3347 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
3348 			mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
3349 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
3350 			mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3351 			nla_get_u8);
3352 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
3353 			mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
3354 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
3355 			mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3356 			nla_get_u16);
3357 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
3358 			mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3359 			nla_get_u32);
3360 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
3361 			mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3362 			nla_get_u16);
3363 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
3364 			mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3365 			nla_get_u16);
3366 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3367 			dot11MeshHWMPnetDiameterTraversalTime,
3368 			mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3369 			nla_get_u16);
3370 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3371 			dot11MeshHWMPRootMode, mask,
3372 			NL80211_MESHCONF_HWMP_ROOTMODE,
3373 			nla_get_u8);
3374 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3375 			dot11MeshHWMPRannInterval, mask,
3376 			NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3377 			nla_get_u16);
3378 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3379 			dot11MeshGateAnnouncementProtocol, mask,
3380 			NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3381 			nla_get_u8);
3382 	if (mask_out)
3383 		*mask_out = mask;
3384 
3385 	return 0;
3386 
3387 #undef FILL_IN_MESH_PARAM_IF_SET
3388 }
3389 
3390 static int nl80211_parse_mesh_setup(struct genl_info *info,
3391 				     struct mesh_setup *setup)
3392 {
3393 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
3394 
3395 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
3396 		return -EINVAL;
3397 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
3398 			     info->attrs[NL80211_ATTR_MESH_SETUP],
3399 			     nl80211_mesh_setup_params_policy))
3400 		return -EINVAL;
3401 
3402 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
3403 		setup->path_sel_proto =
3404 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
3405 		 IEEE80211_PATH_PROTOCOL_VENDOR :
3406 		 IEEE80211_PATH_PROTOCOL_HWMP;
3407 
3408 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
3409 		setup->path_metric =
3410 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
3411 		 IEEE80211_PATH_METRIC_VENDOR :
3412 		 IEEE80211_PATH_METRIC_AIRTIME;
3413 
3414 
3415 	if (tb[NL80211_MESH_SETUP_IE]) {
3416 		struct nlattr *ieattr =
3417 			tb[NL80211_MESH_SETUP_IE];
3418 		if (!is_valid_ie_attr(ieattr))
3419 			return -EINVAL;
3420 		setup->ie = nla_data(ieattr);
3421 		setup->ie_len = nla_len(ieattr);
3422 	}
3423 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
3424 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
3425 
3426 	return 0;
3427 }
3428 
3429 static int nl80211_update_mesh_config(struct sk_buff *skb,
3430 				      struct genl_info *info)
3431 {
3432 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3433 	struct net_device *dev = info->user_ptr[1];
3434 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3435 	struct mesh_config cfg;
3436 	u32 mask;
3437 	int err;
3438 
3439 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3440 		return -EOPNOTSUPP;
3441 
3442 	if (!rdev->ops->update_mesh_config)
3443 		return -EOPNOTSUPP;
3444 
3445 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
3446 	if (err)
3447 		return err;
3448 
3449 	wdev_lock(wdev);
3450 	if (!wdev->mesh_id_len)
3451 		err = -ENOLINK;
3452 
3453 	if (!err)
3454 		err = rdev->ops->update_mesh_config(&rdev->wiphy, dev,
3455 						    mask, &cfg);
3456 
3457 	wdev_unlock(wdev);
3458 
3459 	return err;
3460 }
3461 
3462 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3463 {
3464 	struct sk_buff *msg;
3465 	void *hdr = NULL;
3466 	struct nlattr *nl_reg_rules;
3467 	unsigned int i;
3468 	int err = -EINVAL;
3469 
3470 	mutex_lock(&cfg80211_mutex);
3471 
3472 	if (!cfg80211_regdomain)
3473 		goto out;
3474 
3475 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3476 	if (!msg) {
3477 		err = -ENOBUFS;
3478 		goto out;
3479 	}
3480 
3481 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3482 			     NL80211_CMD_GET_REG);
3483 	if (!hdr)
3484 		goto put_failure;
3485 
3486 	NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
3487 		cfg80211_regdomain->alpha2);
3488 	if (cfg80211_regdomain->dfs_region)
3489 		NLA_PUT_U8(msg, NL80211_ATTR_DFS_REGION,
3490 			   cfg80211_regdomain->dfs_region);
3491 
3492 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
3493 	if (!nl_reg_rules)
3494 		goto nla_put_failure;
3495 
3496 	for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
3497 		struct nlattr *nl_reg_rule;
3498 		const struct ieee80211_reg_rule *reg_rule;
3499 		const struct ieee80211_freq_range *freq_range;
3500 		const struct ieee80211_power_rule *power_rule;
3501 
3502 		reg_rule = &cfg80211_regdomain->reg_rules[i];
3503 		freq_range = &reg_rule->freq_range;
3504 		power_rule = &reg_rule->power_rule;
3505 
3506 		nl_reg_rule = nla_nest_start(msg, i);
3507 		if (!nl_reg_rule)
3508 			goto nla_put_failure;
3509 
3510 		NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
3511 			reg_rule->flags);
3512 		NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
3513 			freq_range->start_freq_khz);
3514 		NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
3515 			freq_range->end_freq_khz);
3516 		NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
3517 			freq_range->max_bandwidth_khz);
3518 		NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
3519 			power_rule->max_antenna_gain);
3520 		NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
3521 			power_rule->max_eirp);
3522 
3523 		nla_nest_end(msg, nl_reg_rule);
3524 	}
3525 
3526 	nla_nest_end(msg, nl_reg_rules);
3527 
3528 	genlmsg_end(msg, hdr);
3529 	err = genlmsg_reply(msg, info);
3530 	goto out;
3531 
3532 nla_put_failure:
3533 	genlmsg_cancel(msg, hdr);
3534 put_failure:
3535 	nlmsg_free(msg);
3536 	err = -EMSGSIZE;
3537 out:
3538 	mutex_unlock(&cfg80211_mutex);
3539 	return err;
3540 }
3541 
3542 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
3543 {
3544 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
3545 	struct nlattr *nl_reg_rule;
3546 	char *alpha2 = NULL;
3547 	int rem_reg_rules = 0, r = 0;
3548 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
3549 	u8 dfs_region = 0;
3550 	struct ieee80211_regdomain *rd = NULL;
3551 
3552 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3553 		return -EINVAL;
3554 
3555 	if (!info->attrs[NL80211_ATTR_REG_RULES])
3556 		return -EINVAL;
3557 
3558 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3559 
3560 	if (info->attrs[NL80211_ATTR_DFS_REGION])
3561 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
3562 
3563 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3564 			rem_reg_rules) {
3565 		num_rules++;
3566 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
3567 			return -EINVAL;
3568 	}
3569 
3570 	mutex_lock(&cfg80211_mutex);
3571 
3572 	if (!reg_is_valid_request(alpha2)) {
3573 		r = -EINVAL;
3574 		goto bad_reg;
3575 	}
3576 
3577 	size_of_regd = sizeof(struct ieee80211_regdomain) +
3578 		(num_rules * sizeof(struct ieee80211_reg_rule));
3579 
3580 	rd = kzalloc(size_of_regd, GFP_KERNEL);
3581 	if (!rd) {
3582 		r = -ENOMEM;
3583 		goto bad_reg;
3584 	}
3585 
3586 	rd->n_reg_rules = num_rules;
3587 	rd->alpha2[0] = alpha2[0];
3588 	rd->alpha2[1] = alpha2[1];
3589 
3590 	/*
3591 	 * Disable DFS master mode if the DFS region was
3592 	 * not supported or known on this kernel.
3593 	 */
3594 	if (reg_supported_dfs_region(dfs_region))
3595 		rd->dfs_region = dfs_region;
3596 
3597 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3598 			rem_reg_rules) {
3599 		nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
3600 			nla_data(nl_reg_rule), nla_len(nl_reg_rule),
3601 			reg_rule_policy);
3602 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
3603 		if (r)
3604 			goto bad_reg;
3605 
3606 		rule_idx++;
3607 
3608 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
3609 			r = -EINVAL;
3610 			goto bad_reg;
3611 		}
3612 	}
3613 
3614 	BUG_ON(rule_idx != num_rules);
3615 
3616 	r = set_regdom(rd);
3617 
3618 	mutex_unlock(&cfg80211_mutex);
3619 
3620 	return r;
3621 
3622  bad_reg:
3623 	mutex_unlock(&cfg80211_mutex);
3624 	kfree(rd);
3625 	return r;
3626 }
3627 
3628 static int validate_scan_freqs(struct nlattr *freqs)
3629 {
3630 	struct nlattr *attr1, *attr2;
3631 	int n_channels = 0, tmp1, tmp2;
3632 
3633 	nla_for_each_nested(attr1, freqs, tmp1) {
3634 		n_channels++;
3635 		/*
3636 		 * Some hardware has a limited channel list for
3637 		 * scanning, and it is pretty much nonsensical
3638 		 * to scan for a channel twice, so disallow that
3639 		 * and don't require drivers to check that the
3640 		 * channel list they get isn't longer than what
3641 		 * they can scan, as long as they can scan all
3642 		 * the channels they registered at once.
3643 		 */
3644 		nla_for_each_nested(attr2, freqs, tmp2)
3645 			if (attr1 != attr2 &&
3646 			    nla_get_u32(attr1) == nla_get_u32(attr2))
3647 				return 0;
3648 	}
3649 
3650 	return n_channels;
3651 }
3652 
3653 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
3654 {
3655 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3656 	struct net_device *dev = info->user_ptr[1];
3657 	struct cfg80211_scan_request *request;
3658 	struct nlattr *attr;
3659 	struct wiphy *wiphy;
3660 	int err, tmp, n_ssids = 0, n_channels, i;
3661 	size_t ie_len;
3662 
3663 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3664 		return -EINVAL;
3665 
3666 	wiphy = &rdev->wiphy;
3667 
3668 	if (!rdev->ops->scan)
3669 		return -EOPNOTSUPP;
3670 
3671 	if (rdev->scan_req)
3672 		return -EBUSY;
3673 
3674 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3675 		n_channels = validate_scan_freqs(
3676 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3677 		if (!n_channels)
3678 			return -EINVAL;
3679 	} else {
3680 		enum ieee80211_band band;
3681 		n_channels = 0;
3682 
3683 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3684 			if (wiphy->bands[band])
3685 				n_channels += wiphy->bands[band]->n_channels;
3686 	}
3687 
3688 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3689 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
3690 			n_ssids++;
3691 
3692 	if (n_ssids > wiphy->max_scan_ssids)
3693 		return -EINVAL;
3694 
3695 	if (info->attrs[NL80211_ATTR_IE])
3696 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3697 	else
3698 		ie_len = 0;
3699 
3700 	if (ie_len > wiphy->max_scan_ie_len)
3701 		return -EINVAL;
3702 
3703 	request = kzalloc(sizeof(*request)
3704 			+ sizeof(*request->ssids) * n_ssids
3705 			+ sizeof(*request->channels) * n_channels
3706 			+ ie_len, GFP_KERNEL);
3707 	if (!request)
3708 		return -ENOMEM;
3709 
3710 	if (n_ssids)
3711 		request->ssids = (void *)&request->channels[n_channels];
3712 	request->n_ssids = n_ssids;
3713 	if (ie_len) {
3714 		if (request->ssids)
3715 			request->ie = (void *)(request->ssids + n_ssids);
3716 		else
3717 			request->ie = (void *)(request->channels + n_channels);
3718 	}
3719 
3720 	i = 0;
3721 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3722 		/* user specified, bail out if channel not found */
3723 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3724 			struct ieee80211_channel *chan;
3725 
3726 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3727 
3728 			if (!chan) {
3729 				err = -EINVAL;
3730 				goto out_free;
3731 			}
3732 
3733 			/* ignore disabled channels */
3734 			if (chan->flags & IEEE80211_CHAN_DISABLED)
3735 				continue;
3736 
3737 			request->channels[i] = chan;
3738 			i++;
3739 		}
3740 	} else {
3741 		enum ieee80211_band band;
3742 
3743 		/* all channels */
3744 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3745 			int j;
3746 			if (!wiphy->bands[band])
3747 				continue;
3748 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3749 				struct ieee80211_channel *chan;
3750 
3751 				chan = &wiphy->bands[band]->channels[j];
3752 
3753 				if (chan->flags & IEEE80211_CHAN_DISABLED)
3754 					continue;
3755 
3756 				request->channels[i] = chan;
3757 				i++;
3758 			}
3759 		}
3760 	}
3761 
3762 	if (!i) {
3763 		err = -EINVAL;
3764 		goto out_free;
3765 	}
3766 
3767 	request->n_channels = i;
3768 
3769 	i = 0;
3770 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3771 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3772 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
3773 				err = -EINVAL;
3774 				goto out_free;
3775 			}
3776 			request->ssids[i].ssid_len = nla_len(attr);
3777 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3778 			i++;
3779 		}
3780 	}
3781 
3782 	if (info->attrs[NL80211_ATTR_IE]) {
3783 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3784 		memcpy((void *)request->ie,
3785 		       nla_data(info->attrs[NL80211_ATTR_IE]),
3786 		       request->ie_len);
3787 	}
3788 
3789 	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
3790 		if (wiphy->bands[i])
3791 			request->rates[i] =
3792 				(1 << wiphy->bands[i]->n_bitrates) - 1;
3793 
3794 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
3795 		nla_for_each_nested(attr,
3796 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
3797 				    tmp) {
3798 			enum ieee80211_band band = nla_type(attr);
3799 
3800 			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
3801 				err = -EINVAL;
3802 				goto out_free;
3803 			}
3804 			err = ieee80211_get_ratemask(wiphy->bands[band],
3805 						     nla_data(attr),
3806 						     nla_len(attr),
3807 						     &request->rates[band]);
3808 			if (err)
3809 				goto out_free;
3810 		}
3811 	}
3812 
3813 	request->no_cck =
3814 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
3815 
3816 	request->dev = dev;
3817 	request->wiphy = &rdev->wiphy;
3818 
3819 	rdev->scan_req = request;
3820 	err = rdev->ops->scan(&rdev->wiphy, dev, request);
3821 
3822 	if (!err) {
3823 		nl80211_send_scan_start(rdev, dev);
3824 		dev_hold(dev);
3825 	} else {
3826  out_free:
3827 		rdev->scan_req = NULL;
3828 		kfree(request);
3829 	}
3830 
3831 	return err;
3832 }
3833 
3834 static int nl80211_start_sched_scan(struct sk_buff *skb,
3835 				    struct genl_info *info)
3836 {
3837 	struct cfg80211_sched_scan_request *request;
3838 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3839 	struct net_device *dev = info->user_ptr[1];
3840 	struct nlattr *attr;
3841 	struct wiphy *wiphy;
3842 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
3843 	u32 interval;
3844 	enum ieee80211_band band;
3845 	size_t ie_len;
3846 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
3847 
3848 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
3849 	    !rdev->ops->sched_scan_start)
3850 		return -EOPNOTSUPP;
3851 
3852 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3853 		return -EINVAL;
3854 
3855 	if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
3856 		return -EINVAL;
3857 
3858 	interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
3859 	if (interval == 0)
3860 		return -EINVAL;
3861 
3862 	wiphy = &rdev->wiphy;
3863 
3864 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3865 		n_channels = validate_scan_freqs(
3866 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3867 		if (!n_channels)
3868 			return -EINVAL;
3869 	} else {
3870 		n_channels = 0;
3871 
3872 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3873 			if (wiphy->bands[band])
3874 				n_channels += wiphy->bands[band]->n_channels;
3875 	}
3876 
3877 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3878 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
3879 				    tmp)
3880 			n_ssids++;
3881 
3882 	if (n_ssids > wiphy->max_sched_scan_ssids)
3883 		return -EINVAL;
3884 
3885 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
3886 		nla_for_each_nested(attr,
3887 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
3888 				    tmp)
3889 			n_match_sets++;
3890 
3891 	if (n_match_sets > wiphy->max_match_sets)
3892 		return -EINVAL;
3893 
3894 	if (info->attrs[NL80211_ATTR_IE])
3895 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3896 	else
3897 		ie_len = 0;
3898 
3899 	if (ie_len > wiphy->max_sched_scan_ie_len)
3900 		return -EINVAL;
3901 
3902 	mutex_lock(&rdev->sched_scan_mtx);
3903 
3904 	if (rdev->sched_scan_req) {
3905 		err = -EINPROGRESS;
3906 		goto out;
3907 	}
3908 
3909 	request = kzalloc(sizeof(*request)
3910 			+ sizeof(*request->ssids) * n_ssids
3911 			+ sizeof(*request->match_sets) * n_match_sets
3912 			+ sizeof(*request->channels) * n_channels
3913 			+ ie_len, GFP_KERNEL);
3914 	if (!request) {
3915 		err = -ENOMEM;
3916 		goto out;
3917 	}
3918 
3919 	if (n_ssids)
3920 		request->ssids = (void *)&request->channels[n_channels];
3921 	request->n_ssids = n_ssids;
3922 	if (ie_len) {
3923 		if (request->ssids)
3924 			request->ie = (void *)(request->ssids + n_ssids);
3925 		else
3926 			request->ie = (void *)(request->channels + n_channels);
3927 	}
3928 
3929 	if (n_match_sets) {
3930 		if (request->ie)
