xref: /linux/net/wireless/nl80211.c (revision d96fc832bcb6269d96e33d506f33033d7ed08598) 
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  * Copyright 2013-2014  Intel Mobile Communications GmbH
6  * Copyright 2015-2017	Intel Deutschland GmbH
7  */
8 
9 #include <linux/if.h>
10 #include <linux/module.h>
11 #include <linux/err.h>
12 #include <linux/slab.h>
13 #include <linux/list.h>
14 #include <linux/if_ether.h>
15 #include <linux/ieee80211.h>
16 #include <linux/nl80211.h>
17 #include <linux/rtnetlink.h>
18 #include <linux/netlink.h>
19 #include <linux/nospec.h>
20 #include <linux/etherdevice.h>
21 #include <net/net_namespace.h>
22 #include <net/genetlink.h>
23 #include <net/cfg80211.h>
24 #include <net/sock.h>
25 #include <net/inet_connection_sock.h>
26 #include "core.h"
27 #include "nl80211.h"
28 #include "reg.h"
29 #include "rdev-ops.h"
30 
31 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
32 				   struct genl_info *info,
33 				   struct cfg80211_crypto_settings *settings,
34 				   int cipher_limit);
35 
36 /* the netlink family */
37 static struct genl_family nl80211_fam;
38 
39 /* multicast groups */
40 enum nl80211_multicast_groups {
41 	NL80211_MCGRP_CONFIG,
42 	NL80211_MCGRP_SCAN,
43 	NL80211_MCGRP_REGULATORY,
44 	NL80211_MCGRP_MLME,
45 	NL80211_MCGRP_VENDOR,
46 	NL80211_MCGRP_NAN,
47 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
48 };
49 
50 static const struct genl_multicast_group nl80211_mcgrps[] = {
51 	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
52 	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
53 	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
54 	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
55 	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
56 	[NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
57 #ifdef CONFIG_NL80211_TESTMODE
58 	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
59 #endif
60 };
61 
62 /* returns ERR_PTR values */
63 static struct wireless_dev *
64 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
65 {
66 	struct cfg80211_registered_device *rdev;
67 	struct wireless_dev *result = NULL;
68 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
69 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
70 	u64 wdev_id;
71 	int wiphy_idx = -1;
72 	int ifidx = -1;
73 
74 	ASSERT_RTNL();
75 
76 	if (!have_ifidx && !have_wdev_id)
77 		return ERR_PTR(-EINVAL);
78 
79 	if (have_ifidx)
80 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
81 	if (have_wdev_id) {
82 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
83 		wiphy_idx = wdev_id >> 32;
84 	}
85 
86 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
87 		struct wireless_dev *wdev;
88 
89 		if (wiphy_net(&rdev->wiphy) != netns)
90 			continue;
91 
92 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
93 			continue;
94 
95 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
96 			if (have_ifidx && wdev->netdev &&
97 			    wdev->netdev->ifindex == ifidx) {
98 				result = wdev;
99 				break;
100 			}
101 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
102 				result = wdev;
103 				break;
104 			}
105 		}
106 
107 		if (result)
108 			break;
109 	}
110 
111 	if (result)
112 		return result;
113 	return ERR_PTR(-ENODEV);
114 }
115 
116 static struct cfg80211_registered_device *
117 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
118 {
119 	struct cfg80211_registered_device *rdev = NULL, *tmp;
120 	struct net_device *netdev;
121 
122 	ASSERT_RTNL();
123 
124 	if (!attrs[NL80211_ATTR_WIPHY] &&
125 	    !attrs[NL80211_ATTR_IFINDEX] &&
126 	    !attrs[NL80211_ATTR_WDEV])
127 		return ERR_PTR(-EINVAL);
128 
129 	if (attrs[NL80211_ATTR_WIPHY])
130 		rdev = cfg80211_rdev_by_wiphy_idx(
131 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
132 
133 	if (attrs[NL80211_ATTR_WDEV]) {
134 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
135 		struct wireless_dev *wdev;
136 		bool found = false;
137 
138 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
139 		if (tmp) {
140 			/* make sure wdev exists */
141 			list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
142 				if (wdev->identifier != (u32)wdev_id)
143 					continue;
144 				found = true;
145 				break;
146 			}
147 
148 			if (!found)
149 				tmp = NULL;
150 
151 			if (rdev && tmp != rdev)
152 				return ERR_PTR(-EINVAL);
153 			rdev = tmp;
154 		}
155 	}
156 
157 	if (attrs[NL80211_ATTR_IFINDEX]) {
158 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
159 
160 		netdev = __dev_get_by_index(netns, ifindex);
161 		if (netdev) {
162 			if (netdev->ieee80211_ptr)
163 				tmp = wiphy_to_rdev(
164 					netdev->ieee80211_ptr->wiphy);
165 			else
166 				tmp = NULL;
167 
168 			/* not wireless device -- return error */
169 			if (!tmp)
170 				return ERR_PTR(-EINVAL);
171 
172 			/* mismatch -- return error */
173 			if (rdev && tmp != rdev)
174 				return ERR_PTR(-EINVAL);
175 
176 			rdev = tmp;
177 		}
178 	}
179 
180 	if (!rdev)
181 		return ERR_PTR(-ENODEV);
182 
183 	if (netns != wiphy_net(&rdev->wiphy))
184 		return ERR_PTR(-ENODEV);
185 
186 	return rdev;
187 }
188 
189 /*
190  * This function returns a pointer to the driver
191  * that the genl_info item that is passed refers to.
192  *
193  * The result of this can be a PTR_ERR and hence must
194  * be checked with IS_ERR() for errors.
195  */
196 static struct cfg80211_registered_device *
197 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
198 {
199 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
200 }
201 
202 /* policy for the attributes */
203 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
204 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
205 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
206 				      .len = 20-1 },
207 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
208 
209 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
210 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
211 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
212 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
213 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
214 
215 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
216 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
217 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
218 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
219 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
220 	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
221 
222 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
223 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
224 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
225 
226 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
227 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
228 
229 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
230 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
231 				    .len = WLAN_MAX_KEY_LEN },
232 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
233 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
234 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
235 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
236 	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
237 
238 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
239 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
240 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
241 				       .len = IEEE80211_MAX_DATA_LEN },
242 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
243 				       .len = IEEE80211_MAX_DATA_LEN },
244 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
245 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
246 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
247 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
248 					       .len = NL80211_MAX_SUPP_RATES },
249 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
250 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
251 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
252 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
253 				   .len = IEEE80211_MAX_MESH_ID_LEN },
254 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
255 
256 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
257 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
258 
259 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
260 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
261 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
262 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
263 					   .len = NL80211_MAX_SUPP_RATES },
264 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
265 
266 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
267 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
268 
269 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
270 
271 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
272 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
273 			      .len = IEEE80211_MAX_DATA_LEN },
274 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
275 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
276 
277 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
278 				.len = IEEE80211_MAX_SSID_LEN },
279 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
280 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
281 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
282 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
283 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
284 	[NL80211_ATTR_STA_FLAGS2] = {
285 		.len = sizeof(struct nl80211_sta_flag_update),
286 	},
287 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
288 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
289 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
290 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
291 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
292 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
293 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
294 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
295 	[NL80211_ATTR_PMKID] = { .len = WLAN_PMKID_LEN },
296 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
297 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
298 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
299 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
300 				 .len = IEEE80211_MAX_DATA_LEN },
301 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
302 	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
303 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
304 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
305 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
306 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
307 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
308 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
309 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
310 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
311 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
312 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
313 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
314 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
315 	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
316 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
317 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
318 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
319 	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
320 	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
321 					 .len = IEEE80211_MAX_DATA_LEN },
322 	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
323 					 .len = IEEE80211_MAX_DATA_LEN },
324 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
325 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
326 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
327 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
328 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
329 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
330 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
331 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
332 	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
333 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
334 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
335 				      .len = IEEE80211_MAX_DATA_LEN },
336 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
337 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
338 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
339 		.len = NL80211_HT_CAPABILITY_LEN
340 	},
341 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
342 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
343 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
344 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
345 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
346 	[NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
347 	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
348 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
349 	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
350 	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
351 	[NL80211_ATTR_LOCAL_MESH_POWER_MODE] = {. type = NLA_U32 },
352 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
353 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
354 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
355 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
356 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
357 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
358 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
359 		.len = NL80211_VHT_CAPABILITY_LEN,
360 	},
361 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
362 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
363 				  .len = IEEE80211_MAX_DATA_LEN },
364 	[NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
365 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
366 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
367 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
368 	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
369 	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
370 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
371 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
372 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
373 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
374 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
375 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
376 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
377 	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
378 				   .len = IEEE80211_QOS_MAP_LEN_MAX },
379 	[NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
380 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
381 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
382 	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
383 	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
384 	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
385 	[NL80211_ATTR_TSID] = { .type = NLA_U8 },
386 	[NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
387 	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
388 	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
389 	[NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
390 	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
391 	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
392 	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
393 	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
394 	[NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
395 	[NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
396 	[NL80211_ATTR_STA_SUPPORT_P2P_PS] = { .type = NLA_U8 },
397 	[NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
398 		.len = VHT_MUMIMO_GROUPS_DATA_LEN
399 	},
400 	[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
401 	[NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 },
402 	[NL80211_ATTR_BANDS] = { .type = NLA_U32 },
403 	[NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
404 	[NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
405 				    .len = FILS_MAX_KEK_LEN },
406 	[NL80211_ATTR_FILS_NONCES] = { .len = 2 * FILS_NONCE_LEN },
407 	[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
408 	[NL80211_ATTR_BSSID] = { .len = ETH_ALEN },
409 	[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
410 	[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
411 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
412 	},
413 	[NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
414 	[NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
415 					     .len = FILS_ERP_MAX_USERNAME_LEN },
416 	[NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
417 					  .len = FILS_ERP_MAX_REALM_LEN },
418 	[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
419 	[NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
420 					.len = FILS_ERP_MAX_RRK_LEN },
421 	[NL80211_ATTR_FILS_CACHE_ID] = { .len = 2 },
422 	[NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
423 	[NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
424 	[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
425 };
426 
427 /* policy for the key attributes */
428 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
429 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
430 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
431 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
432 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
433 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
434 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
435 	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
436 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
437 };
438 
439 /* policy for the key default flags */
440 static const struct nla_policy
441 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
442 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
443 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
444 };
445 
446 #ifdef CONFIG_PM
447 /* policy for WoWLAN attributes */
448 static const struct nla_policy
449 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
450 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
451 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
452 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
453 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
454 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
455 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
456 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
457 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
458 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
459 	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
460 };
461 
462 static const struct nla_policy
463 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
464 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
465 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
466 	[NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
467 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
468 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
469 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
470 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
471 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
472 	},
473 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
474 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
475 	},
476 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
477 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
478 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
479 };
480 #endif /* CONFIG_PM */
481 
482 /* policy for coalesce rule attributes */
483 static const struct nla_policy
484 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
485 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
486 	[NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
487 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
488 };
489 
490 /* policy for GTK rekey offload attributes */
491 static const struct nla_policy
492 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
493 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
494 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
495 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
496 };
497 
498 static const struct nla_policy
499 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
500 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
501 						 .len = IEEE80211_MAX_SSID_LEN },
502 	[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = { .len = ETH_ALEN },
503 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
504 };
505 
506 static const struct nla_policy
507 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
508 	[NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
509 	[NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
510 };
511 
512 static const struct nla_policy
513 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
514 	[NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
515 	[NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
516 	[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
517 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
518 	},
519 };
520 
521 /* policy for NAN function attributes */
522 static const struct nla_policy
523 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
524 	[NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
525 	[NL80211_NAN_FUNC_SERVICE_ID] = {
526 				    .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
527 	[NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
528 	[NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
529 	[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
530 	[NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
531 	[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
532 	[NL80211_NAN_FUNC_FOLLOW_UP_DEST] = { .len = ETH_ALEN },
533 	[NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
534 	[NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
535 	[NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
536 			.len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
537 	[NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
538 	[NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
539 	[NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
540 	[NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
541 	[NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
542 };
543 
544 /* policy for Service Response Filter attributes */
545 static const struct nla_policy
546 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
547 	[NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
548 	[NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
549 				 .len =  NL80211_NAN_FUNC_SRF_MAX_LEN },
550 	[NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
551 	[NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
552 };
553 
554 /* policy for packet pattern attributes */
555 static const struct nla_policy
556 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
557 	[NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
558 	[NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
559 	[NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
560 };
561 
562 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
563 				     struct netlink_callback *cb,
564 				     struct cfg80211_registered_device **rdev,
565 				     struct wireless_dev **wdev)
566 {
567 	int err;
568 
569 	if (!cb->args[0]) {
570 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
571 				  genl_family_attrbuf(&nl80211_fam),
572 				  nl80211_fam.maxattr, nl80211_policy, NULL);
573 		if (err)
574 			return err;
575 
576 		*wdev = __cfg80211_wdev_from_attrs(
577 					sock_net(skb->sk),
578 					genl_family_attrbuf(&nl80211_fam));
579 		if (IS_ERR(*wdev))
580 			return PTR_ERR(*wdev);
581 		*rdev = wiphy_to_rdev((*wdev)->wiphy);
582 		/* 0 is the first index - add 1 to parse only once */
583 		cb->args[0] = (*rdev)->wiphy_idx + 1;
584 		cb->args[1] = (*wdev)->identifier;
585 	} else {
586 		/* subtract the 1 again here */
587 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
588 		struct wireless_dev *tmp;
589 
590 		if (!wiphy)
591 			return -ENODEV;
592 		*rdev = wiphy_to_rdev(wiphy);
593 		*wdev = NULL;
594 
595 		list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
596 			if (tmp->identifier == cb->args[1]) {
597 				*wdev = tmp;
598 				break;
599 			}
600 		}
601 
602 		if (!*wdev)
603 			return -ENODEV;
604 	}
605 
606 	return 0;
607 }
608 
609 /* IE validation */
610 static bool is_valid_ie_attr(const struct nlattr *attr)
611 {
612 	const u8 *pos;
613 	int len;
614 
615 	if (!attr)
616 		return true;
617 
618 	pos = nla_data(attr);
619 	len = nla_len(attr);
620 
621 	while (len) {
622 		u8 elemlen;
623 
624 		if (len < 2)
625 			return false;
626 		len -= 2;
627 
628 		elemlen = pos[1];
629 		if (elemlen > len)
630 			return false;
631 
632 		len -= elemlen;
633 		pos += 2 + elemlen;
634 	}
635 
636 	return true;
637 }
638 
639 /* message building helper */
640 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
641 				   int flags, u8 cmd)
642 {
643 	/* since there is no private header just add the generic one */
644 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
645 }
646 
647 static int nl80211_msg_put_channel(struct sk_buff *msg,
648 				   struct ieee80211_channel *chan,
649 				   bool large)
650 {
651 	/* Some channels must be completely excluded from the
652 	 * list to protect old user-space tools from breaking
653 	 */
654 	if (!large && chan->flags &
655 	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
656 		return 0;
657 
658 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
659 			chan->center_freq))
660 		goto nla_put_failure;
661 
662 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
663 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
664 		goto nla_put_failure;
665 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
666 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
667 			goto nla_put_failure;
668 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
669 			goto nla_put_failure;
670 	}
671 	if (chan->flags & IEEE80211_CHAN_RADAR) {
672 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
673 			goto nla_put_failure;
674 		if (large) {
675 			u32 time;
676 
677 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
678 
679 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
680 					chan->dfs_state))
681 				goto nla_put_failure;
682 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
683 					time))
684 				goto nla_put_failure;
685 			if (nla_put_u32(msg,
686 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
687 					chan->dfs_cac_ms))
688 				goto nla_put_failure;
689 		}
690 	}
691 
692 	if (large) {
693 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
694 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
695 			goto nla_put_failure;
696 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
697 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
698 			goto nla_put_failure;
699 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
700 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
701 			goto nla_put_failure;
702 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
703 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
704 			goto nla_put_failure;
705 		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
706 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
707 			goto nla_put_failure;
708 		if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
709 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
710 			goto nla_put_failure;
711 		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
712 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
713 			goto nla_put_failure;
714 		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
715 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
716 			goto nla_put_failure;
717 	}
718 
719 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
720 			DBM_TO_MBM(chan->max_power)))
721 		goto nla_put_failure;
722 
723 	return 0;
724 
725  nla_put_failure:
726 	return -ENOBUFS;
727 }
728 
729 /* netlink command implementations */
730 
731 struct key_parse {
732 	struct key_params p;
733 	int idx;
734 	int type;
735 	bool def, defmgmt;
736 	bool def_uni, def_multi;
737 };
738 
739 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
740 				 struct key_parse *k)
741 {
742 	struct nlattr *tb[NL80211_KEY_MAX + 1];
743 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
744 				   nl80211_key_policy, info->extack);
745 	if (err)
746 		return err;
747 
748 	k->def = !!tb[NL80211_KEY_DEFAULT];
749 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
750 
751 	if (k->def) {
752 		k->def_uni = true;
753 		k->def_multi = true;
754 	}
755 	if (k->defmgmt)
756 		k->def_multi = true;
757 
758 	if (tb[NL80211_KEY_IDX])
759 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
760 
761 	if (tb[NL80211_KEY_DATA]) {
762 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
763 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
764 	}
765 
766 	if (tb[NL80211_KEY_SEQ]) {
767 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
768 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
769 	}
770 
771 	if (tb[NL80211_KEY_CIPHER])
772 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
773 
774 	if (tb[NL80211_KEY_TYPE]) {
775 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
776 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
777 			return genl_err_attr(info, -EINVAL,
778 					     tb[NL80211_KEY_TYPE]);
779 	}
780 
781 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
782 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
783 
784 		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
785 				       tb[NL80211_KEY_DEFAULT_TYPES],
786 				       nl80211_key_default_policy,
787 				       info->extack);
788 		if (err)
789 			return err;
790 
791 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
792 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
793 	}
794 
795 	return 0;
796 }
797 
798 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
799 {
800 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
801 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
802 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
803 	}
804 
805 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
806 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
807 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
808 	}
809 
810 	if (info->attrs[NL80211_ATTR_KEY_IDX])
811 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
812 
813 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
814 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
815 
816 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
817 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
818 
819 	if (k->def) {
820 		k->def_uni = true;
821 		k->def_multi = true;
822 	}
823 	if (k->defmgmt)
824 		k->def_multi = true;
825 
826 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
827 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
828 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) {
829 			GENL_SET_ERR_MSG(info, "key type out of range");
830 			return -EINVAL;
831 		}
832 	}
833 
834 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
835 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
836 		int err = nla_parse_nested(kdt,
837 					   NUM_NL80211_KEY_DEFAULT_TYPES - 1,
838 					   info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
839 					   nl80211_key_default_policy,
840 					   info->extack);
841 		if (err)
842 			return err;
843 
844 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
845 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
846 	}
847 
848 	return 0;
849 }
850 
851 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
852 {
853 	int err;
854 
855 	memset(k, 0, sizeof(*k));
856 	k->idx = -1;
857 	k->type = -1;
858 
859 	if (info->attrs[NL80211_ATTR_KEY])
860 		err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
861 	else
862 		err = nl80211_parse_key_old(info, k);
863 
864 	if (err)
865 		return err;
866 
867 	if (k->def && k->defmgmt) {
868 		GENL_SET_ERR_MSG(info, "key with def && defmgmt is invalid");
869 		return -EINVAL;
870 	}
871 
872 	if (k->defmgmt) {
873 		if (k->def_uni || !k->def_multi) {
874 			GENL_SET_ERR_MSG(info, "defmgmt key must be mcast");
875 			return -EINVAL;
876 		}
877 	}
878 
879 	if (k->idx != -1) {
880 		if (k->defmgmt) {
881 			if (k->idx < 4 || k->idx > 5) {
882 				GENL_SET_ERR_MSG(info,
883 						 "defmgmt key idx not 4 or 5");
884 				return -EINVAL;
885 			}
886 		} else if (k->def) {
887 			if (k->idx < 0 || k->idx > 3) {
888 				GENL_SET_ERR_MSG(info, "def key idx not 0-3");
889 				return -EINVAL;
890 			}
891 		} else {
892 			if (k->idx < 0 || k->idx > 5) {
893 				GENL_SET_ERR_MSG(info, "key idx not 0-5");
894 				return -EINVAL;
895 			}
896 		}
897 	}
898 
899 	return 0;
900 }
901 
902 static struct cfg80211_cached_keys *
903 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
904 		       struct genl_info *info, bool *no_ht)
905 {
906 	struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
907 	struct key_parse parse;
908 	struct nlattr *key;
909 	struct cfg80211_cached_keys *result;
910 	int rem, err, def = 0;
911 	bool have_key = false;
912 
913 	nla_for_each_nested(key, keys, rem) {
914 		have_key = true;
915 		break;
916 	}
917 
918 	if (!have_key)
919 		return NULL;
920 
921 	result = kzalloc(sizeof(*result), GFP_KERNEL);
922 	if (!result)
923 		return ERR_PTR(-ENOMEM);
924 
925 	result->def = -1;
926 
927 	nla_for_each_nested(key, keys, rem) {
928 		memset(&parse, 0, sizeof(parse));
929 		parse.idx = -1;
930 
931 		err = nl80211_parse_key_new(info, key, &parse);
932 		if (err)
933 			goto error;
934 		err = -EINVAL;
935 		if (!parse.p.key)
936 			goto error;
937 		if (parse.idx < 0 || parse.idx > 3) {
938 			GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
939 			goto error;
940 		}
941 		if (parse.def) {
942 			if (def) {
943 				GENL_SET_ERR_MSG(info,
944 						 "only one key can be default");
945 				goto error;
946 			}
947 			def = 1;
948 			result->def = parse.idx;
949 			if (!parse.def_uni || !parse.def_multi)
950 				goto error;
951 		} else if (parse.defmgmt)
952 			goto error;
953 		err = cfg80211_validate_key_settings(rdev, &parse.p,
954 						     parse.idx, false, NULL);
955 		if (err)
956 			goto error;
957 		if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
958 		    parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
959 			GENL_SET_ERR_MSG(info, "connect key must be WEP");
960 			err = -EINVAL;
961 			goto error;
962 		}
963 		result->params[parse.idx].cipher = parse.p.cipher;
964 		result->params[parse.idx].key_len = parse.p.key_len;
965 		result->params[parse.idx].key = result->data[parse.idx];
966 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
967 
968 		/* must be WEP key if we got here */
969 		if (no_ht)
970 			*no_ht = true;
971 	}
972 
973 	if (result->def < 0) {
974 		err = -EINVAL;
975 		GENL_SET_ERR_MSG(info, "need a default/TX key");
976 		goto error;
977 	}
978 
979 	return result;
980  error:
981 	kfree(result);
982 	return ERR_PTR(err);
983 }
984 
985 static int nl80211_key_allowed(struct wireless_dev *wdev)
986 {
987 	ASSERT_WDEV_LOCK(wdev);
988 
989 	switch (wdev->iftype) {
990 	case NL80211_IFTYPE_AP:
991 	case NL80211_IFTYPE_AP_VLAN:
992 	case NL80211_IFTYPE_P2P_GO:
993 	case NL80211_IFTYPE_MESH_POINT:
994 		break;
995 	case NL80211_IFTYPE_ADHOC:
996 	case NL80211_IFTYPE_STATION:
997 	case NL80211_IFTYPE_P2P_CLIENT:
998 		if (!wdev->current_bss)
999 			return -ENOLINK;
1000 		break;
1001 	case NL80211_IFTYPE_UNSPECIFIED:
1002 	case NL80211_IFTYPE_OCB:
1003 	case NL80211_IFTYPE_MONITOR:
1004 	case NL80211_IFTYPE_NAN:
1005 	case NL80211_IFTYPE_P2P_DEVICE:
1006 	case NL80211_IFTYPE_WDS:
1007 	case NUM_NL80211_IFTYPES:
1008 		return -EINVAL;
1009 	}
1010 
1011 	return 0;
1012 }
1013 
1014 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1015 							struct nlattr *tb)
1016 {
1017 	struct ieee80211_channel *chan;
1018 
1019 	if (tb == NULL)
1020 		return NULL;
1021 	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1022 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1023 		return NULL;
1024 	return chan;
1025 }
1026 
1027 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1028 {
1029 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
1030 	int i;
1031 
1032 	if (!nl_modes)
1033 		goto nla_put_failure;
1034 
1035 	i = 0;
1036 	while (ifmodes) {
1037 		if ((ifmodes & 1) && nla_put_flag(msg, i))
1038 			goto nla_put_failure;
1039 		ifmodes >>= 1;
1040 		i++;
1041 	}
1042 
1043 	nla_nest_end(msg, nl_modes);
1044 	return 0;
1045 
1046 nla_put_failure:
1047 	return -ENOBUFS;
1048 }
1049 
1050 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1051 					  struct sk_buff *msg,
1052 					  bool large)
1053 {
1054 	struct nlattr *nl_combis;
1055 	int i, j;
1056 
1057 	nl_combis = nla_nest_start(msg,
1058 				NL80211_ATTR_INTERFACE_COMBINATIONS);
1059 	if (!nl_combis)
1060 		goto nla_put_failure;
1061 
1062 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
1063 		const struct ieee80211_iface_combination *c;
1064 		struct nlattr *nl_combi, *nl_limits;
1065 
1066 		c = &wiphy->iface_combinations[i];
1067 
1068 		nl_combi = nla_nest_start(msg, i + 1);
1069 		if (!nl_combi)
1070 			goto nla_put_failure;
1071 
1072 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
1073 		if (!nl_limits)
1074 			goto nla_put_failure;
1075 
1076 		for (j = 0; j < c->n_limits; j++) {
1077 			struct nlattr *nl_limit;
1078 
1079 			nl_limit = nla_nest_start(msg, j + 1);
1080 			if (!nl_limit)
1081 				goto nla_put_failure;
1082 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1083 					c->limits[j].max))
1084 				goto nla_put_failure;
1085 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1086 						c->limits[j].types))
1087 				goto nla_put_failure;
1088 			nla_nest_end(msg, nl_limit);
1089 		}
1090 
1091 		nla_nest_end(msg, nl_limits);
1092 
1093 		if (c->beacon_int_infra_match &&
1094 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1095 			goto nla_put_failure;
1096 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1097 				c->num_different_channels) ||
1098 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1099 				c->max_interfaces))
1100 			goto nla_put_failure;
1101 		if (large &&
1102 		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1103 				c->radar_detect_widths) ||
1104 		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1105 				c->radar_detect_regions)))
1106 			goto nla_put_failure;
1107 		if (c->beacon_int_min_gcd &&
1108 		    nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1109 				c->beacon_int_min_gcd))
1110 			goto nla_put_failure;
1111 
1112 		nla_nest_end(msg, nl_combi);
1113 	}
1114 
1115 	nla_nest_end(msg, nl_combis);
1116 
1117 	return 0;
1118 nla_put_failure:
1119 	return -ENOBUFS;
1120 }
1121 
1122 #ifdef CONFIG_PM
1123 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1124 					struct sk_buff *msg)
1125 {
1126 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1127 	struct nlattr *nl_tcp;
1128 
1129 	if (!tcp)
1130 		return 0;
1131 
1132 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1133 	if (!nl_tcp)
1134 		return -ENOBUFS;
1135 
1136 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1137 			tcp->data_payload_max))
1138 		return -ENOBUFS;
1139 
1140 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1141 			tcp->data_payload_max))
1142 		return -ENOBUFS;
1143 
1144 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1145 		return -ENOBUFS;
1146 
1147 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1148 				sizeof(*tcp->tok), tcp->tok))
1149 		return -ENOBUFS;
1150 
1151 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1152 			tcp->data_interval_max))
1153 		return -ENOBUFS;
1154 
1155 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1156 			tcp->wake_payload_max))
1157 		return -ENOBUFS;
1158 
1159 	nla_nest_end(msg, nl_tcp);
1160 	return 0;
1161 }
1162 
1163 static int nl80211_send_wowlan(struct sk_buff *msg,
1164 			       struct cfg80211_registered_device *rdev,
1165 			       bool large)
1166 {
1167 	struct nlattr *nl_wowlan;
1168 
1169 	if (!rdev->wiphy.wowlan)
1170 		return 0;
1171 
1172 	nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1173 	if (!nl_wowlan)
1174 		return -ENOBUFS;
1175 
1176 	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1177 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1178 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1179 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1180 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1181 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1182 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1183 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1184 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1185 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1186 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1187 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1188 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1189 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1190 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1191 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1192 		return -ENOBUFS;
1193 
1194 	if (rdev->wiphy.wowlan->n_patterns) {
1195 		struct nl80211_pattern_support pat = {
1196 			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1197 			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1198 			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1199 			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1200 		};
1201 
1202 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1203 			    sizeof(pat), &pat))
1204 			return -ENOBUFS;
1205 	}
1206 
1207 	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1208 	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1209 			rdev->wiphy.wowlan->max_nd_match_sets))
1210 		return -ENOBUFS;
1211 
1212 	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1213 		return -ENOBUFS;
1214 
1215 	nla_nest_end(msg, nl_wowlan);
1216 
1217 	return 0;
1218 }
1219 #endif
1220 
1221 static int nl80211_send_coalesce(struct sk_buff *msg,
1222 				 struct cfg80211_registered_device *rdev)
1223 {
1224 	struct nl80211_coalesce_rule_support rule;
1225 
1226 	if (!rdev->wiphy.coalesce)
1227 		return 0;
1228 
1229 	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1230 	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1231 	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1232 	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1233 	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1234 	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1235 
1236 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1237 		return -ENOBUFS;
1238 
1239 	return 0;
1240 }
1241 
1242 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1243 				      struct ieee80211_supported_band *sband)
1244 {
1245 	struct nlattr *nl_rates, *nl_rate;
1246 	struct ieee80211_rate *rate;
1247 	int i;
1248 
1249 	/* add HT info */
1250 	if (sband->ht_cap.ht_supported &&
1251 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1252 		     sizeof(sband->ht_cap.mcs),
1253 		     &sband->ht_cap.mcs) ||
1254 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1255 			 sband->ht_cap.cap) ||
1256 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1257 			sband->ht_cap.ampdu_factor) ||
1258 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1259 			sband->ht_cap.ampdu_density)))
1260 		return -ENOBUFS;
1261 
1262 	/* add VHT info */
1263 	if (sband->vht_cap.vht_supported &&
1264 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1265 		     sizeof(sband->vht_cap.vht_mcs),
1266 		     &sband->vht_cap.vht_mcs) ||
1267 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1268 			 sband->vht_cap.cap)))
1269 		return -ENOBUFS;
1270 
1271 	/* add bitrates */
1272 	nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1273 	if (!nl_rates)
1274 		return -ENOBUFS;
1275 
1276 	for (i = 0; i < sband->n_bitrates; i++) {
1277 		nl_rate = nla_nest_start(msg, i);
1278 		if (!nl_rate)
1279 			return -ENOBUFS;
1280 
1281 		rate = &sband->bitrates[i];
1282 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1283 				rate->bitrate))
1284 			return -ENOBUFS;
1285 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1286 		    nla_put_flag(msg,
1287 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1288 			return -ENOBUFS;
1289 
1290 		nla_nest_end(msg, nl_rate);
1291 	}
1292 
1293 	nla_nest_end(msg, nl_rates);
1294 
1295 	return 0;
1296 }
1297 
1298 static int
1299 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1300 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1301 {
1302 	u16 stypes;
1303 	struct nlattr *nl_ftypes, *nl_ifs;
1304 	enum nl80211_iftype ift;
1305 	int i;
1306 
1307 	if (!mgmt_stypes)
1308 		return 0;
1309 
1310 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1311 	if (!nl_ifs)
1312 		return -ENOBUFS;
1313 
1314 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1315 		nl_ftypes = nla_nest_start(msg, ift);
1316 		if (!nl_ftypes)
1317 			return -ENOBUFS;
1318 		i = 0;
1319 		stypes = mgmt_stypes[ift].tx;
1320 		while (stypes) {
1321 			if ((stypes & 1) &&
1322 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1323 					(i << 4) | IEEE80211_FTYPE_MGMT))
1324 				return -ENOBUFS;
1325 			stypes >>= 1;
1326 			i++;
1327 		}
1328 		nla_nest_end(msg, nl_ftypes);
1329 	}
1330 
1331 	nla_nest_end(msg, nl_ifs);
1332 
1333 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1334 	if (!nl_ifs)
1335 		return -ENOBUFS;
1336 
1337 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1338 		nl_ftypes = nla_nest_start(msg, ift);
1339 		if (!nl_ftypes)
1340 			return -ENOBUFS;
1341 		i = 0;
1342 		stypes = mgmt_stypes[ift].rx;
1343 		while (stypes) {
1344 			if ((stypes & 1) &&
1345 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1346 					(i << 4) | IEEE80211_FTYPE_MGMT))
1347 				return -ENOBUFS;
1348 			stypes >>= 1;
1349 			i++;
1350 		}
1351 		nla_nest_end(msg, nl_ftypes);
1352 	}
1353 	nla_nest_end(msg, nl_ifs);
1354 
1355 	return 0;
1356 }
1357 
1358 #define CMD(op, n)							\
1359 	 do {								\
1360 		if (rdev->ops->op) {					\
1361 			i++;						\
1362 			if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) 	\
1363 				goto nla_put_failure;			\
1364 		}							\
1365 	} while (0)
1366 
1367 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1368 					struct sk_buff *msg)
1369 {
1370 	int i = 0;
1371 
1372 	/*
1373 	 * do *NOT* add anything into this function, new things need to be
1374 	 * advertised only to new versions of userspace that can deal with
1375 	 * the split (and they can't possibly care about new features...
1376 	 */
1377 	CMD(add_virtual_intf, NEW_INTERFACE);
1378 	CMD(change_virtual_intf, SET_INTERFACE);
1379 	CMD(add_key, NEW_KEY);
1380 	CMD(start_ap, START_AP);
1381 	CMD(add_station, NEW_STATION);
1382 	CMD(add_mpath, NEW_MPATH);
1383 	CMD(update_mesh_config, SET_MESH_CONFIG);
1384 	CMD(change_bss, SET_BSS);
1385 	CMD(auth, AUTHENTICATE);
1386 	CMD(assoc, ASSOCIATE);
1387 	CMD(deauth, DEAUTHENTICATE);
1388 	CMD(disassoc, DISASSOCIATE);
1389 	CMD(join_ibss, JOIN_IBSS);
1390 	CMD(join_mesh, JOIN_MESH);
1391 	CMD(set_pmksa, SET_PMKSA);
1392 	CMD(del_pmksa, DEL_PMKSA);
1393 	CMD(flush_pmksa, FLUSH_PMKSA);
1394 	if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1395 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1396 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1397 	CMD(mgmt_tx, FRAME);
1398 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1399 	if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1400 		i++;
1401 		if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1402 			goto nla_put_failure;
1403 	}
1404 	if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1405 	    rdev->ops->join_mesh) {
1406 		i++;
1407 		if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1408 			goto nla_put_failure;
1409 	}
1410 	CMD(set_wds_peer, SET_WDS_PEER);
1411 	if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1412 		CMD(tdls_mgmt, TDLS_MGMT);
1413 		CMD(tdls_oper, TDLS_OPER);
1414 	}
1415 	if (rdev->wiphy.max_sched_scan_reqs)
1416 		CMD(sched_scan_start, START_SCHED_SCAN);
1417 	CMD(probe_client, PROBE_CLIENT);
1418 	CMD(set_noack_map, SET_NOACK_MAP);
1419 	if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1420 		i++;
1421 		if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1422 			goto nla_put_failure;
1423 	}
1424 	CMD(start_p2p_device, START_P2P_DEVICE);
1425 	CMD(set_mcast_rate, SET_MCAST_RATE);
1426 #ifdef CONFIG_NL80211_TESTMODE
1427 	CMD(testmode_cmd, TESTMODE);
1428 #endif
1429 
1430 	if (rdev->ops->connect || rdev->ops->auth) {
1431 		i++;
1432 		if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1433 			goto nla_put_failure;
1434 	}
1435 
1436 	if (rdev->ops->disconnect || rdev->ops->deauth) {
1437 		i++;
1438 		if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1439 			goto nla_put_failure;
1440 	}
1441 
1442 	return i;
1443  nla_put_failure:
1444 	return -ENOBUFS;
1445 }
1446 
1447 struct nl80211_dump_wiphy_state {
1448 	s64 filter_wiphy;
1449 	long start;
1450 	long split_start, band_start, chan_start, capa_start;
1451 	bool split;
1452 };
1453 
1454 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1455 			      enum nl80211_commands cmd,
1456 			      struct sk_buff *msg, u32 portid, u32 seq,
1457 			      int flags, struct nl80211_dump_wiphy_state *state)
1458 {
1459 	void *hdr;
1460 	struct nlattr *nl_bands, *nl_band;
1461 	struct nlattr *nl_freqs, *nl_freq;
1462 	struct nlattr *nl_cmds;
1463 	enum nl80211_band band;
1464 	struct ieee80211_channel *chan;
1465 	int i;
1466 	const struct ieee80211_txrx_stypes *mgmt_stypes =
1467 				rdev->wiphy.mgmt_stypes;
1468 	u32 features;
1469 
1470 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1471 	if (!hdr)
1472 		return -ENOBUFS;
1473 
1474 	if (WARN_ON(!state))
1475 		return -EINVAL;
1476 
1477 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1478 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1479 			   wiphy_name(&rdev->wiphy)) ||
1480 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1481 			cfg80211_rdev_list_generation))
1482 		goto nla_put_failure;
1483 
1484 	if (cmd != NL80211_CMD_NEW_WIPHY)
1485 		goto finish;
1486 
1487 	switch (state->split_start) {
1488 	case 0:
1489 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1490 			       rdev->wiphy.retry_short) ||
1491 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1492 			       rdev->wiphy.retry_long) ||
1493 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1494 				rdev->wiphy.frag_threshold) ||
1495 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1496 				rdev->wiphy.rts_threshold) ||
1497 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1498 			       rdev->wiphy.coverage_class) ||
1499 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1500 			       rdev->wiphy.max_scan_ssids) ||
1501 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1502 			       rdev->wiphy.max_sched_scan_ssids) ||
1503 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1504 				rdev->wiphy.max_scan_ie_len) ||
1505 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1506 				rdev->wiphy.max_sched_scan_ie_len) ||
1507 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1508 			       rdev->wiphy.max_match_sets) ||
1509 		    nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1510 				rdev->wiphy.max_sched_scan_plans) ||
1511 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1512 				rdev->wiphy.max_sched_scan_plan_interval) ||
1513 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1514 				rdev->wiphy.max_sched_scan_plan_iterations))
1515 			goto nla_put_failure;
1516 
1517 		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1518 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1519 			goto nla_put_failure;
1520 		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1521 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1522 			goto nla_put_failure;
1523 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1524 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1525 			goto nla_put_failure;
1526 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1527 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1528 			goto nla_put_failure;
1529 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1530 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1531 			goto nla_put_failure;
1532 		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1533 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1534 			goto nla_put_failure;
1535 		state->split_start++;
1536 		if (state->split)
1537 			break;
1538 	case 1:
1539 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1540 			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
1541 			    rdev->wiphy.cipher_suites))
1542 			goto nla_put_failure;
1543 
1544 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1545 			       rdev->wiphy.max_num_pmkids))
1546 			goto nla_put_failure;
1547 
1548 		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1549 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1550 			goto nla_put_failure;
1551 
1552 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1553 				rdev->wiphy.available_antennas_tx) ||
1554 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1555 				rdev->wiphy.available_antennas_rx))
1556 			goto nla_put_failure;
1557 
1558 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1559 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1560 				rdev->wiphy.probe_resp_offload))
1561 			goto nla_put_failure;
1562 
1563 		if ((rdev->wiphy.available_antennas_tx ||
1564 		     rdev->wiphy.available_antennas_rx) &&
1565 		    rdev->ops->get_antenna) {
1566 			u32 tx_ant = 0, rx_ant = 0;
1567 			int res;
1568 
1569 			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1570 			if (!res) {
1571 				if (nla_put_u32(msg,
1572 						NL80211_ATTR_WIPHY_ANTENNA_TX,
1573 						tx_ant) ||
1574 				    nla_put_u32(msg,
1575 						NL80211_ATTR_WIPHY_ANTENNA_RX,
1576 						rx_ant))
1577 					goto nla_put_failure;
1578 			}
1579 		}
1580 
1581 		state->split_start++;
1582 		if (state->split)
1583 			break;
1584 	case 2:
1585 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1586 					rdev->wiphy.interface_modes))
1587 				goto nla_put_failure;
1588 		state->split_start++;
1589 		if (state->split)
1590 			break;
1591 	case 3:
1592 		nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1593 		if (!nl_bands)
1594 			goto nla_put_failure;
1595 
1596 		for (band = state->band_start;
1597 		     band < NUM_NL80211_BANDS; band++) {
1598 			struct ieee80211_supported_band *sband;
1599 
1600 			sband = rdev->wiphy.bands[band];
1601 
1602 			if (!sband)
1603 				continue;
1604 
1605 			nl_band = nla_nest_start(msg, band);
1606 			if (!nl_band)
1607 				goto nla_put_failure;
1608 
1609 			switch (state->chan_start) {
1610 			case 0:
1611 				if (nl80211_send_band_rateinfo(msg, sband))
1612 					goto nla_put_failure;
1613 				state->chan_start++;
1614 				if (state->split)
1615 					break;
1616 			default:
1617 				/* add frequencies */
1618 				nl_freqs = nla_nest_start(
1619 					msg, NL80211_BAND_ATTR_FREQS);
1620 				if (!nl_freqs)
1621 					goto nla_put_failure;
1622 
1623 				for (i = state->chan_start - 1;
1624 				     i < sband->n_channels;
1625 				     i++) {
1626 					nl_freq = nla_nest_start(msg, i);
1627 					if (!nl_freq)
1628 						goto nla_put_failure;
1629 
1630 					chan = &sband->channels[i];
1631 
1632 					if (nl80211_msg_put_channel(
1633 							msg, chan,
1634 							state->split))
1635 						goto nla_put_failure;
1636 
1637 					nla_nest_end(msg, nl_freq);
1638 					if (state->split)
1639 						break;
1640 				}
1641 				if (i < sband->n_channels)
1642 					state->chan_start = i + 2;
1643 				else
1644 					state->chan_start = 0;
1645 				nla_nest_end(msg, nl_freqs);
1646 			}
1647 
1648 			nla_nest_end(msg, nl_band);
1649 
1650 			if (state->split) {
1651 				/* start again here */
1652 				if (state->chan_start)
1653 					band--;
1654 				break;
1655 			}
1656 		}
1657 		nla_nest_end(msg, nl_bands);
1658 
1659 		if (band < NUM_NL80211_BANDS)
1660 			state->band_start = band + 1;
1661 		else
1662 			state->band_start = 0;
1663 
1664 		/* if bands & channels are done, continue outside */
1665 		if (state->band_start == 0 && state->chan_start == 0)
1666 			state->split_start++;
1667 		if (state->split)
1668 			break;
1669 	case 4:
1670 		nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1671 		if (!nl_cmds)
1672 			goto nla_put_failure;
1673 
1674 		i = nl80211_add_commands_unsplit(rdev, msg);
1675 		if (i < 0)
1676 			goto nla_put_failure;
1677 		if (state->split) {
1678 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
1679 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1680 			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1681 				CMD(channel_switch, CHANNEL_SWITCH);
1682 			CMD(set_qos_map, SET_QOS_MAP);
1683 			if (rdev->wiphy.features &
1684 					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1685 				CMD(add_tx_ts, ADD_TX_TS);
1686 			CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
1687 			CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
1688 		}
1689 #undef CMD
1690 
1691 		nla_nest_end(msg, nl_cmds);
1692 		state->split_start++;
1693 		if (state->split)
1694 			break;
1695 	case 5:
1696 		if (rdev->ops->remain_on_channel &&
1697 		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1698 		    nla_put_u32(msg,
1699 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1700 				rdev->wiphy.max_remain_on_channel_duration))
1701 			goto nla_put_failure;
1702 
1703 		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1704 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1705 			goto nla_put_failure;
1706 
1707 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1708 			goto nla_put_failure;
1709 		state->split_start++;
1710 		if (state->split)
1711 			break;
1712 	case 6:
1713 #ifdef CONFIG_PM
1714 		if (nl80211_send_wowlan(msg, rdev, state->split))
1715 			goto nla_put_failure;
1716 		state->split_start++;
1717 		if (state->split)
1718 			break;
1719 #else
1720 		state->split_start++;
1721 #endif
1722 	case 7:
1723 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1724 					rdev->wiphy.software_iftypes))
1725 			goto nla_put_failure;
1726 
1727 		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1728 						   state->split))
1729 			goto nla_put_failure;
1730 
1731 		state->split_start++;
1732 		if (state->split)
1733 			break;
1734 	case 8:
1735 		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1736 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1737 				rdev->wiphy.ap_sme_capa))
1738 			goto nla_put_failure;
1739 
1740 		features = rdev->wiphy.features;
1741 		/*
1742 		 * We can only add the per-channel limit information if the
1743 		 * dump is split, otherwise it makes it too big. Therefore
1744 		 * only advertise it in that case.
1745 		 */
1746 		if (state->split)
1747 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1748 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1749 			goto nla_put_failure;
1750 
1751 		if (rdev->wiphy.ht_capa_mod_mask &&
1752 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1753 			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
1754 			    rdev->wiphy.ht_capa_mod_mask))
1755 			goto nla_put_failure;
1756 
1757 		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1758 		    rdev->wiphy.max_acl_mac_addrs &&
1759 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1760 				rdev->wiphy.max_acl_mac_addrs))
1761 			goto nla_put_failure;
1762 
1763 		/*
1764 		 * Any information below this point is only available to
1765 		 * applications that can deal with it being split. This
1766 		 * helps ensure that newly added capabilities don't break
1767 		 * older tools by overrunning their buffers.
1768 		 *
1769 		 * We still increment split_start so that in the split
1770 		 * case we'll continue with more data in the next round,
1771 		 * but break unconditionally so unsplit data stops here.
1772 		 */
1773 		state->split_start++;
1774 		break;
1775 	case 9:
1776 		if (rdev->wiphy.extended_capabilities &&
1777 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1778 			     rdev->wiphy.extended_capabilities_len,
1779 			     rdev->wiphy.extended_capabilities) ||
1780 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1781 			     rdev->wiphy.extended_capabilities_len,
1782 			     rdev->wiphy.extended_capabilities_mask)))
1783 			goto nla_put_failure;
1784 
1785 		if (rdev->wiphy.vht_capa_mod_mask &&
1786 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1787 			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
1788 			    rdev->wiphy.vht_capa_mod_mask))
1789 			goto nla_put_failure;
1790 
1791 		state->split_start++;
1792 		break;
1793 	case 10:
1794 		if (nl80211_send_coalesce(msg, rdev))
1795 			goto nla_put_failure;
1796 
1797 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1798 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1799 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1800 			goto nla_put_failure;
1801 
1802 		if (rdev->wiphy.max_ap_assoc_sta &&
1803 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1804 				rdev->wiphy.max_ap_assoc_sta))
1805 			goto nla_put_failure;
1806 
1807 		state->split_start++;
1808 		break;
1809 	case 11:
1810 		if (rdev->wiphy.n_vendor_commands) {
1811 			const struct nl80211_vendor_cmd_info *info;
1812 			struct nlattr *nested;
1813 
1814 			nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1815 			if (!nested)
1816 				goto nla_put_failure;
1817 
1818 			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1819 				info = &rdev->wiphy.vendor_commands[i].info;
1820 				if (nla_put(msg, i + 1, sizeof(*info), info))
1821 					goto nla_put_failure;
1822 			}
1823 			nla_nest_end(msg, nested);
1824 		}
1825 
1826 		if (rdev->wiphy.n_vendor_events) {
1827 			const struct nl80211_vendor_cmd_info *info;
1828 			struct nlattr *nested;
1829 
1830 			nested = nla_nest_start(msg,
1831 						NL80211_ATTR_VENDOR_EVENTS);
1832 			if (!nested)
1833 				goto nla_put_failure;
1834 
1835 			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1836 				info = &rdev->wiphy.vendor_events[i];
1837 				if (nla_put(msg, i + 1, sizeof(*info), info))
1838 					goto nla_put_failure;
1839 			}
1840 			nla_nest_end(msg, nested);
1841 		}
1842 		state->split_start++;
1843 		break;
1844 	case 12:
1845 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1846 		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1847 			       rdev->wiphy.max_num_csa_counters))
1848 			goto nla_put_failure;
1849 
1850 		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1851 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1852 			goto nla_put_failure;
1853 
1854 		if (rdev->wiphy.max_sched_scan_reqs &&
1855 		    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
1856 				rdev->wiphy.max_sched_scan_reqs))
1857 			goto nla_put_failure;
1858 
1859 		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
1860 			    sizeof(rdev->wiphy.ext_features),
1861 			    rdev->wiphy.ext_features))
1862 			goto nla_put_failure;
1863 
1864 		if (rdev->wiphy.bss_select_support) {
1865 			struct nlattr *nested;
1866 			u32 bss_select_support = rdev->wiphy.bss_select_support;
1867 
1868 			nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT);
1869 			if (!nested)
1870 				goto nla_put_failure;
1871 
1872 			i = 0;
1873 			while (bss_select_support) {
1874 				if ((bss_select_support & 1) &&
1875 				    nla_put_flag(msg, i))
1876 					goto nla_put_failure;
1877 				i++;
1878 				bss_select_support >>= 1;
1879 			}
1880 			nla_nest_end(msg, nested);
1881 		}
1882 
1883 		state->split_start++;
1884 		break;
1885 	case 13:
1886 		if (rdev->wiphy.num_iftype_ext_capab &&
1887 		    rdev->wiphy.iftype_ext_capab) {
1888 			struct nlattr *nested_ext_capab, *nested;
1889 
1890 			nested = nla_nest_start(msg,
1891 						NL80211_ATTR_IFTYPE_EXT_CAPA);
1892 			if (!nested)
1893 				goto nla_put_failure;
1894 
1895 			for (i = state->capa_start;
1896 			     i < rdev->wiphy.num_iftype_ext_capab; i++) {
1897 				const struct wiphy_iftype_ext_capab *capab;
1898 
1899 				capab = &rdev->wiphy.iftype_ext_capab[i];
1900 
1901 				nested_ext_capab = nla_nest_start(msg, i);
1902 				if (!nested_ext_capab ||
1903 				    nla_put_u32(msg, NL80211_ATTR_IFTYPE,
1904 						capab->iftype) ||
1905 				    nla_put(msg, NL80211_ATTR_EXT_CAPA,
1906 					    capab->extended_capabilities_len,
1907 					    capab->extended_capabilities) ||
1908 				    nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1909 					    capab->extended_capabilities_len,
1910 					    capab->extended_capabilities_mask))
1911 					goto nla_put_failure;
1912 
1913 				nla_nest_end(msg, nested_ext_capab);
1914 				if (state->split)
1915 					break;
1916 			}
1917 			nla_nest_end(msg, nested);
1918 			if (i < rdev->wiphy.num_iftype_ext_capab) {
1919 				state->capa_start = i + 1;
1920 				break;
1921 			}
1922 		}
1923 
1924 		if (nla_put_u32(msg, NL80211_ATTR_BANDS,
1925 				rdev->wiphy.nan_supported_bands))
1926 			goto nla_put_failure;
1927 
1928 		/* done */
1929 		state->split_start = 0;
1930 		break;
1931 	}
1932  finish:
1933 	genlmsg_end(msg, hdr);
1934 	return 0;
1935 
1936  nla_put_failure:
1937 	genlmsg_cancel(msg, hdr);
1938 	return -EMSGSIZE;
1939 }
1940 
1941 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1942 				    struct netlink_callback *cb,
1943 				    struct nl80211_dump_wiphy_state *state)
1944 {
1945 	struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
1946 	int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, tb,
1947 			      nl80211_fam.maxattr, nl80211_policy, NULL);
1948 	/* ignore parse errors for backward compatibility */
1949 	if (ret)
1950 		return 0;
1951 
1952 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1953 	if (tb[NL80211_ATTR_WIPHY])
1954 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1955 	if (tb[NL80211_ATTR_WDEV])
1956 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1957 	if (tb[NL80211_ATTR_IFINDEX]) {
1958 		struct net_device *netdev;
1959 		struct cfg80211_registered_device *rdev;
1960 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1961 
1962 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1963 		if (!netdev)
1964 			return -ENODEV;
1965 		if (netdev->ieee80211_ptr) {
1966 			rdev = wiphy_to_rdev(
1967 				netdev->ieee80211_ptr->wiphy);
1968 			state->filter_wiphy = rdev->wiphy_idx;
1969 		}
1970 	}
1971 
1972 	return 0;
1973 }
1974 
1975 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1976 {
1977 	int idx = 0, ret;
1978 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1979 	struct cfg80211_registered_device *rdev;
1980 
1981 	rtnl_lock();
1982 	if (!state) {
1983 		state = kzalloc(sizeof(*state), GFP_KERNEL);
1984 		if (!state) {
1985 			rtnl_unlock();
1986 			return -ENOMEM;
1987 		}
1988 		state->filter_wiphy = -1;
1989 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
1990 		if (ret) {
1991 			kfree(state);
1992 			rtnl_unlock();
1993 			return ret;
1994 		}
1995 		cb->args[0] = (long)state;
1996 	}
1997 
1998 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1999 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2000 			continue;
2001 		if (++idx <= state->start)
2002 			continue;
2003 		if (state->filter_wiphy != -1 &&
2004 		    state->filter_wiphy != rdev->wiphy_idx)
2005 			continue;
2006 		/* attempt to fit multiple wiphy data chunks into the skb */
2007 		do {
2008 			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2009 						 skb,
2010 						 NETLINK_CB(cb->skb).portid,
2011 						 cb->nlh->nlmsg_seq,
2012 						 NLM_F_MULTI, state);
2013 			if (ret < 0) {
2014 				/*
2015 				 * If sending the wiphy data didn't fit (ENOBUFS
2016 				 * or EMSGSIZE returned), this SKB is still
2017 				 * empty (so it's not too big because another
2018 				 * wiphy dataset is already in the skb) and
2019 				 * we've not tried to adjust the dump allocation
2020 				 * yet ... then adjust the alloc size to be
2021 				 * bigger, and return 1 but with the empty skb.
