xref: /linux/net/wireless/nl80211.c (revision c75c5ab575af7db707689cdbb5a5c458e9a034bb) 
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  */
6 
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include <net/inet_connection_sock.h>
23 #include "core.h"
24 #include "nl80211.h"
25 #include "reg.h"
26 #include "rdev-ops.h"
27 
28 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
29 				   struct genl_info *info,
30 				   struct cfg80211_crypto_settings *settings,
31 				   int cipher_limit);
32 
33 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
34 			    struct genl_info *info);
35 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
36 			      struct genl_info *info);
37 
38 /* the netlink family */
39 static struct genl_family nl80211_fam = {
40 	.id = GENL_ID_GENERATE,	/* don't bother with a hardcoded ID */
41 	.name = "nl80211",	/* have users key off the name instead */
42 	.hdrsize = 0,		/* no private header */
43 	.version = 1,		/* no particular meaning now */
44 	.maxattr = NL80211_ATTR_MAX,
45 	.netnsok = true,
46 	.pre_doit = nl80211_pre_doit,
47 	.post_doit = nl80211_post_doit,
48 };
49 
50 /* returns ERR_PTR values */
51 static struct wireless_dev *
52 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
53 {
54 	struct cfg80211_registered_device *rdev;
55 	struct wireless_dev *result = NULL;
56 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
57 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
58 	u64 wdev_id;
59 	int wiphy_idx = -1;
60 	int ifidx = -1;
61 
62 	assert_cfg80211_lock();
63 
64 	if (!have_ifidx && !have_wdev_id)
65 		return ERR_PTR(-EINVAL);
66 
67 	if (have_ifidx)
68 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
69 	if (have_wdev_id) {
70 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
71 		wiphy_idx = wdev_id >> 32;
72 	}
73 
74 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
75 		struct wireless_dev *wdev;
76 
77 		if (wiphy_net(&rdev->wiphy) != netns)
78 			continue;
79 
80 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
81 			continue;
82 
83 		mutex_lock(&rdev->devlist_mtx);
84 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
85 			if (have_ifidx && wdev->netdev &&
86 			    wdev->netdev->ifindex == ifidx) {
87 				result = wdev;
88 				break;
89 			}
90 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
91 				result = wdev;
92 				break;
93 			}
94 		}
95 		mutex_unlock(&rdev->devlist_mtx);
96 
97 		if (result)
98 			break;
99 	}
100 
101 	if (result)
102 		return result;
103 	return ERR_PTR(-ENODEV);
104 }
105 
106 static struct cfg80211_registered_device *
107 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
108 {
109 	struct cfg80211_registered_device *rdev = NULL, *tmp;
110 	struct net_device *netdev;
111 
112 	assert_cfg80211_lock();
113 
114 	if (!attrs[NL80211_ATTR_WIPHY] &&
115 	    !attrs[NL80211_ATTR_IFINDEX] &&
116 	    !attrs[NL80211_ATTR_WDEV])
117 		return ERR_PTR(-EINVAL);
118 
119 	if (attrs[NL80211_ATTR_WIPHY])
120 		rdev = cfg80211_rdev_by_wiphy_idx(
121 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
122 
123 	if (attrs[NL80211_ATTR_WDEV]) {
124 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
125 		struct wireless_dev *wdev;
126 		bool found = false;
127 
128 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
129 		if (tmp) {
130 			/* make sure wdev exists */
131 			mutex_lock(&tmp->devlist_mtx);
132 			list_for_each_entry(wdev, &tmp->wdev_list, list) {
133 				if (wdev->identifier != (u32)wdev_id)
134 					continue;
135 				found = true;
136 				break;
137 			}
138 			mutex_unlock(&tmp->devlist_mtx);
139 
140 			if (!found)
141 				tmp = NULL;
142 
143 			if (rdev && tmp != rdev)
144 				return ERR_PTR(-EINVAL);
145 			rdev = tmp;
146 		}
147 	}
148 
149 	if (attrs[NL80211_ATTR_IFINDEX]) {
150 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
151 		netdev = dev_get_by_index(netns, ifindex);
152 		if (netdev) {
153 			if (netdev->ieee80211_ptr)
154 				tmp = wiphy_to_dev(
155 						netdev->ieee80211_ptr->wiphy);
156 			else
157 				tmp = NULL;
158 
159 			dev_put(netdev);
160 
161 			/* not wireless device -- return error */
162 			if (!tmp)
163 				return ERR_PTR(-EINVAL);
164 
165 			/* mismatch -- return error */
166 			if (rdev && tmp != rdev)
167 				return ERR_PTR(-EINVAL);
168 
169 			rdev = tmp;
170 		}
171 	}
172 
173 	if (!rdev)
174 		return ERR_PTR(-ENODEV);
175 
176 	if (netns != wiphy_net(&rdev->wiphy))
177 		return ERR_PTR(-ENODEV);
178 
179 	return rdev;
180 }
181 
182 /*
183  * This function returns a pointer to the driver
184  * that the genl_info item that is passed refers to.
185  * If successful, it returns non-NULL and also locks
186  * the driver's mutex!
187  *
188  * This means that you need to call cfg80211_unlock_rdev()
189  * before being allowed to acquire &cfg80211_mutex!
190  *
191  * This is necessary because we need to lock the global
192  * mutex to get an item off the list safely, and then
193  * we lock the rdev mutex so it doesn't go away under us.
194  *
195  * We don't want to keep cfg80211_mutex locked
196  * for all the time in order to allow requests on
197  * other interfaces to go through at the same time.
198  *
199  * The result of this can be a PTR_ERR and hence must
200  * be checked with IS_ERR() for errors.
201  */
202 static struct cfg80211_registered_device *
203 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
204 {
205 	struct cfg80211_registered_device *rdev;
206 
207 	mutex_lock(&cfg80211_mutex);
208 	rdev = __cfg80211_rdev_from_attrs(netns, info->attrs);
209 
210 	/* if it is not an error we grab the lock on
211 	 * it to assure it won't be going away while
212 	 * we operate on it */
213 	if (!IS_ERR(rdev))
214 		mutex_lock(&rdev->mtx);
215 
216 	mutex_unlock(&cfg80211_mutex);
217 
218 	return rdev;
219 }
220 
221 /* policy for the attributes */
222 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
223 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
224 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
225 				      .len = 20-1 },
226 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
227 
228 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
229 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
230 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
231 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
232 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
233 
234 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
235 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
236 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
237 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
238 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
239 
240 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
241 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
242 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
243 
244 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
245 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
246 
247 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
248 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
249 				    .len = WLAN_MAX_KEY_LEN },
250 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
251 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
252 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
253 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
254 	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
255 
256 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
257 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
258 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
259 				       .len = IEEE80211_MAX_DATA_LEN },
260 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
261 				       .len = IEEE80211_MAX_DATA_LEN },
262 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
263 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
264 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
265 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
266 					       .len = NL80211_MAX_SUPP_RATES },
267 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
268 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
269 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
270 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
271 				   .len = IEEE80211_MAX_MESH_ID_LEN },
272 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
273 
274 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
275 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
276 
277 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
278 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
279 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
280 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
281 					   .len = NL80211_MAX_SUPP_RATES },
282 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
283 
284 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
285 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
286 
287 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
288 
289 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
290 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
291 			      .len = IEEE80211_MAX_DATA_LEN },
292 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
293 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
294 
295 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
296 				.len = IEEE80211_MAX_SSID_LEN },
297 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
298 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
299 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
300 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
301 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
302 	[NL80211_ATTR_STA_FLAGS2] = {
303 		.len = sizeof(struct nl80211_sta_flag_update),
304 	},
305 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
306 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
307 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
308 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
309 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
310 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
311 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
312 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
313 	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
314 				 .len = WLAN_PMKID_LEN },
315 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
316 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
317 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
318 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
319 				 .len = IEEE80211_MAX_DATA_LEN },
320 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
321 	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
322 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
323 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
324 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
325 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
326 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
327 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
328 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
329 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
330 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
331 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
332 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
333 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
334 	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
335 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
336 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
337 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
338 	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
339 	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
340 					 .len = IEEE80211_MAX_DATA_LEN },
341 	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
342 					 .len = IEEE80211_MAX_DATA_LEN },
343 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
344 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
345 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
346 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
347 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
348 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
349 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
350 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
351 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
352 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
353 				      .len = IEEE80211_MAX_DATA_LEN },
354 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
355 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
356 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
357 		.len = NL80211_HT_CAPABILITY_LEN
358 	},
359 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
360 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
361 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
362 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
363 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
364 	[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
365 	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
366 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
367 	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
368 	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
369 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
370 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
371 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
372 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
373 };
374 
375 /* policy for the key attributes */
376 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
377 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
378 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
379 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
380 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
381 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
382 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
383 	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
384 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
385 };
386 
387 /* policy for the key default flags */
388 static const struct nla_policy
389 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
390 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
391 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
392 };
393 
394 /* policy for WoWLAN attributes */
395 static const struct nla_policy
396 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
397 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
398 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
399 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
400 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
401 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
402 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
403 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
404 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
405 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
406 };
407 
408 static const struct nla_policy
409 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
410 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
411 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
412 	[NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
413 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
414 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
415 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
416 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
417 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
418 	},
419 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
420 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
421 	},
422 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
423 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
424 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
425 };
426 
427 /* policy for GTK rekey offload attributes */
428 static const struct nla_policy
429 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
430 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
431 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
432 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
433 };
434 
435 static const struct nla_policy
436 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
437 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
438 						 .len = IEEE80211_MAX_SSID_LEN },
439 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
440 };
441 
442 /* ifidx get helper */
443 static int nl80211_get_ifidx(struct netlink_callback *cb)
444 {
445 	int res;
446 
447 	res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
448 			  nl80211_fam.attrbuf, nl80211_fam.maxattr,
449 			  nl80211_policy);
450 	if (res)
451 		return res;
452 
453 	if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
454 		return -EINVAL;
455 
456 	res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
457 	if (!res)
458 		return -EINVAL;
459 	return res;
460 }
461 
462 static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
463 				       struct netlink_callback *cb,
464 				       struct cfg80211_registered_device **rdev,
465 				       struct net_device **dev)
466 {
467 	int ifidx = cb->args[0];
468 	int err;
469 
470 	if (!ifidx)
471 		ifidx = nl80211_get_ifidx(cb);
472 	if (ifidx < 0)
473 		return ifidx;
474 
475 	cb->args[0] = ifidx;
476 
477 	rtnl_lock();
478 
479 	*dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
480 	if (!*dev) {
481 		err = -ENODEV;
482 		goto out_rtnl;
483 	}
484 
485 	*rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
486 	if (IS_ERR(*rdev)) {
487 		err = PTR_ERR(*rdev);
488 		goto out_rtnl;
489 	}
490 
491 	return 0;
492  out_rtnl:
493 	rtnl_unlock();
494 	return err;
495 }
496 
497 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
498 {
499 	cfg80211_unlock_rdev(rdev);
500 	rtnl_unlock();
501 }
502 
503 /* IE validation */
504 static bool is_valid_ie_attr(const struct nlattr *attr)
505 {
506 	const u8 *pos;
507 	int len;
508 
509 	if (!attr)
510 		return true;
511 
512 	pos = nla_data(attr);
513 	len = nla_len(attr);
514 
515 	while (len) {
516 		u8 elemlen;
517 
518 		if (len < 2)
519 			return false;
520 		len -= 2;
521 
522 		elemlen = pos[1];
523 		if (elemlen > len)
524 			return false;
525 
526 		len -= elemlen;
527 		pos += 2 + elemlen;
528 	}
529 
530 	return true;
531 }
532 
533 /* message building helper */
534 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
535 				   int flags, u8 cmd)
536 {
537 	/* since there is no private header just add the generic one */
538 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
539 }
540 
541 static int nl80211_msg_put_channel(struct sk_buff *msg,
542 				   struct ieee80211_channel *chan)
543 {
544 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
545 			chan->center_freq))
546 		goto nla_put_failure;
547 
548 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
549 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
550 		goto nla_put_failure;
551 	if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
552 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN))
553 		goto nla_put_failure;
554 	if ((chan->flags & IEEE80211_CHAN_NO_IBSS) &&
555 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS))
556 		goto nla_put_failure;
557 	if ((chan->flags & IEEE80211_CHAN_RADAR) &&
558 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
559 		goto nla_put_failure;
560 
561 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
562 			DBM_TO_MBM(chan->max_power)))
563 		goto nla_put_failure;
564 
565 	return 0;
566 
567  nla_put_failure:
568 	return -ENOBUFS;
569 }
570 
571 /* netlink command implementations */
572 
573 struct key_parse {
574 	struct key_params p;
575 	int idx;
576 	int type;
577 	bool def, defmgmt;
578 	bool def_uni, def_multi;
579 };
580 
581 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
582 {
583 	struct nlattr *tb[NL80211_KEY_MAX + 1];
584 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
585 				   nl80211_key_policy);
586 	if (err)
587 		return err;
588 
589 	k->def = !!tb[NL80211_KEY_DEFAULT];
590 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
591 
592 	if (k->def) {
593 		k->def_uni = true;
594 		k->def_multi = true;
595 	}
596 	if (k->defmgmt)
597 		k->def_multi = true;
598 
599 	if (tb[NL80211_KEY_IDX])
600 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
601 
602 	if (tb[NL80211_KEY_DATA]) {
603 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
604 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
605 	}
606 
607 	if (tb[NL80211_KEY_SEQ]) {
608 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
609 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
610 	}
611 
612 	if (tb[NL80211_KEY_CIPHER])
613 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
614 
615 	if (tb[NL80211_KEY_TYPE]) {
616 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
617 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
618 			return -EINVAL;
619 	}
620 
621 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
622 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
623 		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
624 				       tb[NL80211_KEY_DEFAULT_TYPES],
625 				       nl80211_key_default_policy);
626 		if (err)
627 			return err;
628 
629 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
630 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
631 	}
632 
633 	return 0;
634 }
635 
636 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
637 {
638 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
639 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
640 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
641 	}
642 
643 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
644 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
645 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
646 	}
647 
648 	if (info->attrs[NL80211_ATTR_KEY_IDX])
649 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
650 
651 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
652 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
653 
654 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
655 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
656 
657 	if (k->def) {
658 		k->def_uni = true;
659 		k->def_multi = true;
660 	}
661 	if (k->defmgmt)
662 		k->def_multi = true;
663 
664 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
665 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
666 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
667 			return -EINVAL;
668 	}
669 
670 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
671 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
672 		int err = nla_parse_nested(
673 				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
674 				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
675 				nl80211_key_default_policy);
676 		if (err)
677 			return err;
678 
679 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
680 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
681 	}
682 
683 	return 0;
684 }
685 
686 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
687 {
688 	int err;
689 
690 	memset(k, 0, sizeof(*k));
691 	k->idx = -1;
692 	k->type = -1;
693 
694 	if (info->attrs[NL80211_ATTR_KEY])
695 		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
696 	else
697 		err = nl80211_parse_key_old(info, k);
698 
699 	if (err)
700 		return err;
701 
702 	if (k->def && k->defmgmt)
703 		return -EINVAL;
704 
705 	if (k->defmgmt) {
706 		if (k->def_uni || !k->def_multi)
707 			return -EINVAL;
708 	}
709 
710 	if (k->idx != -1) {
711 		if (k->defmgmt) {
712 			if (k->idx < 4 || k->idx > 5)
713 				return -EINVAL;
714 		} else if (k->def) {
715 			if (k->idx < 0 || k->idx > 3)
716 				return -EINVAL;
717 		} else {
718 			if (k->idx < 0 || k->idx > 5)
719 				return -EINVAL;
720 		}
721 	}
722 
723 	return 0;
724 }
725 
726 static struct cfg80211_cached_keys *
727 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
728 		       struct nlattr *keys, bool *no_ht)
729 {
730 	struct key_parse parse;
731 	struct nlattr *key;
732 	struct cfg80211_cached_keys *result;
733 	int rem, err, def = 0;
734 
735 	result = kzalloc(sizeof(*result), GFP_KERNEL);
736 	if (!result)
737 		return ERR_PTR(-ENOMEM);
738 
739 	result->def = -1;
740 	result->defmgmt = -1;
741 
742 	nla_for_each_nested(key, keys, rem) {
743 		memset(&parse, 0, sizeof(parse));
744 		parse.idx = -1;
745 
746 		err = nl80211_parse_key_new(key, &parse);
747 		if (err)
748 			goto error;
749 		err = -EINVAL;
750 		if (!parse.p.key)
751 			goto error;
752 		if (parse.idx < 0 || parse.idx > 4)
753 			goto error;
754 		if (parse.def) {
755 			if (def)
756 				goto error;
757 			def = 1;
758 			result->def = parse.idx;
759 			if (!parse.def_uni || !parse.def_multi)
760 				goto error;
761 		} else if (parse.defmgmt)
762 			goto error;
763 		err = cfg80211_validate_key_settings(rdev, &parse.p,
764 						     parse.idx, false, NULL);
765 		if (err)
766 			goto error;
767 		result->params[parse.idx].cipher = parse.p.cipher;
768 		result->params[parse.idx].key_len = parse.p.key_len;
769 		result->params[parse.idx].key = result->data[parse.idx];
770 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
771 
772 		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
773 		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
774 			if (no_ht)
775 				*no_ht = true;
776 		}
777 	}
778 
779 	return result;
780  error:
781 	kfree(result);
782 	return ERR_PTR(err);
783 }
784 
785 static int nl80211_key_allowed(struct wireless_dev *wdev)
786 {
787 	ASSERT_WDEV_LOCK(wdev);
788 
789 	switch (wdev->iftype) {
790 	case NL80211_IFTYPE_AP:
791 	case NL80211_IFTYPE_AP_VLAN:
792 	case NL80211_IFTYPE_P2P_GO:
793 	case NL80211_IFTYPE_MESH_POINT:
794 		break;
795 	case NL80211_IFTYPE_ADHOC:
796 		if (!wdev->current_bss)
797 			return -ENOLINK;
798 		break;
799 	case NL80211_IFTYPE_STATION:
800 	case NL80211_IFTYPE_P2P_CLIENT:
801 		if (wdev->sme_state != CFG80211_SME_CONNECTED)
802 			return -ENOLINK;
803 		break;
804 	default:
805 		return -EINVAL;
806 	}
807 
808 	return 0;
809 }
810 
811 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
812 {
813 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
814 	int i;
815 
816 	if (!nl_modes)
817 		goto nla_put_failure;
818 
819 	i = 0;
820 	while (ifmodes) {
821 		if ((ifmodes & 1) && nla_put_flag(msg, i))
822 			goto nla_put_failure;
823 		ifmodes >>= 1;
824 		i++;
825 	}
826 
827 	nla_nest_end(msg, nl_modes);
828 	return 0;
829 
830 nla_put_failure:
831 	return -ENOBUFS;
832 }
833 
834 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
835 					  struct sk_buff *msg)
836 {
837 	struct nlattr *nl_combis;
838 	int i, j;
839 
840 	nl_combis = nla_nest_start(msg,
841 				NL80211_ATTR_INTERFACE_COMBINATIONS);
842 	if (!nl_combis)
843 		goto nla_put_failure;
844 
845 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
846 		const struct ieee80211_iface_combination *c;
847 		struct nlattr *nl_combi, *nl_limits;
848 
849 		c = &wiphy->iface_combinations[i];
850 
851 		nl_combi = nla_nest_start(msg, i + 1);
852 		if (!nl_combi)
853 			goto nla_put_failure;
854 
855 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
856 		if (!nl_limits)
857 			goto nla_put_failure;
858 
859 		for (j = 0; j < c->n_limits; j++) {
860 			struct nlattr *nl_limit;
861 
862 			nl_limit = nla_nest_start(msg, j + 1);
863 			if (!nl_limit)
864 				goto nla_put_failure;
865 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
866 					c->limits[j].max))
867 				goto nla_put_failure;
868 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
869 						c->limits[j].types))
870 				goto nla_put_failure;
871 			nla_nest_end(msg, nl_limit);
872 		}
873 
874 		nla_nest_end(msg, nl_limits);
875 
876 		if (c->beacon_int_infra_match &&
877 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
878 			goto nla_put_failure;
879 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
880 				c->num_different_channels) ||
881 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
882 				c->max_interfaces))
883 			goto nla_put_failure;
884 
885 		nla_nest_end(msg, nl_combi);
886 	}
887 
888 	nla_nest_end(msg, nl_combis);
889 
890 	return 0;
891 nla_put_failure:
892 	return -ENOBUFS;
893 }
894 
895 static int nl80211_send_wiphy(struct sk_buff *msg, u32 portid, u32 seq, int flags,
896 			      struct cfg80211_registered_device *dev)
897 {
898 	void *hdr;
899 	struct nlattr *nl_bands, *nl_band;
900 	struct nlattr *nl_freqs, *nl_freq;
901 	struct nlattr *nl_rates, *nl_rate;
902 	struct nlattr *nl_cmds;
903 	enum ieee80211_band band;
904 	struct ieee80211_channel *chan;
905 	struct ieee80211_rate *rate;
906 	int i;
907 	const struct ieee80211_txrx_stypes *mgmt_stypes =
908 				dev->wiphy.mgmt_stypes;
909 
910 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY);
911 	if (!hdr)
912 		return -1;
913 
914 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
915 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) ||
916 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
917 			cfg80211_rdev_list_generation) ||
918 	    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
919 		       dev->wiphy.retry_short) ||
920 	    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
921 		       dev->wiphy.retry_long) ||
922 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
923 			dev->wiphy.frag_threshold) ||
924 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
925 			dev->wiphy.rts_threshold) ||
926 	    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
927 		       dev->wiphy.coverage_class) ||
928 	    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
929 		       dev->wiphy.max_scan_ssids) ||
930 	    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
931 		       dev->wiphy.max_sched_scan_ssids) ||
932 	    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
933 			dev->wiphy.max_scan_ie_len) ||
934 	    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
935 			dev->wiphy.max_sched_scan_ie_len) ||
936 	    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
937 		       dev->wiphy.max_match_sets))
938 		goto nla_put_failure;
939 
940 	if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
941 	    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
942 		goto nla_put_failure;
943 	if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
944 	    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
945 		goto nla_put_failure;
946 	if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
947 	    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
948 		goto nla_put_failure;
949 	if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
950 	    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
951 		goto nla_put_failure;
952 	if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
953 	    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
954 		goto nla_put_failure;
955 	if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
956 	    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
957 		goto nla_put_failure;
958 
959 	if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
960 		    sizeof(u32) * dev->wiphy.n_cipher_suites,
961 		    dev->wiphy.cipher_suites))
962 		goto nla_put_failure;
963 
964 	if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
965 		       dev->wiphy.max_num_pmkids))
966 		goto nla_put_failure;
967 
968 	if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
969 	    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
970 		goto nla_put_failure;
971 
972 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
973 			dev->wiphy.available_antennas_tx) ||
974 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
975 			dev->wiphy.available_antennas_rx))
976 		goto nla_put_failure;
977 
978 	if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
979 	    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
980 			dev->wiphy.probe_resp_offload))
981 		goto nla_put_failure;
982 
983 	if ((dev->wiphy.available_antennas_tx ||
984 	     dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
985 		u32 tx_ant = 0, rx_ant = 0;
986 		int res;
987 		res = rdev_get_antenna(dev, &tx_ant, &rx_ant);
988 		if (!res) {
989 			if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX,
990 					tx_ant) ||
991 			    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX,
992 					rx_ant))
993 				goto nla_put_failure;
994 		}
995 	}
996 
997 	if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
998 				dev->wiphy.interface_modes))
999 		goto nla_put_failure;
1000 
1001 	nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1002 	if (!nl_bands)
1003 		goto nla_put_failure;
1004 
1005 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
1006 		if (!dev->wiphy.bands[band])
1007 			continue;
1008 
1009 		nl_band = nla_nest_start(msg, band);
1010 		if (!nl_band)
1011 			goto nla_put_failure;
1012 
1013 		/* add HT info */
1014 		if (dev->wiphy.bands[band]->ht_cap.ht_supported &&
1015 		    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1016 			     sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
1017 			     &dev->wiphy.bands[band]->ht_cap.mcs) ||
1018 		     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1019 				 dev->wiphy.bands[band]->ht_cap.cap) ||
1020 		     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1021 				dev->wiphy.bands[band]->ht_cap.ampdu_factor) ||
1022 		     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1023 				dev->wiphy.bands[band]->ht_cap.ampdu_density)))
1024 			goto nla_put_failure;
1025 
1026 		/* add VHT info */
1027 		if (dev->wiphy.bands[band]->vht_cap.vht_supported &&
1028 		    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1029 			     sizeof(dev->wiphy.bands[band]->vht_cap.vht_mcs),
1030 			     &dev->wiphy.bands[band]->vht_cap.vht_mcs) ||
1031 		     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1032 				 dev->wiphy.bands[band]->vht_cap.cap)))
1033 			goto nla_put_failure;
1034 
1035 		/* add frequencies */
1036 		nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
1037 		if (!nl_freqs)
1038 			goto nla_put_failure;
1039 
1040 		for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
1041 			nl_freq = nla_nest_start(msg, i);
1042 			if (!nl_freq)
1043 				goto nla_put_failure;
1044 
1045 			chan = &dev->wiphy.bands[band]->channels[i];
1046 
1047 			if (nl80211_msg_put_channel(msg, chan))
1048 				goto nla_put_failure;
1049 
1050 			nla_nest_end(msg, nl_freq);
1051 		}
1052 
1053 		nla_nest_end(msg, nl_freqs);
1054 
1055 		/* add bitrates */
1056 		nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1057 		if (!nl_rates)
1058 			goto nla_put_failure;
1059 
1060 		for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
1061 			nl_rate = nla_nest_start(msg, i);
1062 			if (!nl_rate)
1063 				goto nla_put_failure;
1064 
1065 			rate = &dev->wiphy.bands[band]->bitrates[i];
1066 			if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1067 					rate->bitrate))
1068 				goto nla_put_failure;
1069 			if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1070 			    nla_put_flag(msg,
1071 					 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1072 				goto nla_put_failure;
1073 
1074 			nla_nest_end(msg, nl_rate);
1075 		}
1076 
1077 		nla_nest_end(msg, nl_rates);
1078 
1079 		nla_nest_end(msg, nl_band);
1080 	}
1081 	nla_nest_end(msg, nl_bands);
1082 
1083 	nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1084 	if (!nl_cmds)
1085 		goto nla_put_failure;
1086 
1087 	i = 0;
1088 #define CMD(op, n)						\
1089 	 do {							\
1090 		if (dev->ops->op) {				\
1091 			i++;					\
1092 			if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1093 				goto nla_put_failure;		\
1094 		}						\
1095 	} while (0)
1096 
1097 	CMD(add_virtual_intf, NEW_INTERFACE);
1098 	CMD(change_virtual_intf, SET_INTERFACE);
1099 	CMD(add_key, NEW_KEY);
1100 	CMD(start_ap, START_AP);
1101 	CMD(add_station, NEW_STATION);
1102 	CMD(add_mpath, NEW_MPATH);
1103 	CMD(update_mesh_config, SET_MESH_CONFIG);
1104 	CMD(change_bss, SET_BSS);
1105 	CMD(auth, AUTHENTICATE);
1106 	CMD(assoc, ASSOCIATE);
1107 	CMD(deauth, DEAUTHENTICATE);
1108 	CMD(disassoc, DISASSOCIATE);
1109 	CMD(join_ibss, JOIN_IBSS);
1110 	CMD(join_mesh, JOIN_MESH);
1111 	CMD(set_pmksa, SET_PMKSA);
1112 	CMD(del_pmksa, DEL_PMKSA);
1113 	CMD(flush_pmksa, FLUSH_PMKSA);
1114 	if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1115 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1116 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1117 	CMD(mgmt_tx, FRAME);
1118 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1119 	if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1120 		i++;
1121 		if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1122 			goto nla_put_failure;
1123 	}
1124 	if (dev->ops->set_monitor_channel || dev->ops->start_ap ||
1125 	    dev->ops->join_mesh) {
1126 		i++;
1127 		if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1128 			goto nla_put_failure;
1129 	}
1130 	CMD(set_wds_peer, SET_WDS_PEER);
1131 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1132 		CMD(tdls_mgmt, TDLS_MGMT);
1133 		CMD(tdls_oper, TDLS_OPER);
1134 	}
1135 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1136 		CMD(sched_scan_start, START_SCHED_SCAN);
1137 	CMD(probe_client, PROBE_CLIENT);
1138 	CMD(set_noack_map, SET_NOACK_MAP);
1139 	if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1140 		i++;
1141 		if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1142 			goto nla_put_failure;
1143 	}
1144 	CMD(start_p2p_device, START_P2P_DEVICE);
1145 	CMD(set_mcast_rate, SET_MCAST_RATE);
1146 
1147 #ifdef CONFIG_NL80211_TESTMODE
1148 	CMD(testmode_cmd, TESTMODE);
1149 #endif
1150 
1151 #undef CMD
1152 
1153 	if (dev->ops->connect || dev->ops->auth) {
1154 		i++;
1155 		if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1156 			goto nla_put_failure;
1157 	}
1158 
1159 	if (dev->ops->disconnect || dev->ops->deauth) {
1160 		i++;
1161 		if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1162 			goto nla_put_failure;
1163 	}
1164 
1165 	nla_nest_end(msg, nl_cmds);
1166 
1167 	if (dev->ops->remain_on_channel &&
1168 	    (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1169 	    nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1170 			dev->wiphy.max_remain_on_channel_duration))
1171 		goto nla_put_failure;
1172 
1173 	if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1174 	    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1175 		goto nla_put_failure;
1176 
1177 	if (mgmt_stypes) {
1178 		u16 stypes;
1179 		struct nlattr *nl_ftypes, *nl_ifs;
1180 		enum nl80211_iftype ift;
1181 
1182 		nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1183 		if (!nl_ifs)
1184 			goto nla_put_failure;
1185 
1186 		for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1187 			nl_ftypes = nla_nest_start(msg, ift);
1188 			if (!nl_ftypes)
1189 				goto nla_put_failure;
1190 			i = 0;
1191 			stypes = mgmt_stypes[ift].tx;
1192 			while (stypes) {
1193 				if ((stypes & 1) &&
1194 				    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1195 						(i << 4) | IEEE80211_FTYPE_MGMT))
1196 					goto nla_put_failure;
1197 				stypes >>= 1;
1198 				i++;
1199 			}
1200 			nla_nest_end(msg, nl_ftypes);
1201 		}
1202 
1203 		nla_nest_end(msg, nl_ifs);
1204 
1205 		nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1206 		if (!nl_ifs)
1207 			goto nla_put_failure;
1208 
1209 		for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1210 			nl_ftypes = nla_nest_start(msg, ift);
1211 			if (!nl_ftypes)
1212 				goto nla_put_failure;
1213 			i = 0;
1214 			stypes = mgmt_stypes[ift].rx;
1215 			while (stypes) {
1216 				if ((stypes & 1) &&
1217 				    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1218 						(i << 4) | IEEE80211_FTYPE_MGMT))
1219 					goto nla_put_failure;
1220 				stypes >>= 1;
1221 				i++;
1222 			}
1223 			nla_nest_end(msg, nl_ftypes);
1224 		}
1225 		nla_nest_end(msg, nl_ifs);
1226 	}
1227 
1228 #ifdef CONFIG_PM
1229 	if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
1230 		struct nlattr *nl_wowlan;
1231 
1232 		nl_wowlan = nla_nest_start(msg,
1233 				NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1234 		if (!nl_wowlan)
1235 			goto nla_put_failure;
1236 
1237 		if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) &&
1238 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1239 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) &&
1240 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1241 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1242 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1243 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1244 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1245 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1246 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1247 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1248 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1249 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1250 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1251 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1252 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1253 		    goto nla_put_failure;
1254 		if (dev->wiphy.wowlan.n_patterns) {
1255 			struct nl80211_wowlan_pattern_support pat = {
1256 				.max_patterns = dev->wiphy.wowlan.n_patterns,
1257 				.min_pattern_len =
1258 					dev->wiphy.wowlan.pattern_min_len,
1259 				.max_pattern_len =
1260 					dev->wiphy.wowlan.pattern_max_len,
1261 				.max_pkt_offset =
1262 					dev->wiphy.wowlan.max_pkt_offset,
1263 			};
1264 			if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1265 				    sizeof(pat), &pat))
1266 				goto nla_put_failure;
1267 		}
1268 
1269 		nla_nest_end(msg, nl_wowlan);
1270 	}
1271 #endif
1272 
1273 	if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1274 				dev->wiphy.software_iftypes))
1275 		goto nla_put_failure;
1276 
1277 	if (nl80211_put_iface_combinations(&dev->wiphy, msg))
1278 		goto nla_put_failure;
1279 
1280 	if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1281 	    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1282 			dev->wiphy.ap_sme_capa))
1283 		goto nla_put_failure;
1284 
1285 	if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS,
1286 			dev->wiphy.features))
1287 		goto nla_put_failure;
1288 
1289 	if (dev->wiphy.ht_capa_mod_mask &&
1290 	    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1291 		    sizeof(*dev->wiphy.ht_capa_mod_mask),
1292 		    dev->wiphy.ht_capa_mod_mask))
1293 		goto nla_put_failure;
1294 
1295 	if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1296 	    dev->wiphy.max_acl_mac_addrs &&
1297 	    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1298 			dev->wiphy.max_acl_mac_addrs))
1299 		goto nla_put_failure;
1300 
1301 	return genlmsg_end(msg, hdr);
1302 
1303  nla_put_failure:
1304 	genlmsg_cancel(msg, hdr);
1305 	return -EMSGSIZE;
1306 }
1307 
1308 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1309 {
1310 	int idx = 0, ret;
1311 	int start = cb->args[0];
1312 	struct cfg80211_registered_device *dev;
1313 
1314 	mutex_lock(&cfg80211_mutex);
1315 	list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1316 		if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1317 			continue;
1318 		if (++idx <= start)
1319 			continue;
1320 		ret = nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).portid,
1321 					 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1322 					 dev);
1323 		if (ret < 0) {
1324 			/*
1325 			 * If sending the wiphy data didn't fit (ENOBUFS or
1326 			 * EMSGSIZE returned), this SKB is still empty (so
1327 			 * it's not too big because another wiphy dataset is
1328 			 * already in the skb) and we've not tried to adjust
1329 			 * the dump allocation yet ... then adjust the alloc
1330 			 * size to be bigger, and return 1 but with the empty
1331 			 * skb. This results in an empty message being RX'ed
1332 			 * in userspace, but that is ignored.
1333 			 *
1334 			 * We can then retry with the larger buffer.