3931 			request->match_sets = (void *)(request->ie + ie_len);
3932 		else if (request->ssids)
3933 			request->match_sets =
3934 				(void *)(request->ssids + n_ssids);
3935 		else
3936 			request->match_sets =
3937 				(void *)(request->channels + n_channels);
3938 	}
3939 	request->n_match_sets = n_match_sets;
3940 
3941 	i = 0;
3942 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3943 		/* user specified, bail out if channel not found */
3944 		nla_for_each_nested(attr,
3945 				    info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
3946 				    tmp) {
3947 			struct ieee80211_channel *chan;
3948 
3949 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3950 
3951 			if (!chan) {
3952 				err = -EINVAL;
3953 				goto out_free;
3954 			}
3955 
3956 			/* ignore disabled channels */
3957 			if (chan->flags & IEEE80211_CHAN_DISABLED)
3958 				continue;
3959 
3960 			request->channels[i] = chan;
3961 			i++;
3962 		}
3963 	} else {
3964 		/* all channels */
3965 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3966 			int j;
3967 			if (!wiphy->bands[band])
3968 				continue;
3969 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3970 				struct ieee80211_channel *chan;
3971 
3972 				chan = &wiphy->bands[band]->channels[j];
3973 
3974 				if (chan->flags & IEEE80211_CHAN_DISABLED)
3975 					continue;
3976 
3977 				request->channels[i] = chan;
3978 				i++;
3979 			}
3980 		}
3981 	}
3982 
3983 	if (!i) {
3984 		err = -EINVAL;
3985 		goto out_free;
3986 	}
3987 
3988 	request->n_channels = i;
3989 
3990 	i = 0;
3991 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3992 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
3993 				    tmp) {
3994 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
3995 				err = -EINVAL;
3996 				goto out_free;
3997 			}
3998 			request->ssids[i].ssid_len = nla_len(attr);
3999 			memcpy(request->ssids[i].ssid, nla_data(attr),
4000 			       nla_len(attr));
4001 			i++;
4002 		}
4003 	}
4004 
4005 	i = 0;
4006 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
4007 		nla_for_each_nested(attr,
4008 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
4009 				    tmp) {
4010 			struct nlattr *ssid;
4011 
4012 			nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
4013 				  nla_data(attr), nla_len(attr),
4014 				  nl80211_match_policy);
4015 			ssid = tb[NL80211_ATTR_SCHED_SCAN_MATCH_SSID];
4016 			if (ssid) {
4017 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
4018 					err = -EINVAL;
4019 					goto out_free;
4020 				}
4021 				memcpy(request->match_sets[i].ssid.ssid,
4022 				       nla_data(ssid), nla_len(ssid));
4023 				request->match_sets[i].ssid.ssid_len =
4024 					nla_len(ssid);
4025 			}
4026 			i++;
4027 		}
4028 	}
4029 
4030 	if (info->attrs[NL80211_ATTR_IE]) {
4031 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4032 		memcpy((void *)request->ie,
4033 		       nla_data(info->attrs[NL80211_ATTR_IE]),
4034 		       request->ie_len);
4035 	}
4036 
4037 	request->dev = dev;
4038 	request->wiphy = &rdev->wiphy;
4039 	request->interval = interval;
4040 
4041 	err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request);
4042 	if (!err) {
4043 		rdev->sched_scan_req = request;
4044 		nl80211_send_sched_scan(rdev, dev,
4045 					NL80211_CMD_START_SCHED_SCAN);
4046 		goto out;
4047 	}
4048 
4049 out_free:
4050 	kfree(request);
4051 out:
4052 	mutex_unlock(&rdev->sched_scan_mtx);
4053 	return err;
4054 }
4055 
4056 static int nl80211_stop_sched_scan(struct sk_buff *skb,
4057 				   struct genl_info *info)
4058 {
4059 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4060 	int err;
4061 
4062 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
4063 	    !rdev->ops->sched_scan_stop)
4064 		return -EOPNOTSUPP;
4065 
4066 	mutex_lock(&rdev->sched_scan_mtx);
4067 	err = __cfg80211_stop_sched_scan(rdev, false);
4068 	mutex_unlock(&rdev->sched_scan_mtx);
4069 
4070 	return err;
4071 }
4072 
4073 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
4074 			    u32 seq, int flags,
4075 			    struct cfg80211_registered_device *rdev,
4076 			    struct wireless_dev *wdev,
4077 			    struct cfg80211_internal_bss *intbss)
4078 {
4079 	struct cfg80211_bss *res = &intbss->pub;
4080 	void *hdr;
4081 	struct nlattr *bss;
4082 	int i;
4083 
4084 	ASSERT_WDEV_LOCK(wdev);
4085 
4086 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags,
4087 			     NL80211_CMD_NEW_SCAN_RESULTS);
4088 	if (!hdr)
4089 		return -1;
4090 
4091 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
4092 
4093 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation);
4094 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex);
4095 
4096 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
4097 	if (!bss)
4098 		goto nla_put_failure;
4099 	if (!is_zero_ether_addr(res->bssid))
4100 		NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
4101 	if (res->information_elements && res->len_information_elements)
4102 		NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
4103 			res->len_information_elements,
4104 			res->information_elements);
4105 	if (res->beacon_ies && res->len_beacon_ies &&
4106 	    res->beacon_ies != res->information_elements)
4107 		NLA_PUT(msg, NL80211_BSS_BEACON_IES,
4108 			res->len_beacon_ies, res->beacon_ies);
4109 	if (res->tsf)
4110 		NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
4111 	if (res->beacon_interval)
4112 		NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
4113 	NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
4114 	NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
4115 	NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO,
4116 		jiffies_to_msecs(jiffies - intbss->ts));
4117 
4118 	switch (rdev->wiphy.signal_type) {
4119 	case CFG80211_SIGNAL_TYPE_MBM:
4120 		NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
4121 		break;
4122 	case CFG80211_SIGNAL_TYPE_UNSPEC:
4123 		NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
4124 		break;
4125 	default:
4126 		break;
4127 	}
4128 
4129 	switch (wdev->iftype) {
4130 	case NL80211_IFTYPE_P2P_CLIENT:
4131 	case NL80211_IFTYPE_STATION:
4132 		if (intbss == wdev->current_bss)
4133 			NLA_PUT_U32(msg, NL80211_BSS_STATUS,
4134 				    NL80211_BSS_STATUS_ASSOCIATED);
4135 		else for (i = 0; i < MAX_AUTH_BSSES; i++) {
4136 			if (intbss != wdev->auth_bsses[i])
4137 				continue;
4138 			NLA_PUT_U32(msg, NL80211_BSS_STATUS,
4139 				    NL80211_BSS_STATUS_AUTHENTICATED);
4140 			break;
4141 		}
4142 		break;
4143 	case NL80211_IFTYPE_ADHOC:
4144 		if (intbss == wdev->current_bss)
4145 			NLA_PUT_U32(msg, NL80211_BSS_STATUS,
4146 				    NL80211_BSS_STATUS_IBSS_JOINED);
4147 		break;
4148 	default:
4149 		break;
4150 	}
4151 
4152 	nla_nest_end(msg, bss);
4153 
4154 	return genlmsg_end(msg, hdr);
4155 
4156  nla_put_failure:
4157 	genlmsg_cancel(msg, hdr);
4158 	return -EMSGSIZE;
4159 }
4160 
4161 static int nl80211_dump_scan(struct sk_buff *skb,
4162 			     struct netlink_callback *cb)
4163 {
4164 	struct cfg80211_registered_device *rdev;
4165 	struct net_device *dev;
4166 	struct cfg80211_internal_bss *scan;
4167 	struct wireless_dev *wdev;
4168 	int start = cb->args[1], idx = 0;
4169 	int err;
4170 
4171 	err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
4172 	if (err)
4173 		return err;
4174 
4175 	wdev = dev->ieee80211_ptr;
4176 
4177 	wdev_lock(wdev);
4178 	spin_lock_bh(&rdev->bss_lock);
4179 	cfg80211_bss_expire(rdev);
4180 
4181 	cb->seq = rdev->bss_generation;
4182 
4183 	list_for_each_entry(scan, &rdev->bss_list, list) {
4184 		if (++idx <= start)
4185 			continue;
4186 		if (nl80211_send_bss(skb, cb,
4187 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
4188 				rdev, wdev, scan) < 0) {
4189 			idx--;
4190 			break;
4191 		}
4192 	}
4193 
4194 	spin_unlock_bh(&rdev->bss_lock);
4195 	wdev_unlock(wdev);
4196 
4197 	cb->args[1] = idx;
4198 	nl80211_finish_netdev_dump(rdev);
4199 
4200 	return skb->len;
4201 }
4202 
4203 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
4204 				int flags, struct net_device *dev,
4205 				struct survey_info *survey)
4206 {
4207 	void *hdr;
4208 	struct nlattr *infoattr;
4209 
4210 	hdr = nl80211hdr_put(msg, pid, seq, flags,
4211 			     NL80211_CMD_NEW_SURVEY_RESULTS);
4212 	if (!hdr)
4213 		return -ENOMEM;
4214 
4215 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
4216 
4217 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
4218 	if (!infoattr)
4219 		goto nla_put_failure;
4220 
4221 	NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY,
4222 		    survey->channel->center_freq);
4223 	if (survey->filled & SURVEY_INFO_NOISE_DBM)
4224 		NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE,
4225 			    survey->noise);
4226 	if (survey->filled & SURVEY_INFO_IN_USE)
4227 		NLA_PUT_FLAG(msg, NL80211_SURVEY_INFO_IN_USE);
4228 	if (survey->filled & SURVEY_INFO_CHANNEL_TIME)
4229 		NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
4230 			    survey->channel_time);
4231 	if (survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY)
4232 		NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
4233 			    survey->channel_time_busy);
4234 	if (survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY)
4235 		NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
4236 			    survey->channel_time_ext_busy);
4237 	if (survey->filled & SURVEY_INFO_CHANNEL_TIME_RX)
4238 		NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
4239 			    survey->channel_time_rx);
4240 	if (survey->filled & SURVEY_INFO_CHANNEL_TIME_TX)
4241 		NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
4242 			    survey->channel_time_tx);
4243 
4244 	nla_nest_end(msg, infoattr);
4245 
4246 	return genlmsg_end(msg, hdr);
4247 
4248  nla_put_failure:
4249 	genlmsg_cancel(msg, hdr);
4250 	return -EMSGSIZE;
4251 }
4252 
4253 static int nl80211_dump_survey(struct sk_buff *skb,
4254 			struct netlink_callback *cb)
4255 {
4256 	struct survey_info survey;
4257 	struct cfg80211_registered_device *dev;
4258 	struct net_device *netdev;
4259 	int survey_idx = cb->args[1];
4260 	int res;
4261 
4262 	res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
4263 	if (res)
4264 		return res;
4265 
4266 	if (!dev->ops->dump_survey) {
4267 		res = -EOPNOTSUPP;
4268 		goto out_err;
4269 	}
4270 
4271 	while (1) {
4272 		struct ieee80211_channel *chan;
4273 
4274 		res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
4275 					    &survey);
4276 		if (res == -ENOENT)
4277 			break;
4278 		if (res)
4279 			goto out_err;
4280 
4281 		/* Survey without a channel doesn't make sense */
4282 		if (!survey.channel) {
4283 			res = -EINVAL;
4284 			goto out;
4285 		}
4286 
4287 		chan = ieee80211_get_channel(&dev->wiphy,
4288 					     survey.channel->center_freq);
4289 		if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
4290 			survey_idx++;
4291 			continue;
4292 		}
4293 
4294 		if (nl80211_send_survey(skb,
4295 				NETLINK_CB(cb->skb).pid,
4296 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
4297 				netdev,
4298 				&survey) < 0)
4299 			goto out;
4300 		survey_idx++;
4301 	}
4302 
4303  out:
4304 	cb->args[1] = survey_idx;
4305 	res = skb->len;
4306  out_err:
4307 	nl80211_finish_netdev_dump(dev);
4308 	return res;
4309 }
4310 
4311 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
4312 {
4313 	return auth_type <= NL80211_AUTHTYPE_MAX;
4314 }
4315 
4316 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
4317 {
4318 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
4319 				  NL80211_WPA_VERSION_2));
4320 }
4321 
4322 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
4323 {
4324 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4325 	struct net_device *dev = info->user_ptr[1];
4326 	struct ieee80211_channel *chan;
4327 	const u8 *bssid, *ssid, *ie = NULL;
4328 	int err, ssid_len, ie_len = 0;
4329 	enum nl80211_auth_type auth_type;
4330 	struct key_parse key;
4331 	bool local_state_change;
4332 
4333 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4334 		return -EINVAL;
4335 
4336 	if (!info->attrs[NL80211_ATTR_MAC])
4337 		return -EINVAL;
4338 
4339 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
4340 		return -EINVAL;
4341 
4342 	if (!info->attrs[NL80211_ATTR_SSID])
4343 		return -EINVAL;
4344 
4345 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
4346 		return -EINVAL;
4347 
4348 	err = nl80211_parse_key(info, &key);
4349 	if (err)
4350 		return err;
4351 
4352 	if (key.idx >= 0) {
4353 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
4354 			return -EINVAL;
4355 		if (!key.p.key || !key.p.key_len)
4356 			return -EINVAL;
4357 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
4358 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
4359 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
4360 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
4361 			return -EINVAL;
4362 		if (key.idx > 4)
4363 			return -EINVAL;
4364 	} else {
4365 		key.p.key_len = 0;
4366 		key.p.key = NULL;
4367 	}
4368 
4369 	if (key.idx >= 0) {
4370 		int i;
4371 		bool ok = false;
4372 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
4373 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
4374 				ok = true;
4375 				break;
4376 			}
4377 		}
4378 		if (!ok)
4379 			return -EINVAL;
4380 	}
4381 
4382 	if (!rdev->ops->auth)
4383 		return -EOPNOTSUPP;
4384 
4385 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4386 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4387 		return -EOPNOTSUPP;
4388 
4389 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4390 	chan = ieee80211_get_channel(&rdev->wiphy,
4391 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4392 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4393 		return -EINVAL;
4394 
4395 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4396 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4397 
4398 	if (info->attrs[NL80211_ATTR_IE]) {
4399 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4400 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4401 	}
4402 
4403 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4404 	if (!nl80211_valid_auth_type(auth_type))
4405 		return -EINVAL;
4406 
4407 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4408 
4409 	return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
4410 				  ssid, ssid_len, ie, ie_len,
4411 				  key.p.key, key.p.key_len, key.idx,
4412 				  local_state_change);
4413 }
4414 
4415 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
4416 				   struct genl_info *info,
4417 				   struct cfg80211_crypto_settings *settings,
4418 				   int cipher_limit)
4419 {
4420 	memset(settings, 0, sizeof(*settings));
4421 
4422 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
4423 
4424 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
4425 		u16 proto;
4426 		proto = nla_get_u16(
4427 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
4428 		settings->control_port_ethertype = cpu_to_be16(proto);
4429 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
4430 		    proto != ETH_P_PAE)
4431 			return -EINVAL;
4432 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
4433 			settings->control_port_no_encrypt = true;
4434 	} else
4435 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
4436 
4437 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
4438 		void *data;
4439 		int len, i;
4440 
4441 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4442 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4443 		settings->n_ciphers_pairwise = len / sizeof(u32);
4444 
4445 		if (len % sizeof(u32))
4446 			return -EINVAL;
4447 
4448 		if (settings->n_ciphers_pairwise > cipher_limit)
4449 			return -EINVAL;
4450 
4451 		memcpy(settings->ciphers_pairwise, data, len);
4452 
4453 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
4454 			if (!cfg80211_supported_cipher_suite(
4455 					&rdev->wiphy,
4456 					settings->ciphers_pairwise[i]))
4457 				return -EINVAL;
4458 	}
4459 
4460 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
4461 		settings->cipher_group =
4462 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
4463 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
4464 						     settings->cipher_group))
4465 			return -EINVAL;
4466 	}
4467 
4468 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
4469 		settings->wpa_versions =
4470 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
4471 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
4472 			return -EINVAL;
4473 	}
4474 
4475 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
4476 		void *data;
4477 		int len;
4478 
4479 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
4480 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
4481 		settings->n_akm_suites = len / sizeof(u32);
4482 
4483 		if (len % sizeof(u32))
4484 			return -EINVAL;
4485 
4486 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
4487 			return -EINVAL;
4488 
4489 		memcpy(settings->akm_suites, data, len);
4490 	}
4491 
4492 	return 0;
4493 }
4494 
4495 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
4496 {
4497 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4498 	struct net_device *dev = info->user_ptr[1];
4499 	struct cfg80211_crypto_settings crypto;
4500 	struct ieee80211_channel *chan;
4501 	const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
4502 	int err, ssid_len, ie_len = 0;
4503 	bool use_mfp = false;
4504 	u32 flags = 0;