2022 				 * This results in an empty message being RX'ed
2023 				 * in userspace, but that is ignored.
2024 				 *
2025 				 * We can then retry with the larger buffer.
2026 				 */
2027 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2028 				    !skb->len && !state->split &&
2029 				    cb->min_dump_alloc < 4096) {
2030 					cb->min_dump_alloc = 4096;
2031 					state->split_start = 0;
2032 					rtnl_unlock();
2033 					return 1;
2034 				}
2035 				idx--;
2036 				break;
2037 			}
2038 		} while (state->split_start > 0);
2039 		break;
2040 	}
2041 	rtnl_unlock();
2042 
2043 	state->start = idx;
2044 
2045 	return skb->len;
2046 }
2047 
2048 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2049 {
2050 	kfree((void *)cb->args[0]);
2051 	return 0;
2052 }
2053 
2054 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2055 {
2056 	struct sk_buff *msg;
2057 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2058 	struct nl80211_dump_wiphy_state state = {};
2059 
2060 	msg = nlmsg_new(4096, GFP_KERNEL);
2061 	if (!msg)
2062 		return -ENOMEM;
2063 
2064 	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2065 			       info->snd_portid, info->snd_seq, 0,
2066 			       &state) < 0) {
2067 		nlmsg_free(msg);
2068 		return -ENOBUFS;
2069 	}
2070 
2071 	return genlmsg_reply(msg, info);
2072 }
2073 
2074 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2075 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
2076 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
2077 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
2078 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
2079 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
2080 };
2081 
2082 static int parse_txq_params(struct nlattr *tb[],
2083 			    struct ieee80211_txq_params *txq_params)
2084 {
2085 	u8 ac;
2086 
2087 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2088 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2089 	    !tb[NL80211_TXQ_ATTR_AIFS])
2090 		return -EINVAL;
2091 
2092 	ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2093 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2094 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2095 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2096 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2097 
2098 	if (ac >= NL80211_NUM_ACS)
2099 		return -EINVAL;
2100 	txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2101 	return 0;
2102 }
2103 
2104 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2105 {
2106 	/*
2107 	 * You can only set the channel explicitly for WDS interfaces,
2108 	 * all others have their channel managed via their respective
2109 	 * "establish a connection" command (connect, join, ...)
2110 	 *
2111 	 * For AP/GO and mesh mode, the channel can be set with the
2112 	 * channel userspace API, but is only stored and passed to the
2113 	 * low-level driver when the AP starts or the mesh is joined.
2114 	 * This is for backward compatibility, userspace can also give
2115 	 * the channel in the start-ap or join-mesh commands instead.
2116 	 *
2117 	 * Monitors are special as they are normally slaved to
2118 	 * whatever else is going on, so they have their own special
2119 	 * operation to set the monitor channel if possible.
2120 	 */
2121 	return !wdev ||
2122 		wdev->iftype == NL80211_IFTYPE_AP ||
2123 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2124 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
2125 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
2126 }
2127 
2128 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2129 				 struct genl_info *info,
2130 				 struct cfg80211_chan_def *chandef)
2131 {
2132 	u32 control_freq;
2133 
2134 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
2135 		return -EINVAL;
2136 
2137 	control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
2138 
2139 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2140 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2141 	chandef->center_freq1 = control_freq;
2142 	chandef->center_freq2 = 0;
2143 
2144 	/* Primary channel not allowed */
2145 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
2146 		return -EINVAL;
2147 
2148 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2149 		enum nl80211_channel_type chantype;
2150 
2151 		chantype = nla_get_u32(
2152 				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2153 
2154 		switch (chantype) {
2155 		case NL80211_CHAN_NO_HT:
2156 		case NL80211_CHAN_HT20:
2157 		case NL80211_CHAN_HT40PLUS:
2158 		case NL80211_CHAN_HT40MINUS:
2159 			cfg80211_chandef_create(chandef, chandef->chan,
2160 						chantype);
2161 			/* user input for center_freq is incorrect */
2162 			if (info->attrs[NL80211_ATTR_CENTER_FREQ1] &&
2163 			    chandef->center_freq1 != nla_get_u32(
2164 					info->attrs[NL80211_ATTR_CENTER_FREQ1]))
2165 				return -EINVAL;
2166 			/* center_freq2 must be zero */
2167 			if (info->attrs[NL80211_ATTR_CENTER_FREQ2] &&
2168 			    nla_get_u32(info->attrs[NL80211_ATTR_CENTER_FREQ2]))
2169 				return -EINVAL;
2170 			break;
2171 		default:
2172 			return -EINVAL;
2173 		}
2174 	} else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2175 		chandef->width =
2176 			nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2177 		if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
2178 			chandef->center_freq1 =
2179 				nla_get_u32(
2180 					info->attrs[NL80211_ATTR_CENTER_FREQ1]);
2181 		if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
2182 			chandef->center_freq2 =
2183 				nla_get_u32(
2184 					info->attrs[NL80211_ATTR_CENTER_FREQ2]);
2185 	}
2186 
2187 	if (!cfg80211_chandef_valid(chandef))
2188 		return -EINVAL;
2189 
2190 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2191 				     IEEE80211_CHAN_DISABLED))
2192 		return -EINVAL;
2193 
2194 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2195 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
2196 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
2197 		return -EINVAL;
2198 
2199 	return 0;
2200 }
2201 
2202 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2203 				 struct net_device *dev,
2204 				 struct genl_info *info)
2205 {
2206 	struct cfg80211_chan_def chandef;
2207 	int result;
2208 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2209 	struct wireless_dev *wdev = NULL;
2210 
2211 	if (dev)
2212 		wdev = dev->ieee80211_ptr;
2213 	if (!nl80211_can_set_dev_channel(wdev))
2214 		return -EOPNOTSUPP;
2215 	if (wdev)
2216 		iftype = wdev->iftype;
2217 
2218 	result = nl80211_parse_chandef(rdev, info, &chandef);
2219 	if (result)
2220 		return result;
2221 
2222 	switch (iftype) {
2223 	case NL80211_IFTYPE_AP:
2224 	case NL80211_IFTYPE_P2P_GO:
2225 		if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2226 						   iftype)) {
2227 			result = -EINVAL;
2228 			break;
2229 		}
2230 		if (wdev->beacon_interval) {
2231 			if (!dev || !rdev->ops->set_ap_chanwidth ||
2232 			    !(rdev->wiphy.features &
2233 			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2234 				result = -EBUSY;
2235 				break;
2236 			}
2237 
2238 			/* Only allow dynamic channel width changes */
2239 			if (chandef.chan != wdev->preset_chandef.chan) {
2240 				result = -EBUSY;
2241 				break;
2242 			}
2243 			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2244 			if (result)
2245 				break;
2246 		}
2247 		wdev->preset_chandef = chandef;
2248 		result = 0;
2249 		break;
2250 	case NL80211_IFTYPE_MESH_POINT:
2251 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2252 		break;
2253 	case NL80211_IFTYPE_MONITOR:
2254 		result = cfg80211_set_monitor_channel(rdev, &chandef);
2255 		break;
2256 	default:
2257 		result = -EINVAL;
2258 	}
2259 
2260 	return result;
2261 }
2262 
2263 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2264 {
2265 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2266 	struct net_device *netdev = info->user_ptr[1];
2267 
2268 	return __nl80211_set_channel(rdev, netdev, info);
2269 }
2270 
2271 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2272 {
2273 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2274 	struct net_device *dev = info->user_ptr[1];
2275 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2276 	const u8 *bssid;
2277 
2278 	if (!info->attrs[NL80211_ATTR_MAC])
2279 		return -EINVAL;
2280 
2281 	if (netif_running(dev))
2282 		return -EBUSY;
2283 
2284 	if (!rdev->ops->set_wds_peer)
2285 		return -EOPNOTSUPP;
2286 
2287 	if (wdev->iftype != NL80211_IFTYPE_WDS)
2288 		return -EOPNOTSUPP;
2289 
2290 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2291 	return rdev_set_wds_peer(rdev, dev, bssid);
2292 }
2293 
2294 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2295 {
2296 	struct cfg80211_registered_device *rdev;
2297 	struct net_device *netdev = NULL;
2298 	struct wireless_dev *wdev;
2299 	int result = 0, rem_txq_params = 0;
2300 	struct nlattr *nl_txq_params;
2301 	u32 changed;
2302 	u8 retry_short = 0, retry_long = 0;
2303 	u32 frag_threshold = 0, rts_threshold = 0;
2304 	u8 coverage_class = 0;
2305 
2306 	ASSERT_RTNL();
2307 
2308 	/*
2309 	 * Try to find the wiphy and netdev. Normally this
2310 	 * function shouldn't need the netdev, but this is
2311 	 * done for backward compatibility -- previously
2312 	 * setting the channel was done per wiphy, but now
2313 	 * it is per netdev. Previous userland like hostapd
2314 	 * also passed a netdev to set_wiphy, so that it is
2315 	 * possible to let that go to the right netdev!
2316 	 */
2317 
2318 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
2319 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2320 
2321 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2322 		if (netdev && netdev->ieee80211_ptr)
2323 			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2324 		else
2325 			netdev = NULL;
2326 	}
2327 
2328 	if (!netdev) {
2329 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2330 						  info->attrs);
2331 		if (IS_ERR(rdev))
2332 			return PTR_ERR(rdev);
2333 		wdev = NULL;
2334 		netdev = NULL;
2335 		result = 0;
2336 	} else
2337 		wdev = netdev->ieee80211_ptr;
2338 
2339 	/*
2340 	 * end workaround code, by now the rdev is available
2341 	 * and locked, and wdev may or may not be NULL.
2342 	 */
2343 
2344 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2345 		result = cfg80211_dev_rename(
2346 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2347 
2348 	if (result)
2349 		return result;
2350 
2351 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2352 		struct ieee80211_txq_params txq_params;
2353 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2354 
2355 		if (!rdev->ops->set_txq_params)
2356 			return -EOPNOTSUPP;
2357 
2358 		if (!netdev)
2359 			return -EINVAL;
2360 
2361 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2362 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2363 			return -EINVAL;
2364 
2365 		if (!netif_running(netdev))
2366 			return -ENETDOWN;
2367 
2368 		nla_for_each_nested(nl_txq_params,
2369 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2370 				    rem_txq_params) {
2371 			result = nla_parse_nested(tb, NL80211_TXQ_ATTR_MAX,
2372 						  nl_txq_params,
2373 						  txq_params_policy,
2374 						  info->extack);
2375 			if (result)
2376 				return result;
2377 			result = parse_txq_params(tb, &txq_params);
2378 			if (result)
2379 				return result;
2380 
2381 			result = rdev_set_txq_params(rdev, netdev,
2382 						     &txq_params);
2383 			if (result)
2384 				return result;
2385 		}
2386 	}
2387 
2388 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2389 		result = __nl80211_set_channel(
2390 			rdev,
2391 			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2392 			info);
2393 		if (result)
2394 			return result;
2395 	}
2396 
2397 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2398 		struct wireless_dev *txp_wdev = wdev;
2399 		enum nl80211_tx_power_setting type;
2400 		int idx, mbm = 0;
2401 
2402 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2403 			txp_wdev = NULL;
2404 
2405 		if (!rdev->ops->set_tx_power)
2406 			return -EOPNOTSUPP;
2407 
2408 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2409 		type = nla_get_u32(info->attrs[idx]);
2410 
2411 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2412 		    (type != NL80211_TX_POWER_AUTOMATIC))
2413 			return -EINVAL;
2414 
2415 		if (type != NL80211_TX_POWER_AUTOMATIC) {
2416 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2417 			mbm = nla_get_u32(info->attrs[idx]);
2418 		}
2419 
2420 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2421 		if (result)
2422 			return result;
2423 	}
2424 
2425 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2426 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2427 		u32 tx_ant, rx_ant;
2428 
2429 		if ((!rdev->wiphy.available_antennas_tx &&
2430 		     !rdev->wiphy.available_antennas_rx) ||
2431 		    !rdev->ops->set_antenna)
2432 			return -EOPNOTSUPP;
2433 
2434 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2435 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2436 
2437 		/* reject antenna configurations which don't match the
2438 		 * available antenna masks, except for the "all" mask */
2439 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2440 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2441 			return -EINVAL;
2442 
2443 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2444 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2445 
2446 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2447 		if (result)
2448 			return result;
2449 	}
2450 
2451 	changed = 0;
2452 
2453 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2454 		retry_short = nla_get_u8(
2455 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2456 		if (retry_short == 0)
2457 			return -EINVAL;
2458 
2459 		changed |= WIPHY_PARAM_RETRY_SHORT;
2460 	}
2461 
2462 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2463 		retry_long = nla_get_u8(
2464 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2465 		if (retry_long == 0)
2466 			return -EINVAL;
2467 
2468 		changed |= WIPHY_PARAM_RETRY_LONG;
2469 	}
2470 
2471 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2472 		frag_threshold = nla_get_u32(
2473 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2474 		if (frag_threshold < 256)
2475 			return -EINVAL;
2476 
2477 		if (frag_threshold != (u32) -1) {
2478 			/*
2479 			 * Fragments (apart from the last one) are required to
2480 			 * have even length. Make the fragmentation code
2481 			 * simpler by stripping LSB should someone try to use
2482 			 * odd threshold value.
2483 			 */
2484 			frag_threshold &= ~0x1;
2485 		}
2486 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2487 	}
2488 
2489 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2490 		rts_threshold = nla_get_u32(
2491 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2492 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2493 	}
2494 
2495 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2496 		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2497 			return -EINVAL;
2498 
2499 		coverage_class = nla_get_u8(
2500 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2501 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2502 	}
2503 
2504 	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2505 		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2506 			return -EOPNOTSUPP;
2507 
2508 		changed |= WIPHY_PARAM_DYN_ACK;
2509 	}
2510 
2511 	if (changed) {
2512 		u8 old_retry_short, old_retry_long;
2513 		u32 old_frag_threshold, old_rts_threshold;
2514 		u8 old_coverage_class;
2515 
2516 		if (!rdev->ops->set_wiphy_params)
2517 			return -EOPNOTSUPP;
2518 
2519 		old_retry_short = rdev->wiphy.retry_short;
2520 		old_retry_long = rdev->wiphy.retry_long;
2521 		old_frag_threshold = rdev->wiphy.frag_threshold;
2522 		old_rts_threshold = rdev->wiphy.rts_threshold;
2523 		old_coverage_class = rdev->wiphy.coverage_class;
2524 
2525 		if (changed & WIPHY_PARAM_RETRY_SHORT)
2526 			rdev->wiphy.retry_short = retry_short;
2527 		if (changed & WIPHY_PARAM_RETRY_LONG)
2528 			rdev->wiphy.retry_long = retry_long;
2529 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2530 			rdev->wiphy.frag_threshold = frag_threshold;
2531 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2532 			rdev->wiphy.rts_threshold = rts_threshold;
2533 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2534 			rdev->wiphy.coverage_class = coverage_class;
2535 
2536 		result = rdev_set_wiphy_params(rdev, changed);
2537 		if (result) {
2538 			rdev->wiphy.retry_short = old_retry_short;
2539 			rdev->wiphy.retry_long = old_retry_long;
2540 			rdev->wiphy.frag_threshold = old_frag_threshold;
2541 			rdev->wiphy.rts_threshold = old_rts_threshold;
2542 			rdev->wiphy.coverage_class = old_coverage_class;
2543 			return result;
2544 		}
2545 	}
2546 	return 0;
2547 }
2548 
2549 static inline u64 wdev_id(struct wireless_dev *wdev)
2550 {
2551 	return (u64)wdev->identifier |
2552 	       ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2553 }
2554 
2555 static int nl80211_send_chandef(struct sk_buff *msg,
2556 				const struct cfg80211_chan_def *chandef)
2557 {
2558 	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2559 		return -EINVAL;
2560 
2561 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2562 			chandef->chan->center_freq))
2563 		return -ENOBUFS;
2564 	switch (chandef->width) {
2565 	case NL80211_CHAN_WIDTH_20_NOHT:
2566 	case NL80211_CHAN_WIDTH_20:
2567 	case NL80211_CHAN_WIDTH_40:
2568 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2569 				cfg80211_get_chandef_type(chandef)))
2570 			return -ENOBUFS;
2571 		break;
2572 	default:
2573 		break;
2574 	}
2575 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2576 		return -ENOBUFS;
2577 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2578 		return -ENOBUFS;
2579 	if (chandef->center_freq2 &&
2580 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2581 		return -ENOBUFS;
2582 	return 0;
2583 }
2584 
2585 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2586 			      struct cfg80211_registered_device *rdev,
2587 			      struct wireless_dev *wdev, bool removal)
2588 {
2589 	struct net_device *dev = wdev->netdev;
2590 	u8 cmd = NL80211_CMD_NEW_INTERFACE;
2591 	void *hdr;
2592 
2593 	if (removal)
2594 		cmd = NL80211_CMD_DEL_INTERFACE;
2595 
2596 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2597 	if (!hdr)
2598 		return -1;
2599 
2600 	if (dev &&
2601 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2602 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2603 		goto nla_put_failure;
2604 
2605 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2606 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2607 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
2608 			      NL80211_ATTR_PAD) ||
2609 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2610 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
2611 			rdev->devlist_generation ^
2612 			(cfg80211_rdev_list_generation << 2)))
2613 		goto nla_put_failure;
2614 
2615 	if (rdev->ops->get_channel) {
2616 		int ret;
2617 		struct cfg80211_chan_def chandef;
2618 
2619 		ret = rdev_get_channel(rdev, wdev, &chandef);
2620 		if (ret == 0) {
2621 			if (nl80211_send_chandef(msg, &chandef))
2622 				goto nla_put_failure;
2623 		}
2624 	}
2625 
2626 	if (rdev->ops->get_tx_power) {
2627 		int dbm, ret;
2628 
2629 		ret = rdev_get_tx_power(rdev, wdev, &dbm);
2630 		if (ret == 0 &&
2631 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2632 				DBM_TO_MBM(dbm)))
2633 			goto nla_put_failure;
2634 	}
2635 
2636 	wdev_lock(wdev);
2637 	switch (wdev->iftype) {
2638 	case NL80211_IFTYPE_AP:
2639 		if (wdev->ssid_len &&
2640 		    nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2641 			goto nla_put_failure_locked;
2642 		break;
2643 	case NL80211_IFTYPE_STATION:
2644 	case NL80211_IFTYPE_P2P_CLIENT:
2645 	case NL80211_IFTYPE_ADHOC: {
2646 		const u8 *ssid_ie;
2647 		if (!wdev->current_bss)
2648 			break;
2649 		rcu_read_lock();
2650 		ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
2651 					       WLAN_EID_SSID);
2652 		if (ssid_ie &&
2653 		    nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
2654 			goto nla_put_failure_rcu_locked;
2655 		rcu_read_unlock();
2656 		break;
2657 		}
2658 	default:
2659 		/* nothing */
2660 		break;
2661 	}
2662 	wdev_unlock(wdev);
2663 
2664 	genlmsg_end(msg, hdr);
2665 	return 0;
2666 
2667  nla_put_failure_rcu_locked:
2668 	rcu_read_unlock();
2669  nla_put_failure_locked:
2670 	wdev_unlock(wdev);
2671  nla_put_failure:
2672 	genlmsg_cancel(msg, hdr);
2673 	return -EMSGSIZE;
2674 }
2675 
2676 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2677 {
2678 	int wp_idx = 0;
2679 	int if_idx = 0;
2680 	int wp_start = cb->args[0];
2681 	int if_start = cb->args[1];
2682 	int filter_wiphy = -1;
2683 	struct cfg80211_registered_device *rdev;
2684 	struct wireless_dev *wdev;
2685 	int ret;
2686 
2687 	rtnl_lock();
2688 	if (!cb->args[2]) {
2689 		struct nl80211_dump_wiphy_state state = {
2690 			.filter_wiphy = -1,
2691 		};
2692 
2693 		ret = nl80211_dump_wiphy_parse(skb, cb, &state);
2694 		if (ret)
2695 			goto out_unlock;
2696 
2697 		filter_wiphy = state.filter_wiphy;
2698 
2699 		/*
2700 		 * if filtering, set cb->args[2] to +1 since 0 is the default
2701 		 * value needed to determine that parsing is necessary.
2702 		 */
2703 		if (filter_wiphy >= 0)
2704 			cb->args[2] = filter_wiphy + 1;
2705 		else
2706 			cb->args[2] = -1;
2707 	} else if (cb->args[2] > 0) {
2708 		filter_wiphy = cb->args[2] - 1;
2709 	}
2710 
2711 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2712 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2713 			continue;
2714 		if (wp_idx < wp_start) {
2715 			wp_idx++;
2716 			continue;
2717 		}
2718 
2719 		if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
2720 			continue;
2721 
2722 		if_idx = 0;
2723 
2724 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
2725 			if (if_idx < if_start) {
2726 				if_idx++;
2727 				continue;
2728 			}
2729 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2730 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2731 					       rdev, wdev, false) < 0) {
2732 				goto out;
2733 			}
2734 			if_idx++;
2735 		}
2736 
2737 		wp_idx++;
2738 	}
2739  out:
2740 	cb->args[0] = wp_idx;
2741 	cb->args[1] = if_idx;
2742 
2743 	ret = skb->len;
2744  out_unlock:
2745 	rtnl_unlock();
2746 
2747 	return ret;
2748 }
2749 
2750 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2751 {
2752 	struct sk_buff *msg;
2753 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2754 	struct wireless_dev *wdev = info->user_ptr[1];
2755 
2756 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2757 	if (!msg)
2758 		return -ENOMEM;
2759 
2760 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2761 			       rdev, wdev, false) < 0) {
2762 		nlmsg_free(msg);
2763 		return -ENOBUFS;
2764 	}
2765 
2766 	return genlmsg_reply(msg, info);
2767 }
2768 
2769 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2770 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2771 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2772 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2773 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2774 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2775 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2776 };
2777 
2778 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2779 {
2780 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2781 	int flag;
2782 
2783 	*mntrflags = 0;
2784 
2785 	if (!nla)
2786 		return -EINVAL;
2787 
2788 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, nla,
2789 			     mntr_flags_policy, NULL))
2790 		return -EINVAL;
2791 
2792 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2793 		if (flags[flag])
2794 			*mntrflags |= (1<<flag);
2795 
2796 	*mntrflags |= MONITOR_FLAG_CHANGED;
2797 
2798 	return 0;
2799 }
2800 
2801 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
2802 				     enum nl80211_iftype type,
2803 				     struct genl_info *info,
2804 				     struct vif_params *params)
2805 {
2806 	bool change = false;
2807 	int err;
2808 
2809 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2810 		if (type != NL80211_IFTYPE_MONITOR)
2811 			return -EINVAL;
2812 
2813 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2814 					  &params->flags);
2815 		if (err)
2816 			return err;
2817 
2818 		change = true;
2819 	}
2820 
2821 	if (params->flags & MONITOR_FLAG_ACTIVE &&
2822 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2823 		return -EOPNOTSUPP;
2824 
2825 	if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
2826 		const u8 *mumimo_groups;
2827 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2828 
2829 		if (type != NL80211_IFTYPE_MONITOR)
2830 			return -EINVAL;
2831 
2832 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2833 			return -EOPNOTSUPP;
2834 
2835 		mumimo_groups =
2836 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
2837 
2838 		/* bits 0 and 63 are reserved and must be zero */
2839 		if ((mumimo_groups[0] & BIT(0)) ||
2840 		    (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
2841 			return -EINVAL;
2842 
2843 		params->vht_mumimo_groups = mumimo_groups;
2844 		change = true;
2845 	}
2846 
2847 	if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
2848 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2849 
2850 		if (type != NL80211_IFTYPE_MONITOR)
2851 			return -EINVAL;
2852 
2853 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2854 			return -EOPNOTSUPP;
2855 
2856 		params->vht_mumimo_follow_addr =
2857 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
2858 		change = true;
2859 	}
2860 
2861 	return change ? 1 : 0;
2862 }
2863 
2864 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2865 			       struct net_device *netdev, u8 use_4addr,
2866 			       enum nl80211_iftype iftype)
2867 {
2868 	if (!use_4addr) {
2869 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2870 			return -EBUSY;
2871 		return 0;
2872 	}
2873 
2874 	switch (iftype) {
2875 	case NL80211_IFTYPE_AP_VLAN:
2876 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2877 			return 0;
2878 		break;
2879 	case NL80211_IFTYPE_STATION:
2880 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2881 			return 0;
2882 		break;
2883 	default:
2884 		break;
2885 	}
2886 
2887 	return -EOPNOTSUPP;
2888 }
2889 
2890 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2891 {
2892 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2893 	struct vif_params params;
2894 	int err;
2895 	enum nl80211_iftype otype, ntype;
2896 	struct net_device *dev = info->user_ptr[1];
2897 	bool change = false;
2898 
2899 	memset(&params, 0, sizeof(params));
2900 
2901 	otype = ntype = dev->ieee80211_ptr->iftype;
2902 
2903 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2904 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2905 		if (otype != ntype)
2906 			change = true;
2907 		if (ntype > NL80211_IFTYPE_MAX)
2908 			return -EINVAL;
2909 	}
2910 
2911 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
2912 		struct wireless_dev *wdev = dev->ieee80211_ptr;
2913 
2914 		if (ntype != NL80211_IFTYPE_MESH_POINT)
2915 			return -EINVAL;
2916 		if (netif_running(dev))
2917 			return -EBUSY;
2918 
2919 		wdev_lock(wdev);
2920 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2921 			     IEEE80211_MAX_MESH_ID_LEN);
2922 		wdev->mesh_id_up_len =
2923 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2924 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2925 		       wdev->mesh_id_up_len);
2926 		wdev_unlock(wdev);
2927 	}
2928 
2929 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2930 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2931 		change = true;
2932 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2933 		if (err)
2934 			return err;
2935 	} else {
2936 		params.use_4addr = -1;
2937 	}
2938 
2939 	err = nl80211_parse_mon_options(rdev, ntype, info, &params);
2940 	if (err < 0)
2941 		return err;
2942 	if (err > 0)
2943 		change = true;
2944 
2945 	if (change)
2946 		err = cfg80211_change_iface(rdev, dev, ntype, &params);
2947 	else
2948 		err = 0;
2949 
2950 	if (!err && params.use_4addr != -1)
2951 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
2952 
2953 	return err;
2954 }
2955 
2956 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2957 {
2958 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2959 	struct vif_params params;
2960 	struct wireless_dev *wdev;
2961 	struct sk_buff *msg;
2962 	int err;
2963 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2964 
2965 	/* to avoid failing a new interface creation due to pending removal */
2966 	cfg80211_destroy_ifaces(rdev);
2967 
2968 	memset(&params, 0, sizeof(params));
2969 
2970 	if (!info->attrs[NL80211_ATTR_IFNAME])
2971 		return -EINVAL;
2972 
2973 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2974 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2975 		if (type > NL80211_IFTYPE_MAX)
2976 			return -EINVAL;
2977 	}
2978 
2979 	if (!rdev->ops->add_virtual_intf ||
2980 	    !(rdev->wiphy.interface_modes & (1 << type)))
2981 		return -EOPNOTSUPP;
2982 
2983 	if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
2984 	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
2985 	    info->attrs[NL80211_ATTR_MAC]) {
2986 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2987 			   ETH_ALEN);
2988 		if (!is_valid_ether_addr(params.macaddr))
2989 			return -EADDRNOTAVAIL;
2990 	}
2991 
2992 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2993 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2994 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2995 		if (err)
2996 			return err;
2997 	}
2998 
2999 	err = nl80211_parse_mon_options(rdev, type, info, &params);
3000 	if (err < 0)
3001 		return err;
3002 
3003 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3004 	if (!msg)
3005 		return -ENOMEM;
3006 
3007 	wdev = rdev_add_virtual_intf(rdev,
3008 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3009 				NET_NAME_USER, type, &params);
3010 	if (WARN_ON(!wdev)) {
3011 		nlmsg_free(msg);
3012 		return -EPROTO;
3013 	} else if (IS_ERR(wdev)) {
3014 		nlmsg_free(msg);
3015 		return PTR_ERR(wdev);
3016 	}
3017 
3018 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3019 		wdev->owner_nlportid = info->snd_portid;
3020 
3021 	switch (type) {
3022 	case NL80211_IFTYPE_MESH_POINT:
3023 		if (!info->attrs[NL80211_ATTR_MESH_ID])
3024 			break;
3025 		wdev_lock(wdev);
3026 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3027 			     IEEE80211_MAX_MESH_ID_LEN);
3028 		wdev->mesh_id_up_len =
3029 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3030 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3031 		       wdev->mesh_id_up_len);
3032 		wdev_unlock(wdev);
3033 		break;
3034 	case NL80211_IFTYPE_NAN:
3035 	case NL80211_IFTYPE_P2P_DEVICE:
3036 		/*
3037 		 * P2P Device and NAN do not have a netdev, so don't go
3038 		 * through the netdev notifier and must be added here
3039 		 */
3040 		mutex_init(&wdev->mtx);
3041 		INIT_LIST_HEAD(&wdev->event_list);
3042 		spin_lock_init(&wdev->event_lock);
3043 		INIT_LIST_HEAD(&wdev->mgmt_registrations);
3044 		spin_lock_init(&wdev->mgmt_registrations_lock);
3045 
3046 		wdev->identifier = ++rdev->wdev_id;
3047 		list_add_rcu(&wdev->list, &rdev->wiphy.wdev_list);
3048 		rdev->devlist_generation++;
3049 		break;
3050 	default:
3051 		break;
3052 	}
3053 
3054 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3055 			       rdev, wdev, false) < 0) {
3056 		nlmsg_free(msg);
3057 		return -ENOBUFS;
3058 	}
3059 
3060 	/*
3061 	 * For wdevs which have no associated netdev object (e.g. of type
3062 	 * NL80211_IFTYPE_P2P_DEVICE), emit the NEW_INTERFACE event here.
3063 	 * For all other types, the event will be generated from the
3064 	 * netdev notifier
3065 	 */
3066 	if (!wdev->netdev)
3067 		nl80211_notify_iface(rdev, wdev, NL80211_CMD_NEW_INTERFACE);
3068 
3069 	return genlmsg_reply(msg, info);
3070 }
3071 
3072 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3073 {
3074 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3075 	struct wireless_dev *wdev = info->user_ptr[1];
3076 
3077 	if (!rdev->ops->del_virtual_intf)
3078 		return -EOPNOTSUPP;
3079 
3080 	/*
3081 	 * If we remove a wireless device without a netdev then clear
3082 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
3083 	 * to check if it needs to do dev_put(). Otherwise it crashes
3084 	 * since the wdev has been freed, unlike with a netdev where
3085 	 * we need the dev_put() for the netdev to really be freed.
3086 	 */
3087 	if (!wdev->netdev)
3088 		info->user_ptr[1] = NULL;
3089 
3090 	return rdev_del_virtual_intf(rdev, wdev);
3091 }
3092 
3093 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3094 {
3095 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3096 	struct net_device *dev = info->user_ptr[1];
3097 	u16 noack_map;
3098 
3099 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3100 		return -EINVAL;
3101 
3102 	if (!rdev->ops->set_noack_map)
3103 		return -EOPNOTSUPP;
3104 
3105 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3106 
3107 	return rdev_set_noack_map(rdev, dev, noack_map);
3108 }
3109 
3110 struct get_key_cookie {
3111 	struct sk_buff *msg;
3112 	int error;
3113 	int idx;
3114 };
3115 
3116 static void get_key_callback(void *c, struct key_params *params)
3117 {
3118 	struct nlattr *key;
3119 	struct get_key_cookie *cookie = c;
3120 
3121 	if ((params->key &&
3122 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3123 		     params->key_len, params->key)) ||
3124 	    (params->seq &&
3125 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3126 		     params->seq_len, params->seq)) ||
3127 	    (params->cipher &&
3128 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3129 			 params->cipher)))
3130 		goto nla_put_failure;
3131 
3132 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
3133 	if (!key)
3134 		goto nla_put_failure;
3135 
3136 	if ((params->key &&
3137 	     nla_put(cookie->msg, NL80211_KEY_DATA,
3138 		     params->key_len, params->key)) ||
3139 	    (params->seq &&
3140 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
3141 		     params->seq_len, params->seq)) ||
3142 	    (params->cipher &&
3143 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3144 			 params->cipher)))
3145 		goto nla_put_failure;
3146 
3147 	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
3148 		goto nla_put_failure;
3149 
3150 	nla_nest_end(cookie->msg, key);
3151 
3152 	return;
3153  nla_put_failure:
3154 	cookie->error = 1;
3155 }
3156 
3157 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3158 {
3159 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3160 	int err;
3161 	struct net_device *dev = info->user_ptr[1];
3162 	u8 key_idx = 0;
3163 	const u8 *mac_addr = NULL;
3164 	bool pairwise;
3165 	struct get_key_cookie cookie = {
3166 		.error = 0,
3167 	};
3168 	void *hdr;
3169 	struct sk_buff *msg;
3170 
3171 	if (info->attrs[NL80211_ATTR_KEY_IDX])
3172 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3173 
3174 	if (key_idx > 5)
3175 		return -EINVAL;
3176 
3177 	if (info->attrs[NL80211_ATTR_MAC])
3178 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3179 
3180 	pairwise = !!mac_addr;
3181 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3182 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3183 
3184 		if (kt >= NUM_NL80211_KEYTYPES)
3185 			return -EINVAL;
3186 		if (kt != NL80211_KEYTYPE_GROUP &&
3187 		    kt != NL80211_KEYTYPE_PAIRWISE)
3188 			return -EINVAL;
3189 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3190 	}
3191 
3192 	if (!rdev->ops->get_key)
3193 		return -EOPNOTSUPP;
3194 
3195 	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3196 		return -ENOENT;
3197 
3198 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3199 	if (!msg)
3200 		return -ENOMEM;
3201 
3202 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3203 			     NL80211_CMD_NEW_KEY);
3204 	if (!hdr)
3205 		goto nla_put_failure;
3206 
3207 	cookie.msg = msg;
3208 	cookie.idx = key_idx;
3209 
3210 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3211 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3212 		goto nla_put_failure;
3213 	if (mac_addr &&
3214 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3215 		goto nla_put_failure;
3216 
3217 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3218 			   get_key_callback);
3219 
3220 	if (err)
3221 		goto free_msg;
3222 
3223 	if (cookie.error)
3224 		goto nla_put_failure;
3225 
3226 	genlmsg_end(msg, hdr);
3227 	return genlmsg_reply(msg, info);
3228 
3229  nla_put_failure:
3230 	err = -ENOBUFS;
3231  free_msg:
3232 	nlmsg_free(msg);
3233 	return err;
3234 }
3235 
3236 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3237 {
3238 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3239 	struct key_parse key;
3240 	int err;
3241 	struct net_device *dev = info->user_ptr[1];
3242 
3243 	err = nl80211_parse_key(info, &key);
3244 	if (err)
3245 		return err;
3246 
3247 	if (key.idx < 0)
3248 		return -EINVAL;
3249 
3250 	/* only support setting default key */
3251 	if (!key.def && !key.defmgmt)
3252 		return -EINVAL;
3253 
3254 	wdev_lock(dev->ieee80211_ptr);
3255 
3256 	if (key.def) {
3257 		if (!rdev->ops->set_default_key) {
3258 			err = -EOPNOTSUPP;
3259 			goto out;
3260 		}
3261 
3262 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3263 		if (err)
3264 			goto out;
3265 
3266 		err = rdev_set_default_key(rdev, dev, key.idx,
3267 						 key.def_uni, key.def_multi);
3268 
3269 		if (err)
3270 			goto out;
3271 
3272 #ifdef CONFIG_CFG80211_WEXT
3273 		dev->ieee80211_ptr->wext.default_key = key.idx;
3274 #endif
3275 	} else {
3276 		if (key.def_uni || !key.def_multi) {
3277 			err = -EINVAL;
3278 			goto out;
3279 		}
3280 
3281 		if (!rdev->ops->set_default_mgmt_key) {
3282 			err = -EOPNOTSUPP;
3283 			goto out;
3284 		}
3285 
3286 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3287 		if (err)
3288 			goto out;
3289 
3290 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3291 		if (err)
3292 			goto out;
3293 
3294 #ifdef CONFIG_CFG80211_WEXT
3295 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3296 #endif
3297 	}
3298 
3299  out:
3300 	wdev_unlock(dev->ieee80211_ptr);
3301 
3302 	return err;
3303 }
3304 
3305 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3306 {
3307 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3308 	int err;
3309 	struct net_device *dev = info->user_ptr[1];
3310 	struct key_parse key;
3311 	const u8 *mac_addr = NULL;
3312 
3313 	err = nl80211_parse_key(info, &key);
3314 	if (err)
3315 		return err;
3316 
3317 	if (!key.p.key)
3318 		return -EINVAL;
3319 
3320 	if (info->attrs[NL80211_ATTR_MAC])
3321 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3322 
3323 	if (key.type == -1) {
3324 		if (mac_addr)
3325 			key.type = NL80211_KEYTYPE_PAIRWISE;
3326 		else
3327 			key.type = NL80211_KEYTYPE_GROUP;
3328 	}
3329 
3330 	/* for now */
3331 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3332 	    key.type != NL80211_KEYTYPE_GROUP)
3333 		return -EINVAL;
3334 
3335 	if (!rdev->ops->add_key)
3336 		return -EOPNOTSUPP;
3337 
3338 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3339 					   key.type == NL80211_KEYTYPE_PAIRWISE,
3340 					   mac_addr))
3341 		return -EINVAL;
3342 
3343 	wdev_lock(dev->ieee80211_ptr);
3344 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3345 	if (!err)
3346 		err = rdev_add_key(rdev, dev, key.idx,
3347 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3348 				    mac_addr, &key.p);
3349 	wdev_unlock(dev->ieee80211_ptr);
3350 
3351 	return err;
3352 }
3353 
3354 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3355 {
3356 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3357 	int err;
3358 	struct net_device *dev = info->user_ptr[1];
3359 	u8 *mac_addr = NULL;
3360 	struct key_parse key;
3361 
3362 	err = nl80211_parse_key(info, &key);
3363 	if (err)
3364 		return err;
3365 
3366 	if (info->attrs[NL80211_ATTR_MAC])
3367 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3368 
3369 	if (key.type == -1) {
3370 		if (mac_addr)
3371 			key.type = NL80211_KEYTYPE_PAIRWISE;
3372 		else
3373 			key.type = NL80211_KEYTYPE_GROUP;
3374 	}
3375 
3376 	/* for now */
3377 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3378 	    key.type != NL80211_KEYTYPE_GROUP)
3379 		return -EINVAL;
3380 
3381 	if (!rdev->ops->del_key)
3382 		return -EOPNOTSUPP;
3383 
3384 	wdev_lock(dev->ieee80211_ptr);
3385 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3386 
3387 	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3388 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3389 		err = -ENOENT;
3390 
3391 	if (!err)
3392 		err = rdev_del_key(rdev, dev, key.idx,
3393 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3394 				   mac_addr);
3395 
3396 #ifdef CONFIG_CFG80211_WEXT
3397 	if (!err) {
3398 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
3399 			dev->ieee80211_ptr->wext.default_key = -1;
3400 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3401 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3402 	}
3403 #endif
3404 	wdev_unlock(dev->ieee80211_ptr);
3405 
3406 	return err;
3407 }
3408 
3409 /* This function returns an error or the number of nested attributes */
3410 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3411 {
3412 	struct nlattr *attr;
3413 	int n_entries = 0, tmp;
3414 
3415 	nla_for_each_nested(attr, nl_attr, tmp) {
3416 		if (nla_len(attr) != ETH_ALEN)
3417 			return -EINVAL;
3418 
3419 		n_entries++;
3420 	}
3421 
3422 	return n_entries;
3423 }
3424 
3425 /*
3426  * This function parses ACL information and allocates memory for ACL data.
3427  * On successful return, the calling function is responsible to free the
3428  * ACL buffer returned by this function.
3429  */
3430 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3431 						struct genl_info *info)
3432 {
3433 	enum nl80211_acl_policy acl_policy;
3434 	struct nlattr *attr;
3435 	struct cfg80211_acl_data *acl;
3436 	int i = 0, n_entries, tmp;
3437 
3438 	if (!wiphy->max_acl_mac_addrs)
3439 		return ERR_PTR(-EOPNOTSUPP);
3440 
3441 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3442 		return ERR_PTR(-EINVAL);
3443 
3444 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3445 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3446 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3447 		return ERR_PTR(-EINVAL);
3448 
3449 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3450 		return ERR_PTR(-EINVAL);
3451 
3452 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3453 	if (n_entries < 0)
3454 		return ERR_PTR(n_entries);
3455 
3456 	if (n_entries > wiphy->max_acl_mac_addrs)
3457 		return ERR_PTR(-ENOTSUPP);
3458 
3459 	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3460 		      GFP_KERNEL);
3461 	if (!acl)
3462 		return ERR_PTR(-ENOMEM);
3463 
3464 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3465 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3466 		i++;
3467 	}
3468 
3469 	acl->n_acl_entries = n_entries;
3470 	acl->acl_policy = acl_policy;
3471 
3472 	return acl;
3473 }
3474 
3475 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3476 {
3477 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3478 	struct net_device *dev = info->user_ptr[1];
3479 	struct cfg80211_acl_data *acl;
3480 	int err;
3481 
3482 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3483 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3484 		return -EOPNOTSUPP;
3485 
3486 	if (!dev->ieee80211_ptr->beacon_interval)
3487 		return -EINVAL;
3488 
3489 	acl = parse_acl_data(&rdev->wiphy, info);
3490 	if (IS_ERR(acl))
3491 		return PTR_ERR(acl);
3492 
3493 	err = rdev_set_mac_acl(rdev, dev, acl);
3494 
3495 	kfree(acl);
3496 
3497 	return err;
3498 }
3499 
3500 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
3501 			   u8 *rates, u8 rates_len)
3502 {
3503 	u8 i;
3504 	u32 mask = 0;
3505 
3506 	for (i = 0; i < rates_len; i++) {
3507 		int rate = (rates[i] & 0x7f) * 5;
3508 		int ridx;
3509 
3510 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
3511 			struct ieee80211_rate *srate =
3512 				&sband->bitrates[ridx];
3513 			if (rate == srate->bitrate) {
3514 				mask |= 1 << ridx;
3515 				break;
3516 			}
3517 		}
3518 		if (ridx == sband->n_bitrates)
3519 			return 0; /* rate not found */
3520 	}
3521 
3522 	return mask;
3523 }
3524 
3525 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
3526 			       u8 *rates, u8 rates_len,
3527 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
3528 {
3529 	u8 i;
3530 
3531 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
3532 
3533 	for (i = 0; i < rates_len; i++) {
3534 		int ridx, rbit;
3535 
3536 		ridx = rates[i] / 8;
3537 		rbit = BIT(rates[i] % 8);
3538 
3539 		/* check validity */
3540 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
3541 			return false;
3542 
3543 		/* check availability */
3544 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
3545 			mcs[ridx] |= rbit;
3546 		else
3547 			return false;
3548 	}
3549 
3550 	return true;
3551 }
3552 
3553 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
3554 {
3555 	u16 mcs_mask = 0;
3556 
3557 	switch (vht_mcs_map) {
3558 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
3559 		break;
3560 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
3561 		mcs_mask = 0x00FF;
3562 		break;
3563 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
3564 		mcs_mask = 0x01FF;
3565 		break;
3566 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
3567 		mcs_mask = 0x03FF;
3568 		break;
3569 	default:
3570 		break;
3571 	}
3572 
3573 	return mcs_mask;
3574 }
3575 
3576 static void vht_build_mcs_mask(u16 vht_mcs_map,
3577 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
3578 {
3579 	u8 nss;
3580 
3581 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
3582 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
3583 		vht_mcs_map >>= 2;
3584 	}
3585 }
3586 
3587 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
3588 			     struct nl80211_txrate_vht *txrate,
3589 			     u16 mcs[NL80211_VHT_NSS_MAX])
3590 {
3591 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3592 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
3593 	u8 i;
3594 
3595 	if (!sband->vht_cap.vht_supported)
3596 		return false;
3597 
3598 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
3599 
3600 	/* Build vht_mcs_mask from VHT capabilities */
3601 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
3602 
3603 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3604 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
3605 			mcs[i] = txrate->mcs[i];
3606 		else
3607 			return false;
3608 	}
3609 
3610 	return true;
3611 }
3612 
3613 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
3614 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
3615 				    .len = NL80211_MAX_SUPP_RATES },
3616 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
3617 				.len = NL80211_MAX_SUPP_HT_RATES },
3618 	[NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
3619 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
3620 };
3621 
3622 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
3623 					 struct cfg80211_bitrate_mask *mask)
3624 {
3625 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
3626 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3627 	int rem, i;
3628 	struct nlattr *tx_rates;
3629 	struct ieee80211_supported_band *sband;
3630 	u16 vht_tx_mcs_map;
3631 
3632 	memset(mask, 0, sizeof(*mask));
3633 	/* Default to all rates enabled */
3634 	for (i = 0; i < NUM_NL80211_BANDS; i++) {
3635 		sband = rdev->wiphy.bands[i];
3636 
3637 		if (!sband)
3638 			continue;
3639 
3640 		mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
3641 		memcpy(mask->control[i].ht_mcs,
3642 		       sband->ht_cap.mcs.rx_mask,
3643 		       sizeof(mask->control[i].ht_mcs));
3644 
3645 		if (!sband->vht_cap.vht_supported)
3646 			continue;
3647 
3648 		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3649 		vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
3650 	}
3651 
3652 	/* if no rates are given set it back to the defaults */
3653 	if (!info->attrs[NL80211_ATTR_TX_RATES])
3654 		goto out;
3655 
3656 	/* The nested attribute uses enum nl80211_band as the index. This maps
3657 	 * directly to the enum nl80211_band values used in cfg80211.
3658 	 */
3659 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
3660 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
3661 		enum nl80211_band band = nla_type(tx_rates);
3662 		int err;
3663 
3664 		if (band < 0 || band >= NUM_NL80211_BANDS)
3665 			return -EINVAL;
3666 		sband = rdev->wiphy.bands[band];
3667 		if (sband == NULL)
3668 			return -EINVAL;
3669 		err = nla_parse_nested(tb, NL80211_TXRATE_MAX, tx_rates,
3670 				       nl80211_txattr_policy, info->extack);
3671 		if (err)
3672 			return err;
3673 		if (tb[NL80211_TXRATE_LEGACY]) {
3674 			mask->control[band].legacy = rateset_to_mask(
3675 				sband,
3676 				nla_data(tb[NL80211_TXRATE_LEGACY]),
3677 				nla_len(tb[NL80211_TXRATE_LEGACY]));
3678 			if ((mask->control[band].legacy == 0) &&
3679 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
3680 				return -EINVAL;
3681 		}
3682 		if (tb[NL80211_TXRATE_HT]) {
3683 			if (!ht_rateset_to_mask(
3684 					sband,
3685 					nla_data(tb[NL80211_TXRATE_HT]),
3686 					nla_len(tb[NL80211_TXRATE_HT]),
3687 					mask->control[band].ht_mcs))
3688 				return -EINVAL;
3689 		}
3690 		if (tb[NL80211_TXRATE_VHT]) {
3691 			if (!vht_set_mcs_mask(
3692 					sband,
3693 					nla_data(tb[NL80211_TXRATE_VHT]),
3694 					mask->control[band].vht_mcs))
3695 				return -EINVAL;
3696 		}
3697 		if (tb[NL80211_TXRATE_GI]) {
3698 			mask->control[band].gi =
3699 				nla_get_u8(tb[NL80211_TXRATE_GI]);
3700 			if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
3701 				return -EINVAL;
3702 		}
3703 
3704 		if (mask->control[band].legacy == 0) {
3705 			/* don't allow empty legacy rates if HT or VHT
3706 			 * are not even supported.
3707 			 */
3708 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
3709 			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
3710 				return -EINVAL;
3711 
3712 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
3713 				if (mask->control[band].ht_mcs[i])
3714 					goto out;
3715 
3716 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
3717 				if (mask->control[band].vht_mcs[i])
3718 					goto out;
3719 
3720 			/* legacy and mcs rates may not be both empty */
3721 			return -EINVAL;
3722 		}
3723 	}
3724 
3725 out:
3726 	return 0;
3727 }
3728 
3729 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
3730 				   enum nl80211_band band,
3731 				   struct cfg80211_bitrate_mask *beacon_rate)
3732 {
3733 	u32 count_ht, count_vht, i;
3734 	u32 rate = beacon_rate->control[band].legacy;
3735 
3736 	/* Allow only one rate */
3737 	if (hweight32(rate) > 1)
3738 		return -EINVAL;
3739 
3740 	count_ht = 0;
3741 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
3742 		if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
3743 			return -EINVAL;
3744 		} else if (beacon_rate->control[band].ht_mcs[i]) {
3745 			count_ht++;
3746 			if (count_ht > 1)
3747 				return -EINVAL;
3748 		}
3749 		if (count_ht && rate)
3750 			return -EINVAL;
3751 	}
3752 
3753 	count_vht = 0;
3754 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3755 		if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
3756 			return -EINVAL;
3757 		} else if (beacon_rate->control[band].vht_mcs[i]) {
3758 			count_vht++;
3759 			if (count_vht > 1)
3760 				return -EINVAL;
3761 		}
3762 		if (count_vht && rate)
3763 			return -EINVAL;
3764 	}
3765 
3766 	if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
3767 		return -EINVAL;
3768 
3769 	if (rate &&
3770 	    !wiphy_ext_feature_isset(&rdev->wiphy,
3771 				     NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
3772 		return -EINVAL;
3773 	if (count_ht &&
3774 	    !wiphy_ext_feature_isset(&rdev->wiphy,
3775 				     NL80211_EXT_FEATURE_BEACON_RATE_HT))
3776 		return -EINVAL;
3777 	if (count_vht &&
3778 	    !wiphy_ext_feature_isset(&rdev->wiphy,
3779 				     NL80211_EXT_FEATURE_BEACON_RATE_VHT))
3780 		return -EINVAL;
3781 
3782 	return 0;
3783 }
3784 
3785 static int nl80211_parse_beacon(struct nlattr *attrs[],
3786 				struct cfg80211_beacon_data *bcn)
3787 {
3788 	bool haveinfo = false;
3789 
3790 	if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3791 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3792 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3793 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3794 		return -EINVAL;
3795 
3796 	memset(bcn, 0, sizeof(*bcn));
3797 
3798 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3799 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3800 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3801 		if (!bcn->head_len)
3802 			return -EINVAL;
3803 		haveinfo = true;
3804 	}
3805 
3806 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3807 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3808 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3809 		haveinfo = true;
3810 	}
3811 
3812 	if (!haveinfo)
3813 		return -EINVAL;
3814 
3815 	if (attrs[NL80211_ATTR_IE]) {
3816 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3817 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3818 	}
3819 
3820 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3821 		bcn->proberesp_ies =
3822 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3823 		bcn->proberesp_ies_len =
3824 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3825 	}
3826 
3827 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3828 		bcn->assocresp_ies =
3829 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3830 		bcn->assocresp_ies_len =
3831 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3832 	}
3833 
3834 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
3835 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3836 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3837 	}
3838 
3839 	return 0;
3840 }
3841 
3842 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
3843 					    const u8 *rates)
3844 {
3845 	int i;
3846 
3847 	if (!rates)
3848 		return;
3849 
3850 	for (i = 0; i < rates[1]; i++) {
3851 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
3852 			params->ht_required = true;
3853 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
3854 			params->vht_required = true;
3855 	}
3856 }
3857 
3858 /*
3859  * Since the nl80211 API didn't include, from the beginning, attributes about
3860  * HT/VHT requirements/capabilities, we parse them out of the IEs for the
3861  * benefit of drivers that rebuild IEs in the firmware.