1335 			 */
1336 			if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1337 			    !skb->len &&
1338 			    cb->min_dump_alloc < 4096) {
1339 				cb->min_dump_alloc = 4096;
1340 				mutex_unlock(&cfg80211_mutex);
1341 				return 1;
1342 			}
1343 			idx--;
1344 			break;
1345 		}
1346 	}
1347 	mutex_unlock(&cfg80211_mutex);
1348 
1349 	cb->args[0] = idx;
1350 
1351 	return skb->len;
1352 }
1353 
1354 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1355 {
1356 	struct sk_buff *msg;
1357 	struct cfg80211_registered_device *dev = info->user_ptr[0];
1358 
1359 	msg = nlmsg_new(4096, GFP_KERNEL);
1360 	if (!msg)
1361 		return -ENOMEM;
1362 
1363 	if (nl80211_send_wiphy(msg, info->snd_portid, info->snd_seq, 0, dev) < 0) {
1364 		nlmsg_free(msg);
1365 		return -ENOBUFS;
1366 	}
1367 
1368 	return genlmsg_reply(msg, info);
1369 }
1370 
1371 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1372 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1373 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1374 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1375 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1376 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1377 };
1378 
1379 static int parse_txq_params(struct nlattr *tb[],
1380 			    struct ieee80211_txq_params *txq_params)
1381 {
1382 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1383 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1384 	    !tb[NL80211_TXQ_ATTR_AIFS])
1385 		return -EINVAL;
1386 
1387 	txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1388 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1389 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1390 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1391 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1392 
1393 	if (txq_params->ac >= NL80211_NUM_ACS)
1394 		return -EINVAL;
1395 
1396 	return 0;
1397 }
1398 
1399 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1400 {
1401 	/*
1402 	 * You can only set the channel explicitly for WDS interfaces,
1403 	 * all others have their channel managed via their respective
1404 	 * "establish a connection" command (connect, join, ...)
1405 	 *
1406 	 * For AP/GO and mesh mode, the channel can be set with the
1407 	 * channel userspace API, but is only stored and passed to the
1408 	 * low-level driver when the AP starts or the mesh is joined.
1409 	 * This is for backward compatibility, userspace can also give
1410 	 * the channel in the start-ap or join-mesh commands instead.
1411 	 *
1412 	 * Monitors are special as they are normally slaved to
1413 	 * whatever else is going on, so they have their own special
1414 	 * operation to set the monitor channel if possible.
1415 	 */
1416 	return !wdev ||
1417 		wdev->iftype == NL80211_IFTYPE_AP ||
1418 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1419 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
1420 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1421 }
1422 
1423 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1424 				 struct genl_info *info,
1425 				 struct cfg80211_chan_def *chandef)
1426 {
1427 	u32 control_freq;
1428 
1429 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1430 		return -EINVAL;
1431 
1432 	control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1433 
1434 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1435 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1436 	chandef->center_freq1 = control_freq;
1437 	chandef->center_freq2 = 0;
1438 
1439 	/* Primary channel not allowed */
1440 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1441 		return -EINVAL;
1442 
1443 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1444 		enum nl80211_channel_type chantype;
1445 
1446 		chantype = nla_get_u32(
1447 				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1448 
1449 		switch (chantype) {
1450 		case NL80211_CHAN_NO_HT:
1451 		case NL80211_CHAN_HT20:
1452 		case NL80211_CHAN_HT40PLUS:
1453 		case NL80211_CHAN_HT40MINUS:
1454 			cfg80211_chandef_create(chandef, chandef->chan,
1455 						chantype);
1456 			break;
1457 		default:
1458 			return -EINVAL;
1459 		}
1460 	} else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1461 		chandef->width =
1462 			nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1463 		if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1464 			chandef->center_freq1 =
1465 				nla_get_u32(
1466 					info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1467 		if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1468 			chandef->center_freq2 =
1469 				nla_get_u32(
1470 					info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1471 	}
1472 
1473 	if (!cfg80211_chandef_valid(chandef))
1474 		return -EINVAL;
1475 
1476 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1477 				     IEEE80211_CHAN_DISABLED))
1478 		return -EINVAL;
1479 
1480 	return 0;
1481 }
1482 
1483 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1484 				 struct wireless_dev *wdev,
1485 				 struct genl_info *info)
1486 {
1487 	struct cfg80211_chan_def chandef;
1488 	int result;
1489 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1490 
1491 	if (wdev)
1492 		iftype = wdev->iftype;
1493 
1494 	if (!nl80211_can_set_dev_channel(wdev))
1495 		return -EOPNOTSUPP;
1496 
1497 	result = nl80211_parse_chandef(rdev, info, &chandef);
1498 	if (result)
1499 		return result;
1500 
1501 	mutex_lock(&rdev->devlist_mtx);
1502 	switch (iftype) {
1503 	case NL80211_IFTYPE_AP:
1504 	case NL80211_IFTYPE_P2P_GO:
1505 		if (wdev->beacon_interval) {
1506 			result = -EBUSY;
1507 			break;
1508 		}
1509 		if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef)) {
1510 			result = -EINVAL;
1511 			break;
1512 		}
1513 		wdev->preset_chandef = chandef;
1514 		result = 0;
1515 		break;
1516 	case NL80211_IFTYPE_MESH_POINT:
1517 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
1518 		break;
1519 	case NL80211_IFTYPE_MONITOR:
1520 		result = cfg80211_set_monitor_channel(rdev, &chandef);
1521 		break;
1522 	default:
1523 		result = -EINVAL;
1524 	}
1525 	mutex_unlock(&rdev->devlist_mtx);
1526 
1527 	return result;
1528 }
1529 
1530 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1531 {
1532 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1533 	struct net_device *netdev = info->user_ptr[1];
1534 
1535 	return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1536 }
1537 
1538 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1539 {
1540 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1541 	struct net_device *dev = info->user_ptr[1];
1542 	struct wireless_dev *wdev = dev->ieee80211_ptr;
1543 	const u8 *bssid;
1544 
1545 	if (!info->attrs[NL80211_ATTR_MAC])
1546 		return -EINVAL;
1547 
1548 	if (netif_running(dev))
1549 		return -EBUSY;
1550 
1551 	if (!rdev->ops->set_wds_peer)
1552 		return -EOPNOTSUPP;
1553 
1554 	if (wdev->iftype != NL80211_IFTYPE_WDS)
1555 		return -EOPNOTSUPP;
1556 
1557 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1558 	return rdev_set_wds_peer(rdev, dev, bssid);
1559 }
1560 
1561 
1562 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1563 {
1564 	struct cfg80211_registered_device *rdev;
1565 	struct net_device *netdev = NULL;
1566 	struct wireless_dev *wdev;
1567 	int result = 0, rem_txq_params = 0;
1568 	struct nlattr *nl_txq_params;
1569 	u32 changed;
1570 	u8 retry_short = 0, retry_long = 0;
1571 	u32 frag_threshold = 0, rts_threshold = 0;
1572 	u8 coverage_class = 0;
1573 
1574 	/*
1575 	 * Try to find the wiphy and netdev. Normally this
1576 	 * function shouldn't need the netdev, but this is
1577 	 * done for backward compatibility -- previously
1578 	 * setting the channel was done per wiphy, but now
1579 	 * it is per netdev. Previous userland like hostapd
1580 	 * also passed a netdev to set_wiphy, so that it is
1581 	 * possible to let that go to the right netdev!
1582 	 */
1583 	mutex_lock(&cfg80211_mutex);
1584 
1585 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
1586 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1587 
1588 		netdev = dev_get_by_index(genl_info_net(info), ifindex);
1589 		if (netdev && netdev->ieee80211_ptr) {
1590 			rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1591 			mutex_lock(&rdev->mtx);
1592 		} else
1593 			netdev = NULL;
1594 	}
1595 
1596 	if (!netdev) {
1597 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
1598 						  info->attrs);
1599 		if (IS_ERR(rdev)) {
1600 			mutex_unlock(&cfg80211_mutex);
1601 			return PTR_ERR(rdev);
1602 		}
1603 		wdev = NULL;
1604 		netdev = NULL;
1605 		result = 0;
1606 
1607 		mutex_lock(&rdev->mtx);
1608 	} else
1609 		wdev = netdev->ieee80211_ptr;
1610 
1611 	/*
1612 	 * end workaround code, by now the rdev is available
1613 	 * and locked, and wdev may or may not be NULL.
1614 	 */
1615 
1616 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1617 		result = cfg80211_dev_rename(
1618 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1619 
1620 	mutex_unlock(&cfg80211_mutex);
1621 
1622 	if (result)
1623 		goto bad_res;
1624 
1625 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1626 		struct ieee80211_txq_params txq_params;
1627 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1628 
1629 		if (!rdev->ops->set_txq_params) {
1630 			result = -EOPNOTSUPP;
1631 			goto bad_res;
1632 		}
1633 
1634 		if (!netdev) {
1635 			result = -EINVAL;
1636 			goto bad_res;
1637 		}
1638 
1639 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1640 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1641 			result = -EINVAL;
1642 			goto bad_res;
1643 		}
1644 
1645 		if (!netif_running(netdev)) {
1646 			result = -ENETDOWN;
1647 			goto bad_res;
1648 		}
1649 
1650 		nla_for_each_nested(nl_txq_params,
1651 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1652 				    rem_txq_params) {
1653 			nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1654 				  nla_data(nl_txq_params),
1655 				  nla_len(nl_txq_params),
1656 				  txq_params_policy);
1657 			result = parse_txq_params(tb, &txq_params);
1658 			if (result)
1659 				goto bad_res;
1660 
1661 			result = rdev_set_txq_params(rdev, netdev,
1662 						     &txq_params);
1663 			if (result)
1664 				goto bad_res;
1665 		}
1666 	}
1667 
1668 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1669 		result = __nl80211_set_channel(rdev,
1670 				nl80211_can_set_dev_channel(wdev) ? wdev : NULL,
1671 				info);
1672 		if (result)
1673 			goto bad_res;
1674 	}
1675 
1676 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1677 		struct wireless_dev *txp_wdev = wdev;
1678 		enum nl80211_tx_power_setting type;
1679 		int idx, mbm = 0;
1680 
1681 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
1682 			txp_wdev = NULL;
1683 
1684 		if (!rdev->ops->set_tx_power) {
1685 			result = -EOPNOTSUPP;
1686 			goto bad_res;
1687 		}
1688 
1689 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1690 		type = nla_get_u32(info->attrs[idx]);
1691 
1692 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1693 		    (type != NL80211_TX_POWER_AUTOMATIC)) {
1694 			result = -EINVAL;
1695 			goto bad_res;
1696 		}
1697 
1698 		if (type != NL80211_TX_POWER_AUTOMATIC) {
1699 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1700 			mbm = nla_get_u32(info->attrs[idx]);
1701 		}
1702 
1703 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
1704 		if (result)
1705 			goto bad_res;
1706 	}
1707 
1708 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1709 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1710 		u32 tx_ant, rx_ant;
1711 		if ((!rdev->wiphy.available_antennas_tx &&
1712 		     !rdev->wiphy.available_antennas_rx) ||
1713 		    !rdev->ops->set_antenna) {
1714 			result = -EOPNOTSUPP;
1715 			goto bad_res;
1716 		}
1717 
1718 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
1719 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
1720 
1721 		/* reject antenna configurations which don't match the
1722 		 * available antenna masks, except for the "all" mask */
1723 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
1724 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
1725 			result = -EINVAL;
1726 			goto bad_res;
1727 		}
1728 
1729 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
1730 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
1731 
1732 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
1733 		if (result)
1734 			goto bad_res;
1735 	}
1736 
1737 	changed = 0;
1738 
1739 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
1740 		retry_short = nla_get_u8(
1741 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
1742 		if (retry_short == 0) {
1743 			result = -EINVAL;
1744 			goto bad_res;
1745 		}
1746 		changed |= WIPHY_PARAM_RETRY_SHORT;
1747 	}
1748 
1749 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
1750 		retry_long = nla_get_u8(
1751 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
1752 		if (retry_long == 0) {
1753 			result = -EINVAL;
1754 			goto bad_res;
1755 		}
1756 		changed |= WIPHY_PARAM_RETRY_LONG;
1757 	}
1758 
1759 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
1760 		frag_threshold = nla_get_u32(
1761 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
1762 		if (frag_threshold < 256) {
1763 			result = -EINVAL;
1764 			goto bad_res;
1765 		}
1766 		if (frag_threshold != (u32) -1) {
1767 			/*
1768 			 * Fragments (apart from the last one) are required to
1769 			 * have even length. Make the fragmentation code
1770 			 * simpler by stripping LSB should someone try to use
1771 			 * odd threshold value.
1772 			 */
1773 			frag_threshold &= ~0x1;
1774 		}
1775 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1776 	}
1777 
1778 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1779 		rts_threshold = nla_get_u32(
1780 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1781 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
1782 	}
1783 
1784 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1785 		coverage_class = nla_get_u8(
1786 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1787 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
1788 	}
1789 
1790 	if (changed) {
1791 		u8 old_retry_short, old_retry_long;
1792 		u32 old_frag_threshold, old_rts_threshold;
1793 		u8 old_coverage_class;
1794 
1795 		if (!rdev->ops->set_wiphy_params) {
1796 			result = -EOPNOTSUPP;
1797 			goto bad_res;
1798 		}
1799 
1800 		old_retry_short = rdev->wiphy.retry_short;
1801 		old_retry_long = rdev->wiphy.retry_long;
1802 		old_frag_threshold = rdev->wiphy.frag_threshold;
1803 		old_rts_threshold = rdev->wiphy.rts_threshold;
1804 		old_coverage_class = rdev->wiphy.coverage_class;
1805 
1806 		if (changed & WIPHY_PARAM_RETRY_SHORT)
1807 			rdev->wiphy.retry_short = retry_short;
1808 		if (changed & WIPHY_PARAM_RETRY_LONG)
1809 			rdev->wiphy.retry_long = retry_long;
1810 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1811 			rdev->wiphy.frag_threshold = frag_threshold;
1812 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1813 			rdev->wiphy.rts_threshold = rts_threshold;
1814 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1815 			rdev->wiphy.coverage_class = coverage_class;
1816 
1817 		result = rdev_set_wiphy_params(rdev, changed);
1818 		if (result) {
1819 			rdev->wiphy.retry_short = old_retry_short;
1820 			rdev->wiphy.retry_long = old_retry_long;
1821 			rdev->wiphy.frag_threshold = old_frag_threshold;
1822 			rdev->wiphy.rts_threshold = old_rts_threshold;
1823 			rdev->wiphy.coverage_class = old_coverage_class;
1824 		}
1825 	}
1826 
1827  bad_res:
1828 	mutex_unlock(&rdev->mtx);
1829 	if (netdev)
1830 		dev_put(netdev);
1831 	return result;
1832 }
1833 
1834 static inline u64 wdev_id(struct wireless_dev *wdev)
1835 {
1836 	return (u64)wdev->identifier |
1837 	       ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32);
1838 }
1839 
1840 static int nl80211_send_chandef(struct sk_buff *msg,
1841 				 struct cfg80211_chan_def *chandef)
1842 {
1843 	WARN_ON(!cfg80211_chandef_valid(chandef));
1844 
1845 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
1846 			chandef->chan->center_freq))
1847 		return -ENOBUFS;
1848 	switch (chandef->width) {
1849 	case NL80211_CHAN_WIDTH_20_NOHT:
1850 	case NL80211_CHAN_WIDTH_20:
1851 	case NL80211_CHAN_WIDTH_40:
1852 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
1853 				cfg80211_get_chandef_type(chandef)))
1854 			return -ENOBUFS;
1855 		break;
1856 	default:
1857 		break;
1858 	}
1859 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
1860 		return -ENOBUFS;
1861 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
1862 		return -ENOBUFS;
1863 	if (chandef->center_freq2 &&
1864 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
1865 		return -ENOBUFS;
1866 	return 0;
1867 }
1868 
1869 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
1870 			      struct cfg80211_registered_device *rdev,
1871 			      struct wireless_dev *wdev)
1872 {
1873 	struct net_device *dev = wdev->netdev;
1874 	void *hdr;
1875 
1876 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1877 	if (!hdr)
1878 		return -1;
1879 
1880 	if (dev &&
1881 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
1882 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
1883 		goto nla_put_failure;
1884 
1885 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1886 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
1887 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
1888 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
1889 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1890 			rdev->devlist_generation ^
1891 			(cfg80211_rdev_list_generation << 2)))
1892 		goto nla_put_failure;
1893 
1894 	if (rdev->ops->get_channel) {
1895 		int ret;
1896 		struct cfg80211_chan_def chandef;
1897 
1898 		ret = rdev_get_channel(rdev, wdev, &chandef);
1899 		if (ret == 0) {
1900 			if (nl80211_send_chandef(msg, &chandef))
1901 				goto nla_put_failure;
1902 		}
1903 	}
1904 
1905 	if (wdev->ssid_len) {
1906 		if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
1907 			goto nla_put_failure;
1908 	}
1909 
1910 	return genlmsg_end(msg, hdr);
1911 
1912  nla_put_failure:
1913 	genlmsg_cancel(msg, hdr);
1914 	return -EMSGSIZE;
1915 }
1916 
1917 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1918 {
1919 	int wp_idx = 0;
1920 	int if_idx = 0;
1921 	int wp_start = cb->args[0];
1922 	int if_start = cb->args[1];
1923 	struct cfg80211_registered_device *rdev;
1924 	struct wireless_dev *wdev;
1925 
1926 	mutex_lock(&cfg80211_mutex);
1927 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1928 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1929 			continue;
1930 		if (wp_idx < wp_start) {
1931 			wp_idx++;
1932 			continue;
1933 		}
1934 		if_idx = 0;
1935 
1936 		mutex_lock(&rdev->devlist_mtx);
1937 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
1938 			if (if_idx < if_start) {
1939 				if_idx++;
1940 				continue;
1941 			}
1942 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
1943 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
1944 					       rdev, wdev) < 0) {
1945 				mutex_unlock(&rdev->devlist_mtx);
1946 				goto out;
1947 			}
1948 			if_idx++;
1949 		}
1950 		mutex_unlock(&rdev->devlist_mtx);
1951 
1952 		wp_idx++;
1953 	}
1954  out:
1955 	mutex_unlock(&cfg80211_mutex);
1956 
1957 	cb->args[0] = wp_idx;
1958 	cb->args[1] = if_idx;
1959 
1960 	return skb->len;
1961 }
1962 
1963 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1964 {
1965 	struct sk_buff *msg;
1966 	struct cfg80211_registered_device *dev = info->user_ptr[0];
1967 	struct wireless_dev *wdev = info->user_ptr[1];
1968 
1969 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1970 	if (!msg)
1971 		return -ENOMEM;
1972 
1973 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
1974 			       dev, wdev) < 0) {
1975 		nlmsg_free(msg);
1976 		return -ENOBUFS;
1977 	}
1978 
1979 	return genlmsg_reply(msg, info);
1980 }
1981 
1982 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1983 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1984 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1985 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1986 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1987 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1988 };
1989 
1990 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1991 {
1992 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1993 	int flag;
1994 
1995 	*mntrflags = 0;
1996 
1997 	if (!nla)
1998 		return -EINVAL;
1999 
2000 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2001 			     nla, mntr_flags_policy))
2002 		return -EINVAL;
2003 
2004 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2005 		if (flags[flag])
2006 			*mntrflags |= (1<<flag);
2007 
2008 	return 0;
2009 }
2010 
2011 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2012 			       struct net_device *netdev, u8 use_4addr,
2013 			       enum nl80211_iftype iftype)
2014 {
2015 	if (!use_4addr) {
2016 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2017 			return -EBUSY;
2018 		return 0;
2019 	}
2020 
2021 	switch (iftype) {
2022 	case NL80211_IFTYPE_AP_VLAN:
2023 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2024 			return 0;
2025 		break;
2026 	case NL80211_IFTYPE_STATION:
2027 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2028 			return 0;
2029 		break;
2030 	default:
2031 		break;
2032 	}
2033 
2034 	return -EOPNOTSUPP;
2035 }
2036 
2037 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2038 {
2039 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2040 	struct vif_params params;
2041 	int err;
2042 	enum nl80211_iftype otype, ntype;
2043 	struct net_device *dev = info->user_ptr[1];
2044 	u32 _flags, *flags = NULL;
2045 	bool change = false;
2046 
2047 	memset(&params, 0, sizeof(params));
2048 
2049 	otype = ntype = dev->ieee80211_ptr->iftype;
2050 
2051 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2052 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2053 		if (otype != ntype)
2054 			change = true;
2055 		if (ntype > NL80211_IFTYPE_MAX)
2056 			return -EINVAL;
2057 	}
2058 
2059 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
2060 		struct wireless_dev *wdev = dev->ieee80211_ptr;
2061 
2062 		if (ntype != NL80211_IFTYPE_MESH_POINT)
2063 			return -EINVAL;
2064 		if (netif_running(dev))
2065 			return -EBUSY;
2066 
2067 		wdev_lock(wdev);
2068 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2069 			     IEEE80211_MAX_MESH_ID_LEN);
2070 		wdev->mesh_id_up_len =
2071 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2072 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2073 		       wdev->mesh_id_up_len);
2074 		wdev_unlock(wdev);
2075 	}
2076 
2077 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2078 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2079 		change = true;
2080 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2081 		if (err)
2082 			return err;
2083 	} else {
2084 		params.use_4addr = -1;
2085 	}
2086 
2087 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2088 		if (ntype != NL80211_IFTYPE_MONITOR)
2089 			return -EINVAL;
2090 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2091 					  &_flags);
2092 		if (err)
2093 			return err;
2094 
2095 		flags = &_flags;
2096 		change = true;
2097 	}
2098 
2099 	if (change)
2100 		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2101 	else
2102 		err = 0;
2103 
2104 	if (!err && params.use_4addr != -1)
2105 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
2106 
2107 	return err;
2108 }
2109 
2110 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2111 {
2112 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2113 	struct vif_params params;
2114 	struct wireless_dev *wdev;
2115 	struct sk_buff *msg;
2116 	int err;
2117 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2118 	u32 flags;
2119 
2120 	memset(&params, 0, sizeof(params));
2121 
2122 	if (!info->attrs[NL80211_ATTR_IFNAME])
2123 		return -EINVAL;
2124 
2125 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2126 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2127 		if (type > NL80211_IFTYPE_MAX)
2128 			return -EINVAL;
2129 	}
2130 
2131 	if (!rdev->ops->add_virtual_intf ||
2132 	    !(rdev->wiphy.interface_modes & (1 << type)))
2133 		return -EOPNOTSUPP;
2134 
2135 	if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) {
2136 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2137 			   ETH_ALEN);
2138 		if (!is_valid_ether_addr(params.macaddr))
2139 			return -EADDRNOTAVAIL;
2140 	}
2141 
2142 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2143 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2144 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2145 		if (err)
2146 			return err;
2147 	}
2148 
2149 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2150 	if (!msg)
2151 		return -ENOMEM;
2152 
2153 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2154 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2155 				  &flags);
2156 	wdev = rdev_add_virtual_intf(rdev,
2157 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2158 				type, err ? NULL : &flags, &params);
2159 	if (IS_ERR(wdev)) {
2160 		nlmsg_free(msg);
2161 		return PTR_ERR(wdev);
2162 	}
2163 
2164 	switch (type) {
2165 	case NL80211_IFTYPE_MESH_POINT:
2166 		if (!info->attrs[NL80211_ATTR_MESH_ID])
2167 			break;
2168 		wdev_lock(wdev);
2169 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2170 			     IEEE80211_MAX_MESH_ID_LEN);
2171 		wdev->mesh_id_up_len =
2172 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2173 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2174 		       wdev->mesh_id_up_len);
2175 		wdev_unlock(wdev);
2176 		break;
2177 	case NL80211_IFTYPE_P2P_DEVICE:
2178 		/*
2179 		 * P2P Device doesn't have a netdev, so doesn't go
2180 		 * through the netdev notifier and must be added here
2181 		 */
2182 		mutex_init(&wdev->mtx);
2183 		INIT_LIST_HEAD(&wdev->event_list);
2184 		spin_lock_init(&wdev->event_lock);
2185 		INIT_LIST_HEAD(&wdev->mgmt_registrations);
2186 		spin_lock_init(&wdev->mgmt_registrations_lock);
2187 
2188 		mutex_lock(&rdev->devlist_mtx);
2189 		wdev->identifier = ++rdev->wdev_id;
2190 		list_add_rcu(&wdev->list, &rdev->wdev_list);
2191 		rdev->devlist_generation++;
2192 		mutex_unlock(&rdev->devlist_mtx);
2193 		break;
2194 	default:
2195 		break;
2196 	}
2197 
2198 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2199 			       rdev, wdev) < 0) {
2200 		nlmsg_free(msg);
2201 		return -ENOBUFS;
2202 	}
2203 
2204 	return genlmsg_reply(msg, info);
2205 }
2206 
2207 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2208 {
2209 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2210 	struct wireless_dev *wdev = info->user_ptr[1];
2211 
2212 	if (!rdev->ops->del_virtual_intf)
2213 		return -EOPNOTSUPP;
2214 
2215 	/*
2216 	 * If we remove a wireless device without a netdev then clear
2217 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
2218 	 * to check if it needs to do dev_put(). Otherwise it crashes
2219 	 * since the wdev has been freed, unlike with a netdev where
2220 	 * we need the dev_put() for the netdev to really be freed.
2221 	 */
2222 	if (!wdev->netdev)
2223 		info->user_ptr[1] = NULL;
2224 
2225 	return rdev_del_virtual_intf(rdev, wdev);
2226 }
2227 
2228 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2229 {
2230 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2231 	struct net_device *dev = info->user_ptr[1];
2232 	u16 noack_map;
2233 
2234 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2235 		return -EINVAL;
2236 
2237 	if (!rdev->ops->set_noack_map)
2238 		return -EOPNOTSUPP;
2239 
2240 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2241 
2242 	return rdev_set_noack_map(rdev, dev, noack_map);
2243 }
2244 
2245 struct get_key_cookie {
2246 	struct sk_buff *msg;
2247 	int error;
2248 	int idx;
2249 };
2250 
2251 static void get_key_callback(void *c, struct key_params *params)
2252 {
2253 	struct nlattr *key;
2254 	struct get_key_cookie *cookie = c;
2255 
2256 	if ((params->key &&
2257 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2258 		     params->key_len, params->key)) ||
2259 	    (params->seq &&
2260 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2261 		     params->seq_len, params->seq)) ||
2262 	    (params->cipher &&
2263 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2264 			 params->cipher)))
2265 		goto nla_put_failure;
2266 
2267 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2268 	if (!key)
2269 		goto nla_put_failure;
2270 
2271 	if ((params->key &&
2272 	     nla_put(cookie->msg, NL80211_KEY_DATA,
2273 		     params->key_len, params->key)) ||
2274 	    (params->seq &&
2275 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
2276 		     params->seq_len, params->seq)) ||
2277 	    (params->cipher &&
2278 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2279 			 params->cipher)))
2280 		goto nla_put_failure;
2281 
2282 	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2283 		goto nla_put_failure;
2284 
2285 	nla_nest_end(cookie->msg, key);
2286 
2287 	return;
2288  nla_put_failure:
2289 	cookie->error = 1;
2290 }
2291 
2292 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2293 {
2294 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2295 	int err;
2296 	struct net_device *dev = info->user_ptr[1];
2297 	u8 key_idx = 0;
2298 	const u8 *mac_addr = NULL;
2299 	bool pairwise;
2300 	struct get_key_cookie cookie = {
2301 		.error = 0,
2302 	};
2303 	void *hdr;
2304 	struct sk_buff *msg;
2305 
2306 	if (info->attrs[NL80211_ATTR_KEY_IDX])
2307 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2308 
2309 	if (key_idx > 5)
2310 		return -EINVAL;
2311 
2312 	if (info->attrs[NL80211_ATTR_MAC])
2313 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2314 
2315 	pairwise = !!mac_addr;
2316 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2317 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2318 		if (kt >= NUM_NL80211_KEYTYPES)
2319 			return -EINVAL;
2320 		if (kt != NL80211_KEYTYPE_GROUP &&
2321 		    kt != NL80211_KEYTYPE_PAIRWISE)
2322 			return -EINVAL;
2323 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2324 	}
2325 
2326 	if (!rdev->ops->get_key)
2327 		return -EOPNOTSUPP;
2328 
2329 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2330 	if (!msg)
2331 		return -ENOMEM;
2332 
2333 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2334 			     NL80211_CMD_NEW_KEY);
2335 	if (IS_ERR(hdr))
2336 		return PTR_ERR(hdr);
2337 
2338 	cookie.msg = msg;
2339 	cookie.idx = key_idx;
2340 
2341 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2342 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2343 		goto nla_put_failure;
2344 	if (mac_addr &&
2345 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2346 		goto nla_put_failure;
2347 
2348 	if (pairwise && mac_addr &&
2349 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2350 		return -ENOENT;
2351 
2352 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2353 			   get_key_callback);
2354 
2355 	if (err)
2356 		goto free_msg;
2357 
2358 	if (cookie.error)
2359 		goto nla_put_failure;
2360 
2361 	genlmsg_end(msg, hdr);
2362 	return genlmsg_reply(msg, info);
2363 
2364  nla_put_failure:
2365 	err = -ENOBUFS;
2366  free_msg:
2367 	nlmsg_free(msg);
2368 	return err;
2369 }
2370 
2371 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2372 {
2373 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2374 	struct key_parse key;
2375 	int err;
2376 	struct net_device *dev = info->user_ptr[1];
2377 
2378 	err = nl80211_parse_key(info, &key);
2379 	if (err)
2380 		return err;
2381 
2382 	if (key.idx < 0)
2383 		return -EINVAL;
2384 
2385 	/* only support setting default key */
2386 	if (!key.def && !key.defmgmt)
2387 		return -EINVAL;
2388 
2389 	wdev_lock(dev->ieee80211_ptr);
2390 
2391 	if (key.def) {
2392 		if (!rdev->ops->set_default_key) {
2393 			err = -EOPNOTSUPP;
2394 			goto out;
2395 		}
2396 
2397 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2398 		if (err)
2399 			goto out;
2400 
2401 		err = rdev_set_default_key(rdev, dev, key.idx,
2402 						 key.def_uni, key.def_multi);
2403 
2404 		if (err)
2405 			goto out;
2406 
2407 #ifdef CONFIG_CFG80211_WEXT
2408 		dev->ieee80211_ptr->wext.default_key = key.idx;
2409 #endif
2410 	} else {
2411 		if (key.def_uni || !key.def_multi) {
2412 			err = -EINVAL;
2413 			goto out;
2414 		}
2415 
2416 		if (!rdev->ops->set_default_mgmt_key) {
2417 			err = -EOPNOTSUPP;
2418 			goto out;
2419 		}
2420 
2421 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2422 		if (err)
2423 			goto out;
2424 
2425 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2426 		if (err)
2427 			goto out;
2428 
2429 #ifdef CONFIG_CFG80211_WEXT
2430 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2431 #endif
2432 	}
2433 
2434  out:
2435 	wdev_unlock(dev->ieee80211_ptr);
2436 
2437 	return err;
2438 }
2439 
2440 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2441 {
2442 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2443 	int err;
2444 	struct net_device *dev = info->user_ptr[1];
2445 	struct key_parse key;
2446 	const u8 *mac_addr = NULL;
2447 
2448 	err = nl80211_parse_key(info, &key);
2449 	if (err)
2450 		return err;
2451 
2452 	if (!key.p.key)
2453 		return -EINVAL;
2454 
2455 	if (info->attrs[NL80211_ATTR_MAC])
2456 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2457 
2458 	if (key.type == -1) {
2459 		if (mac_addr)
2460 			key.type = NL80211_KEYTYPE_PAIRWISE;
2461 		else
2462 			key.type = NL80211_KEYTYPE_GROUP;
2463 	}
2464 
2465 	/* for now */
2466 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2467 	    key.type != NL80211_KEYTYPE_GROUP)
2468 		return -EINVAL;
2469 
2470 	if (!rdev->ops->add_key)
2471 		return -EOPNOTSUPP;
2472 
2473 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2474 					   key.type == NL80211_KEYTYPE_PAIRWISE,
2475 					   mac_addr))
2476 		return -EINVAL;
2477 
2478 	wdev_lock(dev->ieee80211_ptr);
2479 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2480 	if (!err)
2481 		err = rdev_add_key(rdev, dev, key.idx,
2482 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2483 				    mac_addr, &key.p);
2484 	wdev_unlock(dev->ieee80211_ptr);
2485 
2486 	return err;
2487 }
2488 
2489 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2490 {
2491 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2492 	int err;
2493 	struct net_device *dev = info->user_ptr[1];
2494 	u8 *mac_addr = NULL;
2495 	struct key_parse key;
2496 
2497 	err = nl80211_parse_key(info, &key);
2498 	if (err)
2499 		return err;
2500 
2501 	if (info->attrs[NL80211_ATTR_MAC])
2502 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2503 
2504 	if (key.type == -1) {
2505 		if (mac_addr)
2506 			key.type = NL80211_KEYTYPE_PAIRWISE;
2507 		else
2508 			key.type = NL80211_KEYTYPE_GROUP;
2509 	}
2510 
2511 	/* for now */
2512 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2513 	    key.type != NL80211_KEYTYPE_GROUP)
2514 		return -EINVAL;
2515 
2516 	if (!rdev->ops->del_key)
2517 		return -EOPNOTSUPP;
2518 
2519 	wdev_lock(dev->ieee80211_ptr);
2520 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2521 
2522 	if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2523 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2524 		err = -ENOENT;
2525 
2526 	if (!err)
2527 		err = rdev_del_key(rdev, dev, key.idx,
2528 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2529 				   mac_addr);
2530 
2531 #ifdef CONFIG_CFG80211_WEXT
2532 	if (!err) {
2533 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
2534 			dev->ieee80211_ptr->wext.default_key = -1;
2535 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2536 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2537 	}
2538 #endif
2539 	wdev_unlock(dev->ieee80211_ptr);
2540 
2541 	return err;
2542 }
2543 
2544 /* This function returns an error or the number of nested attributes */
2545 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
2546 {
2547 	struct nlattr *attr;
2548 	int n_entries = 0, tmp;
2549 
2550 	nla_for_each_nested(attr, nl_attr, tmp) {
2551 		if (nla_len(attr) != ETH_ALEN)
2552 			return -EINVAL;
2553 
2554 		n_entries++;
2555 	}
2556 
2557 	return n_entries;
2558 }
2559 
2560 /*
2561  * This function parses ACL information and allocates memory for ACL data.
2562  * On successful return, the calling function is responsible to free the
2563  * ACL buffer returned by this function.