4505 	struct ieee80211_ht_cap *ht_capa = NULL;
4506 	struct ieee80211_ht_cap *ht_capa_mask = NULL;
4507 
4508 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4509 		return -EINVAL;
4510 
4511 	if (!info->attrs[NL80211_ATTR_MAC] ||
4512 	    !info->attrs[NL80211_ATTR_SSID] ||
4513 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4514 		return -EINVAL;
4515 
4516 	if (!rdev->ops->assoc)
4517 		return -EOPNOTSUPP;
4518 
4519 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4520 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4521 		return -EOPNOTSUPP;
4522 
4523 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4524 
4525 	chan = ieee80211_get_channel(&rdev->wiphy,
4526 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4527 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4528 		return -EINVAL;
4529 
4530 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4531 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4532 
4533 	if (info->attrs[NL80211_ATTR_IE]) {
4534 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4535 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4536 	}
4537 
4538 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
4539 		enum nl80211_mfp mfp =
4540 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
4541 		if (mfp == NL80211_MFP_REQUIRED)
4542 			use_mfp = true;
4543 		else if (mfp != NL80211_MFP_NO)
4544 			return -EINVAL;
4545 	}
4546 
4547 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
4548 		prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
4549 
4550 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
4551 		flags |= ASSOC_REQ_DISABLE_HT;
4552 
4553 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
4554 		ht_capa_mask =
4555 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]);
4556 
4557 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
4558 		if (!ht_capa_mask)
4559 			return -EINVAL;
4560 		ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4561 	}
4562 
4563 	err = nl80211_crypto_settings(rdev, info, &crypto, 1);
4564 	if (!err)
4565 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
4566 					  ssid, ssid_len, ie, ie_len, use_mfp,
4567 					  &crypto, flags, ht_capa,
4568 					  ht_capa_mask);
4569 
4570 	return err;
4571 }
4572 
4573 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
4574 {
4575 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4576 	struct net_device *dev = info->user_ptr[1];
4577 	const u8 *ie = NULL, *bssid;
4578 	int ie_len = 0;
4579 	u16 reason_code;
4580 	bool local_state_change;
4581 
4582 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4583 		return -EINVAL;
4584 
4585 	if (!info->attrs[NL80211_ATTR_MAC])
4586 		return -EINVAL;
4587 
4588 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
4589 		return -EINVAL;
4590 
4591 	if (!rdev->ops->deauth)
4592 		return -EOPNOTSUPP;
4593 
4594 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4595 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4596 		return -EOPNOTSUPP;
4597 
4598 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4599 
4600 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4601 	if (reason_code == 0) {
4602 		/* Reason Code 0 is reserved */
4603 		return -EINVAL;
4604 	}
4605 
4606 	if (info->attrs[NL80211_ATTR_IE]) {
4607 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4608 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4609 	}
4610 
4611 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4612 
4613 	return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
4614 				    local_state_change);
4615 }
4616 
4617 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
4618 {
4619 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4620 	struct net_device *dev = info->user_ptr[1];
4621 	const u8 *ie = NULL, *bssid;
4622 	int ie_len = 0;
4623 	u16 reason_code;
4624 	bool local_state_change;
4625 
4626 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4627 		return -EINVAL;
4628 
4629 	if (!info->attrs[NL80211_ATTR_MAC])
4630 		return -EINVAL;
4631 
4632 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
4633 		return -EINVAL;
4634 
4635 	if (!rdev->ops->disassoc)
4636 		return -EOPNOTSUPP;
4637 
4638 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4639 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4640 		return -EOPNOTSUPP;
4641 
4642 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4643 
4644 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4645 	if (reason_code == 0) {
4646 		/* Reason Code 0 is reserved */
4647 		return -EINVAL;
4648 	}
4649 
4650 	if (info->attrs[NL80211_ATTR_IE]) {
4651 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4652 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4653 	}
4654 
4655 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4656 
4657 	return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
4658 				      local_state_change);
4659 }
4660 
4661 static bool
4662 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
4663 			 int mcast_rate[IEEE80211_NUM_BANDS],
4664 			 int rateval)
4665 {
4666 	struct wiphy *wiphy = &rdev->wiphy;
4667 	bool found = false;
4668 	int band, i;
4669 
4670 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4671 		struct ieee80211_supported_band *sband;
4672 
4673 		sband = wiphy->bands[band];
4674 		if (!sband)
4675 			continue;
4676 
4677 		for (i = 0; i < sband->n_bitrates; i++) {
4678 			if (sband->bitrates[i].bitrate == rateval) {
4679 				mcast_rate[band] = i + 1;
4680 				found = true;
4681 				break;
4682 			}
4683 		}
4684 	}
4685 
4686 	return found;
4687 }
4688 
4689 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
4690 {
4691 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4692 	struct net_device *dev = info->user_ptr[1];
4693 	struct cfg80211_ibss_params ibss;
4694 	struct wiphy *wiphy;
4695 	struct cfg80211_cached_keys *connkeys = NULL;
4696 	int err;
4697 
4698 	memset(&ibss, 0, sizeof(ibss));
4699 
4700 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4701 		return -EINVAL;
4702 
4703 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4704 	    !info->attrs[NL80211_ATTR_SSID] ||
4705 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
4706 		return -EINVAL;
4707 
4708 	ibss.beacon_interval = 100;
4709 
4710 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
4711 		ibss.beacon_interval =
4712 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4713 		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
4714 			return -EINVAL;
4715 	}
4716 
4717 	if (!rdev->ops->join_ibss)
4718 		return -EOPNOTSUPP;
4719 
4720 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4721 		return -EOPNOTSUPP;
4722 
4723 	wiphy = &rdev->wiphy;
4724 
4725 	if (info->attrs[NL80211_ATTR_MAC]) {
4726 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4727 
4728 		if (!is_valid_ether_addr(ibss.bssid))
4729 			return -EINVAL;
4730 	}
4731 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4732 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4733 
4734 	if (info->attrs[NL80211_ATTR_IE]) {
4735 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4736 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4737 	}
4738 
4739 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4740 		enum nl80211_channel_type channel_type;
4741 
4742 		channel_type = nla_get_u32(
4743 				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4744 		if (channel_type != NL80211_CHAN_NO_HT &&
4745 		    channel_type != NL80211_CHAN_HT20 &&
4746 		    channel_type != NL80211_CHAN_HT40MINUS &&
4747 		    channel_type != NL80211_CHAN_HT40PLUS)
4748 			return -EINVAL;
4749 
4750 		if (channel_type != NL80211_CHAN_NO_HT &&
4751 		    !(wiphy->features & NL80211_FEATURE_HT_IBSS))
4752 			return -EINVAL;
4753 
4754 		ibss.channel_type = channel_type;
4755 	} else {
4756 		ibss.channel_type = NL80211_CHAN_NO_HT;
4757 	}
4758 
4759 	ibss.channel = rdev_freq_to_chan(rdev,
4760 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]),
4761 		ibss.channel_type);
4762 	if (!ibss.channel ||
4763 	    ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
4764 	    ibss.channel->flags & IEEE80211_CHAN_DISABLED)
4765 		return -EINVAL;
4766 
4767 	/* Both channels should be able to initiate communication */
4768 	if ((ibss.channel_type == NL80211_CHAN_HT40PLUS ||
4769 	     ibss.channel_type == NL80211_CHAN_HT40MINUS) &&
4770 	    !cfg80211_can_beacon_sec_chan(&rdev->wiphy, ibss.channel,
4771 					  ibss.channel_type))
4772 		return -EINVAL;
4773 
4774 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
4775 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4776 
4777 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4778 		u8 *rates =
4779 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4780 		int n_rates =
4781 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4782 		struct ieee80211_supported_band *sband =
4783 			wiphy->bands[ibss.channel->band];
4784 		int err;
4785 
4786 		err = ieee80211_get_ratemask(sband, rates, n_rates,
4787 					     &ibss.basic_rates);
4788 		if (err)
4789 			return err;
4790 	}
4791 
4792 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
4793 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
4794 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
4795 		return -EINVAL;
4796 
4797 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4798 		connkeys = nl80211_parse_connkeys(rdev,
4799 					info->attrs[NL80211_ATTR_KEYS]);
4800 		if (IS_ERR(connkeys))
4801 			return PTR_ERR(connkeys);
4802 	}
4803 
4804 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
4805 	if (err)
4806 		kfree(connkeys);
4807 	return err;
4808 }
4809 
4810 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
4811 {
4812 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4813 	struct net_device *dev = info->user_ptr[1];
4814 
4815 	if (!rdev->ops->leave_ibss)
4816 		return -EOPNOTSUPP;
4817 
4818 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4819 		return -EOPNOTSUPP;
4820 
4821 	return cfg80211_leave_ibss(rdev, dev, false);
4822 }
4823 
4824 #ifdef CONFIG_NL80211_TESTMODE
4825 static struct genl_multicast_group nl80211_testmode_mcgrp = {
4826 	.name = "testmode",
4827 };
4828 
4829 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
4830 {
4831 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4832 	int err;
4833 
4834 	if (!info->attrs[NL80211_ATTR_TESTDATA])
4835 		return -EINVAL;
4836 
4837 	err = -EOPNOTSUPP;
4838 	if (rdev->ops->testmode_cmd) {
4839 		rdev->testmode_info = info;
4840 		err = rdev->ops->testmode_cmd(&rdev->wiphy,
4841 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
4842 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
4843 		rdev->testmode_info = NULL;
4844 	}
4845 
4846 	return err;
4847 }
4848 
4849 static int nl80211_testmode_dump(struct sk_buff *skb,
4850 				 struct netlink_callback *cb)
4851 {
4852 	struct cfg80211_registered_device *rdev;
4853 	int err;
4854 	long phy_idx;
4855 	void *data = NULL;
4856 	int data_len = 0;
4857 
4858 	if (cb->args[0]) {
4859 		/*
4860 		 * 0 is a valid index, but not valid for args[0],
4861 		 * so we need to offset by 1.
4862 		 */
4863 		phy_idx = cb->args[0] - 1;
4864 	} else {
4865 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
4866 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
4867 				  nl80211_policy);
4868 		if (err)
4869 			return err;
4870 		if (nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]) {
4871 			phy_idx = nla_get_u32(
4872 				nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]);
4873 		} else {
4874 			struct net_device *netdev;
4875 
4876 			err = get_rdev_dev_by_ifindex(sock_net(skb->sk),
4877 						      nl80211_fam.attrbuf,
4878 						      &rdev, &netdev);
4879 			if (err)
4880 				return err;
4881 			dev_put(netdev);
4882 			phy_idx = rdev->wiphy_idx;
4883 			cfg80211_unlock_rdev(rdev);
4884 		}
4885 		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
4886 			cb->args[1] =
4887 				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
4888 	}
4889 
4890 	if (cb->args[1]) {
4891 		data = nla_data((void *)cb->args[1]);
4892 		data_len = nla_len((void *)cb->args[1]);
4893 	}
4894 
4895 	mutex_lock(&cfg80211_mutex);
4896 	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
4897 	if (!rdev) {
4898 		mutex_unlock(&cfg80211_mutex);
4899 		return -ENOENT;
4900 	}
4901 	cfg80211_lock_rdev(rdev);
4902 	mutex_unlock(&cfg80211_mutex);
4903 
4904 	if (!rdev->ops->testmode_dump) {
4905 		err = -EOPNOTSUPP;
4906 		goto out_err;
4907 	}
4908 
4909 	while (1) {
4910 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid,
4911 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
4912 					   NL80211_CMD_TESTMODE);
4913 		struct nlattr *tmdata;
4914 
4915 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx) < 0) {
4916 			genlmsg_cancel(skb, hdr);
4917 			break;
4918 		}
4919 
4920 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4921 		if (!tmdata) {
4922 			genlmsg_cancel(skb, hdr);
4923 			break;
4924 		}
4925 		err = rdev->ops->testmode_dump(&rdev->wiphy, skb, cb,
4926 					       data, data_len);
4927 		nla_nest_end(skb, tmdata);
4928 
4929 		if (err == -ENOBUFS || err == -ENOENT) {
4930 			genlmsg_cancel(skb, hdr);
4931 			break;
4932 		} else if (err) {
4933 			genlmsg_cancel(skb, hdr);
4934 			goto out_err;
4935 		}
4936 
4937 		genlmsg_end(skb, hdr);
4938 	}
4939 
4940 	err = skb->len;
4941 	/* see above */
4942 	cb->args[0] = phy_idx + 1;
4943  out_err:
4944 	cfg80211_unlock_rdev(rdev);
4945 	return err;
4946 }
4947 
4948 static struct sk_buff *
4949 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
4950 			      int approxlen, u32 pid, u32 seq, gfp_t gfp)
4951 {
4952 	struct sk_buff *skb;
4953 	void *hdr;
4954 	struct nlattr *data;
4955 
4956 	skb = nlmsg_new(approxlen + 100, gfp);
4957 	if (!skb)
4958 		return NULL;
4959 
4960 	hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
4961 	if (!hdr) {
4962 		kfree_skb(skb);
4963 		return NULL;
4964 	}
4965 
4966 	NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4967 	data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4968 
4969 	((void **)skb->cb)[0] = rdev;
4970 	((void **)skb->cb)[1] = hdr;
4971 	((void **)skb->cb)[2] = data;
4972 
4973 	return skb;
4974 
4975  nla_put_failure:
4976 	kfree_skb(skb);
4977 	return NULL;
4978 }
4979 
4980 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
4981 						  int approxlen)
4982 {
4983 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4984 
4985 	if (WARN_ON(!rdev->testmode_info))
4986 		return NULL;
4987 
4988 	return __cfg80211_testmode_alloc_skb(rdev, approxlen,
4989 				rdev->testmode_info->snd_pid,
4990 				rdev->testmode_info->snd_seq,
4991 				GFP_KERNEL);
4992 }
4993 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
4994 
4995 int cfg80211_testmode_reply(struct sk_buff *skb)
4996 {
4997 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
4998 	void *hdr = ((void **)skb->cb)[1];
4999 	struct nlattr *data = ((void **)skb->cb)[2];
5000 
5001 	if (WARN_ON(!rdev->testmode_info)) {
5002 		kfree_skb(skb);
5003 		return -EINVAL;
5004 	}
5005 
5006 	nla_nest_end(skb, data);
5007 	genlmsg_end(skb, hdr);
5008 	return genlmsg_reply(skb, rdev->testmode_info);
5009 }
5010 EXPORT_SYMBOL(cfg80211_testmode_reply);
5011 
5012 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
5013 						  int approxlen, gfp_t gfp)
5014 {
5015 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
5016 
5017 	return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
5018 }
5019 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
5020 
5021 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
5022 {
5023 	void *hdr = ((void **)skb->cb)[1];
5024 	struct nlattr *data = ((void **)skb->cb)[2];
5025 
5026 	nla_nest_end(skb, data);
5027 	genlmsg_end(skb, hdr);
5028 	genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
5029 }
5030 EXPORT_SYMBOL(cfg80211_testmode_event);
5031 #endif
5032 
5033 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
5034 {
5035 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5036 	struct net_device *dev = info->user_ptr[1];
5037 	struct cfg80211_connect_params connect;
5038 	struct wiphy *wiphy;
5039 	struct cfg80211_cached_keys *connkeys = NULL;
5040 	int err;
5041 
5042 	memset(&connect, 0, sizeof(connect));
5043 
5044 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5045 		return -EINVAL;
5046 
5047 	if (!info->attrs[NL80211_ATTR_SSID] ||
5048 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
5049 		return -EINVAL;
5050 
5051 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
5052 		connect.auth_type =
5053 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
5054 		if (!nl80211_valid_auth_type(connect.auth_type))
5055 			return -EINVAL;
5056 	} else
5057 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
5058 
5059 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
5060 
5061 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
5062 				      NL80211_MAX_NR_CIPHER_SUITES);
5063 	if (err)
5064 		return err;
5065 
5066 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5067 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5068 		return -EOPNOTSUPP;
5069 
5070 	wiphy = &rdev->wiphy;
5071 
5072 	if (info->attrs[NL80211_ATTR_MAC])
5073 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5074 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5075 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