3862  */
3863 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
3864 {
3865 	const struct cfg80211_beacon_data *bcn = &params->beacon;
3866 	size_t ies_len = bcn->tail_len;
3867 	const u8 *ies = bcn->tail;
3868 	const u8 *rates;
3869 	const u8 *cap;
3870 
3871 	rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
3872 	nl80211_check_ap_rate_selectors(params, rates);
3873 
3874 	rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
3875 	nl80211_check_ap_rate_selectors(params, rates);
3876 
3877 	cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
3878 	if (cap && cap[1] >= sizeof(*params->ht_cap))
3879 		params->ht_cap = (void *)(cap + 2);
3880 	cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
3881 	if (cap && cap[1] >= sizeof(*params->vht_cap))
3882 		params->vht_cap = (void *)(cap + 2);
3883 }
3884 
3885 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3886 				   struct cfg80211_ap_settings *params)
3887 {
3888 	struct wireless_dev *wdev;
3889 	bool ret = false;
3890 
3891 	list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3892 		if (wdev->iftype != NL80211_IFTYPE_AP &&
3893 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
3894 			continue;
3895 
3896 		if (!wdev->preset_chandef.chan)
3897 			continue;
3898 
3899 		params->chandef = wdev->preset_chandef;
3900 		ret = true;
3901 		break;
3902 	}
3903 
3904 	return ret;
3905 }
3906 
3907 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3908 				    enum nl80211_auth_type auth_type,
3909 				    enum nl80211_commands cmd)
3910 {
3911 	if (auth_type > NL80211_AUTHTYPE_MAX)
3912 		return false;
3913 
3914 	switch (cmd) {
3915 	case NL80211_CMD_AUTHENTICATE:
3916 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3917 		    auth_type == NL80211_AUTHTYPE_SAE)
3918 			return false;
3919 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3920 					     NL80211_EXT_FEATURE_FILS_STA) &&
3921 		    (auth_type == NL80211_AUTHTYPE_FILS_SK ||
3922 		     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3923 		     auth_type == NL80211_AUTHTYPE_FILS_PK))
3924 			return false;
3925 		return true;
3926 	case NL80211_CMD_CONNECT:
3927 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3928 		    auth_type == NL80211_AUTHTYPE_SAE)
3929 			return false;
3930 
3931 		/* FILS with SK PFS or PK not supported yet */
3932 		if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3933 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
3934 			return false;
3935 		if (!wiphy_ext_feature_isset(
3936 			    &rdev->wiphy,
3937 			    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
3938 		    auth_type == NL80211_AUTHTYPE_FILS_SK)
3939 			return false;
3940 		return true;
3941 	case NL80211_CMD_START_AP:
3942 		/* SAE not supported yet */
3943 		if (auth_type == NL80211_AUTHTYPE_SAE)
3944 			return false;
3945 		/* FILS not supported yet */
3946 		if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
3947 		    auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3948 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
3949 			return false;
3950 		return true;
3951 	default:
3952 		return false;
3953 	}
3954 }
3955 
3956 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3957 {
3958 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3959 	struct net_device *dev = info->user_ptr[1];
3960 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3961 	struct cfg80211_ap_settings params;
3962 	int err;
3963 
3964 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3965 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3966 		return -EOPNOTSUPP;
3967 
3968 	if (!rdev->ops->start_ap)
3969 		return -EOPNOTSUPP;
3970 
3971 	if (wdev->beacon_interval)
3972 		return -EALREADY;
3973 
3974 	memset(&params, 0, sizeof(params));
3975 
3976 	/* these are required for START_AP */
3977 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3978 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3979 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
3980 		return -EINVAL;
3981 
3982 	err = nl80211_parse_beacon(info->attrs, &params.beacon);
3983 	if (err)
3984 		return err;
3985 
3986 	params.beacon_interval =
3987 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3988 	params.dtim_period =
3989 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3990 
3991 	err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
3992 					   params.beacon_interval);
3993 	if (err)
3994 		return err;
3995 
3996 	/*
3997 	 * In theory, some of these attributes should be required here
3998 	 * but since they were not used when the command was originally
3999 	 * added, keep them optional for old user space programs to let
4000 	 * them continue to work with drivers that do not need the
4001 	 * additional information -- drivers must check!
4002 	 */
4003 	if (info->attrs[NL80211_ATTR_SSID]) {
4004 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4005 		params.ssid_len =
4006 			nla_len(info->attrs[NL80211_ATTR_SSID]);
4007 		if (params.ssid_len == 0 ||
4008 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
4009 			return -EINVAL;
4010 	}
4011 
4012 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
4013 		params.hidden_ssid = nla_get_u32(
4014 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4015 		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
4016 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
4017 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
4018 			return -EINVAL;
4019 	}
4020 
4021 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4022 
4023 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4024 		params.auth_type = nla_get_u32(
4025 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
4026 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
4027 					     NL80211_CMD_START_AP))
4028 			return -EINVAL;
4029 	} else
4030 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4031 
4032 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
4033 				      NL80211_MAX_NR_CIPHER_SUITES);
4034 	if (err)
4035 		return err;
4036 
4037 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4038 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4039 			return -EOPNOTSUPP;
4040 		params.inactivity_timeout = nla_get_u16(
4041 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4042 	}
4043 
4044 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4045 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4046 			return -EINVAL;
4047 		params.p2p_ctwindow =
4048 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4049 		if (params.p2p_ctwindow > 127)
4050 			return -EINVAL;
4051 		if (params.p2p_ctwindow != 0 &&
4052 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4053 			return -EINVAL;
4054 	}
4055 
4056 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4057 		u8 tmp;
4058 
4059 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4060 			return -EINVAL;
4061 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4062 		if (tmp > 1)
4063 			return -EINVAL;
4064 		params.p2p_opp_ps = tmp;
4065 		if (params.p2p_opp_ps != 0 &&
4066 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4067 			return -EINVAL;
4068 	}
4069 
4070 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4071 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
4072 		if (err)
4073 			return err;
4074 	} else if (wdev->preset_chandef.chan) {
4075 		params.chandef = wdev->preset_chandef;
4076 	} else if (!nl80211_get_ap_channel(rdev, &params))
4077 		return -EINVAL;
4078 
4079 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
4080 					   wdev->iftype))
4081 		return -EINVAL;
4082 
4083 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
4084 		err = nl80211_parse_tx_bitrate_mask(info, &params.beacon_rate);
4085 		if (err)
4086 			return err;
4087 
4088 		err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4089 					      &params.beacon_rate);
4090 		if (err)
4091 			return err;
4092 	}
4093 
4094 	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4095 		params.smps_mode =
4096 			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4097 		switch (params.smps_mode) {
4098 		case NL80211_SMPS_OFF:
4099 			break;
4100 		case NL80211_SMPS_STATIC:
4101 			if (!(rdev->wiphy.features &
4102 			      NL80211_FEATURE_STATIC_SMPS))
4103 				return -EINVAL;
4104 			break;
4105 		case NL80211_SMPS_DYNAMIC:
4106 			if (!(rdev->wiphy.features &
4107 			      NL80211_FEATURE_DYNAMIC_SMPS))
4108 				return -EINVAL;
4109 			break;
4110 		default:
4111 			return -EINVAL;
4112 		}
4113 	} else {
4114 		params.smps_mode = NL80211_SMPS_OFF;
4115 	}
4116 
4117 	params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4118 	if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4119 		return -EOPNOTSUPP;
4120 
4121 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4122 		params.acl = parse_acl_data(&rdev->wiphy, info);
4123 		if (IS_ERR(params.acl))
4124 			return PTR_ERR(params.acl);
4125 	}
4126 
4127 	nl80211_calculate_ap_params(&params);
4128 
4129 	wdev_lock(wdev);
4130 	err = rdev_start_ap(rdev, dev, &params);
4131 	if (!err) {
4132 		wdev->preset_chandef = params.chandef;
4133 		wdev->beacon_interval = params.beacon_interval;
4134 		wdev->chandef = params.chandef;
4135 		wdev->ssid_len = params.ssid_len;
4136 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4137 	}
4138 	wdev_unlock(wdev);
4139 
4140 	kfree(params.acl);
4141 
4142 	return err;
4143 }
4144 
4145 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4146 {
4147 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4148 	struct net_device *dev = info->user_ptr[1];
4149 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4150 	struct cfg80211_beacon_data params;
4151 	int err;
4152 
4153 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4154 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4155 		return -EOPNOTSUPP;
4156 
4157 	if (!rdev->ops->change_beacon)
4158 		return -EOPNOTSUPP;
4159 
4160 	if (!wdev->beacon_interval)
4161 		return -EINVAL;
4162 
4163 	err = nl80211_parse_beacon(info->attrs, &params);
4164 	if (err)
4165 		return err;
4166 
4167 	wdev_lock(wdev);
4168 	err = rdev_change_beacon(rdev, dev, &params);
4169 	wdev_unlock(wdev);
4170 
4171 	return err;
4172 }
4173 
4174 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4175 {
4176 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4177 	struct net_device *dev = info->user_ptr[1];
4178 
4179 	return cfg80211_stop_ap(rdev, dev, false);
4180 }
4181 
4182 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4183 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4184 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4185 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4186 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4187 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4188 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4189 };
4190 
4191 static int parse_station_flags(struct genl_info *info,
4192 			       enum nl80211_iftype iftype,
4193 			       struct station_parameters *params)
4194 {
4195 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4196 	struct nlattr *nla;
4197 	int flag;
4198 
4199 	/*
4200 	 * Try parsing the new attribute first so userspace
4201 	 * can specify both for older kernels.
4202 	 */
4203 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4204 	if (nla) {
4205 		struct nl80211_sta_flag_update *sta_flags;
4206 
4207 		sta_flags = nla_data(nla);
4208 		params->sta_flags_mask = sta_flags->mask;
4209 		params->sta_flags_set = sta_flags->set;
4210 		params->sta_flags_set &= params->sta_flags_mask;
4211 		if ((params->sta_flags_mask |
4212 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4213 			return -EINVAL;
4214 		return 0;
4215 	}
4216 
4217 	/* if present, parse the old attribute */
4218 
4219 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4220 	if (!nla)
4221 		return 0;
4222 
4223 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, nla,
4224 			     sta_flags_policy, info->extack))
4225 		return -EINVAL;
4226 
4227 	/*
4228 	 * Only allow certain flags for interface types so that
4229 	 * other attributes are silently ignored. Remember that
4230 	 * this is backward compatibility code with old userspace
4231 	 * and shouldn't be hit in other cases anyway.
4232 	 */
4233 	switch (iftype) {
4234 	case NL80211_IFTYPE_AP:
4235 	case NL80211_IFTYPE_AP_VLAN:
4236 	case NL80211_IFTYPE_P2P_GO:
4237 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4238 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4239 					 BIT(NL80211_STA_FLAG_WME) |
4240 					 BIT(NL80211_STA_FLAG_MFP);
4241 		break;
4242 	case NL80211_IFTYPE_P2P_CLIENT:
4243 	case NL80211_IFTYPE_STATION:
4244 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4245 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
4246 		break;
4247 	case NL80211_IFTYPE_MESH_POINT:
4248 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4249 					 BIT(NL80211_STA_FLAG_MFP) |
4250 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
4251 	default:
4252 		return -EINVAL;
4253 	}
4254 
4255 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4256 		if (flags[flag]) {
4257 			params->sta_flags_set |= (1<<flag);
4258 
4259 			/* no longer support new API additions in old API */
4260 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4261 				return -EINVAL;
4262 		}
4263 	}
4264 
4265 	return 0;
4266 }
4267 
4268 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
4269 				 int attr)
4270 {
4271 	struct nlattr *rate;
4272 	u32 bitrate;
4273 	u16 bitrate_compat;
4274 	enum nl80211_rate_info rate_flg;
4275 
4276 	rate = nla_nest_start(msg, attr);
4277 	if (!rate)
4278 		return false;
4279 
4280 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
4281 	bitrate = cfg80211_calculate_bitrate(info);
4282 	/* report 16-bit bitrate only if we can */
4283 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4284 	if (bitrate > 0 &&
4285 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4286 		return false;
4287 	if (bitrate_compat > 0 &&
4288 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4289 		return false;
4290 
4291 	switch (info->bw) {
4292 	case RATE_INFO_BW_5:
4293 		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4294 		break;
4295 	case RATE_INFO_BW_10:
4296 		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4297 		break;
4298 	default:
4299 		WARN_ON(1);
4300 		/* fall through */
4301 	case RATE_INFO_BW_20:
4302 		rate_flg = 0;
4303 		break;
4304 	case RATE_INFO_BW_40:
4305 		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4306 		break;
4307 	case RATE_INFO_BW_80:
4308 		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4309 		break;
4310 	case RATE_INFO_BW_160:
4311 		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4312 		break;
4313 	}
4314 
4315 	if (rate_flg && nla_put_flag(msg, rate_flg))
4316 		return false;
4317 
4318 	if (info->flags & RATE_INFO_FLAGS_MCS) {
4319 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
4320 			return false;
4321 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4322 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4323 			return false;
4324 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
4325 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
4326 			return false;
4327 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
4328 			return false;
4329 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4330 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4331 			return false;
4332 	}
4333 
4334 	nla_nest_end(msg, rate);
4335 	return true;
4336 }
4337 
4338 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
4339 			       int id)
4340 {
4341 	void *attr;
4342 	int i = 0;
4343 
4344 	if (!mask)
4345 		return true;
4346 
4347 	attr = nla_nest_start(msg, id);
4348 	if (!attr)
4349 		return false;
4350 
4351 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
4352 		if (!(mask & BIT(i)))
4353 			continue;
4354 
4355 		if (nla_put_u8(msg, i, signal[i]))
4356 			return false;
4357 	}
4358 
4359 	nla_nest_end(msg, attr);
4360 
4361 	return true;
4362 }
4363 
4364 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
4365 				u32 seq, int flags,
4366 				struct cfg80211_registered_device *rdev,
4367 				struct net_device *dev,
4368 				const u8 *mac_addr, struct station_info *sinfo)
4369 {
4370 	void *hdr;
4371 	struct nlattr *sinfoattr, *bss_param;
4372 
4373 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4374 	if (!hdr)
4375 		return -1;
4376 
4377 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4378 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
4379 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
4380 		goto nla_put_failure;
4381 
4382 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
4383 	if (!sinfoattr)
4384 		goto nla_put_failure;
4385 
4386 #define PUT_SINFO(attr, memb, type) do {				\
4387 	BUILD_BUG_ON(sizeof(type) == sizeof(u64));			\
4388 	if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) &&	\
4389 	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
4390 			     sinfo->memb))				\
4391 		goto nla_put_failure;					\
4392 	} while (0)
4393 #define PUT_SINFO_U64(attr, memb) do {					\
4394 	if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) &&	\
4395 	    nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr,		\
4396 			      sinfo->memb, NL80211_STA_INFO_PAD))	\
4397 		goto nla_put_failure;					\
4398 	} while (0)
4399 
4400 	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
4401 	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
4402 
4403 	if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) |
4404 			     BIT(NL80211_STA_INFO_RX_BYTES64)) &&
4405 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
4406 			(u32)sinfo->rx_bytes))
4407 		goto nla_put_failure;
4408 
4409 	if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) |
4410 			     BIT(NL80211_STA_INFO_TX_BYTES64)) &&
4411 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
4412 			(u32)sinfo->tx_bytes))
4413 		goto nla_put_failure;
4414 
4415 	PUT_SINFO_U64(RX_BYTES64, rx_bytes);
4416 	PUT_SINFO_U64(TX_BYTES64, tx_bytes);
4417 	PUT_SINFO(LLID, llid, u16);
4418 	PUT_SINFO(PLID, plid, u16);
4419 	PUT_SINFO(PLINK_STATE, plink_state, u8);
4420 	PUT_SINFO_U64(RX_DURATION, rx_duration);
4421 
4422 	switch (rdev->wiphy.signal_type) {
4423 	case CFG80211_SIGNAL_TYPE_MBM:
4424 		PUT_SINFO(SIGNAL, signal, u8);
4425 		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
4426 		break;
4427 	default:
4428 		break;
4429 	}
4430 	if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) {
4431 		if (!nl80211_put_signal(msg, sinfo->chains,
4432 					sinfo->chain_signal,
4433 					NL80211_STA_INFO_CHAIN_SIGNAL))
4434 			goto nla_put_failure;
4435 	}
4436 	if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
4437 		if (!nl80211_put_signal(msg, sinfo->chains,
4438 					sinfo->chain_signal_avg,
4439 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
4440 			goto nla_put_failure;
4441 	}
4442 	if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
4443 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
4444 					  NL80211_STA_INFO_TX_BITRATE))
4445 			goto nla_put_failure;
4446 	}
4447 	if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) {
4448 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
4449 					  NL80211_STA_INFO_RX_BITRATE))
4450 			goto nla_put_failure;
4451 	}
4452 
4453 	PUT_SINFO(RX_PACKETS, rx_packets, u32);
4454 	PUT_SINFO(TX_PACKETS, tx_packets, u32);
4455 	PUT_SINFO(TX_RETRIES, tx_retries, u32);
4456 	PUT_SINFO(TX_FAILED, tx_failed, u32);
4457 	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
4458 	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
4459 	PUT_SINFO(LOCAL_PM, local_pm, u32);
4460 	PUT_SINFO(PEER_PM, peer_pm, u32);
4461 	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
4462 
4463 	if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) {
4464 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
4465 		if (!bss_param)
4466 			goto nla_put_failure;
4467 
4468 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
4469 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
4470 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
4471 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
4472 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
4473 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
4474 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
4475 			       sinfo->bss_param.dtim_period) ||
4476 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
4477 				sinfo->bss_param.beacon_interval))
4478 			goto nla_put_failure;
4479 
4480 		nla_nest_end(msg, bss_param);
4481 	}
4482 	if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) &&
4483 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
4484 		    sizeof(struct nl80211_sta_flag_update),
4485 		    &sinfo->sta_flags))
4486 		goto nla_put_failure;
4487 
4488 	PUT_SINFO_U64(T_OFFSET, t_offset);
4489 	PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
4490 	PUT_SINFO_U64(BEACON_RX, rx_beacon);
4491 	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
4492 	PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
4493 
4494 #undef PUT_SINFO
4495 #undef PUT_SINFO_U64
4496 
4497 	if (sinfo->filled & BIT(NL80211_STA_INFO_TID_STATS)) {
4498 		struct nlattr *tidsattr;
4499 		int tid;
4500 
4501 		tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
4502 		if (!tidsattr)
4503 			goto nla_put_failure;
4504 
4505 		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
4506 			struct cfg80211_tid_stats *tidstats;
4507 			struct nlattr *tidattr;
4508 
4509 			tidstats = &sinfo->pertid[tid];
4510 
4511 			if (!tidstats->filled)
4512 				continue;
4513 
4514 			tidattr = nla_nest_start(msg, tid + 1);
4515 			if (!tidattr)
4516 				goto nla_put_failure;
4517 
4518 #define PUT_TIDVAL_U64(attr, memb) do {					\
4519 	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
4520 	    nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr,		\
4521 			      tidstats->memb, NL80211_TID_STATS_PAD))	\
4522 		goto nla_put_failure;					\
4523 	} while (0)
4524 
4525 			PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
4526 			PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
4527 			PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
4528 			PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
4529 
4530 #undef PUT_TIDVAL_U64
4531 			nla_nest_end(msg, tidattr);
4532 		}
4533 
4534 		nla_nest_end(msg, tidsattr);
4535 	}
4536 
4537 	nla_nest_end(msg, sinfoattr);
4538 
4539 	if (sinfo->assoc_req_ies_len &&
4540 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
4541 		    sinfo->assoc_req_ies))
4542 		goto nla_put_failure;
4543 
4544 	genlmsg_end(msg, hdr);
4545 	return 0;
4546 
4547  nla_put_failure:
4548 	genlmsg_cancel(msg, hdr);
4549 	return -EMSGSIZE;
4550 }
4551 
4552 static int nl80211_dump_station(struct sk_buff *skb,
4553 				struct netlink_callback *cb)
4554 {
4555 	struct station_info sinfo;
4556 	struct cfg80211_registered_device *rdev;
4557 	struct wireless_dev *wdev;
4558 	u8 mac_addr[ETH_ALEN];
4559 	int sta_idx = cb->args[2];
4560 	int err;
4561 
4562 	rtnl_lock();
4563 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4564 	if (err)
4565 		goto out_err;
4566 
4567 	if (!wdev->netdev) {
4568 		err = -EINVAL;
4569 		goto out_err;
4570 	}
4571 
4572 	if (!rdev->ops->dump_station) {
4573 		err = -EOPNOTSUPP;
4574 		goto out_err;
4575 	}
4576 
4577 	while (1) {
4578 		memset(&sinfo, 0, sizeof(sinfo));
4579 		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
4580 					mac_addr, &sinfo);
4581 		if (err == -ENOENT)
4582 			break;
4583 		if (err)
4584 			goto out_err;
4585 
4586 		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
4587 				NETLINK_CB(cb->skb).portid,
4588 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
4589 				rdev, wdev->netdev, mac_addr,
4590 				&sinfo) < 0)
4591 			goto out;
4592 
4593 		sta_idx++;
4594 	}
4595 
4596  out:
4597 	cb->args[2] = sta_idx;
4598 	err = skb->len;
4599  out_err:
4600 	rtnl_unlock();
4601 
4602 	return err;
4603 }
4604 
4605 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
4606 {
4607 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4608 	struct net_device *dev = info->user_ptr[1];
4609 	struct station_info sinfo;
4610 	struct sk_buff *msg;
4611 	u8 *mac_addr = NULL;
4612 	int err;
4613 
4614 	memset(&sinfo, 0, sizeof(sinfo));
4615 
4616 	if (!info->attrs[NL80211_ATTR_MAC])
4617 		return -EINVAL;
4618 
4619 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4620 
4621 	if (!rdev->ops->get_station)
4622 		return -EOPNOTSUPP;
4623 
4624 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
4625 	if (err)
4626 		return err;
4627 
4628 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4629 	if (!msg)
4630 		return -ENOMEM;
4631 
4632 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
4633 				 info->snd_portid, info->snd_seq, 0,
4634 				 rdev, dev, mac_addr, &sinfo) < 0) {
4635 		nlmsg_free(msg);
4636 		return -ENOBUFS;
4637 	}
4638 
4639 	return genlmsg_reply(msg, info);
4640 }
4641 
4642 int cfg80211_check_station_change(struct wiphy *wiphy,
4643 				  struct station_parameters *params,
4644 				  enum cfg80211_station_type statype)
4645 {
4646 	if (params->listen_interval != -1 &&
4647 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4648 		return -EINVAL;
4649 
4650 	if (params->support_p2p_ps != -1 &&
4651 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4652 		return -EINVAL;
4653 
4654 	if (params->aid &&
4655 	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
4656 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4657 		return -EINVAL;
4658 
4659 	/* When you run into this, adjust the code below for the new flag */
4660 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4661 
4662 	switch (statype) {
4663 	case CFG80211_STA_MESH_PEER_KERNEL:
4664 	case CFG80211_STA_MESH_PEER_USER:
4665 		/*
4666 		 * No ignoring the TDLS flag here -- the userspace mesh
4667 		 * code doesn't have the bug of including TDLS in the
4668 		 * mask everywhere.
4669 		 */
4670 		if (params->sta_flags_mask &
4671 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4672 				  BIT(NL80211_STA_FLAG_MFP) |
4673 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
4674 			return -EINVAL;
4675 		break;
4676 	case CFG80211_STA_TDLS_PEER_SETUP:
4677 	case CFG80211_STA_TDLS_PEER_ACTIVE:
4678 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4679 			return -EINVAL;
4680 		/* ignore since it can't change */
4681 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4682 		break;
4683 	default:
4684 		/* disallow mesh-specific things */
4685 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
4686 			return -EINVAL;
4687 		if (params->local_pm)
4688 			return -EINVAL;
4689 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4690 			return -EINVAL;
4691 	}
4692 
4693 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4694 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
4695 		/* TDLS can't be set, ... */
4696 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
4697 			return -EINVAL;
4698 		/*
4699 		 * ... but don't bother the driver with it. This works around
4700 		 * a hostapd/wpa_supplicant issue -- it always includes the
4701 		 * TLDS_PEER flag in the mask even for AP mode.
4702 		 */
4703 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4704 	}
4705 
4706 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4707 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4708 		/* reject other things that can't change */
4709 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
4710 			return -EINVAL;
4711 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
4712 			return -EINVAL;
4713 		if (params->supported_rates)
4714 			return -EINVAL;
4715 		if (params->ext_capab || params->ht_capa || params->vht_capa)
4716 			return -EINVAL;
4717 	}
4718 
4719 	if (statype != CFG80211_STA_AP_CLIENT &&
4720 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4721 		if (params->vlan)
4722 			return -EINVAL;
4723 	}
4724 
4725 	switch (statype) {
4726 	case CFG80211_STA_AP_MLME_CLIENT:
4727 		/* Use this only for authorizing/unauthorizing a station */
4728 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
4729 			return -EOPNOTSUPP;
4730 		break;
4731 	case CFG80211_STA_AP_CLIENT:
4732 	case CFG80211_STA_AP_CLIENT_UNASSOC:
4733 		/* accept only the listed bits */
4734 		if (params->sta_flags_mask &
4735 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4736 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4737 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
4738 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4739 				  BIT(NL80211_STA_FLAG_WME) |
4740 				  BIT(NL80211_STA_FLAG_MFP)))
4741 			return -EINVAL;
4742 
4743 		/* but authenticated/associated only if driver handles it */
4744 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4745 		    params->sta_flags_mask &
4746 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4747 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4748 			return -EINVAL;
4749 		break;
4750 	case CFG80211_STA_IBSS:
4751 	case CFG80211_STA_AP_STA:
4752 		/* reject any changes other than AUTHORIZED */
4753 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
4754 			return -EINVAL;
4755 		break;
4756 	case CFG80211_STA_TDLS_PEER_SETUP:
4757 		/* reject any changes other than AUTHORIZED or WME */
4758 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4759 					       BIT(NL80211_STA_FLAG_WME)))
4760 			return -EINVAL;
4761 		/* force (at least) rates when authorizing */
4762 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
4763 		    !params->supported_rates)
4764 			return -EINVAL;
4765 		break;
4766 	case CFG80211_STA_TDLS_PEER_ACTIVE:
4767 		/* reject any changes */
4768 		return -EINVAL;
4769 	case CFG80211_STA_MESH_PEER_KERNEL:
4770 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4771 			return -EINVAL;
4772 		break;
4773 	case CFG80211_STA_MESH_PEER_USER:
4774 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
4775 		    params->plink_action != NL80211_PLINK_ACTION_BLOCK)
4776 			return -EINVAL;
4777 		break;
4778 	}
4779 
4780 	/*
4781 	 * Older kernel versions ignored this attribute entirely, so don't
4782 	 * reject attempts to update it but mark it as unused instead so the
4783 	 * driver won't look at the data.
4784 	 */
4785 	if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
4786 	    statype != CFG80211_STA_TDLS_PEER_SETUP)
4787 		params->opmode_notif_used = false;
4788 
4789 	return 0;
4790 }
4791 EXPORT_SYMBOL(cfg80211_check_station_change);
4792 
4793 /*
4794  * Get vlan interface making sure it is running and on the right wiphy.
4795  */
4796 static struct net_device *get_vlan(struct genl_info *info,
4797 				   struct cfg80211_registered_device *rdev)
4798 {
4799 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
4800 	struct net_device *v;
4801 	int ret;
4802 
4803 	if (!vlanattr)
4804 		return NULL;
4805 
4806 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
4807 	if (!v)
4808 		return ERR_PTR(-ENODEV);
4809 
4810 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
4811 		ret = -EINVAL;
4812 		goto error;
4813 	}
4814 
4815 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4816 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4817 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
4818 		ret = -EINVAL;
4819 		goto error;
4820 	}
4821 
4822 	if (!netif_running(v)) {
4823 		ret = -ENETDOWN;
4824 		goto error;
4825 	}
4826 
4827 	return v;
4828  error:
4829 	dev_put(v);
4830 	return ERR_PTR(ret);
4831 }
4832 
4833 static const struct nla_policy
4834 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4835 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
4836 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
4837 };
4838 
4839 static int nl80211_parse_sta_wme(struct genl_info *info,
4840 				 struct station_parameters *params)
4841 {
4842 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
4843 	struct nlattr *nla;
4844 	int err;
4845 
4846 	/* parse WME attributes if present */
4847 	if (!info->attrs[NL80211_ATTR_STA_WME])
4848 		return 0;
4849 
4850 	nla = info->attrs[NL80211_ATTR_STA_WME];
4851 	err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4852 			       nl80211_sta_wme_policy, info->extack);
4853 	if (err)
4854 		return err;
4855 
4856 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4857 		params->uapsd_queues = nla_get_u8(
4858 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
4859 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4860 		return -EINVAL;
4861 
4862 	if (tb[NL80211_STA_WME_MAX_SP])
4863 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4864 
4865 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4866 		return -EINVAL;
4867 
4868 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4869 
4870 	return 0;
4871 }
4872 
4873 static int nl80211_parse_sta_channel_info(struct genl_info *info,
4874 				      struct station_parameters *params)
4875 {
4876 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4877 		params->supported_channels =
4878 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4879 		params->supported_channels_len =
4880 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4881 		/*
4882 		 * Need to include at least one (first channel, number of
4883 		 * channels) tuple for each subband, and must have proper
4884 		 * tuples for the rest of the data as well.
4885 		 */
4886 		if (params->supported_channels_len < 2)
4887 			return -EINVAL;
4888 		if (params->supported_channels_len % 2)
4889 			return -EINVAL;
4890 	}
4891 
4892 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4893 		params->supported_oper_classes =
4894 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4895 		params->supported_oper_classes_len =
4896 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4897 		/*
4898 		 * The value of the Length field of the Supported Operating
4899 		 * Classes element is between 2 and 253.
4900 		 */
4901 		if (params->supported_oper_classes_len < 2 ||
4902 		    params->supported_oper_classes_len > 253)
4903 			return -EINVAL;
4904 	}
4905 	return 0;
4906 }
4907 
4908 static int nl80211_set_station_tdls(struct genl_info *info,
4909 				    struct station_parameters *params)
4910 {
4911 	int err;
4912 	/* Dummy STA entry gets updated once the peer capabilities are known */
4913 	if (info->attrs[NL80211_ATTR_PEER_AID])
4914 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4915 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4916 		params->ht_capa =
4917 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4918 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4919 		params->vht_capa =
4920 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4921 
4922 	err = nl80211_parse_sta_channel_info(info, params);
4923 	if (err)
4924 		return err;
4925 
4926 	return nl80211_parse_sta_wme(info, params);
4927 }
4928 
4929 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4930 {
4931 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4932 	struct net_device *dev = info->user_ptr[1];
4933 	struct station_parameters params;
4934 	u8 *mac_addr;
4935 	int err;
4936 
4937 	memset(&params, 0, sizeof(params));
4938 
4939 	if (!rdev->ops->change_station)
4940 		return -EOPNOTSUPP;
4941 
4942 	/*
4943 	 * AID and listen_interval properties can be set only for unassociated
4944 	 * station. Include these parameters here and will check them in
4945 	 * cfg80211_check_station_change().
4946 	 */
4947 	if (info->attrs[NL80211_ATTR_STA_AID])
4948 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4949 
4950 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4951 		params.listen_interval =
4952 		     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4953 	else
4954 		params.listen_interval = -1;
4955 
4956 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
4957 		u8 tmp;
4958 
4959 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
4960 		if (tmp >= NUM_NL80211_P2P_PS_STATUS)
4961 			return -EINVAL;
4962 
4963 		params.support_p2p_ps = tmp;
4964 	} else {
4965 		params.support_p2p_ps = -1;
4966 	}
4967 
4968 	if (!info->attrs[NL80211_ATTR_MAC])
4969 		return -EINVAL;
4970 
4971 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4972 
4973 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4974 		params.supported_rates =
4975 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4976 		params.supported_rates_len =
4977 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4978 	}
4979 
4980 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4981 		params.capability =
4982 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4983 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4984 	}
4985 
4986 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4987 		params.ext_capab =
4988 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4989 		params.ext_capab_len =
4990 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4991 	}
4992 
4993 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4994 		return -EINVAL;
4995 
4996 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4997 		params.plink_action =
4998 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4999 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
5000 			return -EINVAL;
5001 	}
5002 
5003 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
5004 		params.plink_state =
5005 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
5006 		if (params.plink_state >= NUM_NL80211_PLINK_STATES)
5007 			return -EINVAL;
5008 		if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) {
5009 			params.peer_aid = nla_get_u16(
5010 				info->attrs[NL80211_ATTR_MESH_PEER_AID]);
5011 			if (params.peer_aid > IEEE80211_MAX_AID)
5012 				return -EINVAL;
5013 		}
5014 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
5015 	}
5016 
5017 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
5018 		enum nl80211_mesh_power_mode pm = nla_get_u32(
5019 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5020 
5021 		if (pm <= NL80211_MESH_POWER_UNKNOWN ||
5022 		    pm > NL80211_MESH_POWER_MAX)
5023 			return -EINVAL;
5024 
5025 		params.local_pm = pm;
5026 	}
5027 
5028 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5029 		params.opmode_notif_used = true;
5030 		params.opmode_notif =
5031 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5032 	}
5033 
5034 	/* Include parameters for TDLS peer (will check later) */
5035 	err = nl80211_set_station_tdls(info, &params);
5036 	if (err)
5037 		return err;
5038 
5039 	params.vlan = get_vlan(info, rdev);
5040 	if (IS_ERR(params.vlan))
5041 		return PTR_ERR(params.vlan);
5042 
5043 	switch (dev->ieee80211_ptr->iftype) {
5044 	case NL80211_IFTYPE_AP:
5045 	case NL80211_IFTYPE_AP_VLAN:
5046 	case NL80211_IFTYPE_P2P_GO:
5047 	case NL80211_IFTYPE_P2P_CLIENT:
5048 	case NL80211_IFTYPE_STATION:
5049 	case NL80211_IFTYPE_ADHOC:
5050 	case NL80211_IFTYPE_MESH_POINT:
5051 		break;
5052 	default:
5053 		err = -EOPNOTSUPP;
5054 		goto out_put_vlan;
5055 	}
5056 
5057 	/* driver will call cfg80211_check_station_change() */
5058 	err = rdev_change_station(rdev, dev, mac_addr, &params);
5059 
5060  out_put_vlan:
5061 	if (params.vlan)
5062 		dev_put(params.vlan);
5063 
5064 	return err;
5065 }
5066 
5067 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5068 {
5069 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5070 	int err;
5071 	struct net_device *dev = info->user_ptr[1];
5072 	struct station_parameters params;
5073 	u8 *mac_addr = NULL;
5074 	u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5075 			 BIT(NL80211_STA_FLAG_ASSOCIATED);
5076 
5077 	memset(&params, 0, sizeof(params));
5078 
5079 	if (!rdev->ops->add_station)
5080 		return -EOPNOTSUPP;
5081 
5082 	if (!info->attrs[NL80211_ATTR_MAC])
5083 		return -EINVAL;
5084 
5085 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5086 		return -EINVAL;
5087 
5088 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5089 		return -EINVAL;
5090 
5091 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
5092 	    !info->attrs[NL80211_ATTR_PEER_AID])
5093 		return -EINVAL;
5094 
5095 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5096 	params.supported_rates =
5097 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5098 	params.supported_rates_len =
5099 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5100 	params.listen_interval =
5101 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5102 
5103 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5104 		u8 tmp;
5105 
5106 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5107 		if (tmp >= NUM_NL80211_P2P_PS_STATUS)
5108 			return -EINVAL;
5109 
5110 		params.support_p2p_ps = tmp;
5111 	} else {
5112 		/*
5113 		 * if not specified, assume it's supported for P2P GO interface,
5114 		 * and is NOT supported for AP interface
5115 		 */
5116 		params.support_p2p_ps =
5117 			dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5118 	}
5119 
5120 	if (info->attrs[NL80211_ATTR_PEER_AID])
5121 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5122 	else
5123 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5124 	if (!params.aid || params.aid > IEEE80211_MAX_AID)
5125 		return -EINVAL;
5126 
5127 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5128 		params.capability =
5129 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5130 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5131 	}
5132 
5133 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5134 		params.ext_capab =
5135 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5136 		params.ext_capab_len =
5137 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5138 	}
5139 
5140 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5141 		params.ht_capa =
5142 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5143 
5144 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5145 		params.vht_capa =
5146 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5147 
5148 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5149 		params.opmode_notif_used = true;
5150 		params.opmode_notif =
5151 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5152 	}
5153 
5154 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
5155 		params.plink_action =
5156 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5157 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
5158 			return -EINVAL;
5159 	}
5160 
5161 	err = nl80211_parse_sta_channel_info(info, &params);
5162 	if (err)
5163 		return err;
5164 
5165 	err = nl80211_parse_sta_wme(info, &params);
5166 	if (err)
5167 		return err;
5168 
5169 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5170 		return -EINVAL;
5171 
5172 	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
5173 	 * as userspace might just pass through the capabilities from the IEs
5174 	 * directly, rather than enforcing this restriction and returning an
5175 	 * error in this case.
5176 	 */
5177 	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5178 		params.ht_capa = NULL;
5179 		params.vht_capa = NULL;
5180 	}
5181 
5182 	/* When you run into this, adjust the code below for the new flag */
5183 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5184 
5185 	switch (dev->ieee80211_ptr->iftype) {
5186 	case NL80211_IFTYPE_AP:
5187 	case NL80211_IFTYPE_AP_VLAN:
5188 	case NL80211_IFTYPE_P2P_GO:
5189 		/* ignore WME attributes if iface/sta is not capable */
5190 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5191 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5192 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5193 
5194 		/* TDLS peers cannot be added */
5195 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5196 		    info->attrs[NL80211_ATTR_PEER_AID])
5197 			return -EINVAL;
5198 		/* but don't bother the driver with it */
5199 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5200 
5201 		/* allow authenticated/associated only if driver handles it */
5202 		if (!(rdev->wiphy.features &
5203 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5204 		    params.sta_flags_mask & auth_assoc)
5205 			return -EINVAL;
5206 
5207 		/* Older userspace, or userspace wanting to be compatible with
5208 		 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
5209 		 * and assoc flags in the mask, but assumes the station will be
5210 		 * added as associated anyway since this was the required driver
5211 		 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
5212 		 * introduced.
5213 		 * In order to not bother drivers with this quirk in the API
5214 		 * set the flags in both the mask and set for new stations in
5215 		 * this case.
5216 		 */
5217 		if (!(params.sta_flags_mask & auth_assoc)) {
5218 			params.sta_flags_mask |= auth_assoc;
5219 			params.sta_flags_set |= auth_assoc;
5220 		}
5221 
5222 		/* must be last in here for error handling */
5223 		params.vlan = get_vlan(info, rdev);
5224 		if (IS_ERR(params.vlan))
5225 			return PTR_ERR(params.vlan);
5226 		break;
5227 	case NL80211_IFTYPE_MESH_POINT:
5228 		/* ignore uAPSD data */
5229 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5230 
5231 		/* associated is disallowed */
5232 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
5233 			return -EINVAL;
5234 		/* TDLS peers cannot be added */
5235 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5236 		    info->attrs[NL80211_ATTR_PEER_AID])
5237 			return -EINVAL;
5238 		break;
5239 	case NL80211_IFTYPE_STATION:
5240 	case NL80211_IFTYPE_P2P_CLIENT:
5241 		/* ignore uAPSD data */
5242 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5243 
5244 		/* these are disallowed */
5245 		if (params.sta_flags_mask &
5246 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
5247 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
5248 			return -EINVAL;
5249 		/* Only TDLS peers can be added */
5250 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5251 			return -EINVAL;
5252 		/* Can only add if TDLS ... */
5253 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
5254 			return -EOPNOTSUPP;
5255 		/* ... with external setup is supported */
5256 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
5257 			return -EOPNOTSUPP;
5258 		/*
5259 		 * Older wpa_supplicant versions always mark the TDLS peer
5260 		 * as authorized, but it shouldn't yet be.
5261 		 */
5262 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
5263 		break;
5264 	default:
5265 		return -EOPNOTSUPP;
5266 	}
5267 
5268 	/* be aware of params.vlan when changing code here */
5269 
5270 	err = rdev_add_station(rdev, dev, mac_addr, &params);
5271 
5272 	if (params.vlan)
5273 		dev_put(params.vlan);
5274 	return err;
5275 }
5276 
5277 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
5278 {
5279 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5280 	struct net_device *dev = info->user_ptr[1];
5281 	struct station_del_parameters params;
5282 
5283 	memset(&params, 0, sizeof(params));
5284 
5285 	if (info->attrs[NL80211_ATTR_MAC])
5286 		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
5287 
5288 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5289 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5290 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5291 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5292 		return -EINVAL;
5293 
5294 	if (!rdev->ops->del_station)
5295 		return -EOPNOTSUPP;
5296 
5297 	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
5298 		params.subtype =
5299 			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
5300 		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
5301 		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
5302 			return -EINVAL;
5303 	} else {
5304 		/* Default to Deauthentication frame */
5305 		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
5306 	}
5307 
5308 	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
5309 		params.reason_code =
5310 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5311 		if (params.reason_code == 0)
5312 			return -EINVAL; /* 0 is reserved */
5313 	} else {
5314 		/* Default to reason code 2 */
5315 		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
5316 	}
5317 
5318 	return rdev_del_station(rdev, dev, &params);
5319 }
5320 
5321 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
5322 				int flags, struct net_device *dev,
5323 				u8 *dst, u8 *next_hop,
5324 				struct mpath_info *pinfo)
5325 {
5326 	void *hdr;
5327 	struct nlattr *pinfoattr;
5328 
5329 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
5330 	if (!hdr)
5331 		return -1;
5332 
5333 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5334 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
5335 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
5336 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
5337 		goto nla_put_failure;
5338 
5339 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
5340 	if (!pinfoattr)
5341 		goto nla_put_failure;
5342 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
5343 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
5344 			pinfo->frame_qlen))
5345 		goto nla_put_failure;
5346 	if (((pinfo->filled & MPATH_INFO_SN) &&
5347 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
5348 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
5349 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
5350 			 pinfo->metric)) ||
5351 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
5352 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
5353 			 pinfo->exptime)) ||
5354 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
5355 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
5356 			pinfo->flags)) ||
5357 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
5358 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
5359 			 pinfo->discovery_timeout)) ||
5360 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
5361 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
5362 			pinfo->discovery_retries)))
5363 		goto nla_put_failure;
5364 
5365 	nla_nest_end(msg, pinfoattr);
5366 
5367 	genlmsg_end(msg, hdr);
5368 	return 0;
5369 
5370  nla_put_failure:
5371 	genlmsg_cancel(msg, hdr);
5372 	return -EMSGSIZE;
5373 }
5374 
5375 static int nl80211_dump_mpath(struct sk_buff *skb,
5376 			      struct netlink_callback *cb)
5377 {
5378 	struct mpath_info pinfo;
5379 	struct cfg80211_registered_device *rdev;
5380 	struct wireless_dev *wdev;
5381 	u8 dst[ETH_ALEN];
5382 	u8 next_hop[ETH_ALEN];
5383 	int path_idx = cb->args[2];
5384 	int err;
5385 
5386 	rtnl_lock();
5387 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5388 	if (err)
5389 		goto out_err;
5390 
5391 	if (!rdev->ops->dump_mpath) {
5392 		err = -EOPNOTSUPP;
5393 		goto out_err;
5394 	}
5395 
5396 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5397 		err = -EOPNOTSUPP;
5398 		goto out_err;
5399 	}
5400 
5401 	while (1) {
5402 		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
5403 				      next_hop, &pinfo);
5404 		if (err == -ENOENT)
5405 			break;
5406 		if (err)
5407 			goto out_err;
5408 
5409 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5410 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
5411 				       wdev->netdev, dst, next_hop,
5412 				       &pinfo) < 0)
5413 			goto out;
5414 
5415 		path_idx++;
5416 	}
5417 
5418  out:
5419 	cb->args[2] = path_idx;
5420 	err = skb->len;
5421  out_err:
5422 	rtnl_unlock();
5423 	return err;
5424 }
5425 
5426 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
5427 {
5428 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5429 	int err;
5430 	struct net_device *dev = info->user_ptr[1];
5431 	struct mpath_info pinfo;
5432 	struct sk_buff *msg;
5433 	u8 *dst = NULL;
5434 	u8 next_hop[ETH_ALEN];
5435 
5436 	memset(&pinfo, 0, sizeof(pinfo));
5437 
5438 	if (!info->attrs[NL80211_ATTR_MAC])
5439 		return -EINVAL;
5440 
5441 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5442 
5443 	if (!rdev->ops->get_mpath)
5444 		return -EOPNOTSUPP;
5445 
5446 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5447 		return -EOPNOTSUPP;
5448 
5449 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
5450 	if (err)
5451 		return err;
5452 
5453 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5454 	if (!msg)
5455 		return -ENOMEM;
5456 
5457 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5458 				 dev, dst, next_hop, &pinfo) < 0) {
5459 		nlmsg_free(msg);
5460 		return -ENOBUFS;
5461 	}
5462 
5463 	return genlmsg_reply(msg, info);
5464 }
5465 
5466 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
5467 {
5468 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5469 	struct net_device *dev = info->user_ptr[1];
5470 	u8 *dst = NULL;
5471 	u8 *next_hop = NULL;
5472 
5473 	if (!info->attrs[NL80211_ATTR_MAC])
5474 		return -EINVAL;
5475 
5476 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5477 		return -EINVAL;
5478 
5479 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5480 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5481 
5482 	if (!rdev->ops->change_mpath)
5483 		return -EOPNOTSUPP;
5484 
5485 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5486 		return -EOPNOTSUPP;
5487 
5488 	return rdev_change_mpath(rdev, dev, dst, next_hop);
5489 }
5490 
5491 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
5492 {
5493 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5494 	struct net_device *dev = info->user_ptr[1];
5495 	u8 *dst = NULL;
5496 	u8 *next_hop = NULL;
5497 
5498 	if (!info->attrs[NL80211_ATTR_MAC])
5499 		return -EINVAL;
5500 
5501 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5502 		return -EINVAL;
5503 
5504 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5505 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5506 
5507 	if (!rdev->ops->add_mpath)
5508 		return -EOPNOTSUPP;
5509 
5510 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5511 		return -EOPNOTSUPP;
5512 
5513 	return rdev_add_mpath(rdev, dev, dst, next_hop);
5514 }
5515 
5516 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
5517 {
5518 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5519 	struct net_device *dev = info->user_ptr[1];
5520 	u8 *dst = NULL;
5521 
5522 	if (info->attrs[NL80211_ATTR_MAC])
5523 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5524 
5525 	if (!rdev->ops->del_mpath)
5526 		return -EOPNOTSUPP;
5527 
5528 	return rdev_del_mpath(rdev, dev, dst);
5529 }
5530 
5531 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
5532 {
5533 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5534 	int err;
5535 	struct net_device *dev = info->user_ptr[1];
5536 	struct mpath_info pinfo;
5537 	struct sk_buff *msg;
5538 	u8 *dst = NULL;
5539 	u8 mpp[ETH_ALEN];
5540 
5541 	memset(&pinfo, 0, sizeof(pinfo));
5542 
5543 	if (!info->attrs[NL80211_ATTR_MAC])
5544 		return -EINVAL;
5545 
5546 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5547 
5548 	if (!rdev->ops->get_mpp)
5549 		return -EOPNOTSUPP;
5550 
5551 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5552 		return -EOPNOTSUPP;
5553 
5554 	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
5555 	if (err)
5556 		return err;
5557 
5558 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5559 	if (!msg)
5560 		return -ENOMEM;
5561 
5562 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5563 			       dev, dst, mpp, &pinfo) < 0) {
5564 		nlmsg_free(msg);
5565 		return -ENOBUFS;
5566 	}
5567 
5568 	return genlmsg_reply(msg, info);
5569 }
5570 
5571 static int nl80211_dump_mpp(struct sk_buff *skb,
5572 			    struct netlink_callback *cb)
5573 {
5574 	struct mpath_info pinfo;
5575 	struct cfg80211_registered_device *rdev;
5576 	struct wireless_dev *wdev;
5577 	u8 dst[ETH_ALEN];
5578 	u8 mpp[ETH_ALEN];
5579 	int path_idx = cb->args[2];
5580 	int err;
5581 
5582 	rtnl_lock();
5583 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5584 	if (err)
5585 		goto out_err;
5586 
5587 	if (!rdev->ops->dump_mpp) {
5588 		err = -EOPNOTSUPP;
5589 		goto out_err;
5590 	}
5591 
5592 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5593 		err = -EOPNOTSUPP;
5594 		goto out_err;
5595 	}
5596 
5597 	while (1) {
5598 		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
5599 				    mpp, &pinfo);
5600 		if (err == -ENOENT)
5601 			break;
5602 		if (err)
5603 			goto out_err;
5604 
5605 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5606 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
5607 				       wdev->netdev, dst, mpp,
5608 				       &pinfo) < 0)
5609 			goto out;
5610 
5611 		path_idx++;
5612 	}
5613 
5614  out:
5615 	cb->args[2] = path_idx;
5616 	err = skb->len;
5617  out_err:
5618 	rtnl_unlock();
5619 	return err;
5620 }
5621 
5622 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
5623 {
5624 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5625 	struct net_device *dev = info->user_ptr[1];
5626 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5627 	struct bss_parameters params;
5628 	int err;
5629 
5630 	memset(&params, 0, sizeof(params));
5631 	/* default to not changing parameters */
5632 	params.use_cts_prot = -1;
5633 	params.use_short_preamble = -1;
5634 	params.use_short_slot_time = -1;
5635 	params.ap_isolate = -1;
5636 	params.ht_opmode = -1;
5637 	params.p2p_ctwindow = -1;
5638 	params.p2p_opp_ps = -1;
5639 
5640 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
5641 		params.use_cts_prot =
5642 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
5643 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
5644 		params.use_short_preamble =
5645 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
5646 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
5647 		params.use_short_slot_time =
5648 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
5649 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
5650 		params.basic_rates =
5651 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5652 		params.basic_rates_len =
5653 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5654 	}
5655 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
5656 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
5657 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
5658 		params.ht_opmode =
5659 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
5660 
5661 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
5662 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5663 			return -EINVAL;
5664 		params.p2p_ctwindow =
5665 			nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
5666 		if (params.p2p_ctwindow < 0)
5667 			return -EINVAL;
5668 		if (params.p2p_ctwindow != 0 &&
5669 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
5670 			return -EINVAL;
5671 	}
5672 
5673 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
5674 		u8 tmp;
5675 
5676 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5677 			return -EINVAL;
5678 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
5679 		if (tmp > 1)
5680 			return -EINVAL;
5681 		params.p2p_opp_ps = tmp;
5682 		if (params.p2p_opp_ps &&
5683 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
5684 			return -EINVAL;
5685 	}
5686 
5687 	if (!rdev->ops->change_bss)
5688 		return -EOPNOTSUPP;
5689 
5690 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5691 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5692 		return -EOPNOTSUPP;
5693 
5694 	wdev_lock(wdev);
5695 	err = rdev_change_bss(rdev, dev, &params);
5696 	wdev_unlock(wdev);
5697 
5698 	return err;
5699 }
5700 
5701 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
5702 {
5703 	char *data = NULL;
5704 	bool is_indoor;
5705 	enum nl80211_user_reg_hint_type user_reg_hint_type;
5706 	u32 owner_nlportid;
5707 
5708 	/*
5709 	 * You should only get this when cfg80211 hasn't yet initialized
5710 	 * completely when built-in to the kernel right between the time
5711 	 * window between nl80211_init() and regulatory_init(), if that is
5712 	 * even possible.