2564  */
2565 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
2566 						struct genl_info *info)
2567 {
2568 	enum nl80211_acl_policy acl_policy;
2569 	struct nlattr *attr;
2570 	struct cfg80211_acl_data *acl;
2571 	int i = 0, n_entries, tmp;
2572 
2573 	if (!wiphy->max_acl_mac_addrs)
2574 		return ERR_PTR(-EOPNOTSUPP);
2575 
2576 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
2577 		return ERR_PTR(-EINVAL);
2578 
2579 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
2580 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
2581 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
2582 		return ERR_PTR(-EINVAL);
2583 
2584 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
2585 		return ERR_PTR(-EINVAL);
2586 
2587 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
2588 	if (n_entries < 0)
2589 		return ERR_PTR(n_entries);
2590 
2591 	if (n_entries > wiphy->max_acl_mac_addrs)
2592 		return ERR_PTR(-ENOTSUPP);
2593 
2594 	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
2595 		      GFP_KERNEL);
2596 	if (!acl)
2597 		return ERR_PTR(-ENOMEM);
2598 
2599 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
2600 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
2601 		i++;
2602 	}
2603 
2604 	acl->n_acl_entries = n_entries;
2605 	acl->acl_policy = acl_policy;
2606 
2607 	return acl;
2608 }
2609 
2610 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
2611 {
2612 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2613 	struct net_device *dev = info->user_ptr[1];
2614 	struct cfg80211_acl_data *acl;
2615 	int err;
2616 
2617 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2618 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2619 		return -EOPNOTSUPP;
2620 
2621 	if (!dev->ieee80211_ptr->beacon_interval)
2622 		return -EINVAL;
2623 
2624 	acl = parse_acl_data(&rdev->wiphy, info);
2625 	if (IS_ERR(acl))
2626 		return PTR_ERR(acl);
2627 
2628 	err = rdev_set_mac_acl(rdev, dev, acl);
2629 
2630 	kfree(acl);
2631 
2632 	return err;
2633 }
2634 
2635 static int nl80211_parse_beacon(struct genl_info *info,
2636 				struct cfg80211_beacon_data *bcn)
2637 {
2638 	bool haveinfo = false;
2639 
2640 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) ||
2641 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) ||
2642 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
2643 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]))
2644 		return -EINVAL;
2645 
2646 	memset(bcn, 0, sizeof(*bcn));
2647 
2648 	if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
2649 		bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2650 		bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2651 		if (!bcn->head_len)
2652 			return -EINVAL;
2653 		haveinfo = true;
2654 	}
2655 
2656 	if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
2657 		bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2658 		bcn->tail_len =
2659 		    nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2660 		haveinfo = true;
2661 	}
2662 
2663 	if (!haveinfo)
2664 		return -EINVAL;
2665 
2666 	if (info->attrs[NL80211_ATTR_IE]) {
2667 		bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]);
2668 		bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2669 	}
2670 
2671 	if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) {
2672 		bcn->proberesp_ies =
2673 			nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2674 		bcn->proberesp_ies_len =
2675 			nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2676 	}
2677 
2678 	if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
2679 		bcn->assocresp_ies =
2680 			nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2681 		bcn->assocresp_ies_len =
2682 			nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2683 	}
2684 
2685 	if (info->attrs[NL80211_ATTR_PROBE_RESP]) {
2686 		bcn->probe_resp =
2687 			nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]);
2688 		bcn->probe_resp_len =
2689 			nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]);
2690 	}
2691 
2692 	return 0;
2693 }
2694 
2695 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
2696 				   struct cfg80211_ap_settings *params)
2697 {
2698 	struct wireless_dev *wdev;
2699 	bool ret = false;
2700 
2701 	mutex_lock(&rdev->devlist_mtx);
2702 
2703 	list_for_each_entry(wdev, &rdev->wdev_list, list) {
2704 		if (wdev->iftype != NL80211_IFTYPE_AP &&
2705 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
2706 			continue;
2707 
2708 		if (!wdev->preset_chandef.chan)
2709 			continue;
2710 
2711 		params->chandef = wdev->preset_chandef;
2712 		ret = true;
2713 		break;
2714 	}
2715 
2716 	mutex_unlock(&rdev->devlist_mtx);
2717 
2718 	return ret;
2719 }
2720 
2721 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
2722 				    enum nl80211_auth_type auth_type,
2723 				    enum nl80211_commands cmd)
2724 {
2725 	if (auth_type > NL80211_AUTHTYPE_MAX)
2726 		return false;
2727 
2728 	switch (cmd) {
2729 	case NL80211_CMD_AUTHENTICATE:
2730 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
2731 		    auth_type == NL80211_AUTHTYPE_SAE)
2732 			return false;
2733 		return true;
2734 	case NL80211_CMD_CONNECT:
2735 	case NL80211_CMD_START_AP:
2736 		/* SAE not supported yet */
2737 		if (auth_type == NL80211_AUTHTYPE_SAE)
2738 			return false;
2739 		return true;
2740 	default:
2741 		return false;
2742 	}
2743 }
2744 
2745 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
2746 {
2747 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2748 	struct net_device *dev = info->user_ptr[1];
2749 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2750 	struct cfg80211_ap_settings params;
2751 	int err;
2752 	u8 radar_detect_width = 0;
2753 
2754 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2755 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2756 		return -EOPNOTSUPP;
2757 
2758 	if (!rdev->ops->start_ap)
2759 		return -EOPNOTSUPP;
2760 
2761 	if (wdev->beacon_interval)
2762 		return -EALREADY;
2763 
2764 	memset(&params, 0, sizeof(params));
2765 
2766 	/* these are required for START_AP */
2767 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
2768 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
2769 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
2770 		return -EINVAL;
2771 
2772 	err = nl80211_parse_beacon(info, &params.beacon);
2773 	if (err)
2774 		return err;
2775 
2776 	params.beacon_interval =
2777 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
2778 	params.dtim_period =
2779 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
2780 
2781 	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
2782 	if (err)
2783 		return err;
2784 
2785 	/*
2786 	 * In theory, some of these attributes should be required here
2787 	 * but since they were not used when the command was originally
2788 	 * added, keep them optional for old user space programs to let
2789 	 * them continue to work with drivers that do not need the
2790 	 * additional information -- drivers must check!
2791 	 */
2792 	if (info->attrs[NL80211_ATTR_SSID]) {
2793 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
2794 		params.ssid_len =
2795 			nla_len(info->attrs[NL80211_ATTR_SSID]);
2796 		if (params.ssid_len == 0 ||
2797 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
2798 			return -EINVAL;
2799 	}
2800 
2801 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
2802 		params.hidden_ssid = nla_get_u32(
2803 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
2804 		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
2805 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
2806 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
2807 			return -EINVAL;
2808 	}
2809 
2810 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
2811 
2812 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
2813 		params.auth_type = nla_get_u32(
2814 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
2815 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
2816 					     NL80211_CMD_START_AP))
2817 			return -EINVAL;
2818 	} else
2819 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
2820 
2821 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
2822 				      NL80211_MAX_NR_CIPHER_SUITES);
2823 	if (err)
2824 		return err;
2825 
2826 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
2827 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
2828 			return -EOPNOTSUPP;
2829 		params.inactivity_timeout = nla_get_u16(
2830 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
2831 	}
2832 
2833 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
2834 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2835 			return -EINVAL;
2836 		params.p2p_ctwindow =
2837 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
2838 		if (params.p2p_ctwindow > 127)
2839 			return -EINVAL;
2840 		if (params.p2p_ctwindow != 0 &&
2841 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
2842 			return -EINVAL;
2843 	}
2844 
2845 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
2846 		u8 tmp;
2847 
2848 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2849 			return -EINVAL;
2850 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
2851 		if (tmp > 1)
2852 			return -EINVAL;
2853 		params.p2p_opp_ps = tmp;
2854 		if (params.p2p_opp_ps != 0 &&
2855 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
2856 			return -EINVAL;
2857 	}
2858 
2859 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2860 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
2861 		if (err)
2862 			return err;
2863 	} else if (wdev->preset_chandef.chan) {
2864 		params.chandef = wdev->preset_chandef;
2865 	} else if (!nl80211_get_ap_channel(rdev, &params))
2866 		return -EINVAL;
2867 
2868 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef))
2869 		return -EINVAL;
2870 
2871 	err = cfg80211_chandef_dfs_required(wdev->wiphy, &params.chandef);
2872 	if (err < 0)
2873 		return err;
2874 	if (err) {
2875 		radar_detect_width = BIT(params.chandef.width);
2876 		params.radar_required = true;
2877 	}
2878 
2879 	mutex_lock(&rdev->devlist_mtx);
2880 	err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
2881 					   params.chandef.chan,
2882 					   CHAN_MODE_SHARED,
2883 					   radar_detect_width);
2884 	mutex_unlock(&rdev->devlist_mtx);
2885 
2886 	if (err)
2887 		return err;
2888 
2889 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
2890 		params.acl = parse_acl_data(&rdev->wiphy, info);
2891 		if (IS_ERR(params.acl))
2892 			return PTR_ERR(params.acl);
2893 	}
2894 
2895 	err = rdev_start_ap(rdev, dev, &params);
2896 	if (!err) {
2897 		wdev->preset_chandef = params.chandef;
2898 		wdev->beacon_interval = params.beacon_interval;
2899 		wdev->channel = params.chandef.chan;
2900 		wdev->ssid_len = params.ssid_len;
2901 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
2902 	}
2903 
2904 	kfree(params.acl);
2905 
2906 	return err;
2907 }
2908 
2909 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
2910 {
2911 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2912 	struct net_device *dev = info->user_ptr[1];
2913 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2914 	struct cfg80211_beacon_data params;
2915 	int err;
2916 
2917 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2918 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2919 		return -EOPNOTSUPP;
2920 
2921 	if (!rdev->ops->change_beacon)
2922 		return -EOPNOTSUPP;
2923 
2924 	if (!wdev->beacon_interval)
2925 		return -EINVAL;
2926 
2927 	err = nl80211_parse_beacon(info, &params);
2928 	if (err)
2929 		return err;
2930 
2931 	return rdev_change_beacon(rdev, dev, &params);
2932 }
2933 
2934 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
2935 {
2936 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2937 	struct net_device *dev = info->user_ptr[1];
2938 
2939 	return cfg80211_stop_ap(rdev, dev);
2940 }
2941 
2942 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
2943 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
2944 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
2945 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
2946 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
2947 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
2948 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
2949 };
2950 
2951 static int parse_station_flags(struct genl_info *info,
2952 			       enum nl80211_iftype iftype,
2953 			       struct station_parameters *params)
2954 {
2955 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
2956 	struct nlattr *nla;
2957 	int flag;
2958 
2959 	/*
2960 	 * Try parsing the new attribute first so userspace
2961 	 * can specify both for older kernels.
2962 	 */
2963 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
2964 	if (nla) {
2965 		struct nl80211_sta_flag_update *sta_flags;
2966 
2967 		sta_flags = nla_data(nla);
2968 		params->sta_flags_mask = sta_flags->mask;
2969 		params->sta_flags_set = sta_flags->set;
2970 		if ((params->sta_flags_mask |
2971 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
2972 			return -EINVAL;
2973 		return 0;
2974 	}
2975 
2976 	/* if present, parse the old attribute */
2977 
2978 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
2979 	if (!nla)
2980 		return 0;
2981 
2982 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
2983 			     nla, sta_flags_policy))
2984 		return -EINVAL;
2985 
2986 	/*
2987 	 * Only allow certain flags for interface types so that
2988 	 * other attributes are silently ignored. Remember that
2989 	 * this is backward compatibility code with old userspace
2990 	 * and shouldn't be hit in other cases anyway.
2991 	 */
2992 	switch (iftype) {
2993 	case NL80211_IFTYPE_AP:
2994 	case NL80211_IFTYPE_AP_VLAN:
2995 	case NL80211_IFTYPE_P2P_GO:
2996 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2997 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2998 					 BIT(NL80211_STA_FLAG_WME) |
2999 					 BIT(NL80211_STA_FLAG_MFP);
3000 		break;
3001 	case NL80211_IFTYPE_P2P_CLIENT:
3002 	case NL80211_IFTYPE_STATION:
3003 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3004 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
3005 		break;
3006 	case NL80211_IFTYPE_MESH_POINT:
3007 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3008 					 BIT(NL80211_STA_FLAG_MFP) |
3009 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
3010 	default:
3011 		return -EINVAL;
3012 	}
3013 
3014 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3015 		if (flags[flag]) {
3016 			params->sta_flags_set |= (1<<flag);
3017 
3018 			/* no longer support new API additions in old API */
3019 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3020 				return -EINVAL;
3021 		}
3022 	}
3023 
3024 	return 0;
3025 }
3026 
3027 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3028 				 int attr)
3029 {
3030 	struct nlattr *rate;
3031 	u32 bitrate;
3032 	u16 bitrate_compat;
3033 
3034 	rate = nla_nest_start(msg, attr);
3035 	if (!rate)
3036 		return false;
3037 
3038 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3039 	bitrate = cfg80211_calculate_bitrate(info);
3040 	/* report 16-bit bitrate only if we can */
3041 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3042 	if (bitrate > 0 &&
3043 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3044 		return false;
3045 	if (bitrate_compat > 0 &&
3046 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3047 		return false;
3048 
3049 	if (info->flags & RATE_INFO_FLAGS_MCS) {
3050 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3051 			return false;
3052 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3053 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3054 			return false;
3055 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3056 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3057 			return false;
3058 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3059 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3060 			return false;
3061 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3062 			return false;
3063 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3064 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3065 			return false;
3066 		if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH &&
3067 		    nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH))
3068 			return false;
3069 		if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH &&
3070 		    nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH))
3071 			return false;
3072 		if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH &&
3073 		    nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH))
3074 			return false;
3075 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3076 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3077 			return false;
3078 	}
3079 
3080 	nla_nest_end(msg, rate);
3081 	return true;
3082 }
3083 
3084 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
3085 				int flags,
3086 				struct cfg80211_registered_device *rdev,
3087 				struct net_device *dev,
3088 				const u8 *mac_addr, struct station_info *sinfo)
3089 {
3090 	void *hdr;
3091 	struct nlattr *sinfoattr, *bss_param;
3092 
3093 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3094 	if (!hdr)
3095 		return -1;
3096 
3097 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3098 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3099 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3100 		goto nla_put_failure;
3101 
3102 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3103 	if (!sinfoattr)
3104 		goto nla_put_failure;
3105 	if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
3106 	    nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
3107 			sinfo->connected_time))
3108 		goto nla_put_failure;
3109 	if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
3110 	    nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
3111 			sinfo->inactive_time))
3112 		goto nla_put_failure;
3113 	if ((sinfo->filled & (STATION_INFO_RX_BYTES |
3114 			      STATION_INFO_RX_BYTES64)) &&
3115 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3116 			(u32)sinfo->rx_bytes))
3117 		goto nla_put_failure;
3118 	if ((sinfo->filled & (STATION_INFO_TX_BYTES |
3119 			      NL80211_STA_INFO_TX_BYTES64)) &&
3120 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3121 			(u32)sinfo->tx_bytes))
3122 		goto nla_put_failure;
3123 	if ((sinfo->filled & STATION_INFO_RX_BYTES64) &&
3124 	    nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64,
3125 			sinfo->rx_bytes))
3126 		goto nla_put_failure;
3127 	if ((sinfo->filled & STATION_INFO_TX_BYTES64) &&
3128 	    nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64,
3129 			sinfo->tx_bytes))
3130 		goto nla_put_failure;
3131 	if ((sinfo->filled & STATION_INFO_LLID) &&
3132 	    nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
3133 		goto nla_put_failure;
3134 	if ((sinfo->filled & STATION_INFO_PLID) &&
3135 	    nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
3136 		goto nla_put_failure;
3137 	if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
3138 	    nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
3139 		       sinfo->plink_state))
3140 		goto nla_put_failure;
3141 	switch (rdev->wiphy.signal_type) {
3142 	case CFG80211_SIGNAL_TYPE_MBM:
3143 		if ((sinfo->filled & STATION_INFO_SIGNAL) &&
3144 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
3145 			       sinfo->signal))
3146 			goto nla_put_failure;
3147 		if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
3148 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
3149 			       sinfo->signal_avg))
3150 			goto nla_put_failure;
3151 		break;
3152 	default:
3153 		break;
3154 	}
3155 	if (sinfo->filled & STATION_INFO_TX_BITRATE) {
3156 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3157 					  NL80211_STA_INFO_TX_BITRATE))
3158 			goto nla_put_failure;
3159 	}
3160 	if (sinfo->filled & STATION_INFO_RX_BITRATE) {
3161 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3162 					  NL80211_STA_INFO_RX_BITRATE))
3163 			goto nla_put_failure;
3164 	}
3165 	if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
3166 	    nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
3167 			sinfo->rx_packets))
3168 		goto nla_put_failure;
3169 	if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
3170 	    nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
3171 			sinfo->tx_packets))
3172 		goto nla_put_failure;
3173 	if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
3174 	    nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
3175 			sinfo->tx_retries))
3176 		goto nla_put_failure;
3177 	if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
3178 	    nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
3179 			sinfo->tx_failed))
3180 		goto nla_put_failure;
3181 	if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
3182 	    nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
3183 			sinfo->beacon_loss_count))
3184 		goto nla_put_failure;
3185 	if ((sinfo->filled & STATION_INFO_LOCAL_PM) &&
3186 	    nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM,
3187 			sinfo->local_pm))
3188 		goto nla_put_failure;
3189 	if ((sinfo->filled & STATION_INFO_PEER_PM) &&
3190 	    nla_put_u32(msg, NL80211_STA_INFO_PEER_PM,
3191 			sinfo->peer_pm))
3192 		goto nla_put_failure;
3193 	if ((sinfo->filled & STATION_INFO_NONPEER_PM) &&
3194 	    nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM,
3195 			sinfo->nonpeer_pm))
3196 		goto nla_put_failure;
3197 	if (sinfo->filled & STATION_INFO_BSS_PARAM) {
3198 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3199 		if (!bss_param)
3200 			goto nla_put_failure;
3201 
3202 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3203 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3204 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3205 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3206 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3207 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3208 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3209 			       sinfo->bss_param.dtim_period) ||
3210 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3211 				sinfo->bss_param.beacon_interval))
3212 			goto nla_put_failure;
3213 
3214 		nla_nest_end(msg, bss_param);
3215 	}
3216 	if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
3217 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3218 		    sizeof(struct nl80211_sta_flag_update),
3219 		    &sinfo->sta_flags))
3220 		goto nla_put_failure;
3221 	if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
3222 		nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
3223 			    sinfo->t_offset))
3224 		goto nla_put_failure;
3225 	nla_nest_end(msg, sinfoattr);
3226 
3227 	if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
3228 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3229 		    sinfo->assoc_req_ies))
3230 		goto nla_put_failure;
3231 
3232 	return genlmsg_end(msg, hdr);
3233 
3234  nla_put_failure:
3235 	genlmsg_cancel(msg, hdr);
3236 	return -EMSGSIZE;
3237 }
3238 
3239 static int nl80211_dump_station(struct sk_buff *skb,
3240 				struct netlink_callback *cb)
3241 {
3242 	struct station_info sinfo;
3243 	struct cfg80211_registered_device *dev;
3244 	struct net_device *netdev;
3245 	u8 mac_addr[ETH_ALEN];
3246 	int sta_idx = cb->args[1];
3247 	int err;
3248 
3249 	err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
3250 	if (err)
3251 		return err;
3252 
3253 	if (!dev->ops->dump_station) {
3254 		err = -EOPNOTSUPP;
3255 		goto out_err;
3256 	}
3257 
3258 	while (1) {
3259 		memset(&sinfo, 0, sizeof(sinfo));
3260 		err = rdev_dump_station(dev, netdev, sta_idx,
3261 					mac_addr, &sinfo);
3262 		if (err == -ENOENT)
3263 			break;
3264 		if (err)
3265 			goto out_err;
3266 
3267 		if (nl80211_send_station(skb,
3268 				NETLINK_CB(cb->skb).portid,
3269 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
3270 				dev, netdev, mac_addr,
3271 				&sinfo) < 0)
3272 			goto out;
3273 
3274 		sta_idx++;
3275 	}
3276 
3277 
3278  out:
3279 	cb->args[1] = sta_idx;
3280 	err = skb->len;
3281  out_err:
3282 	nl80211_finish_netdev_dump(dev);
3283 
3284 	return err;
3285 }
3286 
3287 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3288 {
3289 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3290 	struct net_device *dev = info->user_ptr[1];
3291 	struct station_info sinfo;
3292 	struct sk_buff *msg;
3293 	u8 *mac_addr = NULL;
3294 	int err;
3295 
3296 	memset(&sinfo, 0, sizeof(sinfo));
3297 
3298 	if (!info->attrs[NL80211_ATTR_MAC])
3299 		return -EINVAL;
3300 
3301 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3302 
3303 	if (!rdev->ops->get_station)
3304 		return -EOPNOTSUPP;
3305 
3306 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3307 	if (err)
3308 		return err;
3309 
3310 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3311 	if (!msg)
3312 		return -ENOMEM;
3313 
3314 	if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
3315 				 rdev, dev, mac_addr, &sinfo) < 0) {
3316 		nlmsg_free(msg);
3317 		return -ENOBUFS;
3318 	}
3319 
3320 	return genlmsg_reply(msg, info);
3321 }
3322 
3323 /*
3324  * Get vlan interface making sure it is running and on the right wiphy.
3325  */
3326 static struct net_device *get_vlan(struct genl_info *info,
3327 				   struct cfg80211_registered_device *rdev)
3328 {
3329 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
3330 	struct net_device *v;
3331 	int ret;
3332 
3333 	if (!vlanattr)
3334 		return NULL;
3335 
3336 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
3337 	if (!v)
3338 		return ERR_PTR(-ENODEV);
3339 
3340 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
3341 		ret = -EINVAL;
3342 		goto error;
3343 	}
3344 
3345 	if (!netif_running(v)) {
3346 		ret = -ENETDOWN;
3347 		goto error;
3348 	}
3349 
3350 	return v;
3351  error:
3352 	dev_put(v);
3353 	return ERR_PTR(ret);
3354 }
3355 
3356 static struct nla_policy
3357 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
3358 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
3359 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
3360 };
3361 
3362 static int nl80211_set_station_tdls(struct genl_info *info,
3363 				    struct station_parameters *params)
3364 {
3365 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3366 	struct nlattr *nla;
3367 	int err;
3368 
3369 	/* Dummy STA entry gets updated once the peer capabilities are known */
3370 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
3371 		params->ht_capa =
3372 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
3373 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
3374 		params->vht_capa =
3375 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
3376 
3377 	/* parse WME attributes if present */
3378 	if (!info->attrs[NL80211_ATTR_STA_WME])
3379 		return 0;
3380 
3381 	nla = info->attrs[NL80211_ATTR_STA_WME];
3382 	err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
3383 			       nl80211_sta_wme_policy);
3384 	if (err)
3385 		return err;
3386 
3387 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
3388 		params->uapsd_queues = nla_get_u8(
3389 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
3390 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
3391 		return -EINVAL;
3392 
3393 	if (tb[NL80211_STA_WME_MAX_SP])
3394 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
3395 
3396 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
3397 		return -EINVAL;
3398 
3399 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
3400 
3401 	return 0;
3402 }
3403 
3404 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
3405 {
3406 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3407 	int err;
3408 	struct net_device *dev = info->user_ptr[1];
3409 	struct station_parameters params;
3410 	u8 *mac_addr = NULL;
3411 
3412 	memset(&params, 0, sizeof(params));
3413 
3414 	params.listen_interval = -1;
3415 	params.plink_state = -1;
3416 
3417 	if (info->attrs[NL80211_ATTR_STA_AID])
3418 		return -EINVAL;
3419 
3420 	if (!info->attrs[NL80211_ATTR_MAC])
3421 		return -EINVAL;
3422 
3423 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3424 
3425 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
3426 		params.supported_rates =
3427 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3428 		params.supported_rates_len =
3429 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3430 	}
3431 
3432 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
3433 		params.capability =
3434 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
3435 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
3436 	}
3437 
3438 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
3439 		params.ext_capab =
3440 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
3441 		params.ext_capab_len =
3442 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
3443 	}
3444 
3445 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
3446 		return -EINVAL;
3447 
3448 	if (!rdev->ops->change_station)
3449 		return -EOPNOTSUPP;
3450 
3451 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
3452 		return -EINVAL;
3453 
3454 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
3455 		params.plink_action =
3456 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
3457 
3458 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE])
3459 		params.plink_state =
3460 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
3461 
3462 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
3463 		enum nl80211_mesh_power_mode pm = nla_get_u32(
3464 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
3465 
3466 		if (pm <= NL80211_MESH_POWER_UNKNOWN ||
3467 		    pm > NL80211_MESH_POWER_MAX)
3468 			return -EINVAL;
3469 
3470 		params.local_pm = pm;
3471 	}
3472 
3473 	switch (dev->ieee80211_ptr->iftype) {
3474 	case NL80211_IFTYPE_AP:
3475 	case NL80211_IFTYPE_AP_VLAN:
3476 	case NL80211_IFTYPE_P2P_GO:
3477 		/* disallow mesh-specific things */
3478 		if (params.plink_action)
3479 			return -EINVAL;
3480 		if (params.local_pm)
3481 			return -EINVAL;
3482 
3483 		/* TDLS can't be set, ... */
3484 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3485 			return -EINVAL;
3486 		/*
3487 		 * ... but don't bother the driver with it. This works around
3488 		 * a hostapd/wpa_supplicant issue -- it always includes the
3489 		 * TLDS_PEER flag in the mask even for AP mode.
3490 		 */
3491 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3492 
3493 		/* accept only the listed bits */
3494 		if (params.sta_flags_mask &
3495 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3496 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3497 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
3498 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3499 				  BIT(NL80211_STA_FLAG_WME) |
3500 				  BIT(NL80211_STA_FLAG_MFP)))
3501 			return -EINVAL;
3502 
3503 		/* but authenticated/associated only if driver handles it */
3504 		if (!(rdev->wiphy.features &
3505 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
3506 		    params.sta_flags_mask &
3507 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3508 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
3509 			return -EINVAL;
3510 
3511 		/* reject other things that can't change */
3512 		if (params.supported_rates)
3513 			return -EINVAL;
3514 		if (info->attrs[NL80211_ATTR_STA_CAPABILITY])
3515 			return -EINVAL;
3516 		if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY])
3517 			return -EINVAL;
3518 		if (info->attrs[NL80211_ATTR_HT_CAPABILITY] ||
3519 		    info->attrs[NL80211_ATTR_VHT_CAPABILITY])
3520 			return -EINVAL;
3521 
3522 		/* must be last in here for error handling */
3523 		params.vlan = get_vlan(info, rdev);
3524 		if (IS_ERR(params.vlan))
3525 			return PTR_ERR(params.vlan);
3526 		break;
3527 	case NL80211_IFTYPE_P2P_CLIENT:
3528 	case NL80211_IFTYPE_STATION:
3529 		/*
3530 		 * Don't allow userspace to change the TDLS_PEER flag,
3531 		 * but silently ignore attempts to change it since we
3532 		 * don't have state here to verify that it doesn't try
3533 		 * to change the flag.
3534 		 */
3535 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3536 		/* Include parameters for TDLS peer (driver will check) */
3537 		err = nl80211_set_station_tdls(info, &params);
3538 		if (err)
3539 			return err;
3540 		/* disallow things sta doesn't support */
3541 		if (params.plink_action)
3542 			return -EINVAL;
3543 		if (params.local_pm)
3544 			return -EINVAL;
3545 		/* reject any changes other than AUTHORIZED or WME (for TDLS) */
3546 		if (params.sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3547 					      BIT(NL80211_STA_FLAG_WME)))
3548 			return -EINVAL;
3549 		break;
3550 	case NL80211_IFTYPE_ADHOC:
3551 		/* disallow things sta doesn't support */
3552 		if (params.plink_action)
3553 			return -EINVAL;
3554 		if (params.local_pm)
3555 			return -EINVAL;
3556 		if (info->attrs[NL80211_ATTR_HT_CAPABILITY] ||
3557 		    info->attrs[NL80211_ATTR_VHT_CAPABILITY])
3558 			return -EINVAL;
3559 		/* reject any changes other than AUTHORIZED */
3560 		if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3561 			return -EINVAL;
3562 		break;
3563 	case NL80211_IFTYPE_MESH_POINT:
3564 		/* disallow things mesh doesn't support */
3565 		if (params.vlan)
3566 			return -EINVAL;
3567 		if (params.supported_rates)
3568 			return -EINVAL;
3569 		if (info->attrs[NL80211_ATTR_STA_CAPABILITY])
3570 			return -EINVAL;
3571 		if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY])
3572 			return -EINVAL;
3573 		if (info->attrs[NL80211_ATTR_HT_CAPABILITY] ||
3574 		    info->attrs[NL80211_ATTR_VHT_CAPABILITY])
3575 			return -EINVAL;
3576 		/*
3577 		 * No special handling for TDLS here -- the userspace
3578 		 * mesh code doesn't have this bug.
3579 		 */
3580 		if (params.sta_flags_mask &
3581 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3582 				  BIT(NL80211_STA_FLAG_MFP) |
3583 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
3584 			return -EINVAL;
3585 		break;
3586 	default:
3587 		return -EOPNOTSUPP;
3588 	}
3589 
3590 	/* be aware of params.vlan when changing code here */
3591 
3592 	err = rdev_change_station(rdev, dev, mac_addr, &params);
3593 
3594 	if (params.vlan)
3595 		dev_put(params.vlan);
3596 
3597 	return err;
3598 }
3599 
3600 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
3601 {
3602 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3603 	int err;
3604 	struct net_device *dev = info->user_ptr[1];
3605 	struct station_parameters params;
3606 	u8 *mac_addr = NULL;
3607 
3608 	memset(&params, 0, sizeof(params));
3609 
3610 	if (!info->attrs[NL80211_ATTR_MAC])
3611 		return -EINVAL;
3612 
3613 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
3614 		return -EINVAL;
3615 
3616 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
3617 		return -EINVAL;
3618 
3619 	if (!info->attrs[NL80211_ATTR_STA_AID])
3620 		return -EINVAL;
3621 
3622 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3623 	params.supported_rates =
3624 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3625 	params.supported_rates_len =
3626 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3627 	params.listen_interval =
3628 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
3629 
3630 	params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
3631 	if (!params.aid || params.aid > IEEE80211_MAX_AID)
3632 		return -EINVAL;
3633 
3634 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
3635 		params.capability =
3636 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
3637 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
3638 	}
3639 
3640 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
3641 		params.ext_capab =
3642 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
3643 		params.ext_capab_len =
3644 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
3645 	}
3646 
3647 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
3648 		params.ht_capa =
3649 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
3650 
3651 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
3652 		params.vht_capa =
3653 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
3654 
3655 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
3656 		params.plink_action =
3657 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
3658 
3659 	if (!rdev->ops->add_station)
3660 		return -EOPNOTSUPP;
3661 
3662 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
3663 		return -EINVAL;
3664 
3665 	switch (dev->ieee80211_ptr->iftype) {
3666 	case NL80211_IFTYPE_AP:
3667 	case NL80211_IFTYPE_AP_VLAN:
3668 	case NL80211_IFTYPE_P2P_GO:
3669 		/* parse WME attributes if sta is WME capable */
3670 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
3671 		    (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) &&
3672 		    info->attrs[NL80211_ATTR_STA_WME]) {
3673 			struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3674 			struct nlattr *nla;
3675 
3676 			nla = info->attrs[NL80211_ATTR_STA_WME];
3677 			err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
3678 					       nl80211_sta_wme_policy);
3679 			if (err)
3680 				return err;
3681 
3682 			if (tb[NL80211_STA_WME_UAPSD_QUEUES])
3683 				params.uapsd_queues =
3684 				     nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]);
3685 			if (params.uapsd_queues &
3686 					~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
3687 				return -EINVAL;
3688 
3689 			if (tb[NL80211_STA_WME_MAX_SP])
3690 				params.max_sp =
3691 				     nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
3692 
3693 			if (params.max_sp &
3694 					~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
3695 				return -EINVAL;
3696 
3697 			params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
3698 		}
3699 		/* TDLS peers cannot be added */
3700 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3701 			return -EINVAL;
3702 		/* but don't bother the driver with it */
3703 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3704 
3705 		/* allow authenticated/associated only if driver handles it */
3706 		if (!(rdev->wiphy.features &
3707 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
3708 		    params.sta_flags_mask &
3709 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3710 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
3711 			return -EINVAL;
3712 
3713 		/* must be last in here for error handling */
3714 		params.vlan = get_vlan(info, rdev);
3715 		if (IS_ERR(params.vlan))
3716 			return PTR_ERR(params.vlan);
3717 		break;
3718 	case NL80211_IFTYPE_MESH_POINT:
3719 		/* associated is disallowed */
3720 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
3721 			return -EINVAL;
3722 		/* TDLS peers cannot be added */
3723 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3724 			return -EINVAL;
3725 		break;
3726 	case NL80211_IFTYPE_STATION:
3727 		/* associated is disallowed */
3728 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
3729 			return -EINVAL;
3730 		/* Only TDLS peers can be added */
3731 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3732 			return -EINVAL;
3733 		/* Can only add if TDLS ... */
3734 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
3735 			return -EOPNOTSUPP;
3736 		/* ... with external setup is supported */
3737 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
3738 			return -EOPNOTSUPP;
3739 		break;
3740 	default:
3741 		return -EOPNOTSUPP;
3742 	}
3743 
3744 	/* be aware of params.vlan when changing code here */
3745 
3746 	err = rdev_add_station(rdev, dev, mac_addr, &params);
3747 
3748 	if (params.vlan)
3749 		dev_put(params.vlan);
3750 	return err;
3751 }
3752 
3753 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
3754 {
3755 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3756 	struct net_device *dev = info->user_ptr[1];
3757 	u8 *mac_addr = NULL;
3758 
3759 	if (info->attrs[NL80211_ATTR_MAC])
3760 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3761 
3762 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3763 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3764 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
3765 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3766 		return -EINVAL;
3767 
3768 	if (!rdev->ops->del_station)
3769 		return -EOPNOTSUPP;
3770 
3771 	return rdev_del_station(rdev, dev, mac_addr);
3772 }
3773 
3774 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
3775 				int flags, struct net_device *dev,
3776 				u8 *dst, u8 *next_hop,
3777 				struct mpath_info *pinfo)
3778 {
3779 	void *hdr;
3780 	struct nlattr *pinfoattr;
3781 
3782 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3783 	if (!hdr)
3784 		return -1;
3785 
3786 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3787 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
3788 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
3789 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
3790 		goto nla_put_failure;
3791 
3792 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
3793 	if (!pinfoattr)
3794 		goto nla_put_failure;
3795 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
3796 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
3797 			pinfo->frame_qlen))
3798 		goto nla_put_failure;
3799 	if (((pinfo->filled & MPATH_INFO_SN) &&
3800 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
3801 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
3802 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
3803 			 pinfo->metric)) ||
3804 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
3805 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
3806 			 pinfo->exptime)) ||
3807 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
3808 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
3809 			pinfo->flags)) ||
3810 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
3811 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
3812 			 pinfo->discovery_timeout)) ||
3813 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
3814 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
3815 			pinfo->discovery_retries)))
3816 		goto nla_put_failure;
3817 
3818 	nla_nest_end(msg, pinfoattr);
3819 
3820 	return genlmsg_end(msg, hdr);
3821 
3822  nla_put_failure:
3823 	genlmsg_cancel(msg, hdr);
3824 	return -EMSGSIZE;
3825 }
3826 
3827 static int nl80211_dump_mpath(struct sk_buff *skb,
3828 			      struct netlink_callback *cb)
3829 {
3830 	struct mpath_info pinfo;
3831 	struct cfg80211_registered_device *dev;
3832 	struct net_device *netdev;
3833 	u8 dst[ETH_ALEN];
3834 	u8 next_hop[ETH_ALEN];
3835 	int path_idx = cb->args[1];
3836 	int err;
3837 
3838 	err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
3839 	if (err)
3840 		return err;
3841 
3842 	if (!dev->ops->dump_mpath) {
3843 		err = -EOPNOTSUPP;
3844 		goto out_err;
3845 	}
3846 
3847 	if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
3848 		err = -EOPNOTSUPP;
3849 		goto out_err;
3850 	}
3851 
3852 	while (1) {
3853 		err = rdev_dump_mpath(dev, netdev, path_idx, dst, next_hop,
3854 				      &pinfo);
3855 		if (err == -ENOENT)
3856 			break;
3857 		if (err)
3858 			goto out_err;
3859 
3860 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
3861 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
3862 				       netdev, dst, next_hop,
3863 				       &pinfo) < 0)
3864 			goto out;
3865 
3866 		path_idx++;
3867 	}
3868 
3869 
3870  out:
3871 	cb->args[1] = path_idx;
3872 	err = skb->len;
3873  out_err:
3874 	nl80211_finish_netdev_dump(dev);
3875 	return err;
3876 }
3877 
3878 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
3879 {
3880 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3881 	int err;
3882 	struct net_device *dev = info->user_ptr[1];
3883 	struct mpath_info pinfo;
3884 	struct sk_buff *msg;
3885 	u8 *dst = NULL;
3886 	u8 next_hop[ETH_ALEN];
3887 
3888 	memset(&pinfo, 0, sizeof(pinfo));
3889 
3890 	if (!info->attrs[NL80211_ATTR_MAC])
3891 		return -EINVAL;
3892 
3893 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3894 
3895 	if (!rdev->ops->get_mpath)
3896 		return -EOPNOTSUPP;
3897 
3898 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3899 		return -EOPNOTSUPP;
3900 
3901 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
3902 	if (err)
3903 		return err;
3904 
3905 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3906 	if (!msg)
3907 		return -ENOMEM;
3908 
3909 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
3910 				 dev, dst, next_hop, &pinfo) < 0) {
3911 		nlmsg_free(msg);
3912 		return -ENOBUFS;
3913 	}
3914 
3915 	return genlmsg_reply(msg, info);
3916 }
3917 
3918 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
3919 {
3920 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3921 	struct net_device *dev = info->user_ptr[1];
3922 	u8 *dst = NULL;
3923 	u8 *next_hop = NULL;
3924 
3925 	if (!info->attrs[NL80211_ATTR_MAC])
3926 		return -EINVAL;
3927 
3928 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3929 		return -EINVAL;
3930 
3931 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3932 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3933 
3934 	if (!rdev->ops->change_mpath)
3935 		return -EOPNOTSUPP;
3936 
3937 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3938 		return -EOPNOTSUPP;
3939 
3940 	return rdev_change_mpath(rdev, dev, dst, next_hop);
3941 }
3942 
3943 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
3944 {
3945 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3946 	struct net_device *dev = info->user_ptr[1];
3947 	u8 *dst = NULL;
3948 	u8 *next_hop = NULL;
3949 
3950 	if (!info->attrs[NL80211_ATTR_MAC])
3951 		return -EINVAL;
3952 
3953 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3954 		return -EINVAL;
3955 
3956 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3957 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3958 
3959 	if (!rdev->ops->add_mpath)
3960 		return -EOPNOTSUPP;
3961 
3962 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3963 		return -EOPNOTSUPP;
3964 
3965 	return rdev_add_mpath(rdev, dev, dst, next_hop);
3966 }
3967 
3968 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
3969 {
3970 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3971 	struct net_device *dev = info->user_ptr[1];
3972 	u8 *dst = NULL;
3973 
3974 	if (info->attrs[NL80211_ATTR_MAC])
3975 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3976 
3977 	if (!rdev->ops->del_mpath)
3978 		return -EOPNOTSUPP;
3979 
3980 	return rdev_del_mpath(rdev, dev, dst);
3981 }
3982 
3983 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
3984 {
3985 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3986 	struct net_device *dev = info->user_ptr[1];
3987 	struct bss_parameters params;
3988 
3989 	memset(&params, 0, sizeof(params));
3990 	/* default to not changing parameters */
3991 	params.use_cts_prot = -1;
3992 	params.use_short_preamble = -1;
3993 	params.use_short_slot_time = -1;
3994 	params.ap_isolate = -1;
3995 	params.ht_opmode = -1;
3996 	params.p2p_ctwindow = -1;
3997 	params.p2p_opp_ps = -1;
3998 
3999 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4000 		params.use_cts_prot =
4001 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4002 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4003 		params.use_short_preamble =
4004 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4005 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4006 		params.use_short_slot_time =
4007 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4008 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4009 		params.basic_rates =
4010 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4011 		params.basic_rates_len =
4012 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4013 	}
4014 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4015 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4016 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4017 		params.ht_opmode =
4018 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4019 
4020 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4021 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4022 			return -EINVAL;
4023 		params.p2p_ctwindow =
4024 			nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4025 		if (params.p2p_ctwindow < 0)
4026 			return -EINVAL;
4027 		if (params.p2p_ctwindow != 0 &&
4028 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4029 			return -EINVAL;
4030 	}
4031 
4032 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4033 		u8 tmp;
4034 
4035 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4036 			return -EINVAL;
4037 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4038 		if (tmp > 1)
4039 			return -EINVAL;
4040 		params.p2p_opp_ps = tmp;
4041 		if (params.p2p_opp_ps &&
4042 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4043 			return -EINVAL;
4044 	}
4045 
4046 	if (!rdev->ops->change_bss)
4047 		return -EOPNOTSUPP;
4048 
4049 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4050 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4051 		return -EOPNOTSUPP;
4052 
4053 	return rdev_change_bss(rdev, dev, &params);
4054 }
4055 
4056 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
4057 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
4058 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
4059 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
4060 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
4061 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
4062 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
4063 };
4064 
4065 static int parse_reg_rule(struct nlattr *tb[],
4066 	struct ieee80211_reg_rule *reg_rule)
4067 {
4068 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
4069 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
4070 
4071 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
4072 		return -EINVAL;
4073 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
4074 		return -EINVAL;
4075 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
4076 		return -EINVAL;
4077 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
4078 		return -EINVAL;
4079 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
4080 		return -EINVAL;
4081 
4082 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
4083 
4084 	freq_range->start_freq_khz =
4085 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
4086 	freq_range->end_freq_khz =
4087 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
4088 	freq_range->max_bandwidth_khz =
4089 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
4090 
4091 	power_rule->max_eirp =
4092 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
4093 
4094 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
4095 		power_rule->max_antenna_gain =
4096 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
4097 
4098 	return 0;
4099 }
4100 
4101 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4102 {
4103 	int r;
4104 	char *data = NULL;
4105 	enum nl80211_user_reg_hint_type user_reg_hint_type;
4106 
4107 	/*
4108 	 * You should only get this when cfg80211 hasn't yet initialized
4109 	 * completely when built-in to the kernel right between the time
4110 	 * window between nl80211_init() and regulatory_init(), if that is
4111 	 * even possible.