5076 
5077 	if (info->attrs[NL80211_ATTR_IE]) {
5078 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5079 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5080 	}
5081 
5082 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
5083 		connect.channel =
5084 			ieee80211_get_channel(wiphy,
5085 			    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
5086 		if (!connect.channel ||
5087 		    connect.channel->flags & IEEE80211_CHAN_DISABLED)
5088 			return -EINVAL;
5089 	}
5090 
5091 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
5092 		connkeys = nl80211_parse_connkeys(rdev,
5093 					info->attrs[NL80211_ATTR_KEYS]);
5094 		if (IS_ERR(connkeys))
5095 			return PTR_ERR(connkeys);
5096 	}
5097 
5098 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
5099 		connect.flags |= ASSOC_REQ_DISABLE_HT;
5100 
5101 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
5102 		memcpy(&connect.ht_capa_mask,
5103 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
5104 		       sizeof(connect.ht_capa_mask));
5105 
5106 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
5107 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
5108 			return -EINVAL;
5109 		memcpy(&connect.ht_capa,
5110 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
5111 		       sizeof(connect.ht_capa));
5112 	}
5113 
5114 	err = cfg80211_connect(rdev, dev, &connect, connkeys);
5115 	if (err)
5116 		kfree(connkeys);
5117 	return err;
5118 }
5119 
5120 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
5121 {
5122 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5123 	struct net_device *dev = info->user_ptr[1];
5124 	u16 reason;
5125 
5126 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
5127 		reason = WLAN_REASON_DEAUTH_LEAVING;
5128 	else
5129 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5130 
5131 	if (reason == 0)
5132 		return -EINVAL;
5133 
5134 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5135 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5136 		return -EOPNOTSUPP;
5137 
5138 	return cfg80211_disconnect(rdev, dev, reason, true);
5139 }
5140 
5141 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
5142 {
5143 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5144 	struct net *net;
5145 	int err;
5146 	u32 pid;
5147 
5148 	if (!info->attrs[NL80211_ATTR_PID])
5149 		return -EINVAL;
5150 
5151 	pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
5152 
5153 	net = get_net_ns_by_pid(pid);
5154 	if (IS_ERR(net))
5155 		return PTR_ERR(net);
5156 
5157 	err = 0;
5158 
5159 	/* check if anything to do */
5160 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
5161 		err = cfg80211_switch_netns(rdev, net);
5162 
5163 	put_net(net);
5164 	return err;
5165 }
5166 
5167 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
5168 {
5169 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5170 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
5171 			struct cfg80211_pmksa *pmksa) = NULL;
5172 	struct net_device *dev = info->user_ptr[1];
5173 	struct cfg80211_pmksa pmksa;
5174 
5175 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
5176 
5177 	if (!info->attrs[NL80211_ATTR_MAC])
5178 		return -EINVAL;
5179 
5180 	if (!info->attrs[NL80211_ATTR_PMKID])
5181 		return -EINVAL;
5182 
5183 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
5184 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5185 
5186 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5187 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5188 		return -EOPNOTSUPP;
5189 
5190 	switch (info->genlhdr->cmd) {
5191 	case NL80211_CMD_SET_PMKSA:
5192 		rdev_ops = rdev->ops->set_pmksa;
5193 		break;
5194 	case NL80211_CMD_DEL_PMKSA:
5195 		rdev_ops = rdev->ops->del_pmksa;
5196 		break;
5197 	default:
5198 		WARN_ON(1);
5199 		break;
5200 	}
5201 
5202 	if (!rdev_ops)
5203 		return -EOPNOTSUPP;
5204 
5205 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
5206 }
5207 
5208 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
5209 {
5210 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5211 	struct net_device *dev = info->user_ptr[1];
5212 
5213 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5214 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5215 		return -EOPNOTSUPP;
5216 
5217 	if (!rdev->ops->flush_pmksa)
5218 		return -EOPNOTSUPP;
5219 
5220 	return rdev->ops->flush_pmksa(&rdev->wiphy, dev);
5221 }
5222 
5223 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
5224 {
5225 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5226 	struct net_device *dev = info->user_ptr[1];
5227 	u8 action_code, dialog_token;
5228 	u16 status_code;
5229 	u8 *peer;
5230 
5231 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
5232 	    !rdev->ops->tdls_mgmt)
5233 		return -EOPNOTSUPP;
5234 
5235 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
5236 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
5237 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
5238 	    !info->attrs[NL80211_ATTR_IE] ||
5239 	    !info->attrs[NL80211_ATTR_MAC])
5240 		return -EINVAL;
5241 
5242 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
5243 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
5244 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
5245 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
5246 
5247 	return rdev->ops->tdls_mgmt(&rdev->wiphy, dev, peer, action_code,
5248 				    dialog_token, status_code,
5249 				    nla_data(info->attrs[NL80211_ATTR_IE]),
5250 				    nla_len(info->attrs[NL80211_ATTR_IE]));
5251 }
5252 
5253 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
5254 {
5255 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5256 	struct net_device *dev = info->user_ptr[1];
5257 	enum nl80211_tdls_operation operation;
5258 	u8 *peer;
5259 
5260 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
5261 	    !rdev->ops->tdls_oper)
5262 		return -EOPNOTSUPP;
5263 
5264 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
5265 	    !info->attrs[NL80211_ATTR_MAC])
5266 		return -EINVAL;
5267 
5268 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
5269 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
5270 
5271 	return rdev->ops->tdls_oper(&rdev->wiphy, dev, peer, operation);
5272 }
5273 
5274 static int nl80211_remain_on_channel(struct sk_buff *skb,
5275 				     struct genl_info *info)
5276 {
5277 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5278 	struct net_device *dev = info->user_ptr[1];
5279 	struct ieee80211_channel *chan;
5280 	struct sk_buff *msg;
5281 	void *hdr;
5282 	u64 cookie;
5283 	enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
5284 	u32 freq, duration;
5285 	int err;
5286 
5287 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
5288 	    !info->attrs[NL80211_ATTR_DURATION])
5289 		return -EINVAL;
5290 
5291 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
5292 
5293 	/*
5294 	 * We should be on that channel for at least one jiffie,
5295 	 * and more than 5 seconds seems excessive.
5296 	 */
5297 	if (!duration || !msecs_to_jiffies(duration) ||
5298 	    duration > rdev->wiphy.max_remain_on_channel_duration)
5299 		return -EINVAL;
5300 
5301 	if (!rdev->ops->remain_on_channel ||
5302 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
5303 		return -EOPNOTSUPP;
5304 
5305 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
5306 		channel_type = nla_get_u32(
5307 			info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
5308 		if (channel_type != NL80211_CHAN_NO_HT &&
5309 		    channel_type != NL80211_CHAN_HT20 &&
5310 		    channel_type != NL80211_CHAN_HT40PLUS &&
5311 		    channel_type != NL80211_CHAN_HT40MINUS)
5312 			return -EINVAL;
5313 	}
5314 
5315 	freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
5316 	chan = rdev_freq_to_chan(rdev, freq, channel_type);
5317 	if (chan == NULL)
5318 		return -EINVAL;
5319 
5320 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5321 	if (!msg)
5322 		return -ENOMEM;
5323 
5324 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5325 			     NL80211_CMD_REMAIN_ON_CHANNEL);
5326 
5327 	if (IS_ERR(hdr)) {
5328 		err = PTR_ERR(hdr);
5329 		goto free_msg;
5330 	}
5331 
5332 	err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan,
5333 					   channel_type, duration, &cookie);
5334 
5335 	if (err)
5336 		goto free_msg;
5337 
5338 	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5339 
5340 	genlmsg_end(msg, hdr);
5341 
5342 	return genlmsg_reply(msg, info);
5343 
5344  nla_put_failure:
5345 	err = -ENOBUFS;
5346  free_msg:
5347 	nlmsg_free(msg);
5348 	return err;
5349 }
5350 
5351 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
5352 					    struct genl_info *info)
5353 {
5354 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5355 	struct net_device *dev = info->user_ptr[1];
5356 	u64 cookie;
5357 
5358 	if (!info->attrs[NL80211_ATTR_COOKIE])
5359 		return -EINVAL;
5360 
5361 	if (!rdev->ops->cancel_remain_on_channel)
5362 		return -EOPNOTSUPP;
5363 
5364 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5365 
5366 	return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie);
5367 }
5368 
5369 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
5370 			   u8 *rates, u8 rates_len)
5371 {
5372 	u8 i;
5373 	u32 mask = 0;
5374 
5375 	for (i = 0; i < rates_len; i++) {
5376 		int rate = (rates[i] & 0x7f) * 5;
5377 		int ridx;
5378 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
5379 			struct ieee80211_rate *srate =
5380 				&sband->bitrates[ridx];
5381 			if (rate == srate->bitrate) {
5382 				mask |= 1 << ridx;
5383 				break;
5384 			}
5385 		}
5386 		if (ridx == sband->n_bitrates)
5387 			return 0; /* rate not found */
5388 	}
5389 
5390 	return mask;
5391 }
5392 
5393 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
5394 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
5395 				    .len = NL80211_MAX_SUPP_RATES },
5396 };
5397 
5398 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
5399 				       struct genl_info *info)
5400 {
5401 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
5402 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5403 	struct cfg80211_bitrate_mask mask;
5404 	int rem, i;
5405 	struct net_device *dev = info->user_ptr[1];
5406 	struct nlattr *tx_rates;
5407 	struct ieee80211_supported_band *sband;
5408 
5409 	if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
5410 		return -EINVAL;
5411 
5412 	if (!rdev->ops->set_bitrate_mask)
5413 		return -EOPNOTSUPP;
5414 
5415 	memset(&mask, 0, sizeof(mask));
5416 	/* Default to all rates enabled */
5417 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
5418 		sband = rdev->wiphy.bands[i];
5419 		mask.control[i].legacy =
5420 			sband ? (1 << sband->n_bitrates) - 1 : 0;
5421 	}
5422 
5423 	/*
5424 	 * The nested attribute uses enum nl80211_band as the index. This maps
5425 	 * directly to the enum ieee80211_band values used in cfg80211.
5426 	 */
5427 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
5428 	{
5429 		enum ieee80211_band band = nla_type(tx_rates);
5430 		if (band < 0 || band >= IEEE80211_NUM_BANDS)
5431 			return -EINVAL;
5432 		sband = rdev->wiphy.bands[band];
5433 		if (sband == NULL)
5434 			return -EINVAL;
5435 		nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
5436 			  nla_len(tx_rates), nl80211_txattr_policy);
5437 		if (tb[NL80211_TXRATE_LEGACY]) {
5438 			mask.control[band].legacy = rateset_to_mask(
5439 				sband,
5440 				nla_data(tb[NL80211_TXRATE_LEGACY]),
5441 				nla_len(tb[NL80211_TXRATE_LEGACY]));
5442 			if (mask.control[band].legacy == 0)
5443 				return -EINVAL;
5444 		}
5445 	}
5446 
5447 	return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask);
5448 }
5449 
5450 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
5451 {
5452 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5453 	struct net_device *dev = info->user_ptr[1];
5454 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
5455 
5456 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
5457 		return -EINVAL;
5458 
5459 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
5460 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
5461 
5462 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5463 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5464 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5465 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5466 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5467 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5468 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5469 		return -EOPNOTSUPP;
5470 
5471 	/* not much point in registering if we can't reply */
5472 	if (!rdev->ops->mgmt_tx)
5473 		return -EOPNOTSUPP;
5474 
5475 	return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid,
5476 			frame_type,
5477 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
5478 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
5479 }
5480 
5481 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
5482 {
5483 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5484 	struct net_device *dev = info->user_ptr[1];
5485 	struct ieee80211_channel *chan;
5486 	enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
5487 	bool channel_type_valid = false;
5488 	u32 freq;
5489 	int err;
5490 	void *hdr = NULL;
5491 	u64 cookie;
5492 	struct sk_buff *msg = NULL;
5493 	unsigned int wait = 0;
5494 	bool offchan, no_cck, dont_wait_for_ack;
5495 
5496 	dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
5497 
5498 	if (!info->attrs[NL80211_ATTR_FRAME] ||
5499 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
5500 		return -EINVAL;
5501 
5502 	if (!rdev->ops->mgmt_tx)
5503 		return -EOPNOTSUPP;
5504 
5505 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5506 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5507 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5508 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5509 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5510 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5511 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5512 		return -EOPNOTSUPP;
5513 
5514 	if (info->attrs[NL80211_ATTR_DURATION]) {
5515 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
5516 			return -EINVAL;
5517 		wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
5518 	}
5519 
5520 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
5521 		channel_type = nla_get_u32(
5522 			info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
5523 		if (channel_type != NL80211_CHAN_NO_HT &&
5524 		    channel_type != NL80211_CHAN_HT20 &&
5525 		    channel_type != NL80211_CHAN_HT40PLUS &&
5526 		    channel_type != NL80211_CHAN_HT40MINUS)
5527 			return -EINVAL;
5528 		channel_type_valid = true;
5529 	}
5530 
5531 	offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
5532 
5533 	if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
5534 		return -EINVAL;
5535 
5536 	no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5537 
5538 	freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
5539 	chan = rdev_freq_to_chan(rdev, freq, channel_type);
5540 	if (chan == NULL)
5541 		return -EINVAL;
5542 
5543 	if (!dont_wait_for_ack) {
5544 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5545 		if (!msg)
5546 			return -ENOMEM;
5547 
5548 		hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5549 				     NL80211_CMD_FRAME);
5550 
5551 		if (IS_ERR(hdr)) {
5552 			err = PTR_ERR(hdr);
5553 			goto free_msg;
5554 		}
5555 	}
5556 
5557 	err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type,
5558 				    channel_type_valid, wait,
5559 				    nla_data(info->attrs[NL80211_ATTR_FRAME]),
5560 				    nla_len(info->attrs[NL80211_ATTR_FRAME]),
5561 				    no_cck, dont_wait_for_ack, &cookie);
5562 	if (err)
5563 		goto free_msg;
5564 
5565 	if (msg) {
5566 		NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5567 
5568 		genlmsg_end(msg, hdr);
5569 		return genlmsg_reply(msg, info);
5570 	}
5571 
5572 	return 0;
5573 
5574  nla_put_failure:
5575 	err = -ENOBUFS;
5576  free_msg:
5577 	nlmsg_free(msg);
5578 	return err;
5579 }
5580 
5581 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
5582 {
5583 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5584 	struct net_device *dev = info->user_ptr[1];
5585 	u64 cookie;
5586 
5587 	if (!info->attrs[NL80211_ATTR_COOKIE])
5588 		return -EINVAL;
5589 
5590 	if (!rdev->ops->mgmt_tx_cancel_wait)
5591 		return -EOPNOTSUPP;
5592 
5593 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5594 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5595 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5596 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5597 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5598 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5599 		return -EOPNOTSUPP;
5600 
5601 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5602 
5603 	return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie);
5604 }
5605 
5606 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
5607 {
5608 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5609 	struct wireless_dev *wdev;
5610 	struct net_device *dev = info->user_ptr[1];
5611 	u8 ps_state;
5612 	bool state;
5613 	int err;
5614 
5615 	if (!info->attrs[NL80211_ATTR_PS_STATE])
5616 		return -EINVAL;
5617 
5618 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