5713 	 */
5714 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
5715 		return -EINPROGRESS;
5716 
5717 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
5718 		user_reg_hint_type =
5719 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
5720 	else
5721 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
5722 
5723 	switch (user_reg_hint_type) {
5724 	case NL80211_USER_REG_HINT_USER:
5725 	case NL80211_USER_REG_HINT_CELL_BASE:
5726 		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5727 			return -EINVAL;
5728 
5729 		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5730 		return regulatory_hint_user(data, user_reg_hint_type);
5731 	case NL80211_USER_REG_HINT_INDOOR:
5732 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
5733 			owner_nlportid = info->snd_portid;
5734 			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
5735 		} else {
5736 			owner_nlportid = 0;
5737 			is_indoor = true;
5738 		}
5739 
5740 		return regulatory_hint_indoor(is_indoor, owner_nlportid);
5741 	default:
5742 		return -EINVAL;
5743 	}
5744 }
5745 
5746 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
5747 {
5748 	return reg_reload_regdb();
5749 }
5750 
5751 static int nl80211_get_mesh_config(struct sk_buff *skb,
5752 				   struct genl_info *info)
5753 {
5754 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5755 	struct net_device *dev = info->user_ptr[1];
5756 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5757 	struct mesh_config cur_params;
5758 	int err = 0;
5759 	void *hdr;
5760 	struct nlattr *pinfoattr;
5761 	struct sk_buff *msg;
5762 
5763 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5764 		return -EOPNOTSUPP;
5765 
5766 	if (!rdev->ops->get_mesh_config)
5767 		return -EOPNOTSUPP;
5768 
5769 	wdev_lock(wdev);
5770 	/* If not connected, get default parameters */
5771 	if (!wdev->mesh_id_len)
5772 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
5773 	else
5774 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
5775 	wdev_unlock(wdev);
5776 
5777 	if (err)
5778 		return err;
5779 
5780 	/* Draw up a netlink message to send back */
5781 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5782 	if (!msg)
5783 		return -ENOMEM;
5784 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5785 			     NL80211_CMD_GET_MESH_CONFIG);
5786 	if (!hdr)
5787 		goto out;
5788 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
5789 	if (!pinfoattr)
5790 		goto nla_put_failure;
5791 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5792 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
5793 			cur_params.dot11MeshRetryTimeout) ||
5794 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5795 			cur_params.dot11MeshConfirmTimeout) ||
5796 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
5797 			cur_params.dot11MeshHoldingTimeout) ||
5798 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
5799 			cur_params.dot11MeshMaxPeerLinks) ||
5800 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
5801 		       cur_params.dot11MeshMaxRetries) ||
5802 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
5803 		       cur_params.dot11MeshTTL) ||
5804 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
5805 		       cur_params.element_ttl) ||
5806 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5807 		       cur_params.auto_open_plinks) ||
5808 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5809 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
5810 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5811 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
5812 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
5813 			cur_params.path_refresh_time) ||
5814 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5815 			cur_params.min_discovery_timeout) ||
5816 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5817 			cur_params.dot11MeshHWMPactivePathTimeout) ||
5818 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5819 			cur_params.dot11MeshHWMPpreqMinInterval) ||
5820 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5821 			cur_params.dot11MeshHWMPperrMinInterval) ||
5822 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5823 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
5824 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
5825 		       cur_params.dot11MeshHWMPRootMode) ||
5826 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5827 			cur_params.dot11MeshHWMPRannInterval) ||
5828 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5829 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
5830 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
5831 		       cur_params.dot11MeshForwarding) ||
5832 	    nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
5833 			cur_params.rssi_threshold) ||
5834 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
5835 			cur_params.ht_opmode) ||
5836 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5837 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
5838 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5839 			cur_params.dot11MeshHWMProotInterval) ||
5840 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5841 			cur_params.dot11MeshHWMPconfirmationInterval) ||
5842 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
5843 			cur_params.power_mode) ||
5844 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
5845 			cur_params.dot11MeshAwakeWindowDuration) ||
5846 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
5847 			cur_params.plink_timeout))
5848 		goto nla_put_failure;
5849 	nla_nest_end(msg, pinfoattr);
5850 	genlmsg_end(msg, hdr);
5851 	return genlmsg_reply(msg, info);
5852 
5853  nla_put_failure:
5854  out:
5855 	nlmsg_free(msg);
5856 	return -ENOBUFS;
5857 }
5858 
5859 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
5860 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
5861 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
5862 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
5863 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
5864 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
5865 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
5866 	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
5867 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
5868 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
5869 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
5870 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
5871 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
5872 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
5873 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
5874 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
5875 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
5876 	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
5877 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
5878 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
5879 	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
5880 	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
5881 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
5882 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
5883 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
5884 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
5885 	[NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
5886 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
5887 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
5888 };
5889 
5890 static const struct nla_policy
5891 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
5892 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
5893 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
5894 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
5895 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
5896 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
5897 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
5898 	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
5899 				    .len = IEEE80211_MAX_DATA_LEN },
5900 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
5901 };
5902 
5903 static int nl80211_check_bool(const struct nlattr *nla, u8 min, u8 max, bool *out)
5904 {
5905 	u8 val = nla_get_u8(nla);
5906 	if (val < min || val > max)
5907 		return -EINVAL;
5908 	*out = val;
5909 	return 0;
5910 }
5911 
5912 static int nl80211_check_u8(const struct nlattr *nla, u8 min, u8 max, u8 *out)
5913 {
5914 	u8 val = nla_get_u8(nla);
5915 	if (val < min || val > max)
5916 		return -EINVAL;
5917 	*out = val;
5918 	return 0;
5919 }
5920 
5921 static int nl80211_check_u16(const struct nlattr *nla, u16 min, u16 max, u16 *out)
5922 {
5923 	u16 val = nla_get_u16(nla);
5924 	if (val < min || val > max)
5925 		return -EINVAL;
5926 	*out = val;
5927 	return 0;
5928 }
5929 
5930 static int nl80211_check_u32(const struct nlattr *nla, u32 min, u32 max, u32 *out)
5931 {
5932 	u32 val = nla_get_u32(nla);
5933 	if (val < min || val > max)
5934 		return -EINVAL;
5935 	*out = val;
5936 	return 0;
5937 }
5938 
5939 static int nl80211_check_s32(const struct nlattr *nla, s32 min, s32 max, s32 *out)
5940 {
5941 	s32 val = nla_get_s32(nla);
5942 	if (val < min || val > max)
5943 		return -EINVAL;
5944 	*out = val;
5945 	return 0;
5946 }
5947 
5948 static int nl80211_check_power_mode(const struct nlattr *nla,
5949 				    enum nl80211_mesh_power_mode min,
5950 				    enum nl80211_mesh_power_mode max,
5951 				    enum nl80211_mesh_power_mode *out)
5952 {
5953 	u32 val = nla_get_u32(nla);
5954 	if (val < min || val > max)
5955 		return -EINVAL;
5956 	*out = val;
5957 	return 0;
5958 }
5959 
5960 static int nl80211_parse_mesh_config(struct genl_info *info,
5961 				     struct mesh_config *cfg,
5962 				     u32 *mask_out)
5963 {
5964 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
5965 	u32 mask = 0;
5966 	u16 ht_opmode;
5967 
5968 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
5969 do {									    \
5970 	if (tb[attr]) {							    \
5971 		if (fn(tb[attr], min, max, &cfg->param))		    \
5972 			return -EINVAL;					    \
5973 		mask |= (1 << (attr - 1));				    \
5974 	}								    \
5975 } while (0)
5976 
5977 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
5978 		return -EINVAL;
5979 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
5980 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
5981 			     nl80211_meshconf_params_policy, info->extack))
5982 		return -EINVAL;
5983 
5984 	/* This makes sure that there aren't more than 32 mesh config
5985 	 * parameters (otherwise our bitfield scheme would not work.) */
5986 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
5987 
5988 	/* Fill in the params struct */
5989 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
5990 				  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
5991 				  nl80211_check_u16);
5992 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
5993 				  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5994 				  nl80211_check_u16);
5995 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
5996 				  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
5997 				  nl80211_check_u16);
5998 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
5999 				  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
6000 				  nl80211_check_u16);
6001 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
6002 				  mask, NL80211_MESHCONF_MAX_RETRIES,
6003 				  nl80211_check_u8);
6004 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
6005 				  mask, NL80211_MESHCONF_TTL, nl80211_check_u8);
6006 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
6007 				  mask, NL80211_MESHCONF_ELEMENT_TTL,
6008 				  nl80211_check_u8);
6009 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
6010 				  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6011 				  nl80211_check_bool);
6012 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
6013 				  1, 255, mask,
6014 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6015 				  nl80211_check_u32);
6016 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
6017 				  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6018 				  nl80211_check_u8);
6019 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
6020 				  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
6021 				  nl80211_check_u32);
6022 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
6023 				  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6024 				  nl80211_check_u16);
6025 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6026 				  1, 65535, mask,
6027 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6028 				  nl80211_check_u32);
6029 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
6030 				  1, 65535, mask,
6031 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6032 				  nl80211_check_u16);
6033 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
6034 				  1, 65535, mask,
6035 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6036 				  nl80211_check_u16);
6037 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6038 				  dot11MeshHWMPnetDiameterTraversalTime,
6039 				  1, 65535, mask,
6040 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6041 				  nl80211_check_u16);
6042 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
6043 				  mask, NL80211_MESHCONF_HWMP_ROOTMODE,
6044 				  nl80211_check_u8);
6045 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
6046 				  mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6047 				  nl80211_check_u16);
6048 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6049 				  dot11MeshGateAnnouncementProtocol, 0, 1,
6050 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6051 				  nl80211_check_bool);
6052 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
6053 				  mask, NL80211_MESHCONF_FORWARDING,
6054 				  nl80211_check_bool);
6055 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
6056 				  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
6057 				  nl80211_check_s32);
6058 	/*
6059 	 * Check HT operation mode based on
6060 	 * IEEE 802.11 2012 8.4.2.59 HT Operation element.
6061 	 */
6062 	if (tb[NL80211_MESHCONF_HT_OPMODE]) {
6063 		ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
6064 
6065 		if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
6066 				  IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
6067 				  IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6068 			return -EINVAL;
6069 
6070 		if ((ht_opmode & IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT) &&
6071 		    (ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6072 			return -EINVAL;
6073 
6074 		switch (ht_opmode & IEEE80211_HT_OP_MODE_PROTECTION) {
6075 		case IEEE80211_HT_OP_MODE_PROTECTION_NONE:
6076 		case IEEE80211_HT_OP_MODE_PROTECTION_20MHZ:
6077 			if (ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT)
6078 				return -EINVAL;
6079 			break;
6080 		case IEEE80211_HT_OP_MODE_PROTECTION_NONMEMBER:
6081 		case IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED:
6082 			if (!(ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6083 				return -EINVAL;
6084 			break;
6085 		}
6086 		cfg->ht_opmode = ht_opmode;
6087 		mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6088 	}
6089 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
6090 				  1, 65535, mask,
6091 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6092 				  nl80211_check_u32);
6093 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
6094 				  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6095 				  nl80211_check_u16);
6096 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6097 				  dot11MeshHWMPconfirmationInterval,
6098 				  1, 65535, mask,
6099 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6100 				  nl80211_check_u16);
6101 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
6102 				  NL80211_MESH_POWER_ACTIVE,
6103 				  NL80211_MESH_POWER_MAX,
6104 				  mask, NL80211_MESHCONF_POWER_MODE,
6105 				  nl80211_check_power_mode);
6106 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
6107 				  0, 65535, mask,
6108 				  NL80211_MESHCONF_AWAKE_WINDOW, nl80211_check_u16);
6109 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
6110 				  mask, NL80211_MESHCONF_PLINK_TIMEOUT,
6111 				  nl80211_check_u32);
6112 	if (mask_out)
6113 		*mask_out = mask;
6114 
6115 	return 0;
6116 
6117 #undef FILL_IN_MESH_PARAM_IF_SET
6118 }
6119 
6120 static int nl80211_parse_mesh_setup(struct genl_info *info,
6121 				     struct mesh_setup *setup)
6122 {
6123 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6124 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6125 
6126 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6127 		return -EINVAL;
6128 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
6129 			     info->attrs[NL80211_ATTR_MESH_SETUP],
6130 			     nl80211_mesh_setup_params_policy, info->extack))
6131 		return -EINVAL;
6132 
6133 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6134 		setup->sync_method =
6135 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6136 		 IEEE80211_SYNC_METHOD_VENDOR :
6137 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6138 
6139 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6140 		setup->path_sel_proto =
6141 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6142 		 IEEE80211_PATH_PROTOCOL_VENDOR :
6143 		 IEEE80211_PATH_PROTOCOL_HWMP;
6144 
6145 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6146 		setup->path_metric =
6147 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6148 		 IEEE80211_PATH_METRIC_VENDOR :
6149 		 IEEE80211_PATH_METRIC_AIRTIME;
6150 
6151 	if (tb[NL80211_MESH_SETUP_IE]) {
6152 		struct nlattr *ieattr =
6153 			tb[NL80211_MESH_SETUP_IE];
6154 		if (!is_valid_ie_attr(ieattr))
6155 			return -EINVAL;
6156 		setup->ie = nla_data(ieattr);
6157 		setup->ie_len = nla_len(ieattr);
6158 	}
6159 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6160 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6161 		return -EINVAL;
6162 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6163 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6164 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6165 	if (setup->is_secure)
6166 		setup->user_mpm = true;
6167 
6168 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6169 		if (!setup->user_mpm)
6170 			return -EINVAL;
6171 		setup->auth_id =
6172 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6173 	}
6174 
6175 	return 0;
6176 }
6177 
6178 static int nl80211_update_mesh_config(struct sk_buff *skb,
6179 				      struct genl_info *info)
6180 {
6181 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6182 	struct net_device *dev = info->user_ptr[1];
6183 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6184 	struct mesh_config cfg;
6185 	u32 mask;
6186 	int err;
6187 
6188 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6189 		return -EOPNOTSUPP;
6190 
6191 	if (!rdev->ops->update_mesh_config)
6192 		return -EOPNOTSUPP;
6193 
6194 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
6195 	if (err)
6196 		return err;
6197 
6198 	wdev_lock(wdev);
6199 	if (!wdev->mesh_id_len)
6200 		err = -ENOLINK;
6201 
6202 	if (!err)
6203 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6204 
6205 	wdev_unlock(wdev);
6206 
6207 	return err;
6208 }
6209 
6210 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6211 			      struct sk_buff *msg)
6212 {
6213 	struct nlattr *nl_reg_rules;
6214 	unsigned int i;
6215 
6216 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6217 	    (regdom->dfs_region &&
6218 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6219 		goto nla_put_failure;
6220 
6221 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
6222 	if (!nl_reg_rules)
6223 		goto nla_put_failure;
6224 
6225 	for (i = 0; i < regdom->n_reg_rules; i++) {
6226 		struct nlattr *nl_reg_rule;
6227 		const struct ieee80211_reg_rule *reg_rule;
6228 		const struct ieee80211_freq_range *freq_range;
6229 		const struct ieee80211_power_rule *power_rule;
6230 		unsigned int max_bandwidth_khz;
6231 
6232 		reg_rule = &regdom->reg_rules[i];
6233 		freq_range = &reg_rule->freq_range;
6234 		power_rule = &reg_rule->power_rule;
6235 
6236 		nl_reg_rule = nla_nest_start(msg, i);
6237 		if (!nl_reg_rule)
6238 			goto nla_put_failure;
6239 
6240 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
6241 		if (!max_bandwidth_khz)
6242 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6243 								  reg_rule);
6244 
6245 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6246 				reg_rule->flags) ||
6247 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6248 				freq_range->start_freq_khz) ||
6249 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6250 				freq_range->end_freq_khz) ||
6251 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6252 				max_bandwidth_khz) ||
6253 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6254 				power_rule->max_antenna_gain) ||
6255 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6256 				power_rule->max_eirp) ||
6257 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6258 				reg_rule->dfs_cac_ms))
6259 			goto nla_put_failure;
6260 
6261 		nla_nest_end(msg, nl_reg_rule);
6262 	}
6263 
6264 	nla_nest_end(msg, nl_reg_rules);
6265 	return 0;
6266 
6267 nla_put_failure:
6268 	return -EMSGSIZE;
6269 }
6270 
6271 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
6272 {
6273 	const struct ieee80211_regdomain *regdom = NULL;
6274 	struct cfg80211_registered_device *rdev;
6275 	struct wiphy *wiphy = NULL;
6276 	struct sk_buff *msg;
6277 	void *hdr;
6278 
6279 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6280 	if (!msg)
6281 		return -ENOBUFS;
6282 
6283 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6284 			     NL80211_CMD_GET_REG);
6285 	if (!hdr)
6286 		goto put_failure;
6287 
6288 	if (info->attrs[NL80211_ATTR_WIPHY]) {
6289 		bool self_managed;
6290 
6291 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
6292 		if (IS_ERR(rdev)) {
6293 			nlmsg_free(msg);
6294 			return PTR_ERR(rdev);
6295 		}
6296 
6297 		wiphy = &rdev->wiphy;
6298 		self_managed = wiphy->regulatory_flags &
6299 			       REGULATORY_WIPHY_SELF_MANAGED;
6300 		regdom = get_wiphy_regdom(wiphy);
6301 
6302 		/* a self-managed-reg device must have a private regdom */
6303 		if (WARN_ON(!regdom && self_managed)) {
6304 			nlmsg_free(msg);
6305 			return -EINVAL;
6306 		}
6307 
6308 		if (regdom &&
6309 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6310 			goto nla_put_failure;
6311 	}
6312 
6313 	if (!wiphy && reg_last_request_cell_base() &&
6314 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6315 			NL80211_USER_REG_HINT_CELL_BASE))
6316 		goto nla_put_failure;
6317 
6318 	rcu_read_lock();
6319 
6320 	if (!regdom)
6321 		regdom = rcu_dereference(cfg80211_regdomain);
6322 
6323 	if (nl80211_put_regdom(regdom, msg))
6324 		goto nla_put_failure_rcu;
6325 
6326 	rcu_read_unlock();
6327 
6328 	genlmsg_end(msg, hdr);
6329 	return genlmsg_reply(msg, info);
6330 
6331 nla_put_failure_rcu:
6332 	rcu_read_unlock();
6333 nla_put_failure:
6334 put_failure:
6335 	nlmsg_free(msg);
6336 	return -EMSGSIZE;
6337 }
6338 
6339 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
6340 			       u32 seq, int flags, struct wiphy *wiphy,
6341 			       const struct ieee80211_regdomain *regdom)
6342 {
6343 	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6344 				   NL80211_CMD_GET_REG);
6345 
6346 	if (!hdr)
6347 		return -1;
6348 
6349 	genl_dump_check_consistent(cb, hdr);
6350 
6351 	if (nl80211_put_regdom(regdom, msg))
6352 		goto nla_put_failure;
6353 
6354 	if (!wiphy && reg_last_request_cell_base() &&
6355 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6356 			NL80211_USER_REG_HINT_CELL_BASE))
6357 		goto nla_put_failure;
6358 
6359 	if (wiphy &&
6360 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6361 		goto nla_put_failure;
6362 
6363 	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
6364 	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
6365 		goto nla_put_failure;
6366 
6367 	genlmsg_end(msg, hdr);
6368 	return 0;
6369 
6370 nla_put_failure:
6371 	genlmsg_cancel(msg, hdr);
6372 	return -EMSGSIZE;
6373 }
6374 
6375 static int nl80211_get_reg_dump(struct sk_buff *skb,
6376 				struct netlink_callback *cb)
6377 {
6378 	const struct ieee80211_regdomain *regdom = NULL;
6379 	struct cfg80211_registered_device *rdev;
6380 	int err, reg_idx, start = cb->args[2];
6381 
6382 	rtnl_lock();
6383 
6384 	if (cfg80211_regdomain && start == 0) {
6385 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6386 					  NLM_F_MULTI, NULL,
6387 					  rtnl_dereference(cfg80211_regdomain));
6388 		if (err < 0)
6389 			goto out_err;
6390 	}
6391 
6392 	/* the global regdom is idx 0 */
6393 	reg_idx = 1;
6394 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
6395 		regdom = get_wiphy_regdom(&rdev->wiphy);
6396 		if (!regdom)
6397 			continue;
6398 
6399 		if (++reg_idx <= start)
6400 			continue;
6401 
6402 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6403 					  NLM_F_MULTI, &rdev->wiphy, regdom);
6404 		if (err < 0) {
6405 			reg_idx--;
6406 			break;
6407 		}
6408 	}
6409 
6410 	cb->args[2] = reg_idx;
6411 	err = skb->len;
6412 out_err:
6413 	rtnl_unlock();
6414 	return err;
6415 }
6416 
6417 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
6418 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
6419 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
6420 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
6421 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
6422 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
6423 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
6424 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
6425 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
6426 };
6427 
6428 static int parse_reg_rule(struct nlattr *tb[],
6429 	struct ieee80211_reg_rule *reg_rule)
6430 {
6431 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
6432 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
6433 
6434 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
6435 		return -EINVAL;
6436 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
6437 		return -EINVAL;
6438 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
6439 		return -EINVAL;
6440 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
6441 		return -EINVAL;
6442 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
6443 		return -EINVAL;
6444 
6445 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
6446 
6447 	freq_range->start_freq_khz =
6448 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
6449 	freq_range->end_freq_khz =
6450 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
6451 	freq_range->max_bandwidth_khz =
6452 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
6453 
6454 	power_rule->max_eirp =
6455 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
6456 
6457 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
6458 		power_rule->max_antenna_gain =
6459 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
6460 
6461 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
6462 		reg_rule->dfs_cac_ms =
6463 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
6464 
6465 	return 0;
6466 }
6467 
6468 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
6469 {
6470 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
6471 	struct nlattr *nl_reg_rule;
6472 	char *alpha2;
6473 	int rem_reg_rules, r;
6474 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
6475 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
6476 	struct ieee80211_regdomain *rd;
6477 
6478 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6479 		return -EINVAL;
6480 
6481 	if (!info->attrs[NL80211_ATTR_REG_RULES])
6482 		return -EINVAL;
6483 
6484 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6485 
6486 	if (info->attrs[NL80211_ATTR_DFS_REGION])
6487 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
6488 
6489 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6490 			    rem_reg_rules) {
6491 		num_rules++;
6492 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
6493 			return -EINVAL;
6494 	}
6495 
6496 	if (!reg_is_valid_request(alpha2))
6497 		return -EINVAL;
6498 
6499 	size_of_regd = sizeof(struct ieee80211_regdomain) +
6500 		       num_rules * sizeof(struct ieee80211_reg_rule);
6501 
6502 	rd = kzalloc(size_of_regd, GFP_KERNEL);
6503 	if (!rd)
6504 		return -ENOMEM;
6505 
6506 	rd->n_reg_rules = num_rules;
6507 	rd->alpha2[0] = alpha2[0];
6508 	rd->alpha2[1] = alpha2[1];
6509 
6510 	/*
6511 	 * Disable DFS master mode if the DFS region was
6512 	 * not supported or known on this kernel.
6513 	 */
6514 	if (reg_supported_dfs_region(dfs_region))
6515 		rd->dfs_region = dfs_region;
6516 
6517 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6518 			    rem_reg_rules) {
6519 		r = nla_parse_nested(tb, NL80211_REG_RULE_ATTR_MAX,
6520 				     nl_reg_rule, reg_rule_policy,
6521 				     info->extack);
6522 		if (r)
6523 			goto bad_reg;
6524 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
6525 		if (r)
6526 			goto bad_reg;
6527 
6528 		rule_idx++;
6529 
6530 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
6531 			r = -EINVAL;
6532 			goto bad_reg;
6533 		}
6534 	}
6535 
6536 	/* set_regdom takes ownership of rd */
6537 	return set_regdom(rd, REGD_SOURCE_CRDA);
6538  bad_reg:
6539 	kfree(rd);
6540 	return r;
6541 }
6542 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
6543 
6544 static int validate_scan_freqs(struct nlattr *freqs)
6545 {
6546 	struct nlattr *attr1, *attr2;
6547 	int n_channels = 0, tmp1, tmp2;
6548 
6549 	nla_for_each_nested(attr1, freqs, tmp1)
6550 		if (nla_len(attr1) != sizeof(u32))
6551 			return 0;
6552 
6553 	nla_for_each_nested(attr1, freqs, tmp1) {
6554 		n_channels++;
6555 		/*
6556 		 * Some hardware has a limited channel list for
6557 		 * scanning, and it is pretty much nonsensical
6558 		 * to scan for a channel twice, so disallow that
6559 		 * and don't require drivers to check that the
6560 		 * channel list they get isn't longer than what
6561 		 * they can scan, as long as they can scan all
6562 		 * the channels they registered at once.
6563 		 */
6564 		nla_for_each_nested(attr2, freqs, tmp2)
6565 			if (attr1 != attr2 &&
6566 			    nla_get_u32(attr1) == nla_get_u32(attr2))
6567 				return 0;
6568 	}
6569 
6570 	return n_channels;
6571 }
6572 
6573 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
6574 {
6575 	return b < NUM_NL80211_BANDS && wiphy->bands[b];
6576 }
6577 
6578 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
6579 			    struct cfg80211_bss_selection *bss_select)
6580 {
6581 	struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
6582 	struct nlattr *nest;
6583 	int err;
6584 	bool found = false;
6585 	int i;
6586 
6587 	/* only process one nested attribute */
6588 	nest = nla_data(nla);
6589 	if (!nla_ok(nest, nla_len(nest)))
6590 		return -EINVAL;
6591 
6592 	err = nla_parse_nested(attr, NL80211_BSS_SELECT_ATTR_MAX, nest,
6593 			       nl80211_bss_select_policy, NULL);
6594 	if (err)
6595 		return err;
6596 
6597 	/* only one attribute may be given */
6598 	for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
6599 		if (attr[i]) {
6600 			if (found)
6601 				return -EINVAL;
6602 			found = true;
6603 		}
6604 	}
6605 
6606 	bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
6607 
6608 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
6609 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
6610 
6611 	if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
6612 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
6613 		bss_select->param.band_pref =
6614 			nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
6615 		if (!is_band_valid(wiphy, bss_select->param.band_pref))
6616 			return -EINVAL;
6617 	}
6618 
6619 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
6620 		struct nl80211_bss_select_rssi_adjust *adj_param;
6621 
6622 		adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
6623 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
6624 		bss_select->param.adjust.band = adj_param->band;
6625 		bss_select->param.adjust.delta = adj_param->delta;
6626 		if (!is_band_valid(wiphy, bss_select->param.adjust.band))
6627 			return -EINVAL;
6628 	}
6629 
6630 	/* user-space did not provide behaviour attribute */
6631 	if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
6632 		return -EINVAL;
6633 
6634 	if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
6635 		return -EINVAL;
6636 
6637 	return 0;
6638 }
6639 
6640 static int nl80211_parse_random_mac(struct nlattr **attrs,
6641 				    u8 *mac_addr, u8 *mac_addr_mask)
6642 {
6643 	int i;
6644 
6645 	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
6646 		eth_zero_addr(mac_addr);
6647 		eth_zero_addr(mac_addr_mask);
6648 		mac_addr[0] = 0x2;
6649 		mac_addr_mask[0] = 0x3;
6650 
6651 		return 0;
6652 	}
6653 
6654 	/* need both or none */
6655 	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
6656 		return -EINVAL;
6657 
6658 	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
6659 	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
6660 
6661 	/* don't allow or configure an mcast address */
6662 	if (!is_multicast_ether_addr(mac_addr_mask) ||
6663 	    is_multicast_ether_addr(mac_addr))
6664 		return -EINVAL;
6665 
6666 	/*
6667 	 * allow users to pass a MAC address that has bits set outside
6668 	 * of the mask, but don't bother drivers with having to deal
6669 	 * with such bits
6670 	 */
6671 	for (i = 0; i < ETH_ALEN; i++)
6672 		mac_addr[i] &= mac_addr_mask[i];
6673 
6674 	return 0;
6675 }
6676 
6677 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
6678 {
6679 	ASSERT_WDEV_LOCK(wdev);
6680 
6681 	if (!cfg80211_beaconing_iface_active(wdev))
6682 		return true;
6683 
6684 	if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
6685 		return true;
6686 
6687 	return regulatory_pre_cac_allowed(wdev->wiphy);
6688 }
6689 
6690 static int
6691 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
6692 			 void *request, struct nlattr **attrs,
6693 			 bool is_sched_scan)
6694 {
6695 	u8 *mac_addr, *mac_addr_mask;
6696 	u32 *flags;
6697 	enum nl80211_feature_flags randomness_flag;
6698 
6699 	if (!attrs[NL80211_ATTR_SCAN_FLAGS])
6700 		return 0;
6701 
6702 	if (is_sched_scan) {
6703 		struct cfg80211_sched_scan_request *req = request;
6704 
6705 		randomness_flag = wdev ?
6706 				  NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
6707 				  NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
6708 		flags = &req->flags;
6709 		mac_addr = req->mac_addr;
6710 		mac_addr_mask = req->mac_addr_mask;
6711 	} else {
6712 		struct cfg80211_scan_request *req = request;
6713 
6714 		randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
6715 		flags = &req->flags;
6716 		mac_addr = req->mac_addr;
6717 		mac_addr_mask = req->mac_addr_mask;
6718 	}
6719 
6720 	*flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
6721 
6722 	if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
6723 	     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
6724 	    ((*flags & NL80211_SCAN_FLAG_LOW_SPAN) &&
6725 	     !wiphy_ext_feature_isset(wiphy,
6726 				      NL80211_EXT_FEATURE_LOW_SPAN_SCAN)) ||
6727 	    ((*flags & NL80211_SCAN_FLAG_LOW_POWER) &&
6728 	     !wiphy_ext_feature_isset(wiphy,
6729 				      NL80211_EXT_FEATURE_LOW_POWER_SCAN)) ||
6730 	    ((*flags & NL80211_SCAN_FLAG_HIGH_ACCURACY) &&
6731 	     !wiphy_ext_feature_isset(wiphy,
6732 				      NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN)))
6733 		return -EOPNOTSUPP;
6734 
6735 	if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6736 		int err;
6737 
6738 		if (!(wiphy->features & randomness_flag) ||
6739 		    (wdev && wdev->current_bss))
6740 			return -EOPNOTSUPP;
6741 
6742 		err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
6743 		if (err)
6744 			return err;
6745 	}
6746 
6747 	if ((*flags & NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME) &&
6748 	    !wiphy_ext_feature_isset(wiphy,
6749 				     NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME))
6750 		return -EOPNOTSUPP;
6751 
6752 	if ((*flags & NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP) &&
6753 	   !wiphy_ext_feature_isset(wiphy,
6754 				    NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP))
6755 		return -EOPNOTSUPP;
6756 
6757 	if ((*flags & NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) &&
6758 	    !wiphy_ext_feature_isset(wiphy,
6759 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION))
6760 		return -EOPNOTSUPP;
6761 
6762 	if ((*flags & NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE) &&
6763 	    !wiphy_ext_feature_isset(wiphy,
6764 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE))
6765 		return -EOPNOTSUPP;
6766 
6767 	return 0;
6768 }
6769 
6770 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
6771 {
6772 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6773 	struct wireless_dev *wdev = info->user_ptr[1];
6774 	struct cfg80211_scan_request *request;
6775 	struct nlattr *attr;
6776 	struct wiphy *wiphy;
6777 	int err, tmp, n_ssids = 0, n_channels, i;
6778 	size_t ie_len;
6779 
6780 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6781 		return -EINVAL;
6782 
6783 	wiphy = &rdev->wiphy;
6784 
6785 	if (wdev->iftype == NL80211_IFTYPE_NAN)
6786 		return -EOPNOTSUPP;
6787 
6788 	if (!rdev->ops->scan)
6789 		return -EOPNOTSUPP;
6790 
6791 	if (rdev->scan_req || rdev->scan_msg) {
6792 		err = -EBUSY;
6793 		goto unlock;
6794 	}
6795 
6796 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6797 		n_channels = validate_scan_freqs(
6798 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
6799 		if (!n_channels) {
6800 			err = -EINVAL;
6801 			goto unlock;
6802 		}
6803 	} else {
6804 		n_channels = ieee80211_get_num_supported_channels(wiphy);
6805 	}
6806 
6807 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
6808 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
6809 			n_ssids++;
6810 
6811 	if (n_ssids > wiphy->max_scan_ssids) {
6812 		err = -EINVAL;
6813 		goto unlock;
6814 	}
6815 
6816 	if (info->attrs[NL80211_ATTR_IE])
6817 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6818 	else
6819 		ie_len = 0;
6820 
6821 	if (ie_len > wiphy->max_scan_ie_len) {
6822 		err = -EINVAL;
6823 		goto unlock;
6824 	}
6825 
6826 	request = kzalloc(sizeof(*request)
6827 			+ sizeof(*request->ssids) * n_ssids
6828 			+ sizeof(*request->channels) * n_channels
6829 			+ ie_len, GFP_KERNEL);
6830 	if (!request) {
6831 		err = -ENOMEM;
6832 		goto unlock;
6833 	}
6834 
6835 	if (n_ssids)
6836 		request->ssids = (void *)&request->channels[n_channels];
6837 	request->n_ssids = n_ssids;
6838 	if (ie_len) {
6839 		if (n_ssids)
6840 			request->ie = (void *)(request->ssids + n_ssids);
6841 		else
6842 			request->ie = (void *)(request->channels + n_channels);
6843 	}
6844 
6845 	i = 0;
6846 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6847 		/* user specified, bail out if channel not found */
6848 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
6849 			struct ieee80211_channel *chan;
6850 
6851 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
6852 
6853 			if (!chan) {
6854 				err = -EINVAL;
6855 				goto out_free;
6856 			}
6857 
6858 			/* ignore disabled channels */
6859 			if (chan->flags & IEEE80211_CHAN_DISABLED)
6860 				continue;
6861 
6862 			request->channels[i] = chan;
6863 			i++;
6864 		}
6865 	} else {
6866 		enum nl80211_band band;
6867 
6868 		/* all channels */
6869 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
6870 			int j;
6871 
6872 			if (!wiphy->bands[band])
6873 				continue;
6874 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
6875 				struct ieee80211_channel *chan;
6876 
6877 				chan = &wiphy->bands[band]->channels[j];
6878 
6879 				if (chan->flags & IEEE80211_CHAN_DISABLED)
6880 					continue;
6881 
6882 				request->channels[i] = chan;
6883 				i++;
6884 			}
6885 		}
6886 	}
6887 
6888 	if (!i) {
6889 		err = -EINVAL;
6890 		goto out_free;
6891 	}
6892 
6893 	request->n_channels = i;
6894 
6895 	wdev_lock(wdev);
6896 	if (!cfg80211_off_channel_oper_allowed(wdev)) {
6897 		struct ieee80211_channel *chan;
6898 
6899 		if (request->n_channels != 1) {
6900 			wdev_unlock(wdev);
6901 			err = -EBUSY;
6902 			goto out_free;
6903 		}
6904 
6905 		chan = request->channels[0];
6906 		if (chan->center_freq != wdev->chandef.chan->center_freq) {
6907 			wdev_unlock(wdev);
6908 			err = -EBUSY;
6909 			goto out_free;
6910 		}
6911 	}
6912 	wdev_unlock(wdev);
6913 
6914 	i = 0;
6915 	if (n_ssids) {
6916 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
6917 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
6918 				err = -EINVAL;
6919 				goto out_free;
6920 			}
6921 			request->ssids[i].ssid_len = nla_len(attr);
6922 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
6923 			i++;
6924 		}
6925 	}
6926 
6927 	if (info->attrs[NL80211_ATTR_IE]) {
6928 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6929 		memcpy((void *)request->ie,
6930 		       nla_data(info->attrs[NL80211_ATTR_IE]),
6931 		       request->ie_len);
6932 	}
6933 
6934 	for (i = 0; i < NUM_NL80211_BANDS; i++)
6935 		if (wiphy->bands[i])
6936 			request->rates[i] =
6937 				(1 << wiphy->bands[i]->n_bitrates) - 1;
6938 
6939 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
6940 		nla_for_each_nested(attr,
6941 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
6942 				    tmp) {
6943 			enum nl80211_band band = nla_type(attr);
6944 
6945 			if (band < 0 || band >= NUM_NL80211_BANDS) {
6946 				err = -EINVAL;
6947 				goto out_free;
6948 			}
6949 
6950 			if (!wiphy->bands[band])
6951 				continue;
6952 
6953 			err = ieee80211_get_ratemask(wiphy->bands[band],
6954 						     nla_data(attr),
6955 						     nla_len(attr),
6956 						     &request->rates[band]);
6957 			if (err)
6958 				goto out_free;
6959 		}
6960 	}
6961 
6962 	if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
6963 		if (!wiphy_ext_feature_isset(wiphy,
6964 					NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
6965 			err = -EOPNOTSUPP;
6966 			goto out_free;
6967 		}
6968 
6969 		request->duration =
6970 			nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
6971 		request->duration_mandatory =
6972 			nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
6973 	}
6974 
6975 	err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
6976 				       false);
6977 	if (err)
6978 		goto out_free;
6979 
6980 	request->no_cck =
6981 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
6982 
6983 	/* Initial implementation used NL80211_ATTR_MAC to set the specific
6984 	 * BSSID to scan for. This was problematic because that same attribute
6985 	 * was already used for another purpose (local random MAC address). The
6986 	 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
6987 	 * compatibility with older userspace components, also use the
6988 	 * NL80211_ATTR_MAC value here if it can be determined to be used for
6989 	 * the specific BSSID use case instead of the random MAC address
6990 	 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
6991 	 */
6992 	if (info->attrs[NL80211_ATTR_BSSID])
6993 		memcpy(request->bssid,
6994 		       nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
6995 	else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
6996 		 info->attrs[NL80211_ATTR_MAC])
6997 		memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
6998 		       ETH_ALEN);
6999 	else
7000 		eth_broadcast_addr(request->bssid);
7001 
7002 	request->wdev = wdev;
7003 	request->wiphy = &rdev->wiphy;
7004 	request->scan_start = jiffies;
7005 
7006 	rdev->scan_req = request;
7007 	err = rdev_scan(rdev, request);
7008 
7009 	if (!err) {
7010 		nl80211_send_scan_start(rdev, wdev);
7011 		if (wdev->netdev)
7012 			dev_hold(wdev->netdev);
7013 	} else {
7014  out_free:
7015 		rdev->scan_req = NULL;
7016 		kfree(request);
7017 	}
7018 
7019  unlock:
7020 	return err;
7021 }
7022 
7023 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
7024 {
7025 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7026 	struct wireless_dev *wdev = info->user_ptr[1];
7027 
7028 	if (!rdev->ops->abort_scan)
7029 		return -EOPNOTSUPP;
7030 
7031 	if (rdev->scan_msg)
7032 		return 0;
7033 
7034 	if (!rdev->scan_req)
7035 		return -ENOENT;
7036 
7037 	rdev_abort_scan(rdev, wdev);
7038 	return 0;
7039 }
7040 
7041 static int
7042 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
7043 			       struct cfg80211_sched_scan_request *request,
7044 			       struct nlattr **attrs)
7045 {
7046 	int tmp, err, i = 0;
7047 	struct nlattr *attr;
7048 
7049 	if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7050 		u32 interval;
7051 
7052 		/*
7053 		 * If scan plans are not specified,
7054 		 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
7055 		 * case one scan plan will be set with the specified scan
7056 		 * interval and infinite number of iterations.
7057 		 */
7058 		interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
7059 		if (!interval)
7060 			return -EINVAL;
7061 
7062 		request->scan_plans[0].interval =
7063 			DIV_ROUND_UP(interval, MSEC_PER_SEC);
7064 		if (!request->scan_plans[0].interval)
7065 			return -EINVAL;
7066 
7067 		if (request->scan_plans[0].interval >
7068 		    wiphy->max_sched_scan_plan_interval)
7069 			request->scan_plans[0].interval =
7070 				wiphy->max_sched_scan_plan_interval;
7071 
7072 		return 0;
7073 	}
7074 
7075 	nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
7076 		struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
7077 
7078 		if (WARN_ON(i >= n_plans))
7079 			return -EINVAL;
7080 
7081 		err = nla_parse_nested(plan, NL80211_SCHED_SCAN_PLAN_MAX,
7082 				       attr, nl80211_plan_policy, NULL);
7083 		if (err)
7084 			return err;
7085 
7086 		if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
7087 			return -EINVAL;
7088 
7089 		request->scan_plans[i].interval =
7090 			nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
7091 		if (!request->scan_plans[i].interval ||
7092 		    request->scan_plans[i].interval >
7093 		    wiphy->max_sched_scan_plan_interval)
7094 			return -EINVAL;
7095 
7096 		if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
7097 			request->scan_plans[i].iterations =
7098 				nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
7099 			if (!request->scan_plans[i].iterations ||
7100 			    (request->scan_plans[i].iterations >
7101 			     wiphy->max_sched_scan_plan_iterations))
7102 				return -EINVAL;
7103 		} else if (i < n_plans - 1) {
7104 			/*
7105 			 * All scan plans but the last one must specify
7106 			 * a finite number of iterations
7107 			 */
7108 			return -EINVAL;
7109 		}
7110 
7111 		i++;
7112 	}
7113 
7114 	/*
7115 	 * The last scan plan must not specify the number of
7116 	 * iterations, it is supposed to run infinitely
7117 	 */
7118 	if (request->scan_plans[n_plans - 1].iterations)
7119 		return  -EINVAL;
7120 
7121 	return 0;
7122 }
7123 
7124 static struct cfg80211_sched_scan_request *
7125 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
7126 			 struct nlattr **attrs, int max_match_sets)
7127 {
7128 	struct cfg80211_sched_scan_request *request;
7129 	struct nlattr *attr;
7130 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7131 	enum nl80211_band band;
7132 	size_t ie_len;
7133 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7134 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7135 
7136 	if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
7137 		return ERR_PTR(-EINVAL);
7138 
7139 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7140 		n_channels = validate_scan_freqs(
7141 				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7142 		if (!n_channels)
7143 			return ERR_PTR(-EINVAL);
7144 	} else {
7145 		n_channels = ieee80211_get_num_supported_channels(wiphy);
7146 	}
7147 
7148 	if (attrs[NL80211_ATTR_SCAN_SSIDS])
7149 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7150 				    tmp)
7151 			n_ssids++;
7152 
7153 	if (n_ssids > wiphy->max_sched_scan_ssids)
7154 		return ERR_PTR(-EINVAL);
7155 
7156 	/*
7157 	 * First, count the number of 'real' matchsets. Due to an issue with
7158 	 * the old implementation, matchsets containing only the RSSI attribute
7159 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
7160 	 * RSSI for all matchsets, rather than their own matchset for reporting
7161 	 * all APs with a strong RSSI. This is needed to be compatible with
7162 	 * older userspace that treated a matchset with only the RSSI as the
7163 	 * global RSSI for all other matchsets - if there are other matchsets.
7164 	 */
7165 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7166 		nla_for_each_nested(attr,
7167 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7168 				    tmp) {
7169 			struct nlattr *rssi;
7170 
7171 			err = nla_parse_nested(tb,
7172 					       NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7173 					       attr, nl80211_match_policy,
7174 					       NULL);
7175 			if (err)
7176 				return ERR_PTR(err);
7177 
7178 			/* SSID and BSSID are mutually exclusive */
7179 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7180 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7181 				return ERR_PTR(-EINVAL);
7182 
7183 			/* add other standalone attributes here */
7184 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7185 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7186 				n_match_sets++;
7187 				continue;
7188 			}
7189 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7190 			if (rssi)
7191 				default_match_rssi = nla_get_s32(rssi);
7192 		}
7193 	}
7194 
7195 	/* However, if there's no other matchset, add the RSSI one */
7196 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7197 		n_match_sets = 1;
7198 
7199 	if (n_match_sets > max_match_sets)
7200 		return ERR_PTR(-EINVAL);
7201 
7202 	if (attrs[NL80211_ATTR_IE])
7203 		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7204 	else
7205 		ie_len = 0;
7206 
7207 	if (ie_len > wiphy->max_sched_scan_ie_len)
7208 		return ERR_PTR(-EINVAL);
7209 
7210 	if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7211 		/*
7212 		 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
7213 		 * each scan plan already specifies its own interval
7214 		 */
7215 		if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7216 			return ERR_PTR(-EINVAL);
7217 
7218 		nla_for_each_nested(attr,
7219 				    attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7220 			n_plans++;
7221 	} else {
7222 		/*
7223 		 * The scan interval attribute is kept for backward
7224 		 * compatibility. If no scan plans are specified and sched scan
7225 		 * interval is specified, one scan plan will be set with this
7226 		 * scan interval and infinite number of iterations.
7227 		 */
7228 		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7229 			return ERR_PTR(-EINVAL);
7230 
7231 		n_plans = 1;
7232 	}
7233 
7234 	if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
7235 		return ERR_PTR(-EINVAL);
7236 
7237 	if (!wiphy_ext_feature_isset(
7238 		    wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
7239 	    (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
7240 	     attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
7241 		return ERR_PTR(-EINVAL);
7242 
7243 	request = kzalloc(sizeof(*request)
7244 			+ sizeof(*request->ssids) * n_ssids
7245 			+ sizeof(*request->match_sets) * n_match_sets
7246 			+ sizeof(*request->scan_plans) * n_plans
7247 			+ sizeof(*request->channels) * n_channels
7248 			+ ie_len, GFP_KERNEL);
7249 	if (!request)
7250 		return ERR_PTR(-ENOMEM);
7251 
7252 	if (n_ssids)
7253 		request->ssids = (void *)&request->channels[n_channels];
7254 	request->n_ssids = n_ssids;
7255 	if (ie_len) {
7256 		if (n_ssids)
7257 			request->ie = (void *)(request->ssids + n_ssids);
7258 		else
7259 			request->ie = (void *)(request->channels + n_channels);
7260 	}
7261 
7262 	if (n_match_sets) {
7263 		if (request->ie)
7264 			request->match_sets = (void *)(request->ie + ie_len);
7265 		else if (n_ssids)
7266 			request->match_sets =
7267 				(void *)(request->ssids + n_ssids);
7268 		else
7269 			request->match_sets =
7270 				(void *)(request->channels + n_channels);
7271 	}
7272 	request->n_match_sets = n_match_sets;
7273 
7274 	if (n_match_sets)
7275 		request->scan_plans = (void *)(request->match_sets +
7276 					       n_match_sets);
7277 	else if (request->ie)
7278 		request->scan_plans = (void *)(request->ie + ie_len);
7279 	else if (n_ssids)
7280 		request->scan_plans = (void *)(request->ssids + n_ssids);
7281 	else
7282 		request->scan_plans = (void *)(request->channels + n_channels);
7283 
7284 	request->n_scan_plans = n_plans;
7285 
7286 	i = 0;
7287 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7288 		/* user specified, bail out if channel not found */
7289 		nla_for_each_nested(attr,
7290 				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
7291 				    tmp) {
7292 			struct ieee80211_channel *chan;
7293 
7294 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7295 
7296 			if (!chan) {
7297 				err = -EINVAL;
7298 				goto out_free;
7299 			}
7300 
7301 			/* ignore disabled channels */
7302 			if (chan->flags & IEEE80211_CHAN_DISABLED)
7303 				continue;
7304 
7305 			request->channels[i] = chan;
7306 			i++;
7307 		}
7308 	} else {
7309 		/* all channels */
7310 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
7311 			int j;
7312 
7313 			if (!wiphy->bands[band])
7314 				continue;
7315 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7316 				struct ieee80211_channel *chan;
7317 
7318 				chan = &wiphy->bands[band]->channels[j];
7319 
7320 				if (chan->flags & IEEE80211_CHAN_DISABLED)
7321 					continue;
7322 
7323 				request->channels[i] = chan;
7324 				i++;
7325 			}
7326 		}
7327 	}
7328 
7329 	if (!i) {
7330 		err = -EINVAL;
7331 		goto out_free;
7332 	}
7333 
7334 	request->n_channels = i;
7335 
7336 	i = 0;
7337 	if (n_ssids) {
7338 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7339 				    tmp) {
7340 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7341 				err = -EINVAL;
7342 				goto out_free;
7343 			}
7344 			request->ssids[i].ssid_len = nla_len(attr);
7345 			memcpy(request->ssids[i].ssid, nla_data(attr),
7346 			       nla_len(attr));
7347 			i++;
7348 		}
7349 	}
7350 
7351 	i = 0;
7352 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7353 		nla_for_each_nested(attr,
7354 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7355 				    tmp) {
7356 			struct nlattr *ssid, *bssid, *rssi;
7357 
7358 			err = nla_parse_nested(tb,
7359 					       NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7360 					       attr, nl80211_match_policy,
7361 					       NULL);
7362 			if (err)
7363 				goto out_free;
7364 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
7365 			bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
7366 			if (ssid || bssid) {
7367 				if (WARN_ON(i >= n_match_sets)) {
7368 					/* this indicates a programming error,
7369 					 * the loop above should have verified
7370 					 * things properly
7371 					 */
7372 					err = -EINVAL;
7373 					goto out_free;
7374 				}
7375 
7376 				if (ssid) {
7377 					if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
7378 						err = -EINVAL;
7379 						goto out_free;
7380 					}
7381 					memcpy(request->match_sets[i].ssid.ssid,
7382 					       nla_data(ssid), nla_len(ssid));
7383 					request->match_sets[i].ssid.ssid_len =
7384 						nla_len(ssid);
7385 				}
7386 				if (bssid) {
7387 					if (nla_len(bssid) != ETH_ALEN) {
7388 						err = -EINVAL;
7389 						goto out_free;
7390 					}
7391 					memcpy(request->match_sets[i].bssid,
7392 					       nla_data(bssid), ETH_ALEN);
7393 				}
7394 
7395 				/* special attribute - old implementation w/a */
7396 				request->match_sets[i].rssi_thold =
7397 					default_match_rssi;
7398 				rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7399 				if (rssi)
7400 					request->match_sets[i].rssi_thold =
7401 						nla_get_s32(rssi);
7402 			}
7403 			i++;
7404 		}
7405 
7406 		/* there was no other matchset, so the RSSI one is alone */
7407 		if (i == 0 && n_match_sets)
7408 			request->match_sets[0].rssi_thold = default_match_rssi;
7409 
7410 		request->min_rssi_thold = INT_MAX;
7411 		for (i = 0; i < n_match_sets; i++)
7412 			request->min_rssi_thold =
7413 				min(request->match_sets[i].rssi_thold,
7414 				    request->min_rssi_thold);
7415 	} else {
7416 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
7417 	}
7418 
7419 	if (ie_len) {
7420 		request->ie_len = ie_len;
7421 		memcpy((void *)request->ie,
7422 		       nla_data(attrs[NL80211_ATTR_IE]),
7423 		       request->ie_len);
7424 	}
7425 
7426 	err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
7427 	if (err)
7428 		goto out_free;
7429 
7430 	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
7431 		request->delay =
7432 			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
7433 
7434 	if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
7435 		request->relative_rssi = nla_get_s8(
7436 			attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
7437 		request->relative_rssi_set = true;
7438 	}
7439 
7440 	if (request->relative_rssi_set &&
7441 	    attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
7442 		struct nl80211_bss_select_rssi_adjust *rssi_adjust;
7443 
7444 		rssi_adjust = nla_data(
7445 			attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
7446 		request->rssi_adjust.band = rssi_adjust->band;
7447 		request->rssi_adjust.delta = rssi_adjust->delta;
7448 		if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
7449 			err = -EINVAL;
7450 			goto out_free;
7451 		}
7452 	}
7453 
7454 	err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
7455 	if (err)
7456 		goto out_free;
7457 
7458 	request->scan_start = jiffies;
7459 
7460 	return request;
7461 
7462 out_free:
7463 	kfree(request);
7464 	return ERR_PTR(err);
7465 }
7466 
7467 static int nl80211_start_sched_scan(struct sk_buff *skb,
7468 				    struct genl_info *info)
7469 {
7470 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7471 	struct net_device *dev = info->user_ptr[1];
7472 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7473 	struct cfg80211_sched_scan_request *sched_scan_req;
7474 	bool want_multi;
7475 	int err;
7476 
7477 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
7478 		return -EOPNOTSUPP;
7479 
7480 	want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
7481 	err = cfg80211_sched_scan_req_possible(rdev, want_multi);
7482 	if (err)
7483 		return err;
7484 
7485 	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
7486 						  info->attrs,
7487 						  rdev->wiphy.max_match_sets);
7488 
7489 	err = PTR_ERR_OR_ZERO(sched_scan_req);
7490 	if (err)
7491 		goto out_err;
7492 
7493 	/* leave request id zero for legacy request
7494 	 * or if driver does not support multi-scheduled scan
7495 	 */
7496 	if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
7497 		while (!sched_scan_req->reqid)
7498 			sched_scan_req->reqid = rdev->wiphy.cookie_counter++;
7499 	}
7500 
7501 	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
7502 	if (err)
7503 		goto out_free;
7504 
7505 	sched_scan_req->dev = dev;
7506 	sched_scan_req->wiphy = &rdev->wiphy;
7507 
7508 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
7509 		sched_scan_req->owner_nlportid = info->snd_portid;
7510 
7511 	cfg80211_add_sched_scan_req(rdev, sched_scan_req);
7512 
7513 	nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
7514 	return 0;
7515 
7516 out_free:
7517 	kfree(sched_scan_req);
7518 out_err:
7519 	return err;
7520 }
7521 
7522 static int nl80211_stop_sched_scan(struct sk_buff *skb,
7523 				   struct genl_info *info)
7524 {
7525 	struct cfg80211_sched_scan_request *req;
7526 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7527 	u64 cookie;
7528 
7529 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
7530 		return -EOPNOTSUPP;
7531 
7532 	if (info->attrs[NL80211_ATTR_COOKIE]) {
7533 		cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7534 		return __cfg80211_stop_sched_scan(rdev, cookie, false);
7535 	}
7536 
7537 	req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
7538 				     struct cfg80211_sched_scan_request,
7539 				     list);
7540 	if (!req || req->reqid ||
7541 	    (req->owner_nlportid &&
7542 	     req->owner_nlportid != info->snd_portid))
7543 		return -ENOENT;
7544 
7545 	return cfg80211_stop_sched_scan_req(rdev, req, false);
7546 }
7547 
7548 static int nl80211_start_radar_detection(struct sk_buff *skb,
7549 					 struct genl_info *info)
7550 {
7551 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7552 	struct net_device *dev = info->user_ptr[1];
7553 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7554 	struct cfg80211_chan_def chandef;
7555 	enum nl80211_dfs_regions dfs_region;
7556 	unsigned int cac_time_ms;
7557 	int err;
7558 
7559 	dfs_region = reg_get_dfs_region(wdev->wiphy);
7560 	if (dfs_region == NL80211_DFS_UNSET)
7561 		return -EINVAL;
7562 
7563 	err = nl80211_parse_chandef(rdev, info, &chandef);
7564 	if (err)
7565 		return err;
7566 
7567 	if (netif_carrier_ok(dev))
7568 		return -EBUSY;
7569 
7570 	if (wdev->cac_started)
7571 		return -EBUSY;
7572 
7573 	err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
7574 					    wdev->iftype);
7575 	if (err < 0)
7576 		return err;
7577 
7578 	if (err == 0)
7579 		return -EINVAL;
7580 
7581 	if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
7582 		return -EINVAL;
7583 
7584 	if (!rdev->ops->start_radar_detection)
7585 		return -EOPNOTSUPP;
7586 
7587 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
7588 	if (WARN_ON(!cac_time_ms))
7589 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
7590 
7591 	err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
7592 	if (!err) {
7593 		wdev->chandef = chandef;
7594 		wdev->cac_started = true;
7595 		wdev->cac_start_time = jiffies;
7596 		wdev->cac_time_ms = cac_time_ms;
7597 	}
7598 	return err;
7599 }
7600 
7601 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
7602 {
7603 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7604 	struct net_device *dev = info->user_ptr[1];
7605 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7606 	struct cfg80211_csa_settings params;
7607 	/* csa_attrs is defined static to avoid waste of stack size - this
7608 	 * function is called under RTNL lock, so this should not be a problem.