4112 	 */
4113 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4114 		return -EINPROGRESS;
4115 
4116 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4117 		return -EINVAL;
4118 
4119 	data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4120 
4121 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4122 		user_reg_hint_type =
4123 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4124 	else
4125 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4126 
4127 	switch (user_reg_hint_type) {
4128 	case NL80211_USER_REG_HINT_USER:
4129 	case NL80211_USER_REG_HINT_CELL_BASE:
4130 		break;
4131 	default:
4132 		return -EINVAL;
4133 	}
4134 
4135 	r = regulatory_hint_user(data, user_reg_hint_type);
4136 
4137 	return r;
4138 }
4139 
4140 static int nl80211_get_mesh_config(struct sk_buff *skb,
4141 				   struct genl_info *info)
4142 {
4143 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4144 	struct net_device *dev = info->user_ptr[1];
4145 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4146 	struct mesh_config cur_params;
4147 	int err = 0;
4148 	void *hdr;
4149 	struct nlattr *pinfoattr;
4150 	struct sk_buff *msg;
4151 
4152 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4153 		return -EOPNOTSUPP;
4154 
4155 	if (!rdev->ops->get_mesh_config)
4156 		return -EOPNOTSUPP;
4157 
4158 	wdev_lock(wdev);
4159 	/* If not connected, get default parameters */
4160 	if (!wdev->mesh_id_len)
4161 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
4162 	else
4163 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
4164 	wdev_unlock(wdev);
4165 
4166 	if (err)
4167 		return err;
4168 
4169 	/* Draw up a netlink message to send back */
4170 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4171 	if (!msg)
4172 		return -ENOMEM;
4173 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4174 			     NL80211_CMD_GET_MESH_CONFIG);
4175 	if (!hdr)
4176 		goto out;
4177 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
4178 	if (!pinfoattr)
4179 		goto nla_put_failure;
4180 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4181 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
4182 			cur_params.dot11MeshRetryTimeout) ||
4183 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4184 			cur_params.dot11MeshConfirmTimeout) ||
4185 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
4186 			cur_params.dot11MeshHoldingTimeout) ||
4187 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
4188 			cur_params.dot11MeshMaxPeerLinks) ||
4189 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
4190 		       cur_params.dot11MeshMaxRetries) ||
4191 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
4192 		       cur_params.dot11MeshTTL) ||
4193 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
4194 		       cur_params.element_ttl) ||
4195 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4196 		       cur_params.auto_open_plinks) ||
4197 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4198 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
4199 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4200 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
4201 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
4202 			cur_params.path_refresh_time) ||
4203 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4204 			cur_params.min_discovery_timeout) ||
4205 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4206 			cur_params.dot11MeshHWMPactivePathTimeout) ||
4207 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4208 			cur_params.dot11MeshHWMPpreqMinInterval) ||
4209 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4210 			cur_params.dot11MeshHWMPperrMinInterval) ||
4211 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4212 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
4213 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
4214 		       cur_params.dot11MeshHWMPRootMode) ||
4215 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4216 			cur_params.dot11MeshHWMPRannInterval) ||
4217 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4218 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
4219 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
4220 		       cur_params.dot11MeshForwarding) ||
4221 	    nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
4222 			cur_params.rssi_threshold) ||
4223 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
4224 			cur_params.ht_opmode) ||
4225 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4226 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
4227 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4228 			cur_params.dot11MeshHWMProotInterval) ||
4229 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4230 			cur_params.dot11MeshHWMPconfirmationInterval) ||
4231 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
4232 			cur_params.power_mode) ||
4233 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
4234 			cur_params.dot11MeshAwakeWindowDuration))
4235 		goto nla_put_failure;
4236 	nla_nest_end(msg, pinfoattr);
4237 	genlmsg_end(msg, hdr);
4238 	return genlmsg_reply(msg, info);
4239 
4240  nla_put_failure:
4241 	genlmsg_cancel(msg, hdr);
4242  out:
4243 	nlmsg_free(msg);
4244 	return -ENOBUFS;
4245 }
4246 
4247 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
4248 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
4249 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
4250 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
4251 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
4252 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
4253 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
4254 	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
4255 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
4256 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
4257 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
4258 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
4259 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
4260 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
4261 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
4262 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
4263 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
4264 	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
4265 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
4266 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
4267 	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
4268 	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
4269 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
4270 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
4271 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
4272 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
4273 	[NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
4274 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
4275 };
4276 
4277 static const struct nla_policy
4278 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
4279 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
4280 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
4281 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
4282 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
4283 	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
4284 				    .len = IEEE80211_MAX_DATA_LEN },
4285 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
4286 };
4287 
4288 static int nl80211_parse_mesh_config(struct genl_info *info,
4289 				     struct mesh_config *cfg,
4290 				     u32 *mask_out)
4291 {
4292 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
4293 	u32 mask = 0;
4294 
4295 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
4296 do {									    \
4297 	if (tb[attr]) {							    \
4298 		if (fn(tb[attr]) < min || fn(tb[attr]) > max)		    \
4299 			return -EINVAL;					    \
4300 		cfg->param = fn(tb[attr]);				    \
4301 		mask |= (1 << (attr - 1));				    \
4302 	}								    \
4303 } while (0)
4304 
4305 
4306 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
4307 		return -EINVAL;
4308 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
4309 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
4310 			     nl80211_meshconf_params_policy))
4311 		return -EINVAL;
4312 
4313 	/* This makes sure that there aren't more than 32 mesh config
4314 	 * parameters (otherwise our bitfield scheme would not work.) */
4315 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
4316 
4317 	/* Fill in the params struct */
4318 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
4319 				  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
4320 				  nla_get_u16);
4321 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
4322 				  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4323 				  nla_get_u16);
4324 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
4325 				  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
4326 				  nla_get_u16);
4327 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
4328 				  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
4329 				  nla_get_u16);
4330 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
4331 				  mask, NL80211_MESHCONF_MAX_RETRIES,
4332 				  nla_get_u8);
4333 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
4334 				  mask, NL80211_MESHCONF_TTL, nla_get_u8);
4335 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
4336 				  mask, NL80211_MESHCONF_ELEMENT_TTL,
4337 				  nla_get_u8);
4338 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
4339 				  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4340 				  nla_get_u8);
4341 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
4342 				  1, 255, mask,
4343 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4344 				  nla_get_u32);
4345 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
4346 				  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4347 				  nla_get_u8);
4348 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
4349 				  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
4350 				  nla_get_u32);
4351 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
4352 				  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4353 				  nla_get_u16);
4354 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
4355 				  1, 65535, mask,
4356 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4357 				  nla_get_u32);
4358 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
4359 				  1, 65535, mask,
4360 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4361 				  nla_get_u16);
4362 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
4363 				  1, 65535, mask,
4364 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4365 				  nla_get_u16);
4366 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4367 				  dot11MeshHWMPnetDiameterTraversalTime,
4368 				  1, 65535, mask,
4369 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4370 				  nla_get_u16);
4371 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
4372 				  mask, NL80211_MESHCONF_HWMP_ROOTMODE,
4373 				  nla_get_u8);
4374 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
4375 				  mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4376 				  nla_get_u16);
4377 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4378 				  dot11MeshGateAnnouncementProtocol, 0, 1,
4379 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4380 				  nla_get_u8);
4381 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
4382 				  mask, NL80211_MESHCONF_FORWARDING,
4383 				  nla_get_u8);
4384 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 1, 255,
4385 				  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
4386 				  nla_get_u32);
4387 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
4388 				  mask, NL80211_MESHCONF_HT_OPMODE,
4389 				  nla_get_u16);
4390 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
4391 				  1, 65535, mask,
4392 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4393 				  nla_get_u32);
4394 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
4395 				  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4396 				  nla_get_u16);
4397 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4398 				  dot11MeshHWMPconfirmationInterval,
4399 				  1, 65535, mask,
4400 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4401 				  nla_get_u16);
4402 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
4403 				  NL80211_MESH_POWER_ACTIVE,
4404 				  NL80211_MESH_POWER_MAX,
4405 				  mask, NL80211_MESHCONF_POWER_MODE,
4406 				  nla_get_u32);
4407 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
4408 				  0, 65535, mask,
4409 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
4410 	if (mask_out)
4411 		*mask_out = mask;
4412 
4413 	return 0;
4414 
4415 #undef FILL_IN_MESH_PARAM_IF_SET
4416 }
4417 
4418 static int nl80211_parse_mesh_setup(struct genl_info *info,
4419 				     struct mesh_setup *setup)
4420 {
4421 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
4422 
4423 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
4424 		return -EINVAL;
4425 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
4426 			     info->attrs[NL80211_ATTR_MESH_SETUP],
4427 			     nl80211_mesh_setup_params_policy))
4428 		return -EINVAL;
4429 
4430 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
4431 		setup->sync_method =
4432 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
4433 		 IEEE80211_SYNC_METHOD_VENDOR :
4434 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
4435 
4436 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
4437 		setup->path_sel_proto =
4438 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
4439 		 IEEE80211_PATH_PROTOCOL_VENDOR :
4440 		 IEEE80211_PATH_PROTOCOL_HWMP;
4441 
4442 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
4443 		setup->path_metric =
4444 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
4445 		 IEEE80211_PATH_METRIC_VENDOR :
4446 		 IEEE80211_PATH_METRIC_AIRTIME;
4447 
4448 
4449 	if (tb[NL80211_MESH_SETUP_IE]) {
4450 		struct nlattr *ieattr =
4451 			tb[NL80211_MESH_SETUP_IE];
4452 		if (!is_valid_ie_attr(ieattr))
4453 			return -EINVAL;
4454 		setup->ie = nla_data(ieattr);
4455 		setup->ie_len = nla_len(ieattr);
4456 	}
4457 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
4458 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
4459 
4460 	return 0;
4461 }
4462 
4463 static int nl80211_update_mesh_config(struct sk_buff *skb,
4464 				      struct genl_info *info)
4465 {
4466 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4467 	struct net_device *dev = info->user_ptr[1];
4468 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4469 	struct mesh_config cfg;
4470 	u32 mask;
4471 	int err;
4472 
4473 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4474 		return -EOPNOTSUPP;
4475 
4476 	if (!rdev->ops->update_mesh_config)
4477 		return -EOPNOTSUPP;
4478 
4479 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
4480 	if (err)
4481 		return err;
4482 
4483 	wdev_lock(wdev);
4484 	if (!wdev->mesh_id_len)
4485 		err = -ENOLINK;
4486 
4487 	if (!err)
4488 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
4489 
4490 	wdev_unlock(wdev);
4491 
4492 	return err;
4493 }
4494 
4495 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
4496 {
4497 	const struct ieee80211_regdomain *regdom;
4498 	struct sk_buff *msg;
4499 	void *hdr = NULL;
4500 	struct nlattr *nl_reg_rules;
4501 	unsigned int i;
4502 	int err = -EINVAL;
4503 
4504 	mutex_lock(&cfg80211_mutex);
4505 
4506 	if (!cfg80211_regdomain)
4507 		goto out;
4508 
4509 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4510 	if (!msg) {
4511 		err = -ENOBUFS;
4512 		goto out;
4513 	}
4514 
4515 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4516 			     NL80211_CMD_GET_REG);
4517 	if (!hdr)
4518 		goto put_failure;
4519 
4520 	if (reg_last_request_cell_base() &&
4521 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
4522 			NL80211_USER_REG_HINT_CELL_BASE))
4523 		goto nla_put_failure;
4524 
4525 	rcu_read_lock();
4526 	regdom = rcu_dereference(cfg80211_regdomain);
4527 
4528 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
4529 	    (regdom->dfs_region &&
4530 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
4531 		goto nla_put_failure_rcu;
4532 
4533 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
4534 	if (!nl_reg_rules)
4535 		goto nla_put_failure_rcu;
4536 
4537 	for (i = 0; i < regdom->n_reg_rules; i++) {
4538 		struct nlattr *nl_reg_rule;
4539 		const struct ieee80211_reg_rule *reg_rule;
4540 		const struct ieee80211_freq_range *freq_range;
4541 		const struct ieee80211_power_rule *power_rule;
4542 
4543 		reg_rule = &regdom->reg_rules[i];
4544 		freq_range = &reg_rule->freq_range;
4545 		power_rule = &reg_rule->power_rule;
4546 
4547 		nl_reg_rule = nla_nest_start(msg, i);
4548 		if (!nl_reg_rule)
4549 			goto nla_put_failure_rcu;
4550 
4551 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
4552 				reg_rule->flags) ||
4553 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
4554 				freq_range->start_freq_khz) ||
4555 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
4556 				freq_range->end_freq_khz) ||
4557 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
4558 				freq_range->max_bandwidth_khz) ||
4559 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
4560 				power_rule->max_antenna_gain) ||
4561 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
4562 				power_rule->max_eirp))
4563 			goto nla_put_failure_rcu;
4564 
4565 		nla_nest_end(msg, nl_reg_rule);
4566 	}
4567 	rcu_read_unlock();
4568 
4569 	nla_nest_end(msg, nl_reg_rules);
4570 
4571 	genlmsg_end(msg, hdr);
4572 	err = genlmsg_reply(msg, info);
4573 	goto out;
4574 
4575 nla_put_failure_rcu:
4576 	rcu_read_unlock();
4577 nla_put_failure:
4578 	genlmsg_cancel(msg, hdr);
4579 put_failure:
4580 	nlmsg_free(msg);
4581 	err = -EMSGSIZE;
4582 out:
4583 	mutex_unlock(&cfg80211_mutex);
4584 	return err;
4585 }
4586 
4587 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
4588 {
4589 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
4590 	struct nlattr *nl_reg_rule;
4591 	char *alpha2 = NULL;
4592 	int rem_reg_rules = 0, r = 0;
4593 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
4594 	u8 dfs_region = 0;
4595 	struct ieee80211_regdomain *rd = NULL;
4596 
4597 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4598 		return -EINVAL;
4599 
4600 	if (!info->attrs[NL80211_ATTR_REG_RULES])
4601 		return -EINVAL;
4602 
4603 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4604 
4605 	if (info->attrs[NL80211_ATTR_DFS_REGION])
4606 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
4607 
4608 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
4609 			    rem_reg_rules) {
4610 		num_rules++;
4611 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
4612 			return -EINVAL;
4613 	}
4614 
4615 	size_of_regd = sizeof(struct ieee80211_regdomain) +
4616 		       num_rules * sizeof(struct ieee80211_reg_rule);
4617 
4618 	rd = kzalloc(size_of_regd, GFP_KERNEL);
4619 	if (!rd)
4620 		return -ENOMEM;
4621 
4622 	rd->n_reg_rules = num_rules;
4623 	rd->alpha2[0] = alpha2[0];
4624 	rd->alpha2[1] = alpha2[1];
4625 
4626 	/*
4627 	 * Disable DFS master mode if the DFS region was
4628 	 * not supported or known on this kernel.
4629 	 */
4630 	if (reg_supported_dfs_region(dfs_region))
4631 		rd->dfs_region = dfs_region;
4632 
4633 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
4634 			    rem_reg_rules) {
4635 		nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
4636 			  nla_data(nl_reg_rule), nla_len(nl_reg_rule),
4637 			  reg_rule_policy);
4638 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
4639 		if (r)
4640 			goto bad_reg;
4641 
4642 		rule_idx++;
4643 
4644 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
4645 			r = -EINVAL;
4646 			goto bad_reg;
4647 		}
4648 	}
4649 
4650 	mutex_lock(&cfg80211_mutex);
4651 
4652 	r = set_regdom(rd);
4653 	/* set_regdom took ownership */
4654 	rd = NULL;
4655 	mutex_unlock(&cfg80211_mutex);
4656 
4657  bad_reg:
4658 	kfree(rd);
4659 	return r;
4660 }
4661 
4662 static int validate_scan_freqs(struct nlattr *freqs)
4663 {
4664 	struct nlattr *attr1, *attr2;
4665 	int n_channels = 0, tmp1, tmp2;
4666 
4667 	nla_for_each_nested(attr1, freqs, tmp1) {
4668 		n_channels++;
4669 		/*
4670 		 * Some hardware has a limited channel list for
4671 		 * scanning, and it is pretty much nonsensical
4672 		 * to scan for a channel twice, so disallow that
4673 		 * and don't require drivers to check that the
4674 		 * channel list they get isn't longer than what
4675 		 * they can scan, as long as they can scan all
4676 		 * the channels they registered at once.
4677 		 */
4678 		nla_for_each_nested(attr2, freqs, tmp2)
4679 			if (attr1 != attr2 &&
4680 			    nla_get_u32(attr1) == nla_get_u32(attr2))
4681 				return 0;
4682 	}
4683 
4684 	return n_channels;
4685 }
4686 
4687 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
4688 {
4689 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4690 	struct wireless_dev *wdev = info->user_ptr[1];
4691 	struct cfg80211_scan_request *request;
4692 	struct nlattr *attr;
4693 	struct wiphy *wiphy;
4694 	int err, tmp, n_ssids = 0, n_channels, i;
4695 	size_t ie_len;
4696 
4697 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4698 		return -EINVAL;
4699 
4700 	wiphy = &rdev->wiphy;
4701 
4702 	if (!rdev->ops->scan)
4703 		return -EOPNOTSUPP;
4704 
4705 	mutex_lock(&rdev->sched_scan_mtx);
4706 	if (rdev->scan_req) {
4707 		err = -EBUSY;
4708 		goto unlock;
4709 	}
4710 
4711 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4712 		n_channels = validate_scan_freqs(
4713 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
4714 		if (!n_channels) {
4715 			err = -EINVAL;
4716 			goto unlock;
4717 		}
4718 	} else {
4719 		enum ieee80211_band band;
4720 		n_channels = 0;
4721 
4722 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
4723 			if (wiphy->bands[band])
4724 				n_channels += wiphy->bands[band]->n_channels;
4725 	}
4726 
4727 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
4728 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
4729 			n_ssids++;
4730 
4731 	if (n_ssids > wiphy->max_scan_ssids) {
4732 		err = -EINVAL;
4733 		goto unlock;
4734 	}
4735 
4736 	if (info->attrs[NL80211_ATTR_IE])
4737 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4738 	else
4739 		ie_len = 0;
4740 
4741 	if (ie_len > wiphy->max_scan_ie_len) {
4742 		err = -EINVAL;
4743 		goto unlock;
4744 	}
4745 
4746 	request = kzalloc(sizeof(*request)
4747 			+ sizeof(*request->ssids) * n_ssids
4748 			+ sizeof(*request->channels) * n_channels
4749 			+ ie_len, GFP_KERNEL);
4750 	if (!request) {
4751 		err = -ENOMEM;
4752 		goto unlock;
4753 	}
4754 
4755 	if (n_ssids)
4756 		request->ssids = (void *)&request->channels[n_channels];
4757 	request->n_ssids = n_ssids;
4758 	if (ie_len) {
4759 		if (request->ssids)
4760 			request->ie = (void *)(request->ssids + n_ssids);
4761 		else
4762 			request->ie = (void *)(request->channels + n_channels);
4763 	}
4764 
4765 	i = 0;
4766 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4767 		/* user specified, bail out if channel not found */
4768 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
4769 			struct ieee80211_channel *chan;
4770 
4771 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
4772 
4773 			if (!chan) {
4774 				err = -EINVAL;
4775 				goto out_free;
4776 			}
4777 
4778 			/* ignore disabled channels */
4779 			if (chan->flags & IEEE80211_CHAN_DISABLED)
4780 				continue;
4781 
4782 			request->channels[i] = chan;
4783 			i++;
4784 		}
4785 	} else {
4786 		enum ieee80211_band band;
4787 
4788 		/* all channels */
4789 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4790 			int j;
4791 			if (!wiphy->bands[band])
4792 				continue;
4793 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
4794 				struct ieee80211_channel *chan;
4795 
4796 				chan = &wiphy->bands[band]->channels[j];
4797 
4798 				if (chan->flags & IEEE80211_CHAN_DISABLED)
4799 					continue;
4800 
4801 				request->channels[i] = chan;
4802 				i++;
4803 			}
4804 		}
4805 	}
4806 
4807 	if (!i) {
4808 		err = -EINVAL;
4809 		goto out_free;
4810 	}
4811 
4812 	request->n_channels = i;
4813 
4814 	i = 0;
4815 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
4816 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
4817 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
4818 				err = -EINVAL;
4819 				goto out_free;
4820 			}
4821 			request->ssids[i].ssid_len = nla_len(attr);
4822 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
4823 			i++;
4824 		}
4825 	}
4826 
4827 	if (info->attrs[NL80211_ATTR_IE]) {
4828 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4829 		memcpy((void *)request->ie,
4830 		       nla_data(info->attrs[NL80211_ATTR_IE]),
4831 		       request->ie_len);
4832 	}
4833 
4834 	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
4835 		if (wiphy->bands[i])
4836 			request->rates[i] =
4837 				(1 << wiphy->bands[i]->n_bitrates) - 1;
4838 
4839 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
4840 		nla_for_each_nested(attr,
4841 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
4842 				    tmp) {
4843 			enum ieee80211_band band = nla_type(attr);
4844 
4845 			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
4846 				err = -EINVAL;
4847 				goto out_free;
4848 			}
4849 			err = ieee80211_get_ratemask(wiphy->bands[band],
4850 						     nla_data(attr),
4851 						     nla_len(attr),
4852 						     &request->rates[band]);
4853 			if (err)
4854 				goto out_free;
4855 		}
4856 	}
4857 
4858 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
4859 		request->flags = nla_get_u32(
4860 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
4861 		if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
4862 		     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
4863 		    ((request->flags & NL80211_SCAN_FLAG_FLUSH) &&
4864 		     !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) {
4865 			err = -EOPNOTSUPP;
4866 			goto out_free;
4867 		}
4868 	}
4869 
4870 	request->no_cck =
4871 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
4872 
4873 	request->wdev = wdev;
4874 	request->wiphy = &rdev->wiphy;
4875 	request->scan_start = jiffies;
4876 
4877 	rdev->scan_req = request;
4878 	err = rdev_scan(rdev, request);
4879 
4880 	if (!err) {
4881 		nl80211_send_scan_start(rdev, wdev);
4882 		if (wdev->netdev)
4883 			dev_hold(wdev->netdev);
4884 	} else {
4885  out_free:
4886 		rdev->scan_req = NULL;
4887 		kfree(request);
4888 	}
4889 
4890  unlock:
4891 	mutex_unlock(&rdev->sched_scan_mtx);
4892 	return err;
4893 }
4894 
4895 static int nl80211_start_sched_scan(struct sk_buff *skb,
4896 				    struct genl_info *info)
4897 {
4898 	struct cfg80211_sched_scan_request *request;
4899 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4900 	struct net_device *dev = info->user_ptr[1];
4901 	struct nlattr *attr;
4902 	struct wiphy *wiphy;
4903 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
4904 	u32 interval;
4905 	enum ieee80211_band band;
4906 	size_t ie_len;
4907 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
4908 
4909 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
4910 	    !rdev->ops->sched_scan_start)
4911 		return -EOPNOTSUPP;
4912 
4913 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4914 		return -EINVAL;
4915 
4916 	if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
4917 		return -EINVAL;
4918 
4919 	interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
4920 	if (interval == 0)
4921 		return -EINVAL;
4922 
4923 	wiphy = &rdev->wiphy;
4924 
4925 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4926 		n_channels = validate_scan_freqs(
4927 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
4928 		if (!n_channels)
4929 			return -EINVAL;
4930 	} else {
4931 		n_channels = 0;
4932 
4933 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
4934 			if (wiphy->bands[band])
4935 				n_channels += wiphy->bands[band]->n_channels;
4936 	}
4937 
4938 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
4939 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
4940 				    tmp)
4941 			n_ssids++;
4942 
4943 	if (n_ssids > wiphy->max_sched_scan_ssids)
4944 		return -EINVAL;
4945 
4946 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
4947 		nla_for_each_nested(attr,
4948 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
4949 				    tmp)
4950 			n_match_sets++;
4951 
4952 	if (n_match_sets > wiphy->max_match_sets)
4953 		return -EINVAL;
4954 
4955 	if (info->attrs[NL80211_ATTR_IE])
4956 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4957 	else
4958 		ie_len = 0;
4959 
4960 	if (ie_len > wiphy->max_sched_scan_ie_len)
4961 		return -EINVAL;
4962 
4963 	mutex_lock(&rdev->sched_scan_mtx);
4964 
4965 	if (rdev->sched_scan_req) {
4966 		err = -EINPROGRESS;
4967 		goto out;
4968 	}
4969 
4970 	request = kzalloc(sizeof(*request)
4971 			+ sizeof(*request->ssids) * n_ssids
4972 			+ sizeof(*request->match_sets) * n_match_sets
4973 			+ sizeof(*request->channels) * n_channels
4974 			+ ie_len, GFP_KERNEL);
4975 	if (!request) {
4976 		err = -ENOMEM;
4977 		goto out;
4978 	}
4979 
4980 	if (n_ssids)
4981 		request->ssids = (void *)&request->channels[n_channels];
4982 	request->n_ssids = n_ssids;
4983 	if (ie_len) {
4984 		if (request->ssids)
4985 			request->ie = (void *)(request->ssids + n_ssids);
4986 		else
4987 			request->ie = (void *)(request->channels + n_channels);
4988 	}
4989 
4990 	if (n_match_sets) {
4991 		if (request->ie)
4992 			request->match_sets = (void *)(request->ie + ie_len);
4993 		else if (request->ssids)
4994 			request->match_sets =
4995 				(void *)(request->ssids + n_ssids);
4996 		else
4997 			request->match_sets =
4998 				(void *)(request->channels + n_channels);
4999 	}
5000 	request->n_match_sets = n_match_sets;
5001 
5002 	i = 0;
5003 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5004 		/* user specified, bail out if channel not found */
5005 		nla_for_each_nested(attr,
5006 				    info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
5007 				    tmp) {
5008 			struct ieee80211_channel *chan;
5009 
5010 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5011 
5012 			if (!chan) {
5013 				err = -EINVAL;
5014 				goto out_free;
5015 			}
5016 
5017 			/* ignore disabled channels */
5018 			if (chan->flags & IEEE80211_CHAN_DISABLED)
5019 				continue;
5020 
5021 			request->channels[i] = chan;
5022 			i++;
5023 		}
5024 	} else {
5025 		/* all channels */
5026 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5027 			int j;
5028 			if (!wiphy->bands[band])
5029 				continue;
5030 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5031 				struct ieee80211_channel *chan;
5032 
5033 				chan = &wiphy->bands[band]->channels[j];
5034 
5035 				if (chan->flags & IEEE80211_CHAN_DISABLED)
5036 					continue;
5037 
5038 				request->channels[i] = chan;
5039 				i++;
5040 			}
5041 		}
5042 	}
5043 
5044 	if (!i) {
5045 		err = -EINVAL;
5046 		goto out_free;
5047 	}
5048 
5049 	request->n_channels = i;
5050 
5051 	i = 0;
5052 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5053 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5054 				    tmp) {
5055 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5056 				err = -EINVAL;
5057 				goto out_free;
5058 			}
5059 			request->ssids[i].ssid_len = nla_len(attr);
5060 			memcpy(request->ssids[i].ssid, nla_data(attr),
5061 			       nla_len(attr));
5062 			i++;
5063 		}
5064 	}
5065 
5066 	i = 0;
5067 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5068 		nla_for_each_nested(attr,
5069 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5070 				    tmp) {
5071 			struct nlattr *ssid, *rssi;
5072 
5073 			nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5074 				  nla_data(attr), nla_len(attr),
5075 				  nl80211_match_policy);
5076 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
5077 			if (ssid) {
5078 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
5079 					err = -EINVAL;
5080 					goto out_free;
5081 				}
5082 				memcpy(request->match_sets[i].ssid.ssid,
5083 				       nla_data(ssid), nla_len(ssid));
5084 				request->match_sets[i].ssid.ssid_len =
5085 					nla_len(ssid);
5086 			}
5087 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5088 			if (rssi)
5089 				request->rssi_thold = nla_get_u32(rssi);
5090 			else
5091 				request->rssi_thold =
5092 						   NL80211_SCAN_RSSI_THOLD_OFF;
5093 			i++;
5094 		}
5095 	}
5096 
5097 	if (info->attrs[NL80211_ATTR_IE]) {
5098 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5099 		memcpy((void *)request->ie,
5100 		       nla_data(info->attrs[NL80211_ATTR_IE]),
5101 		       request->ie_len);
5102 	}
5103 
5104 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5105 		request->flags = nla_get_u32(
5106 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5107 		if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5108 		     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
5109 		    ((request->flags & NL80211_SCAN_FLAG_FLUSH) &&
5110 		     !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) {
5111 			err = -EOPNOTSUPP;
5112 			goto out_free;
5113 		}
5114 	}
5115 
5116 	request->dev = dev;
5117 	request->wiphy = &rdev->wiphy;
5118 	request->interval = interval;
5119 	request->scan_start = jiffies;
5120 
5121 	err = rdev_sched_scan_start(rdev, dev, request);
5122 	if (!err) {
5123 		rdev->sched_scan_req = request;
5124 		nl80211_send_sched_scan(rdev, dev,
5125 					NL80211_CMD_START_SCHED_SCAN);
5126 		goto out;
5127 	}
5128 
5129 out_free:
5130 	kfree(request);
5131 out:
5132 	mutex_unlock(&rdev->sched_scan_mtx);
5133 	return err;
5134 }
5135 
5136 static int nl80211_stop_sched_scan(struct sk_buff *skb,
5137 				   struct genl_info *info)
5138 {
5139 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5140 	int err;
5141 
5142 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5143 	    !rdev->ops->sched_scan_stop)
5144 		return -EOPNOTSUPP;
5145 
5146 	mutex_lock(&rdev->sched_scan_mtx);
5147 	err = __cfg80211_stop_sched_scan(rdev, false);
5148 	mutex_unlock(&rdev->sched_scan_mtx);
5149 
5150 	return err;
5151 }
5152 
5153 static int nl80211_start_radar_detection(struct sk_buff *skb,
5154 					 struct genl_info *info)
5155 {
5156 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5157 	struct net_device *dev = info->user_ptr[1];
5158 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5159 	struct cfg80211_chan_def chandef;
5160 	int err;
5161 
5162 	err = nl80211_parse_chandef(rdev, info, &chandef);
5163 	if (err)
5164 		return err;
5165 
5166 	if (wdev->cac_started)
5167 		return -EBUSY;
5168 
5169 	err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef);
5170 	if (err < 0)
5171 		return err;
5172 
5173 	if (err == 0)
5174 		return -EINVAL;
5175 
5176 	if (chandef.chan->dfs_state != NL80211_DFS_USABLE)
5177 		return -EINVAL;
5178 
5179 	if (!rdev->ops->start_radar_detection)
5180 		return -EOPNOTSUPP;
5181 
5182 	mutex_lock(&rdev->devlist_mtx);
5183 	err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
5184 					   chandef.chan, CHAN_MODE_SHARED,
5185 					   BIT(chandef.width));
5186 	if (err)
5187 		goto err_locked;
5188 
5189 	err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef);
5190 	if (!err) {
5191 		wdev->channel = chandef.chan;
5192 		wdev->cac_started = true;
5193 		wdev->cac_start_time = jiffies;
5194 	}
5195 err_locked:
5196 	mutex_unlock(&rdev->devlist_mtx);
5197 
5198 	return err;
5199 }
5200 
5201 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
5202 			    u32 seq, int flags,
5203 			    struct cfg80211_registered_device *rdev,
5204 			    struct wireless_dev *wdev,
5205 			    struct cfg80211_internal_bss *intbss)
5206 {
5207 	struct cfg80211_bss *res = &intbss->pub;
5208 	const struct cfg80211_bss_ies *ies;
5209 	void *hdr;
5210 	struct nlattr *bss;
5211 	bool tsf = false;
5212 
5213 	ASSERT_WDEV_LOCK(wdev);
5214 
5215 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5216 			     NL80211_CMD_NEW_SCAN_RESULTS);
5217 	if (!hdr)
5218 		return -1;
5219 
5220 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5221 
5222 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) ||
5223 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
5224 		goto nla_put_failure;
5225 
5226 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
5227 	if (!bss)
5228 		goto nla_put_failure;
5229 	if ((!is_zero_ether_addr(res->bssid) &&
5230 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
5231 		goto nla_put_failure;
5232 
5233 	rcu_read_lock();
5234 	ies = rcu_dereference(res->ies);
5235 	if (ies) {
5236 		if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
5237 			goto fail_unlock_rcu;
5238 		tsf = true;
5239 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
5240 					ies->len, ies->data))
5241 			goto fail_unlock_rcu;
5242 	}
5243 	ies = rcu_dereference(res->beacon_ies);
5244 	if (ies) {
5245 		if (!tsf && nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
5246 			goto fail_unlock_rcu;
5247 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
5248 					ies->len, ies->data))
5249 			goto fail_unlock_rcu;
5250 	}
5251 	rcu_read_unlock();
5252 
5253 	if (res->beacon_interval &&
5254 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
5255 		goto nla_put_failure;
5256 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
5257 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
5258 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