5619 
5620 	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
5621 		return -EINVAL;
5622 
5623 	wdev = dev->ieee80211_ptr;
5624 
5625 	if (!rdev->ops->set_power_mgmt)
5626 		return -EOPNOTSUPP;
5627 
5628 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
5629 
5630 	if (state == wdev->ps)
5631 		return 0;
5632 
5633 	err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state,
5634 					wdev->ps_timeout);
5635 	if (!err)
5636 		wdev->ps = state;
5637 	return err;
5638 }
5639 
5640 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
5641 {
5642 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5643 	enum nl80211_ps_state ps_state;
5644 	struct wireless_dev *wdev;
5645 	struct net_device *dev = info->user_ptr[1];
5646 	struct sk_buff *msg;
5647 	void *hdr;
5648 	int err;
5649 
5650 	wdev = dev->ieee80211_ptr;
5651 
5652 	if (!rdev->ops->set_power_mgmt)
5653 		return -EOPNOTSUPP;
5654 
5655 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5656 	if (!msg)
5657 		return -ENOMEM;
5658 
5659 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5660 			     NL80211_CMD_GET_POWER_SAVE);
5661 	if (!hdr) {
5662 		err = -ENOBUFS;
5663 		goto free_msg;
5664 	}
5665 
5666 	if (wdev->ps)
5667 		ps_state = NL80211_PS_ENABLED;
5668 	else
5669 		ps_state = NL80211_PS_DISABLED;
5670 
5671 	NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state);
5672 
5673 	genlmsg_end(msg, hdr);
5674 	return genlmsg_reply(msg, info);
5675 
5676  nla_put_failure:
5677 	err = -ENOBUFS;
5678  free_msg:
5679 	nlmsg_free(msg);
5680 	return err;
5681 }
5682 
5683 static struct nla_policy
5684 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
5685 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
5686 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
5687 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
5688 };
5689 
5690 static int nl80211_set_cqm_rssi(struct genl_info *info,
5691 				s32 threshold, u32 hysteresis)
5692 {
5693 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5694 	struct wireless_dev *wdev;
5695 	struct net_device *dev = info->user_ptr[1];
5696 
5697 	if (threshold > 0)
5698 		return -EINVAL;
5699 
5700 	wdev = dev->ieee80211_ptr;
5701 
5702 	if (!rdev->ops->set_cqm_rssi_config)
5703 		return -EOPNOTSUPP;
5704 
5705 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
5706 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
5707 		return -EOPNOTSUPP;
5708 
5709 	return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev,
5710 					      threshold, hysteresis);
5711 }
5712 
5713 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
5714 {
5715 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
5716 	struct nlattr *cqm;
5717 	int err;
5718 
5719 	cqm = info->attrs[NL80211_ATTR_CQM];
5720 	if (!cqm) {
5721 		err = -EINVAL;
5722 		goto out;
5723 	}
5724 
5725 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
5726 			       nl80211_attr_cqm_policy);
5727 	if (err)
5728 		goto out;
5729 
5730 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
5731 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
5732 		s32 threshold;
5733 		u32 hysteresis;
5734 		threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
5735 		hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
5736 		err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
5737 	} else
5738 		err = -EINVAL;
5739 
5740 out:
5741 	return err;
5742 }
5743 
5744 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
5745 {
5746 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5747 	struct net_device *dev = info->user_ptr[1];
5748 	struct mesh_config cfg;
5749 	struct mesh_setup setup;
5750 	int err;
5751 
5752 	/* start with default */
5753 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
5754 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
5755 
5756 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
5757 		/* and parse parameters if given */
5758 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
5759 		if (err)
5760 			return err;
5761 	}
5762 
5763 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
5764 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
5765 		return -EINVAL;
5766 
5767 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
5768 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
5769 
5770 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
5771 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
5772 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
5773 			return -EINVAL;
5774 
5775 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
5776 		/* parse additional setup parameters if given */
5777 		err = nl80211_parse_mesh_setup(info, &setup);
5778 		if (err)
5779 			return err;
5780 	}
5781 
5782 	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
5783 }
5784 
5785 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
5786 {
5787 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5788 	struct net_device *dev = info->user_ptr[1];
5789 
5790 	return cfg80211_leave_mesh(rdev, dev);
5791 }
5792 
5793 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
5794 {
5795 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5796 	struct sk_buff *msg;
5797 	void *hdr;
5798 
5799 	if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
5800 		return -EOPNOTSUPP;
5801 
5802 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5803 	if (!msg)
5804 		return -ENOMEM;
5805 
5806 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5807 			     NL80211_CMD_GET_WOWLAN);
5808 	if (!hdr)
5809 		goto nla_put_failure;
5810 
5811 	if (rdev->wowlan) {
5812 		struct nlattr *nl_wowlan;
5813 
5814 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
5815 		if (!nl_wowlan)
5816 			goto nla_put_failure;
5817 
5818 		if (rdev->wowlan->any)
5819 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
5820 		if (rdev->wowlan->disconnect)
5821 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
5822 		if (rdev->wowlan->magic_pkt)
5823 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
5824 		if (rdev->wowlan->gtk_rekey_failure)
5825 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE);
5826 		if (rdev->wowlan->eap_identity_req)
5827 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST);
5828 		if (rdev->wowlan->four_way_handshake)
5829 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE);
5830 		if (rdev->wowlan->rfkill_release)
5831 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE);
5832 		if (rdev->wowlan->n_patterns) {
5833 			struct nlattr *nl_pats, *nl_pat;
5834 			int i, pat_len;
5835 
5836 			nl_pats = nla_nest_start(msg,
5837 					NL80211_WOWLAN_TRIG_PKT_PATTERN);
5838 			if (!nl_pats)
5839 				goto nla_put_failure;
5840 
5841 			for (i = 0; i < rdev->wowlan->n_patterns; i++) {
5842 				nl_pat = nla_nest_start(msg, i + 1);
5843 				if (!nl_pat)
5844 					goto nla_put_failure;
5845 				pat_len = rdev->wowlan->patterns[i].pattern_len;
5846 				NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_MASK,
5847 					DIV_ROUND_UP(pat_len, 8),
5848 					rdev->wowlan->patterns[i].mask);
5849 				NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
5850 					pat_len,
5851 					rdev->wowlan->patterns[i].pattern);
5852 				nla_nest_end(msg, nl_pat);
5853 			}
5854 			nla_nest_end(msg, nl_pats);
5855 		}
5856 
5857 		nla_nest_end(msg, nl_wowlan);
5858 	}
5859 
5860 	genlmsg_end(msg, hdr);
5861 	return genlmsg_reply(msg, info);
5862 
5863 nla_put_failure:
5864 	nlmsg_free(msg);
5865 	return -ENOBUFS;
5866 }
5867 
5868 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
5869 {
5870 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5871 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
5872 	struct cfg80211_wowlan no_triggers = {};
5873 	struct cfg80211_wowlan new_triggers = {};
5874 	struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan;
5875 	int err, i;
5876 
5877 	if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
5878 		return -EOPNOTSUPP;
5879 
5880 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS])
5881 		goto no_triggers;
5882 
5883 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
5884 			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
5885 			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
5886 			nl80211_wowlan_policy);
5887 	if (err)
5888 		return err;
5889 
5890 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
5891 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
5892 			return -EINVAL;
5893 		new_triggers.any = true;
5894 	}
5895 
5896 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
5897 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
5898 			return -EINVAL;
5899 		new_triggers.disconnect = true;
5900 	}
5901 
5902 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
5903 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
5904 			return -EINVAL;
5905 		new_triggers.magic_pkt = true;
5906 	}
5907 
5908 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
5909 		return -EINVAL;
5910 
5911 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
5912 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
5913 			return -EINVAL;
5914 		new_triggers.gtk_rekey_failure = true;
5915 	}
5916 
5917 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
5918 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
5919 			return -EINVAL;
5920 		new_triggers.eap_identity_req = true;
5921 	}
5922 
5923 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
5924 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
5925 			return -EINVAL;
5926 		new_triggers.four_way_handshake = true;
5927 	}
5928 
5929 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
5930 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
5931 			return -EINVAL;
5932 		new_triggers.rfkill_release = true;
5933 	}
5934 
5935 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
5936 		struct nlattr *pat;
5937 		int n_patterns = 0;
5938 		int rem, pat_len, mask_len;
5939 		struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
5940 
5941 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
5942 				    rem)
5943 			n_patterns++;
5944 		if (n_patterns > wowlan->n_patterns)
5945 			return -EINVAL;
5946 
5947 		new_triggers.patterns = kcalloc(n_patterns,
5948 						sizeof(new_triggers.patterns[0]),
5949 						GFP_KERNEL);
5950 		if (!new_triggers.patterns)
5951 			return -ENOMEM;
5952 
5953 		new_triggers.n_patterns = n_patterns;
5954 		i = 0;
5955 
5956 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
5957 				    rem) {
5958 			nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
5959 				  nla_data(pat), nla_len(pat), NULL);
5960 			err = -EINVAL;
5961 			if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
5962 			    !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
5963 				goto error;
5964 			pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
5965 			mask_len = DIV_ROUND_UP(pat_len, 8);
5966 			if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
5967 			    mask_len)
5968 				goto error;
5969 			if (pat_len > wowlan->pattern_max_len ||
5970 			    pat_len < wowlan->pattern_min_len)
5971 				goto error;
5972 
5973 			new_triggers.patterns[i].mask =
5974 				kmalloc(mask_len + pat_len, GFP_KERNEL);
5975 			if (!new_triggers.patterns[i].mask) {
5976 				err = -ENOMEM;
5977 				goto error;
5978 			}
5979 			new_triggers.patterns[i].pattern =
5980 				new_triggers.patterns[i].mask + mask_len;
5981 			memcpy(new_triggers.patterns[i].mask,
5982 			       nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
5983 			       mask_len);
5984 			new_triggers.patterns[i].pattern_len = pat_len;
5985 			memcpy(new_triggers.patterns[i].pattern,
5986 			       nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
5987 			       pat_len);
5988 			i++;
5989 		}
5990 	}
5991 
5992 	if (memcmp(&new_triggers, &no_triggers, sizeof(new_triggers))) {
5993 		struct cfg80211_wowlan *ntrig;
5994 		ntrig = kmemdup(&new_triggers, sizeof(new_triggers),
5995 				GFP_KERNEL);
5996 		if (!ntrig) {
5997 			err = -ENOMEM;
5998 			goto error;
5999 		}
6000 		cfg80211_rdev_free_wowlan(rdev);
6001 		rdev->wowlan = ntrig;
6002 	} else {
6003  no_triggers:
6004 		cfg80211_rdev_free_wowlan(rdev);
6005 		rdev->wowlan = NULL;
6006 	}
6007 
6008 	return 0;
6009  error:
6010 	for (i = 0; i < new_triggers.n_patterns; i++)
6011 		kfree(new_triggers.patterns[i].mask);
6012 	kfree(new_triggers.patterns);
6013 	return err;
6014 }
6015 
6016 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
6017 {
6018 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6019 	struct net_device *dev = info->user_ptr[1];
6020 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6021 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
6022 	struct cfg80211_gtk_rekey_data rekey_data;
6023 	int err;
6024 
6025 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
6026 		return -EINVAL;
6027 
6028 	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
6029 			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
6030 			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
6031 			nl80211_rekey_policy);
6032 	if (err)
6033 		return err;
6034 
6035 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
6036 		return -ERANGE;
6037 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
6038 		return -ERANGE;
6039 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
6040 		return -ERANGE;
6041 
6042 	memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
6043 	       NL80211_KEK_LEN);
6044 	memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
6045 	       NL80211_KCK_LEN);
6046 	memcpy(rekey_data.replay_ctr,
6047 	       nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
6048 	       NL80211_REPLAY_CTR_LEN);
6049 
6050 	wdev_lock(wdev);
6051 	if (!wdev->current_bss) {
6052 		err = -ENOTCONN;
6053 		goto out;
6054 	}
6055 
6056 	if (!rdev->ops->set_rekey_data) {
6057 		err = -EOPNOTSUPP;
6058 		goto out;
6059 	}
6060 
6061 	err = rdev->ops->set_rekey_data(&rdev->wiphy, dev, &rekey_data);
6062  out:
6063 	wdev_unlock(wdev);
6064 	return err;
6065 }
6066 
6067 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
6068 					     struct genl_info *info)
6069 {
6070 	struct net_device *dev = info->user_ptr[1];
6071 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6072 
6073 	if (wdev->iftype != NL80211_IFTYPE_AP &&
6074 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
6075 		return -EINVAL;
6076 
6077 	if (wdev->ap_unexpected_nlpid)
6078 		return -EBUSY;
6079 
6080 	wdev->ap_unexpected_nlpid = info->snd_pid;
6081 	return 0;
6082 }
6083 
6084 static int nl80211_probe_client(struct sk_buff *skb,
6085 				struct genl_info *info)
6086 {
6087 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6088 	struct net_device *dev = info->user_ptr[1];
6089 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6090 	struct sk_buff *msg;
6091 	void *hdr;
6092 	const u8 *addr;
6093 	u64 cookie;
6094 	int err;
6095 
6096 	if (wdev->iftype != NL80211_IFTYPE_AP &&
6097 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
6098 		return -EOPNOTSUPP;
6099 
6100 	if (!info->attrs[NL80211_ATTR_MAC])
6101 		return -EINVAL;
6102 
6103 	if (!rdev->ops->probe_client)
6104 		return -EOPNOTSUPP;
6105 
6106 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6107 	if (!msg)
6108 		return -ENOMEM;
6109 
6110 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
6111 			     NL80211_CMD_PROBE_CLIENT);
6112 
6113 	if (IS_ERR(hdr)) {
6114 		err = PTR_ERR(hdr);
6115 		goto free_msg;
6116 	}
6117 
6118 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6119 
6120 	err = rdev->ops->probe_client(&rdev->wiphy, dev, addr, &cookie);
6121 	if (err)
6122 		goto free_msg;
6123 
6124 	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
6125 
6126 	genlmsg_end(msg, hdr);
6127 
6128 	return genlmsg_reply(msg, info);
6129 
6130  nla_put_failure:
6131 	err = -ENOBUFS;
6132  free_msg:
6133 	nlmsg_free(msg);
6134 	return err;
6135 }
6136 
6137 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
6138 {
6139 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6140 
6141 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
6142 		return -EOPNOTSUPP;
6143 
6144 	if (rdev->ap_beacons_nlpid)
6145 		return -EBUSY;
6146 
6147 	rdev->ap_beacons_nlpid = info->snd_pid;
6148 
6149 	return 0;
6150 }
6151 
6152 #define NL80211_FLAG_NEED_WIPHY		0x01
6153 #define NL80211_FLAG_NEED_NETDEV	0x02
6154 #define NL80211_FLAG_NEED_RTNL		0x04
6155 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
6156 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
6157 					 NL80211_FLAG_CHECK_NETDEV_UP)
6158 
6159 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
6160 			    struct genl_info *info)
6161 {
6162 	struct cfg80211_registered_device *rdev;
6163 	struct net_device *dev;
6164 	int err;
6165 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
6166 
6167 	if (rtnl)
6168 		rtnl_lock();
6169 
6170 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
6171 		rdev = cfg80211_get_dev_from_info(info);
6172 		if (IS_ERR(rdev)) {
6173 			if (rtnl)
6174 				rtnl_unlock();
6175 			return PTR_ERR(rdev);
6176 		}
6177 		info->user_ptr[0] = rdev;
6178 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
6179 		err = get_rdev_dev_by_ifindex(genl_info_net(info), info->attrs,
6180 					      &rdev, &dev);
6181 		if (err) {
6182 			if (rtnl)
6183 				rtnl_unlock();
6184 			return err;
6185 		}