7609 	 */
7610 	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
7611 	int err;
7612 	bool need_new_beacon = false;
7613 	bool need_handle_dfs_flag = true;
7614 	int len, i;
7615 	u32 cs_count;
7616 
7617 	if (!rdev->ops->channel_switch ||
7618 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
7619 		return -EOPNOTSUPP;
7620 
7621 	switch (dev->ieee80211_ptr->iftype) {
7622 	case NL80211_IFTYPE_AP:
7623 	case NL80211_IFTYPE_P2P_GO:
7624 		need_new_beacon = true;
7625 		/* For all modes except AP the handle_dfs flag needs to be
7626 		 * supplied to tell the kernel that userspace will handle radar
7627 		 * events when they happen. Otherwise a switch to a channel
7628 		 * requiring DFS will be rejected.
7629 		 */
7630 		need_handle_dfs_flag = false;
7631 
7632 		/* useless if AP is not running */
7633 		if (!wdev->beacon_interval)
7634 			return -ENOTCONN;
7635 		break;
7636 	case NL80211_IFTYPE_ADHOC:
7637 		if (!wdev->ssid_len)
7638 			return -ENOTCONN;
7639 		break;
7640 	case NL80211_IFTYPE_MESH_POINT:
7641 		if (!wdev->mesh_id_len)
7642 			return -ENOTCONN;
7643 		break;
7644 	default:
7645 		return -EOPNOTSUPP;
7646 	}
7647 
7648 	memset(&params, 0, sizeof(params));
7649 
7650 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7651 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
7652 		return -EINVAL;
7653 
7654 	/* only important for AP, IBSS and mesh create IEs internally */
7655 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
7656 		return -EINVAL;
7657 
7658 	/* Even though the attribute is u32, the specification says
7659 	 * u8, so let's make sure we don't overflow.
7660 	 */
7661 	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
7662 	if (cs_count > 255)
7663 		return -EINVAL;
7664 
7665 	params.count = cs_count;
7666 
7667 	if (!need_new_beacon)
7668 		goto skip_beacons;
7669 
7670 	err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
7671 	if (err)
7672 		return err;
7673 
7674 	err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
7675 			       info->attrs[NL80211_ATTR_CSA_IES],
7676 			       nl80211_policy, info->extack);
7677 	if (err)
7678 		return err;
7679 
7680 	err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
7681 	if (err)
7682 		return err;
7683 
7684 	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
7685 		return -EINVAL;
7686 
7687 	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
7688 	if (!len || (len % sizeof(u16)))
7689 		return -EINVAL;
7690 
7691 	params.n_counter_offsets_beacon = len / sizeof(u16);
7692 	if (rdev->wiphy.max_num_csa_counters &&
7693 	    (params.n_counter_offsets_beacon >
7694 	     rdev->wiphy.max_num_csa_counters))
7695 		return -EINVAL;
7696 
7697 	params.counter_offsets_beacon =
7698 		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
7699 
7700 	/* sanity checks - counters should fit and be the same */
7701 	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
7702 		u16 offset = params.counter_offsets_beacon[i];
7703 
7704 		if (offset >= params.beacon_csa.tail_len)
7705 			return -EINVAL;
7706 
7707 		if (params.beacon_csa.tail[offset] != params.count)
7708 			return -EINVAL;
7709 	}
7710 
7711 	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
7712 		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
7713 		if (!len || (len % sizeof(u16)))
7714 			return -EINVAL;
7715 
7716 		params.n_counter_offsets_presp = len / sizeof(u16);
7717 		if (rdev->wiphy.max_num_csa_counters &&
7718 		    (params.n_counter_offsets_presp >
7719 		     rdev->wiphy.max_num_csa_counters))
7720 			return -EINVAL;
7721 
7722 		params.counter_offsets_presp =
7723 			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
7724 
7725 		/* sanity checks - counters should fit and be the same */
7726 		for (i = 0; i < params.n_counter_offsets_presp; i++) {
7727 			u16 offset = params.counter_offsets_presp[i];
7728 
7729 			if (offset >= params.beacon_csa.probe_resp_len)
7730 				return -EINVAL;
7731 
7732 			if (params.beacon_csa.probe_resp[offset] !=
7733 			    params.count)
7734 				return -EINVAL;
7735 		}
7736 	}
7737 
7738 skip_beacons:
7739 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
7740 	if (err)
7741 		return err;
7742 
7743 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
7744 					   wdev->iftype))
7745 		return -EINVAL;
7746 
7747 	err = cfg80211_chandef_dfs_required(wdev->wiphy,
7748 					    &params.chandef,
7749 					    wdev->iftype);
7750 	if (err < 0)
7751 		return err;
7752 
7753 	if (err > 0) {
7754 		params.radar_required = true;
7755 		if (need_handle_dfs_flag &&
7756 		    !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
7757 			return -EINVAL;
7758 		}
7759 	}
7760 
7761 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
7762 		params.block_tx = true;
7763 
7764 	wdev_lock(wdev);
7765 	err = rdev_channel_switch(rdev, dev, &params);
7766 	wdev_unlock(wdev);
7767 
7768 	return err;
7769 }
7770 
7771 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
7772 			    u32 seq, int flags,
7773 			    struct cfg80211_registered_device *rdev,
7774 			    struct wireless_dev *wdev,
7775 			    struct cfg80211_internal_bss *intbss)
7776 {
7777 	struct cfg80211_bss *res = &intbss->pub;
7778 	const struct cfg80211_bss_ies *ies;
7779 	void *hdr;
7780 	struct nlattr *bss;
7781 
7782 	ASSERT_WDEV_LOCK(wdev);
7783 
7784 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7785 			     NL80211_CMD_NEW_SCAN_RESULTS);
7786 	if (!hdr)
7787 		return -1;
7788 
7789 	genl_dump_check_consistent(cb, hdr);
7790 
7791 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
7792 		goto nla_put_failure;
7793 	if (wdev->netdev &&
7794 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
7795 		goto nla_put_failure;
7796 	if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
7797 			      NL80211_ATTR_PAD))
7798 		goto nla_put_failure;
7799 
7800 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
7801 	if (!bss)
7802 		goto nla_put_failure;
7803 	if ((!is_zero_ether_addr(res->bssid) &&
7804 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
7805 		goto nla_put_failure;
7806 
7807 	rcu_read_lock();
7808 	/* indicate whether we have probe response data or not */
7809 	if (rcu_access_pointer(res->proberesp_ies) &&
7810 	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
7811 		goto fail_unlock_rcu;
7812 
7813 	/* this pointer prefers to be pointed to probe response data
7814 	 * but is always valid
7815 	 */
7816 	ies = rcu_dereference(res->ies);
7817 	if (ies) {
7818 		if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
7819 				      NL80211_BSS_PAD))
7820 			goto fail_unlock_rcu;
7821 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
7822 					ies->len, ies->data))
7823 			goto fail_unlock_rcu;
7824 	}
7825 
7826 	/* and this pointer is always (unless driver didn't know) beacon data */
7827 	ies = rcu_dereference(res->beacon_ies);
7828 	if (ies && ies->from_beacon) {
7829 		if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
7830 				      NL80211_BSS_PAD))
7831 			goto fail_unlock_rcu;
7832 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
7833 					ies->len, ies->data))
7834 			goto fail_unlock_rcu;
7835 	}
7836 	rcu_read_unlock();
7837 
7838 	if (res->beacon_interval &&
7839 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
7840 		goto nla_put_failure;
7841 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
7842 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
7843 	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
7844 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
7845 			jiffies_to_msecs(jiffies - intbss->ts)))
7846 		goto nla_put_failure;
7847 
7848 	if (intbss->parent_tsf &&
7849 	    (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
7850 			       intbss->parent_tsf, NL80211_BSS_PAD) ||
7851 	     nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
7852 		     intbss->parent_bssid)))
7853 		goto nla_put_failure;
7854 
7855 	if (intbss->ts_boottime &&
7856 	    nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
7857 			      intbss->ts_boottime, NL80211_BSS_PAD))
7858 		goto nla_put_failure;
7859 
7860 	if (!nl80211_put_signal(msg, intbss->pub.chains,
7861 				intbss->pub.chain_signal,
7862 				NL80211_BSS_CHAIN_SIGNAL))
7863 		goto nla_put_failure;
7864 
7865 	switch (rdev->wiphy.signal_type) {
7866 	case CFG80211_SIGNAL_TYPE_MBM:
7867 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
7868 			goto nla_put_failure;
7869 		break;
7870 	case CFG80211_SIGNAL_TYPE_UNSPEC:
7871 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
7872 			goto nla_put_failure;
7873 		break;
7874 	default:
7875 		break;
7876 	}
7877 
7878 	switch (wdev->iftype) {
7879 	case NL80211_IFTYPE_P2P_CLIENT:
7880 	case NL80211_IFTYPE_STATION:
7881 		if (intbss == wdev->current_bss &&
7882 		    nla_put_u32(msg, NL80211_BSS_STATUS,
7883 				NL80211_BSS_STATUS_ASSOCIATED))
7884 			goto nla_put_failure;
7885 		break;
7886 	case NL80211_IFTYPE_ADHOC:
7887 		if (intbss == wdev->current_bss &&
7888 		    nla_put_u32(msg, NL80211_BSS_STATUS,
7889 				NL80211_BSS_STATUS_IBSS_JOINED))
7890 			goto nla_put_failure;
7891 		break;
7892 	default:
7893 		break;
7894 	}
7895 
7896 	nla_nest_end(msg, bss);
7897 
7898 	genlmsg_end(msg, hdr);
7899 	return 0;
7900 
7901  fail_unlock_rcu:
7902 	rcu_read_unlock();
7903  nla_put_failure:
7904 	genlmsg_cancel(msg, hdr);
7905 	return -EMSGSIZE;
7906 }
7907 
7908 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
7909 {
7910 	struct cfg80211_registered_device *rdev;
7911 	struct cfg80211_internal_bss *scan;
7912 	struct wireless_dev *wdev;
7913 	int start = cb->args[2], idx = 0;
7914 	int err;
7915 
7916 	rtnl_lock();
7917 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
7918 	if (err) {
7919 		rtnl_unlock();
7920 		return err;
7921 	}
7922 
7923 	wdev_lock(wdev);
7924 	spin_lock_bh(&rdev->bss_lock);
7925 	cfg80211_bss_expire(rdev);
7926 
7927 	cb->seq = rdev->bss_generation;
7928 
7929 	list_for_each_entry(scan, &rdev->bss_list, list) {
7930 		if (++idx <= start)
7931 			continue;
7932 		if (nl80211_send_bss(skb, cb,
7933 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
7934 				rdev, wdev, scan) < 0) {
7935 			idx--;
7936 			break;
7937 		}
7938 	}
7939 
7940 	spin_unlock_bh(&rdev->bss_lock);
7941 	wdev_unlock(wdev);
7942 
7943 	cb->args[2] = idx;
7944 	rtnl_unlock();
7945 
7946 	return skb->len;
7947 }
7948 
7949 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
7950 			       int flags, struct net_device *dev,
7951 			       bool allow_radio_stats,
7952 			       struct survey_info *survey)
7953 {
7954 	void *hdr;
7955 	struct nlattr *infoattr;
7956 
7957 	/* skip radio stats if userspace didn't request them */
7958 	if (!survey->channel && !allow_radio_stats)
7959 		return 0;
7960 
7961 	hdr = nl80211hdr_put(msg, portid, seq, flags,
7962 			     NL80211_CMD_NEW_SURVEY_RESULTS);
7963 	if (!hdr)
7964 		return -ENOMEM;
7965 
7966 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
7967 		goto nla_put_failure;
7968 
7969 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
7970 	if (!infoattr)
7971 		goto nla_put_failure;
7972 
7973 	if (survey->channel &&
7974 	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
7975 			survey->channel->center_freq))
7976 		goto nla_put_failure;
7977 
7978 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
7979 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
7980 		goto nla_put_failure;
7981 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
7982 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
7983 		goto nla_put_failure;
7984 	if ((survey->filled & SURVEY_INFO_TIME) &&
7985 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
7986 			survey->time, NL80211_SURVEY_INFO_PAD))
7987 		goto nla_put_failure;
7988 	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
7989 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
7990 			      survey->time_busy, NL80211_SURVEY_INFO_PAD))
7991 		goto nla_put_failure;
7992 	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
7993 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
7994 			      survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
7995 		goto nla_put_failure;
7996 	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
7997 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
7998 			      survey->time_rx, NL80211_SURVEY_INFO_PAD))
7999 		goto nla_put_failure;
8000 	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
8001 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
8002 			      survey->time_tx, NL80211_SURVEY_INFO_PAD))
8003 		goto nla_put_failure;
8004 	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
8005 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
8006 			      survey->time_scan, NL80211_SURVEY_INFO_PAD))
8007 		goto nla_put_failure;
8008 
8009 	nla_nest_end(msg, infoattr);
8010 
8011 	genlmsg_end(msg, hdr);
8012 	return 0;
8013 
8014  nla_put_failure:
8015 	genlmsg_cancel(msg, hdr);
8016 	return -EMSGSIZE;
8017 }
8018 
8019 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
8020 {
8021 	struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
8022 	struct survey_info survey;
8023 	struct cfg80211_registered_device *rdev;
8024 	struct wireless_dev *wdev;
8025 	int survey_idx = cb->args[2];
8026 	int res;
8027 	bool radio_stats;
8028 
8029 	rtnl_lock();
8030 	res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
8031 	if (res)
8032 		goto out_err;
8033 
8034 	/* prepare_wdev_dump parsed the attributes */
8035 	radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
8036 
8037 	if (!wdev->netdev) {
8038 		res = -EINVAL;
8039 		goto out_err;
8040 	}
8041 
8042 	if (!rdev->ops->dump_survey) {
8043 		res = -EOPNOTSUPP;
8044 		goto out_err;
8045 	}
8046 
8047 	while (1) {
8048 		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
8049 		if (res == -ENOENT)
8050 			break;
8051 		if (res)
8052 			goto out_err;
8053 
8054 		/* don't send disabled channels, but do send non-channel data */
8055 		if (survey.channel &&
8056 		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
8057 			survey_idx++;
8058 			continue;
8059 		}
8060 
8061 		if (nl80211_send_survey(skb,
8062 				NETLINK_CB(cb->skb).portid,
8063 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
8064 				wdev->netdev, radio_stats, &survey) < 0)
8065 			goto out;
8066 		survey_idx++;
8067 	}
8068 
8069  out:
8070 	cb->args[2] = survey_idx;
8071 	res = skb->len;
8072  out_err:
8073 	rtnl_unlock();
8074 	return res;
8075 }
8076 
8077 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
8078 {
8079 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
8080 				  NL80211_WPA_VERSION_2));
8081 }
8082 
8083 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
8084 {
8085 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8086 	struct net_device *dev = info->user_ptr[1];
8087 	struct ieee80211_channel *chan;
8088 	const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
8089 	int err, ssid_len, ie_len = 0, auth_data_len = 0;
8090 	enum nl80211_auth_type auth_type;
8091 	struct key_parse key;
8092 	bool local_state_change;
8093 
8094 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8095 		return -EINVAL;
8096 
8097 	if (!info->attrs[NL80211_ATTR_MAC])
8098 		return -EINVAL;
8099 
8100 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
8101 		return -EINVAL;
8102 
8103 	if (!info->attrs[NL80211_ATTR_SSID])
8104 		return -EINVAL;
8105 
8106 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8107 		return -EINVAL;
8108 
8109 	err = nl80211_parse_key(info, &key);
8110 	if (err)
8111 		return err;
8112 
8113 	if (key.idx >= 0) {
8114 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8115 			return -EINVAL;
8116 		if (!key.p.key || !key.p.key_len)
8117 			return -EINVAL;
8118 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8119 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8120 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8121 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
8122 			return -EINVAL;
8123 		if (key.idx > 3)
8124 			return -EINVAL;
8125 	} else {
8126 		key.p.key_len = 0;
8127 		key.p.key = NULL;
8128 	}
8129 
8130 	if (key.idx >= 0) {
8131 		int i;
8132 		bool ok = false;
8133 
8134 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8135 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8136 				ok = true;
8137 				break;
8138 			}
8139 		}
8140 		if (!ok)
8141 			return -EINVAL;
8142 	}
8143 
8144 	if (!rdev->ops->auth)
8145 		return -EOPNOTSUPP;
8146 
8147 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8148 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8149 		return -EOPNOTSUPP;
8150 
8151 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8152 	chan = nl80211_get_valid_chan(&rdev->wiphy,
8153 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8154 	if (!chan)
8155 		return -EINVAL;
8156 
8157 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8158 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8159 
8160 	if (info->attrs[NL80211_ATTR_IE]) {
8161 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8162 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8163 	}
8164 
8165 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8166 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
8167 		return -EINVAL;
8168 
8169 	if ((auth_type == NL80211_AUTHTYPE_SAE ||
8170 	     auth_type == NL80211_AUTHTYPE_FILS_SK ||
8171 	     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
8172 	     auth_type == NL80211_AUTHTYPE_FILS_PK) &&
8173 	    !info->attrs[NL80211_ATTR_AUTH_DATA])
8174 		return -EINVAL;
8175 
8176 	if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
8177 		if (auth_type != NL80211_AUTHTYPE_SAE &&
8178 		    auth_type != NL80211_AUTHTYPE_FILS_SK &&
8179 		    auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
8180 		    auth_type != NL80211_AUTHTYPE_FILS_PK)
8181 			return -EINVAL;
8182 		auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
8183 		auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
8184 		/* need to include at least Auth Transaction and Status Code */
8185 		if (auth_data_len < 4)
8186 			return -EINVAL;
8187 	}
8188 
8189 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8190 
8191 	/*
8192 	 * Since we no longer track auth state, ignore
8193 	 * requests to only change local state.
8194 	 */
8195 	if (local_state_change)
8196 		return 0;
8197 
8198 	wdev_lock(dev->ieee80211_ptr);
8199 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
8200 				 ssid, ssid_len, ie, ie_len,
8201 				 key.p.key, key.p.key_len, key.idx,
8202 				 auth_data, auth_data_len);
8203 	wdev_unlock(dev->ieee80211_ptr);
8204 	return err;
8205 }
8206 
8207 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
8208 				   struct genl_info *info,
8209 				   struct cfg80211_crypto_settings *settings,
8210 				   int cipher_limit)
8211 {
8212 	memset(settings, 0, sizeof(*settings));
8213 
8214 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
8215 
8216 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
8217 		u16 proto;
8218 
8219 		proto = nla_get_u16(
8220 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
8221 		settings->control_port_ethertype = cpu_to_be16(proto);
8222 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
8223 		    proto != ETH_P_PAE)
8224 			return -EINVAL;
8225 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
8226 			settings->control_port_no_encrypt = true;
8227 	} else
8228 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
8229 
8230 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
8231 		void *data;
8232 		int len, i;
8233 
8234 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8235 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8236 		settings->n_ciphers_pairwise = len / sizeof(u32);
8237 
8238 		if (len % sizeof(u32))
8239 			return -EINVAL;
8240 
8241 		if (settings->n_ciphers_pairwise > cipher_limit)
8242 			return -EINVAL;
8243 
8244 		memcpy(settings->ciphers_pairwise, data, len);
8245 
8246 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
8247 			if (!cfg80211_supported_cipher_suite(
8248 					&rdev->wiphy,
8249 					settings->ciphers_pairwise[i]))
8250 				return -EINVAL;
8251 	}
8252 
8253 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
8254 		settings->cipher_group =
8255 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
8256 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
8257 						     settings->cipher_group))
8258 			return -EINVAL;
8259 	}
8260 
8261 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
8262 		settings->wpa_versions =
8263 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
8264 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
8265 			return -EINVAL;
8266 	}
8267 
8268 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
8269 		void *data;
8270 		int len;
8271 
8272 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
8273 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
8274 		settings->n_akm_suites = len / sizeof(u32);
8275 
8276 		if (len % sizeof(u32))
8277 			return -EINVAL;
8278 
8279 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
8280 			return -EINVAL;
8281 
8282 		memcpy(settings->akm_suites, data, len);
8283 	}
8284 
8285 	if (info->attrs[NL80211_ATTR_PMK]) {
8286 		if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
8287 			return -EINVAL;
8288 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
8289 					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
8290 			return -EINVAL;
8291 		settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
8292 	}
8293 
8294 	return 0;
8295 }
8296 
8297 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
8298 {
8299 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8300 	struct net_device *dev = info->user_ptr[1];
8301 	struct ieee80211_channel *chan;
8302 	struct cfg80211_assoc_request req = {};
8303 	const u8 *bssid, *ssid;
8304 	int err, ssid_len = 0;
8305 
8306 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8307 		return -EINVAL;
8308 
8309 	if (!info->attrs[NL80211_ATTR_MAC] ||
8310 	    !info->attrs[NL80211_ATTR_SSID] ||
8311 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
8312 		return -EINVAL;
8313 
8314 	if (!rdev->ops->assoc)
8315 		return -EOPNOTSUPP;
8316 
8317 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8318 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8319 		return -EOPNOTSUPP;
8320 
8321 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8322 
8323 	chan = nl80211_get_valid_chan(&rdev->wiphy,
8324 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8325 	if (!chan)
8326 		return -EINVAL;
8327 
8328 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8329 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8330 
8331 	if (info->attrs[NL80211_ATTR_IE]) {
8332 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8333 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8334 	}
8335 
8336 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
8337 		enum nl80211_mfp mfp =
8338 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8339 		if (mfp == NL80211_MFP_REQUIRED)
8340 			req.use_mfp = true;
8341 		else if (mfp != NL80211_MFP_NO)
8342 			return -EINVAL;
8343 	}
8344 
8345 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
8346 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
8347 
8348 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
8349 		req.flags |= ASSOC_REQ_DISABLE_HT;
8350 
8351 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8352 		memcpy(&req.ht_capa_mask,
8353 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8354 		       sizeof(req.ht_capa_mask));
8355 
8356 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8357 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8358 			return -EINVAL;
8359 		memcpy(&req.ht_capa,
8360 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8361 		       sizeof(req.ht_capa));
8362 	}
8363 
8364 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
8365 		req.flags |= ASSOC_REQ_DISABLE_VHT;
8366 
8367 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8368 		memcpy(&req.vht_capa_mask,
8369 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
8370 		       sizeof(req.vht_capa_mask));
8371 
8372 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
8373 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8374 			return -EINVAL;
8375 		memcpy(&req.vht_capa,
8376 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
8377 		       sizeof(req.vht_capa));
8378 	}
8379 
8380 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
8381 		if (!((rdev->wiphy.features &
8382 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
8383 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
8384 		    !wiphy_ext_feature_isset(&rdev->wiphy,
8385 					     NL80211_EXT_FEATURE_RRM))
8386 			return -EINVAL;
8387 		req.flags |= ASSOC_REQ_USE_RRM;
8388 	}
8389 
8390 	if (info->attrs[NL80211_ATTR_FILS_KEK]) {
8391 		req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
8392 		req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
8393 		if (!info->attrs[NL80211_ATTR_FILS_NONCES])
8394 			return -EINVAL;
8395 		req.fils_nonces =
8396 			nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
8397 	}
8398 
8399 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
8400 	if (!err) {
8401 		wdev_lock(dev->ieee80211_ptr);
8402 
8403 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
8404 					  ssid, ssid_len, &req);
8405 
8406 		if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8407 			dev->ieee80211_ptr->conn_owner_nlportid =
8408 				info->snd_portid;
8409 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
8410 			       bssid, ETH_ALEN);
8411 		}
8412 
8413 		wdev_unlock(dev->ieee80211_ptr);
8414 	}
8415 
8416 	return err;
8417 }
8418 
8419 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
8420 {
8421 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8422 	struct net_device *dev = info->user_ptr[1];
8423 	const u8 *ie = NULL, *bssid;
8424 	int ie_len = 0, err;
8425 	u16 reason_code;
8426 	bool local_state_change;
8427 
8428 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8429 		return -EINVAL;
8430 
8431 	if (!info->attrs[NL80211_ATTR_MAC])
8432 		return -EINVAL;
8433 
8434 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
8435 		return -EINVAL;
8436 
8437 	if (!rdev->ops->deauth)
8438 		return -EOPNOTSUPP;
8439 
8440 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8441 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8442 		return -EOPNOTSUPP;
8443 
8444 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8445 
8446 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8447 	if (reason_code == 0) {
8448 		/* Reason Code 0 is reserved */
8449 		return -EINVAL;
8450 	}
8451 
8452 	if (info->attrs[NL80211_ATTR_IE]) {
8453 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8454 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8455 	}
8456 
8457 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8458 
8459 	wdev_lock(dev->ieee80211_ptr);
8460 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
8461 				   local_state_change);
8462 	wdev_unlock(dev->ieee80211_ptr);
8463 	return err;
8464 }
8465 
8466 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
8467 {
8468 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8469 	struct net_device *dev = info->user_ptr[1];
8470 	const u8 *ie = NULL, *bssid;
8471 	int ie_len = 0, err;
8472 	u16 reason_code;
8473 	bool local_state_change;
8474 
8475 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8476 		return -EINVAL;
8477 
8478 	if (!info->attrs[NL80211_ATTR_MAC])
8479 		return -EINVAL;
8480 
8481 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
8482 		return -EINVAL;
8483 
8484 	if (!rdev->ops->disassoc)
8485 		return -EOPNOTSUPP;
8486 
8487 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8488 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8489 		return -EOPNOTSUPP;
8490 
8491 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8492 
8493 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8494 	if (reason_code == 0) {
8495 		/* Reason Code 0 is reserved */
8496 		return -EINVAL;
8497 	}
8498 
8499 	if (info->attrs[NL80211_ATTR_IE]) {
8500 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8501 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8502 	}
8503 
8504 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8505 
8506 	wdev_lock(dev->ieee80211_ptr);
8507 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
8508 				     local_state_change);
8509 	wdev_unlock(dev->ieee80211_ptr);
8510 	return err;
8511 }
8512 
8513 static bool
8514 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
8515 			 int mcast_rate[NUM_NL80211_BANDS],
8516 			 int rateval)
8517 {
8518 	struct wiphy *wiphy = &rdev->wiphy;
8519 	bool found = false;
8520 	int band, i;
8521 
8522 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
8523 		struct ieee80211_supported_band *sband;
8524 
8525 		sband = wiphy->bands[band];
8526 		if (!sband)
8527 			continue;
8528 
8529 		for (i = 0; i < sband->n_bitrates; i++) {
8530 			if (sband->bitrates[i].bitrate == rateval) {
8531 				mcast_rate[band] = i + 1;
8532 				found = true;
8533 				break;
8534 			}
8535 		}
8536 	}
8537 
8538 	return found;
8539 }
8540 
8541 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
8542 {
8543 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8544 	struct net_device *dev = info->user_ptr[1];
8545 	struct cfg80211_ibss_params ibss;
8546 	struct wiphy *wiphy;
8547 	struct cfg80211_cached_keys *connkeys = NULL;
8548 	int err;
8549 
8550 	memset(&ibss, 0, sizeof(ibss));
8551 
8552 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8553 		return -EINVAL;
8554 
8555 	if (!info->attrs[NL80211_ATTR_SSID] ||
8556 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
8557 		return -EINVAL;
8558 
8559 	ibss.beacon_interval = 100;
8560 
8561 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
8562 		ibss.beacon_interval =
8563 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8564 
8565 	err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
8566 					   ibss.beacon_interval);
8567 	if (err)
8568 		return err;
8569 
8570 	if (!rdev->ops->join_ibss)
8571 		return -EOPNOTSUPP;
8572 
8573 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
8574 		return -EOPNOTSUPP;
8575 
8576 	wiphy = &rdev->wiphy;
8577 
8578 	if (info->attrs[NL80211_ATTR_MAC]) {
8579 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8580 
8581 		if (!is_valid_ether_addr(ibss.bssid))
8582 			return -EINVAL;
8583 	}
8584 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8585 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8586 
8587 	if (info->attrs[NL80211_ATTR_IE]) {
8588 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8589 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8590 	}
8591 
8592 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
8593 	if (err)
8594 		return err;
8595 
8596 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
8597 				     NL80211_IFTYPE_ADHOC))
8598 		return -EINVAL;
8599 
8600 	switch (ibss.chandef.width) {
8601 	case NL80211_CHAN_WIDTH_5:
8602 	case NL80211_CHAN_WIDTH_10:
8603 	case NL80211_CHAN_WIDTH_20_NOHT:
8604 		break;
8605 	case NL80211_CHAN_WIDTH_20:
8606 	case NL80211_CHAN_WIDTH_40:
8607 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8608 			return -EINVAL;
8609 		break;
8610 	case NL80211_CHAN_WIDTH_80:
8611 	case NL80211_CHAN_WIDTH_80P80:
8612 	case NL80211_CHAN_WIDTH_160:
8613 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8614 			return -EINVAL;
8615 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
8616 					     NL80211_EXT_FEATURE_VHT_IBSS))
8617 			return -EINVAL;
8618 		break;
8619 	default:
8620 		return -EINVAL;
8621 	}
8622 
8623 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
8624 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
8625 
8626 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8627 		u8 *rates =
8628 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8629 		int n_rates =
8630 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8631 		struct ieee80211_supported_band *sband =
8632 			wiphy->bands[ibss.chandef.chan->band];
8633 
8634 		err = ieee80211_get_ratemask(sband, rates, n_rates,
8635 					     &ibss.basic_rates);
8636 		if (err)
8637 			return err;
8638 	}
8639 
8640 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8641 		memcpy(&ibss.ht_capa_mask,
8642 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8643 		       sizeof(ibss.ht_capa_mask));
8644 
8645 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8646 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8647 			return -EINVAL;
8648 		memcpy(&ibss.ht_capa,
8649 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8650 		       sizeof(ibss.ht_capa));
8651 	}
8652 
8653 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8654 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
8655 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8656 		return -EINVAL;
8657 
8658 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
8659 		bool no_ht = false;
8660 
8661 		connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
8662 		if (IS_ERR(connkeys))
8663 			return PTR_ERR(connkeys);
8664 
8665 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
8666 		    no_ht) {
8667 			kzfree(connkeys);
8668 			return -EINVAL;
8669 		}
8670 	}
8671 
8672 	ibss.control_port =
8673 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
8674 
8675 	ibss.userspace_handles_dfs =
8676 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
8677 
8678 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
8679 	if (err)
8680 		kzfree(connkeys);
8681 	return err;
8682 }
8683 
8684 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
8685 {
8686 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8687 	struct net_device *dev = info->user_ptr[1];
8688 
8689 	if (!rdev->ops->leave_ibss)
8690 		return -EOPNOTSUPP;
8691 
8692 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
8693 		return -EOPNOTSUPP;
8694 
8695 	return cfg80211_leave_ibss(rdev, dev, false);
8696 }
8697 
8698 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
8699 {
8700 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8701 	struct net_device *dev = info->user_ptr[1];
8702 	int mcast_rate[NUM_NL80211_BANDS];
8703 	u32 nla_rate;
8704 	int err;
8705 
8706 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
8707 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
8708 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
8709 		return -EOPNOTSUPP;
8710 
8711 	if (!rdev->ops->set_mcast_rate)
8712 		return -EOPNOTSUPP;
8713 
8714 	memset(mcast_rate, 0, sizeof(mcast_rate));
8715 
8716 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
8717 		return -EINVAL;
8718 
8719 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
8720 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
8721 		return -EINVAL;
8722 
8723 	err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
8724 
8725 	return err;
8726 }
8727 
8728 static struct sk_buff *
8729 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
8730 			    struct wireless_dev *wdev, int approxlen,
8731 			    u32 portid, u32 seq, enum nl80211_commands cmd,
8732 			    enum nl80211_attrs attr,
8733 			    const struct nl80211_vendor_cmd_info *info,
8734 			    gfp_t gfp)
8735 {
8736 	struct sk_buff *skb;
8737 	void *hdr;
8738 	struct nlattr *data;
8739 
8740 	skb = nlmsg_new(approxlen + 100, gfp);
8741 	if (!skb)
8742 		return NULL;
8743 
8744 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
8745 	if (!hdr) {
8746 		kfree_skb(skb);
8747 		return NULL;
8748 	}
8749 
8750 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
8751 		goto nla_put_failure;
8752 
8753 	if (info) {
8754 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
8755 				info->vendor_id))
8756 			goto nla_put_failure;
8757 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
8758 				info->subcmd))
8759 			goto nla_put_failure;
8760 	}
8761 
8762 	if (wdev) {
8763 		if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
8764 				      wdev_id(wdev), NL80211_ATTR_PAD))
8765 			goto nla_put_failure;
8766 		if (wdev->netdev &&
8767 		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
8768 				wdev->netdev->ifindex))
8769 			goto nla_put_failure;
8770 	}
8771 
8772 	data = nla_nest_start(skb, attr);
8773 	if (!data)
8774 		goto nla_put_failure;
8775 
8776 	((void **)skb->cb)[0] = rdev;
8777 	((void **)skb->cb)[1] = hdr;
8778 	((void **)skb->cb)[2] = data;
8779 
8780 	return skb;
8781 
8782  nla_put_failure:
8783 	kfree_skb(skb);
8784 	return NULL;
8785 }
8786 
8787 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
8788 					   struct wireless_dev *wdev,
8789 					   enum nl80211_commands cmd,
8790 					   enum nl80211_attrs attr,
8791 					   int vendor_event_idx,
8792 					   int approxlen, gfp_t gfp)
8793 {
8794 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
8795 	const struct nl80211_vendor_cmd_info *info;
8796 
8797 	switch (cmd) {
8798 	case NL80211_CMD_TESTMODE:
8799 		if (WARN_ON(vendor_event_idx != -1))
8800 			return NULL;
8801 		info = NULL;
8802 		break;
8803 	case NL80211_CMD_VENDOR:
8804 		if (WARN_ON(vendor_event_idx < 0 ||
8805 			    vendor_event_idx >= wiphy->n_vendor_events))
8806 			return NULL;
8807 		info = &wiphy->vendor_events[vendor_event_idx];
8808 		break;
8809 	default:
8810 		WARN_ON(1);
8811 		return NULL;
8812 	}
8813 
8814 	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
8815 					   cmd, attr, info, gfp);
8816 }
8817 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
8818 
8819 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
8820 {
8821 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
8822 	void *hdr = ((void **)skb->cb)[1];
8823 	struct nlattr *data = ((void **)skb->cb)[2];
8824 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
8825 
8826 	/* clear CB data for netlink core to own from now on */
8827 	memset(skb->cb, 0, sizeof(skb->cb));
8828 
8829 	nla_nest_end(skb, data);
8830 	genlmsg_end(skb, hdr);
8831 
8832 	if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
8833 		mcgrp = NL80211_MCGRP_VENDOR;
8834 
8835 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
8836 				mcgrp, gfp);
8837 }
8838 EXPORT_SYMBOL(__cfg80211_send_event_skb);
8839 
8840 #ifdef CONFIG_NL80211_TESTMODE
8841 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
8842 {
8843 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8844 	struct wireless_dev *wdev =
8845 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
8846 	int err;
8847 
8848 	if (!rdev->ops->testmode_cmd)
8849 		return -EOPNOTSUPP;
8850 
8851 	if (IS_ERR(wdev)) {
8852 		err = PTR_ERR(wdev);
8853 		if (err != -EINVAL)
8854 			return err;
8855 		wdev = NULL;
8856 	} else if (wdev->wiphy != &rdev->wiphy) {
8857 		return -EINVAL;
8858 	}
8859 
8860 	if (!info->attrs[NL80211_ATTR_TESTDATA])
8861 		return -EINVAL;
8862 
8863 	rdev->cur_cmd_info = info;
8864 	err = rdev_testmode_cmd(rdev, wdev,
8865 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
8866 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
8867 	rdev->cur_cmd_info = NULL;
8868 
8869 	return err;
8870 }
8871 
8872 static int nl80211_testmode_dump(struct sk_buff *skb,
8873 				 struct netlink_callback *cb)
8874 {
8875 	struct cfg80211_registered_device *rdev;
8876 	int err;
8877 	long phy_idx;
8878 	void *data = NULL;
8879 	int data_len = 0;
8880 
8881 	rtnl_lock();
8882 
8883 	if (cb->args[0]) {
8884 		/*
8885 		 * 0 is a valid index, but not valid for args[0],
8886 		 * so we need to offset by 1.
8887 		 */
8888 		phy_idx = cb->args[0] - 1;
8889 
8890 		rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
8891 		if (!rdev) {
8892 			err = -ENOENT;
8893 			goto out_err;
8894 		}
8895 	} else {
8896 		struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
8897 
8898 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
8899 				  attrbuf, nl80211_fam.maxattr,
8900 				  nl80211_policy, NULL);
8901 		if (err)
8902 			goto out_err;
8903 
8904 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
8905 		if (IS_ERR(rdev)) {
8906 			err = PTR_ERR(rdev);
8907 			goto out_err;
8908 		}
8909 		phy_idx = rdev->wiphy_idx;
8910 
8911 		if (attrbuf[NL80211_ATTR_TESTDATA])
8912 			cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
8913 	}
8914 
8915 	if (cb->args[1]) {
8916 		data = nla_data((void *)cb->args[1]);
8917 		data_len = nla_len((void *)cb->args[1]);
8918 	}
8919 
8920 	if (!rdev->ops->testmode_dump) {
8921 		err = -EOPNOTSUPP;
8922 		goto out_err;
8923 	}
8924 
8925 	while (1) {
8926 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
8927 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
8928 					   NL80211_CMD_TESTMODE);
8929 		struct nlattr *tmdata;
8930 
8931 		if (!hdr)
8932 			break;
8933 
8934 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
8935 			genlmsg_cancel(skb, hdr);
8936 			break;
8937 		}
8938 
8939 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
8940 		if (!tmdata) {
8941 			genlmsg_cancel(skb, hdr);
8942 			break;
8943 		}
8944 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
8945 		nla_nest_end(skb, tmdata);
8946 
8947 		if (err == -ENOBUFS || err == -ENOENT) {
8948 			genlmsg_cancel(skb, hdr);
8949 			break;
8950 		} else if (err) {
8951 			genlmsg_cancel(skb, hdr);
8952 			goto out_err;
8953 		}
8954 
8955 		genlmsg_end(skb, hdr);
8956 	}
8957 
8958 	err = skb->len;
8959 	/* see above */
8960 	cb->args[0] = phy_idx + 1;
8961  out_err:
8962 	rtnl_unlock();
8963 	return err;
8964 }
8965 #endif
8966 
8967 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
8968 {
8969 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8970 	struct net_device *dev = info->user_ptr[1];
8971 	struct cfg80211_connect_params connect;
8972 	struct wiphy *wiphy;
8973 	struct cfg80211_cached_keys *connkeys = NULL;
8974 	int err;
8975 
8976 	memset(&connect, 0, sizeof(connect));
8977 
8978 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8979 		return -EINVAL;
8980 
8981 	if (!info->attrs[NL80211_ATTR_SSID] ||
8982 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
8983 		return -EINVAL;
8984 
8985 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
8986 		connect.auth_type =
8987 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8988 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
8989 					     NL80211_CMD_CONNECT))
8990 			return -EINVAL;
8991 	} else
8992 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
8993 
8994 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
8995 
8996 	if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
8997 	    !wiphy_ext_feature_isset(&rdev->wiphy,
8998 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
8999 		return -EINVAL;
9000 	connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
9001 
9002 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
9003 				      NL80211_MAX_NR_CIPHER_SUITES);
9004 	if (err)
9005 		return err;
9006 
9007 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9008 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9009 		return -EOPNOTSUPP;
9010 
9011 	wiphy = &rdev->wiphy;
9012 
9013 	connect.bg_scan_period = -1;
9014 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
9015 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
9016 		connect.bg_scan_period =
9017 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
9018 	}
9019 
9020 	if (info->attrs[NL80211_ATTR_MAC])
9021 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9022 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
9023 		connect.bssid_hint =
9024 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
9025 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9026 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9027 
9028 	if (info->attrs[NL80211_ATTR_IE]) {
9029 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9030 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9031 	}
9032 
9033 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
9034 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9035 		if (connect.mfp == NL80211_MFP_OPTIONAL &&
9036 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9037 					     NL80211_EXT_FEATURE_MFP_OPTIONAL))
9038 			return -EOPNOTSUPP;
9039 
9040 		if (connect.mfp != NL80211_MFP_REQUIRED &&
9041 		    connect.mfp != NL80211_MFP_NO &&
9042 		    connect.mfp != NL80211_MFP_OPTIONAL)
9043 			return -EINVAL;
9044 	} else {
9045 		connect.mfp = NL80211_MFP_NO;
9046 	}
9047 
9048 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
9049 		connect.prev_bssid =
9050 			nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9051 
9052 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9053 		connect.channel = nl80211_get_valid_chan(
9054 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9055 		if (!connect.channel)
9056 			return -EINVAL;
9057 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
9058 		connect.channel_hint = nl80211_get_valid_chan(
9059 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
9060 		if (!connect.channel_hint)
9061 			return -EINVAL;
9062 	}
9063 
9064 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9065 		connkeys = nl80211_parse_connkeys(rdev, info, NULL);
9066 		if (IS_ERR(connkeys))
9067 			return PTR_ERR(connkeys);
9068 	}
9069 
9070 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9071 		connect.flags |= ASSOC_REQ_DISABLE_HT;
9072 
9073 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9074 		memcpy(&connect.ht_capa_mask,
9075 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9076 		       sizeof(connect.ht_capa_mask));
9077 
9078 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9079 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
9080 			kzfree(connkeys);
9081 			return -EINVAL;
9082 		}
9083 		memcpy(&connect.ht_capa,
9084 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9085 		       sizeof(connect.ht_capa));
9086 	}
9087 
9088 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9089 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
9090 
9091 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9092 		memcpy(&connect.vht_capa_mask,
9093 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9094 		       sizeof(connect.vht_capa_mask));
9095 
9096 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9097 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
9098 			kzfree(connkeys);
9099 			return -EINVAL;
9100 		}
9101 		memcpy(&connect.vht_capa,
9102 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9103 		       sizeof(connect.vht_capa));
9104 	}
9105 
9106 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9107 		if (!((rdev->wiphy.features &
9108 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9109 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9110 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9111 					     NL80211_EXT_FEATURE_RRM)) {
9112 			kzfree(connkeys);
9113 			return -EINVAL;
9114 		}
9115 		connect.flags |= ASSOC_REQ_USE_RRM;
9116 	}
9117 
9118 	connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
9119 	if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
9120 		kzfree(connkeys);
9121 		return -EOPNOTSUPP;
9122 	}
9123 
9124 	if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
9125 		/* bss selection makes no sense if bssid is set */
9126 		if (connect.bssid) {
9127 			kzfree(connkeys);
9128 			return -EINVAL;
9129 		}
9130 
9131 		err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
9132 				       wiphy, &connect.bss_select);
9133 		if (err) {
9134 			kzfree(connkeys);
9135 			return err;
9136 		}
9137 	}
9138 
9139 	if (wiphy_ext_feature_isset(&rdev->wiphy,
9140 				    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
9141 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9142 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9143 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9144 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9145 		connect.fils_erp_username =
9146 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9147 		connect.fils_erp_username_len =
9148 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9149 		connect.fils_erp_realm =
9150 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9151 		connect.fils_erp_realm_len =
9152 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9153 		connect.fils_erp_next_seq_num =
9154 			nla_get_u16(
9155 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9156 		connect.fils_erp_rrk =
9157 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9158 		connect.fils_erp_rrk_len =
9159 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9160 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9161 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9162 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9163 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9164 		kzfree(connkeys);
9165 		return -EINVAL;
9166 	}
9167 
9168 	if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
9169 		if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9170 			GENL_SET_ERR_MSG(info,
9171 					 "external auth requires connection ownership");
9172 			return -EINVAL;
9173 		}
9174 		connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
9175 	}
9176 
9177 	wdev_lock(dev->ieee80211_ptr);
9178 
9179 	err = cfg80211_connect(rdev, dev, &connect, connkeys,
9180 			       connect.prev_bssid);
9181 	if (err)
9182 		kzfree(connkeys);
9183 
9184 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9185 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9186 		if (connect.bssid)
9187 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
9188 			       connect.bssid, ETH_ALEN);
9189 		else
9190 			memset(dev->ieee80211_ptr->disconnect_bssid,
9191 			       0, ETH_ALEN);
9192 	}
9193 
9194 	wdev_unlock(dev->ieee80211_ptr);
9195 
9196 	return err;
9197 }
9198 
9199 static int nl80211_update_connect_params(struct sk_buff *skb,
9200 					 struct genl_info *info)
9201 {
9202 	struct cfg80211_connect_params connect = {};
9203 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9204 	struct net_device *dev = info->user_ptr[1];
9205 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9206 	u32 changed = 0;
9207 	int ret;
9208 
9209 	if (!rdev->ops->update_connect_params)
9210 		return -EOPNOTSUPP;
9211 
9212 	if (info->attrs[NL80211_ATTR_IE]) {
9213 		if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9214 			return -EINVAL;
9215 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9216 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9217 		changed |= UPDATE_ASSOC_IES;
9218 	}
9219 
9220 	wdev_lock(dev->ieee80211_ptr);
9221 	if (!wdev->current_bss)
9222 		ret = -ENOLINK;
9223 	else
9224 		ret = rdev_update_connect_params(rdev, dev, &connect, changed);
9225 	wdev_unlock(dev->ieee80211_ptr);
9226 
9227 	return ret;
9228 }
9229 
9230 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
9231 {
9232 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9233 	struct net_device *dev = info->user_ptr[1];
9234 	u16 reason;
9235 	int ret;
9236 
9237 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
9238 		reason = WLAN_REASON_DEAUTH_LEAVING;
9239 	else
9240 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9241 
9242 	if (reason == 0)
9243 		return -EINVAL;
9244 
9245 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9246 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9247 		return -EOPNOTSUPP;
9248 
9249 	wdev_lock(dev->ieee80211_ptr);
9250 	ret = cfg80211_disconnect(rdev, dev, reason, true);
9251 	wdev_unlock(dev->ieee80211_ptr);
9252 	return ret;
9253 }
9254 
9255 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
9256 {
9257 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9258 	struct net *net;
9259 	int err;
9260 
9261 	if (info->attrs[NL80211_ATTR_PID]) {
9262 		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
9263 
9264 		net = get_net_ns_by_pid(pid);
9265 	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
9266 		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
9267 
9268 		net = get_net_ns_by_fd(fd);
9269 	} else {
9270 		return -EINVAL;
9271 	}
9272 
9273 	if (IS_ERR(net))
9274 		return PTR_ERR(net);
9275 
9276 	err = 0;
9277 
9278 	/* check if anything to do */
9279 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
9280 		err = cfg80211_switch_netns(rdev, net);
9281 
9282 	put_net(net);
9283 	return err;
9284 }
9285 
9286 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
9287 {
9288 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9289 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
9290 			struct cfg80211_pmksa *pmksa) = NULL;
9291 	struct net_device *dev = info->user_ptr[1];
9292 	struct cfg80211_pmksa pmksa;
9293 
9294 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
9295 
9296 	if (!info->attrs[NL80211_ATTR_PMKID])
9297 		return -EINVAL;
9298 
9299 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
9300 
9301 	if (info->attrs[NL80211_ATTR_MAC]) {
9302 		pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9303 	} else if (info->attrs[NL80211_ATTR_SSID] &&
9304 		   info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
9305 		   (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
9306 		    info->attrs[NL80211_ATTR_PMK])) {
9307 		pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9308 		pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9309 		pmksa.cache_id =
9310 			nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
9311 	} else {
9312 		return -EINVAL;
9313 	}
9314 	if (info->attrs[NL80211_ATTR_PMK]) {
9315 		pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9316 		pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
9317 	}
9318 
9319 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9320 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9321 		return -EOPNOTSUPP;
9322 
9323 	switch (info->genlhdr->cmd) {
9324 	case NL80211_CMD_SET_PMKSA:
9325 		rdev_ops = rdev->ops->set_pmksa;
9326 		break;
9327 	case NL80211_CMD_DEL_PMKSA:
9328 		rdev_ops = rdev->ops->del_pmksa;
9329 		break;
9330 	default:
9331 		WARN_ON(1);
9332 		break;
9333 	}
9334 
9335 	if (!rdev_ops)
9336 		return -EOPNOTSUPP;
9337 
9338 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
9339 }
9340 
9341 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
9342 {
9343 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9344 	struct net_device *dev = info->user_ptr[1];
9345 
9346 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9347 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9348 		return -EOPNOTSUPP;
9349 
9350 	if (!rdev->ops->flush_pmksa)
9351 		return -EOPNOTSUPP;
9352 
9353 	return rdev_flush_pmksa(rdev, dev);
9354 }
9355 
9356 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
9357 {
9358 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9359 	struct net_device *dev = info->user_ptr[1];
9360 	u8 action_code, dialog_token;
9361 	u32 peer_capability = 0;
9362 	u16 status_code;
9363 	u8 *peer;
9364 	bool initiator;
9365 
9366 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9367 	    !rdev->ops->tdls_mgmt)
9368 		return -EOPNOTSUPP;
9369 
9370 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
9371 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
9372 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
9373 	    !info->attrs[NL80211_ATTR_IE] ||
9374 	    !info->attrs[NL80211_ATTR_MAC])
9375 		return -EINVAL;
9376 
9377 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9378 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
9379 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
9380 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
9381 	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
9382 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
9383 		peer_capability =
9384 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
9385 
9386 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
9387 			      dialog_token, status_code, peer_capability,
9388 			      initiator,
9389 			      nla_data(info->attrs[NL80211_ATTR_IE]),
9390 			      nla_len(info->attrs[NL80211_ATTR_IE]));
9391 }
9392 
9393 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
9394 {
9395 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9396 	struct net_device *dev = info->user_ptr[1];
9397 	enum nl80211_tdls_operation operation;
9398 	u8 *peer;
9399 
9400 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9401 	    !rdev->ops->tdls_oper)
9402 		return -EOPNOTSUPP;
9403 
9404 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
9405 	    !info->attrs[NL80211_ATTR_MAC])
9406 		return -EINVAL;
9407 
9408 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
9409 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9410 
9411 	return rdev_tdls_oper(rdev, dev, peer, operation);
9412 }
9413 
9414 static int nl80211_remain_on_channel(struct sk_buff *skb,
9415 				     struct genl_info *info)
9416 {
9417 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9418 	struct wireless_dev *wdev = info->user_ptr[1];
9419 	struct cfg80211_chan_def chandef;
9420 	const struct cfg80211_chan_def *compat_chandef;
9421 	struct sk_buff *msg;
9422 	void *hdr;
9423 	u64 cookie;
9424 	u32 duration;
9425 	int err;
9426 
9427 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
9428 	    !info->attrs[NL80211_ATTR_DURATION])
9429 		return -EINVAL;
9430 
9431 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
9432 
9433 	if (!rdev->ops->remain_on_channel ||
9434 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
9435 		return -EOPNOTSUPP;
9436 
9437 	/*
9438 	 * We should be on that channel for at least a minimum amount of
9439 	 * time (10ms) but no longer than the driver supports.
9440 	 */
9441 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
9442 	    duration > rdev->wiphy.max_remain_on_channel_duration)
9443 		return -EINVAL;
9444 
9445 	err = nl80211_parse_chandef(rdev, info, &chandef);
9446 	if (err)
9447 		return err;
9448 
9449 	wdev_lock(wdev);
9450 	if (!cfg80211_off_channel_oper_allowed(wdev) &&
9451 	    !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
9452 		compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
9453 							     &chandef);
9454 		if (compat_chandef != &chandef) {
9455 			wdev_unlock(wdev);
9456 			return -EBUSY;
9457 		}
9458 	}
9459 	wdev_unlock(wdev);
9460 
9461 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9462 	if (!msg)
9463 		return -ENOMEM;
9464 
9465 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9466 			     NL80211_CMD_REMAIN_ON_CHANNEL);
9467 	if (!hdr) {
9468 		err = -ENOBUFS;
9469 		goto free_msg;
9470 	}
9471 
9472 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
9473 				     duration, &cookie);
9474 
9475 	if (err)
9476 		goto free_msg;
9477 
9478 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
9479 			      NL80211_ATTR_PAD))
9480 		goto nla_put_failure;
9481 
9482 	genlmsg_end(msg, hdr);
9483 
9484 	return genlmsg_reply(msg, info);
9485 
9486  nla_put_failure:
9487 	err = -ENOBUFS;
9488  free_msg:
9489 	nlmsg_free(msg);
9490 	return err;
9491 }
9492 
9493 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
9494 					    struct genl_info *info)
9495 {
9496 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9497 	struct wireless_dev *wdev = info->user_ptr[1];
9498 	u64 cookie;
9499 
9500 	if (!info->attrs[NL80211_ATTR_COOKIE])
9501 		return -EINVAL;
9502 
9503 	if (!rdev->ops->cancel_remain_on_channel)
9504 		return -EOPNOTSUPP;
9505 
9506 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9507 
9508 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
9509 }
9510 
9511 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
9512 				       struct genl_info *info)
9513 {
9514 	struct cfg80211_bitrate_mask mask;
9515 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9516 	struct net_device *dev = info->user_ptr[1];
9517 	int err;
9518 
9519 	if (!rdev->ops->set_bitrate_mask)
9520 		return -EOPNOTSUPP;
9521 
9522 	err = nl80211_parse_tx_bitrate_mask(info, &mask);
9523 	if (err)
9524 		return err;
9525 
9526 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
9527 }
9528 
9529 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
9530 {
9531 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9532 	struct wireless_dev *wdev = info->user_ptr[1];
9533 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
9534 
9535 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
9536 		return -EINVAL;
9537 
9538 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
9539 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
9540 
9541 	switch (wdev->iftype) {
9542 	case NL80211_IFTYPE_STATION:
9543 	case NL80211_IFTYPE_ADHOC:
9544 	case NL80211_IFTYPE_P2P_CLIENT:
9545 	case NL80211_IFTYPE_AP:
9546 	case NL80211_IFTYPE_AP_VLAN:
9547 	case NL80211_IFTYPE_MESH_POINT:
9548 	case NL80211_IFTYPE_P2P_GO:
9549 	case NL80211_IFTYPE_P2P_DEVICE:
9550 		break;
9551 	case NL80211_IFTYPE_NAN:
9552 	default:
9553 		return -EOPNOTSUPP;
9554 	}
9555 
9556 	/* not much point in registering if we can't reply */
9557 	if (!rdev->ops->mgmt_tx)
9558 		return -EOPNOTSUPP;
9559 
9560 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
9561 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
9562 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
9563 }
9564 
9565 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
9566 {
9567 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9568 	struct wireless_dev *wdev = info->user_ptr[1];
9569 	struct cfg80211_chan_def chandef;
9570 	int err;
9571 	void *hdr = NULL;
9572 	u64 cookie;
9573 	struct sk_buff *msg = NULL;
9574 	struct cfg80211_mgmt_tx_params params = {
9575 		.dont_wait_for_ack =
9576 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
9577 	};
9578 
9579 	if (!info->attrs[NL80211_ATTR_FRAME])
9580 		return -EINVAL;
9581 
9582 	if (!rdev->ops->mgmt_tx)
9583 		return -EOPNOTSUPP;
9584 
9585 	switch (wdev->iftype) {
9586 	case NL80211_IFTYPE_P2P_DEVICE:
9587 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9588 			return -EINVAL;
9589 	case NL80211_IFTYPE_STATION:
9590 	case NL80211_IFTYPE_ADHOC:
9591 	case NL80211_IFTYPE_P2P_CLIENT:
9592 	case NL80211_IFTYPE_AP:
9593 	case NL80211_IFTYPE_AP_VLAN:
9594 	case NL80211_IFTYPE_MESH_POINT:
9595 	case NL80211_IFTYPE_P2P_GO:
9596 		break;
9597 	case NL80211_IFTYPE_NAN:
9598 	default:
9599 		return -EOPNOTSUPP;
9600 	}
9601 
9602 	if (info->attrs[NL80211_ATTR_DURATION]) {
9603 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
9604 			return -EINVAL;
9605 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
9606 
9607 		/*
9608 		 * We should wait on the channel for at least a minimum amount
9609 		 * of time (10ms) but no longer than the driver supports.