5259 			jiffies_to_msecs(jiffies - intbss->ts)))
5260 		goto nla_put_failure;
5261 
5262 	switch (rdev->wiphy.signal_type) {
5263 	case CFG80211_SIGNAL_TYPE_MBM:
5264 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
5265 			goto nla_put_failure;
5266 		break;
5267 	case CFG80211_SIGNAL_TYPE_UNSPEC:
5268 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
5269 			goto nla_put_failure;
5270 		break;
5271 	default:
5272 		break;
5273 	}
5274 
5275 	switch (wdev->iftype) {
5276 	case NL80211_IFTYPE_P2P_CLIENT:
5277 	case NL80211_IFTYPE_STATION:
5278 		if (intbss == wdev->current_bss &&
5279 		    nla_put_u32(msg, NL80211_BSS_STATUS,
5280 				NL80211_BSS_STATUS_ASSOCIATED))
5281 			goto nla_put_failure;
5282 		break;
5283 	case NL80211_IFTYPE_ADHOC:
5284 		if (intbss == wdev->current_bss &&
5285 		    nla_put_u32(msg, NL80211_BSS_STATUS,
5286 				NL80211_BSS_STATUS_IBSS_JOINED))
5287 			goto nla_put_failure;
5288 		break;
5289 	default:
5290 		break;
5291 	}
5292 
5293 	nla_nest_end(msg, bss);
5294 
5295 	return genlmsg_end(msg, hdr);
5296 
5297  fail_unlock_rcu:
5298 	rcu_read_unlock();
5299  nla_put_failure:
5300 	genlmsg_cancel(msg, hdr);
5301 	return -EMSGSIZE;
5302 }
5303 
5304 static int nl80211_dump_scan(struct sk_buff *skb,
5305 			     struct netlink_callback *cb)
5306 {
5307 	struct cfg80211_registered_device *rdev;
5308 	struct net_device *dev;
5309 	struct cfg80211_internal_bss *scan;
5310 	struct wireless_dev *wdev;
5311 	int start = cb->args[1], idx = 0;
5312 	int err;
5313 
5314 	err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
5315 	if (err)
5316 		return err;
5317 
5318 	wdev = dev->ieee80211_ptr;
5319 
5320 	wdev_lock(wdev);
5321 	spin_lock_bh(&rdev->bss_lock);
5322 	cfg80211_bss_expire(rdev);
5323 
5324 	cb->seq = rdev->bss_generation;
5325 
5326 	list_for_each_entry(scan, &rdev->bss_list, list) {
5327 		if (++idx <= start)
5328 			continue;
5329 		if (nl80211_send_bss(skb, cb,
5330 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
5331 				rdev, wdev, scan) < 0) {
5332 			idx--;
5333 			break;
5334 		}
5335 	}
5336 
5337 	spin_unlock_bh(&rdev->bss_lock);
5338 	wdev_unlock(wdev);
5339 
5340 	cb->args[1] = idx;
5341 	nl80211_finish_netdev_dump(rdev);
5342 
5343 	return skb->len;
5344 }
5345 
5346 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
5347 				int flags, struct net_device *dev,
5348 				struct survey_info *survey)
5349 {
5350 	void *hdr;
5351 	struct nlattr *infoattr;
5352 
5353 	hdr = nl80211hdr_put(msg, portid, seq, flags,
5354 			     NL80211_CMD_NEW_SURVEY_RESULTS);
5355 	if (!hdr)
5356 		return -ENOMEM;
5357 
5358 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
5359 		goto nla_put_failure;
5360 
5361 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
5362 	if (!infoattr)
5363 		goto nla_put_failure;
5364 
5365 	if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
5366 			survey->channel->center_freq))
5367 		goto nla_put_failure;
5368 
5369 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
5370 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
5371 		goto nla_put_failure;
5372 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
5373 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
5374 		goto nla_put_failure;
5375 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
5376 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
5377 			survey->channel_time))
5378 		goto nla_put_failure;
5379 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
5380 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
5381 			survey->channel_time_busy))
5382 		goto nla_put_failure;
5383 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
5384 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
5385 			survey->channel_time_ext_busy))
5386 		goto nla_put_failure;
5387 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
5388 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
5389 			survey->channel_time_rx))
5390 		goto nla_put_failure;
5391 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
5392 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
5393 			survey->channel_time_tx))
5394 		goto nla_put_failure;
5395 
5396 	nla_nest_end(msg, infoattr);
5397 
5398 	return genlmsg_end(msg, hdr);
5399 
5400  nla_put_failure:
5401 	genlmsg_cancel(msg, hdr);
5402 	return -EMSGSIZE;
5403 }
5404 
5405 static int nl80211_dump_survey(struct sk_buff *skb,
5406 			struct netlink_callback *cb)
5407 {
5408 	struct survey_info survey;
5409 	struct cfg80211_registered_device *dev;
5410 	struct net_device *netdev;
5411 	int survey_idx = cb->args[1];
5412 	int res;
5413 
5414 	res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
5415 	if (res)
5416 		return res;
5417 
5418 	if (!dev->ops->dump_survey) {
5419 		res = -EOPNOTSUPP;
5420 		goto out_err;
5421 	}
5422 
5423 	while (1) {
5424 		struct ieee80211_channel *chan;
5425 
5426 		res = rdev_dump_survey(dev, netdev, survey_idx, &survey);
5427 		if (res == -ENOENT)
5428 			break;
5429 		if (res)
5430 			goto out_err;
5431 
5432 		/* Survey without a channel doesn't make sense */
5433 		if (!survey.channel) {
5434 			res = -EINVAL;
5435 			goto out;
5436 		}
5437 
5438 		chan = ieee80211_get_channel(&dev->wiphy,
5439 					     survey.channel->center_freq);
5440 		if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
5441 			survey_idx++;
5442 			continue;
5443 		}
5444 
5445 		if (nl80211_send_survey(skb,
5446 				NETLINK_CB(cb->skb).portid,
5447 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
5448 				netdev,
5449 				&survey) < 0)
5450 			goto out;
5451 		survey_idx++;
5452 	}
5453 
5454  out:
5455 	cb->args[1] = survey_idx;
5456 	res = skb->len;
5457  out_err:
5458 	nl80211_finish_netdev_dump(dev);
5459 	return res;
5460 }
5461 
5462 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
5463 {
5464 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
5465 				  NL80211_WPA_VERSION_2));
5466 }
5467 
5468 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
5469 {
5470 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5471 	struct net_device *dev = info->user_ptr[1];
5472 	struct ieee80211_channel *chan;
5473 	const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
5474 	int err, ssid_len, ie_len = 0, sae_data_len = 0;
5475 	enum nl80211_auth_type auth_type;
5476 	struct key_parse key;
5477 	bool local_state_change;
5478 
5479 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5480 		return -EINVAL;
5481 
5482 	if (!info->attrs[NL80211_ATTR_MAC])
5483 		return -EINVAL;
5484 
5485 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
5486 		return -EINVAL;
5487 
5488 	if (!info->attrs[NL80211_ATTR_SSID])
5489 		return -EINVAL;
5490 
5491 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
5492 		return -EINVAL;
5493 
5494 	err = nl80211_parse_key(info, &key);
5495 	if (err)
5496 		return err;
5497 
5498 	if (key.idx >= 0) {
5499 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
5500 			return -EINVAL;
5501 		if (!key.p.key || !key.p.key_len)
5502 			return -EINVAL;
5503 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
5504 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
5505 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
5506 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
5507 			return -EINVAL;
5508 		if (key.idx > 4)
5509 			return -EINVAL;
5510 	} else {
5511 		key.p.key_len = 0;
5512 		key.p.key = NULL;
5513 	}
5514 
5515 	if (key.idx >= 0) {
5516 		int i;
5517 		bool ok = false;
5518 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
5519 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
5520 				ok = true;
5521 				break;
5522 			}
5523 		}
5524 		if (!ok)
5525 			return -EINVAL;
5526 	}
5527 
5528 	if (!rdev->ops->auth)
5529 		return -EOPNOTSUPP;
5530 
5531 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5532 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5533 		return -EOPNOTSUPP;
5534 
5535 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5536 	chan = ieee80211_get_channel(&rdev->wiphy,
5537 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
5538 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
5539 		return -EINVAL;
5540 
5541 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5542 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
5543 
5544 	if (info->attrs[NL80211_ATTR_IE]) {
5545 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5546 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5547 	}
5548 
5549 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
5550 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
5551 		return -EINVAL;
5552 
5553 	if (auth_type == NL80211_AUTHTYPE_SAE &&
5554 	    !info->attrs[NL80211_ATTR_SAE_DATA])
5555 		return -EINVAL;
5556 
5557 	if (info->attrs[NL80211_ATTR_SAE_DATA]) {
5558 		if (auth_type != NL80211_AUTHTYPE_SAE)
5559 			return -EINVAL;
5560 		sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
5561 		sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
5562 		/* need to include at least Auth Transaction and Status Code */
5563 		if (sae_data_len < 4)
5564 			return -EINVAL;
5565 	}
5566 
5567 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
5568 
5569 	/*
5570 	 * Since we no longer track auth state, ignore
5571 	 * requests to only change local state.
5572 	 */
5573 	if (local_state_change)
5574 		return 0;
5575 
5576 	return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
5577 				  ssid, ssid_len, ie, ie_len,
5578 				  key.p.key, key.p.key_len, key.idx,
5579 				  sae_data, sae_data_len);
5580 }
5581 
5582 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
5583 				   struct genl_info *info,
5584 				   struct cfg80211_crypto_settings *settings,
5585 				   int cipher_limit)
5586 {
5587 	memset(settings, 0, sizeof(*settings));
5588 
5589 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
5590 
5591 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
5592 		u16 proto;
5593 		proto = nla_get_u16(
5594 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
5595 		settings->control_port_ethertype = cpu_to_be16(proto);
5596 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
5597 		    proto != ETH_P_PAE)
5598 			return -EINVAL;
5599 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
5600 			settings->control_port_no_encrypt = true;
5601 	} else
5602 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
5603 
5604 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
5605 		void *data;
5606 		int len, i;
5607 
5608 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
5609 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
5610 		settings->n_ciphers_pairwise = len / sizeof(u32);
5611 
5612 		if (len % sizeof(u32))
5613 			return -EINVAL;
5614 
5615 		if (settings->n_ciphers_pairwise > cipher_limit)
5616 			return -EINVAL;
5617 
5618 		memcpy(settings->ciphers_pairwise, data, len);
5619 
5620 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
5621 			if (!cfg80211_supported_cipher_suite(
5622 					&rdev->wiphy,
5623 					settings->ciphers_pairwise[i]))
5624 				return -EINVAL;
5625 	}
5626 
5627 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
5628 		settings->cipher_group =
5629 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
5630 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
5631 						     settings->cipher_group))
5632 			return -EINVAL;
5633 	}
5634 
5635 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
5636 		settings->wpa_versions =
5637 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
5638 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
5639 			return -EINVAL;
5640 	}
5641 
5642 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
5643 		void *data;
5644 		int len;
5645 
5646 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
5647 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
5648 		settings->n_akm_suites = len / sizeof(u32);
5649 
5650 		if (len % sizeof(u32))
5651 			return -EINVAL;
5652 
5653 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
5654 			return -EINVAL;
5655 
5656 		memcpy(settings->akm_suites, data, len);
5657 	}
5658 
5659 	return 0;
5660 }
5661 
5662 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
5663 {
5664 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5665 	struct net_device *dev = info->user_ptr[1];
5666 	struct cfg80211_crypto_settings crypto;
5667 	struct ieee80211_channel *chan;
5668 	const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
5669 	int err, ssid_len, ie_len = 0;
5670 	bool use_mfp = false;
5671 	u32 flags = 0;
5672 	struct ieee80211_ht_cap *ht_capa = NULL;
5673 	struct ieee80211_ht_cap *ht_capa_mask = NULL;
5674 
5675 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5676 		return -EINVAL;
5677 
5678 	if (!info->attrs[NL80211_ATTR_MAC] ||
5679 	    !info->attrs[NL80211_ATTR_SSID] ||
5680 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
5681 		return -EINVAL;
5682 
5683 	if (!rdev->ops->assoc)
5684 		return -EOPNOTSUPP;
5685 
5686 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5687 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5688 		return -EOPNOTSUPP;
5689 
5690 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5691 
5692 	chan = ieee80211_get_channel(&rdev->wiphy,
5693 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
5694 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
5695 		return -EINVAL;
5696 
5697 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5698 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
5699 
5700 	if (info->attrs[NL80211_ATTR_IE]) {
5701 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5702 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5703 	}
5704 
5705 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
5706 		enum nl80211_mfp mfp =
5707 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
5708 		if (mfp == NL80211_MFP_REQUIRED)
5709 			use_mfp = true;
5710 		else if (mfp != NL80211_MFP_NO)
5711 			return -EINVAL;
5712 	}
5713 
5714 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
5715 		prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
5716 
5717 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
5718 		flags |= ASSOC_REQ_DISABLE_HT;
5719 
5720 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
5721 		ht_capa_mask =
5722 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]);
5723 
5724 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
5725 		if (!ht_capa_mask)
5726 			return -EINVAL;
5727 		ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5728 	}
5729 
5730 	err = nl80211_crypto_settings(rdev, info, &crypto, 1);
5731 	if (!err)
5732 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
5733 					  ssid, ssid_len, ie, ie_len, use_mfp,
5734 					  &crypto, flags, ht_capa,
5735 					  ht_capa_mask);
5736 
5737 	return err;
5738 }
5739 
5740 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
5741 {
5742 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5743 	struct net_device *dev = info->user_ptr[1];
5744 	const u8 *ie = NULL, *bssid;
5745 	int ie_len = 0;
5746 	u16 reason_code;
5747 	bool local_state_change;
5748 
5749 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5750 		return -EINVAL;
5751 
5752 	if (!info->attrs[NL80211_ATTR_MAC])
5753 		return -EINVAL;
5754 
5755 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
5756 		return -EINVAL;
5757 
5758 	if (!rdev->ops->deauth)
5759 		return -EOPNOTSUPP;
5760 
5761 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5762 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5763 		return -EOPNOTSUPP;
5764 
5765 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5766 
5767 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5768 	if (reason_code == 0) {
5769 		/* Reason Code 0 is reserved */
5770 		return -EINVAL;
5771 	}
5772 
5773 	if (info->attrs[NL80211_ATTR_IE]) {
5774 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5775 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5776 	}
5777 
5778 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
5779 
5780 	return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
5781 				    local_state_change);
5782 }
5783 
5784 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
5785 {
5786 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5787 	struct net_device *dev = info->user_ptr[1];
5788 	const u8 *ie = NULL, *bssid;
5789 	int ie_len = 0;
5790 	u16 reason_code;
5791 	bool local_state_change;
5792 
5793 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5794 		return -EINVAL;
5795 
5796 	if (!info->attrs[NL80211_ATTR_MAC])
5797 		return -EINVAL;
5798 
5799 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
5800 		return -EINVAL;
5801 
5802 	if (!rdev->ops->disassoc)
5803 		return -EOPNOTSUPP;
5804 
5805 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5806 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5807 		return -EOPNOTSUPP;
5808 
5809 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5810 
5811 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5812 	if (reason_code == 0) {
5813 		/* Reason Code 0 is reserved */
5814 		return -EINVAL;
5815 	}
5816 
5817 	if (info->attrs[NL80211_ATTR_IE]) {
5818 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5819 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5820 	}
5821 
5822 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
5823 
5824 	return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
5825 				      local_state_change);
5826 }
5827 
5828 static bool
5829 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
5830 			 int mcast_rate[IEEE80211_NUM_BANDS],
5831 			 int rateval)
5832 {
5833 	struct wiphy *wiphy = &rdev->wiphy;
5834 	bool found = false;
5835 	int band, i;
5836 
5837 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5838 		struct ieee80211_supported_band *sband;
5839 
5840 		sband = wiphy->bands[band];
5841 		if (!sband)
5842 			continue;
5843 
5844 		for (i = 0; i < sband->n_bitrates; i++) {
5845 			if (sband->bitrates[i].bitrate == rateval) {
5846 				mcast_rate[band] = i + 1;
5847 				found = true;
5848 				break;
5849 			}
5850 		}
5851 	}
5852 
5853 	return found;
5854 }
5855 
5856 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
5857 {
5858 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5859 	struct net_device *dev = info->user_ptr[1];
5860 	struct cfg80211_ibss_params ibss;
5861 	struct wiphy *wiphy;
5862 	struct cfg80211_cached_keys *connkeys = NULL;
5863 	int err;
5864 
5865 	memset(&ibss, 0, sizeof(ibss));
5866 
5867 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5868 		return -EINVAL;
5869 
5870 	if (!info->attrs[NL80211_ATTR_SSID] ||
5871 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
5872 		return -EINVAL;
5873 
5874 	ibss.beacon_interval = 100;
5875 
5876 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
5877 		ibss.beacon_interval =
5878 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
5879 		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
5880 			return -EINVAL;
5881 	}
5882 
5883 	if (!rdev->ops->join_ibss)
5884 		return -EOPNOTSUPP;
5885 
5886 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
5887 		return -EOPNOTSUPP;
5888 
5889 	wiphy = &rdev->wiphy;
5890 
5891 	if (info->attrs[NL80211_ATTR_MAC]) {
5892 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5893 
5894 		if (!is_valid_ether_addr(ibss.bssid))
5895 			return -EINVAL;
5896 	}
5897 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5898 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
5899 
5900 	if (info->attrs[NL80211_ATTR_IE]) {
5901 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5902 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5903 	}
5904 
5905 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
5906 	if (err)
5907 		return err;
5908 
5909 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef))
5910 		return -EINVAL;
5911 
5912 	if (ibss.chandef.width > NL80211_CHAN_WIDTH_40)
5913 		return -EINVAL;
5914 	if (ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
5915 	    !(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
5916 		return -EINVAL;
5917 
5918 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
5919 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
5920 
5921 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
5922 		u8 *rates =
5923 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5924 		int n_rates =
5925 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5926 		struct ieee80211_supported_band *sband =
5927 			wiphy->bands[ibss.chandef.chan->band];
5928 
5929 		err = ieee80211_get_ratemask(sband, rates, n_rates,
5930 					     &ibss.basic_rates);
5931 		if (err)
5932 			return err;
5933 	}
5934 
5935 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
5936 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
5937 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
5938 		return -EINVAL;
5939 
5940 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
5941 		bool no_ht = false;
5942 
5943 		connkeys = nl80211_parse_connkeys(rdev,
5944 					  info->attrs[NL80211_ATTR_KEYS],
5945 					  &no_ht);
5946 		if (IS_ERR(connkeys))
5947 			return PTR_ERR(connkeys);
5948 
5949 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
5950 		    no_ht) {
5951 			kfree(connkeys);
5952 			return -EINVAL;
5953 		}
5954 	}
5955 
5956 	ibss.control_port =
5957 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
5958 
5959 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
5960 	if (err)
5961 		kfree(connkeys);
5962 	return err;
5963 }
5964 
5965 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
5966 {
5967 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5968 	struct net_device *dev = info->user_ptr[1];
5969 
5970 	if (!rdev->ops->leave_ibss)
5971 		return -EOPNOTSUPP;
5972 
5973 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
5974 		return -EOPNOTSUPP;
5975 
5976 	return cfg80211_leave_ibss(rdev, dev, false);
5977 }
5978 
5979 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
5980 {
5981 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5982 	struct net_device *dev = info->user_ptr[1];
5983 	int mcast_rate[IEEE80211_NUM_BANDS];
5984 	u32 nla_rate;
5985 	int err;
5986 
5987 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5988 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5989 		return -EOPNOTSUPP;
5990 
5991 	if (!rdev->ops->set_mcast_rate)
5992 		return -EOPNOTSUPP;
5993 
5994 	memset(mcast_rate, 0, sizeof(mcast_rate));
5995 
5996 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
5997 		return -EINVAL;
5998 
5999 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
6000 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
6001 		return -EINVAL;
6002 
6003 	err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
6004 
6005 	return err;
6006 }
6007 
6008 
6009 #ifdef CONFIG_NL80211_TESTMODE
6010 static struct genl_multicast_group nl80211_testmode_mcgrp = {
6011 	.name = "testmode",
6012 };
6013 
6014 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
6015 {
6016 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6017 	int err;
6018 
6019 	if (!info->attrs[NL80211_ATTR_TESTDATA])
6020 		return -EINVAL;
6021 
6022 	err = -EOPNOTSUPP;
6023 	if (rdev->ops->testmode_cmd) {
6024 		rdev->testmode_info = info;
6025 		err = rdev_testmode_cmd(rdev,
6026 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
6027 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
6028 		rdev->testmode_info = NULL;
6029 	}
6030 
6031 	return err;
6032 }
6033 
6034 static int nl80211_testmode_dump(struct sk_buff *skb,
6035 				 struct netlink_callback *cb)
6036 {
6037 	struct cfg80211_registered_device *rdev;
6038 	int err;
6039 	long phy_idx;
6040 	void *data = NULL;
6041 	int data_len = 0;
6042 
6043 	if (cb->args[0]) {
6044 		/*
6045 		 * 0 is a valid index, but not valid for args[0],
6046 		 * so we need to offset by 1.
6047 		 */
6048 		phy_idx = cb->args[0] - 1;
6049 	} else {
6050 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
6051 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
6052 				  nl80211_policy);
6053 		if (err)
6054 			return err;
6055 
6056 		mutex_lock(&cfg80211_mutex);
6057 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
6058 						  nl80211_fam.attrbuf);
6059 		if (IS_ERR(rdev)) {
6060 			mutex_unlock(&cfg80211_mutex);
6061 			return PTR_ERR(rdev);
6062 		}
6063 		phy_idx = rdev->wiphy_idx;
6064 		rdev = NULL;
6065 		mutex_unlock(&cfg80211_mutex);
6066 
6067 		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
6068 			cb->args[1] =
6069 				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
6070 	}
6071 
6072 	if (cb->args[1]) {
6073 		data = nla_data((void *)cb->args[1]);
6074 		data_len = nla_len((void *)cb->args[1]);
6075 	}
6076 
6077 	mutex_lock(&cfg80211_mutex);
6078 	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
6079 	if (!rdev) {
6080 		mutex_unlock(&cfg80211_mutex);
6081 		return -ENOENT;
6082 	}
6083 	cfg80211_lock_rdev(rdev);
6084 	mutex_unlock(&cfg80211_mutex);
6085 
6086 	if (!rdev->ops->testmode_dump) {
6087 		err = -EOPNOTSUPP;
6088 		goto out_err;
6089 	}
6090 
6091 	while (1) {
6092 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
6093 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
6094 					   NL80211_CMD_TESTMODE);
6095 		struct nlattr *tmdata;
6096 
6097 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
6098 			genlmsg_cancel(skb, hdr);
6099 			break;
6100 		}
6101 
6102 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
6103 		if (!tmdata) {
6104 			genlmsg_cancel(skb, hdr);
6105 			break;
6106 		}
6107 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
6108 		nla_nest_end(skb, tmdata);
6109 
6110 		if (err == -ENOBUFS || err == -ENOENT) {
6111 			genlmsg_cancel(skb, hdr);
6112 			break;
6113 		} else if (err) {
6114 			genlmsg_cancel(skb, hdr);
6115 			goto out_err;
6116 		}
6117 
6118 		genlmsg_end(skb, hdr);
6119 	}
6120 
6121 	err = skb->len;
6122 	/* see above */
6123 	cb->args[0] = phy_idx + 1;
6124  out_err:
6125 	cfg80211_unlock_rdev(rdev);
6126 	return err;
6127 }
6128 
6129 static struct sk_buff *
6130 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
6131 			      int approxlen, u32 portid, u32 seq, gfp_t gfp)
6132 {
6133 	struct sk_buff *skb;
6134 	void *hdr;
6135 	struct nlattr *data;
6136 
6137 	skb = nlmsg_new(approxlen + 100, gfp);
6138 	if (!skb)
6139 		return NULL;
6140 
6141 	hdr = nl80211hdr_put(skb, portid, seq, 0, NL80211_CMD_TESTMODE);
6142 	if (!hdr) {
6143 		kfree_skb(skb);
6144 		return NULL;
6145 	}
6146 
6147 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
6148 		goto nla_put_failure;
6149 	data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
6150 
6151 	((void **)skb->cb)[0] = rdev;
6152 	((void **)skb->cb)[1] = hdr;
6153 	((void **)skb->cb)[2] = data;
6154 
6155 	return skb;
6156 
6157  nla_put_failure:
6158 	kfree_skb(skb);
6159 	return NULL;
6160 }
6161 
6162 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
6163 						  int approxlen)
6164 {
6165 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
6166 
6167 	if (WARN_ON(!rdev->testmode_info))
6168 		return NULL;
6169 
6170 	return __cfg80211_testmode_alloc_skb(rdev, approxlen,
6171 				rdev->testmode_info->snd_portid,
6172 				rdev->testmode_info->snd_seq,
6173 				GFP_KERNEL);
6174 }
6175 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
6176 
6177 int cfg80211_testmode_reply(struct sk_buff *skb)
6178 {
6179 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
6180 	void *hdr = ((void **)skb->cb)[1];
6181 	struct nlattr *data = ((void **)skb->cb)[2];
6182 
6183 	if (WARN_ON(!rdev->testmode_info)) {
6184 		kfree_skb(skb);
6185 		return -EINVAL;
6186 	}
6187 
6188 	nla_nest_end(skb, data);
6189 	genlmsg_end(skb, hdr);
6190 	return genlmsg_reply(skb, rdev->testmode_info);
6191 }
6192 EXPORT_SYMBOL(cfg80211_testmode_reply);
6193 
6194 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
6195 						  int approxlen, gfp_t gfp)
6196 {
6197 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
6198 
6199 	return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
6200 }
6201 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
6202 
6203 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
6204 {
6205 	void *hdr = ((void **)skb->cb)[1];
6206 	struct nlattr *data = ((void **)skb->cb)[2];
6207 
6208 	nla_nest_end(skb, data);
6209 	genlmsg_end(skb, hdr);
6210 	genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
6211 }
6212 EXPORT_SYMBOL(cfg80211_testmode_event);
6213 #endif
6214 
6215 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
6216 {
6217 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6218 	struct net_device *dev = info->user_ptr[1];
6219 	struct cfg80211_connect_params connect;
6220 	struct wiphy *wiphy;
6221 	struct cfg80211_cached_keys *connkeys = NULL;
6222 	int err;
6223 
6224 	memset(&connect, 0, sizeof(connect));
6225 
6226 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6227 		return -EINVAL;
6228 
6229 	if (!info->attrs[NL80211_ATTR_SSID] ||
6230 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
6231 		return -EINVAL;
6232 
6233 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
6234 		connect.auth_type =
6235 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6236 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
6237 					     NL80211_CMD_CONNECT))
6238 			return -EINVAL;
6239 	} else
6240 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
6241 
6242 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
6243 
6244 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
6245 				      NL80211_MAX_NR_CIPHER_SUITES);
6246 	if (err)
6247 		return err;
6248 
6249 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6250 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6251 		return -EOPNOTSUPP;
6252 
6253 	wiphy = &rdev->wiphy;
6254 
6255 	connect.bg_scan_period = -1;
6256 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
6257 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
6258 		connect.bg_scan_period =
6259 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
6260 	}
6261 
6262 	if (info->attrs[NL80211_ATTR_MAC])
6263 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6264 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6265 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6266 
6267 	if (info->attrs[NL80211_ATTR_IE]) {
6268 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6269 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6270 	}
6271 
6272 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
6273 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6274 		if (connect.mfp != NL80211_MFP_REQUIRED &&
6275 		    connect.mfp != NL80211_MFP_NO)
6276 			return -EINVAL;
6277 	} else {
6278 		connect.mfp = NL80211_MFP_NO;
6279 	}
6280 
6281 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
6282 		connect.channel =
6283 			ieee80211_get_channel(wiphy,
6284 			    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
6285 		if (!connect.channel ||
6286 		    connect.channel->flags & IEEE80211_CHAN_DISABLED)
6287 			return -EINVAL;
6288 	}
6289 
6290 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
6291 		connkeys = nl80211_parse_connkeys(rdev,
6292 					  info->attrs[NL80211_ATTR_KEYS], NULL);
6293 		if (IS_ERR(connkeys))
6294 			return PTR_ERR(connkeys);
6295 	}
6296 
6297 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6298 		connect.flags |= ASSOC_REQ_DISABLE_HT;
6299 
6300 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6301 		memcpy(&connect.ht_capa_mask,
6302 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6303 		       sizeof(connect.ht_capa_mask));
6304 
6305 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6306 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
6307 			kfree(connkeys);
6308 			return -EINVAL;
6309 		}
6310 		memcpy(&connect.ht_capa,
6311 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6312 		       sizeof(connect.ht_capa));
6313 	}
6314 
6315 	err = cfg80211_connect(rdev, dev, &connect, connkeys);
6316 	if (err)
6317 		kfree(connkeys);
6318 	return err;
6319 }
6320 
6321 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
6322 {
6323 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6324 	struct net_device *dev = info->user_ptr[1];
6325 	u16 reason;
6326 
6327 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
6328 		reason = WLAN_REASON_DEAUTH_LEAVING;
6329 	else
6330 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6331 
6332 	if (reason == 0)
6333 		return -EINVAL;
6334 
6335 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6336 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6337 		return -EOPNOTSUPP;
6338 
6339 	return cfg80211_disconnect(rdev, dev, reason, true);
6340 }
6341 
6342 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
6343 {
6344 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6345 	struct net *net;
6346 	int err;
6347 	u32 pid;
6348 
6349 	if (!info->attrs[NL80211_ATTR_PID])
6350 		return -EINVAL;
6351 
6352 	pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
6353 
6354 	net = get_net_ns_by_pid(pid);
6355 	if (IS_ERR(net))
6356 		return PTR_ERR(net);
6357 
6358 	err = 0;
6359 
6360 	/* check if anything to do */
6361 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
6362 		err = cfg80211_switch_netns(rdev, net);
6363 
6364 	put_net(net);
6365 	return err;
6366 }
6367 
6368 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
6369 {
6370 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6371 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
6372 			struct cfg80211_pmksa *pmksa) = NULL;
6373 	struct net_device *dev = info->user_ptr[1];
6374 	struct cfg80211_pmksa pmksa;
6375 
6376 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
6377 
6378 	if (!info->attrs[NL80211_ATTR_MAC])
6379 		return -EINVAL;
6380 
6381 	if (!info->attrs[NL80211_ATTR_PMKID])
6382 		return -EINVAL;
6383 
6384 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
6385 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6386 
6387 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6388 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6389 		return -EOPNOTSUPP;
6390 
6391 	switch (info->genlhdr->cmd) {
6392 	case NL80211_CMD_SET_PMKSA:
6393 		rdev_ops = rdev->ops->set_pmksa;
6394 		break;
6395 	case NL80211_CMD_DEL_PMKSA:
6396 		rdev_ops = rdev->ops->del_pmksa;
6397 		break;
6398 	default:
6399 		WARN_ON(1);
6400 		break;
6401 	}
6402 
6403 	if (!rdev_ops)
6404 		return -EOPNOTSUPP;
6405 
6406 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
6407 }
6408 
6409 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
6410 {
6411 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6412 	struct net_device *dev = info->user_ptr[1];
6413 
6414 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6415 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6416 		return -EOPNOTSUPP;
6417 
6418 	if (!rdev->ops->flush_pmksa)
6419 		return -EOPNOTSUPP;
6420 
6421 	return rdev_flush_pmksa(rdev, dev);
6422 }
6423 
6424 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
6425 {
6426 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6427 	struct net_device *dev = info->user_ptr[1];
6428 	u8 action_code, dialog_token;
6429 	u16 status_code;
6430 	u8 *peer;
6431 
6432 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
6433 	    !rdev->ops->tdls_mgmt)
6434 		return -EOPNOTSUPP;
6435 
6436 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
6437 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
6438 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
6439 	    !info->attrs[NL80211_ATTR_IE] ||
6440 	    !info->attrs[NL80211_ATTR_MAC])
6441 		return -EINVAL;
6442 
6443 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
6444 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
6445 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
6446 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
6447 
6448 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
6449 			      dialog_token, status_code,
6450 			      nla_data(info->attrs[NL80211_ATTR_IE]),
6451 			      nla_len(info->attrs[NL80211_ATTR_IE]));
6452 }
6453 
6454 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
6455 {
6456 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6457 	struct net_device *dev = info->user_ptr[1];
6458 	enum nl80211_tdls_operation operation;
6459 	u8 *peer;
6460 
6461 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
6462 	    !rdev->ops->tdls_oper)
6463 		return -EOPNOTSUPP;
6464 
6465 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
6466 	    !info->attrs[NL80211_ATTR_MAC])
6467 		return -EINVAL;
6468 
6469 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
6470 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
6471 
6472 	return rdev_tdls_oper(rdev, dev, peer, operation);
6473 }
6474 
6475 static int nl80211_remain_on_channel(struct sk_buff *skb,
6476 				     struct genl_info *info)
6477 {
6478 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6479 	struct wireless_dev *wdev = info->user_ptr[1];
6480 	struct cfg80211_chan_def chandef;
6481 	struct sk_buff *msg;
6482 	void *hdr;
6483 	u64 cookie;
6484 	u32 duration;
6485 	int err;
6486 
6487 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
6488 	    !info->attrs[NL80211_ATTR_DURATION])
6489 		return -EINVAL;
6490 
6491 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
6492 
6493 	if (!rdev->ops->remain_on_channel ||
6494 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
6495 		return -EOPNOTSUPP;
6496 
6497 	/*
6498 	 * We should be on that channel for at least a minimum amount of
6499 	 * time (10ms) but no longer than the driver supports.