6186 		if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
6187 		    !netif_running(dev)) {
6188 			cfg80211_unlock_rdev(rdev);
6189 			dev_put(dev);
6190 			if (rtnl)
6191 				rtnl_unlock();
6192 			return -ENETDOWN;
6193 		}
6194 		info->user_ptr[0] = rdev;
6195 		info->user_ptr[1] = dev;
6196 	}
6197 
6198 	return 0;
6199 }
6200 
6201 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
6202 			      struct genl_info *info)
6203 {
6204 	if (info->user_ptr[0])
6205 		cfg80211_unlock_rdev(info->user_ptr[0]);
6206 	if (info->user_ptr[1])
6207 		dev_put(info->user_ptr[1]);
6208 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
6209 		rtnl_unlock();
6210 }
6211 
6212 static struct genl_ops nl80211_ops[] = {
6213 	{
6214 		.cmd = NL80211_CMD_GET_WIPHY,
6215 		.doit = nl80211_get_wiphy,
6216 		.dumpit = nl80211_dump_wiphy,
6217 		.policy = nl80211_policy,
6218 		/* can be retrieved by unprivileged users */
6219 		.internal_flags = NL80211_FLAG_NEED_WIPHY,
6220 	},
6221 	{
6222 		.cmd = NL80211_CMD_SET_WIPHY,
6223 		.doit = nl80211_set_wiphy,
6224 		.policy = nl80211_policy,
6225 		.flags = GENL_ADMIN_PERM,
6226 		.internal_flags = NL80211_FLAG_NEED_RTNL,
6227 	},
6228 	{
6229 		.cmd = NL80211_CMD_GET_INTERFACE,
6230 		.doit = nl80211_get_interface,
6231 		.dumpit = nl80211_dump_interface,
6232 		.policy = nl80211_policy,
6233 		/* can be retrieved by unprivileged users */
6234 		.internal_flags = NL80211_FLAG_NEED_NETDEV,
6235 	},
6236 	{
6237 		.cmd = NL80211_CMD_SET_INTERFACE,
6238 		.doit = nl80211_set_interface,
6239 		.policy = nl80211_policy,
6240 		.flags = GENL_ADMIN_PERM,
6241 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6242 				  NL80211_FLAG_NEED_RTNL,
6243 	},
6244 	{
6245 		.cmd = NL80211_CMD_NEW_INTERFACE,
6246 		.doit = nl80211_new_interface,
6247 		.policy = nl80211_policy,
6248 		.flags = GENL_ADMIN_PERM,
6249 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6250 				  NL80211_FLAG_NEED_RTNL,
6251 	},
6252 	{
6253 		.cmd = NL80211_CMD_DEL_INTERFACE,
6254 		.doit = nl80211_del_interface,
6255 		.policy = nl80211_policy,
6256 		.flags = GENL_ADMIN_PERM,
6257 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6258 				  NL80211_FLAG_NEED_RTNL,
6259 	},
6260 	{
6261 		.cmd = NL80211_CMD_GET_KEY,
6262 		.doit = nl80211_get_key,
6263 		.policy = nl80211_policy,
6264 		.flags = GENL_ADMIN_PERM,
6265 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6266 				  NL80211_FLAG_NEED_RTNL,
6267 	},
6268 	{
6269 		.cmd = NL80211_CMD_SET_KEY,
6270 		.doit = nl80211_set_key,
6271 		.policy = nl80211_policy,
6272 		.flags = GENL_ADMIN_PERM,
6273 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6274 				  NL80211_FLAG_NEED_RTNL,
6275 	},
6276 	{
6277 		.cmd = NL80211_CMD_NEW_KEY,
6278 		.doit = nl80211_new_key,
6279 		.policy = nl80211_policy,
6280 		.flags = GENL_ADMIN_PERM,
6281 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6282 				  NL80211_FLAG_NEED_RTNL,
6283 	},
6284 	{
6285 		.cmd = NL80211_CMD_DEL_KEY,
6286 		.doit = nl80211_del_key,
6287 		.policy = nl80211_policy,
6288 		.flags = GENL_ADMIN_PERM,
6289 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6290 				  NL80211_FLAG_NEED_RTNL,
6291 	},
6292 	{
6293 		.cmd = NL80211_CMD_SET_BEACON,
6294 		.policy = nl80211_policy,
6295 		.flags = GENL_ADMIN_PERM,
6296 		.doit = nl80211_addset_beacon,
6297 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6298 				  NL80211_FLAG_NEED_RTNL,
6299 	},
6300 	{
6301 		.cmd = NL80211_CMD_NEW_BEACON,
6302 		.policy = nl80211_policy,
6303 		.flags = GENL_ADMIN_PERM,
6304 		.doit = nl80211_addset_beacon,
6305 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6306 				  NL80211_FLAG_NEED_RTNL,
6307 	},
6308 	{
6309 		.cmd = NL80211_CMD_DEL_BEACON,
6310 		.policy = nl80211_policy,
6311 		.flags = GENL_ADMIN_PERM,
6312 		.doit = nl80211_del_beacon,
6313 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6314 				  NL80211_FLAG_NEED_RTNL,
6315 	},
6316 	{
6317 		.cmd = NL80211_CMD_GET_STATION,
6318 		.doit = nl80211_get_station,
6319 		.dumpit = nl80211_dump_station,
6320 		.policy = nl80211_policy,
6321 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6322 				  NL80211_FLAG_NEED_RTNL,
6323 	},
6324 	{
6325 		.cmd = NL80211_CMD_SET_STATION,
6326 		.doit = nl80211_set_station,
6327 		.policy = nl80211_policy,
6328 		.flags = GENL_ADMIN_PERM,
6329 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6330 				  NL80211_FLAG_NEED_RTNL,
6331 	},
6332 	{
6333 		.cmd = NL80211_CMD_NEW_STATION,
6334 		.doit = nl80211_new_station,
6335 		.policy = nl80211_policy,
6336 		.flags = GENL_ADMIN_PERM,
6337 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6338 				  NL80211_FLAG_NEED_RTNL,
6339 	},
6340 	{
6341 		.cmd = NL80211_CMD_DEL_STATION,
6342 		.doit = nl80211_del_station,
6343 		.policy = nl80211_policy,
6344 		.flags = GENL_ADMIN_PERM,
6345 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6346 				  NL80211_FLAG_NEED_RTNL,
6347 	},
6348 	{
6349 		.cmd = NL80211_CMD_GET_MPATH,
6350 		.doit = nl80211_get_mpath,
6351 		.dumpit = nl80211_dump_mpath,
6352 		.policy = nl80211_policy,
6353 		.flags = GENL_ADMIN_PERM,
6354 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6355 				  NL80211_FLAG_NEED_RTNL,
6356 	},
6357 	{
6358 		.cmd = NL80211_CMD_SET_MPATH,
6359 		.doit = nl80211_set_mpath,
6360 		.policy = nl80211_policy,
6361 		.flags = GENL_ADMIN_PERM,
6362 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6363 				  NL80211_FLAG_NEED_RTNL,
6364 	},
6365 	{
6366 		.cmd = NL80211_CMD_NEW_MPATH,
6367 		.doit = nl80211_new_mpath,
6368 		.policy = nl80211_policy,
6369 		.flags = GENL_ADMIN_PERM,
6370 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6371 				  NL80211_FLAG_NEED_RTNL,
6372 	},
6373 	{
6374 		.cmd = NL80211_CMD_DEL_MPATH,
6375 		.doit = nl80211_del_mpath,
6376 		.policy = nl80211_policy,
6377 		.flags = GENL_ADMIN_PERM,
6378 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6379 				  NL80211_FLAG_NEED_RTNL,
6380 	},
6381 	{
6382 		.cmd = NL80211_CMD_SET_BSS,
6383 		.doit = nl80211_set_bss,
6384 		.policy = nl80211_policy,
6385 		.flags = GENL_ADMIN_PERM,
6386 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6387 				  NL80211_FLAG_NEED_RTNL,
6388 	},
6389 	{
6390 		.cmd = NL80211_CMD_GET_REG,
6391 		.doit = nl80211_get_reg,
6392 		.policy = nl80211_policy,
6393 		/* can be retrieved by unprivileged users */
6394 	},
6395 	{
6396 		.cmd = NL80211_CMD_SET_REG,
6397 		.doit = nl80211_set_reg,
6398 		.policy = nl80211_policy,
6399 		.flags = GENL_ADMIN_PERM,
6400 	},
6401 	{
6402 		.cmd = NL80211_CMD_REQ_SET_REG,
6403 		.doit = nl80211_req_set_reg,
6404 		.policy = nl80211_policy,
6405 		.flags = GENL_ADMIN_PERM,
6406 	},
6407 	{
6408 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
6409 		.doit = nl80211_get_mesh_config,
6410 		.policy = nl80211_policy,
6411 		/* can be retrieved by unprivileged users */
6412 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6413 				  NL80211_FLAG_NEED_RTNL,
6414 	},
6415 	{
6416 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
6417 		.doit = nl80211_update_mesh_config,
6418 		.policy = nl80211_policy,
6419 		.flags = GENL_ADMIN_PERM,
6420 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6421 				  NL80211_FLAG_NEED_RTNL,
6422 	},
6423 	{
6424 		.cmd = NL80211_CMD_TRIGGER_SCAN,
6425 		.doit = nl80211_trigger_scan,
6426 		.policy = nl80211_policy,
6427 		.flags = GENL_ADMIN_PERM,
6428 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6429 				  NL80211_FLAG_NEED_RTNL,
6430 	},
6431 	{
6432 		.cmd = NL80211_CMD_GET_SCAN,
6433 		.policy = nl80211_policy,
6434 		.dumpit = nl80211_dump_scan,
6435 	},
6436 	{
6437 		.cmd = NL80211_CMD_START_SCHED_SCAN,
6438 		.doit = nl80211_start_sched_scan,
6439 		.policy = nl80211_policy,
6440 		.flags = GENL_ADMIN_PERM,
6441 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6442 				  NL80211_FLAG_NEED_RTNL,
6443 	},
6444 	{
6445 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
6446 		.doit = nl80211_stop_sched_scan,
6447 		.policy = nl80211_policy,
6448 		.flags = GENL_ADMIN_PERM,
6449 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6450 				  NL80211_FLAG_NEED_RTNL,
6451 	},
6452 	{
6453 		.cmd = NL80211_CMD_AUTHENTICATE,
6454 		.doit = nl80211_authenticate,
6455 		.policy = nl80211_policy,
6456 		.flags = GENL_ADMIN_PERM,
6457 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6458 				  NL80211_FLAG_NEED_RTNL,
6459 	},
6460 	{
6461 		.cmd = NL80211_CMD_ASSOCIATE,
6462 		.doit = nl80211_associate,
6463 		.policy = nl80211_policy,
6464 		.flags = GENL_ADMIN_PERM,
6465 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6466 				  NL80211_FLAG_NEED_RTNL,
6467 	},
6468 	{
6469 		.cmd = NL80211_CMD_DEAUTHENTICATE,
6470 		.doit = nl80211_deauthenticate,
6471 		.policy = nl80211_policy,
6472 		.flags = GENL_ADMIN_PERM,
6473 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6474 				  NL80211_FLAG_NEED_RTNL,
6475 	},
6476 	{
6477 		.cmd = NL80211_CMD_DISASSOCIATE,
6478 		.doit = nl80211_disassociate,
6479 		.policy = nl80211_policy,
6480 		.flags = GENL_ADMIN_PERM,
6481 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6482 				  NL80211_FLAG_NEED_RTNL,
6483 	},
6484 	{
6485 		.cmd = NL80211_CMD_JOIN_IBSS,
6486 		.doit = nl80211_join_ibss,
6487 		.policy = nl80211_policy,
6488 		.flags = GENL_ADMIN_PERM,
6489 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6490 				  NL80211_FLAG_NEED_RTNL,
6491 	},
6492 	{
6493 		.cmd = NL80211_CMD_LEAVE_IBSS,
6494 		.doit = nl80211_leave_ibss,
6495 		.policy = nl80211_policy,
6496 		.flags = GENL_ADMIN_PERM,
6497 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6498 				  NL80211_FLAG_NEED_RTNL,
6499 	},
6500 #ifdef CONFIG_NL80211_TESTMODE
6501 	{
6502 		.cmd = NL80211_CMD_TESTMODE,
6503 		.doit = nl80211_testmode_do,
6504 		.dumpit = nl80211_testmode_dump,
6505 		.policy = nl80211_policy,
6506 		.flags = GENL_ADMIN_PERM,
6507 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6508 				  NL80211_FLAG_NEED_RTNL,
6509 	},
6510 #endif
6511 	{
6512 		.cmd = NL80211_CMD_CONNECT,
6513 		.doit = nl80211_connect,
6514 		.policy = nl80211_policy,
6515 		.flags = GENL_ADMIN_PERM,
6516 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6517 				  NL80211_FLAG_NEED_RTNL,
6518 	},
6519 	{
6520 		.cmd = NL80211_CMD_DISCONNECT,
6521 		.doit = nl80211_disconnect,
6522 		.policy = nl80211_policy,
6523 		.flags = GENL_ADMIN_PERM,
6524 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6525 				  NL80211_FLAG_NEED_RTNL,
6526 	},
6527 	{
6528 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
6529 		.doit = nl80211_wiphy_netns,
6530 		.policy = nl80211_policy,
6531 		.flags = GENL_ADMIN_PERM,
6532 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6533 				  NL80211_FLAG_NEED_RTNL,
6534 	},
6535 	{
6536 		.cmd = NL80211_CMD_GET_SURVEY,
6537 		.policy = nl80211_policy,
6538 		.dumpit = nl80211_dump_survey,
6539 	},
6540 	{
6541 		.cmd = NL80211_CMD_SET_PMKSA,
6542 		.doit = nl80211_setdel_pmksa,
6543 		.policy = nl80211_policy,
6544 		.flags = GENL_ADMIN_PERM,
6545 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6546 				  NL80211_FLAG_NEED_RTNL,
6547 	},
6548 	{
6549 		.cmd = NL80211_CMD_DEL_PMKSA,
6550 		.doit = nl80211_setdel_pmksa,
6551 		.policy = nl80211_policy,
6552 		.flags = GENL_ADMIN_PERM,
6553 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6554 				  NL80211_FLAG_NEED_RTNL,
6555 	},
6556 	{
6557 		.cmd = NL80211_CMD_FLUSH_PMKSA,
6558 		.doit = nl80211_flush_pmksa,
6559 		.policy = nl80211_policy,
6560 		.flags = GENL_ADMIN_PERM,
6561 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6562 				  NL80211_FLAG_NEED_RTNL,
6563 	},
6564 	{
6565 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
6566 		.doit = nl80211_remain_on_channel,
6567 		.policy = nl80211_policy,
6568 		.flags = GENL_ADMIN_PERM,
6569 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6570 				  NL80211_FLAG_NEED_RTNL,
6571 	},
6572 	{
6573 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
6574 		.doit = nl80211_cancel_remain_on_channel,
6575 		.policy = nl80211_policy,
6576 		.flags = GENL_ADMIN_PERM,
6577 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6578 				  NL80211_FLAG_NEED_RTNL,
6579 	},
6580 	{
6581 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
6582 		.doit = nl80211_set_tx_bitrate_mask,
6583 		.policy = nl80211_policy,
6584 		.flags = GENL_ADMIN_PERM,
6585 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6586 				  NL80211_FLAG_NEED_RTNL,
6587 	},
6588 	{
6589 		.cmd = NL80211_CMD_REGISTER_FRAME,
6590 		.doit = nl80211_register_mgmt,
6591 		.policy = nl80211_policy,
6592 		.flags = GENL_ADMIN_PERM,
6593 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6594 				  NL80211_FLAG_NEED_RTNL,
6595 	},
6596 	{
6597 		.cmd = NL80211_CMD_FRAME,
6598 		.doit = nl80211_tx_mgmt,
6599 		.policy = nl80211_policy,
6600 		.flags = GENL_ADMIN_PERM,
6601 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6602 				  NL80211_FLAG_NEED_RTNL,
6603 	},
6604 	{
6605 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
6606 		.doit = nl80211_tx_mgmt_cancel_wait,
6607 		.policy = nl80211_policy,
6608 		.flags = GENL_ADMIN_PERM,
6609 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6610 				  NL80211_FLAG_NEED_RTNL,
6611 	},
6612 	{
6613 		.cmd = NL80211_CMD_SET_POWER_SAVE,
6614 		.doit = nl80211_set_power_save,
6615 		.policy = nl80211_policy,
6616 		.flags = GENL_ADMIN_PERM,
6617 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6618 				  NL80211_FLAG_NEED_RTNL,
6619 	},
6620 	{
6621 		.cmd = NL80211_CMD_GET_POWER_SAVE,
6622 		.doit = nl80211_get_power_save,
6623 		.policy = nl80211_policy,
6624 		/* can be retrieved by unprivileged users */
6625 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6626 				  NL80211_FLAG_NEED_RTNL,
6627 	},
6628 	{
6629 		.cmd = NL80211_CMD_SET_CQM,
6630 		.doit = nl80211_set_cqm,
6631 		.policy = nl80211_policy,
6632 		.flags = GENL_ADMIN_PERM,
6633 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6634 				  NL80211_FLAG_NEED_RTNL,
6635 	},
6636 	{
6637 		.cmd = NL80211_CMD_SET_CHANNEL,
6638 		.doit = nl80211_set_channel,
6639 		.policy = nl80211_policy,
6640 		.flags = GENL_ADMIN_PERM,
6641 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6642 				  NL80211_FLAG_NEED_RTNL,
6643 	},
6644 	{
6645 		.cmd = NL80211_CMD_SET_WDS_PEER,
6646 		.doit = nl80211_set_wds_peer,
6647 		.policy = nl80211_policy,
6648 		.flags = GENL_ADMIN_PERM,
6649 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6650 				  NL80211_FLAG_NEED_RTNL,
6651 	},
6652 	{
6653 		.cmd = NL80211_CMD_JOIN_MESH,
6654 		.doit = nl80211_join_mesh,
6655 		.policy = nl80211_policy,
6656 		.flags = GENL_ADMIN_PERM,
6657 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6658 				  NL80211_FLAG_NEED_RTNL,
6659 	},
6660 	{
6661 		.cmd = NL80211_CMD_LEAVE_MESH,
6662 		.doit = nl80211_leave_mesh,
6663 		.policy = nl80211_policy,
6664 		.flags = GENL_ADMIN_PERM,
6665 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6666 				  NL80211_FLAG_NEED_RTNL,
6667 	},
6668 	{
6669 		.cmd = NL80211_CMD_GET_WOWLAN,
6670 		.doit = nl80211_get_wowlan,
6671 		.policy = nl80211_policy,
6672 		/* can be retrieved by unprivileged users */
6673 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6674 				  NL80211_FLAG_NEED_RTNL,
6675 	},
6676 	{
6677 		.cmd = NL80211_CMD_SET_WOWLAN,
6678 		.doit = nl80211_set_wowlan,
6679 		.policy = nl80211_policy,
6680 		.flags = GENL_ADMIN_PERM,
6681 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6682 				  NL80211_FLAG_NEED_RTNL,
6683 	},
6684 	{
6685 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
6686 		.doit = nl80211_set_rekey_data,
6687 		.policy = nl80211_policy,
6688 		.flags = GENL_ADMIN_PERM,
6689 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6690 				  NL80211_FLAG_NEED_RTNL,
6691 	},
6692 	{
6693 		.cmd = NL80211_CMD_TDLS_MGMT,
6694 		.doit = nl80211_tdls_mgmt,
6695 		.policy = nl80211_policy,
6696 		.flags = GENL_ADMIN_PERM,
6697 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6698 				  NL80211_FLAG_NEED_RTNL,
6699 	},
6700 	{
6701 		.cmd = NL80211_CMD_TDLS_OPER,
6702 		.doit = nl80211_tdls_oper,
6703 		.policy = nl80211_policy,
6704 		.flags = GENL_ADMIN_PERM,
6705 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6706 				  NL80211_FLAG_NEED_RTNL,
6707 	},
6708 	{
6709 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
6710 		.doit = nl80211_register_unexpected_frame,
6711 		.policy = nl80211_policy,
6712 		.flags = GENL_ADMIN_PERM,
6713 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6714 				  NL80211_FLAG_NEED_RTNL,
6715 	},
6716 	{
6717 		.cmd = NL80211_CMD_PROBE_CLIENT,
6718 		.doit = nl80211_probe_client,
6719 		.policy = nl80211_policy,
6720 		.flags = GENL_ADMIN_PERM,
6721 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6722 				  NL80211_FLAG_NEED_RTNL,
6723 	},
6724 	{
6725 		.cmd = NL80211_CMD_REGISTER_BEACONS,
6726 		.doit = nl80211_register_beacons,
6727 		.policy = nl80211_policy,
6728 		.flags = GENL_ADMIN_PERM,
6729 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6730 				  NL80211_FLAG_NEED_RTNL,
6731 	},
6732 	{
6733 		.cmd = NL80211_CMD_SET_NOACK_MAP,
6734 		.doit = nl80211_set_noack_map,
6735 		.policy = nl80211_policy,
6736 		.flags = GENL_ADMIN_PERM,
6737 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6738 				  NL80211_FLAG_NEED_RTNL,
6739 	},
6740 
6741 };
6742 