9610 		 */
9611 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
9612 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
9613 			return -EINVAL;
9614 	}
9615 
9616 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
9617 
9618 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
9619 		return -EINVAL;
9620 
9621 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
9622 
9623 	/* get the channel if any has been specified, otherwise pass NULL to
9624 	 * the driver. The latter will use the current one
9625 	 */
9626 	chandef.chan = NULL;
9627 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9628 		err = nl80211_parse_chandef(rdev, info, &chandef);
9629 		if (err)
9630 			return err;
9631 	}
9632 
9633 	if (!chandef.chan && params.offchan)
9634 		return -EINVAL;
9635 
9636 	wdev_lock(wdev);
9637 	if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
9638 		wdev_unlock(wdev);
9639 		return -EBUSY;
9640 	}
9641 	wdev_unlock(wdev);
9642 
9643 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
9644 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
9645 
9646 	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
9647 		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
9648 		int i;
9649 
9650 		if (len % sizeof(u16))
9651 			return -EINVAL;
9652 
9653 		params.n_csa_offsets = len / sizeof(u16);
9654 		params.csa_offsets =
9655 			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
9656 
9657 		/* check that all the offsets fit the frame */
9658 		for (i = 0; i < params.n_csa_offsets; i++) {
9659 			if (params.csa_offsets[i] >= params.len)
9660 				return -EINVAL;
9661 		}
9662 	}
9663 
9664 	if (!params.dont_wait_for_ack) {
9665 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9666 		if (!msg)
9667 			return -ENOMEM;
9668 
9669 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9670 				     NL80211_CMD_FRAME);
9671 		if (!hdr) {
9672 			err = -ENOBUFS;
9673 			goto free_msg;
9674 		}
9675 	}
9676 
9677 	params.chan = chandef.chan;
9678 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
9679 	if (err)
9680 		goto free_msg;
9681 
9682 	if (msg) {
9683 		if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
9684 				      NL80211_ATTR_PAD))
9685 			goto nla_put_failure;
9686 
9687 		genlmsg_end(msg, hdr);
9688 		return genlmsg_reply(msg, info);
9689 	}
9690 
9691 	return 0;
9692 
9693  nla_put_failure:
9694 	err = -ENOBUFS;
9695  free_msg:
9696 	nlmsg_free(msg);
9697 	return err;
9698 }
9699 
9700 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
9701 {
9702 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9703 	struct wireless_dev *wdev = info->user_ptr[1];
9704 	u64 cookie;
9705 
9706 	if (!info->attrs[NL80211_ATTR_COOKIE])
9707 		return -EINVAL;
9708 
9709 	if (!rdev->ops->mgmt_tx_cancel_wait)
9710 		return -EOPNOTSUPP;
9711 
9712 	switch (wdev->iftype) {
9713 	case NL80211_IFTYPE_STATION:
9714 	case NL80211_IFTYPE_ADHOC:
9715 	case NL80211_IFTYPE_P2P_CLIENT:
9716 	case NL80211_IFTYPE_AP:
9717 	case NL80211_IFTYPE_AP_VLAN:
9718 	case NL80211_IFTYPE_P2P_GO:
9719 	case NL80211_IFTYPE_P2P_DEVICE:
9720 		break;
9721 	case NL80211_IFTYPE_NAN:
9722 	default:
9723 		return -EOPNOTSUPP;
9724 	}
9725 
9726 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9727 
9728 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
9729 }
9730 
9731 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
9732 {
9733 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9734 	struct wireless_dev *wdev;
9735 	struct net_device *dev = info->user_ptr[1];
9736 	u8 ps_state;
9737 	bool state;
9738 	int err;
9739 
9740 	if (!info->attrs[NL80211_ATTR_PS_STATE])
9741 		return -EINVAL;
9742 
9743 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
9744 
9745 	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
9746 		return -EINVAL;
9747 
9748 	wdev = dev->ieee80211_ptr;
9749 
9750 	if (!rdev->ops->set_power_mgmt)
9751 		return -EOPNOTSUPP;
9752 
9753 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
9754 
9755 	if (state == wdev->ps)
9756 		return 0;
9757 
9758 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
9759 	if (!err)
9760 		wdev->ps = state;
9761 	return err;
9762 }
9763 
9764 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
9765 {
9766 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9767 	enum nl80211_ps_state ps_state;
9768 	struct wireless_dev *wdev;
9769 	struct net_device *dev = info->user_ptr[1];
9770 	struct sk_buff *msg;
9771 	void *hdr;
9772 	int err;
9773 
9774 	wdev = dev->ieee80211_ptr;
9775 
9776 	if (!rdev->ops->set_power_mgmt)
9777 		return -EOPNOTSUPP;
9778 
9779 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9780 	if (!msg)
9781 		return -ENOMEM;
9782 
9783 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9784 			     NL80211_CMD_GET_POWER_SAVE);
9785 	if (!hdr) {
9786 		err = -ENOBUFS;
9787 		goto free_msg;
9788 	}
9789 
9790 	if (wdev->ps)
9791 		ps_state = NL80211_PS_ENABLED;
9792 	else
9793 		ps_state = NL80211_PS_DISABLED;
9794 
9795 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
9796 		goto nla_put_failure;
9797 
9798 	genlmsg_end(msg, hdr);
9799 	return genlmsg_reply(msg, info);
9800 
9801  nla_put_failure:
9802 	err = -ENOBUFS;
9803  free_msg:
9804 	nlmsg_free(msg);
9805 	return err;
9806 }
9807 
9808 static const struct nla_policy
9809 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
9810 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
9811 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
9812 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
9813 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
9814 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
9815 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
9816 	[NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
9817 };
9818 
9819 static int nl80211_set_cqm_txe(struct genl_info *info,
9820 			       u32 rate, u32 pkts, u32 intvl)
9821 {
9822 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9823 	struct net_device *dev = info->user_ptr[1];
9824 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9825 
9826 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
9827 		return -EINVAL;
9828 
9829 	if (!rdev->ops->set_cqm_txe_config)
9830 		return -EOPNOTSUPP;
9831 
9832 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
9833 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9834 		return -EOPNOTSUPP;
9835 
9836 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
9837 }
9838 
9839 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
9840 				    struct net_device *dev)
9841 {
9842 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9843 	s32 last, low, high;
9844 	u32 hyst;
9845 	int i, n;
9846 	int err;
9847 
9848 	/* RSSI reporting disabled? */
9849 	if (!wdev->cqm_config)
9850 		return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
9851 
9852 	/*
9853 	 * Obtain current RSSI value if possible, if not and no RSSI threshold
9854 	 * event has been received yet, we should receive an event after a
9855 	 * connection is established and enough beacons received to calculate
9856 	 * the average.
9857 	 */
9858 	if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
9859 	    rdev->ops->get_station) {
9860 		struct station_info sinfo = {};
9861 		u8 *mac_addr;
9862 
9863 		mac_addr = wdev->current_bss->pub.bssid;
9864 
9865 		err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
9866 		if (err)
9867 			return err;
9868 
9869 		if (sinfo.filled & BIT(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
9870 			wdev->cqm_config->last_rssi_event_value =
9871 				(s8) sinfo.rx_beacon_signal_avg;
9872 	}
9873 
9874 	last = wdev->cqm_config->last_rssi_event_value;
9875 	hyst = wdev->cqm_config->rssi_hyst;
9876 	n = wdev->cqm_config->n_rssi_thresholds;
9877 
9878 	for (i = 0; i < n; i++)
9879 		if (last < wdev->cqm_config->rssi_thresholds[i])
9880 			break;
9881 
9882 	low = i > 0 ?
9883 		(wdev->cqm_config->rssi_thresholds[i - 1] - hyst) : S32_MIN;
9884 	high = i < n ?
9885 		(wdev->cqm_config->rssi_thresholds[i] + hyst - 1) : S32_MAX;
9886 
9887 	return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
9888 }
9889 
9890 static int nl80211_set_cqm_rssi(struct genl_info *info,
9891 				const s32 *thresholds, int n_thresholds,
9892 				u32 hysteresis)
9893 {
9894 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9895 	struct net_device *dev = info->user_ptr[1];
9896 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9897 	int i, err;
9898 	s32 prev = S32_MIN;
9899 
9900 	/* Check all values negative and sorted */
9901 	for (i = 0; i < n_thresholds; i++) {
9902 		if (thresholds[i] > 0 || thresholds[i] <= prev)
9903 			return -EINVAL;
9904 
9905 		prev = thresholds[i];
9906 	}
9907 
9908 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
9909 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9910 		return -EOPNOTSUPP;
9911 
9912 	wdev_lock(wdev);
9913 	cfg80211_cqm_config_free(wdev);
9914 	wdev_unlock(wdev);
9915 
9916 	if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
9917 		if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
9918 			return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
9919 
9920 		return rdev_set_cqm_rssi_config(rdev, dev,
9921 						thresholds[0], hysteresis);
9922 	}
9923 
9924 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
9925 				     NL80211_EXT_FEATURE_CQM_RSSI_LIST))
9926 		return -EOPNOTSUPP;
9927 
9928 	if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
9929 		n_thresholds = 0;
9930 
9931 	wdev_lock(wdev);
9932 	if (n_thresholds) {
9933 		struct cfg80211_cqm_config *cqm_config;
9934 
9935 		cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
9936 				     n_thresholds * sizeof(s32), GFP_KERNEL);
9937 		if (!cqm_config) {
9938 			err = -ENOMEM;
9939 			goto unlock;
9940 		}
9941 
9942 		cqm_config->rssi_hyst = hysteresis;
9943 		cqm_config->n_rssi_thresholds = n_thresholds;
9944 		memcpy(cqm_config->rssi_thresholds, thresholds,
9945 		       n_thresholds * sizeof(s32));
9946 
9947 		wdev->cqm_config = cqm_config;
9948 	}
9949 
9950 	err = cfg80211_cqm_rssi_update(rdev, dev);
9951 
9952 unlock:
9953 	wdev_unlock(wdev);
9954 
9955 	return err;
9956 }
9957 
9958 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
9959 {
9960 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
9961 	struct nlattr *cqm;
9962 	int err;
9963 
9964 	cqm = info->attrs[NL80211_ATTR_CQM];
9965 	if (!cqm)
9966 		return -EINVAL;
9967 
9968 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
9969 			       nl80211_attr_cqm_policy, info->extack);
9970 	if (err)
9971 		return err;
9972 
9973 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
9974 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
9975 		const s32 *thresholds =
9976 			nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
9977 		int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
9978 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
9979 
9980 		if (len % 4)
9981 			return -EINVAL;
9982 
9983 		return nl80211_set_cqm_rssi(info, thresholds, len / 4,
9984 					    hysteresis);
9985 	}
9986 
9987 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
9988 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
9989 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
9990 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
9991 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
9992 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
9993 
9994 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
9995 	}
9996 
9997 	return -EINVAL;
9998 }
9999 
10000 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
10001 {
10002 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10003 	struct net_device *dev = info->user_ptr[1];
10004 	struct ocb_setup setup = {};
10005 	int err;
10006 
10007 	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10008 	if (err)
10009 		return err;
10010 
10011 	return cfg80211_join_ocb(rdev, dev, &setup);
10012 }
10013 
10014 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
10015 {
10016 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10017 	struct net_device *dev = info->user_ptr[1];
10018 
10019 	return cfg80211_leave_ocb(rdev, dev);
10020 }
10021 
10022 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
10023 {
10024 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10025 	struct net_device *dev = info->user_ptr[1];
10026 	struct mesh_config cfg;
10027 	struct mesh_setup setup;
10028 	int err;
10029 
10030 	/* start with default */
10031 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
10032 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
10033 
10034 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
10035 		/* and parse parameters if given */
10036 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
10037 		if (err)
10038 			return err;
10039 	}
10040 
10041 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
10042 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
10043 		return -EINVAL;
10044 
10045 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
10046 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
10047 
10048 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
10049 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
10050 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10051 			return -EINVAL;
10052 
10053 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
10054 		setup.beacon_interval =
10055 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10056 
10057 		err = cfg80211_validate_beacon_int(rdev,
10058 						   NL80211_IFTYPE_MESH_POINT,
10059 						   setup.beacon_interval);
10060 		if (err)
10061 			return err;
10062 	}
10063 
10064 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
10065 		setup.dtim_period =
10066 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
10067 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
10068 			return -EINVAL;
10069 	}
10070 
10071 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
10072 		/* parse additional setup parameters if given */
10073 		err = nl80211_parse_mesh_setup(info, &setup);
10074 		if (err)
10075 			return err;
10076 	}
10077 
10078 	if (setup.user_mpm)
10079 		cfg.auto_open_plinks = false;
10080 
10081 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10082 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10083 		if (err)
10084 			return err;
10085 	} else {
10086 		/* cfg80211_join_mesh() will sort it out */
10087 		setup.chandef.chan = NULL;
10088 	}
10089 
10090 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10091 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10092 		int n_rates =
10093 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10094 		struct ieee80211_supported_band *sband;
10095 
10096 		if (!setup.chandef.chan)
10097 			return -EINVAL;
10098 
10099 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
10100 
10101 		err = ieee80211_get_ratemask(sband, rates, n_rates,
10102 					     &setup.basic_rates);
10103 		if (err)
10104 			return err;
10105 	}
10106 
10107 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
10108 		err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
10109 		if (err)
10110 			return err;
10111 
10112 		if (!setup.chandef.chan)
10113 			return -EINVAL;
10114 
10115 		err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
10116 					      &setup.beacon_rate);
10117 		if (err)
10118 			return err;
10119 	}
10120 
10121 	setup.userspace_handles_dfs =
10122 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10123 
10124 	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
10125 }
10126 
10127 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
10128 {
10129 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10130 	struct net_device *dev = info->user_ptr[1];
10131 
10132 	return cfg80211_leave_mesh(rdev, dev);
10133 }
10134 
10135 #ifdef CONFIG_PM
10136 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
10137 					struct cfg80211_registered_device *rdev)
10138 {
10139 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
10140 	struct nlattr *nl_pats, *nl_pat;
10141 	int i, pat_len;
10142 
10143 	if (!wowlan->n_patterns)
10144 		return 0;
10145 
10146 	nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
10147 	if (!nl_pats)
10148 		return -ENOBUFS;
10149 
10150 	for (i = 0; i < wowlan->n_patterns; i++) {
10151 		nl_pat = nla_nest_start(msg, i + 1);
10152 		if (!nl_pat)
10153 			return -ENOBUFS;
10154 		pat_len = wowlan->patterns[i].pattern_len;
10155 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
10156 			    wowlan->patterns[i].mask) ||
10157 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10158 			    wowlan->patterns[i].pattern) ||
10159 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10160 				wowlan->patterns[i].pkt_offset))
10161 			return -ENOBUFS;
10162 		nla_nest_end(msg, nl_pat);
10163 	}
10164 	nla_nest_end(msg, nl_pats);
10165 
10166 	return 0;
10167 }
10168 
10169 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
10170 				   struct cfg80211_wowlan_tcp *tcp)
10171 {
10172 	struct nlattr *nl_tcp;
10173 
10174 	if (!tcp)
10175 		return 0;
10176 
10177 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
10178 	if (!nl_tcp)
10179 		return -ENOBUFS;
10180 
10181 	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
10182 	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
10183 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
10184 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
10185 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
10186 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
10187 		    tcp->payload_len, tcp->payload) ||
10188 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
10189 			tcp->data_interval) ||
10190 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
10191 		    tcp->wake_len, tcp->wake_data) ||
10192 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
10193 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
10194 		return -ENOBUFS;
10195 
10196 	if (tcp->payload_seq.len &&
10197 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
10198 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
10199 		return -ENOBUFS;
10200 
10201 	if (tcp->payload_tok.len &&
10202 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
10203 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
10204 		    &tcp->payload_tok))
10205 		return -ENOBUFS;
10206 
10207 	nla_nest_end(msg, nl_tcp);
10208 
10209 	return 0;
10210 }
10211 
10212 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
10213 				  struct cfg80211_sched_scan_request *req)
10214 {
10215 	struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
10216 	int i;
10217 
10218 	if (!req)
10219 		return 0;
10220 
10221 	nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
10222 	if (!nd)
10223 		return -ENOBUFS;
10224 
10225 	if (req->n_scan_plans == 1 &&
10226 	    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
10227 			req->scan_plans[0].interval * 1000))
10228 		return -ENOBUFS;
10229 
10230 	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
10231 		return -ENOBUFS;
10232 
10233 	if (req->relative_rssi_set) {
10234 		struct nl80211_bss_select_rssi_adjust rssi_adjust;
10235 
10236 		if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
10237 			       req->relative_rssi))
10238 			return -ENOBUFS;
10239 
10240 		rssi_adjust.band = req->rssi_adjust.band;
10241 		rssi_adjust.delta = req->rssi_adjust.delta;
10242 		if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
10243 			    sizeof(rssi_adjust), &rssi_adjust))
10244 			return -ENOBUFS;
10245 	}
10246 
10247 	freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10248 	if (!freqs)
10249 		return -ENOBUFS;
10250 
10251 	for (i = 0; i < req->n_channels; i++) {
10252 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
10253 			return -ENOBUFS;
10254 	}
10255 
10256 	nla_nest_end(msg, freqs);
10257 
10258 	if (req->n_match_sets) {
10259 		matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
10260 		if (!matches)
10261 			return -ENOBUFS;
10262 
10263 		for (i = 0; i < req->n_match_sets; i++) {
10264 			match = nla_nest_start(msg, i);
10265 			if (!match)
10266 				return -ENOBUFS;
10267 
10268 			if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
10269 				    req->match_sets[i].ssid.ssid_len,
10270 				    req->match_sets[i].ssid.ssid))
10271 				return -ENOBUFS;
10272 			nla_nest_end(msg, match);
10273 		}
10274 		nla_nest_end(msg, matches);
10275 	}
10276 
10277 	scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
10278 	if (!scan_plans)
10279 		return -ENOBUFS;
10280 
10281 	for (i = 0; i < req->n_scan_plans; i++) {
10282 		scan_plan = nla_nest_start(msg, i + 1);
10283 		if (!scan_plan)
10284 			return -ENOBUFS;
10285 
10286 		if (!scan_plan ||
10287 		    nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
10288 				req->scan_plans[i].interval) ||
10289 		    (req->scan_plans[i].iterations &&
10290 		     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
10291 				 req->scan_plans[i].iterations)))
10292 			return -ENOBUFS;
10293 		nla_nest_end(msg, scan_plan);
10294 	}
10295 	nla_nest_end(msg, scan_plans);
10296 
10297 	nla_nest_end(msg, nd);
10298 
10299 	return 0;
10300 }
10301 
10302 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
10303 {
10304 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10305 	struct sk_buff *msg;
10306 	void *hdr;
10307 	u32 size = NLMSG_DEFAULT_SIZE;
10308 
10309 	if (!rdev->wiphy.wowlan)
10310 		return -EOPNOTSUPP;
10311 
10312 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
10313 		/* adjust size to have room for all the data */
10314 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
10315 			rdev->wiphy.wowlan_config->tcp->payload_len +
10316 			rdev->wiphy.wowlan_config->tcp->wake_len +
10317 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
10318 	}
10319 
10320 	msg = nlmsg_new(size, GFP_KERNEL);
10321 	if (!msg)
10322 		return -ENOMEM;
10323 
10324 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10325 			     NL80211_CMD_GET_WOWLAN);
10326 	if (!hdr)
10327 		goto nla_put_failure;
10328 
10329 	if (rdev->wiphy.wowlan_config) {
10330 		struct nlattr *nl_wowlan;
10331 
10332 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
10333 		if (!nl_wowlan)
10334 			goto nla_put_failure;
10335 
10336 		if ((rdev->wiphy.wowlan_config->any &&
10337 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
10338 		    (rdev->wiphy.wowlan_config->disconnect &&
10339 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
10340 		    (rdev->wiphy.wowlan_config->magic_pkt &&
10341 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
10342 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
10343 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
10344 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
10345 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
10346 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
10347 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
10348 		    (rdev->wiphy.wowlan_config->rfkill_release &&
10349 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
10350 			goto nla_put_failure;
10351 
10352 		if (nl80211_send_wowlan_patterns(msg, rdev))
10353 			goto nla_put_failure;
10354 
10355 		if (nl80211_send_wowlan_tcp(msg,
10356 					    rdev->wiphy.wowlan_config->tcp))
10357 			goto nla_put_failure;
10358 
10359 		if (nl80211_send_wowlan_nd(
10360 			    msg,
10361 			    rdev->wiphy.wowlan_config->nd_config))
10362 			goto nla_put_failure;
10363 
10364 		nla_nest_end(msg, nl_wowlan);
10365 	}
10366 
10367 	genlmsg_end(msg, hdr);
10368 	return genlmsg_reply(msg, info);
10369 
10370 nla_put_failure:
10371 	nlmsg_free(msg);
10372 	return -ENOBUFS;
10373 }
10374 
10375 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
10376 				    struct nlattr *attr,
10377 				    struct cfg80211_wowlan *trig)
10378 {
10379 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
10380 	struct cfg80211_wowlan_tcp *cfg;
10381 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
10382 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
10383 	u32 size;
10384 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
10385 	int err, port;
10386 
10387 	if (!rdev->wiphy.wowlan->tcp)
10388 		return -EINVAL;
10389 
10390 	err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TCP, attr,
10391 			       nl80211_wowlan_tcp_policy, NULL);
10392 	if (err)
10393 		return err;
10394 
10395 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
10396 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
10397 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
10398 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
10399 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
10400 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
10401 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
10402 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
10403 		return -EINVAL;
10404 
10405 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
10406 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
10407 		return -EINVAL;
10408 
10409 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
10410 			rdev->wiphy.wowlan->tcp->data_interval_max ||
10411 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
10412 		return -EINVAL;
10413 
10414 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
10415 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
10416 		return -EINVAL;
10417 
10418 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
10419 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
10420 		return -EINVAL;
10421 
10422 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
10423 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10424 
10425 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10426 		tokens_size = tokln - sizeof(*tok);
10427 
10428 		if (!tok->len || tokens_size % tok->len)
10429 			return -EINVAL;
10430 		if (!rdev->wiphy.wowlan->tcp->tok)
10431 			return -EINVAL;
10432 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
10433 			return -EINVAL;
10434 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
10435 			return -EINVAL;
10436 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
10437 			return -EINVAL;
10438 		if (tok->offset + tok->len > data_size)
10439 			return -EINVAL;
10440 	}
10441 
10442 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
10443 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
10444 		if (!rdev->wiphy.wowlan->tcp->seq)
10445 			return -EINVAL;
10446 		if (seq->len == 0 || seq->len > 4)
10447 			return -EINVAL;
10448 		if (seq->len + seq->offset > data_size)
10449 			return -EINVAL;
10450 	}
10451 
10452 	size = sizeof(*cfg);
10453 	size += data_size;
10454 	size += wake_size + wake_mask_size;
10455 	size += tokens_size;
10456 
10457 	cfg = kzalloc(size, GFP_KERNEL);
10458 	if (!cfg)
10459 		return -ENOMEM;
10460 	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
10461 	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
10462 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
10463 	       ETH_ALEN);
10464 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
10465 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
10466 	else
10467 		port = 0;
10468 #ifdef CONFIG_INET
10469 	/* allocate a socket and port for it and use it */
10470 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
10471 			    IPPROTO_TCP, &cfg->sock, 1);
10472 	if (err) {
10473 		kfree(cfg);
10474 		return err;
10475 	}
10476 	if (inet_csk_get_port(cfg->sock->sk, port)) {
10477 		sock_release(cfg->sock);
10478 		kfree(cfg);
10479 		return -EADDRINUSE;
10480 	}
10481 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
10482 #else
10483 	if (!port) {
10484 		kfree(cfg);
10485 		return -EINVAL;
10486 	}
10487 	cfg->src_port = port;
10488 #endif
10489 
10490 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
10491 	cfg->payload_len = data_size;
10492 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
10493 	memcpy((void *)cfg->payload,
10494 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
10495 	       data_size);
10496 	if (seq)
10497 		cfg->payload_seq = *seq;
10498 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
10499 	cfg->wake_len = wake_size;
10500 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
10501 	memcpy((void *)cfg->wake_data,
10502 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
10503 	       wake_size);
10504 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
10505 			 data_size + wake_size;
10506 	memcpy((void *)cfg->wake_mask,
10507 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
10508 	       wake_mask_size);
10509 	if (tok) {
10510 		cfg->tokens_size = tokens_size;
10511 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
10512 	}
10513 
10514 	trig->tcp = cfg;
10515 
10516 	return 0;
10517 }
10518 
10519 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
10520 				   const struct wiphy_wowlan_support *wowlan,
10521 				   struct nlattr *attr,
10522 				   struct cfg80211_wowlan *trig)
10523 {
10524 	struct nlattr **tb;
10525 	int err;
10526 
10527 	tb = kzalloc(NUM_NL80211_ATTR * sizeof(*tb), GFP_KERNEL);
10528 	if (!tb)
10529 		return -ENOMEM;
10530 
10531 	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
10532 		err = -EOPNOTSUPP;
10533 		goto out;
10534 	}
10535 
10536 	err = nla_parse_nested(tb, NL80211_ATTR_MAX, attr, nl80211_policy,
10537 			       NULL);
10538 	if (err)
10539 		goto out;
10540 
10541 	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
10542 						   wowlan->max_nd_match_sets);
10543 	err = PTR_ERR_OR_ZERO(trig->nd_config);
10544 	if (err)
10545 		trig->nd_config = NULL;
10546 
10547 out:
10548 	kfree(tb);
10549 	return err;
10550 }
10551 
10552 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
10553 {
10554 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10555 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
10556 	struct cfg80211_wowlan new_triggers = {};
10557 	struct cfg80211_wowlan *ntrig;
10558 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
10559 	int err, i;
10560 	bool prev_enabled = rdev->wiphy.wowlan_config;
10561 	bool regular = false;
10562 
10563 	if (!wowlan)
10564 		return -EOPNOTSUPP;
10565 
10566 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
10567 		cfg80211_rdev_free_wowlan(rdev);
10568 		rdev->wiphy.wowlan_config = NULL;
10569 		goto set_wakeup;
10570 	}
10571 
10572 	err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TRIG,
10573 			       info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
10574 			       nl80211_wowlan_policy, info->extack);
10575 	if (err)
10576 		return err;
10577 
10578 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
10579 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
10580 			return -EINVAL;
10581 		new_triggers.any = true;
10582 	}
10583 
10584 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
10585 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
10586 			return -EINVAL;
10587 		new_triggers.disconnect = true;
10588 		regular = true;
10589 	}
10590 
10591 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
10592 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
10593 			return -EINVAL;
10594 		new_triggers.magic_pkt = true;
10595 		regular = true;
10596 	}
10597 
10598 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
10599 		return -EINVAL;
10600 
10601 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
10602 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
10603 			return -EINVAL;
10604 		new_triggers.gtk_rekey_failure = true;
10605 		regular = true;
10606 	}
10607 
10608 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
10609 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
10610 			return -EINVAL;
10611 		new_triggers.eap_identity_req = true;
10612 		regular = true;
10613 	}
10614 
10615 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
10616 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
10617 			return -EINVAL;
10618 		new_triggers.four_way_handshake = true;
10619 		regular = true;
10620 	}
10621 
10622 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
10623 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
10624 			return -EINVAL;
10625 		new_triggers.rfkill_release = true;
10626 		regular = true;
10627 	}
10628 
10629 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
10630 		struct nlattr *pat;
10631 		int n_patterns = 0;
10632 		int rem, pat_len, mask_len, pkt_offset;
10633 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
10634 
10635 		regular = true;
10636 
10637 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
10638 				    rem)
10639 			n_patterns++;
10640 		if (n_patterns > wowlan->n_patterns)
10641 			return -EINVAL;
10642 
10643 		new_triggers.patterns = kcalloc(n_patterns,
10644 						sizeof(new_triggers.patterns[0]),
10645 						GFP_KERNEL);
10646 		if (!new_triggers.patterns)
10647 			return -ENOMEM;
10648 
10649 		new_triggers.n_patterns = n_patterns;
10650 		i = 0;
10651 
10652 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
10653 				    rem) {
10654 			u8 *mask_pat;
10655 
10656 			nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
10657 					 nl80211_packet_pattern_policy,
10658 					 info->extack);
10659 			err = -EINVAL;
10660 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
10661 			    !pat_tb[NL80211_PKTPAT_PATTERN])
10662 				goto error;
10663 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
10664 			mask_len = DIV_ROUND_UP(pat_len, 8);
10665 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
10666 				goto error;
10667 			if (pat_len > wowlan->pattern_max_len ||
10668 			    pat_len < wowlan->pattern_min_len)
10669 				goto error;
10670 
10671 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
10672 				pkt_offset = 0;
10673 			else
10674 				pkt_offset = nla_get_u32(
10675 					pat_tb[NL80211_PKTPAT_OFFSET]);
10676 			if (pkt_offset > wowlan->max_pkt_offset)
10677 				goto error;
10678 			new_triggers.patterns[i].pkt_offset = pkt_offset;
10679 
10680 			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
10681 			if (!mask_pat) {
10682 				err = -ENOMEM;
10683 				goto error;
10684 			}
10685 			new_triggers.patterns[i].mask = mask_pat;
10686 			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
10687 			       mask_len);
10688 			mask_pat += mask_len;
10689 			new_triggers.patterns[i].pattern = mask_pat;
10690 			new_triggers.patterns[i].pattern_len = pat_len;
10691 			memcpy(mask_pat,
10692 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
10693 			       pat_len);
10694 			i++;
10695 		}
10696 	}
10697 
10698 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
10699 		regular = true;
10700 		err = nl80211_parse_wowlan_tcp(
10701 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
10702 			&new_triggers);
10703 		if (err)
10704 			goto error;
10705 	}
10706 
10707 	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
10708 		regular = true;
10709 		err = nl80211_parse_wowlan_nd(
10710 			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
10711 			&new_triggers);
10712 		if (err)
10713 			goto error;
10714 	}
10715 
10716 	/* The 'any' trigger means the device continues operating more or less
10717 	 * as in its normal operation mode and wakes up the host on most of the
10718 	 * normal interrupts (like packet RX, ...)
10719 	 * It therefore makes little sense to combine with the more constrained
10720 	 * wakeup trigger modes.
10721 	 */
10722 	if (new_triggers.any && regular) {
10723 		err = -EINVAL;
10724 		goto error;
10725 	}
10726 
10727 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
10728 	if (!ntrig) {
10729 		err = -ENOMEM;
10730 		goto error;
10731 	}
10732 	cfg80211_rdev_free_wowlan(rdev);
10733 	rdev->wiphy.wowlan_config = ntrig;
10734 
10735  set_wakeup:
10736 	if (rdev->ops->set_wakeup &&
10737 	    prev_enabled != !!rdev->wiphy.wowlan_config)
10738 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
10739 
10740 	return 0;
10741  error:
10742 	for (i = 0; i < new_triggers.n_patterns; i++)
10743 		kfree(new_triggers.patterns[i].mask);
10744 	kfree(new_triggers.patterns);
10745 	if (new_triggers.tcp && new_triggers.tcp->sock)
10746 		sock_release(new_triggers.tcp->sock);
10747 	kfree(new_triggers.tcp);
10748 	kfree(new_triggers.nd_config);
10749 	return err;
10750 }
10751 #endif
10752 
10753 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
10754 				       struct cfg80211_registered_device *rdev)
10755 {
10756 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
10757 	int i, j, pat_len;
10758 	struct cfg80211_coalesce_rules *rule;
10759 
10760 	if (!rdev->coalesce->n_rules)
10761 		return 0;
10762 
10763 	nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
10764 	if (!nl_rules)
10765 		return -ENOBUFS;
10766 
10767 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
10768 		nl_rule = nla_nest_start(msg, i + 1);
10769 		if (!nl_rule)
10770 			return -ENOBUFS;
10771 
10772 		rule = &rdev->coalesce->rules[i];
10773 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
10774 				rule->delay))
10775 			return -ENOBUFS;
10776 
10777 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
10778 				rule->condition))
10779 			return -ENOBUFS;
10780 
10781 		nl_pats = nla_nest_start(msg,
10782 				NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
10783 		if (!nl_pats)
10784 			return -ENOBUFS;
10785 
10786 		for (j = 0; j < rule->n_patterns; j++) {
10787 			nl_pat = nla_nest_start(msg, j + 1);
10788 			if (!nl_pat)
10789 				return -ENOBUFS;
10790 			pat_len = rule->patterns[j].pattern_len;
10791 			if (nla_put(msg, NL80211_PKTPAT_MASK,
10792 				    DIV_ROUND_UP(pat_len, 8),
10793 				    rule->patterns[j].mask) ||
10794 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10795 				    rule->patterns[j].pattern) ||
10796 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10797 					rule->patterns[j].pkt_offset))
10798 				return -ENOBUFS;
10799 			nla_nest_end(msg, nl_pat);
10800 		}
10801 		nla_nest_end(msg, nl_pats);
10802 		nla_nest_end(msg, nl_rule);
10803 	}
10804 	nla_nest_end(msg, nl_rules);
10805 
10806 	return 0;
10807 }
10808 
10809 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
10810 {
10811 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10812 	struct sk_buff *msg;
10813 	void *hdr;
10814 
10815 	if (!rdev->wiphy.coalesce)
10816 		return -EOPNOTSUPP;
10817 
10818 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10819 	if (!msg)
10820 		return -ENOMEM;
10821 
10822 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10823 			     NL80211_CMD_GET_COALESCE);
10824 	if (!hdr)
10825 		goto nla_put_failure;
10826 
10827 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
10828 		goto nla_put_failure;
10829 
10830 	genlmsg_end(msg, hdr);
10831 	return genlmsg_reply(msg, info);
10832 
10833 nla_put_failure:
10834 	nlmsg_free(msg);
10835 	return -ENOBUFS;
10836 }
10837 
10838 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
10839 {
10840 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
10841 	int i, j;
10842 	struct cfg80211_coalesce_rules *rule;
10843 
10844 	if (!coalesce)
10845 		return;
10846 
10847 	for (i = 0; i < coalesce->n_rules; i++) {
10848 		rule = &coalesce->rules[i];
10849 		for (j = 0; j < rule->n_patterns; j++)
10850 			kfree(rule->patterns[j].mask);
10851 		kfree(rule->patterns);
10852 	}
10853 	kfree(coalesce->rules);
10854 	kfree(coalesce);
10855 	rdev->coalesce = NULL;
10856 }
10857 
10858 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
10859 				       struct nlattr *rule,
10860 				       struct cfg80211_coalesce_rules *new_rule)
10861 {
10862 	int err, i;
10863 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10864 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
10865 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
10866 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
10867 
10868 	err = nla_parse_nested(tb, NL80211_ATTR_COALESCE_RULE_MAX, rule,
10869 			       nl80211_coalesce_policy, NULL);
10870 	if (err)
10871 		return err;
10872 
10873 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
10874 		new_rule->delay =
10875 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
10876 	if (new_rule->delay > coalesce->max_delay)
10877 		return -EINVAL;
10878 
10879 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
10880 		new_rule->condition =
10881 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
10882 	if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
10883 	    new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
10884 		return -EINVAL;
10885 
10886 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
10887 		return -EINVAL;
10888 
10889 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10890 			    rem)
10891 		n_patterns++;
10892 	if (n_patterns > coalesce->n_patterns)
10893 		return -EINVAL;
10894 
10895 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
10896 				     GFP_KERNEL);
10897 	if (!new_rule->patterns)
10898 		return -ENOMEM;
10899 
10900 	new_rule->n_patterns = n_patterns;
10901 	i = 0;
10902 
10903 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10904 			    rem) {
10905 		u8 *mask_pat;
10906 
10907 		nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
10908 				 nl80211_packet_pattern_policy, NULL);
10909 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
10910 		    !pat_tb[NL80211_PKTPAT_PATTERN])
10911 			return -EINVAL;
10912 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
10913 		mask_len = DIV_ROUND_UP(pat_len, 8);
10914 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
10915 			return -EINVAL;
10916 		if (pat_len > coalesce->pattern_max_len ||
10917 		    pat_len < coalesce->pattern_min_len)
10918 			return -EINVAL;
10919 
10920 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
10921 			pkt_offset = 0;
10922 		else
10923 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
10924 		if (pkt_offset > coalesce->max_pkt_offset)
10925 			return -EINVAL;
10926 		new_rule->patterns[i].pkt_offset = pkt_offset;
10927 
10928 		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
10929 		if (!mask_pat)
10930 			return -ENOMEM;
10931 
10932 		new_rule->patterns[i].mask = mask_pat;
10933 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
10934 		       mask_len);
10935 
10936 		mask_pat += mask_len;
10937 		new_rule->patterns[i].pattern = mask_pat;
10938 		new_rule->patterns[i].pattern_len = pat_len;
10939 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
10940 		       pat_len);
10941 		i++;
10942 	}
10943 
10944 	return 0;
10945 }
10946 
10947 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
10948 {
10949 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10950 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10951 	struct cfg80211_coalesce new_coalesce = {};
10952 	struct cfg80211_coalesce *n_coalesce;
10953 	int err, rem_rule, n_rules = 0, i, j;
10954 	struct nlattr *rule;
10955 	struct cfg80211_coalesce_rules *tmp_rule;
10956 
10957 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
10958 		return -EOPNOTSUPP;
10959 
10960 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
10961 		cfg80211_rdev_free_coalesce(rdev);
10962 		rdev_set_coalesce(rdev, NULL);
10963 		return 0;
10964 	}
10965 
10966 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10967 			    rem_rule)
10968 		n_rules++;
10969 	if (n_rules > coalesce->n_rules)
10970 		return -EINVAL;
10971 
10972 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
10973 				     GFP_KERNEL);
10974 	if (!new_coalesce.rules)
10975 		return -ENOMEM;
10976 
10977 	new_coalesce.n_rules = n_rules;
10978 	i = 0;
10979 
10980 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10981 			    rem_rule) {
10982 		err = nl80211_parse_coalesce_rule(rdev, rule,
10983 						  &new_coalesce.rules[i]);
10984 		if (err)
10985 			goto error;
10986 
10987 		i++;
10988 	}
10989 
10990 	err = rdev_set_coalesce(rdev, &new_coalesce);
10991 	if (err)
10992 		goto error;
10993 
10994 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
10995 	if (!n_coalesce) {
10996 		err = -ENOMEM;
10997 		goto error;
10998 	}
10999 	cfg80211_rdev_free_coalesce(rdev);
11000 	rdev->coalesce = n_coalesce;
11001 
11002 	return 0;
11003 error:
11004 	for (i = 0; i < new_coalesce.n_rules; i++) {
11005 		tmp_rule = &new_coalesce.rules[i];
11006 		for (j = 0; j < tmp_rule->n_patterns; j++)
11007 			kfree(tmp_rule->patterns[j].mask);
11008 		kfree(tmp_rule->patterns);
11009 	}
11010 	kfree(new_coalesce.rules);
11011 
11012 	return err;
11013 }
11014 
11015 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
11016 {
11017 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11018 	struct net_device *dev = info->user_ptr[1];
11019 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11020 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
11021 	struct cfg80211_gtk_rekey_data rekey_data;
11022 	int err;
11023 
11024 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
11025 		return -EINVAL;
11026 
11027 	err = nla_parse_nested(tb, MAX_NL80211_REKEY_DATA,
11028 			       info->attrs[NL80211_ATTR_REKEY_DATA],
11029 			       nl80211_rekey_policy, info->extack);
11030 	if (err)
11031 		return err;
11032 
11033 	if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
11034 	    !tb[NL80211_REKEY_DATA_KCK])
11035 		return -EINVAL;
11036 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
11037 		return -ERANGE;
11038 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
11039 		return -ERANGE;
11040 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
11041 		return -ERANGE;
11042 
11043 	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
11044 	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
11045 	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
11046 
11047 	wdev_lock(wdev);
11048 	if (!wdev->current_bss) {
11049 		err = -ENOTCONN;
11050 		goto out;
11051 	}
11052 
11053 	if (!rdev->ops->set_rekey_data) {
11054 		err = -EOPNOTSUPP;
11055 		goto out;
11056 	}
11057 
11058 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
11059  out:
11060 	wdev_unlock(wdev);
11061 	return err;
11062 }
11063 
11064 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
11065 					     struct genl_info *info)
11066 {
11067 	struct net_device *dev = info->user_ptr[1];
11068 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11069 
11070 	if (wdev->iftype != NL80211_IFTYPE_AP &&
11071 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
11072 		return -EINVAL;
11073 
11074 	if (wdev->ap_unexpected_nlportid)
11075 		return -EBUSY;
11076 
11077 	wdev->ap_unexpected_nlportid = info->snd_portid;
11078 	return 0;
11079 }
11080 
11081 static int nl80211_probe_client(struct sk_buff *skb,
11082 				struct genl_info *info)
11083 {
11084 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11085 	struct net_device *dev = info->user_ptr[1];
11086 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11087 	struct sk_buff *msg;
11088 	void *hdr;
11089 	const u8 *addr;
11090 	u64 cookie;
11091 	int err;
11092 
11093 	if (wdev->iftype != NL80211_IFTYPE_AP &&
11094 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
11095 		return -EOPNOTSUPP;
11096 
11097 	if (!info->attrs[NL80211_ATTR_MAC])
11098 		return -EINVAL;
11099 
11100 	if (!rdev->ops->probe_client)
11101 		return -EOPNOTSUPP;
11102 
11103 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11104 	if (!msg)
11105 		return -ENOMEM;
11106 
11107 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11108 			     NL80211_CMD_PROBE_CLIENT);
11109 	if (!hdr) {
11110 		err = -ENOBUFS;
11111 		goto free_msg;
11112 	}
11113 
11114 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
11115 
11116 	err = rdev_probe_client(rdev, dev, addr, &cookie);
11117 	if (err)
11118 		goto free_msg;
11119 
11120 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11121 			      NL80211_ATTR_PAD))
11122 		goto nla_put_failure;
11123 
11124 	genlmsg_end(msg, hdr);
11125 
11126 	return genlmsg_reply(msg, info);
11127 
11128  nla_put_failure:
11129 	err = -ENOBUFS;
11130  free_msg:
11131 	nlmsg_free(msg);
11132 	return err;
11133 }
11134 
11135 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
11136 {
11137 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11138 	struct cfg80211_beacon_registration *reg, *nreg;
11139 	int rv;
11140 
11141 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
11142 		return -EOPNOTSUPP;
11143 
11144 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
11145 	if (!nreg)
11146 		return -ENOMEM;
11147 
11148 	/* First, check if already registered. */
11149 	spin_lock_bh(&rdev->beacon_registrations_lock);
11150 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11151 		if (reg->nlportid == info->snd_portid) {
11152 			rv = -EALREADY;
11153 			goto out_err;
11154 		}
11155 	}
11156 	/* Add it to the list */
11157 	nreg->nlportid = info->snd_portid;
11158 	list_add(&nreg->list, &rdev->beacon_registrations);
11159 
11160 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11161 
11162 	return 0;
11163 out_err:
11164 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11165 	kfree(nreg);
11166 	return rv;
11167 }
11168 
11169 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
11170 {
11171 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11172 	struct wireless_dev *wdev = info->user_ptr[1];
11173 	int err;
11174 
11175 	if (!rdev->ops->start_p2p_device)
11176 		return -EOPNOTSUPP;
11177 
11178 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11179 		return -EOPNOTSUPP;
11180 
11181 	if (wdev_running(wdev))
11182 		return 0;
11183 
11184 	if (rfkill_blocked(rdev->rfkill))
11185 		return -ERFKILL;
11186 
11187 	err = rdev_start_p2p_device(rdev, wdev);
11188 	if (err)
11189 		return err;
11190 
11191 	wdev->is_running = true;
11192 	rdev->opencount++;
11193 
11194 	return 0;
11195 }
11196 
11197 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
11198 {
11199 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11200 	struct wireless_dev *wdev = info->user_ptr[1];
11201 
11202 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11203 		return -EOPNOTSUPP;
11204 
11205 	if (!rdev->ops->stop_p2p_device)
11206 		return -EOPNOTSUPP;
11207 
11208 	cfg80211_stop_p2p_device(rdev, wdev);
11209 
11210 	return 0;
11211 }
11212 
11213 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
11214 {
11215 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11216 	struct wireless_dev *wdev = info->user_ptr[1];
11217 	struct cfg80211_nan_conf conf = {};
11218 	int err;
11219 
11220 	if (wdev->iftype != NL80211_IFTYPE_NAN)
11221 		return -EOPNOTSUPP;
11222 
11223 	if (wdev_running(wdev))
11224 		return -EEXIST;
11225 
11226 	if (rfkill_blocked(rdev->rfkill))
11227 		return -ERFKILL;
11228 
11229 	if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
11230 		return -EINVAL;
11231 
11232 	conf.master_pref =
11233 		nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11234 	if (!conf.master_pref)
11235 		return -EINVAL;
11236 
11237 	if (info->attrs[NL80211_ATTR_BANDS]) {
11238 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11239 
11240 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11241 			return -EOPNOTSUPP;
11242 
11243 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11244 			return -EINVAL;
11245 
11246 		conf.bands = bands;
11247 	}
11248 
11249 	err = rdev_start_nan(rdev, wdev, &conf);
11250 	if (err)
11251 		return err;
11252 
11253 	wdev->is_running = true;
11254 	rdev->opencount++;
11255 
11256 	return 0;
11257 }
11258 
11259 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
11260 {
11261 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11262 	struct wireless_dev *wdev = info->user_ptr[1];
11263 
11264 	if (wdev->iftype != NL80211_IFTYPE_NAN)
11265 		return -EOPNOTSUPP;
11266 
11267 	cfg80211_stop_nan(rdev, wdev);
11268 
11269 	return 0;
11270 }
11271 
11272 static int validate_nan_filter(struct nlattr *filter_attr)
11273 {
11274 	struct nlattr *attr;
11275 	int len = 0, n_entries = 0, rem;
11276 
11277 	nla_for_each_nested(attr, filter_attr, rem) {
11278 		len += nla_len(attr);
11279 		n_entries++;
11280 	}
11281 
11282 	if (len >= U8_MAX)
11283 		return -EINVAL;
11284 
11285 	return n_entries;
11286 }
11287 
11288 static int handle_nan_filter(struct nlattr *attr_filter,
11289 			     struct cfg80211_nan_func *func,
11290 			     bool tx)
11291 {
11292 	struct nlattr *attr;
11293 	int n_entries, rem, i;
11294 	struct cfg80211_nan_func_filter *filter;
11295 
11296 	n_entries = validate_nan_filter(attr_filter);
11297 	if (n_entries < 0)
11298 		return n_entries;
11299 
11300 	BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
11301 
11302 	filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
11303 	if (!filter)
11304 		return -ENOMEM;
11305 
11306 	i = 0;
11307 	nla_for_each_nested(attr, attr_filter, rem) {
11308 		filter[i].filter = nla_memdup(attr, GFP_KERNEL);
11309 		filter[i].len = nla_len(attr);
11310 		i++;
11311 	}
11312 	if (tx) {
11313 		func->num_tx_filters = n_entries;
11314 		func->tx_filters = filter;
11315 	} else {
11316 		func->num_rx_filters = n_entries;
11317 		func->rx_filters = filter;
11318 	}
11319 
11320 	return 0;
11321 }
11322 
11323 static int nl80211_nan_add_func(struct sk_buff *skb,
11324 				struct genl_info *info)
11325 {
11326 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11327 	struct wireless_dev *wdev = info->user_ptr[1];
11328 	struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
11329 	struct cfg80211_nan_func *func;
11330 	struct sk_buff *msg = NULL;
11331 	void *hdr = NULL;
11332 	int err = 0;
11333 
11334 	if (wdev->iftype != NL80211_IFTYPE_NAN)
11335 		return -EOPNOTSUPP;
11336 
11337 	if (!wdev_running(wdev))
11338 		return -ENOTCONN;
11339 
11340 	if (!info->attrs[NL80211_ATTR_NAN_FUNC])
11341 		return -EINVAL;
11342 
11343 	err = nla_parse_nested(tb, NL80211_NAN_FUNC_ATTR_MAX,
11344 			       info->attrs[NL80211_ATTR_NAN_FUNC],
11345 			       nl80211_nan_func_policy, info->extack);
11346 	if (err)
11347 		return err;
11348 
11349 	func = kzalloc(sizeof(*func), GFP_KERNEL);
11350 	if (!func)
11351 		return -ENOMEM;
11352 
11353 	func->cookie = wdev->wiphy->cookie_counter++;
11354 
11355 	if (!tb[NL80211_NAN_FUNC_TYPE] ||
11356 	    nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
11357 		err = -EINVAL;
11358 		goto out;
11359 	}
11360 
11361 
11362 	func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
11363 
11364 	if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
11365 		err = -EINVAL;
11366 		goto out;
11367 	}
11368 
11369 	memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
11370 	       sizeof(func->service_id));
11371 
11372 	func->close_range =
11373 		nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
11374 
11375 	if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
11376 		func->serv_spec_info_len =
11377 			nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
11378 		func->serv_spec_info =
11379 			kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
11380 				func->serv_spec_info_len,
11381 				GFP_KERNEL);
11382 		if (!func->serv_spec_info) {
11383 			err = -ENOMEM;
11384 			goto out;
11385 		}
11386 	}
11387 
11388 	if (tb[NL80211_NAN_FUNC_TTL])
11389 		func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
11390 
11391 	switch (func->type) {
11392 	case NL80211_NAN_FUNC_PUBLISH:
11393 		if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
11394 			err = -EINVAL;
11395 			goto out;
11396 		}
11397 
11398 		func->publish_type =
11399 			nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
11400 		func->publish_bcast =
11401 			nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
11402 
11403 		if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
11404 			func->publish_bcast) {
11405 			err = -EINVAL;
11406 			goto out;
11407 		}
11408 		break;
11409 	case NL80211_NAN_FUNC_SUBSCRIBE:
11410 		func->subscribe_active =
11411 			nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
11412 		break;
11413 	case NL80211_NAN_FUNC_FOLLOW_UP:
11414 		if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
11415 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
11416 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
11417 			err = -EINVAL;
11418 			goto out;
11419 		}
11420 
11421 		func->followup_id =
11422 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
11423 		func->followup_reqid =
11424 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
11425 		memcpy(func->followup_dest.addr,
11426 		       nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
11427 		       sizeof(func->followup_dest.addr));
11428 		if (func->ttl) {
11429 			err = -EINVAL;
11430 			goto out;
11431 		}
11432 		break;
11433 	default:
11434 		err = -EINVAL;
11435 		goto out;
11436 	}
11437 
11438 	if (tb[NL80211_NAN_FUNC_SRF]) {
11439 		struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
11440 
11441 		err = nla_parse_nested(srf_tb, NL80211_NAN_SRF_ATTR_MAX,
11442 				       tb[NL80211_NAN_FUNC_SRF],
11443 				       nl80211_nan_srf_policy, info->extack);
11444 		if (err)
11445 			goto out;
11446 
11447 		func->srf_include =
11448 			nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
11449 
11450 		if (srf_tb[NL80211_NAN_SRF_BF]) {
11451 			if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
11452 			    !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
11453 				err = -EINVAL;
11454 				goto out;
11455 			}
11456 
11457 			func->srf_bf_len =
11458 				nla_len(srf_tb[NL80211_NAN_SRF_BF]);
11459 			func->srf_bf =
11460 				kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
11461 					func->srf_bf_len, GFP_KERNEL);
11462 			if (!func->srf_bf) {