6500 	 */
6501 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
6502 	    duration > rdev->wiphy.max_remain_on_channel_duration)
6503 		return -EINVAL;
6504 
6505 	err = nl80211_parse_chandef(rdev, info, &chandef);
6506 	if (err)
6507 		return err;
6508 
6509 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6510 	if (!msg)
6511 		return -ENOMEM;
6512 
6513 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6514 			     NL80211_CMD_REMAIN_ON_CHANNEL);
6515 
6516 	if (IS_ERR(hdr)) {
6517 		err = PTR_ERR(hdr);
6518 		goto free_msg;
6519 	}
6520 
6521 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
6522 				     duration, &cookie);
6523 
6524 	if (err)
6525 		goto free_msg;
6526 
6527 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
6528 		goto nla_put_failure;
6529 
6530 	genlmsg_end(msg, hdr);
6531 
6532 	return genlmsg_reply(msg, info);
6533 
6534  nla_put_failure:
6535 	err = -ENOBUFS;
6536  free_msg:
6537 	nlmsg_free(msg);
6538 	return err;
6539 }
6540 
6541 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
6542 					    struct genl_info *info)
6543 {
6544 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6545 	struct wireless_dev *wdev = info->user_ptr[1];
6546 	u64 cookie;
6547 
6548 	if (!info->attrs[NL80211_ATTR_COOKIE])
6549 		return -EINVAL;
6550 
6551 	if (!rdev->ops->cancel_remain_on_channel)
6552 		return -EOPNOTSUPP;
6553 
6554 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
6555 
6556 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
6557 }
6558 
6559 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
6560 			   u8 *rates, u8 rates_len)
6561 {
6562 	u8 i;
6563 	u32 mask = 0;
6564 
6565 	for (i = 0; i < rates_len; i++) {
6566 		int rate = (rates[i] & 0x7f) * 5;
6567 		int ridx;
6568 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
6569 			struct ieee80211_rate *srate =
6570 				&sband->bitrates[ridx];
6571 			if (rate == srate->bitrate) {
6572 				mask |= 1 << ridx;
6573 				break;
6574 			}
6575 		}
6576 		if (ridx == sband->n_bitrates)
6577 			return 0; /* rate not found */
6578 	}
6579 
6580 	return mask;
6581 }
6582 
6583 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
6584 			       u8 *rates, u8 rates_len,
6585 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
6586 {
6587 	u8 i;
6588 
6589 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
6590 
6591 	for (i = 0; i < rates_len; i++) {
6592 		int ridx, rbit;
6593 
6594 		ridx = rates[i] / 8;
6595 		rbit = BIT(rates[i] % 8);
6596 
6597 		/* check validity */
6598 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
6599 			return false;
6600 
6601 		/* check availability */
6602 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
6603 			mcs[ridx] |= rbit;
6604 		else
6605 			return false;
6606 	}
6607 
6608 	return true;
6609 }
6610 
6611 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
6612 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
6613 				    .len = NL80211_MAX_SUPP_RATES },
6614 	[NL80211_TXRATE_MCS] = { .type = NLA_BINARY,
6615 				 .len = NL80211_MAX_SUPP_HT_RATES },
6616 };
6617 
6618 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
6619 				       struct genl_info *info)
6620 {
6621 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
6622 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6623 	struct cfg80211_bitrate_mask mask;
6624 	int rem, i;
6625 	struct net_device *dev = info->user_ptr[1];
6626 	struct nlattr *tx_rates;
6627 	struct ieee80211_supported_band *sband;
6628 
6629 	if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
6630 		return -EINVAL;
6631 
6632 	if (!rdev->ops->set_bitrate_mask)
6633 		return -EOPNOTSUPP;
6634 
6635 	memset(&mask, 0, sizeof(mask));
6636 	/* Default to all rates enabled */
6637 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
6638 		sband = rdev->wiphy.bands[i];
6639 		mask.control[i].legacy =
6640 			sband ? (1 << sband->n_bitrates) - 1 : 0;
6641 		if (sband)
6642 			memcpy(mask.control[i].mcs,
6643 			       sband->ht_cap.mcs.rx_mask,
6644 			       sizeof(mask.control[i].mcs));
6645 		else
6646 			memset(mask.control[i].mcs, 0,
6647 			       sizeof(mask.control[i].mcs));
6648 	}
6649 
6650 	/*
6651 	 * The nested attribute uses enum nl80211_band as the index. This maps
6652 	 * directly to the enum ieee80211_band values used in cfg80211.
6653 	 */
6654 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
6655 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
6656 	{
6657 		enum ieee80211_band band = nla_type(tx_rates);
6658 		if (band < 0 || band >= IEEE80211_NUM_BANDS)
6659 			return -EINVAL;
6660 		sband = rdev->wiphy.bands[band];
6661 		if (sband == NULL)
6662 			return -EINVAL;
6663 		nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
6664 			  nla_len(tx_rates), nl80211_txattr_policy);
6665 		if (tb[NL80211_TXRATE_LEGACY]) {
6666 			mask.control[band].legacy = rateset_to_mask(
6667 				sband,
6668 				nla_data(tb[NL80211_TXRATE_LEGACY]),
6669 				nla_len(tb[NL80211_TXRATE_LEGACY]));
6670 			if ((mask.control[band].legacy == 0) &&
6671 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
6672 				return -EINVAL;
6673 		}
6674 		if (tb[NL80211_TXRATE_MCS]) {
6675 			if (!ht_rateset_to_mask(
6676 					sband,
6677 					nla_data(tb[NL80211_TXRATE_MCS]),
6678 					nla_len(tb[NL80211_TXRATE_MCS]),
6679 					mask.control[band].mcs))
6680 				return -EINVAL;
6681 		}
6682 
6683 		if (mask.control[band].legacy == 0) {
6684 			/* don't allow empty legacy rates if HT
6685 			 * is not even supported. */
6686 			if (!rdev->wiphy.bands[band]->ht_cap.ht_supported)
6687 				return -EINVAL;
6688 
6689 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
6690 				if (mask.control[band].mcs[i])
6691 					break;
6692 
6693 			/* legacy and mcs rates may not be both empty */
6694 			if (i == IEEE80211_HT_MCS_MASK_LEN)
6695 				return -EINVAL;
6696 		}
6697 	}
6698 
6699 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
6700 }
6701 
6702 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
6703 {
6704 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6705 	struct wireless_dev *wdev = info->user_ptr[1];
6706 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
6707 
6708 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
6709 		return -EINVAL;
6710 
6711 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
6712 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
6713 
6714 	switch (wdev->iftype) {
6715 	case NL80211_IFTYPE_STATION:
6716 	case NL80211_IFTYPE_ADHOC:
6717 	case NL80211_IFTYPE_P2P_CLIENT:
6718 	case NL80211_IFTYPE_AP:
6719 	case NL80211_IFTYPE_AP_VLAN:
6720 	case NL80211_IFTYPE_MESH_POINT:
6721 	case NL80211_IFTYPE_P2P_GO:
6722 	case NL80211_IFTYPE_P2P_DEVICE:
6723 		break;
6724 	default:
6725 		return -EOPNOTSUPP;
6726 	}
6727 
6728 	/* not much point in registering if we can't reply */
6729 	if (!rdev->ops->mgmt_tx)
6730 		return -EOPNOTSUPP;
6731 
6732 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
6733 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
6734 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
6735 }
6736 
6737 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
6738 {
6739 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6740 	struct wireless_dev *wdev = info->user_ptr[1];
6741 	struct cfg80211_chan_def chandef;
6742 	int err;
6743 	void *hdr = NULL;
6744 	u64 cookie;
6745 	struct sk_buff *msg = NULL;
6746 	unsigned int wait = 0;
6747 	bool offchan, no_cck, dont_wait_for_ack;
6748 
6749 	dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
6750 
6751 	if (!info->attrs[NL80211_ATTR_FRAME])
6752 		return -EINVAL;
6753 
6754 	if (!rdev->ops->mgmt_tx)
6755 		return -EOPNOTSUPP;
6756 
6757 	switch (wdev->iftype) {
6758 	case NL80211_IFTYPE_STATION:
6759 	case NL80211_IFTYPE_ADHOC:
6760 	case NL80211_IFTYPE_P2P_CLIENT:
6761 	case NL80211_IFTYPE_AP:
6762 	case NL80211_IFTYPE_AP_VLAN:
6763 	case NL80211_IFTYPE_MESH_POINT:
6764 	case NL80211_IFTYPE_P2P_GO:
6765 	case NL80211_IFTYPE_P2P_DEVICE:
6766 		break;
6767 	default:
6768 		return -EOPNOTSUPP;
6769 	}
6770 
6771 	if (info->attrs[NL80211_ATTR_DURATION]) {
6772 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
6773 			return -EINVAL;
6774 		wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
6775 
6776 		/*
6777 		 * We should wait on the channel for at least a minimum amount
6778 		 * of time (10ms) but no longer than the driver supports.
6779 		 */
6780 		if (wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
6781 		    wait > rdev->wiphy.max_remain_on_channel_duration)
6782 			return -EINVAL;
6783 
6784 	}
6785 
6786 	offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
6787 
6788 	if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
6789 		return -EINVAL;
6790 
6791 	no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
6792 
6793 	err = nl80211_parse_chandef(rdev, info, &chandef);
6794 	if (err)
6795 		return err;
6796 
6797 	if (!dont_wait_for_ack) {
6798 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6799 		if (!msg)
6800 			return -ENOMEM;
6801 
6802 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6803 				     NL80211_CMD_FRAME);
6804 
6805 		if (IS_ERR(hdr)) {
6806 			err = PTR_ERR(hdr);
6807 			goto free_msg;
6808 		}
6809 	}
6810 
6811 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, chandef.chan, offchan, wait,
6812 				    nla_data(info->attrs[NL80211_ATTR_FRAME]),
6813 				    nla_len(info->attrs[NL80211_ATTR_FRAME]),
6814 				    no_cck, dont_wait_for_ack, &cookie);
6815 	if (err)
6816 		goto free_msg;
6817 
6818 	if (msg) {
6819 		if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
6820 			goto nla_put_failure;
6821 
6822 		genlmsg_end(msg, hdr);
6823 		return genlmsg_reply(msg, info);
6824 	}
6825 
6826 	return 0;
6827 
6828  nla_put_failure:
6829 	err = -ENOBUFS;
6830  free_msg:
6831 	nlmsg_free(msg);
6832 	return err;
6833 }
6834 
6835 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
6836 {
6837 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6838 	struct wireless_dev *wdev = info->user_ptr[1];
6839 	u64 cookie;
6840 
6841 	if (!info->attrs[NL80211_ATTR_COOKIE])
6842 		return -EINVAL;
6843 
6844 	if (!rdev->ops->mgmt_tx_cancel_wait)
6845 		return -EOPNOTSUPP;
6846 
6847 	switch (wdev->iftype) {
6848 	case NL80211_IFTYPE_STATION:
6849 	case NL80211_IFTYPE_ADHOC:
6850 	case NL80211_IFTYPE_P2P_CLIENT:
6851 	case NL80211_IFTYPE_AP:
6852 	case NL80211_IFTYPE_AP_VLAN:
6853 	case NL80211_IFTYPE_P2P_GO:
6854 	case NL80211_IFTYPE_P2P_DEVICE:
6855 		break;
6856 	default:
6857 		return -EOPNOTSUPP;
6858 	}
6859 
6860 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
6861 
6862 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
6863 }
6864 
6865 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
6866 {
6867 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6868 	struct wireless_dev *wdev;
6869 	struct net_device *dev = info->user_ptr[1];
6870 	u8 ps_state;
6871 	bool state;
6872 	int err;
6873 
6874 	if (!info->attrs[NL80211_ATTR_PS_STATE])
6875 		return -EINVAL;
6876 
6877 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
6878 
6879 	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
6880 		return -EINVAL;
6881 
6882 	wdev = dev->ieee80211_ptr;
6883 
6884 	if (!rdev->ops->set_power_mgmt)
6885 		return -EOPNOTSUPP;
6886 
6887 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
6888 
6889 	if (state == wdev->ps)
6890 		return 0;
6891 
6892 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
6893 	if (!err)
6894 		wdev->ps = state;
6895 	return err;
6896 }
6897 
6898 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
6899 {
6900 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6901 	enum nl80211_ps_state ps_state;
6902 	struct wireless_dev *wdev;
6903 	struct net_device *dev = info->user_ptr[1];
6904 	struct sk_buff *msg;
6905 	void *hdr;
6906 	int err;
6907 
6908 	wdev = dev->ieee80211_ptr;
6909 
6910 	if (!rdev->ops->set_power_mgmt)
6911 		return -EOPNOTSUPP;
6912 
6913 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6914 	if (!msg)
6915 		return -ENOMEM;
6916 
6917 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6918 			     NL80211_CMD_GET_POWER_SAVE);
6919 	if (!hdr) {
6920 		err = -ENOBUFS;
6921 		goto free_msg;
6922 	}
6923 
6924 	if (wdev->ps)
6925 		ps_state = NL80211_PS_ENABLED;
6926 	else
6927 		ps_state = NL80211_PS_DISABLED;
6928 
6929 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
6930 		goto nla_put_failure;
6931 
6932 	genlmsg_end(msg, hdr);
6933 	return genlmsg_reply(msg, info);
6934 
6935  nla_put_failure:
6936 	err = -ENOBUFS;
6937  free_msg:
6938 	nlmsg_free(msg);
6939 	return err;
6940 }
6941 
6942 static struct nla_policy
6943 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
6944 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
6945 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
6946 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
6947 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
6948 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
6949 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
6950 };
6951 
6952 static int nl80211_set_cqm_txe(struct genl_info *info,
6953 			       u32 rate, u32 pkts, u32 intvl)
6954 {
6955 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6956 	struct wireless_dev *wdev;
6957 	struct net_device *dev = info->user_ptr[1];
6958 
6959 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
6960 		return -EINVAL;
6961 
6962 	wdev = dev->ieee80211_ptr;
6963 
6964 	if (!rdev->ops->set_cqm_txe_config)
6965 		return -EOPNOTSUPP;
6966 
6967 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
6968 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
6969 		return -EOPNOTSUPP;
6970 
6971 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
6972 }
6973 
6974 static int nl80211_set_cqm_rssi(struct genl_info *info,
6975 				s32 threshold, u32 hysteresis)
6976 {
6977 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6978 	struct wireless_dev *wdev;
6979 	struct net_device *dev = info->user_ptr[1];
6980 
6981 	if (threshold > 0)
6982 		return -EINVAL;
6983 
6984 	wdev = dev->ieee80211_ptr;
6985 
6986 	if (!rdev->ops->set_cqm_rssi_config)
6987 		return -EOPNOTSUPP;
6988 
6989 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
6990 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
6991 		return -EOPNOTSUPP;
6992 
6993 	return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
6994 }
6995 
6996 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
6997 {
6998 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
6999 	struct nlattr *cqm;
7000 	int err;
7001 
7002 	cqm = info->attrs[NL80211_ATTR_CQM];
7003 	if (!cqm) {
7004 		err = -EINVAL;
7005 		goto out;
7006 	}
7007 
7008 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
7009 			       nl80211_attr_cqm_policy);
7010 	if (err)
7011 		goto out;
7012 
7013 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
7014 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
7015 		s32 threshold;
7016 		u32 hysteresis;
7017 		threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
7018 		hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
7019 		err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
7020 	} else if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
7021 		   attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
7022 		   attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
7023 		u32 rate, pkts, intvl;
7024 		rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
7025 		pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
7026 		intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
7027 		err = nl80211_set_cqm_txe(info, rate, pkts, intvl);
7028 	} else
7029 		err = -EINVAL;
7030 
7031 out:
7032 	return err;
7033 }
7034 
7035 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
7036 {
7037 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7038 	struct net_device *dev = info->user_ptr[1];
7039 	struct mesh_config cfg;
7040 	struct mesh_setup setup;
7041 	int err;
7042 
7043 	/* start with default */
7044 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
7045 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
7046 
7047 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
7048 		/* and parse parameters if given */
7049 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
7050 		if (err)
7051 			return err;
7052 	}
7053 
7054 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
7055 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
7056 		return -EINVAL;
7057 
7058 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
7059 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
7060 
7061 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
7062 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
7063 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
7064 			return -EINVAL;
7065 
7066 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
7067 		setup.beacon_interval =
7068 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
7069 		if (setup.beacon_interval < 10 ||
7070 		    setup.beacon_interval > 10000)
7071 			return -EINVAL;
7072 	}
7073 
7074 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
7075 		setup.dtim_period =
7076 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
7077 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
7078 			return -EINVAL;
7079 	}
7080 
7081 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
7082 		/* parse additional setup parameters if given */
7083 		err = nl80211_parse_mesh_setup(info, &setup);
7084 		if (err)
7085 			return err;
7086 	}
7087 
7088 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7089 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
7090 		if (err)
7091 			return err;
7092 	} else {
7093 		/* cfg80211_join_mesh() will sort it out */
7094 		setup.chandef.chan = NULL;
7095 	}
7096 
7097 	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
7098 }
7099 
7100 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
7101 {
7102 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7103 	struct net_device *dev = info->user_ptr[1];
7104 
7105 	return cfg80211_leave_mesh(rdev, dev);
7106 }
7107 
7108 #ifdef CONFIG_PM
7109 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
7110 					struct cfg80211_registered_device *rdev)
7111 {
7112 	struct nlattr *nl_pats, *nl_pat;
7113 	int i, pat_len;
7114 
7115 	if (!rdev->wowlan->n_patterns)
7116 		return 0;
7117 
7118 	nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
7119 	if (!nl_pats)
7120 		return -ENOBUFS;
7121 
7122 	for (i = 0; i < rdev->wowlan->n_patterns; i++) {
7123 		nl_pat = nla_nest_start(msg, i + 1);
7124 		if (!nl_pat)
7125 			return -ENOBUFS;
7126 		pat_len = rdev->wowlan->patterns[i].pattern_len;
7127 		if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK,
7128 			    DIV_ROUND_UP(pat_len, 8),
7129 			    rdev->wowlan->patterns[i].mask) ||
7130 		    nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
7131 			    pat_len, rdev->wowlan->patterns[i].pattern) ||
7132 		    nla_put_u32(msg, NL80211_WOWLAN_PKTPAT_OFFSET,
7133 				rdev->wowlan->patterns[i].pkt_offset))
7134 			return -ENOBUFS;
7135 		nla_nest_end(msg, nl_pat);
7136 	}
7137 	nla_nest_end(msg, nl_pats);
7138 
7139 	return 0;
7140 }
7141 
7142 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
7143 				   struct cfg80211_wowlan_tcp *tcp)
7144 {
7145 	struct nlattr *nl_tcp;
7146 
7147 	if (!tcp)
7148 		return 0;
7149 
7150 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
7151 	if (!nl_tcp)
7152 		return -ENOBUFS;
7153 
7154 	if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
7155 	    nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
7156 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
7157 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
7158 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
7159 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
7160 		    tcp->payload_len, tcp->payload) ||
7161 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
7162 			tcp->data_interval) ||
7163 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
7164 		    tcp->wake_len, tcp->wake_data) ||
7165 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
7166 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
7167 		return -ENOBUFS;
7168 
7169 	if (tcp->payload_seq.len &&
7170 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
7171 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
7172 		return -ENOBUFS;
7173 
7174 	if (tcp->payload_tok.len &&
7175 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
7176 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
7177 		    &tcp->payload_tok))
7178 		return -ENOBUFS;
7179 
7180 	return 0;
7181 }
7182 
7183 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
7184 {
7185 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7186 	struct sk_buff *msg;
7187 	void *hdr;
7188 	u32 size = NLMSG_DEFAULT_SIZE;
7189 
7190 	if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns &&
7191 	    !rdev->wiphy.wowlan.tcp)
7192 		return -EOPNOTSUPP;
7193 
7194 	if (rdev->wowlan && rdev->wowlan->tcp) {
7195 		/* adjust size to have room for all the data */
7196 		size += rdev->wowlan->tcp->tokens_size +
7197 			rdev->wowlan->tcp->payload_len +
7198 			rdev->wowlan->tcp->wake_len +
7199 			rdev->wowlan->tcp->wake_len / 8;
7200 	}
7201 
7202 	msg = nlmsg_new(size, GFP_KERNEL);
7203 	if (!msg)
7204 		return -ENOMEM;
7205 
7206 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7207 			     NL80211_CMD_GET_WOWLAN);
7208 	if (!hdr)
7209 		goto nla_put_failure;
7210 
7211 	if (rdev->wowlan) {
7212 		struct nlattr *nl_wowlan;
7213 
7214 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
7215 		if (!nl_wowlan)
7216 			goto nla_put_failure;
7217 
7218 		if ((rdev->wowlan->any &&
7219 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
7220 		    (rdev->wowlan->disconnect &&
7221 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
7222 		    (rdev->wowlan->magic_pkt &&
7223 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
7224 		    (rdev->wowlan->gtk_rekey_failure &&
7225 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
7226 		    (rdev->wowlan->eap_identity_req &&
7227 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
7228 		    (rdev->wowlan->four_way_handshake &&
7229 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
7230 		    (rdev->wowlan->rfkill_release &&
7231 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
7232 			goto nla_put_failure;
7233 
7234 		if (nl80211_send_wowlan_patterns(msg, rdev))
7235 			goto nla_put_failure;
7236 
7237 		if (nl80211_send_wowlan_tcp(msg, rdev->wowlan->tcp))
7238 			goto nla_put_failure;
7239 
7240 		nla_nest_end(msg, nl_wowlan);
7241 	}
7242 
7243 	genlmsg_end(msg, hdr);
7244 	return genlmsg_reply(msg, info);
7245 
7246 nla_put_failure:
7247 	nlmsg_free(msg);
7248 	return -ENOBUFS;
7249 }
7250 
7251 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
7252 				    struct nlattr *attr,
7253 				    struct cfg80211_wowlan *trig)
7254 {
7255 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
7256 	struct cfg80211_wowlan_tcp *cfg;
7257 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
7258 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
7259 	u32 size;
7260 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
7261 	int err, port;
7262 
7263 	if (!rdev->wiphy.wowlan.tcp)
7264 		return -EINVAL;
7265 
7266 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
7267 			nla_data(attr), nla_len(attr),
7268 			nl80211_wowlan_tcp_policy);
7269 	if (err)
7270 		return err;
7271 
7272 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
7273 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
7274 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
7275 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
7276 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
7277 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
7278 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
7279 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
7280 		return -EINVAL;
7281 
7282 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
7283 	if (data_size > rdev->wiphy.wowlan.tcp->data_payload_max)
7284 		return -EINVAL;
7285 
7286 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
7287 			rdev->wiphy.wowlan.tcp->data_interval_max)
7288 		return -EINVAL;
7289 
7290 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
7291 	if (wake_size > rdev->wiphy.wowlan.tcp->wake_payload_max)
7292 		return -EINVAL;
7293 
7294 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
7295 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
7296 		return -EINVAL;
7297 
7298 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
7299 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
7300 
7301 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
7302 		tokens_size = tokln - sizeof(*tok);
7303 
7304 		if (!tok->len || tokens_size % tok->len)
7305 			return -EINVAL;
7306 		if (!rdev->wiphy.wowlan.tcp->tok)
7307 			return -EINVAL;
7308 		if (tok->len > rdev->wiphy.wowlan.tcp->tok->max_len)
7309 			return -EINVAL;
7310 		if (tok->len < rdev->wiphy.wowlan.tcp->tok->min_len)
7311 			return -EINVAL;
7312 		if (tokens_size > rdev->wiphy.wowlan.tcp->tok->bufsize)
7313 			return -EINVAL;
7314 		if (tok->offset + tok->len > data_size)
7315 			return -EINVAL;
7316 	}
7317 
7318 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
7319 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
7320 		if (!rdev->wiphy.wowlan.tcp->seq)
7321 			return -EINVAL;
7322 		if (seq->len == 0 || seq->len > 4)
7323 			return -EINVAL;
7324 		if (seq->len + seq->offset > data_size)
7325 			return -EINVAL;
7326 	}
7327 
7328 	size = sizeof(*cfg);
7329 	size += data_size;
7330 	size += wake_size + wake_mask_size;
7331 	size += tokens_size;
7332 
7333 	cfg = kzalloc(size, GFP_KERNEL);
7334 	if (!cfg)
7335 		return -ENOMEM;
7336 	cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
7337 	cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
7338 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
7339 	       ETH_ALEN);
7340 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
7341 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
7342 	else
7343 		port = 0;
7344 #ifdef CONFIG_INET
7345 	/* allocate a socket and port for it and use it */
7346 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
7347 			    IPPROTO_TCP, &cfg->sock, 1);
7348 	if (err) {
7349 		kfree(cfg);
7350 		return err;
7351 	}
7352 	if (inet_csk_get_port(cfg->sock->sk, port)) {
7353 		sock_release(cfg->sock);
7354 		kfree(cfg);
7355 		return -EADDRINUSE;
7356 	}
7357 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
7358 #else
7359 	if (!port) {
7360 		kfree(cfg);
7361 		return -EINVAL;
7362 	}
7363 	cfg->src_port = port;
7364 #endif
7365 
7366 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
7367 	cfg->payload_len = data_size;
7368 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
7369 	memcpy((void *)cfg->payload,
7370 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
7371 	       data_size);
7372 	if (seq)
7373 		cfg->payload_seq = *seq;
7374 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
7375 	cfg->wake_len = wake_size;
7376 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
7377 	memcpy((void *)cfg->wake_data,
7378 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
7379 	       wake_size);
7380 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
7381 			 data_size + wake_size;
7382 	memcpy((void *)cfg->wake_mask,
7383 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
7384 	       wake_mask_size);
7385 	if (tok) {
7386 		cfg->tokens_size = tokens_size;
7387 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
7388 	}
7389 
7390 	trig->tcp = cfg;
7391 
7392 	return 0;
7393 }
7394 
7395 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
7396 {
7397 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7398 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
7399 	struct cfg80211_wowlan new_triggers = {};
7400 	struct cfg80211_wowlan *ntrig;
7401 	struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan;
7402 	int err, i;
7403 	bool prev_enabled = rdev->wowlan;
7404 
7405 	if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns &&
7406 	    !rdev->wiphy.wowlan.tcp)
7407 		return -EOPNOTSUPP;
7408 
7409 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
7410 		cfg80211_rdev_free_wowlan(rdev);
7411 		rdev->wowlan = NULL;
7412 		goto set_wakeup;
7413 	}
7414 
7415 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
7416 			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
7417 			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
7418 			nl80211_wowlan_policy);
7419 	if (err)
7420 		return err;
7421 
7422 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
7423 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
7424 			return -EINVAL;
7425 		new_triggers.any = true;
7426 	}
7427 
7428 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
7429 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
7430 			return -EINVAL;
7431 		new_triggers.disconnect = true;
7432 	}
7433 
7434 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
7435 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
7436 			return -EINVAL;
7437 		new_triggers.magic_pkt = true;
7438 	}
7439 
7440 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
7441 		return -EINVAL;
7442 
7443 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
7444 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
7445 			return -EINVAL;
7446 		new_triggers.gtk_rekey_failure = true;
7447 	}
7448 
7449 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
7450 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
7451 			return -EINVAL;
7452 		new_triggers.eap_identity_req = true;
7453 	}
7454 
7455 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
7456 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
7457 			return -EINVAL;
7458 		new_triggers.four_way_handshake = true;
7459 	}
7460 
7461 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
7462 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
7463 			return -EINVAL;
7464 		new_triggers.rfkill_release = true;
7465 	}
7466 
7467 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
7468 		struct nlattr *pat;
7469 		int n_patterns = 0;
7470 		int rem, pat_len, mask_len, pkt_offset;
7471 		struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
7472 
7473 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
7474 				    rem)
7475 			n_patterns++;
7476 		if (n_patterns > wowlan->n_patterns)
7477 			return -EINVAL;
7478 
7479 		new_triggers.patterns = kcalloc(n_patterns,
7480 						sizeof(new_triggers.patterns[0]),
7481 						GFP_KERNEL);
7482 		if (!new_triggers.patterns)
7483 			return -ENOMEM;
7484 
7485 		new_triggers.n_patterns = n_patterns;
7486 		i = 0;
7487 
7488 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
7489 				    rem) {
7490 			nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
7491 				  nla_data(pat), nla_len(pat), NULL);
7492 			err = -EINVAL;
7493 			if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
7494 			    !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
7495 				goto error;
7496 			pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
7497 			mask_len = DIV_ROUND_UP(pat_len, 8);
7498 			if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
7499 			    mask_len)
7500 				goto error;
7501 			if (pat_len > wowlan->pattern_max_len ||
7502 			    pat_len < wowlan->pattern_min_len)
7503 				goto error;
7504 
7505 			if (!pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET])
7506 				pkt_offset = 0;
7507 			else
7508 				pkt_offset = nla_get_u32(
7509 					pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]);
7510 			if (pkt_offset > wowlan->max_pkt_offset)
7511 				goto error;
7512 			new_triggers.patterns[i].pkt_offset = pkt_offset;
7513 
7514 			new_triggers.patterns[i].mask =
7515 				kmalloc(mask_len + pat_len, GFP_KERNEL);
7516 			if (!new_triggers.patterns[i].mask) {
7517 				err = -ENOMEM;
7518 				goto error;
7519 			}
7520 			new_triggers.patterns[i].pattern =
7521 				new_triggers.patterns[i].mask + mask_len;
7522 			memcpy(new_triggers.patterns[i].mask,
7523 			       nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
7524 			       mask_len);
7525 			new_triggers.patterns[i].pattern_len = pat_len;
7526 			memcpy(new_triggers.patterns[i].pattern,
7527 			       nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
7528 			       pat_len);
7529 			i++;
7530 		}
7531 	}
7532 
7533 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
7534 		err = nl80211_parse_wowlan_tcp(
7535 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
7536 			&new_triggers);
7537 		if (err)
7538 			goto error;
7539 	}
7540 
7541 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
7542 	if (!ntrig) {
7543 		err = -ENOMEM;
7544 		goto error;
7545 	}
7546 	cfg80211_rdev_free_wowlan(rdev);
7547 	rdev->wowlan = ntrig;
7548 
7549  set_wakeup:
7550 	if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan)
7551 		rdev_set_wakeup(rdev, rdev->wowlan);
7552 
7553 	return 0;
7554  error:
7555 	for (i = 0; i < new_triggers.n_patterns; i++)
7556 		kfree(new_triggers.patterns[i].mask);