6743 static struct genl_multicast_group nl80211_mlme_mcgrp = {
6744 	.name = "mlme",
6745 };
6746 
6747 /* multicast groups */
6748 static struct genl_multicast_group nl80211_config_mcgrp = {
6749 	.name = "config",
6750 };
6751 static struct genl_multicast_group nl80211_scan_mcgrp = {
6752 	.name = "scan",
6753 };
6754 static struct genl_multicast_group nl80211_regulatory_mcgrp = {
6755 	.name = "regulatory",
6756 };
6757 
6758 /* notification functions */
6759 
6760 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
6761 {
6762 	struct sk_buff *msg;
6763 
6764 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6765 	if (!msg)
6766 		return;
6767 
6768 	if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
6769 		nlmsg_free(msg);
6770 		return;
6771 	}
6772 
6773 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6774 				nl80211_config_mcgrp.id, GFP_KERNEL);
6775 }
6776 
6777 static int nl80211_add_scan_req(struct sk_buff *msg,
6778 				struct cfg80211_registered_device *rdev)
6779 {
6780 	struct cfg80211_scan_request *req = rdev->scan_req;
6781 	struct nlattr *nest;
6782 	int i;
6783 
6784 	ASSERT_RDEV_LOCK(rdev);
6785 
6786 	if (WARN_ON(!req))
6787 		return 0;
6788 
6789 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
6790 	if (!nest)
6791 		goto nla_put_failure;
6792 	for (i = 0; i < req->n_ssids; i++)
6793 		NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid);
6794 	nla_nest_end(msg, nest);
6795 
6796 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
6797 	if (!nest)
6798 		goto nla_put_failure;
6799 	for (i = 0; i < req->n_channels; i++)
6800 		NLA_PUT_U32(msg, i, req->channels[i]->center_freq);
6801 	nla_nest_end(msg, nest);
6802 
6803 	if (req->ie)
6804 		NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie);
6805 
6806 	return 0;
6807  nla_put_failure:
6808 	return -ENOBUFS;
6809 }
6810 
6811 static int nl80211_send_scan_msg(struct sk_buff *msg,
6812 				 struct cfg80211_registered_device *rdev,
6813 				 struct net_device *netdev,
6814 				 u32 pid, u32 seq, int flags,
6815 				 u32 cmd)
6816 {
6817 	void *hdr;
6818 
6819 	hdr = nl80211hdr_put(msg, pid, seq, flags, cmd);
6820 	if (!hdr)
6821 		return -1;
6822 
6823 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
6824 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6825 
6826 	/* ignore errors and send incomplete event anyway */
6827 	nl80211_add_scan_req(msg, rdev);
6828 
6829 	return genlmsg_end(msg, hdr);
6830 
6831  nla_put_failure:
6832 	genlmsg_cancel(msg, hdr);
6833 	return -EMSGSIZE;
6834 }
6835 
6836 static int
6837 nl80211_send_sched_scan_msg(struct sk_buff *msg,
6838 			    struct cfg80211_registered_device *rdev,
6839 			    struct net_device *netdev,
6840 			    u32 pid, u32 seq, int flags, u32 cmd)
6841 {
6842 	void *hdr;
6843 
6844 	hdr = nl80211hdr_put(msg, pid, seq, flags, cmd);
6845 	if (!hdr)
6846 		return -1;
6847 
6848 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
6849 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6850 
6851 	return genlmsg_end(msg, hdr);
6852 
6853  nla_put_failure:
6854 	genlmsg_cancel(msg, hdr);
6855 	return -EMSGSIZE;
6856 }
6857 
6858 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
6859 			     struct net_device *netdev)
6860 {
6861 	struct sk_buff *msg;
6862 
6863 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
6864 	if (!msg)
6865 		return;
6866 
6867 	if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
6868 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
6869 		nlmsg_free(msg);
6870 		return;
6871 	}
6872 
6873 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6874 				nl80211_scan_mcgrp.id, GFP_KERNEL);
6875 }
6876 
6877 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
6878 			    struct net_device *netdev)
6879 {
6880 	struct sk_buff *msg;
6881 
6882 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6883 	if (!msg)
6884 		return;
6885 
6886 	if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
6887 				  NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
6888 		nlmsg_free(msg);
6889 		return;
6890 	}
6891 
6892 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6893 				nl80211_scan_mcgrp.id, GFP_KERNEL);
6894 }
6895 
6896 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
6897 			       struct net_device *netdev)
6898 {
6899 	struct sk_buff *msg;
6900 
6901 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6902 	if (!msg)
6903 		return;
6904 
6905 	if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
6906 				  NL80211_CMD_SCAN_ABORTED) < 0) {
6907 		nlmsg_free(msg);
6908 		return;
6909 	}
6910 
6911 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6912 				nl80211_scan_mcgrp.id, GFP_KERNEL);
6913 }
6914 
6915 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
6916 				     struct net_device *netdev)
6917 {
6918 	struct sk_buff *msg;
6919 
6920 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6921 	if (!msg)
6922 		return;
6923 
6924 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
6925 					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
6926 		nlmsg_free(msg);
6927 		return;
6928 	}
6929 
6930 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6931 				nl80211_scan_mcgrp.id, GFP_KERNEL);
6932 }
6933 
6934 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
6935 			     struct net_device *netdev, u32 cmd)
6936 {
6937 	struct sk_buff *msg;
6938 
6939 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
6940 	if (!msg)
6941 		return;
6942 
6943 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
6944 		nlmsg_free(msg);
6945 		return;
6946 	}
6947 
6948 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6949 				nl80211_scan_mcgrp.id, GFP_KERNEL);
6950 }
6951 
6952 /*
6953  * This can happen on global regulatory changes or device specific settings
6954  * based on custom world regulatory domains.
6955  */
6956 void nl80211_send_reg_change_event(struct regulatory_request *request)
6957 {
6958 	struct sk_buff *msg;
6959 	void *hdr;
6960 
6961 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6962 	if (!msg)
6963 		return;
6964 
6965 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
6966 	if (!hdr) {
6967 		nlmsg_free(msg);
6968 		return;
6969 	}
6970 
6971 	/* Userspace can always count this one always being set */
6972 	NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator);
6973 
6974 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0')
6975 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
6976 			   NL80211_REGDOM_TYPE_WORLD);
6977 	else if (request->alpha2[0] == '9' && request->alpha2[1] == '9')
6978 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
6979 			   NL80211_REGDOM_TYPE_CUSTOM_WORLD);
6980 	else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
6981 		 request->intersect)
6982 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
6983 			   NL80211_REGDOM_TYPE_INTERSECTION);
6984 	else {
6985 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
6986 			   NL80211_REGDOM_TYPE_COUNTRY);
6987 		NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2);
6988 	}
6989 
6990 	if (wiphy_idx_valid(request->wiphy_idx))
6991 		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx);
6992 
6993 	genlmsg_end(msg, hdr);
6994 
6995 	rcu_read_lock();
6996 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
6997 				GFP_ATOMIC);
6998 	rcu_read_unlock();
6999 
7000 	return;
7001 
7002 nla_put_failure:
7003 	genlmsg_cancel(msg, hdr);
7004 	nlmsg_free(msg);
7005 }
7006 
7007 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
7008 				    struct net_device *netdev,
7009 				    const u8 *buf, size_t len,
7010 				    enum nl80211_commands cmd, gfp_t gfp)
7011 {
7012 	struct sk_buff *msg;
7013 	void *hdr;
7014 
7015 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7016 	if (!msg)
7017 		return;
7018 
7019 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
7020 	if (!hdr) {
7021 		nlmsg_free(msg);
7022 		return;
7023 	}
7024 
7025 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7026 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7027 	NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
7028 
7029 	genlmsg_end(msg, hdr);
7030 
7031 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7032 				nl80211_mlme_mcgrp.id, gfp);
7033 	return;
7034 
7035  nla_put_failure:
7036 	genlmsg_cancel(msg, hdr);
7037 	nlmsg_free(msg);
7038 }
7039 
7040 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
7041 			  struct net_device *netdev, const u8 *buf,
7042 			  size_t len, gfp_t gfp)
7043 {
7044 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7045 				NL80211_CMD_AUTHENTICATE, gfp);
7046 }
7047 
7048 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
7049 			   struct net_device *netdev, const u8 *buf,
7050 			   size_t len, gfp_t gfp)
7051 {
7052 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7053 				NL80211_CMD_ASSOCIATE, gfp);
7054 }
7055 
7056 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
7057 			 struct net_device *netdev, const u8 *buf,
7058 			 size_t len, gfp_t gfp)
7059 {
7060 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7061 				NL80211_CMD_DEAUTHENTICATE, gfp);
7062 }
7063 
7064 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
7065 			   struct net_device *netdev, const u8 *buf,
7066 			   size_t len, gfp_t gfp)
7067 {
7068 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7069 				NL80211_CMD_DISASSOCIATE, gfp);
7070 }
7071 
7072 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev,
7073 				struct net_device *netdev, const u8 *buf,
7074 				size_t len, gfp_t gfp)
7075 {
7076 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7077 				NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp);
7078 }
7079 
7080 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev,
7081 				  struct net_device *netdev, const u8 *buf,
7082 				  size_t len, gfp_t gfp)
7083 {
7084 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7085 				NL80211_CMD_UNPROT_DISASSOCIATE, gfp);
7086 }
7087 
7088 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
7089 				      struct net_device *netdev, int cmd,
7090 				      const u8 *addr, gfp_t gfp)
7091 {
7092 	struct sk_buff *msg;
7093 	void *hdr;
7094 
7095 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7096 	if (!msg)
7097 		return;
7098 
7099 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
7100 	if (!hdr) {
7101 		nlmsg_free(msg);
7102 		return;
7103 	}
7104 
7105 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7106 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7107 	NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT);
7108 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7109 
7110 	genlmsg_end(msg, hdr);
7111 
7112 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7113 				nl80211_mlme_mcgrp.id, gfp);
7114 	return;
7115 
7116  nla_put_failure:
7117 	genlmsg_cancel(msg, hdr);
7118 	nlmsg_free(msg);
7119 }
7120 
7121 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
7122 			       struct net_device *netdev, const u8 *addr,
7123 			       gfp_t gfp)
7124 {
7125 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
7126 				  addr, gfp);
7127 }
7128 
7129 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
7130 				struct net_device *netdev, const u8 *addr,
7131 				gfp_t gfp)
7132 {
7133 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
7134 				  addr, gfp);
7135 }
7136 
7137 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
7138 				 struct net_device *netdev, const u8 *bssid,
7139 				 const u8 *req_ie, size_t req_ie_len,
7140 				 const u8 *resp_ie, size_t resp_ie_len,
7141 				 u16 status, gfp_t gfp)
7142 {
7143 	struct sk_buff *msg;
7144 	void *hdr;
7145 
7146 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7147 	if (!msg)
7148 		return;
7149 
7150 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
7151 	if (!hdr) {
7152 		nlmsg_free(msg);
7153 		return;
7154 	}
7155 
7156 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7157 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7158 	if (bssid)
7159 		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
7160 	NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status);
7161 	if (req_ie)
7162 		NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
7163 	if (resp_ie)
7164 		NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
7165 
7166 	genlmsg_end(msg, hdr);
7167 
7168 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7169 				nl80211_mlme_mcgrp.id, gfp);
7170 	return;
7171 
7172  nla_put_failure:
7173 	genlmsg_cancel(msg, hdr);
7174 	nlmsg_free(msg);
7175 
7176 }
7177 
7178 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
7179 			 struct net_device *netdev, const u8 *bssid,
7180 			 const u8 *req_ie, size_t req_ie_len,
7181 			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
7182 {
7183 	struct sk_buff *msg;
7184 	void *hdr;
7185 
7186 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7187 	if (!msg)
7188 		return;
7189 
7190 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
7191 	if (!hdr) {
7192 		nlmsg_free(msg);
7193 		return;
7194 	}
7195 
7196 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7197 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7198 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
7199 	if (req_ie)
7200 		NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
7201 	if (resp_ie)
7202 		NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
7203 
7204 	genlmsg_end(msg, hdr);
7205 
7206 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7207 				nl80211_mlme_mcgrp.id, gfp);
7208 	return;
7209 
7210  nla_put_failure:
7211 	genlmsg_cancel(msg, hdr);
7212 	nlmsg_free(msg);
7213 
7214 }
7215 
7216 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
7217 			       struct net_device *netdev, u16 reason,
7218 			       const u8 *ie, size_t ie_len, bool from_ap)
7219 {
7220 	struct sk_buff *msg;
7221 	void *hdr;
7222 
7223 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
7224 	if (!msg)
7225 		return;
7226 
7227 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
7228 	if (!hdr) {
7229 		nlmsg_free(msg);
7230 		return;
7231 	}
7232 
7233 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7234 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7235 	if (from_ap && reason)
7236 		NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason);
7237 	if (from_ap)
7238 		NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP);
7239 	if (ie)
7240 		NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie);
7241 
7242 	genlmsg_end(msg, hdr);
7243 
7244 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7245 				nl80211_mlme_mcgrp.id, GFP_KERNEL);
7246 	return;
7247 
7248  nla_put_failure:
7249 	genlmsg_cancel(msg, hdr);
7250 	nlmsg_free(msg);
7251 
7252 }
7253 
7254 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
7255 			     struct net_device *netdev, const u8 *bssid,
7256 			     gfp_t gfp)
7257 {
7258 	struct sk_buff *msg;
7259 	void *hdr;
7260 
7261 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7262 	if (!msg)
7263 		return;
7264 
7265 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
7266 	if (!hdr) {
7267 		nlmsg_free(msg);
7268 		return;
7269 	}
7270 
7271 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7272 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7273 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
7274 
7275 	genlmsg_end(msg, hdr);
7276 
7277 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7278 				nl80211_mlme_mcgrp.id, gfp);
7279 	return;
7280 
7281  nla_put_failure:
7282 	genlmsg_cancel(msg, hdr);
7283 	nlmsg_free(msg);
7284 }
7285 
7286 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev,
7287 		struct net_device *netdev,
7288 		const u8 *macaddr, const u8* ie, u8 ie_len,
7289 		gfp_t gfp)
7290 {
7291 	struct sk_buff *msg;
7292 	void *hdr;
7293 
7294 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7295 	if (!msg)
7296 		return;
7297 
7298 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
7299 	if (!hdr) {
7300 		nlmsg_free(msg);
7301 		return;
7302 	}
7303 
7304 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7305 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7306 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr);
7307 	if (ie_len && ie)
7308 		NLA_PUT(msg, NL80211_ATTR_IE, ie_len , ie);
7309 
7310 	genlmsg_end(msg, hdr);
7311 
7312 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7313 				nl80211_mlme_mcgrp.id, gfp);
7314 	return;
7315 
7316  nla_put_failure:
7317 	genlmsg_cancel(msg, hdr);
7318 	nlmsg_free(msg);
7319 }
7320 
7321 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
7322 				 struct net_device *netdev, const u8 *addr,
7323 				 enum nl80211_key_type key_type, int key_id,
7324 				 const u8 *tsc, gfp_t gfp)
7325 {
7326 	struct sk_buff *msg;
7327 	void *hdr;
7328 
7329 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7330 	if (!msg)
7331 		return;
7332 
7333 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
7334 	if (!hdr) {
7335 		nlmsg_free(msg);
7336 		return;
7337 	}
7338 
7339 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7340 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7341 	if (addr)
7342 		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7343 	NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type);
7344 	if (key_id != -1)
7345 		NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id);
7346 	if (tsc)