11463 				err = -ENOMEM;
11464 				goto out;
11465 			}
11466 
11467 			func->srf_bf_idx =
11468 				nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
11469 		} else {
11470 			struct nlattr *attr, *mac_attr =
11471 				srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
11472 			int n_entries, rem, i = 0;
11473 
11474 			if (!mac_attr) {
11475 				err = -EINVAL;
11476 				goto out;
11477 			}
11478 
11479 			n_entries = validate_acl_mac_addrs(mac_attr);
11480 			if (n_entries <= 0) {
11481 				err = -EINVAL;
11482 				goto out;
11483 			}
11484 
11485 			func->srf_num_macs = n_entries;
11486 			func->srf_macs =
11487 				kzalloc(sizeof(*func->srf_macs) * n_entries,
11488 					GFP_KERNEL);
11489 			if (!func->srf_macs) {
11490 				err = -ENOMEM;
11491 				goto out;
11492 			}
11493 
11494 			nla_for_each_nested(attr, mac_attr, rem)
11495 				memcpy(func->srf_macs[i++].addr, nla_data(attr),
11496 				       sizeof(*func->srf_macs));
11497 		}
11498 	}
11499 
11500 	if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
11501 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
11502 					func, true);
11503 		if (err)
11504 			goto out;
11505 	}
11506 
11507 	if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
11508 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
11509 					func, false);
11510 		if (err)
11511 			goto out;
11512 	}
11513 
11514 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11515 	if (!msg) {
11516 		err = -ENOMEM;
11517 		goto out;
11518 	}
11519 
11520 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11521 			     NL80211_CMD_ADD_NAN_FUNCTION);
11522 	/* This can't really happen - we just allocated 4KB */
11523 	if (WARN_ON(!hdr)) {
11524 		err = -ENOMEM;
11525 		goto out;
11526 	}
11527 
11528 	err = rdev_add_nan_func(rdev, wdev, func);
11529 out:
11530 	if (err < 0) {
11531 		cfg80211_free_nan_func(func);
11532 		nlmsg_free(msg);
11533 		return err;
11534 	}
11535 
11536 	/* propagate the instance id and cookie to userspace  */
11537 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
11538 			      NL80211_ATTR_PAD))
11539 		goto nla_put_failure;
11540 
11541 	func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
11542 	if (!func_attr)
11543 		goto nla_put_failure;
11544 
11545 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
11546 		       func->instance_id))
11547 		goto nla_put_failure;
11548 
11549 	nla_nest_end(msg, func_attr);
11550 
11551 	genlmsg_end(msg, hdr);
11552 	return genlmsg_reply(msg, info);
11553 
11554 nla_put_failure:
11555 	nlmsg_free(msg);
11556 	return -ENOBUFS;
11557 }
11558 
11559 static int nl80211_nan_del_func(struct sk_buff *skb,
11560 			       struct genl_info *info)
11561 {
11562 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11563 	struct wireless_dev *wdev = info->user_ptr[1];
11564 	u64 cookie;
11565 
11566 	if (wdev->iftype != NL80211_IFTYPE_NAN)
11567 		return -EOPNOTSUPP;
11568 
11569 	if (!wdev_running(wdev))
11570 		return -ENOTCONN;
11571 
11572 	if (!info->attrs[NL80211_ATTR_COOKIE])
11573 		return -EINVAL;
11574 
11575 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11576 
11577 	rdev_del_nan_func(rdev, wdev, cookie);
11578 
11579 	return 0;
11580 }
11581 
11582 static int nl80211_nan_change_config(struct sk_buff *skb,
11583 				     struct genl_info *info)
11584 {
11585 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11586 	struct wireless_dev *wdev = info->user_ptr[1];
11587 	struct cfg80211_nan_conf conf = {};
11588 	u32 changed = 0;
11589 
11590 	if (wdev->iftype != NL80211_IFTYPE_NAN)
11591 		return -EOPNOTSUPP;
11592 
11593 	if (!wdev_running(wdev))
11594 		return -ENOTCONN;
11595 
11596 	if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
11597 		conf.master_pref =
11598 			nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11599 		if (conf.master_pref <= 1 || conf.master_pref == 255)
11600 			return -EINVAL;
11601 
11602 		changed |= CFG80211_NAN_CONF_CHANGED_PREF;
11603 	}
11604 
11605 	if (info->attrs[NL80211_ATTR_BANDS]) {
11606 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11607 
11608 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11609 			return -EOPNOTSUPP;
11610 
11611 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11612 			return -EINVAL;
11613 
11614 		conf.bands = bands;
11615 		changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
11616 	}
11617 
11618 	if (!changed)
11619 		return -EINVAL;
11620 
11621 	return rdev_nan_change_conf(rdev, wdev, &conf, changed);
11622 }
11623 
11624 void cfg80211_nan_match(struct wireless_dev *wdev,
11625 			struct cfg80211_nan_match_params *match, gfp_t gfp)
11626 {
11627 	struct wiphy *wiphy = wdev->wiphy;
11628 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11629 	struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
11630 	struct sk_buff *msg;
11631 	void *hdr;
11632 
11633 	if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
11634 		return;
11635 
11636 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11637 	if (!msg)
11638 		return;
11639 
11640 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
11641 	if (!hdr) {
11642 		nlmsg_free(msg);
11643 		return;
11644 	}
11645 
11646 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11647 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11648 					 wdev->netdev->ifindex)) ||
11649 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11650 			      NL80211_ATTR_PAD))
11651 		goto nla_put_failure;
11652 
11653 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
11654 			      NL80211_ATTR_PAD) ||
11655 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
11656 		goto nla_put_failure;
11657 
11658 	match_attr = nla_nest_start(msg, NL80211_ATTR_NAN_MATCH);
11659 	if (!match_attr)
11660 		goto nla_put_failure;
11661 
11662 	local_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_LOCAL);
11663 	if (!local_func_attr)
11664 		goto nla_put_failure;
11665 
11666 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
11667 		goto nla_put_failure;
11668 
11669 	nla_nest_end(msg, local_func_attr);
11670 
11671 	peer_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_PEER);
11672 	if (!peer_func_attr)
11673 		goto nla_put_failure;
11674 
11675 	if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
11676 	    nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
11677 		goto nla_put_failure;
11678 
11679 	if (match->info && match->info_len &&
11680 	    nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
11681 		    match->info))
11682 		goto nla_put_failure;
11683 
11684 	nla_nest_end(msg, peer_func_attr);
11685 	nla_nest_end(msg, match_attr);
11686 	genlmsg_end(msg, hdr);
11687 
11688 	if (!wdev->owner_nlportid)
11689 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11690 					msg, 0, NL80211_MCGRP_NAN, gfp);
11691 	else
11692 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
11693 				wdev->owner_nlportid);
11694 
11695 	return;
11696 
11697 nla_put_failure:
11698 	nlmsg_free(msg);
11699 }
11700 EXPORT_SYMBOL(cfg80211_nan_match);
11701 
11702 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
11703 				  u8 inst_id,
11704 				  enum nl80211_nan_func_term_reason reason,
11705 				  u64 cookie, gfp_t gfp)
11706 {
11707 	struct wiphy *wiphy = wdev->wiphy;
11708 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11709 	struct sk_buff *msg;
11710 	struct nlattr *func_attr;
11711 	void *hdr;
11712 
11713 	if (WARN_ON(!inst_id))
11714 		return;
11715 
11716 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11717 	if (!msg)
11718 		return;
11719 
11720 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
11721 	if (!hdr) {
11722 		nlmsg_free(msg);
11723 		return;
11724 	}
11725 
11726 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11727 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11728 					 wdev->netdev->ifindex)) ||
11729 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11730 			      NL80211_ATTR_PAD))
11731 		goto nla_put_failure;
11732 
11733 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11734 			      NL80211_ATTR_PAD))
11735 		goto nla_put_failure;
11736 
11737 	func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
11738 	if (!func_attr)
11739 		goto nla_put_failure;
11740 
11741 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
11742 	    nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
11743 		goto nla_put_failure;
11744 
11745 	nla_nest_end(msg, func_attr);
11746 	genlmsg_end(msg, hdr);
11747 
11748 	if (!wdev->owner_nlportid)
11749 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11750 					msg, 0, NL80211_MCGRP_NAN, gfp);
11751 	else
11752 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
11753 				wdev->owner_nlportid);
11754 
11755 	return;
11756 
11757 nla_put_failure:
11758 	nlmsg_free(msg);
11759 }
11760 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
11761 
11762 static int nl80211_get_protocol_features(struct sk_buff *skb,
11763 					 struct genl_info *info)
11764 {
11765 	void *hdr;
11766 	struct sk_buff *msg;
11767 
11768 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11769 	if (!msg)
11770 		return -ENOMEM;
11771 
11772 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11773 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
11774 	if (!hdr)
11775 		goto nla_put_failure;
11776 
11777 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
11778 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
11779 		goto nla_put_failure;
11780 
11781 	genlmsg_end(msg, hdr);
11782 	return genlmsg_reply(msg, info);
11783 
11784  nla_put_failure:
11785 	kfree_skb(msg);
11786 	return -ENOBUFS;
11787 }
11788 
11789 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
11790 {
11791 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11792 	struct cfg80211_update_ft_ies_params ft_params;
11793 	struct net_device *dev = info->user_ptr[1];
11794 
11795 	if (!rdev->ops->update_ft_ies)
11796 		return -EOPNOTSUPP;
11797 
11798 	if (!info->attrs[NL80211_ATTR_MDID] ||
11799 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
11800 		return -EINVAL;
11801 
11802 	memset(&ft_params, 0, sizeof(ft_params));
11803 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
11804 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11805 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11806 
11807 	return rdev_update_ft_ies(rdev, dev, &ft_params);
11808 }
11809 
11810 static int nl80211_crit_protocol_start(struct sk_buff *skb,
11811 				       struct genl_info *info)
11812 {
11813 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11814 	struct wireless_dev *wdev = info->user_ptr[1];
11815 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
11816 	u16 duration;
11817 	int ret;
11818 
11819 	if (!rdev->ops->crit_proto_start)
11820 		return -EOPNOTSUPP;
11821 
11822 	if (WARN_ON(!rdev->ops->crit_proto_stop))
11823 		return -EINVAL;
11824 
11825 	if (rdev->crit_proto_nlportid)
11826 		return -EBUSY;
11827 
11828 	/* determine protocol if provided */
11829 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
11830 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
11831 
11832 	if (proto >= NUM_NL80211_CRIT_PROTO)
11833 		return -EINVAL;
11834 
11835 	/* timeout must be provided */
11836 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
11837 		return -EINVAL;
11838 
11839 	duration =
11840 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
11841 
11842 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
11843 		return -ERANGE;
11844 
11845 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
11846 	if (!ret)
11847 		rdev->crit_proto_nlportid = info->snd_portid;
11848 
11849 	return ret;
11850 }
11851 
11852 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
11853 				      struct genl_info *info)
11854 {
11855 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11856 	struct wireless_dev *wdev = info->user_ptr[1];
11857 
11858 	if (!rdev->ops->crit_proto_stop)
11859 		return -EOPNOTSUPP;
11860 
11861 	if (rdev->crit_proto_nlportid) {
11862 		rdev->crit_proto_nlportid = 0;
11863 		rdev_crit_proto_stop(rdev, wdev);
11864 	}
11865 	return 0;
11866 }
11867 
11868 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
11869 {
11870 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11871 	struct wireless_dev *wdev =
11872 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
11873 	int i, err;
11874 	u32 vid, subcmd;
11875 
11876 	if (!rdev->wiphy.vendor_commands)
11877 		return -EOPNOTSUPP;
11878 
11879 	if (IS_ERR(wdev)) {
11880 		err = PTR_ERR(wdev);
11881 		if (err != -EINVAL)
11882 			return err;
11883 		wdev = NULL;
11884 	} else if (wdev->wiphy != &rdev->wiphy) {
11885 		return -EINVAL;
11886 	}
11887 
11888 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
11889 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
11890 		return -EINVAL;
11891 
11892 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
11893 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
11894 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
11895 		const struct wiphy_vendor_command *vcmd;
11896 		void *data = NULL;
11897 		int len = 0;
11898 
11899 		vcmd = &rdev->wiphy.vendor_commands[i];
11900 
11901 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
11902 			continue;
11903 
11904 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
11905 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
11906 			if (!wdev)
11907 				return -EINVAL;
11908 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
11909 			    !wdev->netdev)
11910 				return -EINVAL;
11911 
11912 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
11913 				if (!wdev_running(wdev))
11914 					return -ENETDOWN;
11915 			}
11916 
11917 			if (!vcmd->doit)
11918 				return -EOPNOTSUPP;
11919 		} else {
11920 			wdev = NULL;
11921 		}
11922 
11923 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
11924 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
11925 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
11926 		}
11927 
11928 		rdev->cur_cmd_info = info;
11929 		err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
11930 							  data, len);
11931 		rdev->cur_cmd_info = NULL;
11932 		return err;
11933 	}
11934 
11935 	return -EOPNOTSUPP;
11936 }
11937 
11938 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
11939 				       struct netlink_callback *cb,
11940 				       struct cfg80211_registered_device **rdev,
11941 				       struct wireless_dev **wdev)
11942 {
11943 	struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
11944 	u32 vid, subcmd;
11945 	unsigned int i;
11946 	int vcmd_idx = -1;
11947 	int err;
11948 	void *data = NULL;
11949 	unsigned int data_len = 0;
11950 
11951 	if (cb->args[0]) {
11952 		/* subtract the 1 again here */
11953 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
11954 		struct wireless_dev *tmp;
11955 
11956 		if (!wiphy)
11957 			return -ENODEV;
11958 		*rdev = wiphy_to_rdev(wiphy);
11959 		*wdev = NULL;
11960 
11961 		if (cb->args[1]) {
11962 			list_for_each_entry(tmp, &wiphy->wdev_list, list) {
11963 				if (tmp->identifier == cb->args[1] - 1) {
11964 					*wdev = tmp;
11965 					break;
11966 				}
11967 			}
11968 		}
11969 
11970 		/* keep rtnl locked in successful case */
11971 		return 0;
11972 	}
11973 
11974 	err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, attrbuf,
11975 			  nl80211_fam.maxattr, nl80211_policy, NULL);
11976 	if (err)
11977 		return err;
11978 
11979 	if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
11980 	    !attrbuf[NL80211_ATTR_VENDOR_SUBCMD])
11981 		return -EINVAL;
11982 
11983 	*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
11984 	if (IS_ERR(*wdev))
11985 		*wdev = NULL;
11986 
11987 	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
11988 	if (IS_ERR(*rdev))
11989 		return PTR_ERR(*rdev);
11990 
11991 	vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
11992 	subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
11993 
11994 	for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
11995 		const struct wiphy_vendor_command *vcmd;
11996 
11997 		vcmd = &(*rdev)->wiphy.vendor_commands[i];
11998 
11999 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12000 			continue;
12001 
12002 		if (!vcmd->dumpit)
12003 			return -EOPNOTSUPP;
12004 
12005 		vcmd_idx = i;
12006 		break;
12007 	}
12008 
12009 	if (vcmd_idx < 0)
12010 		return -EOPNOTSUPP;
12011 
12012 	if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
12013 		data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12014 		data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12015 	}
12016 
12017 	/* 0 is the first index - add 1 to parse only once */
12018 	cb->args[0] = (*rdev)->wiphy_idx + 1;
12019 	/* add 1 to know if it was NULL */
12020 	cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
12021 	cb->args[2] = vcmd_idx;
12022 	cb->args[3] = (unsigned long)data;
12023 	cb->args[4] = data_len;
12024 
12025 	/* keep rtnl locked in successful case */
12026 	return 0;
12027 }
12028 
12029 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
12030 				   struct netlink_callback *cb)
12031 {
12032 	struct cfg80211_registered_device *rdev;
12033 	struct wireless_dev *wdev;
12034 	unsigned int vcmd_idx;
12035 	const struct wiphy_vendor_command *vcmd;
12036 	void *data;
12037 	int data_len;
12038 	int err;
12039 	struct nlattr *vendor_data;
12040 
12041 	rtnl_lock();
12042 	err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
12043 	if (err)
12044 		goto out;
12045 
12046 	vcmd_idx = cb->args[2];
12047 	data = (void *)cb->args[3];
12048 	data_len = cb->args[4];
12049 	vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
12050 
12051 	if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12052 			   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12053 		if (!wdev) {
12054 			err = -EINVAL;
12055 			goto out;
12056 		}
12057 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12058 		    !wdev->netdev) {
12059 			err = -EINVAL;
12060 			goto out;
12061 		}
12062 
12063 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12064 			if (!wdev_running(wdev)) {
12065 				err = -ENETDOWN;
12066 				goto out;
12067 			}
12068 		}
12069 	}
12070 
12071 	while (1) {
12072 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
12073 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
12074 					   NL80211_CMD_VENDOR);
12075 		if (!hdr)
12076 			break;
12077 
12078 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12079 		    (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
12080 					       wdev_id(wdev),
12081 					       NL80211_ATTR_PAD))) {
12082 			genlmsg_cancel(skb, hdr);
12083 			break;
12084 		}
12085 
12086 		vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
12087 		if (!vendor_data) {
12088 			genlmsg_cancel(skb, hdr);
12089 			break;
12090 		}
12091 
12092 		err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
12093 				   (unsigned long *)&cb->args[5]);
12094 		nla_nest_end(skb, vendor_data);
12095 
12096 		if (err == -ENOBUFS || err == -ENOENT) {
12097 			genlmsg_cancel(skb, hdr);
12098 			break;
12099 		} else if (err) {
12100 			genlmsg_cancel(skb, hdr);
12101 			goto out;
12102 		}
12103 
12104 		genlmsg_end(skb, hdr);
12105 	}
12106 
12107 	err = skb->len;
12108  out:
12109 	rtnl_unlock();
12110 	return err;
12111 }
12112 
12113 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
12114 					   enum nl80211_commands cmd,
12115 					   enum nl80211_attrs attr,
12116 					   int approxlen)
12117 {
12118 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12119 
12120 	if (WARN_ON(!rdev->cur_cmd_info))
12121 		return NULL;
12122 
12123 	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
12124 					   rdev->cur_cmd_info->snd_portid,
12125 					   rdev->cur_cmd_info->snd_seq,
12126 					   cmd, attr, NULL, GFP_KERNEL);
12127 }
12128 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
12129 
12130 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
12131 {
12132 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
12133 	void *hdr = ((void **)skb->cb)[1];
12134 	struct nlattr *data = ((void **)skb->cb)[2];
12135 
12136 	/* clear CB data for netlink core to own from now on */
12137 	memset(skb->cb, 0, sizeof(skb->cb));
12138 
12139 	if (WARN_ON(!rdev->cur_cmd_info)) {
12140 		kfree_skb(skb);
12141 		return -EINVAL;
12142 	}
12143 
12144 	nla_nest_end(skb, data);
12145 	genlmsg_end(skb, hdr);
12146 	return genlmsg_reply(skb, rdev->cur_cmd_info);
12147 }
12148 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
12149 
12150 static int nl80211_set_qos_map(struct sk_buff *skb,
12151 			       struct genl_info *info)
12152 {
12153 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12154 	struct cfg80211_qos_map *qos_map = NULL;
12155 	struct net_device *dev = info->user_ptr[1];
12156 	u8 *pos, len, num_des, des_len, des;
12157 	int ret;
12158 
12159 	if (!rdev->ops->set_qos_map)
12160 		return -EOPNOTSUPP;
12161 
12162 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
12163 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
12164 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
12165 
12166 		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
12167 		    len > IEEE80211_QOS_MAP_LEN_MAX)
12168 			return -EINVAL;
12169 
12170 		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
12171 		if (!qos_map)
12172 			return -ENOMEM;
12173 
12174 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
12175 		if (num_des) {
12176 			des_len = num_des *
12177 				sizeof(struct cfg80211_dscp_exception);
12178 			memcpy(qos_map->dscp_exception, pos, des_len);
12179 			qos_map->num_des = num_des;
12180 			for (des = 0; des < num_des; des++) {
12181 				if (qos_map->dscp_exception[des].up > 7) {
12182 					kfree(qos_map);
12183 					return -EINVAL;
12184 				}
12185 			}
12186 			pos += des_len;
12187 		}
12188 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
12189 	}
12190 
12191 	wdev_lock(dev->ieee80211_ptr);
12192 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
12193 	if (!ret)
12194 		ret = rdev_set_qos_map(rdev, dev, qos_map);
12195 	wdev_unlock(dev->ieee80211_ptr);
12196 
12197 	kfree(qos_map);
12198 	return ret;
12199 }
12200 
12201 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
12202 {
12203 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12204 	struct net_device *dev = info->user_ptr[1];
12205 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12206 	const u8 *peer;
12207 	u8 tsid, up;
12208 	u16 admitted_time = 0;
12209 	int err;
12210 
12211 	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
12212 		return -EOPNOTSUPP;
12213 
12214 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
12215 	    !info->attrs[NL80211_ATTR_USER_PRIO])
12216 		return -EINVAL;
12217 
12218 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12219 	if (tsid >= IEEE80211_NUM_TIDS)
12220 		return -EINVAL;
12221 
12222 	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
12223 	if (up >= IEEE80211_NUM_UPS)
12224 		return -EINVAL;
12225 
12226 	/* WMM uses TIDs 0-7 even for TSPEC */
12227 	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
12228 		/* TODO: handle 802.11 TSPEC/admission control
12229 		 * need more attributes for that (e.g. BA session requirement);
12230 		 * change the WMM adminssion test above to allow both then
12231 		 */
12232 		return -EINVAL;
12233 	}
12234 
12235 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12236 
12237 	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
12238 		admitted_time =
12239 			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
12240 		if (!admitted_time)
12241 			return -EINVAL;
12242 	}
12243 
12244 	wdev_lock(wdev);
12245 	switch (wdev->iftype) {
12246 	case NL80211_IFTYPE_STATION:
12247 	case NL80211_IFTYPE_P2P_CLIENT:
12248 		if (wdev->current_bss)
12249 			break;
12250 		err = -ENOTCONN;
12251 		goto out;
12252 	default:
12253 		err = -EOPNOTSUPP;
12254 		goto out;
12255 	}
12256 
12257 	err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
12258 
12259  out:
12260 	wdev_unlock(wdev);
12261 	return err;
12262 }
12263 
12264 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
12265 {
12266 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12267 	struct net_device *dev = info->user_ptr[1];
12268 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12269 	const u8 *peer;
12270 	u8 tsid;
12271 	int err;
12272 
12273 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
12274 		return -EINVAL;
12275 
12276 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12277 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12278 
12279 	wdev_lock(wdev);
12280 	err = rdev_del_tx_ts(rdev, dev, tsid, peer);
12281 	wdev_unlock(wdev);
12282 
12283 	return err;
12284 }
12285 
12286 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
12287 				       struct genl_info *info)
12288 {
12289 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12290 	struct net_device *dev = info->user_ptr[1];
12291 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12292 	struct cfg80211_chan_def chandef = {};
12293 	const u8 *addr;
12294 	u8 oper_class;
12295 	int err;
12296 
12297 	if (!rdev->ops->tdls_channel_switch ||
12298 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12299 		return -EOPNOTSUPP;
12300 
12301 	switch (dev->ieee80211_ptr->iftype) {
12302 	case NL80211_IFTYPE_STATION:
12303 	case NL80211_IFTYPE_P2P_CLIENT:
12304 		break;
12305 	default:
12306 		return -EOPNOTSUPP;
12307 	}
12308 
12309 	if (!info->attrs[NL80211_ATTR_MAC] ||
12310 	    !info->attrs[NL80211_ATTR_OPER_CLASS])
12311 		return -EINVAL;
12312 
12313 	err = nl80211_parse_chandef(rdev, info, &chandef);
12314 	if (err)
12315 		return err;
12316 
12317 	/*
12318 	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
12319 	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
12320 	 * specification is not defined for them.
12321 	 */
12322 	if (chandef.chan->band == NL80211_BAND_2GHZ &&
12323 	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
12324 	    chandef.width != NL80211_CHAN_WIDTH_20)
12325 		return -EINVAL;
12326 
12327 	/* we will be active on the TDLS link */
12328 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
12329 					   wdev->iftype))
12330 		return -EINVAL;
12331 
12332 	/* don't allow switching to DFS channels */
12333 	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
12334 		return -EINVAL;
12335 
12336 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12337 	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
12338 
12339 	wdev_lock(wdev);
12340 	err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
12341 	wdev_unlock(wdev);
12342 
12343 	return err;
12344 }
12345 
12346 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
12347 					      struct genl_info *info)
12348 {
12349 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12350 	struct net_device *dev = info->user_ptr[1];
12351 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12352 	const u8 *addr;
12353 
12354 	if (!rdev->ops->tdls_channel_switch ||
12355 	    !rdev->ops->tdls_cancel_channel_switch ||
12356 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12357 		return -EOPNOTSUPP;
12358 
12359 	switch (dev->ieee80211_ptr->iftype) {
12360 	case NL80211_IFTYPE_STATION:
12361 	case NL80211_IFTYPE_P2P_CLIENT:
12362 		break;
12363 	default:
12364 		return -EOPNOTSUPP;
12365 	}
12366 
12367 	if (!info->attrs[NL80211_ATTR_MAC])
12368 		return -EINVAL;
12369 
12370 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12371 
12372 	wdev_lock(wdev);
12373 	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
12374 	wdev_unlock(wdev);
12375 
12376 	return 0;
12377 }
12378 
12379 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
12380 					    struct genl_info *info)
12381 {
12382 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12383 	struct net_device *dev = info->user_ptr[1];
12384 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12385 	const struct nlattr *nla;
12386 	bool enabled;
12387 
12388 	if (!rdev->ops->set_multicast_to_unicast)
12389 		return -EOPNOTSUPP;
12390 
12391 	if (wdev->iftype != NL80211_IFTYPE_AP &&
12392 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
12393 		return -EOPNOTSUPP;
12394 
12395 	nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
12396 	enabled = nla_get_flag(nla);
12397 
12398 	return rdev_set_multicast_to_unicast(rdev, dev, enabled);
12399 }
12400 
12401 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
12402 {
12403 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12404 	struct net_device *dev = info->user_ptr[1];
12405 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12406 	struct cfg80211_pmk_conf pmk_conf = {};
12407 	int ret;
12408 
12409 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
12410 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12411 		return -EOPNOTSUPP;
12412 
12413 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
12414 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12415 		return -EOPNOTSUPP;
12416 
12417 	if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
12418 		return -EINVAL;
12419 
12420 	wdev_lock(wdev);
12421 	if (!wdev->current_bss) {
12422 		ret = -ENOTCONN;
12423 		goto out;
12424 	}
12425 
12426 	pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12427 	if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
12428 		ret = -EINVAL;
12429 		goto out;
12430 	}
12431 
12432 	pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12433 	pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
12434 	if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
12435 	    pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
12436 		ret = -EINVAL;
12437 		goto out;
12438 	}
12439 
12440 	if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
12441 		int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12442 
12443 		if (r0_name_len != WLAN_PMK_NAME_LEN) {
12444 			ret = -EINVAL;
12445 			goto out;
12446 		}
12447 
12448 		pmk_conf.pmk_r0_name =
12449 			nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12450 	}
12451 
12452 	ret = rdev_set_pmk(rdev, dev, &pmk_conf);
12453 out:
12454 	wdev_unlock(wdev);
12455 	return ret;
12456 }
12457 
12458 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
12459 {
12460 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12461 	struct net_device *dev = info->user_ptr[1];
12462 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12463 	const u8 *aa;
12464 	int ret;
12465 
12466 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
12467 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12468 		return -EOPNOTSUPP;
12469 
12470 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
12471 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12472 		return -EOPNOTSUPP;
12473 
12474 	if (!info->attrs[NL80211_ATTR_MAC])
12475 		return -EINVAL;
12476 
12477 	wdev_lock(wdev);
12478 	aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12479 	ret = rdev_del_pmk(rdev, dev, aa);
12480 	wdev_unlock(wdev);
12481 
12482 	return ret;
12483 }
12484 
12485 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
12486 {
12487 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12488 	struct net_device *dev = info->user_ptr[1];
12489 	struct cfg80211_external_auth_params params;
12490 
12491 	if (!rdev->ops->external_auth)
12492 		return -EOPNOTSUPP;
12493 
12494 	if (!info->attrs[NL80211_ATTR_SSID])
12495 		return -EINVAL;
12496 
12497 	if (!info->attrs[NL80211_ATTR_BSSID])
12498 		return -EINVAL;
12499 
12500 	if (!info->attrs[NL80211_ATTR_STATUS_CODE])
12501 		return -EINVAL;
12502 
12503 	memset(&params, 0, sizeof(params));
12504 
12505 	params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12506 	if (params.ssid.ssid_len == 0 ||
12507 	    params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
12508 		return -EINVAL;
12509 	memcpy(params.ssid.ssid, nla_data(info->attrs[NL80211_ATTR_SSID]),
12510 	       params.ssid.ssid_len);
12511 
12512 	memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
12513 	       ETH_ALEN);
12514 
12515 	params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
12516 
12517 	return rdev_external_auth(rdev, dev, &params);
12518 }
12519 
12520 #define NL80211_FLAG_NEED_WIPHY		0x01
12521 #define NL80211_FLAG_NEED_NETDEV	0x02
12522 #define NL80211_FLAG_NEED_RTNL		0x04
12523 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
12524 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
12525 					 NL80211_FLAG_CHECK_NETDEV_UP)
12526 #define NL80211_FLAG_NEED_WDEV		0x10
12527 /* If a netdev is associated, it must be UP, P2P must be started */
12528 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
12529 					 NL80211_FLAG_CHECK_NETDEV_UP)
12530 #define NL80211_FLAG_CLEAR_SKB		0x20
12531 
12532 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
12533 			    struct genl_info *info)
12534 {
12535 	struct cfg80211_registered_device *rdev;
12536 	struct wireless_dev *wdev;
12537 	struct net_device *dev;
12538 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
12539 
12540 	if (rtnl)
12541 		rtnl_lock();
12542 
12543 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
12544 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
12545 		if (IS_ERR(rdev)) {
12546 			if (rtnl)
12547 				rtnl_unlock();
12548 			return PTR_ERR(rdev);
12549 		}
12550 		info->user_ptr[0] = rdev;
12551 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
12552 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
12553 		ASSERT_RTNL();
12554 
12555 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
12556 						  info->attrs);
12557 		if (IS_ERR(wdev)) {
12558 			if (rtnl)
12559 				rtnl_unlock();
12560 			return PTR_ERR(wdev);
12561 		}
12562 
12563 		dev = wdev->netdev;
12564 		rdev = wiphy_to_rdev(wdev->wiphy);
12565 
12566 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
12567 			if (!dev) {
12568 				if (rtnl)
12569 					rtnl_unlock();
12570 				return -EINVAL;
12571 			}
12572 
12573 			info->user_ptr[1] = dev;
12574 		} else {
12575 			info->user_ptr[1] = wdev;
12576 		}
12577 
12578 		if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
12579 		    !wdev_running(wdev)) {
12580 			if (rtnl)
12581 				rtnl_unlock();
12582 			return -ENETDOWN;
12583 		}
12584 
12585 		if (dev)
12586 			dev_hold(dev);
12587 
12588 		info->user_ptr[0] = rdev;
12589 	}
12590 
12591 	return 0;
12592 }
12593 
12594 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
12595 			      struct genl_info *info)
12596 {
12597 	if (info->user_ptr[1]) {
12598 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
12599 			struct wireless_dev *wdev = info->user_ptr[1];
12600 
12601 			if (wdev->netdev)
12602 				dev_put(wdev->netdev);
12603 		} else {
12604 			dev_put(info->user_ptr[1]);
12605 		}
12606 	}
12607 
12608 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
12609 		rtnl_unlock();
12610 
12611 	/* If needed, clear the netlink message payload from the SKB
12612 	 * as it might contain key data that shouldn't stick around on
12613 	 * the heap after the SKB is freed. The netlink message header
12614 	 * is still needed for further processing, so leave it intact.
12615 	 */
12616 	if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
12617 		struct nlmsghdr *nlh = nlmsg_hdr(skb);
12618 
12619 		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
12620 	}
12621 }
12622 
12623 static const struct genl_ops nl80211_ops[] = {
12624 	{
12625 		.cmd = NL80211_CMD_GET_WIPHY,
12626 		.doit = nl80211_get_wiphy,
12627 		.dumpit = nl80211_dump_wiphy,
12628 		.done = nl80211_dump_wiphy_done,
12629 		.policy = nl80211_policy,
12630 		/* can be retrieved by unprivileged users */
12631 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
12632 				  NL80211_FLAG_NEED_RTNL,
12633 	},
12634 	{
12635 		.cmd = NL80211_CMD_SET_WIPHY,
12636 		.doit = nl80211_set_wiphy,
12637 		.policy = nl80211_policy,
12638 		.flags = GENL_UNS_ADMIN_PERM,
12639 		.internal_flags = NL80211_FLAG_NEED_RTNL,
12640 	},
12641 	{
12642 		.cmd = NL80211_CMD_GET_INTERFACE,
12643 		.doit = nl80211_get_interface,
12644 		.dumpit = nl80211_dump_interface,
12645 		.policy = nl80211_policy,
12646 		/* can be retrieved by unprivileged users */
12647 		.internal_flags = NL80211_FLAG_NEED_WDEV |
12648 				  NL80211_FLAG_NEED_RTNL,
12649 	},
12650 	{
12651 		.cmd = NL80211_CMD_SET_INTERFACE,
12652 		.doit = nl80211_set_interface,
12653 		.policy = nl80211_policy,
12654 		.flags = GENL_UNS_ADMIN_PERM,
12655 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
12656 				  NL80211_FLAG_NEED_RTNL,
12657 	},
12658 	{
12659 		.cmd = NL80211_CMD_NEW_INTERFACE,
12660 		.doit = nl80211_new_interface,
12661 		.policy = nl80211_policy,
12662 		.flags = GENL_UNS_ADMIN_PERM,
12663 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
12664 				  NL80211_FLAG_NEED_RTNL,
12665 	},
12666 	{
12667 		.cmd = NL80211_CMD_DEL_INTERFACE,
12668 		.doit = nl80211_del_interface,
12669 		.policy = nl80211_policy,
12670 		.flags = GENL_UNS_ADMIN_PERM,
12671 		.internal_flags = NL80211_FLAG_NEED_WDEV |
12672 				  NL80211_FLAG_NEED_RTNL,
12673 	},
12674 	{
12675 		.cmd = NL80211_CMD_GET_KEY,
12676 		.doit = nl80211_get_key,
12677 		.policy = nl80211_policy,
12678 		.flags = GENL_UNS_ADMIN_PERM,
12679 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12680 				  NL80211_FLAG_NEED_RTNL,
12681 	},
12682 	{
12683 		.cmd = NL80211_CMD_SET_KEY,
12684 		.doit = nl80211_set_key,
12685 		.policy = nl80211_policy,
12686 		.flags = GENL_UNS_ADMIN_PERM,
12687 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12688 				  NL80211_FLAG_NEED_RTNL |
12689 				  NL80211_FLAG_CLEAR_SKB,
12690 	},
12691 	{
12692 		.cmd = NL80211_CMD_NEW_KEY,
12693 		.doit = nl80211_new_key,
12694 		.policy = nl80211_policy,
12695 		.flags = GENL_UNS_ADMIN_PERM,
12696 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12697 				  NL80211_FLAG_NEED_RTNL |
12698 				  NL80211_FLAG_CLEAR_SKB,
12699 	},
12700 	{
12701 		.cmd = NL80211_CMD_DEL_KEY,
12702 		.doit = nl80211_del_key,
12703 		.policy = nl80211_policy,
12704 		.flags = GENL_UNS_ADMIN_PERM,
12705 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12706 				  NL80211_FLAG_NEED_RTNL,
12707 	},
12708 	{
12709 		.cmd = NL80211_CMD_SET_BEACON,
12710 		.policy = nl80211_policy,
12711 		.flags = GENL_UNS_ADMIN_PERM,
12712 		.doit = nl80211_set_beacon,
12713 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12714 				  NL80211_FLAG_NEED_RTNL,
12715 	},
12716 	{
12717 		.cmd = NL80211_CMD_START_AP,
12718 		.policy = nl80211_policy,
12719 		.flags = GENL_UNS_ADMIN_PERM,
12720 		.doit = nl80211_start_ap,
12721 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12722 				  NL80211_FLAG_NEED_RTNL,
12723 	},
12724 	{
12725 		.cmd = NL80211_CMD_STOP_AP,
12726 		.policy = nl80211_policy,
12727 		.flags = GENL_UNS_ADMIN_PERM,
12728 		.doit = nl80211_stop_ap,
12729 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12730 				  NL80211_FLAG_NEED_RTNL,
12731 	},
12732 	{
12733 		.cmd = NL80211_CMD_GET_STATION,
12734 		.doit = nl80211_get_station,
12735 		.dumpit = nl80211_dump_station,
12736 		.policy = nl80211_policy,
12737 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
12738 				  NL80211_FLAG_NEED_RTNL,
12739 	},
12740 	{
12741 		.cmd = NL80211_CMD_SET_STATION,
12742 		.doit = nl80211_set_station,
12743 		.policy = nl80211_policy,
12744 		.flags = GENL_UNS_ADMIN_PERM,
12745 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12746 				  NL80211_FLAG_NEED_RTNL,
12747 	},
12748 	{
12749 		.cmd = NL80211_CMD_NEW_STATION,
12750 		.doit = nl80211_new_station,
12751 		.policy = nl80211_policy,
12752 		.flags = GENL_UNS_ADMIN_PERM,
12753 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12754 				  NL80211_FLAG_NEED_RTNL,
12755 	},
12756 	{
12757 		.cmd = NL80211_CMD_DEL_STATION,
12758 		.doit = nl80211_del_station,
12759 		.policy = nl80211_policy,
12760 		.flags = GENL_UNS_ADMIN_PERM,
12761 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12762 				  NL80211_FLAG_NEED_RTNL,
12763 	},
12764 	{
12765 		.cmd = NL80211_CMD_GET_MPATH,
12766 		.doit = nl80211_get_mpath,
12767 		.dumpit = nl80211_dump_mpath,
12768 		.policy = nl80211_policy,
12769 		.flags = GENL_UNS_ADMIN_PERM,
12770 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12771 				  NL80211_FLAG_NEED_RTNL,
12772 	},
12773 	{
12774 		.cmd = NL80211_CMD_GET_MPP,
12775 		.doit = nl80211_get_mpp,
12776 		.dumpit = nl80211_dump_mpp,
12777 		.policy = nl80211_policy,
12778 		.flags = GENL_UNS_ADMIN_PERM,
12779 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12780 				  NL80211_FLAG_NEED_RTNL,
12781 	},
12782 	{
12783 		.cmd = NL80211_CMD_SET_MPATH,
12784 		.doit = nl80211_set_mpath,
12785 		.policy = nl80211_policy,
12786 		.flags = GENL_UNS_ADMIN_PERM,
12787 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12788 				  NL80211_FLAG_NEED_RTNL,
12789 	},
12790 	{
12791 		.cmd = NL80211_CMD_NEW_MPATH,
12792 		.doit = nl80211_new_mpath,
12793 		.policy = nl80211_policy,
12794 		.flags = GENL_UNS_ADMIN_PERM,
12795 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12796 				  NL80211_FLAG_NEED_RTNL,
12797 	},
12798 	{
12799 		.cmd = NL80211_CMD_DEL_MPATH,
12800 		.doit = nl80211_del_mpath,
12801 		.policy = nl80211_policy,
12802 		.flags = GENL_UNS_ADMIN_PERM,
12803 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12804 				  NL80211_FLAG_NEED_RTNL,
12805 	},
12806 	{
12807 		.cmd = NL80211_CMD_SET_BSS,
12808 		.doit = nl80211_set_bss,
12809 		.policy = nl80211_policy,
12810 		.flags = GENL_UNS_ADMIN_PERM,
12811 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12812 				  NL80211_FLAG_NEED_RTNL,
12813 	},
12814 	{
12815 		.cmd = NL80211_CMD_GET_REG,
12816 		.doit = nl80211_get_reg_do,
12817 		.dumpit = nl80211_get_reg_dump,
12818 		.policy = nl80211_policy,
12819 		.internal_flags = NL80211_FLAG_NEED_RTNL,
12820 		/* can be retrieved by unprivileged users */
12821 	},
12822 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
12823 	{
12824 		.cmd = NL80211_CMD_SET_REG,
12825 		.doit = nl80211_set_reg,
12826 		.policy = nl80211_policy,
12827 		.flags = GENL_ADMIN_PERM,
12828 		.internal_flags = NL80211_FLAG_NEED_RTNL,
12829 	},
12830 #endif
12831 	{
12832 		.cmd = NL80211_CMD_REQ_SET_REG,
12833 		.doit = nl80211_req_set_reg,
12834 		.policy = nl80211_policy,
12835 		.flags = GENL_ADMIN_PERM,
12836 	},
12837 	{
12838 		.cmd = NL80211_CMD_RELOAD_REGDB,
12839 		.doit = nl80211_reload_regdb,
12840 		.policy = nl80211_policy,
12841 		.flags = GENL_ADMIN_PERM,
12842 	},
12843 	{
12844 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
12845 		.doit = nl80211_get_mesh_config,
12846 		.policy = nl80211_policy,
12847 		/* can be retrieved by unprivileged users */
12848 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12849 				  NL80211_FLAG_NEED_RTNL,
12850 	},
12851 	{
12852 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
12853 		.doit = nl80211_update_mesh_config,
12854 		.policy = nl80211_policy,
12855 		.flags = GENL_UNS_ADMIN_PERM,
12856 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12857 				  NL80211_FLAG_NEED_RTNL,
12858 	},
12859 	{
12860 		.cmd = NL80211_CMD_TRIGGER_SCAN,
12861 		.doit = nl80211_trigger_scan,
12862 		.policy = nl80211_policy,
12863 		.flags = GENL_UNS_ADMIN_PERM,
12864 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12865 				  NL80211_FLAG_NEED_RTNL,
12866 	},
12867 	{
12868 		.cmd = NL80211_CMD_ABORT_SCAN,
12869 		.doit = nl80211_abort_scan,
12870 		.policy = nl80211_policy,
12871 		.flags = GENL_UNS_ADMIN_PERM,
12872 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12873 				  NL80211_FLAG_NEED_RTNL,
12874 	},
12875 	{
12876 		.cmd = NL80211_CMD_GET_SCAN,
12877 		.policy = nl80211_policy,
12878 		.dumpit = nl80211_dump_scan,
12879 	},
12880 	{
12881 		.cmd = NL80211_CMD_START_SCHED_SCAN,
12882 		.doit = nl80211_start_sched_scan,
12883 		.policy = nl80211_policy,
12884 		.flags = GENL_UNS_ADMIN_PERM,
12885 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12886 				  NL80211_FLAG_NEED_RTNL,
12887 	},
12888 	{
12889 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
12890 		.doit = nl80211_stop_sched_scan,
12891 		.policy = nl80211_policy,
12892 		.flags = GENL_UNS_ADMIN_PERM,
12893 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12894 				  NL80211_FLAG_NEED_RTNL,
12895 	},
12896 	{
12897 		.cmd = NL80211_CMD_AUTHENTICATE,
12898 		.doit = nl80211_authenticate,
12899 		.policy = nl80211_policy,
12900 		.flags = GENL_UNS_ADMIN_PERM,
12901 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12902 				  NL80211_FLAG_NEED_RTNL |
12903 				  NL80211_FLAG_CLEAR_SKB,
12904 	},
12905 	{
12906 		.cmd = NL80211_CMD_ASSOCIATE,
12907 		.doit = nl80211_associate,
12908 		.policy = nl80211_policy,
12909 		.flags = GENL_UNS_ADMIN_PERM,
12910 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12911 				  NL80211_FLAG_NEED_RTNL,
12912 	},
12913 	{
12914 		.cmd = NL80211_CMD_DEAUTHENTICATE,
12915 		.doit = nl80211_deauthenticate,
12916 		.policy = nl80211_policy,
12917 		.flags = GENL_UNS_ADMIN_PERM,
12918 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12919 				  NL80211_FLAG_NEED_RTNL,
12920 	},
12921 	{
12922 		.cmd = NL80211_CMD_DISASSOCIATE,
12923 		.doit = nl80211_disassociate,
12924 		.policy = nl80211_policy,
12925 		.flags = GENL_UNS_ADMIN_PERM,
12926 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12927 				  NL80211_FLAG_NEED_RTNL,
12928 	},
12929 	{
12930 		.cmd = NL80211_CMD_JOIN_IBSS,
12931 		.doit = nl80211_join_ibss,
12932 		.policy = nl80211_policy,
12933 		.flags = GENL_UNS_ADMIN_PERM,
12934 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12935 				  NL80211_FLAG_NEED_RTNL,
12936 	},
12937 	{
12938 		.cmd = NL80211_CMD_LEAVE_IBSS,
12939 		.doit = nl80211_leave_ibss,
12940 		.policy = nl80211_policy,
12941 		.flags = GENL_UNS_ADMIN_PERM,
12942 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12943 				  NL80211_FLAG_NEED_RTNL,
12944 	},
12945 #ifdef CONFIG_NL80211_TESTMODE
12946 	{
12947 		.cmd = NL80211_CMD_TESTMODE,
12948 		.doit = nl80211_testmode_do,
12949 		.dumpit = nl80211_testmode_dump,
12950 		.policy = nl80211_policy,
12951 		.flags = GENL_UNS_ADMIN_PERM,
12952 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
12953 				  NL80211_FLAG_NEED_RTNL,
12954 	},
12955 #endif
12956 	{
12957 		.cmd = NL80211_CMD_CONNECT,
12958 		.doit = nl80211_connect,
12959 		.policy = nl80211_policy,
12960 		.flags = GENL_UNS_ADMIN_PERM,
12961 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12962 				  NL80211_FLAG_NEED_RTNL,
12963 	},
12964 	{
12965 		.cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
12966 		.doit = nl80211_update_connect_params,
12967 		.policy = nl80211_policy,
12968 		.flags = GENL_ADMIN_PERM,
12969 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12970 				  NL80211_FLAG_NEED_RTNL,
12971 	},
12972 	{
12973 		.cmd = NL80211_CMD_DISCONNECT,
12974 		.doit = nl80211_disconnect,
12975 		.policy = nl80211_policy,
12976 		.flags = GENL_UNS_ADMIN_PERM,
12977 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12978 				  NL80211_FLAG_NEED_RTNL,
12979 	},
12980 	{
12981 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
12982 		.doit = nl80211_wiphy_netns,
12983 		.policy = nl80211_policy,
12984 		.flags = GENL_UNS_ADMIN_PERM,
12985 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
12986 				  NL80211_FLAG_NEED_RTNL,
12987 	},
12988 	{
12989 		.cmd = NL80211_CMD_GET_SURVEY,
12990 		.policy = nl80211_policy,
12991 		.dumpit = nl80211_dump_survey,
12992 	},
12993 	{
12994 		.cmd = NL80211_CMD_SET_PMKSA,
12995 		.doit = nl80211_setdel_pmksa,
12996 		.policy = nl80211_policy,
12997 		.flags = GENL_UNS_ADMIN_PERM,
12998 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12999 				  NL80211_FLAG_NEED_RTNL,
13000 	},
13001 	{
13002 		.cmd = NL80211_CMD_DEL_PMKSA,
13003 		.doit = nl80211_setdel_pmksa,
13004 		.policy = nl80211_policy,
13005 		.flags = GENL_UNS_ADMIN_PERM,
13006 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13007 				  NL80211_FLAG_NEED_RTNL,
13008 	},
13009 	{
13010 		.cmd = NL80211_CMD_FLUSH_PMKSA,
13011 		.doit = nl80211_flush_pmksa,
13012 		.policy = nl80211_policy,
13013 		.flags = GENL_UNS_ADMIN_PERM,
13014 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13015 				  NL80211_FLAG_NEED_RTNL,
13016 	},
13017 	{
13018 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
13019 		.doit = nl80211_remain_on_channel,
13020 		.policy = nl80211_policy,
13021 		.flags = GENL_UNS_ADMIN_PERM,
13022 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13023 				  NL80211_FLAG_NEED_RTNL,
13024 	},
13025 	{
13026 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
13027 		.doit = nl80211_cancel_remain_on_channel,
13028 		.policy = nl80211_policy,
13029 		.flags = GENL_UNS_ADMIN_PERM,
13030 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13031 				  NL80211_FLAG_NEED_RTNL,
13032 	},
13033 	{
13034 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
13035 		.doit = nl80211_set_tx_bitrate_mask,
13036 		.policy = nl80211_policy,
13037 		.flags = GENL_UNS_ADMIN_PERM,
13038 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13039 				  NL80211_FLAG_NEED_RTNL,
13040 	},
13041 	{
13042 		.cmd = NL80211_CMD_REGISTER_FRAME,
13043 		.doit = nl80211_register_mgmt,
13044 		.policy = nl80211_policy,
13045 		.flags = GENL_UNS_ADMIN_PERM,
13046 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13047 				  NL80211_FLAG_NEED_RTNL,
13048 	},
13049 	{
13050 		.cmd = NL80211_CMD_FRAME,
13051 		.doit = nl80211_tx_mgmt,
13052 		.policy = nl80211_policy,
13053 		.flags = GENL_UNS_ADMIN_PERM,
13054 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13055 				  NL80211_FLAG_NEED_RTNL,
13056 	},
13057 	{
13058 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
13059 		.doit = nl80211_tx_mgmt_cancel_wait,
13060 		.policy = nl80211_policy,
13061 		.flags = GENL_UNS_ADMIN_PERM,
13062 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13063 				  NL80211_FLAG_NEED_RTNL,
13064 	},
13065 	{
13066 		.cmd = NL80211_CMD_SET_POWER_SAVE,
13067 		.doit = nl80211_set_power_save,
13068 		.policy = nl80211_policy,
13069 		.flags = GENL_UNS_ADMIN_PERM,
13070 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13071 				  NL80211_FLAG_NEED_RTNL,
13072 	},
13073 	{
13074 		.cmd = NL80211_CMD_GET_POWER_SAVE,
13075 		.doit = nl80211_get_power_save,
13076 		.policy = nl80211_policy,
13077 		/* can be retrieved by unprivileged users */
13078 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13079 				  NL80211_FLAG_NEED_RTNL,
13080 	},
13081 	{
13082 		.cmd = NL80211_CMD_SET_CQM,
13083 		.doit = nl80211_set_cqm,
13084 		.policy = nl80211_policy,
13085 		.flags = GENL_UNS_ADMIN_PERM,
13086 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13087 				  NL80211_FLAG_NEED_RTNL,
13088 	},
13089 	{
13090 		.cmd = NL80211_CMD_SET_CHANNEL,
13091 		.doit = nl80211_set_channel,
13092 		.policy = nl80211_policy,
13093 		.flags = GENL_UNS_ADMIN_PERM,
13094 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13095 				  NL80211_FLAG_NEED_RTNL,
13096 	},
13097 	{
13098 		.cmd = NL80211_CMD_SET_WDS_PEER,
13099 		.doit = nl80211_set_wds_peer,
13100 		.policy = nl80211_policy,
13101 		.flags = GENL_UNS_ADMIN_PERM,
13102 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13103 				  NL80211_FLAG_NEED_RTNL,
13104 	},
13105 	{
13106 		.cmd = NL80211_CMD_JOIN_MESH,
13107 		.doit = nl80211_join_mesh,
13108 		.policy = nl80211_policy,
13109 		.flags = GENL_UNS_ADMIN_PERM,
13110 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13111 				  NL80211_FLAG_NEED_RTNL,
13112 	},
13113 	{
13114 		.cmd = NL80211_CMD_LEAVE_MESH,
13115 		.doit = nl80211_leave_mesh,
13116 		.policy = nl80211_policy,
13117 		.flags = GENL_UNS_ADMIN_PERM,
13118 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13119 				  NL80211_FLAG_NEED_RTNL,
13120 	},
13121 	{
13122 		.cmd = NL80211_CMD_JOIN_OCB,
13123 		.doit = nl80211_join_ocb,
13124 		.policy = nl80211_policy,
13125 		.flags = GENL_UNS_ADMIN_PERM,
13126 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13127 				  NL80211_FLAG_NEED_RTNL,
13128 	},
13129 	{
13130 		.cmd = NL80211_CMD_LEAVE_OCB,
13131 		.doit = nl80211_leave_ocb,
13132 		.policy = nl80211_policy,
13133 		.flags = GENL_UNS_ADMIN_PERM,
13134 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13135 				  NL80211_FLAG_NEED_RTNL,
13136 	},
13137 #ifdef CONFIG_PM
13138 	{
13139 		.cmd = NL80211_CMD_GET_WOWLAN,
13140 		.doit = nl80211_get_wowlan,
13141 		.policy = nl80211_policy,
13142 		/* can be retrieved by unprivileged users */
13143 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13144 				  NL80211_FLAG_NEED_RTNL,
13145 	},
13146 	{
13147 		.cmd = NL80211_CMD_SET_WOWLAN,
13148 		.doit = nl80211_set_wowlan,
13149 		.policy = nl80211_policy,
13150 		.flags = GENL_UNS_ADMIN_PERM,
13151 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13152 				  NL80211_FLAG_NEED_RTNL,
13153 	},
13154 #endif
13155 	{
13156 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
13157 		.doit = nl80211_set_rekey_data,
13158 		.policy = nl80211_policy,
13159 		.flags = GENL_UNS_ADMIN_PERM,
13160 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13161 				  NL80211_FLAG_NEED_RTNL |
13162 				  NL80211_FLAG_CLEAR_SKB,
13163 	},
13164 	{
13165 		.cmd = NL80211_CMD_TDLS_MGMT,
13166 		.doit = nl80211_tdls_mgmt,
13167 		.policy = nl80211_policy,
13168 		.flags = GENL_UNS_ADMIN_PERM,
13169 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13170 				  NL80211_FLAG_NEED_RTNL,
13171 	},
13172 	{
13173 		.cmd = NL80211_CMD_TDLS_OPER,
13174 		.doit = nl80211_tdls_oper,
13175 		.policy = nl80211_policy,
13176 		.flags = GENL_UNS_ADMIN_PERM,
13177 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13178 				  NL80211_FLAG_NEED_RTNL,
13179 	},
13180 	{
13181 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
13182 		.doit = nl80211_register_unexpected_frame,
13183 		.policy = nl80211_policy,
13184 		.flags = GENL_UNS_ADMIN_PERM,
13185 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13186 				  NL80211_FLAG_NEED_RTNL,
13187 	},
13188 	{
13189 		.cmd = NL80211_CMD_PROBE_CLIENT,
13190 		.doit = nl80211_probe_client,
13191 		.policy = nl80211_policy,
13192 		.flags = GENL_UNS_ADMIN_PERM,
13193 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13194 				  NL80211_FLAG_NEED_RTNL,
13195 	},
13196 	{
13197 		.cmd = NL80211_CMD_REGISTER_BEACONS,
13198 		.doit = nl80211_register_beacons,
13199 		.policy = nl80211_policy,
13200 		.flags = GENL_UNS_ADMIN_PERM,
13201 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13202 				  NL80211_FLAG_NEED_RTNL,
13203 	},
13204 	{
13205 		.cmd = NL80211_CMD_SET_NOACK_MAP,
13206 		.doit = nl80211_set_noack_map,
13207 		.policy = nl80211_policy,
13208 		.flags = GENL_UNS_ADMIN_PERM,
13209 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13210 				  NL80211_FLAG_NEED_RTNL,
13211 	},
13212 	{
13213 		.cmd = NL80211_CMD_START_P2P_DEVICE,
13214 		.doit = nl80211_start_p2p_device,
13215 		.policy = nl80211_policy,
13216 		.flags = GENL_UNS_ADMIN_PERM,
13217 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13218 				  NL80211_FLAG_NEED_RTNL,
13219 	},
13220 	{
13221 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
13222 		.doit = nl80211_stop_p2p_device,
13223 		.policy = nl80211_policy,
13224 		.flags = GENL_UNS_ADMIN_PERM,
13225 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13226 				  NL80211_FLAG_NEED_RTNL,
13227 	},
13228 	{
13229 		.cmd = NL80211_CMD_START_NAN,
13230 		.doit = nl80211_start_nan,
13231 		.policy = nl80211_policy,
13232 		.flags = GENL_ADMIN_PERM,
13233 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13234 				  NL80211_FLAG_NEED_RTNL,
13235 	},
13236 	{
13237 		.cmd = NL80211_CMD_STOP_NAN,
13238 		.doit = nl80211_stop_nan,
13239 		.policy = nl80211_policy,
13240 		.flags = GENL_ADMIN_PERM,
13241 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13242 				  NL80211_FLAG_NEED_RTNL,
13243 	},
13244 	{
13245 		.cmd = NL80211_CMD_ADD_NAN_FUNCTION,
13246 		.doit = nl80211_nan_add_func,
13247 		.policy = nl80211_policy,
13248 		.flags = GENL_ADMIN_PERM,
13249 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13250 				  NL80211_FLAG_NEED_RTNL,
13251 	},
13252 	{
13253 		.cmd = NL80211_CMD_DEL_NAN_FUNCTION,
13254 		.doit = nl80211_nan_del_func,
13255 		.policy = nl80211_policy,
13256 		.flags = GENL_ADMIN_PERM,
13257 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13258 				  NL80211_FLAG_NEED_RTNL,
13259 	},
13260 	{
13261 		.cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
13262 		.doit = nl80211_nan_change_config,
13263 		.policy = nl80211_policy,
13264 		.flags = GENL_ADMIN_PERM,
13265 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13266 				  NL80211_FLAG_NEED_RTNL,
13267 	},
13268 	{
13269 		.cmd = NL80211_CMD_SET_MCAST_RATE,
13270 		.doit = nl80211_set_mcast_rate,
13271 		.policy = nl80211_policy,
13272 		.flags = GENL_UNS_ADMIN_PERM,
13273 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13274 				  NL80211_FLAG_NEED_RTNL,
13275 	},
13276 	{
13277 		.cmd = NL80211_CMD_SET_MAC_ACL,
13278 		.doit = nl80211_set_mac_acl,
13279 		.policy = nl80211_policy,
13280 		.flags = GENL_UNS_ADMIN_PERM,
13281 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13282 				  NL80211_FLAG_NEED_RTNL,
13283 	},
13284 	{
13285 		.cmd = NL80211_CMD_RADAR_DETECT,
13286 		.doit = nl80211_start_radar_detection,
13287 		.policy = nl80211_policy,
13288 		.flags = GENL_UNS_ADMIN_PERM,
13289 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13290 				  NL80211_FLAG_NEED_RTNL,
13291 	},
13292 	{
13293 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
13294 		.doit = nl80211_get_protocol_features,
13295 		.policy = nl80211_policy,
13296 	},
13297 	{