7557 	kfree(new_triggers.patterns);
7558 	if (new_triggers.tcp && new_triggers.tcp->sock)
7559 		sock_release(new_triggers.tcp->sock);
7560 	kfree(new_triggers.tcp);
7561 	return err;
7562 }
7563 #endif
7564 
7565 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
7566 {
7567 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7568 	struct net_device *dev = info->user_ptr[1];
7569 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7570 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
7571 	struct cfg80211_gtk_rekey_data rekey_data;
7572 	int err;
7573 
7574 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
7575 		return -EINVAL;
7576 
7577 	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
7578 			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
7579 			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
7580 			nl80211_rekey_policy);
7581 	if (err)
7582 		return err;
7583 
7584 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
7585 		return -ERANGE;
7586 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
7587 		return -ERANGE;
7588 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
7589 		return -ERANGE;
7590 
7591 	memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
7592 	       NL80211_KEK_LEN);
7593 	memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
7594 	       NL80211_KCK_LEN);
7595 	memcpy(rekey_data.replay_ctr,
7596 	       nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
7597 	       NL80211_REPLAY_CTR_LEN);
7598 
7599 	wdev_lock(wdev);
7600 	if (!wdev->current_bss) {
7601 		err = -ENOTCONN;
7602 		goto out;
7603 	}
7604 
7605 	if (!rdev->ops->set_rekey_data) {
7606 		err = -EOPNOTSUPP;
7607 		goto out;
7608 	}
7609 
7610 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
7611  out:
7612 	wdev_unlock(wdev);
7613 	return err;
7614 }
7615 
7616 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
7617 					     struct genl_info *info)
7618 {
7619 	struct net_device *dev = info->user_ptr[1];
7620 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7621 
7622 	if (wdev->iftype != NL80211_IFTYPE_AP &&
7623 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
7624 		return -EINVAL;
7625 
7626 	if (wdev->ap_unexpected_nlportid)
7627 		return -EBUSY;
7628 
7629 	wdev->ap_unexpected_nlportid = info->snd_portid;
7630 	return 0;
7631 }
7632 
7633 static int nl80211_probe_client(struct sk_buff *skb,
7634 				struct genl_info *info)
7635 {
7636 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7637 	struct net_device *dev = info->user_ptr[1];
7638 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7639 	struct sk_buff *msg;
7640 	void *hdr;
7641 	const u8 *addr;
7642 	u64 cookie;
7643 	int err;
7644 
7645 	if (wdev->iftype != NL80211_IFTYPE_AP &&
7646 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
7647 		return -EOPNOTSUPP;
7648 
7649 	if (!info->attrs[NL80211_ATTR_MAC])
7650 		return -EINVAL;
7651 
7652 	if (!rdev->ops->probe_client)
7653 		return -EOPNOTSUPP;
7654 
7655 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7656 	if (!msg)
7657 		return -ENOMEM;
7658 
7659 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7660 			     NL80211_CMD_PROBE_CLIENT);
7661 
7662 	if (IS_ERR(hdr)) {
7663 		err = PTR_ERR(hdr);
7664 		goto free_msg;
7665 	}
7666 
7667 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
7668 
7669 	err = rdev_probe_client(rdev, dev, addr, &cookie);
7670 	if (err)
7671 		goto free_msg;
7672 
7673 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7674 		goto nla_put_failure;
7675 
7676 	genlmsg_end(msg, hdr);
7677 
7678 	return genlmsg_reply(msg, info);
7679 
7680  nla_put_failure:
7681 	err = -ENOBUFS;
7682  free_msg:
7683 	nlmsg_free(msg);
7684 	return err;
7685 }
7686 
7687 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
7688 {
7689 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7690 	struct cfg80211_beacon_registration *reg, *nreg;
7691 	int rv;
7692 
7693 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
7694 		return -EOPNOTSUPP;
7695 
7696 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
7697 	if (!nreg)
7698 		return -ENOMEM;
7699 
7700 	/* First, check if already registered. */
7701 	spin_lock_bh(&rdev->beacon_registrations_lock);
7702 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
7703 		if (reg->nlportid == info->snd_portid) {
7704 			rv = -EALREADY;
7705 			goto out_err;
7706 		}
7707 	}
7708 	/* Add it to the list */
7709 	nreg->nlportid = info->snd_portid;
7710 	list_add(&nreg->list, &rdev->beacon_registrations);
7711 
7712 	spin_unlock_bh(&rdev->beacon_registrations_lock);
7713 
7714 	return 0;
7715 out_err:
7716 	spin_unlock_bh(&rdev->beacon_registrations_lock);
7717 	kfree(nreg);
7718 	return rv;
7719 }
7720 
7721 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
7722 {
7723 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7724 	struct wireless_dev *wdev = info->user_ptr[1];
7725 	int err;
7726 
7727 	if (!rdev->ops->start_p2p_device)
7728 		return -EOPNOTSUPP;
7729 
7730 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
7731 		return -EOPNOTSUPP;
7732 
7733 	if (wdev->p2p_started)
7734 		return 0;
7735 
7736 	mutex_lock(&rdev->devlist_mtx);
7737 	err = cfg80211_can_add_interface(rdev, wdev->iftype);
7738 	mutex_unlock(&rdev->devlist_mtx);
7739 	if (err)
7740 		return err;
7741 
7742 	err = rdev_start_p2p_device(rdev, wdev);
7743 	if (err)
7744 		return err;
7745 
7746 	wdev->p2p_started = true;
7747 	mutex_lock(&rdev->devlist_mtx);
7748 	rdev->opencount++;
7749 	mutex_unlock(&rdev->devlist_mtx);
7750 
7751 	return 0;
7752 }
7753 
7754 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
7755 {
7756 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7757 	struct wireless_dev *wdev = info->user_ptr[1];
7758 
7759 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
7760 		return -EOPNOTSUPP;
7761 
7762 	if (!rdev->ops->stop_p2p_device)
7763 		return -EOPNOTSUPP;
7764 
7765 	mutex_lock(&rdev->sched_scan_mtx);
7766 	cfg80211_stop_p2p_device(rdev, wdev);
7767 	mutex_unlock(&rdev->sched_scan_mtx);
7768 
7769 	return 0;
7770 }
7771 
7772 #define NL80211_FLAG_NEED_WIPHY		0x01
7773 #define NL80211_FLAG_NEED_NETDEV	0x02
7774 #define NL80211_FLAG_NEED_RTNL		0x04
7775 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
7776 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
7777 					 NL80211_FLAG_CHECK_NETDEV_UP)
7778 #define NL80211_FLAG_NEED_WDEV		0x10
7779 /* If a netdev is associated, it must be UP, P2P must be started */
7780 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
7781 					 NL80211_FLAG_CHECK_NETDEV_UP)
7782 
7783 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
7784 			    struct genl_info *info)
7785 {
7786 	struct cfg80211_registered_device *rdev;
7787 	struct wireless_dev *wdev;
7788 	struct net_device *dev;
7789 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
7790 
7791 	if (rtnl)
7792 		rtnl_lock();
7793 
7794 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
7795 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
7796 		if (IS_ERR(rdev)) {
7797 			if (rtnl)
7798 				rtnl_unlock();
7799 			return PTR_ERR(rdev);
7800 		}
7801 		info->user_ptr[0] = rdev;
7802 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
7803 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
7804 		mutex_lock(&cfg80211_mutex);
7805 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
7806 						  info->attrs);
7807 		if (IS_ERR(wdev)) {
7808 			mutex_unlock(&cfg80211_mutex);
7809 			if (rtnl)
7810 				rtnl_unlock();
7811 			return PTR_ERR(wdev);
7812 		}
7813 
7814 		dev = wdev->netdev;
7815 		rdev = wiphy_to_dev(wdev->wiphy);
7816 
7817 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
7818 			if (!dev) {
7819 				mutex_unlock(&cfg80211_mutex);
7820 				if (rtnl)
7821 					rtnl_unlock();
7822 				return -EINVAL;
7823 			}
7824 
7825 			info->user_ptr[1] = dev;
7826 		} else {
7827 			info->user_ptr[1] = wdev;
7828 		}
7829 
7830 		if (dev) {
7831 			if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
7832 			    !netif_running(dev)) {
7833 				mutex_unlock(&cfg80211_mutex);
7834 				if (rtnl)
7835 					rtnl_unlock();
7836 				return -ENETDOWN;
7837 			}
7838 
7839 			dev_hold(dev);
7840 		} else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
7841 			if (!wdev->p2p_started) {
7842 				mutex_unlock(&cfg80211_mutex);
7843 				if (rtnl)
7844 					rtnl_unlock();
7845 				return -ENETDOWN;
7846 			}
7847 		}
7848 
7849 		cfg80211_lock_rdev(rdev);
7850 
7851 		mutex_unlock(&cfg80211_mutex);
7852 
7853 		info->user_ptr[0] = rdev;
7854 	}
7855 
7856 	return 0;
7857 }
7858 
7859 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
7860 			      struct genl_info *info)
7861 {
7862 	if (info->user_ptr[0])
7863 		cfg80211_unlock_rdev(info->user_ptr[0]);
7864 	if (info->user_ptr[1]) {
7865 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
7866 			struct wireless_dev *wdev = info->user_ptr[1];
7867 
7868 			if (wdev->netdev)
7869 				dev_put(wdev->netdev);
7870 		} else {
7871 			dev_put(info->user_ptr[1]);
7872 		}
7873 	}
7874 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
7875 		rtnl_unlock();
7876 }
7877 
7878 static struct genl_ops nl80211_ops[] = {
7879 	{
7880 		.cmd = NL80211_CMD_GET_WIPHY,
7881 		.doit = nl80211_get_wiphy,
7882 		.dumpit = nl80211_dump_wiphy,
7883 		.policy = nl80211_policy,
7884 		/* can be retrieved by unprivileged users */
7885 		.internal_flags = NL80211_FLAG_NEED_WIPHY,
7886 	},
7887 	{
7888 		.cmd = NL80211_CMD_SET_WIPHY,
7889 		.doit = nl80211_set_wiphy,
7890 		.policy = nl80211_policy,
7891 		.flags = GENL_ADMIN_PERM,
7892 		.internal_flags = NL80211_FLAG_NEED_RTNL,
7893 	},
7894 	{
7895 		.cmd = NL80211_CMD_GET_INTERFACE,
7896 		.doit = nl80211_get_interface,
7897 		.dumpit = nl80211_dump_interface,
7898 		.policy = nl80211_policy,
7899 		/* can be retrieved by unprivileged users */
7900 		.internal_flags = NL80211_FLAG_NEED_WDEV,
7901 	},
7902 	{
7903 		.cmd = NL80211_CMD_SET_INTERFACE,
7904 		.doit = nl80211_set_interface,
7905 		.policy = nl80211_policy,
7906 		.flags = GENL_ADMIN_PERM,
7907 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
7908 				  NL80211_FLAG_NEED_RTNL,
7909 	},
7910 	{
7911 		.cmd = NL80211_CMD_NEW_INTERFACE,
7912 		.doit = nl80211_new_interface,
7913 		.policy = nl80211_policy,
7914 		.flags = GENL_ADMIN_PERM,
7915 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
7916 				  NL80211_FLAG_NEED_RTNL,
7917 	},
7918 	{
7919 		.cmd = NL80211_CMD_DEL_INTERFACE,
7920 		.doit = nl80211_del_interface,
7921 		.policy = nl80211_policy,
7922 		.flags = GENL_ADMIN_PERM,
7923 		.internal_flags = NL80211_FLAG_NEED_WDEV |
7924 				  NL80211_FLAG_NEED_RTNL,
7925 	},
7926 	{
7927 		.cmd = NL80211_CMD_GET_KEY,
7928 		.doit = nl80211_get_key,
7929 		.policy = nl80211_policy,
7930 		.flags = GENL_ADMIN_PERM,
7931 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7932 				  NL80211_FLAG_NEED_RTNL,
7933 	},
7934 	{
7935 		.cmd = NL80211_CMD_SET_KEY,
7936 		.doit = nl80211_set_key,
7937 		.policy = nl80211_policy,
7938 		.flags = GENL_ADMIN_PERM,
7939 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7940 				  NL80211_FLAG_NEED_RTNL,
7941 	},
7942 	{
7943 		.cmd = NL80211_CMD_NEW_KEY,
7944 		.doit = nl80211_new_key,
7945 		.policy = nl80211_policy,
7946 		.flags = GENL_ADMIN_PERM,
7947 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7948 				  NL80211_FLAG_NEED_RTNL,
7949 	},
7950 	{
7951 		.cmd = NL80211_CMD_DEL_KEY,
7952 		.doit = nl80211_del_key,
7953 		.policy = nl80211_policy,
7954 		.flags = GENL_ADMIN_PERM,
7955 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7956 				  NL80211_FLAG_NEED_RTNL,
7957 	},
7958 	{
7959 		.cmd = NL80211_CMD_SET_BEACON,
7960 		.policy = nl80211_policy,
7961 		.flags = GENL_ADMIN_PERM,
7962 		.doit = nl80211_set_beacon,
7963 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7964 				  NL80211_FLAG_NEED_RTNL,
7965 	},
7966 	{
7967 		.cmd = NL80211_CMD_START_AP,
7968 		.policy = nl80211_policy,
7969 		.flags = GENL_ADMIN_PERM,
7970 		.doit = nl80211_start_ap,
7971 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7972 				  NL80211_FLAG_NEED_RTNL,
7973 	},
7974 	{
7975 		.cmd = NL80211_CMD_STOP_AP,
7976 		.policy = nl80211_policy,
7977 		.flags = GENL_ADMIN_PERM,
7978 		.doit = nl80211_stop_ap,
7979 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7980 				  NL80211_FLAG_NEED_RTNL,
7981 	},
7982 	{
7983 		.cmd = NL80211_CMD_GET_STATION,
7984 		.doit = nl80211_get_station,
7985 		.dumpit = nl80211_dump_station,
7986 		.policy = nl80211_policy,
7987 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
7988 				  NL80211_FLAG_NEED_RTNL,
7989 	},
7990 	{
7991 		.cmd = NL80211_CMD_SET_STATION,
7992 		.doit = nl80211_set_station,
7993 		.policy = nl80211_policy,
7994 		.flags = GENL_ADMIN_PERM,
7995 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7996 				  NL80211_FLAG_NEED_RTNL,
7997 	},
7998 	{
7999 		.cmd = NL80211_CMD_NEW_STATION,
8000 		.doit = nl80211_new_station,
8001 		.policy = nl80211_policy,
8002 		.flags = GENL_ADMIN_PERM,
8003 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8004 				  NL80211_FLAG_NEED_RTNL,
8005 	},
8006 	{
8007 		.cmd = NL80211_CMD_DEL_STATION,
8008 		.doit = nl80211_del_station,
8009 		.policy = nl80211_policy,
8010 		.flags = GENL_ADMIN_PERM,
8011 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8012 				  NL80211_FLAG_NEED_RTNL,
8013 	},
8014 	{
8015 		.cmd = NL80211_CMD_GET_MPATH,
8016 		.doit = nl80211_get_mpath,
8017 		.dumpit = nl80211_dump_mpath,
8018 		.policy = nl80211_policy,
8019 		.flags = GENL_ADMIN_PERM,
8020 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8021 				  NL80211_FLAG_NEED_RTNL,
8022 	},
8023 	{
8024 		.cmd = NL80211_CMD_SET_MPATH,
8025 		.doit = nl80211_set_mpath,
8026 		.policy = nl80211_policy,
8027 		.flags = GENL_ADMIN_PERM,
8028 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8029 				  NL80211_FLAG_NEED_RTNL,
8030 	},
8031 	{
8032 		.cmd = NL80211_CMD_NEW_MPATH,
8033 		.doit = nl80211_new_mpath,
8034 		.policy = nl80211_policy,
8035 		.flags = GENL_ADMIN_PERM,
8036 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8037 				  NL80211_FLAG_NEED_RTNL,
8038 	},
8039 	{
8040 		.cmd = NL80211_CMD_DEL_MPATH,
8041 		.doit = nl80211_del_mpath,
8042 		.policy = nl80211_policy,
8043 		.flags = GENL_ADMIN_PERM,
8044 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8045 				  NL80211_FLAG_NEED_RTNL,
8046 	},
8047 	{
8048 		.cmd = NL80211_CMD_SET_BSS,
8049 		.doit = nl80211_set_bss,
8050 		.policy = nl80211_policy,
8051 		.flags = GENL_ADMIN_PERM,
8052 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8053 				  NL80211_FLAG_NEED_RTNL,
8054 	},
8055 	{
8056 		.cmd = NL80211_CMD_GET_REG,
8057 		.doit = nl80211_get_reg,
8058 		.policy = nl80211_policy,
8059 		/* can be retrieved by unprivileged users */
8060 	},
8061 	{
8062 		.cmd = NL80211_CMD_SET_REG,
8063 		.doit = nl80211_set_reg,
8064 		.policy = nl80211_policy,
8065 		.flags = GENL_ADMIN_PERM,
8066 	},
8067 	{
8068 		.cmd = NL80211_CMD_REQ_SET_REG,
8069 		.doit = nl80211_req_set_reg,
8070 		.policy = nl80211_policy,
8071 		.flags = GENL_ADMIN_PERM,
8072 	},
8073 	{
8074 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
8075 		.doit = nl80211_get_mesh_config,
8076 		.policy = nl80211_policy,
8077 		/* can be retrieved by unprivileged users */
8078 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8079 				  NL80211_FLAG_NEED_RTNL,
8080 	},
8081 	{
8082 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
8083 		.doit = nl80211_update_mesh_config,
8084 		.policy = nl80211_policy,
8085 		.flags = GENL_ADMIN_PERM,
8086 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8087 				  NL80211_FLAG_NEED_RTNL,
8088 	},
8089 	{
8090 		.cmd = NL80211_CMD_TRIGGER_SCAN,
8091 		.doit = nl80211_trigger_scan,
8092 		.policy = nl80211_policy,
8093 		.flags = GENL_ADMIN_PERM,
8094 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8095 				  NL80211_FLAG_NEED_RTNL,
8096 	},
8097 	{
8098 		.cmd = NL80211_CMD_GET_SCAN,
8099 		.policy = nl80211_policy,
8100 		.dumpit = nl80211_dump_scan,
8101 	},
8102 	{
8103 		.cmd = NL80211_CMD_START_SCHED_SCAN,
8104 		.doit = nl80211_start_sched_scan,
8105 		.policy = nl80211_policy,
8106 		.flags = GENL_ADMIN_PERM,
8107 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8108 				  NL80211_FLAG_NEED_RTNL,
8109 	},
8110 	{
8111 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
8112 		.doit = nl80211_stop_sched_scan,
8113 		.policy = nl80211_policy,
8114 		.flags = GENL_ADMIN_PERM,
8115 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8116 				  NL80211_FLAG_NEED_RTNL,
8117 	},
8118 	{
8119 		.cmd = NL80211_CMD_AUTHENTICATE,
8120 		.doit = nl80211_authenticate,
8121 		.policy = nl80211_policy,
8122 		.flags = GENL_ADMIN_PERM,
8123 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8124 				  NL80211_FLAG_NEED_RTNL,
8125 	},
8126 	{
8127 		.cmd = NL80211_CMD_ASSOCIATE,
8128 		.doit = nl80211_associate,
8129 		.policy = nl80211_policy,
8130 		.flags = GENL_ADMIN_PERM,
8131 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8132 				  NL80211_FLAG_NEED_RTNL,
8133 	},
8134 	{
8135 		.cmd = NL80211_CMD_DEAUTHENTICATE,
8136 		.doit = nl80211_deauthenticate,
8137 		.policy = nl80211_policy,
8138 		.flags = GENL_ADMIN_PERM,
8139 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8140 				  NL80211_FLAG_NEED_RTNL,
8141 	},
8142 	{
8143 		.cmd = NL80211_CMD_DISASSOCIATE,
8144 		.doit = nl80211_disassociate,
8145 		.policy = nl80211_policy,
8146 		.flags = GENL_ADMIN_PERM,
8147 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8148 				  NL80211_FLAG_NEED_RTNL,
8149 	},
8150 	{
8151 		.cmd = NL80211_CMD_JOIN_IBSS,
8152 		.doit = nl80211_join_ibss,
8153 		.policy = nl80211_policy,
8154 		.flags = GENL_ADMIN_PERM,
8155 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8156 				  NL80211_FLAG_NEED_RTNL,
8157 	},
8158 	{
8159 		.cmd = NL80211_CMD_LEAVE_IBSS,
8160 		.doit = nl80211_leave_ibss,
8161 		.policy = nl80211_policy,
8162 		.flags = GENL_ADMIN_PERM,
8163 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8164 				  NL80211_FLAG_NEED_RTNL,
8165 	},
8166 #ifdef CONFIG_NL80211_TESTMODE
8167 	{
8168 		.cmd = NL80211_CMD_TESTMODE,
8169 		.doit = nl80211_testmode_do,
8170 		.dumpit = nl80211_testmode_dump,
8171 		.policy = nl80211_policy,
8172 		.flags = GENL_ADMIN_PERM,
8173 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
8174 				  NL80211_FLAG_NEED_RTNL,
8175 	},
8176 #endif
8177 	{
8178 		.cmd = NL80211_CMD_CONNECT,
8179 		.doit = nl80211_connect,
8180 		.policy = nl80211_policy,
8181 		.flags = GENL_ADMIN_PERM,
8182 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8183 				  NL80211_FLAG_NEED_RTNL,
8184 	},
8185 	{
8186 		.cmd = NL80211_CMD_DISCONNECT,
8187 		.doit = nl80211_disconnect,
8188 		.policy = nl80211_policy,
8189 		.flags = GENL_ADMIN_PERM,
8190 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8191 				  NL80211_FLAG_NEED_RTNL,
8192 	},
8193 	{
8194 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
8195 		.doit = nl80211_wiphy_netns,
8196 		.policy = nl80211_policy,
8197 		.flags = GENL_ADMIN_PERM,
8198 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
8199 				  NL80211_FLAG_NEED_RTNL,
8200 	},
8201 	{
8202 		.cmd = NL80211_CMD_GET_SURVEY,
8203 		.policy = nl80211_policy,
8204 		.dumpit = nl80211_dump_survey,
8205 	},
8206 	{
8207 		.cmd = NL80211_CMD_SET_PMKSA,
8208 		.doit = nl80211_setdel_pmksa,
8209 		.policy = nl80211_policy,
8210 		.flags = GENL_ADMIN_PERM,
8211 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8212 				  NL80211_FLAG_NEED_RTNL,
8213 	},
8214 	{
8215 		.cmd = NL80211_CMD_DEL_PMKSA,
8216 		.doit = nl80211_setdel_pmksa,
8217 		.policy = nl80211_policy,
8218 		.flags = GENL_ADMIN_PERM,
8219 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8220 				  NL80211_FLAG_NEED_RTNL,
8221 	},
8222 	{
8223 		.cmd = NL80211_CMD_FLUSH_PMKSA,
8224 		.doit = nl80211_flush_pmksa,
8225 		.policy = nl80211_policy,
8226 		.flags = GENL_ADMIN_PERM,
8227 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8228 				  NL80211_FLAG_NEED_RTNL,
8229 	},
8230 	{
8231 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
8232 		.doit = nl80211_remain_on_channel,
8233 		.policy = nl80211_policy,
8234 		.flags = GENL_ADMIN_PERM,
8235 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8236 				  NL80211_FLAG_NEED_RTNL,
8237 	},
8238 	{
8239 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
8240 		.doit = nl80211_cancel_remain_on_channel,
8241 		.policy = nl80211_policy,
8242 		.flags = GENL_ADMIN_PERM,
8243 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8244 				  NL80211_FLAG_NEED_RTNL,
8245 	},
8246 	{
8247 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
8248 		.doit = nl80211_set_tx_bitrate_mask,
8249 		.policy = nl80211_policy,
8250 		.flags = GENL_ADMIN_PERM,
8251 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8252 				  NL80211_FLAG_NEED_RTNL,
8253 	},
8254 	{
8255 		.cmd = NL80211_CMD_REGISTER_FRAME,
8256 		.doit = nl80211_register_mgmt,
8257 		.policy = nl80211_policy,
8258 		.flags = GENL_ADMIN_PERM,
8259 		.internal_flags = NL80211_FLAG_NEED_WDEV |
8260 				  NL80211_FLAG_NEED_RTNL,
8261 	},
8262 	{
8263 		.cmd = NL80211_CMD_FRAME,
8264 		.doit = nl80211_tx_mgmt,
8265 		.policy = nl80211_policy,
8266 		.flags = GENL_ADMIN_PERM,
8267 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8268 				  NL80211_FLAG_NEED_RTNL,
8269 	},
8270 	{
8271 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
8272 		.doit = nl80211_tx_mgmt_cancel_wait,
8273 		.policy = nl80211_policy,
8274 		.flags = GENL_ADMIN_PERM,
8275 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8276 				  NL80211_FLAG_NEED_RTNL,
8277 	},
8278 	{
8279 		.cmd = NL80211_CMD_SET_POWER_SAVE,
8280 		.doit = nl80211_set_power_save,
8281 		.policy = nl80211_policy,
8282 		.flags = GENL_ADMIN_PERM,
8283 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8284 				  NL80211_FLAG_NEED_RTNL,
8285 	},
8286 	{
8287 		.cmd = NL80211_CMD_GET_POWER_SAVE,
8288 		.doit = nl80211_get_power_save,
8289 		.policy = nl80211_policy,
8290 		/* can be retrieved by unprivileged users */
8291 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8292 				  NL80211_FLAG_NEED_RTNL,
8293 	},
8294 	{
8295 		.cmd = NL80211_CMD_SET_CQM,
8296 		.doit = nl80211_set_cqm,
8297 		.policy = nl80211_policy,
8298 		.flags = GENL_ADMIN_PERM,
8299 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8300 				  NL80211_FLAG_NEED_RTNL,
8301 	},
8302 	{
8303 		.cmd = NL80211_CMD_SET_CHANNEL,
8304 		.doit = nl80211_set_channel,
8305 		.policy = nl80211_policy,
8306 		.flags = GENL_ADMIN_PERM,
8307 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8308 				  NL80211_FLAG_NEED_RTNL,
8309 	},
8310 	{
8311 		.cmd = NL80211_CMD_SET_WDS_PEER,
8312 		.doit = nl80211_set_wds_peer,
8313 		.policy = nl80211_policy,
8314 		.flags = GENL_ADMIN_PERM,
8315 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8316 				  NL80211_FLAG_NEED_RTNL,
8317 	},
8318 	{
8319 		.cmd = NL80211_CMD_JOIN_MESH,
8320 		.doit = nl80211_join_mesh,
8321 		.policy = nl80211_policy,
8322 		.flags = GENL_ADMIN_PERM,
8323 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8324 				  NL80211_FLAG_NEED_RTNL,
8325 	},
8326 	{
8327 		.cmd = NL80211_CMD_LEAVE_MESH,
8328 		.doit = nl80211_leave_mesh,
8329 		.policy = nl80211_policy,
8330 		.flags = GENL_ADMIN_PERM,
8331 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8332 				  NL80211_FLAG_NEED_RTNL,
8333 	},
8334 #ifdef CONFIG_PM
8335 	{
8336 		.cmd = NL80211_CMD_GET_WOWLAN,
8337 		.doit = nl80211_get_wowlan,
8338 		.policy = nl80211_policy,
8339 		/* can be retrieved by unprivileged users */
8340 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
8341 				  NL80211_FLAG_NEED_RTNL,
8342 	},
8343 	{
8344 		.cmd = NL80211_CMD_SET_WOWLAN,
8345 		.doit = nl80211_set_wowlan,
8346 		.policy = nl80211_policy,
8347 		.flags = GENL_ADMIN_PERM,
8348 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
8349 				  NL80211_FLAG_NEED_RTNL,
8350 	},
8351 #endif
8352 	{
8353 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
8354 		.doit = nl80211_set_rekey_data,
8355 		.policy = nl80211_policy,
8356 		.flags = GENL_ADMIN_PERM,
8357 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8358 				  NL80211_FLAG_NEED_RTNL,
8359 	},
8360 	{
8361 		.cmd = NL80211_CMD_TDLS_MGMT,
8362 		.doit = nl80211_tdls_mgmt,
8363 		.policy = nl80211_policy,
8364 		.flags = GENL_ADMIN_PERM,
8365 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8366 				  NL80211_FLAG_NEED_RTNL,
8367 	},
8368 	{
8369 		.cmd = NL80211_CMD_TDLS_OPER,
8370 		.doit = nl80211_tdls_oper,
8371 		.policy = nl80211_policy,
8372 		.flags = GENL_ADMIN_PERM,
8373 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8374 				  NL80211_FLAG_NEED_RTNL,
8375 	},
8376 	{
8377 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
8378 		.doit = nl80211_register_unexpected_frame,
8379 		.policy = nl80211_policy,
8380 		.flags = GENL_ADMIN_PERM,
8381 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8382 				  NL80211_FLAG_NEED_RTNL,
8383 	},
8384 	{
8385 		.cmd = NL80211_CMD_PROBE_CLIENT,
8386 		.doit = nl80211_probe_client,
8387 		.policy = nl80211_policy,
8388 		.flags = GENL_ADMIN_PERM,
8389 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8390 				  NL80211_FLAG_NEED_RTNL,
8391 	},
8392 	{
8393 		.cmd = NL80211_CMD_REGISTER_BEACONS,
8394 		.doit = nl80211_register_beacons,
8395 		.policy = nl80211_policy,
8396 		.flags = GENL_ADMIN_PERM,
8397 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
8398 				  NL80211_FLAG_NEED_RTNL,
8399 	},
8400 	{
8401 		.cmd = NL80211_CMD_SET_NOACK_MAP,
8402 		.doit = nl80211_set_noack_map,
8403 		.policy = nl80211_policy,
8404 		.flags = GENL_ADMIN_PERM,
8405 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8406 				  NL80211_FLAG_NEED_RTNL,
8407 	},
8408 	{
8409 		.cmd = NL80211_CMD_START_P2P_DEVICE,
8410 		.doit = nl80211_start_p2p_device,
8411 		.policy = nl80211_policy,
8412 		.flags = GENL_ADMIN_PERM,
8413 		.internal_flags = NL80211_FLAG_NEED_WDEV |
8414 				  NL80211_FLAG_NEED_RTNL,
8415 	},
8416 	{
8417 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
8418 		.doit = nl80211_stop_p2p_device,
8419 		.policy = nl80211_policy,
8420 		.flags = GENL_ADMIN_PERM,
8421 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8422 				  NL80211_FLAG_NEED_RTNL,
8423 	},
8424 	{
8425 		.cmd = NL80211_CMD_SET_MCAST_RATE,
8426 		.doit = nl80211_set_mcast_rate,
8427 		.policy = nl80211_policy,
8428 		.flags = GENL_ADMIN_PERM,
8429 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8430 				  NL80211_FLAG_NEED_RTNL,
8431 	},
8432 	{
8433 		.cmd = NL80211_CMD_SET_MAC_ACL,
8434 		.doit = nl80211_set_mac_acl,
8435 		.policy = nl80211_policy,
8436 		.flags = GENL_ADMIN_PERM,
8437 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8438 				  NL80211_FLAG_NEED_RTNL,
8439 	},
8440 	{
8441 		.cmd = NL80211_CMD_RADAR_DETECT,
8442 		.doit = nl80211_start_radar_detection,
8443 		.policy = nl80211_policy,
8444 		.flags = GENL_ADMIN_PERM,
8445 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8446 				  NL80211_FLAG_NEED_RTNL,
8447 	},
8448 };
8449 
8450 static struct genl_multicast_group nl80211_mlme_mcgrp = {
8451 	.name = "mlme",
8452 };
8453 
8454 /* multicast groups */
8455 static struct genl_multicast_group nl80211_config_mcgrp = {
8456 	.name = "config",
8457 };
8458 static struct genl_multicast_group nl80211_scan_mcgrp = {
8459 	.name = "scan",
8460 };
8461 static struct genl_multicast_group nl80211_regulatory_mcgrp = {
8462 	.name = "regulatory",
8463 };
8464 
8465 /* notification functions */
8466 
8467 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
8468 {
8469 	struct sk_buff *msg;
8470 
8471 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8472 	if (!msg)
8473 		return;
8474 
8475 	if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
8476 		nlmsg_free(msg);
8477 		return;
8478 	}
8479 
8480 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8481 				nl80211_config_mcgrp.id, GFP_KERNEL);
8482 }
8483 
8484 static int nl80211_add_scan_req(struct sk_buff *msg,
8485 				struct cfg80211_registered_device *rdev)
8486 {
8487 	struct cfg80211_scan_request *req = rdev->scan_req;
8488 	struct nlattr *nest;
8489 	int i;
8490 
8491 	lockdep_assert_held(&rdev->sched_scan_mtx);
8492 
8493 	if (WARN_ON(!req))
8494 		return 0;
8495 
8496 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
8497 	if (!nest)
8498 		goto nla_put_failure;
8499 	for (i = 0; i < req->n_ssids; i++) {
8500 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
8501 			goto nla_put_failure;
8502 	}
8503 	nla_nest_end(msg, nest);
8504 
8505 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
8506 	if (!nest)
8507 		goto nla_put_failure;
8508 	for (i = 0; i < req->n_channels; i++) {
8509 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
8510 			goto nla_put_failure;
8511 	}
8512 	nla_nest_end(msg, nest);
8513 
8514 	if (req->ie &&
8515 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
8516 		goto nla_put_failure;
8517 
8518 	if (req->flags)
8519 		nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags);
8520 
8521 	return 0;
8522  nla_put_failure:
8523 	return -ENOBUFS;
8524 }
8525 
8526 static int nl80211_send_scan_msg(struct sk_buff *msg,
8527 				 struct cfg80211_registered_device *rdev,
8528 				 struct wireless_dev *wdev,
8529 				 u32 portid, u32 seq, int flags,
8530 				 u32 cmd)
8531 {
8532 	void *hdr;
8533 
8534 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
8535 	if (!hdr)
8536 		return -1;
8537 
8538 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8539 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
8540 					 wdev->netdev->ifindex)) ||
8541 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
8542 		goto nla_put_failure;
8543 
8544 	/* ignore errors and send incomplete event anyway */
8545 	nl80211_add_scan_req(msg, rdev);
8546 
8547 	return genlmsg_end(msg, hdr);
8548 
8549  nla_put_failure:
8550 	genlmsg_cancel(msg, hdr);
8551 	return -EMSGSIZE;
8552 }
8553 
8554 static int
8555 nl80211_send_sched_scan_msg(struct sk_buff *msg,
8556 			    struct cfg80211_registered_device *rdev,
8557 			    struct net_device *netdev,
8558 			    u32 portid, u32 seq, int flags, u32 cmd)
8559 {
8560 	void *hdr;
8561 
8562 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
8563 	if (!hdr)
8564 		return -1;
8565 
8566 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8567 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
8568 		goto nla_put_failure;
8569 
8570 	return genlmsg_end(msg, hdr);
8571 
8572  nla_put_failure:
8573 	genlmsg_cancel(msg, hdr);
8574 	return -EMSGSIZE;
8575 }
8576 
8577 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
8578 			     struct wireless_dev *wdev)
8579 {
8580 	struct sk_buff *msg;
8581 
8582 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8583 	if (!msg)
8584 		return;
8585 
8586 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
8587 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
8588 		nlmsg_free(msg);
8589 		return;
8590 	}
8591 
8592 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8593 				nl80211_scan_mcgrp.id, GFP_KERNEL);
8594 }
8595 
8596 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
8597 			    struct wireless_dev *wdev)
8598 {
8599 	struct sk_buff *msg;
8600 
8601 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8602 	if (!msg)
8603 		return;
8604 
8605 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
8606 				  NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
8607 		nlmsg_free(msg);
8608 		return;
8609 	}
8610 
8611 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8612 				nl80211_scan_mcgrp.id, GFP_KERNEL);
8613 }
8614 
8615 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
8616 			       struct wireless_dev *wdev)
8617 {
8618 	struct sk_buff *msg;
8619 
8620 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8621 	if (!msg)
8622 		return;
8623 
8624 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
8625 				  NL80211_CMD_SCAN_ABORTED) < 0) {
8626 		nlmsg_free(msg);
8627 		return;
8628 	}
8629 
8630 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8631 				nl80211_scan_mcgrp.id, GFP_KERNEL);
8632 }
8633 
8634 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
8635 				     struct net_device *netdev)
8636 {
8637 	struct sk_buff *msg;
8638 
8639 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8640 	if (!msg)
8641 		return;
8642 
8643 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
8644 					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
8645 		nlmsg_free(msg);
8646 		return;
8647 	}
8648 
8649 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8650 				nl80211_scan_mcgrp.id, GFP_KERNEL);
8651 }
8652 
8653 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
8654 			     struct net_device *netdev, u32 cmd)
8655 {
8656 	struct sk_buff *msg;
8657 
8658 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8659 	if (!msg)
8660 		return;
8661 
8662 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
8663 		nlmsg_free(msg);
8664 		return;
8665 	}
8666 
8667 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8668 				nl80211_scan_mcgrp.id, GFP_KERNEL);
8669 }
8670 
8671 /*
8672  * This can happen on global regulatory changes or device specific settings
8673  * based on custom world regulatory domains.