7347 		NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc);
7348 
7349 	genlmsg_end(msg, hdr);
7350 
7351 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7352 				nl80211_mlme_mcgrp.id, gfp);
7353 	return;
7354 
7355  nla_put_failure:
7356 	genlmsg_cancel(msg, hdr);
7357 	nlmsg_free(msg);
7358 }
7359 
7360 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
7361 				    struct ieee80211_channel *channel_before,
7362 				    struct ieee80211_channel *channel_after)
7363 {
7364 	struct sk_buff *msg;
7365 	void *hdr;
7366 	struct nlattr *nl_freq;
7367 
7368 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
7369 	if (!msg)
7370 		return;
7371 
7372 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
7373 	if (!hdr) {
7374 		nlmsg_free(msg);
7375 		return;
7376 	}
7377 
7378 	/*
7379 	 * Since we are applying the beacon hint to a wiphy we know its
7380 	 * wiphy_idx is valid
7381 	 */
7382 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy));
7383 
7384 	/* Before */
7385 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
7386 	if (!nl_freq)
7387 		goto nla_put_failure;
7388 	if (nl80211_msg_put_channel(msg, channel_before))
7389 		goto nla_put_failure;
7390 	nla_nest_end(msg, nl_freq);
7391 
7392 	/* After */
7393 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
7394 	if (!nl_freq)
7395 		goto nla_put_failure;
7396 	if (nl80211_msg_put_channel(msg, channel_after))
7397 		goto nla_put_failure;
7398 	nla_nest_end(msg, nl_freq);
7399 
7400 	genlmsg_end(msg, hdr);
7401 
7402 	rcu_read_lock();
7403 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
7404 				GFP_ATOMIC);
7405 	rcu_read_unlock();
7406 
7407 	return;
7408 
7409 nla_put_failure:
7410 	genlmsg_cancel(msg, hdr);
7411 	nlmsg_free(msg);
7412 }
7413 
7414 static void nl80211_send_remain_on_chan_event(
7415 	int cmd, struct cfg80211_registered_device *rdev,
7416 	struct net_device *netdev, u64 cookie,
7417 	struct ieee80211_channel *chan,
7418 	enum nl80211_channel_type channel_type,
7419 	unsigned int duration, gfp_t gfp)
7420 {
7421 	struct sk_buff *msg;
7422 	void *hdr;
7423 
7424 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7425 	if (!msg)
7426 		return;
7427 
7428 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
7429 	if (!hdr) {
7430 		nlmsg_free(msg);
7431 		return;
7432 	}
7433 
7434 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7435 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7436 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq);
7437 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type);
7438 	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
7439 
7440 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL)
7441 		NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
7442 
7443 	genlmsg_end(msg, hdr);
7444 
7445 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7446 				nl80211_mlme_mcgrp.id, gfp);
7447 	return;
7448 
7449  nla_put_failure:
7450 	genlmsg_cancel(msg, hdr);
7451 	nlmsg_free(msg);
7452 }
7453 
7454 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev,
7455 				    struct net_device *netdev, u64 cookie,
7456 				    struct ieee80211_channel *chan,
7457 				    enum nl80211_channel_type channel_type,
7458 				    unsigned int duration, gfp_t gfp)
7459 {
7460 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
7461 					  rdev, netdev, cookie, chan,
7462 					  channel_type, duration, gfp);
7463 }
7464 
7465 void nl80211_send_remain_on_channel_cancel(
7466 	struct cfg80211_registered_device *rdev, struct net_device *netdev,
7467 	u64 cookie, struct ieee80211_channel *chan,
7468 	enum nl80211_channel_type channel_type, gfp_t gfp)
7469 {
7470 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
7471 					  rdev, netdev, cookie, chan,
7472 					  channel_type, 0, gfp);
7473 }
7474 
7475 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev,
7476 			    struct net_device *dev, const u8 *mac_addr,
7477 			    struct station_info *sinfo, gfp_t gfp)
7478 {
7479 	struct sk_buff *msg;
7480 
7481 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7482 	if (!msg)
7483 		return;
7484 
7485 	if (nl80211_send_station(msg, 0, 0, 0, dev, mac_addr, sinfo) < 0) {
7486 		nlmsg_free(msg);
7487 		return;
7488 	}
7489 
7490 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7491 				nl80211_mlme_mcgrp.id, gfp);
7492 }
7493 
7494 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev,
7495 				struct net_device *dev, const u8 *mac_addr,
7496 				gfp_t gfp)
7497 {
7498 	struct sk_buff *msg;
7499 	void *hdr;
7500 
7501 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7502 	if (!msg)
7503 		return;
7504 
7505 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
7506 	if (!hdr) {
7507 		nlmsg_free(msg);
7508 		return;
7509 	}
7510 
7511 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
7512 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
7513 
7514 	genlmsg_end(msg, hdr);
7515 
7516 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7517 				nl80211_mlme_mcgrp.id, gfp);
7518 	return;
7519 
7520  nla_put_failure:
7521 	genlmsg_cancel(msg, hdr);
7522 	nlmsg_free(msg);
7523 }
7524 
7525 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
7526 				       const u8 *addr, gfp_t gfp)
7527 {
7528 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7529 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
7530 	struct sk_buff *msg;
7531 	void *hdr;
7532 	int err;
7533 	u32 nlpid = ACCESS_ONCE(wdev->ap_unexpected_nlpid);
7534 
7535 	if (!nlpid)
7536 		return false;
7537 
7538 	msg = nlmsg_new(100, gfp);
7539 	if (!msg)
7540 		return true;
7541 
7542 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
7543 	if (!hdr) {
7544 		nlmsg_free(msg);
7545 		return true;
7546 	}
7547 
7548 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7549 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
7550 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7551 
7552 	err = genlmsg_end(msg, hdr);
7553 	if (err < 0) {
7554 		nlmsg_free(msg);
7555 		return true;
7556 	}
7557 
7558 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
7559 	return true;
7560 
7561  nla_put_failure:
7562 	genlmsg_cancel(msg, hdr);
7563 	nlmsg_free(msg);
7564 	return true;
7565 }
7566 
7567 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp)
7568 {
7569 	return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
7570 					  addr, gfp);
7571 }
7572 
7573 bool nl80211_unexpected_4addr_frame(struct net_device *dev,
7574 				    const u8 *addr, gfp_t gfp)
7575 {
7576 	return __nl80211_unexpected_frame(dev,
7577 					  NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
7578 					  addr, gfp);
7579 }
7580 
7581 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
7582 		      struct net_device *netdev, u32 nlpid,
7583 		      int freq, const u8 *buf, size_t len, gfp_t gfp)
7584 {
7585 	struct sk_buff *msg;
7586 	void *hdr;
7587 
7588 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7589 	if (!msg)
7590 		return -ENOMEM;
7591 
7592 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
7593 	if (!hdr) {
7594 		nlmsg_free(msg);
7595 		return -ENOMEM;
7596 	}
7597 
7598 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7599 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7600 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
7601 	NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
7602 
7603 	genlmsg_end(msg, hdr);
7604 
7605 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
7606 
7607  nla_put_failure:
7608 	genlmsg_cancel(msg, hdr);
7609 	nlmsg_free(msg);
7610 	return -ENOBUFS;
7611 }
7612 
7613 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev,
7614 				 struct net_device *netdev, u64 cookie,
7615 				 const u8 *buf, size_t len, bool ack,
7616 				 gfp_t gfp)
7617 {
7618 	struct sk_buff *msg;
7619 	void *hdr;
7620 
7621 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7622 	if (!msg)
7623 		return;
7624 
7625 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
7626 	if (!hdr) {
7627 		nlmsg_free(msg);
7628 		return;
7629 	}
7630 
7631 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7632 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7633 	NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
7634 	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
7635 	if (ack)
7636 		NLA_PUT_FLAG(msg, NL80211_ATTR_ACK);
7637 
7638 	genlmsg_end(msg, hdr);
7639 
7640 	genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
7641 	return;
7642 
7643  nla_put_failure:
7644 	genlmsg_cancel(msg, hdr);
7645 	nlmsg_free(msg);
7646 }
7647 
7648 void
7649 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev,
7650 			     struct net_device *netdev,
7651 			     enum nl80211_cqm_rssi_threshold_event rssi_event,
7652 			     gfp_t gfp)
7653 {
7654 	struct sk_buff *msg;
7655 	struct nlattr *pinfoattr;
7656 	void *hdr;
7657 
7658 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7659 	if (!msg)
7660 		return;
7661 
7662 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
7663 	if (!hdr) {
7664 		nlmsg_free(msg);
7665 		return;
7666 	}
7667 
7668 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7669 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7670 
7671 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
7672 	if (!pinfoattr)
7673 		goto nla_put_failure;
7674 
7675 	NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
7676 		    rssi_event);
7677 
7678 	nla_nest_end(msg, pinfoattr);
7679 
7680 	genlmsg_end(msg, hdr);
7681 
7682 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7683 				nl80211_mlme_mcgrp.id, gfp);
7684 	return;
7685 
7686  nla_put_failure:
7687 	genlmsg_cancel(msg, hdr);
7688 	nlmsg_free(msg);
7689 }
7690 
7691 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
7692 			      struct net_device *netdev, const u8 *bssid,
7693 			      const u8 *replay_ctr, gfp_t gfp)
7694 {
7695 	struct sk_buff *msg;
7696 	struct nlattr *rekey_attr;
7697 	void *hdr;
7698 
7699 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7700 	if (!msg)
7701 		return;
7702 
7703 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
7704 	if (!hdr) {
7705 		nlmsg_free(msg);
7706 		return;
7707 	}
7708 
7709 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7710 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7711 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
7712 
7713 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
7714 	if (!rekey_attr)
7715 		goto nla_put_failure;
7716 
7717 	NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR,
7718 		NL80211_REPLAY_CTR_LEN, replay_ctr);
7719 
7720 	nla_nest_end(msg, rekey_attr);
7721 
7722 	genlmsg_end(msg, hdr);
7723 
7724 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7725 				nl80211_mlme_mcgrp.id, gfp);
7726 	return;
7727 
7728  nla_put_failure:
7729 	genlmsg_cancel(msg, hdr);
7730 	nlmsg_free(msg);
7731 }
7732 
7733 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
7734 				    struct net_device *netdev, int index,
7735 				    const u8 *bssid, bool preauth, gfp_t gfp)
7736 {
7737 	struct sk_buff *msg;
7738 	struct nlattr *attr;
7739 	void *hdr;
7740 
7741 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7742 	if (!msg)
7743 		return;
7744 
7745 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
7746 	if (!hdr) {
7747 		nlmsg_free(msg);
7748 		return;
7749 	}
7750 
7751 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7752 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7753 
7754 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
7755 	if (!attr)
7756 		goto nla_put_failure;
7757 
7758 	NLA_PUT_U32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index);
7759 	NLA_PUT(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid);
7760 	if (preauth)
7761 		NLA_PUT_FLAG(msg, NL80211_PMKSA_CANDIDATE_PREAUTH);
7762 
7763 	nla_nest_end(msg, attr);
7764 
7765 	genlmsg_end(msg, hdr);
7766 
7767 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7768 				nl80211_mlme_mcgrp.id, gfp);
7769 	return;
7770 
7771  nla_put_failure:
7772 	genlmsg_cancel(msg, hdr);
7773 	nlmsg_free(msg);
7774 }
7775 
7776 void
7777 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev,
7778 				struct net_device *netdev, const u8 *peer,
7779 				u32 num_packets, gfp_t gfp)
7780 {
7781 	struct sk_buff *msg;
7782 	struct nlattr *pinfoattr;
7783 	void *hdr;
7784 
7785 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7786 	if (!msg)
7787 		return;
7788 
7789 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
7790 	if (!hdr) {
7791 		nlmsg_free(msg);
7792 		return;
7793 	}
7794 
7795 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7796 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7797 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer);
7798 
7799 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
7800 	if (!pinfoattr)
7801 		goto nla_put_failure;
7802 
7803 	NLA_PUT_U32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets);
7804 
7805 	nla_nest_end(msg, pinfoattr);
7806 
7807 	genlmsg_end(msg, hdr);
7808 
7809 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7810 				nl80211_mlme_mcgrp.id, gfp);
7811 	return;
7812 
7813  nla_put_failure:
7814 	genlmsg_cancel(msg, hdr);
7815 	nlmsg_free(msg);
7816 }
7817 
7818 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
7819 			   u64 cookie, bool acked, gfp_t gfp)
7820 {
7821 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7822 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
7823 	struct sk_buff *msg;
7824 	void *hdr;
7825 	int err;
7826 
7827 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7828 	if (!msg)
7829 		return;
7830 
7831 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
7832 	if (!hdr) {
7833 		nlmsg_free(msg);
7834 		return;
7835 	}
7836 
7837 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7838 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
7839 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7840 	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
7841 	if (acked)
7842 		NLA_PUT_FLAG(msg, NL80211_ATTR_ACK);
7843 
7844 	err = genlmsg_end(msg, hdr);
7845 	if (err < 0) {
7846 		nlmsg_free(msg);
7847 		return;
7848 	}
7849 
7850 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7851 				nl80211_mlme_mcgrp.id, gfp);
7852 	return;
7853 
7854  nla_put_failure:
7855 	genlmsg_cancel(msg, hdr);
7856 	nlmsg_free(msg);
7857 }
7858 EXPORT_SYMBOL(cfg80211_probe_status);
7859 
7860 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
7861 				 const u8 *frame, size_t len,
7862 				 int freq, gfp_t gfp)
7863 {
7864 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
7865 	struct sk_buff *msg;
7866 	void *hdr;
7867 	u32 nlpid = ACCESS_ONCE(rdev->ap_beacons_nlpid);
7868 
7869 	if (!nlpid)
7870 		return;
7871 
7872 	msg = nlmsg_new(len + 100, gfp);
7873 	if (!msg)
7874 		return;
7875 
7876 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
7877 	if (!hdr) {
7878 		nlmsg_free(msg);
7879 		return;
7880 	}
7881 
7882 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7883 	if (freq)
7884 		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
7885 	NLA_PUT(msg, NL80211_ATTR_FRAME, len, frame);
7886 
7887 	genlmsg_end(msg, hdr);
7888 
7889 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
7890 	return;
7891 
7892  nla_put_failure:
7893 	genlmsg_cancel(msg, hdr);
7894 	nlmsg_free(msg);
7895 }
7896 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
7897 
7898 static int nl80211_netlink_notify(struct notifier_block * nb,
7899 				  unsigned long state,
7900 				  void *_notify)
7901 {
7902 	struct netlink_notify *notify = _notify;
7903 	struct cfg80211_registered_device *rdev;
7904 	struct wireless_dev *wdev;
7905 
7906 	if (state != NETLINK_URELEASE)
7907 		return NOTIFY_DONE;
7908 
7909 	rcu_read_lock();
7910 
7911 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
7912 		list_for_each_entry_rcu(wdev, &rdev->netdev_list, list)
7913 			cfg80211_mlme_unregister_socket(wdev, notify->pid);
7914 		if (rdev->ap_beacons_nlpid == notify->pid)
7915 			rdev->ap_beacons_nlpid = 0;
7916 	}
7917 
7918 	rcu_read_unlock();
7919 
7920 	return NOTIFY_DONE;
7921 }
7922 
7923 static struct notifier_block nl80211_netlink_notifier = {
7924 	.notifier_call = nl80211_netlink_notify,
7925 };
7926 
7927 /* initialisation/exit functions */
7928 
7929 int nl80211_init(void)
7930 {
7931 	int err;
7932 
7933 	err = genl_register_family_with_ops(&nl80211_fam,
7934 		nl80211_ops, ARRAY_SIZE(nl80211_ops));
7935 	if (err)
7936 		return err;
7937 
7938 	err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
7939 	if (err)
7940 		goto err_out;
7941 
7942 	err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp);
7943 	if (err)
7944 		goto err_out;
7945 
7946 	err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp);
7947 	if (err)
7948 		goto err_out;
7949 
7950 	err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp);
7951 	if (err)
7952 		goto err_out;
7953 
7954 #ifdef CONFIG_NL80211_TESTMODE
7955 	err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp);
7956 	if (err)
7957 		goto err_out;
7958 #endif
7959 
7960 	err = netlink_register_notifier(&nl80211_netlink_notifier);
7961 	if (err)
7962 		goto err_out;
7963 
7964 	return 0;
7965  err_out:
7966 	genl_unregister_family(&nl80211_fam);
7967 	return err;
7968 }
7969 
7970 void nl80211_exit(void)
7971 {
7972 	netlink_unregister_notifier(&nl80211_netlink_notifier);
7973 	genl_unregister_family(&nl80211_fam);
7974 }
7975