8674  */
8675 void nl80211_send_reg_change_event(struct regulatory_request *request)
8676 {
8677 	struct sk_buff *msg;
8678 	void *hdr;
8679 
8680 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8681 	if (!msg)
8682 		return;
8683 
8684 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
8685 	if (!hdr) {
8686 		nlmsg_free(msg);
8687 		return;
8688 	}
8689 
8690 	/* Userspace can always count this one always being set */
8691 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
8692 		goto nla_put_failure;
8693 
8694 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
8695 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
8696 			       NL80211_REGDOM_TYPE_WORLD))
8697 			goto nla_put_failure;
8698 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
8699 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
8700 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
8701 			goto nla_put_failure;
8702 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
8703 		   request->intersect) {
8704 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
8705 			       NL80211_REGDOM_TYPE_INTERSECTION))
8706 			goto nla_put_failure;
8707 	} else {
8708 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
8709 			       NL80211_REGDOM_TYPE_COUNTRY) ||
8710 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
8711 				   request->alpha2))
8712 			goto nla_put_failure;
8713 	}
8714 
8715 	if (request->wiphy_idx != WIPHY_IDX_INVALID &&
8716 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
8717 		goto nla_put_failure;
8718 
8719 	genlmsg_end(msg, hdr);
8720 
8721 	rcu_read_lock();
8722 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
8723 				GFP_ATOMIC);
8724 	rcu_read_unlock();
8725 
8726 	return;
8727 
8728 nla_put_failure:
8729 	genlmsg_cancel(msg, hdr);
8730 	nlmsg_free(msg);
8731 }
8732 
8733 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
8734 				    struct net_device *netdev,
8735 				    const u8 *buf, size_t len,
8736 				    enum nl80211_commands cmd, gfp_t gfp)
8737 {
8738 	struct sk_buff *msg;
8739 	void *hdr;
8740 
8741 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8742 	if (!msg)
8743 		return;
8744 
8745 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
8746 	if (!hdr) {
8747 		nlmsg_free(msg);
8748 		return;
8749 	}
8750 
8751 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8752 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8753 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
8754 		goto nla_put_failure;
8755 
8756 	genlmsg_end(msg, hdr);
8757 
8758 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8759 				nl80211_mlme_mcgrp.id, gfp);
8760 	return;
8761 
8762  nla_put_failure:
8763 	genlmsg_cancel(msg, hdr);
8764 	nlmsg_free(msg);
8765 }
8766 
8767 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
8768 			  struct net_device *netdev, const u8 *buf,
8769 			  size_t len, gfp_t gfp)
8770 {
8771 	nl80211_send_mlme_event(rdev, netdev, buf, len,
8772 				NL80211_CMD_AUTHENTICATE, gfp);
8773 }
8774 
8775 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
8776 			   struct net_device *netdev, const u8 *buf,
8777 			   size_t len, gfp_t gfp)
8778 {
8779 	nl80211_send_mlme_event(rdev, netdev, buf, len,
8780 				NL80211_CMD_ASSOCIATE, gfp);
8781 }
8782 
8783 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
8784 			 struct net_device *netdev, const u8 *buf,
8785 			 size_t len, gfp_t gfp)
8786 {
8787 	nl80211_send_mlme_event(rdev, netdev, buf, len,
8788 				NL80211_CMD_DEAUTHENTICATE, gfp);
8789 }
8790 
8791 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
8792 			   struct net_device *netdev, const u8 *buf,
8793 			   size_t len, gfp_t gfp)
8794 {
8795 	nl80211_send_mlme_event(rdev, netdev, buf, len,
8796 				NL80211_CMD_DISASSOCIATE, gfp);
8797 }
8798 
8799 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev,
8800 				struct net_device *netdev, const u8 *buf,
8801 				size_t len, gfp_t gfp)
8802 {
8803 	nl80211_send_mlme_event(rdev, netdev, buf, len,
8804 				NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp);
8805 }
8806 
8807 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev,
8808 				  struct net_device *netdev, const u8 *buf,
8809 				  size_t len, gfp_t gfp)
8810 {
8811 	nl80211_send_mlme_event(rdev, netdev, buf, len,
8812 				NL80211_CMD_UNPROT_DISASSOCIATE, gfp);
8813 }
8814 
8815 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
8816 				      struct net_device *netdev, int cmd,
8817 				      const u8 *addr, gfp_t gfp)
8818 {
8819 	struct sk_buff *msg;
8820 	void *hdr;
8821 
8822 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8823 	if (!msg)
8824 		return;
8825 
8826 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
8827 	if (!hdr) {
8828 		nlmsg_free(msg);
8829 		return;
8830 	}
8831 
8832 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8833 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8834 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
8835 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
8836 		goto nla_put_failure;
8837 
8838 	genlmsg_end(msg, hdr);
8839 
8840 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8841 				nl80211_mlme_mcgrp.id, gfp);
8842 	return;
8843 
8844  nla_put_failure:
8845 	genlmsg_cancel(msg, hdr);
8846 	nlmsg_free(msg);
8847 }
8848 
8849 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
8850 			       struct net_device *netdev, const u8 *addr,
8851 			       gfp_t gfp)
8852 {
8853 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
8854 				  addr, gfp);
8855 }
8856 
8857 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
8858 				struct net_device *netdev, const u8 *addr,
8859 				gfp_t gfp)
8860 {
8861 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
8862 				  addr, gfp);
8863 }
8864 
8865 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
8866 				 struct net_device *netdev, const u8 *bssid,
8867 				 const u8 *req_ie, size_t req_ie_len,
8868 				 const u8 *resp_ie, size_t resp_ie_len,
8869 				 u16 status, gfp_t gfp)
8870 {
8871 	struct sk_buff *msg;
8872 	void *hdr;
8873 
8874 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8875 	if (!msg)
8876 		return;
8877 
8878 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
8879 	if (!hdr) {
8880 		nlmsg_free(msg);
8881 		return;
8882 	}
8883 
8884 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8885 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8886 	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
8887 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
8888 	    (req_ie &&
8889 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
8890 	    (resp_ie &&
8891 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
8892 		goto nla_put_failure;
8893 
8894 	genlmsg_end(msg, hdr);
8895 
8896 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8897 				nl80211_mlme_mcgrp.id, gfp);
8898 	return;
8899 
8900  nla_put_failure:
8901 	genlmsg_cancel(msg, hdr);
8902 	nlmsg_free(msg);
8903 
8904 }
8905 
8906 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
8907 			 struct net_device *netdev, const u8 *bssid,
8908 			 const u8 *req_ie, size_t req_ie_len,
8909 			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
8910 {
8911 	struct sk_buff *msg;
8912 	void *hdr;
8913 
8914 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8915 	if (!msg)
8916 		return;
8917 
8918 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
8919 	if (!hdr) {
8920 		nlmsg_free(msg);
8921 		return;
8922 	}
8923 
8924 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8925 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8926 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
8927 	    (req_ie &&
8928 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
8929 	    (resp_ie &&
8930 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
8931 		goto nla_put_failure;
8932 
8933 	genlmsg_end(msg, hdr);
8934 
8935 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8936 				nl80211_mlme_mcgrp.id, gfp);
8937 	return;
8938 
8939  nla_put_failure:
8940 	genlmsg_cancel(msg, hdr);
8941 	nlmsg_free(msg);
8942 
8943 }
8944 
8945 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
8946 			       struct net_device *netdev, u16 reason,
8947 			       const u8 *ie, size_t ie_len, bool from_ap)
8948 {
8949 	struct sk_buff *msg;
8950 	void *hdr;
8951 
8952 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8953 	if (!msg)
8954 		return;
8955 
8956 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
8957 	if (!hdr) {
8958 		nlmsg_free(msg);
8959 		return;
8960 	}
8961 
8962 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8963 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8964 	    (from_ap && reason &&
8965 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
8966 	    (from_ap &&
8967 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
8968 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
8969 		goto nla_put_failure;
8970 
8971 	genlmsg_end(msg, hdr);
8972 
8973 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8974 				nl80211_mlme_mcgrp.id, GFP_KERNEL);
8975 	return;
8976 
8977  nla_put_failure:
8978 	genlmsg_cancel(msg, hdr);
8979 	nlmsg_free(msg);
8980 
8981 }
8982 
8983 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
8984 			     struct net_device *netdev, const u8 *bssid,
8985 			     gfp_t gfp)
8986 {
8987 	struct sk_buff *msg;
8988 	void *hdr;
8989 
8990 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8991 	if (!msg)
8992 		return;
8993 
8994 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
8995 	if (!hdr) {
8996 		nlmsg_free(msg);
8997 		return;
8998 	}
8999 
9000 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9001 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9002 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
9003 		goto nla_put_failure;
9004 
9005 	genlmsg_end(msg, hdr);
9006 
9007 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9008 				nl80211_mlme_mcgrp.id, gfp);
9009 	return;
9010 
9011  nla_put_failure:
9012 	genlmsg_cancel(msg, hdr);
9013 	nlmsg_free(msg);
9014 }
9015 
9016 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev,
9017 		struct net_device *netdev,
9018 		const u8 *macaddr, const u8* ie, u8 ie_len,
9019 		gfp_t gfp)
9020 {
9021 	struct sk_buff *msg;
9022 	void *hdr;
9023 
9024 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9025 	if (!msg)
9026 		return;
9027 
9028 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
9029 	if (!hdr) {
9030 		nlmsg_free(msg);
9031 		return;
9032 	}
9033 
9034 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9035 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9036 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr) ||
9037 	    (ie_len && ie &&
9038 	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
9039 		goto nla_put_failure;
9040 
9041 	genlmsg_end(msg, hdr);
9042 
9043 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9044 				nl80211_mlme_mcgrp.id, gfp);
9045 	return;
9046 
9047  nla_put_failure:
9048 	genlmsg_cancel(msg, hdr);
9049 	nlmsg_free(msg);
9050 }
9051 
9052 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
9053 				 struct net_device *netdev, const u8 *addr,
9054 				 enum nl80211_key_type key_type, int key_id,
9055 				 const u8 *tsc, gfp_t gfp)
9056 {
9057 	struct sk_buff *msg;
9058 	void *hdr;
9059 
9060 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9061 	if (!msg)
9062 		return;
9063 
9064 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
9065 	if (!hdr) {
9066 		nlmsg_free(msg);
9067 		return;
9068 	}
9069 
9070 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9071 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9072 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
9073 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
9074 	    (key_id != -1 &&
9075 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
9076 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
9077 		goto nla_put_failure;
9078 
9079 	genlmsg_end(msg, hdr);
9080 
9081 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9082 				nl80211_mlme_mcgrp.id, gfp);
9083 	return;
9084 
9085  nla_put_failure:
9086 	genlmsg_cancel(msg, hdr);
9087 	nlmsg_free(msg);
9088 }
9089 
9090 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
9091 				    struct ieee80211_channel *channel_before,
9092 				    struct ieee80211_channel *channel_after)
9093 {
9094 	struct sk_buff *msg;
9095 	void *hdr;
9096 	struct nlattr *nl_freq;
9097 
9098 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
9099 	if (!msg)
9100 		return;
9101 
9102 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
9103 	if (!hdr) {
9104 		nlmsg_free(msg);
9105 		return;
9106 	}
9107 
9108 	/*
9109 	 * Since we are applying the beacon hint to a wiphy we know its
9110 	 * wiphy_idx is valid
9111 	 */
9112 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
9113 		goto nla_put_failure;
9114 
9115 	/* Before */
9116 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
9117 	if (!nl_freq)
9118 		goto nla_put_failure;
9119 	if (nl80211_msg_put_channel(msg, channel_before))
9120 		goto nla_put_failure;
9121 	nla_nest_end(msg, nl_freq);
9122 
9123 	/* After */
9124 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
9125 	if (!nl_freq)
9126 		goto nla_put_failure;
9127 	if (nl80211_msg_put_channel(msg, channel_after))
9128 		goto nla_put_failure;
9129 	nla_nest_end(msg, nl_freq);
9130 
9131 	genlmsg_end(msg, hdr);
9132 
9133 	rcu_read_lock();
9134 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
9135 				GFP_ATOMIC);
9136 	rcu_read_unlock();
9137 
9138 	return;
9139 
9140 nla_put_failure:
9141 	genlmsg_cancel(msg, hdr);
9142 	nlmsg_free(msg);
9143 }
9144 
9145 static void nl80211_send_remain_on_chan_event(
9146 	int cmd, struct cfg80211_registered_device *rdev,
9147 	struct wireless_dev *wdev, u64 cookie,
9148 	struct ieee80211_channel *chan,
9149 	unsigned int duration, gfp_t gfp)
9150 {
9151 	struct sk_buff *msg;
9152 	void *hdr;
9153 
9154 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9155 	if (!msg)
9156 		return;
9157 
9158 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
9159 	if (!hdr) {
9160 		nlmsg_free(msg);
9161 		return;
9162 	}
9163 
9164 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9165 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
9166 					 wdev->netdev->ifindex)) ||
9167 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
9168 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
9169 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
9170 			NL80211_CHAN_NO_HT) ||
9171 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
9172 		goto nla_put_failure;
9173 
9174 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
9175 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
9176 		goto nla_put_failure;
9177 
9178 	genlmsg_end(msg, hdr);
9179 
9180 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9181 				nl80211_mlme_mcgrp.id, gfp);
9182 	return;
9183 
9184  nla_put_failure:
9185 	genlmsg_cancel(msg, hdr);
9186 	nlmsg_free(msg);
9187 }
9188 
9189 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev,
9190 				    struct wireless_dev *wdev, u64 cookie,
9191 				    struct ieee80211_channel *chan,
9192 				    unsigned int duration, gfp_t gfp)
9193 {
9194 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
9195 					  rdev, wdev, cookie, chan,
9196 					  duration, gfp);
9197 }
9198 
9199 void nl80211_send_remain_on_channel_cancel(
9200 	struct cfg80211_registered_device *rdev,
9201 	struct wireless_dev *wdev,
9202 	u64 cookie, struct ieee80211_channel *chan, gfp_t gfp)
9203 {
9204 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
9205 					  rdev, wdev, cookie, chan, 0, gfp);
9206 }
9207 
9208 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev,
9209 			    struct net_device *dev, const u8 *mac_addr,
9210 			    struct station_info *sinfo, gfp_t gfp)
9211 {
9212 	struct sk_buff *msg;
9213 
9214 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9215 	if (!msg)
9216 		return;
9217 
9218 	if (nl80211_send_station(msg, 0, 0, 0,
9219 				 rdev, dev, mac_addr, sinfo) < 0) {
9220 		nlmsg_free(msg);
9221 		return;
9222 	}
9223 
9224 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9225 				nl80211_mlme_mcgrp.id, gfp);
9226 }
9227 
9228 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev,
9229 				struct net_device *dev, const u8 *mac_addr,
9230 				gfp_t gfp)
9231 {
9232 	struct sk_buff *msg;
9233 	void *hdr;
9234 
9235 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9236 	if (!msg)
9237 		return;
9238 
9239 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
9240 	if (!hdr) {
9241 		nlmsg_free(msg);
9242 		return;
9243 	}
9244 
9245 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9246 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
9247 		goto nla_put_failure;
9248 
9249 	genlmsg_end(msg, hdr);
9250 
9251 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9252 				nl80211_mlme_mcgrp.id, gfp);
9253 	return;
9254 
9255  nla_put_failure:
9256 	genlmsg_cancel(msg, hdr);
9257 	nlmsg_free(msg);
9258 }
9259 
9260 void nl80211_send_conn_failed_event(struct cfg80211_registered_device *rdev,
9261 				    struct net_device *dev, const u8 *mac_addr,
9262 				    enum nl80211_connect_failed_reason reason,
9263 				    gfp_t gfp)
9264 {
9265 	struct sk_buff *msg;
9266 	void *hdr;
9267 
9268 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
9269 	if (!msg)
9270 		return;
9271 
9272 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
9273 	if (!hdr) {
9274 		nlmsg_free(msg);
9275 		return;
9276 	}
9277 
9278 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9279 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
9280 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
9281 		goto nla_put_failure;
9282 
9283 	genlmsg_end(msg, hdr);
9284 
9285 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9286 				nl80211_mlme_mcgrp.id, gfp);
9287 	return;
9288 
9289  nla_put_failure:
9290 	genlmsg_cancel(msg, hdr);
9291 	nlmsg_free(msg);
9292 }
9293 
9294 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
9295 				       const u8 *addr, gfp_t gfp)
9296 {
9297 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9298 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
9299 	struct sk_buff *msg;
9300 	void *hdr;
9301 	int err;
9302 	u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
9303 
9304 	if (!nlportid)
9305 		return false;
9306 
9307 	msg = nlmsg_new(100, gfp);
9308 	if (!msg)
9309 		return true;
9310 
9311 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
9312 	if (!hdr) {
9313 		nlmsg_free(msg);
9314 		return true;
9315 	}
9316 
9317 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9318 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9319 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
9320 		goto nla_put_failure;
9321 
9322 	err = genlmsg_end(msg, hdr);
9323 	if (err < 0) {
9324 		nlmsg_free(msg);
9325 		return true;
9326 	}
9327 
9328 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
9329 	return true;
9330 
9331  nla_put_failure:
9332 	genlmsg_cancel(msg, hdr);
9333 	nlmsg_free(msg);
9334 	return true;
9335 }
9336 
9337 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp)
9338 {
9339 	return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
9340 					  addr, gfp);
9341 }
9342 
9343 bool nl80211_unexpected_4addr_frame(struct net_device *dev,
9344 				    const u8 *addr, gfp_t gfp)
9345 {
9346 	return __nl80211_unexpected_frame(dev,
9347 					  NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
9348 					  addr, gfp);
9349 }
9350 
9351 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
9352 		      struct wireless_dev *wdev, u32 nlportid,
9353 		      int freq, int sig_dbm,
9354 		      const u8 *buf, size_t len, gfp_t gfp)
9355 {
9356 	struct net_device *netdev = wdev->netdev;
9357 	struct sk_buff *msg;
9358 	void *hdr;
9359 
9360 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9361 	if (!msg)
9362 		return -ENOMEM;
9363 
9364 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
9365 	if (!hdr) {
9366 		nlmsg_free(msg);
9367 		return -ENOMEM;
9368 	}
9369 
9370 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9371 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
9372 					netdev->ifindex)) ||
9373 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
9374 	    (sig_dbm &&
9375 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
9376 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
9377 		goto nla_put_failure;
9378 
9379 	genlmsg_end(msg, hdr);
9380 
9381 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
9382 
9383  nla_put_failure:
9384 	genlmsg_cancel(msg, hdr);
9385 	nlmsg_free(msg);
9386 	return -ENOBUFS;
9387 }
9388 
9389 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev,
9390 				 struct wireless_dev *wdev, u64 cookie,
9391 				 const u8 *buf, size_t len, bool ack,
9392 				 gfp_t gfp)
9393 {
9394 	struct net_device *netdev = wdev->netdev;
9395 	struct sk_buff *msg;
9396 	void *hdr;
9397 
9398 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9399 	if (!msg)
9400 		return;
9401 
9402 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
9403 	if (!hdr) {
9404 		nlmsg_free(msg);
9405 		return;
9406 	}
9407 
9408 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9409 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
9410 				   netdev->ifindex)) ||
9411 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
9412 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
9413 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
9414 		goto nla_put_failure;
9415 
9416 	genlmsg_end(msg, hdr);
9417 
9418 	genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
9419 	return;
9420 
9421  nla_put_failure:
9422 	genlmsg_cancel(msg, hdr);
9423 	nlmsg_free(msg);
9424 }
9425 
9426 void
9427 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev,
9428 			     struct net_device *netdev,
9429 			     enum nl80211_cqm_rssi_threshold_event rssi_event,
9430 			     gfp_t gfp)
9431 {
9432 	struct sk_buff *msg;
9433 	struct nlattr *pinfoattr;
9434 	void *hdr;
9435 
9436 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9437 	if (!msg)
9438 		return;
9439 
9440 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
9441 	if (!hdr) {
9442 		nlmsg_free(msg);
9443 		return;
9444 	}
9445 
9446 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9447 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
9448 		goto nla_put_failure;
9449 
9450 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
9451 	if (!pinfoattr)
9452 		goto nla_put_failure;
9453 
9454 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
9455 			rssi_event))
9456 		goto nla_put_failure;
9457 
9458 	nla_nest_end(msg, pinfoattr);
9459 
9460 	genlmsg_end(msg, hdr);
9461 
9462 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9463 				nl80211_mlme_mcgrp.id, gfp);
9464 	return;
9465 
9466  nla_put_failure:
9467 	genlmsg_cancel(msg, hdr);
9468 	nlmsg_free(msg);
9469 }
9470 
9471 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
9472 			      struct net_device *netdev, const u8 *bssid,
9473 			      const u8 *replay_ctr, gfp_t gfp)
9474 {
9475 	struct sk_buff *msg;
9476 	struct nlattr *rekey_attr;
9477 	void *hdr;
9478 
9479 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9480 	if (!msg)
9481 		return;
9482 
9483 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
9484 	if (!hdr) {
9485 		nlmsg_free(msg);
9486 		return;
9487 	}
9488 
9489 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9490 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9491 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
9492 		goto nla_put_failure;
9493 
9494 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
9495 	if (!rekey_attr)
9496 		goto nla_put_failure;
9497 
9498 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
9499 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
9500 		goto nla_put_failure;
9501 
9502 	nla_nest_end(msg, rekey_attr);
9503 
9504 	genlmsg_end(msg, hdr);
9505 
9506 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9507 				nl80211_mlme_mcgrp.id, gfp);
9508 	return;
9509 
9510  nla_put_failure:
9511 	genlmsg_cancel(msg, hdr);
9512 	nlmsg_free(msg);
9513 }
9514 
9515 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
9516 				    struct net_device *netdev, int index,
9517 				    const u8 *bssid, bool preauth, gfp_t gfp)
9518 {
9519 	struct sk_buff *msg;
9520 	struct nlattr *attr;
9521 	void *hdr;
9522 
9523 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9524 	if (!msg)
9525 		return;
9526 
9527 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
9528 	if (!hdr) {
9529 		nlmsg_free(msg);
9530 		return;
9531 	}
9532 
9533 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9534 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
9535 		goto nla_put_failure;
9536 
9537 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
9538 	if (!attr)
9539 		goto nla_put_failure;
9540 
9541 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
9542 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
9543 	    (preauth &&
9544 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
9545 		goto nla_put_failure;
9546 
9547 	nla_nest_end(msg, attr);
9548 
9549 	genlmsg_end(msg, hdr);
9550 
9551 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9552 				nl80211_mlme_mcgrp.id, gfp);
9553 	return;
9554 
9555  nla_put_failure:
9556 	genlmsg_cancel(msg, hdr);
9557 	nlmsg_free(msg);
9558 }
9559 
9560 void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
9561 			      struct net_device *netdev,
9562 			      struct cfg80211_chan_def *chandef, gfp_t gfp)
9563 {
9564 	struct sk_buff *msg;
9565 	void *hdr;
9566 
9567 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9568 	if (!msg)
9569 		return;
9570 
9571 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY);
9572 	if (!hdr) {
9573 		nlmsg_free(msg);
9574 		return;
9575 	}
9576 
9577 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
9578 		goto nla_put_failure;
9579 
9580 	if (nl80211_send_chandef(msg, chandef))
9581 		goto nla_put_failure;
9582 
9583 	genlmsg_end(msg, hdr);
9584 
9585 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9586 				nl80211_mlme_mcgrp.id, gfp);
9587 	return;
9588 
9589  nla_put_failure:
9590 	genlmsg_cancel(msg, hdr);
9591 	nlmsg_free(msg);
9592 }
9593 
9594 void
9595 nl80211_send_cqm_txe_notify(struct cfg80211_registered_device *rdev,
9596 			    struct net_device *netdev, const u8 *peer,
9597 			    u32 num_packets, u32 rate, u32 intvl, gfp_t gfp)
9598 {
9599 	struct sk_buff *msg;
9600 	struct nlattr *pinfoattr;
9601 	void *hdr;
9602 
9603 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
9604 	if (!msg)
9605 		return;
9606 
9607 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
9608 	if (!hdr) {
9609 		nlmsg_free(msg);
9610 		return;
9611 	}
9612 
9613 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9614 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9615 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
9616 		goto nla_put_failure;
9617 
9618 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
9619 	if (!pinfoattr)
9620 		goto nla_put_failure;
9621 
9622 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
9623 		goto nla_put_failure;
9624 
9625 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
9626 		goto nla_put_failure;
9627 
9628 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
9629 		goto nla_put_failure;
9630 
9631 	nla_nest_end(msg, pinfoattr);
9632 
9633 	genlmsg_end(msg, hdr);
9634 
9635 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9636 				nl80211_mlme_mcgrp.id, gfp);
9637 	return;
9638 
9639  nla_put_failure:
9640 	genlmsg_cancel(msg, hdr);
9641 	nlmsg_free(msg);
9642 }
9643 
9644 void
9645 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
9646 		     struct cfg80211_chan_def *chandef,
9647 		     enum nl80211_radar_event event,
9648 		     struct net_device *netdev, gfp_t gfp)
9649 {
9650 	struct sk_buff *msg;
9651 	void *hdr;
9652 
9653 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9654 	if (!msg)
9655 		return;
9656 
9657 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
9658 	if (!hdr) {
9659 		nlmsg_free(msg);
9660 		return;
9661 	}
9662 
9663 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
9664 		goto nla_put_failure;
9665 
9666 	/* NOP and radar events don't need a netdev parameter */
9667 	if (netdev) {
9668 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
9669 
9670 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9671 		    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
9672 			goto nla_put_failure;
9673 	}
9674 
9675 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
9676 		goto nla_put_failure;
9677 
9678 	if (nl80211_send_chandef(msg, chandef))
9679 		goto nla_put_failure;
9680 
9681 	if (genlmsg_end(msg, hdr) < 0) {
9682 		nlmsg_free(msg);
9683 		return;
9684 	}
9685 
9686 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9687 				nl80211_mlme_mcgrp.id, gfp);
9688 	return;
9689 
9690  nla_put_failure:
9691 	genlmsg_cancel(msg, hdr);
9692 	nlmsg_free(msg);
9693 }
9694 
9695 void
9696 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev,
9697 				struct net_device *netdev, const u8 *peer,
9698 				u32 num_packets, gfp_t gfp)
9699 {
9700 	struct sk_buff *msg;
9701 	struct nlattr *pinfoattr;
9702 	void *hdr;
9703 
9704 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9705 	if (!msg)
9706 		return;
9707 
9708 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
9709 	if (!hdr) {
9710 		nlmsg_free(msg);
9711 		return;
9712 	}
9713 
9714 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9715 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9716 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
9717 		goto nla_put_failure;
9718 
9719 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
9720 	if (!pinfoattr)
9721 		goto nla_put_failure;
9722 
9723 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
9724 		goto nla_put_failure;
9725 
9726 	nla_nest_end(msg, pinfoattr);
9727 
9728 	genlmsg_end(msg, hdr);
9729 
9730 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9731 				nl80211_mlme_mcgrp.id, gfp);
9732 	return;
9733 
9734  nla_put_failure:
9735 	genlmsg_cancel(msg, hdr);
9736 	nlmsg_free(msg);
9737 }
9738 
9739 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
9740 			   u64 cookie, bool acked, gfp_t gfp)
9741 {
9742 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9743 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
9744 	struct sk_buff *msg;
9745 	void *hdr;
9746 	int err;
9747 
9748 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
9749 
9750 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9751 
9752 	if (!msg)
9753 		return;
9754 
9755 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
9756 	if (!hdr) {
9757 		nlmsg_free(msg);
9758 		return;
9759 	}
9760 
9761 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9762 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9763 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
9764 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
9765 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
9766 		goto nla_put_failure;
9767 
9768 	err = genlmsg_end(msg, hdr);
9769 	if (err < 0) {
9770 		nlmsg_free(msg);
9771 		return;
9772 	}
9773 
9774 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9775 				nl80211_mlme_mcgrp.id, gfp);
9776 	return;
9777 
9778  nla_put_failure:
9779 	genlmsg_cancel(msg, hdr);
9780 	nlmsg_free(msg);
9781 }
9782 EXPORT_SYMBOL(cfg80211_probe_status);
9783 
9784 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
9785 				 const u8 *frame, size_t len,
9786 				 int freq, int sig_dbm)
9787 {
9788 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9789 	struct sk_buff *msg;
9790 	void *hdr;
9791 	struct cfg80211_beacon_registration *reg;
9792 
9793 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
9794 
9795 	spin_lock_bh(&rdev->beacon_registrations_lock);
9796 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
9797 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
9798 		if (!msg) {
9799 			spin_unlock_bh(&rdev->beacon_registrations_lock);
9800 			return;
9801 		}
9802 
9803 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
9804 		if (!hdr)
9805 			goto nla_put_failure;
9806 
9807 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9808 		    (freq &&
9809 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
9810 		    (sig_dbm &&
9811 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
9812 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
9813 			goto nla_put_failure;
9814 
9815 		genlmsg_end(msg, hdr);
9816 
9817 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
9818 	}
9819 	spin_unlock_bh(&rdev->beacon_registrations_lock);
9820 	return;
9821 
9822  nla_put_failure:
9823 	spin_unlock_bh(&rdev->beacon_registrations_lock);
9824 	if (hdr)
9825 		genlmsg_cancel(msg, hdr);
9826 	nlmsg_free(msg);
9827 }
9828 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
9829 
9830 #ifdef CONFIG_PM
9831 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
9832 				   struct cfg80211_wowlan_wakeup *wakeup,
9833 				   gfp_t gfp)
9834 {
9835 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
9836 	struct sk_buff *msg;
9837 	void *hdr;
9838 	int err, size = 200;
9839 
9840 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
9841 
9842 	if (wakeup)
9843 		size += wakeup->packet_present_len;
9844 
9845 	msg = nlmsg_new(size, gfp);
9846 	if (!msg)
9847 		return;
9848 
9849 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
9850 	if (!hdr)
9851 		goto free_msg;
9852 
9853 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9854 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
9855 		goto free_msg;
9856 
9857 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
9858 					wdev->netdev->ifindex))
9859 		goto free_msg;
9860 
9861 	if (wakeup) {
9862 		struct nlattr *reasons;
9863 
9864 		reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
9865 
9866 		if (wakeup->disconnect &&
9867 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
9868 			goto free_msg;
9869 		if (wakeup->magic_pkt &&
9870 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
9871 			goto free_msg;
9872 		if (wakeup->gtk_rekey_failure &&
9873 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
9874 			goto free_msg;
9875 		if (wakeup->eap_identity_req &&
9876 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
9877 			goto free_msg;
9878 		if (wakeup->four_way_handshake &&
9879 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
9880 			goto free_msg;
9881 		if (wakeup->rfkill_release &&
9882 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
9883 			goto free_msg;
9884 
9885 		if (wakeup->pattern_idx >= 0 &&
9886 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
9887 				wakeup->pattern_idx))
9888 			goto free_msg;
9889 
9890 		if (wakeup->tcp_match)
9891 			nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH);
9892 
9893 		if (wakeup->tcp_connlost)
9894 			nla_put_flag(msg,
9895 				     NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST);
9896 
9897 		if (wakeup->tcp_nomoretokens)
9898 			nla_put_flag(msg,
9899 				NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS);
9900 
9901 		if (wakeup->packet) {
9902 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
9903 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
9904 
9905 			if (!wakeup->packet_80211) {
9906 				pkt_attr =
9907 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
9908 				len_attr =
9909 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
9910 			}
9911 
9912 			if (wakeup->packet_len &&
9913 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
9914 				goto free_msg;
9915 
9916 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
9917 				    wakeup->packet))
9918 				goto free_msg;
9919 		}
9920 
9921 		nla_nest_end(msg, reasons);
9922 	}
9923 
9924 	err = genlmsg_end(msg, hdr);
9925 	if (err < 0)
9926 		goto free_msg;
9927 
9928 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9929 				nl80211_mlme_mcgrp.id, gfp);
9930 	return;
9931 
9932  free_msg:
9933 	nlmsg_free(msg);
9934 }
9935 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
9936 #endif
9937 
9938 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
9939 				enum nl80211_tdls_operation oper,
9940 				u16 reason_code, gfp_t gfp)
9941 {
9942 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9943 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
9944 	struct sk_buff *msg;
9945 	void *hdr;
9946 	int err;
9947 
9948 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
9949 					 reason_code);
9950 
9951 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9952 	if (!msg)
9953 		return;
9954 
9955 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
9956 	if (!hdr) {
9957 		nlmsg_free(msg);
9958 		return;
9959 	}
9960 
9961 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9962 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9963 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
9964 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
9965 	    (reason_code > 0 &&
9966 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
9967 		goto nla_put_failure;
9968 
9969 	err = genlmsg_end(msg, hdr);
9970 	if (err < 0) {
9971 		nlmsg_free(msg);
9972 		return;
9973 	}
9974 
9975 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9976 				nl80211_mlme_mcgrp.id, gfp);
9977 	return;
9978 
9979  nla_put_failure:
9980 	genlmsg_cancel(msg, hdr);
9981 	nlmsg_free(msg);
9982 }
9983 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
9984 
9985 static int nl80211_netlink_notify(struct notifier_block * nb,
9986 				  unsigned long state,
9987 				  void *_notify)
9988 {
9989 	struct netlink_notify *notify = _notify;
9990 	struct cfg80211_registered_device *rdev;
9991 	struct wireless_dev *wdev;
9992 	struct cfg80211_beacon_registration *reg, *tmp;
9993 
9994 	if (state != NETLINK_URELEASE)
9995 		return NOTIFY_DONE;
9996 
9997 	rcu_read_lock();
9998 
9999 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
10000 		list_for_each_entry_rcu(wdev, &rdev->wdev_list, list)
10001 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
10002 
10003 		spin_lock_bh(&rdev->beacon_registrations_lock);
10004 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
10005 					 list) {
10006 			if (reg->nlportid == notify->portid) {
10007 				list_del(&reg->list);
10008 				kfree(reg);
10009 				break;
10010 			}
10011 		}
10012 		spin_unlock_bh(&rdev->beacon_registrations_lock);
10013 	}
10014 
10015 	rcu_read_unlock();
10016 
10017 	return NOTIFY_DONE;
10018 }
10019 
10020 static struct notifier_block nl80211_netlink_notifier = {
10021 	.notifier_call = nl80211_netlink_notify,
10022 };
10023 
10024 /* initialisation/exit functions */
10025 
10026 int nl80211_init(void)
10027 {
10028 	int err;
10029 
10030 	err = genl_register_family_with_ops(&nl80211_fam,
10031 		nl80211_ops, ARRAY_SIZE(nl80211_ops));
10032 	if (err)
10033 		return err;
10034 
10035 	err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
10036 	if (err)
10037 		goto err_out;
10038 
10039 	err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp);
10040 	if (err)
10041 		goto err_out;
10042 
10043 	err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp);
10044 	if (err)
10045 		goto err_out;
10046 
10047 	err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp);
10048 	if (err)
10049 		goto err_out;
10050 
10051 #ifdef CONFIG_NL80211_TESTMODE
10052 	err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp);
10053 	if (err)
10054 		goto err_out;
10055 #endif
10056 
10057 	err = netlink_register_notifier(&nl80211_netlink_notifier);
10058 	if (err)
10059 		goto err_out;
10060 
10061 	return 0;
10062  err_out:
10063 	genl_unregister_family(&nl80211_fam);
10064 	return err;
10065 }
10066 
10067 void nl80211_exit(void)
10068 {
10069 	netlink_unregister_notifier(&nl80211_netlink_notifier);
10070 	genl_unregister_family(&nl80211_fam);
10071 }
10072