13298 		.cmd = NL80211_CMD_UPDATE_FT_IES,
13299 		.doit = nl80211_update_ft_ies,
13300 		.policy = nl80211_policy,
13301 		.flags = GENL_UNS_ADMIN_PERM,
13302 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13303 				  NL80211_FLAG_NEED_RTNL,
13304 	},
13305 	{
13306 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
13307 		.doit = nl80211_crit_protocol_start,
13308 		.policy = nl80211_policy,
13309 		.flags = GENL_UNS_ADMIN_PERM,
13310 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13311 				  NL80211_FLAG_NEED_RTNL,
13312 	},
13313 	{
13314 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
13315 		.doit = nl80211_crit_protocol_stop,
13316 		.policy = nl80211_policy,
13317 		.flags = GENL_UNS_ADMIN_PERM,
13318 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13319 				  NL80211_FLAG_NEED_RTNL,
13320 	},
13321 	{
13322 		.cmd = NL80211_CMD_GET_COALESCE,
13323 		.doit = nl80211_get_coalesce,
13324 		.policy = nl80211_policy,
13325 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13326 				  NL80211_FLAG_NEED_RTNL,
13327 	},
13328 	{
13329 		.cmd = NL80211_CMD_SET_COALESCE,
13330 		.doit = nl80211_set_coalesce,
13331 		.policy = nl80211_policy,
13332 		.flags = GENL_UNS_ADMIN_PERM,
13333 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13334 				  NL80211_FLAG_NEED_RTNL,
13335 	},
13336 	{
13337 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
13338 		.doit = nl80211_channel_switch,
13339 		.policy = nl80211_policy,
13340 		.flags = GENL_UNS_ADMIN_PERM,
13341 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13342 				  NL80211_FLAG_NEED_RTNL,
13343 	},
13344 	{
13345 		.cmd = NL80211_CMD_VENDOR,
13346 		.doit = nl80211_vendor_cmd,
13347 		.dumpit = nl80211_vendor_cmd_dump,
13348 		.policy = nl80211_policy,
13349 		.flags = GENL_UNS_ADMIN_PERM,
13350 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13351 				  NL80211_FLAG_NEED_RTNL,
13352 	},
13353 	{
13354 		.cmd = NL80211_CMD_SET_QOS_MAP,
13355 		.doit = nl80211_set_qos_map,
13356 		.policy = nl80211_policy,
13357 		.flags = GENL_UNS_ADMIN_PERM,
13358 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13359 				  NL80211_FLAG_NEED_RTNL,
13360 	},
13361 	{
13362 		.cmd = NL80211_CMD_ADD_TX_TS,
13363 		.doit = nl80211_add_tx_ts,
13364 		.policy = nl80211_policy,
13365 		.flags = GENL_UNS_ADMIN_PERM,
13366 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13367 				  NL80211_FLAG_NEED_RTNL,
13368 	},
13369 	{
13370 		.cmd = NL80211_CMD_DEL_TX_TS,
13371 		.doit = nl80211_del_tx_ts,
13372 		.policy = nl80211_policy,
13373 		.flags = GENL_UNS_ADMIN_PERM,
13374 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13375 				  NL80211_FLAG_NEED_RTNL,
13376 	},
13377 	{
13378 		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
13379 		.doit = nl80211_tdls_channel_switch,
13380 		.policy = nl80211_policy,
13381 		.flags = GENL_UNS_ADMIN_PERM,
13382 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13383 				  NL80211_FLAG_NEED_RTNL,
13384 	},
13385 	{
13386 		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
13387 		.doit = nl80211_tdls_cancel_channel_switch,
13388 		.policy = nl80211_policy,
13389 		.flags = GENL_UNS_ADMIN_PERM,
13390 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13391 				  NL80211_FLAG_NEED_RTNL,
13392 	},
13393 	{
13394 		.cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
13395 		.doit = nl80211_set_multicast_to_unicast,
13396 		.policy = nl80211_policy,
13397 		.flags = GENL_UNS_ADMIN_PERM,
13398 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13399 				  NL80211_FLAG_NEED_RTNL,
13400 	},
13401 	{
13402 		.cmd = NL80211_CMD_SET_PMK,
13403 		.doit = nl80211_set_pmk,
13404 		.policy = nl80211_policy,
13405 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13406 				  NL80211_FLAG_NEED_RTNL,
13407 	},
13408 	{
13409 		.cmd = NL80211_CMD_DEL_PMK,
13410 		.doit = nl80211_del_pmk,
13411 		.policy = nl80211_policy,
13412 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13413 				  NL80211_FLAG_NEED_RTNL,
13414 	},
13415 	{
13416 		.cmd = NL80211_CMD_EXTERNAL_AUTH,
13417 		.doit = nl80211_external_auth,
13418 		.policy = nl80211_policy,
13419 		.flags = GENL_ADMIN_PERM,
13420 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13421 				  NL80211_FLAG_NEED_RTNL,
13422 	},
13423 
13424 };
13425 
13426 static struct genl_family nl80211_fam __ro_after_init = {
13427 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
13428 	.hdrsize = 0,			/* no private header */
13429 	.version = 1,			/* no particular meaning now */
13430 	.maxattr = NL80211_ATTR_MAX,
13431 	.netnsok = true,
13432 	.pre_doit = nl80211_pre_doit,
13433 	.post_doit = nl80211_post_doit,
13434 	.module = THIS_MODULE,
13435 	.ops = nl80211_ops,
13436 	.n_ops = ARRAY_SIZE(nl80211_ops),
13437 	.mcgrps = nl80211_mcgrps,
13438 	.n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
13439 };
13440 
13441 /* notification functions */
13442 
13443 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
13444 			  enum nl80211_commands cmd)
13445 {
13446 	struct sk_buff *msg;
13447 	struct nl80211_dump_wiphy_state state = {};
13448 
13449 	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
13450 		cmd != NL80211_CMD_DEL_WIPHY);
13451 
13452 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13453 	if (!msg)
13454 		return;
13455 
13456 	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
13457 		nlmsg_free(msg);
13458 		return;
13459 	}
13460 
13461 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13462 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
13463 }
13464 
13465 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
13466 				struct wireless_dev *wdev,
13467 				enum nl80211_commands cmd)
13468 {
13469 	struct sk_buff *msg;
13470 
13471 	WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
13472 		cmd != NL80211_CMD_DEL_INTERFACE);
13473 
13474 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13475 	if (!msg)
13476 		return;
13477 
13478 	if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev,
13479 			       cmd == NL80211_CMD_DEL_INTERFACE) < 0) {
13480 		nlmsg_free(msg);
13481 		return;
13482 	}
13483 
13484 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13485 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
13486 }
13487 
13488 static int nl80211_add_scan_req(struct sk_buff *msg,
13489 				struct cfg80211_registered_device *rdev)
13490 {
13491 	struct cfg80211_scan_request *req = rdev->scan_req;
13492 	struct nlattr *nest;
13493 	int i;
13494 
13495 	if (WARN_ON(!req))
13496 		return 0;
13497 
13498 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
13499 	if (!nest)
13500 		goto nla_put_failure;
13501 	for (i = 0; i < req->n_ssids; i++) {
13502 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
13503 			goto nla_put_failure;
13504 	}
13505 	nla_nest_end(msg, nest);
13506 
13507 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
13508 	if (!nest)
13509 		goto nla_put_failure;
13510 	for (i = 0; i < req->n_channels; i++) {
13511 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
13512 			goto nla_put_failure;
13513 	}
13514 	nla_nest_end(msg, nest);
13515 
13516 	if (req->ie &&
13517 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
13518 		goto nla_put_failure;
13519 
13520 	if (req->flags &&
13521 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
13522 		goto nla_put_failure;
13523 
13524 	if (req->info.scan_start_tsf &&
13525 	    (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
13526 			       req->info.scan_start_tsf, NL80211_BSS_PAD) ||
13527 	     nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
13528 		     req->info.tsf_bssid)))
13529 		goto nla_put_failure;
13530 
13531 	return 0;
13532  nla_put_failure:
13533 	return -ENOBUFS;
13534 }
13535 
13536 static int nl80211_prep_scan_msg(struct sk_buff *msg,
13537 				 struct cfg80211_registered_device *rdev,
13538 				 struct wireless_dev *wdev,
13539 				 u32 portid, u32 seq, int flags,
13540 				 u32 cmd)
13541 {
13542 	void *hdr;
13543 
13544 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
13545 	if (!hdr)
13546 		return -1;
13547 
13548 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13549 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13550 					 wdev->netdev->ifindex)) ||
13551 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13552 			      NL80211_ATTR_PAD))
13553 		goto nla_put_failure;
13554 
13555 	/* ignore errors and send incomplete event anyway */
13556 	nl80211_add_scan_req(msg, rdev);
13557 
13558 	genlmsg_end(msg, hdr);
13559 	return 0;
13560 
13561  nla_put_failure:
13562 	genlmsg_cancel(msg, hdr);
13563 	return -EMSGSIZE;
13564 }
13565 
13566 static int
13567 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
13568 			    struct cfg80211_sched_scan_request *req, u32 cmd)
13569 {
13570 	void *hdr;
13571 
13572 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13573 	if (!hdr)
13574 		return -1;
13575 
13576 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
13577 			wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
13578 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
13579 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
13580 			      NL80211_ATTR_PAD))
13581 		goto nla_put_failure;
13582 
13583 	genlmsg_end(msg, hdr);
13584 	return 0;
13585 
13586  nla_put_failure:
13587 	genlmsg_cancel(msg, hdr);
13588 	return -EMSGSIZE;
13589 }
13590 
13591 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
13592 			     struct wireless_dev *wdev)
13593 {
13594 	struct sk_buff *msg;
13595 
13596 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13597 	if (!msg)
13598 		return;
13599 
13600 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
13601 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
13602 		nlmsg_free(msg);
13603 		return;
13604 	}
13605 
13606 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13607 				NL80211_MCGRP_SCAN, GFP_KERNEL);
13608 }
13609 
13610 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
13611 				       struct wireless_dev *wdev, bool aborted)
13612 {
13613 	struct sk_buff *msg;
13614 
13615 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13616 	if (!msg)
13617 		return NULL;
13618 
13619 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
13620 				  aborted ? NL80211_CMD_SCAN_ABORTED :
13621 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
13622 		nlmsg_free(msg);
13623 		return NULL;
13624 	}
13625 
13626 	return msg;
13627 }
13628 
13629 /* send message created by nl80211_build_scan_msg() */
13630 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
13631 			   struct sk_buff *msg)
13632 {
13633 	if (!msg)
13634 		return;
13635 
13636 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13637 				NL80211_MCGRP_SCAN, GFP_KERNEL);
13638 }
13639 
13640 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
13641 {
13642 	struct sk_buff *msg;
13643 
13644 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13645 	if (!msg)
13646 		return;
13647 
13648 	if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
13649 		nlmsg_free(msg);
13650 		return;
13651 	}
13652 
13653 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
13654 				NL80211_MCGRP_SCAN, GFP_KERNEL);
13655 }
13656 
13657 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
13658 					  struct regulatory_request *request)
13659 {
13660 	/* Userspace can always count this one always being set */
13661 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
13662 		goto nla_put_failure;
13663 
13664 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
13665 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13666 			       NL80211_REGDOM_TYPE_WORLD))
13667 			goto nla_put_failure;
13668 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
13669 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13670 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
13671 			goto nla_put_failure;
13672 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
13673 		   request->intersect) {
13674 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13675 			       NL80211_REGDOM_TYPE_INTERSECTION))
13676 			goto nla_put_failure;
13677 	} else {
13678 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13679 			       NL80211_REGDOM_TYPE_COUNTRY) ||
13680 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
13681 				   request->alpha2))
13682 			goto nla_put_failure;
13683 	}
13684 
13685 	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
13686 		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
13687 
13688 		if (wiphy &&
13689 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
13690 			goto nla_put_failure;
13691 
13692 		if (wiphy &&
13693 		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
13694 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
13695 			goto nla_put_failure;
13696 	}
13697 
13698 	return true;
13699 
13700 nla_put_failure:
13701 	return false;
13702 }
13703 
13704 /*
13705  * This can happen on global regulatory changes or device specific settings
13706  * based on custom regulatory domains.
13707  */
13708 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
13709 				     struct regulatory_request *request)
13710 {
13711 	struct sk_buff *msg;
13712 	void *hdr;
13713 
13714 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13715 	if (!msg)
13716 		return;
13717 
13718 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
13719 	if (!hdr) {
13720 		nlmsg_free(msg);
13721 		return;
13722 	}
13723 
13724 	if (nl80211_reg_change_event_fill(msg, request) == false)
13725 		goto nla_put_failure;
13726 
13727 	genlmsg_end(msg, hdr);
13728 
13729 	rcu_read_lock();
13730 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
13731 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
13732 	rcu_read_unlock();
13733 
13734 	return;
13735 
13736 nla_put_failure:
13737 	nlmsg_free(msg);
13738 }
13739 
13740 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
13741 				    struct net_device *netdev,
13742 				    const u8 *buf, size_t len,
13743 				    enum nl80211_commands cmd, gfp_t gfp,
13744 				    int uapsd_queues)
13745 {
13746 	struct sk_buff *msg;
13747 	void *hdr;
13748 
13749 	msg = nlmsg_new(100 + len, gfp);
13750 	if (!msg)
13751 		return;
13752 
13753 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13754 	if (!hdr) {
13755 		nlmsg_free(msg);
13756 		return;
13757 	}
13758 
13759 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13760 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13761 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
13762 		goto nla_put_failure;
13763 
13764 	if (uapsd_queues >= 0) {
13765 		struct nlattr *nla_wmm =
13766 			nla_nest_start(msg, NL80211_ATTR_STA_WME);
13767 		if (!nla_wmm)
13768 			goto nla_put_failure;
13769 
13770 		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
13771 			       uapsd_queues))
13772 			goto nla_put_failure;
13773 
13774 		nla_nest_end(msg, nla_wmm);
13775 	}
13776 
13777 	genlmsg_end(msg, hdr);
13778 
13779 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13780 				NL80211_MCGRP_MLME, gfp);
13781 	return;
13782 
13783  nla_put_failure:
13784 	nlmsg_free(msg);
13785 }
13786 
13787 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
13788 			  struct net_device *netdev, const u8 *buf,
13789 			  size_t len, gfp_t gfp)
13790 {
13791 	nl80211_send_mlme_event(rdev, netdev, buf, len,
13792 				NL80211_CMD_AUTHENTICATE, gfp, -1);
13793 }
13794 
13795 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
13796 			   struct net_device *netdev, const u8 *buf,
13797 			   size_t len, gfp_t gfp, int uapsd_queues)
13798 {
13799 	nl80211_send_mlme_event(rdev, netdev, buf, len,
13800 				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
13801 }
13802 
13803 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
13804 			 struct net_device *netdev, const u8 *buf,
13805 			 size_t len, gfp_t gfp)
13806 {
13807 	nl80211_send_mlme_event(rdev, netdev, buf, len,
13808 				NL80211_CMD_DEAUTHENTICATE, gfp, -1);
13809 }
13810 
13811 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
13812 			   struct net_device *netdev, const u8 *buf,
13813 			   size_t len, gfp_t gfp)
13814 {
13815 	nl80211_send_mlme_event(rdev, netdev, buf, len,
13816 				NL80211_CMD_DISASSOCIATE, gfp, -1);
13817 }
13818 
13819 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
13820 				  size_t len)
13821 {
13822 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13823 	struct wiphy *wiphy = wdev->wiphy;
13824 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13825 	const struct ieee80211_mgmt *mgmt = (void *)buf;
13826 	u32 cmd;
13827 
13828 	if (WARN_ON(len < 2))
13829 		return;
13830 
13831 	if (ieee80211_is_deauth(mgmt->frame_control))
13832 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
13833 	else
13834 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
13835 
13836 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
13837 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
13838 }
13839 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
13840 
13841 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
13842 				      struct net_device *netdev, int cmd,
13843 				      const u8 *addr, gfp_t gfp)
13844 {
13845 	struct sk_buff *msg;
13846 	void *hdr;
13847 
13848 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13849 	if (!msg)
13850 		return;
13851 
13852 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13853 	if (!hdr) {
13854 		nlmsg_free(msg);
13855 		return;
13856 	}
13857 
13858 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13859 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13860 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
13861 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
13862 		goto nla_put_failure;
13863 
13864 	genlmsg_end(msg, hdr);
13865 
13866 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13867 				NL80211_MCGRP_MLME, gfp);
13868 	return;
13869 
13870  nla_put_failure:
13871 	nlmsg_free(msg);
13872 }
13873 
13874 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
13875 			       struct net_device *netdev, const u8 *addr,
13876 			       gfp_t gfp)
13877 {
13878 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
13879 				  addr, gfp);
13880 }
13881 
13882 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
13883 				struct net_device *netdev, const u8 *addr,
13884 				gfp_t gfp)
13885 {
13886 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
13887 				  addr, gfp);
13888 }
13889 
13890 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
13891 				 struct net_device *netdev,
13892 				 struct cfg80211_connect_resp_params *cr,
13893 				 gfp_t gfp)
13894 {
13895 	struct sk_buff *msg;
13896 	void *hdr;
13897 
13898 	msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
13899 			cr->fils_kek_len + cr->pmk_len +
13900 			(cr->pmkid ? WLAN_PMKID_LEN : 0), gfp);
13901 	if (!msg)
13902 		return;
13903 
13904 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
13905 	if (!hdr) {
13906 		nlmsg_free(msg);
13907 		return;
13908 	}
13909 
13910 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13911 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13912 	    (cr->bssid &&
13913 	     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
13914 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
13915 			cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
13916 			cr->status) ||
13917 	    (cr->status < 0 &&
13918 	     (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
13919 	      nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
13920 			  cr->timeout_reason))) ||
13921 	    (cr->req_ie &&
13922 	     nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
13923 	    (cr->resp_ie &&
13924 	     nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
13925 		     cr->resp_ie)) ||
13926 	    (cr->update_erp_next_seq_num &&
13927 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
13928 			 cr->fils_erp_next_seq_num)) ||
13929 	    (cr->status == WLAN_STATUS_SUCCESS &&
13930 	     ((cr->fils_kek &&
13931 	       nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils_kek_len,
13932 		       cr->fils_kek)) ||
13933 	      (cr->pmk &&
13934 	       nla_put(msg, NL80211_ATTR_PMK, cr->pmk_len, cr->pmk)) ||
13935 	      (cr->pmkid &&
13936 	       nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->pmkid)))))
13937 		goto nla_put_failure;
13938 
13939 	genlmsg_end(msg, hdr);
13940 
13941 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13942 				NL80211_MCGRP_MLME, gfp);
13943 	return;
13944 
13945  nla_put_failure:
13946 	nlmsg_free(msg);
13947 }
13948 
13949 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
13950 			 struct net_device *netdev,
13951 			 struct cfg80211_roam_info *info, gfp_t gfp)
13952 {
13953 	struct sk_buff *msg;
13954 	void *hdr;
13955 	const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
13956 
13957 	msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len, gfp);
13958 	if (!msg)
13959 		return;
13960 
13961 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
13962 	if (!hdr) {
13963 		nlmsg_free(msg);
13964 		return;
13965 	}
13966 
13967 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13968 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13969 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
13970 	    (info->req_ie &&
13971 	     nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
13972 		     info->req_ie)) ||
13973 	    (info->resp_ie &&
13974 	     nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
13975 		     info->resp_ie)))
13976 		goto nla_put_failure;
13977 
13978 	genlmsg_end(msg, hdr);
13979 
13980 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13981 				NL80211_MCGRP_MLME, gfp);
13982 	return;
13983 
13984  nla_put_failure:
13985 	nlmsg_free(msg);
13986 }
13987 
13988 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
13989 				  struct net_device *netdev, const u8 *bssid)
13990 {
13991 	struct sk_buff *msg;
13992 	void *hdr;
13993 
13994 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13995 	if (!msg)
13996 		return;
13997 
13998 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
13999 	if (!hdr) {
14000 		nlmsg_free(msg);
14001 		return;
14002 	}
14003 
14004 	if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14005 		goto nla_put_failure;
14006 
14007 	genlmsg_end(msg, hdr);
14008 
14009 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14010 				NL80211_MCGRP_MLME, GFP_KERNEL);
14011 	return;
14012 
14013  nla_put_failure:
14014 	nlmsg_free(msg);
14015 }
14016 
14017 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
14018 			       struct net_device *netdev, u16 reason,
14019 			       const u8 *ie, size_t ie_len, bool from_ap)
14020 {
14021 	struct sk_buff *msg;
14022 	void *hdr;
14023 
14024 	msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
14025 	if (!msg)
14026 		return;
14027 
14028 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
14029 	if (!hdr) {
14030 		nlmsg_free(msg);
14031 		return;
14032 	}
14033 
14034 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14035 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14036 	    (reason &&
14037 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
14038 	    (from_ap &&
14039 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
14040 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
14041 		goto nla_put_failure;
14042 
14043 	genlmsg_end(msg, hdr);
14044 
14045 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14046 				NL80211_MCGRP_MLME, GFP_KERNEL);
14047 	return;
14048 
14049  nla_put_failure:
14050 	nlmsg_free(msg);
14051 }
14052 
14053 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
14054 			     struct net_device *netdev, const u8 *bssid,
14055 			     gfp_t gfp)
14056 {
14057 	struct sk_buff *msg;
14058 	void *hdr;
14059 
14060 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14061 	if (!msg)
14062 		return;
14063 
14064 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
14065 	if (!hdr) {
14066 		nlmsg_free(msg);
14067 		return;
14068 	}
14069 
14070 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14071 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14072 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14073 		goto nla_put_failure;
14074 
14075 	genlmsg_end(msg, hdr);
14076 
14077 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14078 				NL80211_MCGRP_MLME, gfp);
14079 	return;
14080 
14081  nla_put_failure:
14082 	nlmsg_free(msg);
14083 }
14084 
14085 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
14086 					const u8* ie, u8 ie_len, gfp_t gfp)
14087 {
14088 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14089 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14090 	struct sk_buff *msg;
14091 	void *hdr;
14092 
14093 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
14094 		return;
14095 
14096 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
14097 
14098 	msg = nlmsg_new(100 + ie_len, gfp);
14099 	if (!msg)
14100 		return;
14101 
14102 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
14103 	if (!hdr) {
14104 		nlmsg_free(msg);
14105 		return;
14106 	}
14107 
14108 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14109 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14110 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
14111 	    (ie_len && ie &&
14112 	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
14113 		goto nla_put_failure;
14114 
14115 	genlmsg_end(msg, hdr);
14116 
14117 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14118 				NL80211_MCGRP_MLME, gfp);
14119 	return;
14120 
14121  nla_put_failure:
14122 	nlmsg_free(msg);
14123 }
14124 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
14125 
14126 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
14127 				 struct net_device *netdev, const u8 *addr,
14128 				 enum nl80211_key_type key_type, int key_id,
14129 				 const u8 *tsc, gfp_t gfp)
14130 {
14131 	struct sk_buff *msg;
14132 	void *hdr;
14133 
14134 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14135 	if (!msg)
14136 		return;
14137 
14138 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
14139 	if (!hdr) {
14140 		nlmsg_free(msg);
14141 		return;
14142 	}
14143 
14144 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14145 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14146 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
14147 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
14148 	    (key_id != -1 &&
14149 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
14150 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
14151 		goto nla_put_failure;
14152 
14153 	genlmsg_end(msg, hdr);
14154 
14155 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14156 				NL80211_MCGRP_MLME, gfp);
14157 	return;
14158 
14159  nla_put_failure:
14160 	nlmsg_free(msg);
14161 }
14162 
14163 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
14164 				    struct ieee80211_channel *channel_before,
14165 				    struct ieee80211_channel *channel_after)
14166 {
14167 	struct sk_buff *msg;
14168 	void *hdr;
14169 	struct nlattr *nl_freq;
14170 
14171 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
14172 	if (!msg)
14173 		return;
14174 
14175 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
14176 	if (!hdr) {
14177 		nlmsg_free(msg);
14178 		return;
14179 	}
14180 
14181 	/*
14182 	 * Since we are applying the beacon hint to a wiphy we know its
14183 	 * wiphy_idx is valid
14184 	 */
14185 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
14186 		goto nla_put_failure;
14187 
14188 	/* Before */
14189 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
14190 	if (!nl_freq)
14191 		goto nla_put_failure;
14192 	if (nl80211_msg_put_channel(msg, channel_before, false))
14193 		goto nla_put_failure;
14194 	nla_nest_end(msg, nl_freq);
14195 
14196 	/* After */
14197 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
14198 	if (!nl_freq)
14199 		goto nla_put_failure;
14200 	if (nl80211_msg_put_channel(msg, channel_after, false))
14201 		goto nla_put_failure;
14202 	nla_nest_end(msg, nl_freq);
14203 
14204 	genlmsg_end(msg, hdr);
14205 
14206 	rcu_read_lock();
14207 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14208 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
14209 	rcu_read_unlock();
14210 
14211 	return;
14212 
14213 nla_put_failure:
14214 	nlmsg_free(msg);
14215 }
14216 
14217 static void nl80211_send_remain_on_chan_event(
14218 	int cmd, struct cfg80211_registered_device *rdev,
14219 	struct wireless_dev *wdev, u64 cookie,
14220 	struct ieee80211_channel *chan,
14221 	unsigned int duration, gfp_t gfp)
14222 {
14223 	struct sk_buff *msg;
14224 	void *hdr;
14225 
14226 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14227 	if (!msg)
14228 		return;
14229 
14230 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14231 	if (!hdr) {
14232 		nlmsg_free(msg);
14233 		return;
14234 	}
14235 
14236 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14237 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14238 					 wdev->netdev->ifindex)) ||
14239 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14240 			      NL80211_ATTR_PAD) ||
14241 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
14242 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
14243 			NL80211_CHAN_NO_HT) ||
14244 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14245 			      NL80211_ATTR_PAD))
14246 		goto nla_put_failure;
14247 
14248 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
14249 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
14250 		goto nla_put_failure;
14251 
14252 	genlmsg_end(msg, hdr);
14253 
14254 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14255 				NL80211_MCGRP_MLME, gfp);
14256 	return;
14257 
14258  nla_put_failure:
14259 	nlmsg_free(msg);
14260 }
14261 
14262 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
14263 			       struct ieee80211_channel *chan,
14264 			       unsigned int duration, gfp_t gfp)
14265 {
14266 	struct wiphy *wiphy = wdev->wiphy;
14267 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14268 
14269 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
14270 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
14271 					  rdev, wdev, cookie, chan,
14272 					  duration, gfp);
14273 }
14274 EXPORT_SYMBOL(cfg80211_ready_on_channel);
14275 
14276 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
14277 					struct ieee80211_channel *chan,
14278 					gfp_t gfp)
14279 {
14280 	struct wiphy *wiphy = wdev->wiphy;
14281 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14282 
14283 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
14284 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14285 					  rdev, wdev, cookie, chan, 0, gfp);
14286 }
14287 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
14288 
14289 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
14290 		      struct station_info *sinfo, gfp_t gfp)
14291 {
14292 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14293 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14294 	struct sk_buff *msg;
14295 
14296 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
14297 
14298 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14299 	if (!msg)
14300 		return;
14301 
14302 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
14303 				 rdev, dev, mac_addr, sinfo) < 0) {
14304 		nlmsg_free(msg);
14305 		return;
14306 	}
14307 
14308 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14309 				NL80211_MCGRP_MLME, gfp);
14310 }
14311 EXPORT_SYMBOL(cfg80211_new_sta);
14312 
14313 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
14314 			    struct station_info *sinfo, gfp_t gfp)
14315 {
14316 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14317 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14318 	struct sk_buff *msg;
14319 	struct station_info empty_sinfo = {};
14320 
14321 	if (!sinfo)
14322 		sinfo = &empty_sinfo;
14323 
14324 	trace_cfg80211_del_sta(dev, mac_addr);
14325 
14326 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14327 	if (!msg)
14328 		return;
14329 
14330 	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
14331 				 rdev, dev, mac_addr, sinfo) < 0) {
14332 		nlmsg_free(msg);
14333 		return;
14334 	}
14335 
14336 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14337 				NL80211_MCGRP_MLME, gfp);
14338 }
14339 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
14340 
14341 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
14342 			  enum nl80211_connect_failed_reason reason,
14343 			  gfp_t gfp)
14344 {
14345 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14346 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14347 	struct sk_buff *msg;
14348 	void *hdr;
14349 
14350 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
14351 	if (!msg)
14352 		return;
14353 
14354 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
14355 	if (!hdr) {
14356 		nlmsg_free(msg);
14357 		return;
14358 	}
14359 
14360 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14361 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
14362 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
14363 		goto nla_put_failure;
14364 
14365 	genlmsg_end(msg, hdr);
14366 
14367 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14368 				NL80211_MCGRP_MLME, gfp);
14369 	return;
14370 
14371  nla_put_failure:
14372 	nlmsg_free(msg);
14373 }
14374 EXPORT_SYMBOL(cfg80211_conn_failed);
14375 
14376 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
14377 				       const u8 *addr, gfp_t gfp)
14378 {
14379 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14380 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14381 	struct sk_buff *msg;
14382 	void *hdr;
14383 	u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
14384 
14385 	if (!nlportid)
14386 		return false;
14387 
14388 	msg = nlmsg_new(100, gfp);
14389 	if (!msg)
14390 		return true;
14391 
14392 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14393 	if (!hdr) {
14394 		nlmsg_free(msg);
14395 		return true;
14396 	}
14397 
14398 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14399 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14400 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
14401 		goto nla_put_failure;
14402 
14403 	genlmsg_end(msg, hdr);
14404 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
14405 	return true;
14406 
14407  nla_put_failure:
14408 	nlmsg_free(msg);
14409 	return true;
14410 }
14411 
14412 bool cfg80211_rx_spurious_frame(struct net_device *dev,
14413 				const u8 *addr, gfp_t gfp)
14414 {
14415 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14416 	bool ret;
14417 
14418 	trace_cfg80211_rx_spurious_frame(dev, addr);
14419 
14420 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
14421 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
14422 		trace_cfg80211_return_bool(false);
14423 		return false;
14424 	}
14425 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
14426 					 addr, gfp);
14427 	trace_cfg80211_return_bool(ret);
14428 	return ret;
14429 }
14430 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
14431 
14432 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
14433 					const u8 *addr, gfp_t gfp)
14434 {
14435 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14436 	bool ret;
14437 
14438 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
14439 
14440 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
14441 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
14442 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
14443 		trace_cfg80211_return_bool(false);
14444 		return false;
14445 	}
14446 	ret = __nl80211_unexpected_frame(dev,
14447 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
14448 					 addr, gfp);
14449 	trace_cfg80211_return_bool(ret);
14450 	return ret;
14451 }
14452 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
14453 
14454 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
14455 		      struct wireless_dev *wdev, u32 nlportid,
14456 		      int freq, int sig_dbm,
14457 		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
14458 {
14459 	struct net_device *netdev = wdev->netdev;
14460 	struct sk_buff *msg;
14461 	void *hdr;
14462 
14463 	msg = nlmsg_new(100 + len, gfp);
14464 	if (!msg)
14465 		return -ENOMEM;
14466 
14467 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
14468 	if (!hdr) {
14469 		nlmsg_free(msg);
14470 		return -ENOMEM;
14471 	}
14472 
14473 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14474 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14475 					netdev->ifindex)) ||
14476 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14477 			      NL80211_ATTR_PAD) ||
14478 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
14479 	    (sig_dbm &&
14480 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
14481 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14482 	    (flags &&
14483 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
14484 		goto nla_put_failure;
14485 
14486 	genlmsg_end(msg, hdr);
14487 
14488 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
14489 
14490  nla_put_failure:
14491 	nlmsg_free(msg);
14492 	return -ENOBUFS;
14493 }
14494 
14495 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
14496 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
14497 {
14498 	struct wiphy *wiphy = wdev->wiphy;
14499 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14500 	struct net_device *netdev = wdev->netdev;
14501 	struct sk_buff *msg;
14502 	void *hdr;
14503 
14504 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
14505 
14506 	msg = nlmsg_new(100 + len, gfp);
14507 	if (!msg)
14508 		return;
14509 
14510 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
14511 	if (!hdr) {
14512 		nlmsg_free(msg);
14513 		return;
14514 	}
14515 
14516 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14517 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14518 				   netdev->ifindex)) ||
14519 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14520 			      NL80211_ATTR_PAD) ||
14521 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14522 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14523 			      NL80211_ATTR_PAD) ||
14524 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
14525 		goto nla_put_failure;
14526 
14527 	genlmsg_end(msg, hdr);
14528 
14529 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14530 				NL80211_MCGRP_MLME, gfp);
14531 	return;
14532 
14533  nla_put_failure:
14534 	nlmsg_free(msg);
14535 }
14536 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
14537 
14538 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
14539 					    const char *mac, gfp_t gfp)
14540 {
14541 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14542 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14543 	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14544 	void **cb;
14545 
14546 	if (!msg)
14547 		return NULL;
14548 
14549 	cb = (void **)msg->cb;
14550 
14551 	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
14552 	if (!cb[0]) {
14553 		nlmsg_free(msg);
14554 		return NULL;
14555 	}
14556 
14557 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14558 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
14559 		goto nla_put_failure;
14560 
14561 	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
14562 		goto nla_put_failure;
14563 
14564 	cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
14565 	if (!cb[1])
14566 		goto nla_put_failure;
14567 
14568 	cb[2] = rdev;
14569 
14570 	return msg;
14571  nla_put_failure:
14572 	nlmsg_free(msg);
14573 	return NULL;
14574 }
14575 
14576 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
14577 {
14578 	void **cb = (void **)msg->cb;
14579 	struct cfg80211_registered_device *rdev = cb[2];
14580 
14581 	nla_nest_end(msg, cb[1]);
14582 	genlmsg_end(msg, cb[0]);
14583 
14584 	memset(msg->cb, 0, sizeof(msg->cb));
14585 
14586 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14587 				NL80211_MCGRP_MLME, gfp);
14588 }
14589 
14590 void cfg80211_cqm_rssi_notify(struct net_device *dev,
14591 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
14592 			      s32 rssi_level, gfp_t gfp)
14593 {
14594 	struct sk_buff *msg;
14595 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14596 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14597 
14598 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
14599 
14600 	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
14601 		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
14602 		return;
14603 
14604 	if (wdev->cqm_config) {
14605 		wdev->cqm_config->last_rssi_event_value = rssi_level;
14606 
14607 		cfg80211_cqm_rssi_update(rdev, dev);
14608 
14609 		if (rssi_level == 0)
14610 			rssi_level = wdev->cqm_config->last_rssi_event_value;
14611 	}
14612 
14613 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
14614 	if (!msg)
14615 		return;
14616 
14617 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
14618 			rssi_event))
14619 		goto nla_put_failure;
14620 
14621 	if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
14622 				      rssi_level))
14623 		goto nla_put_failure;
14624 
14625 	cfg80211_send_cqm(msg, gfp);
14626 
14627 	return;
14628 
14629  nla_put_failure:
14630 	nlmsg_free(msg);
14631 }
14632 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
14633 
14634 void cfg80211_cqm_txe_notify(struct net_device *dev,
14635 			     const u8 *peer, u32 num_packets,
14636 			     u32 rate, u32 intvl, gfp_t gfp)
14637 {
14638 	struct sk_buff *msg;
14639 
14640 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
14641 	if (!msg)
14642 		return;
14643 
14644 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
14645 		goto nla_put_failure;
14646 
14647 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
14648 		goto nla_put_failure;
14649 
14650 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
14651 		goto nla_put_failure;
14652 
14653 	cfg80211_send_cqm(msg, gfp);
14654 	return;
14655 
14656  nla_put_failure:
14657 	nlmsg_free(msg);
14658 }
14659 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
14660 
14661 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
14662 				 const u8 *peer, u32 num_packets, gfp_t gfp)
14663 {
14664 	struct sk_buff *msg;
14665 
14666 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
14667 
14668 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
14669 	if (!msg)
14670 		return;
14671 
14672 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
14673 		goto nla_put_failure;
14674 
14675 	cfg80211_send_cqm(msg, gfp);
14676 	return;
14677 
14678  nla_put_failure:
14679 	nlmsg_free(msg);
14680 }
14681 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
14682 
14683 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
14684 {
14685 	struct sk_buff *msg;
14686 
14687 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
14688 	if (!msg)
14689 		return;
14690 
14691 	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
14692 		goto nla_put_failure;
14693 
14694 	cfg80211_send_cqm(msg, gfp);
14695 	return;
14696 
14697  nla_put_failure:
14698 	nlmsg_free(msg);
14699 }
14700 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
14701 
14702 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
14703 				     struct net_device *netdev, const u8 *bssid,
14704 				     const u8 *replay_ctr, gfp_t gfp)
14705 {
14706 	struct sk_buff *msg;
14707 	struct nlattr *rekey_attr;
14708 	void *hdr;
14709 
14710 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14711 	if (!msg)
14712 		return;
14713 
14714 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
14715 	if (!hdr) {
14716 		nlmsg_free(msg);
14717 		return;
14718 	}
14719 
14720 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14721 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14722 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14723 		goto nla_put_failure;
14724 
14725 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
14726 	if (!rekey_attr)
14727 		goto nla_put_failure;
14728 
14729 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
14730 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
14731 		goto nla_put_failure;
14732 
14733 	nla_nest_end(msg, rekey_attr);
14734 
14735 	genlmsg_end(msg, hdr);
14736 
14737 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14738 				NL80211_MCGRP_MLME, gfp);
14739 	return;
14740 
14741  nla_put_failure:
14742 	nlmsg_free(msg);
14743 }
14744 
14745 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
14746 			       const u8 *replay_ctr, gfp_t gfp)
14747 {
14748 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14749 	struct wiphy *wiphy = wdev->wiphy;
14750 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14751 
14752 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
14753 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
14754 }
14755 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
14756 
14757 static void
14758 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
14759 			       struct net_device *netdev, int index,
14760 			       const u8 *bssid, bool preauth, gfp_t gfp)
14761 {
14762 	struct sk_buff *msg;
14763 	struct nlattr *attr;
14764 	void *hdr;
14765 
14766 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14767 	if (!msg)
14768 		return;
14769 
14770 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
14771 	if (!hdr) {
14772 		nlmsg_free(msg);
14773 		return;
14774 	}
14775 
14776 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14777 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
14778 		goto nla_put_failure;
14779 
14780 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
14781 	if (!attr)
14782 		goto nla_put_failure;
14783 
14784 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
14785 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
14786 	    (preauth &&
14787 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
14788 		goto nla_put_failure;
14789 
14790 	nla_nest_end(msg, attr);
14791 
14792 	genlmsg_end(msg, hdr);
14793 
14794 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14795 				NL80211_MCGRP_MLME, gfp);
14796 	return;
14797 
14798  nla_put_failure:
14799 	nlmsg_free(msg);
14800 }
14801 
14802 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
14803 				     const u8 *bssid, bool preauth, gfp_t gfp)
14804 {
14805 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14806 	struct wiphy *wiphy = wdev->wiphy;
14807 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14808 
14809 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
14810 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
14811 }
14812 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
14813 
14814 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
14815 				     struct net_device *netdev,
14816 				     struct cfg80211_chan_def *chandef,
14817 				     gfp_t gfp,
14818 				     enum nl80211_commands notif,
14819 				     u8 count)
14820 {
14821 	struct sk_buff *msg;
14822 	void *hdr;
14823 
14824 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14825 	if (!msg)
14826 		return;
14827 
14828 	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
14829 	if (!hdr) {
14830 		nlmsg_free(msg);
14831 		return;
14832 	}
14833 
14834 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
14835 		goto nla_put_failure;
14836 
14837 	if (nl80211_send_chandef(msg, chandef))
14838 		goto nla_put_failure;
14839 
14840 	if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
14841 	    (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
14842 			goto nla_put_failure;
14843 
14844 	genlmsg_end(msg, hdr);
14845 
14846 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14847 				NL80211_MCGRP_MLME, gfp);
14848 	return;
14849 
14850  nla_put_failure:
14851 	nlmsg_free(msg);
14852 }
14853 
14854 void cfg80211_ch_switch_notify(struct net_device *dev,
14855 			       struct cfg80211_chan_def *chandef)
14856 {
14857 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14858 	struct wiphy *wiphy = wdev->wiphy;
14859 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14860 
14861 	ASSERT_WDEV_LOCK(wdev);
14862 
14863 	trace_cfg80211_ch_switch_notify(dev, chandef);
14864 
14865 	wdev->chandef = *chandef;
14866 	wdev->preset_chandef = *chandef;
14867 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
14868 				 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
14869 }
14870 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
14871 
14872 void cfg80211_ch_switch_started_notify(struct net_device *dev,
14873 				       struct cfg80211_chan_def *chandef,
14874 				       u8 count)
14875 {
14876 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14877 	struct wiphy *wiphy = wdev->wiphy;
14878 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14879 
14880 	trace_cfg80211_ch_switch_started_notify(dev, chandef);
14881 
14882 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
14883 				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
14884 }
14885 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
14886 
14887 void
14888 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
14889 		     const struct cfg80211_chan_def *chandef,
14890 		     enum nl80211_radar_event event,
14891 		     struct net_device *netdev, gfp_t gfp)
14892 {
14893 	struct sk_buff *msg;
14894 	void *hdr;
14895 
14896 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14897 	if (!msg)
14898 		return;
14899 
14900 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
14901 	if (!hdr) {
14902 		nlmsg_free(msg);
14903 		return;
14904 	}
14905 
14906 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
14907 		goto nla_put_failure;
14908 
14909 	/* NOP and radar events don't need a netdev parameter */
14910 	if (netdev) {
14911 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
14912 
14913 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14914 		    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14915 				      NL80211_ATTR_PAD))
14916 			goto nla_put_failure;
14917 	}
14918 
14919 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
14920 		goto nla_put_failure;
14921 
14922 	if (nl80211_send_chandef(msg, chandef))
14923 		goto nla_put_failure;
14924 
14925 	genlmsg_end(msg, hdr);
14926 
14927 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14928 				NL80211_MCGRP_MLME, gfp);
14929 	return;
14930 
14931  nla_put_failure:
14932 	nlmsg_free(msg);
14933 }
14934 
14935 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
14936 				       struct sta_opmode_info *sta_opmode,
14937 				       gfp_t gfp)
14938 {
14939 	struct sk_buff *msg;
14940 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14941 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14942 	void *hdr;
14943 
14944 	if (WARN_ON(!mac))
14945 		return;
14946 
14947 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14948 	if (!msg)
14949 		return;
14950 
14951 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
14952 	if (!hdr) {
14953 		nlmsg_free(msg);
14954 		return;
14955 	}
14956 
14957 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
14958 		goto nla_put_failure;
14959 
14960 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
14961 		goto nla_put_failure;
14962 
14963 	if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
14964 		goto nla_put_failure;
14965 
14966 	if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
14967 	    nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
14968 		goto nla_put_failure;
14969 
14970 	if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
14971 	    nla_put_u8(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
14972 		goto nla_put_failure;
14973 
14974 	if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
14975 	    nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
14976 		goto nla_put_failure;
14977 
14978 	genlmsg_end(msg, hdr);
14979 
14980 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14981 				NL80211_MCGRP_MLME, gfp);
14982 
14983 	return;
14984 
14985 nla_put_failure:
14986 	nlmsg_free(msg);
14987 }
14988 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
14989 
14990 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
14991 			   u64 cookie, bool acked, s32 ack_signal,
14992 			   bool is_valid_ack_signal, gfp_t gfp)
14993 {
14994 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14995 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14996 	struct sk_buff *msg;
14997 	void *hdr;
14998 
14999 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
15000 
15001 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15002 
15003 	if (!msg)
15004 		return;
15005 
15006 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
15007 	if (!hdr) {
15008 		nlmsg_free(msg);
15009 		return;
15010 	}
15011 
15012 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15013 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15014 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15015 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15016 			      NL80211_ATTR_PAD) ||
15017 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
15018 	    (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
15019 						ack_signal)))
15020 		goto nla_put_failure;
15021 
15022 	genlmsg_end(msg, hdr);
15023 
15024 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15025 				NL80211_MCGRP_MLME, gfp);
15026 	return;
15027 
15028  nla_put_failure:
15029 	nlmsg_free(msg);
15030 }
15031 EXPORT_SYMBOL(cfg80211_probe_status);
15032 
15033 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
15034 				 const u8 *frame, size_t len,
15035 				 int freq, int sig_dbm)
15036 {
15037 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15038 	struct sk_buff *msg;
15039 	void *hdr;
15040 	struct cfg80211_beacon_registration *reg;
15041 
15042 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
15043 
15044 	spin_lock_bh(&rdev->beacon_registrations_lock);
15045 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
15046 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
15047 		if (!msg) {
15048 			spin_unlock_bh(&rdev->beacon_registrations_lock);
15049 			return;
15050 		}
15051 
15052 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
15053 		if (!hdr)
15054 			goto nla_put_failure;
15055 
15056 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15057 		    (freq &&
15058 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
15059 		    (sig_dbm &&
15060 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
15061 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
15062 			goto nla_put_failure;
15063 
15064 		genlmsg_end(msg, hdr);
15065 
15066 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
15067 	}
15068 	spin_unlock_bh(&rdev->beacon_registrations_lock);
15069 	return;
15070 
15071  nla_put_failure:
15072 	spin_unlock_bh(&rdev->beacon_registrations_lock);
15073 	nlmsg_free(msg);
15074 }
15075 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
15076 
15077 #ifdef CONFIG_PM
15078 static int cfg80211_net_detect_results(struct sk_buff *msg,
15079 				       struct cfg80211_wowlan_wakeup *wakeup)
15080 {
15081 	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
15082 	struct nlattr *nl_results, *nl_match, *nl_freqs;
15083 	int i, j;
15084 
15085 	nl_results = nla_nest_start(
15086 		msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
15087 	if (!nl_results)
15088 		return -EMSGSIZE;
15089 
15090 	for (i = 0; i < nd->n_matches; i++) {
15091 		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
15092 
15093 		nl_match = nla_nest_start(msg, i);
15094 		if (!nl_match)
15095 			break;
15096 
15097 		/* The SSID attribute is optional in nl80211, but for
15098 		 * simplicity reasons it's always present in the
15099 		 * cfg80211 structure.  If a driver can't pass the
15100 		 * SSID, that needs to be changed.  A zero length SSID
15101 		 * is still a valid SSID (wildcard), so it cannot be
15102 		 * used for this purpose.
15103 		 */
15104 		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
15105 			    match->ssid.ssid)) {
15106 			nla_nest_cancel(msg, nl_match);
15107 			goto out;
15108 		}
15109 
15110 		if (match->n_channels) {
15111 			nl_freqs = nla_nest_start(
15112 				msg, NL80211_ATTR_SCAN_FREQUENCIES);
15113 			if (!nl_freqs) {
15114 				nla_nest_cancel(msg, nl_match);
15115 				goto out;
15116 			}
15117 
15118 			for (j = 0; j < match->n_channels; j++) {
15119 				if (nla_put_u32(msg, j, match->channels[j])) {
15120 					nla_nest_cancel(msg, nl_freqs);
15121 					nla_nest_cancel(msg, nl_match);
15122 					goto out;
15123 				}
15124 			}
15125 
15126 			nla_nest_end(msg, nl_freqs);
15127 		}
15128 
15129 		nla_nest_end(msg, nl_match);
15130 	}
15131 
15132 out:
15133 	nla_nest_end(msg, nl_results);
15134 	return 0;
15135 }
15136 
15137 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
15138 				   struct cfg80211_wowlan_wakeup *wakeup,
15139 				   gfp_t gfp)
15140 {
15141 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15142 	struct sk_buff *msg;
15143 	void *hdr;
15144 	int size = 200;
15145 
15146 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
15147 
15148 	if (wakeup)
15149 		size += wakeup->packet_present_len;
15150 
15151 	msg = nlmsg_new(size, gfp);
15152 	if (!msg)
15153 		return;
15154 
15155 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
15156 	if (!hdr)
15157 		goto free_msg;
15158 
15159 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15160 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15161 			      NL80211_ATTR_PAD))
15162 		goto free_msg;
15163 
15164 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15165 					wdev->netdev->ifindex))
15166 		goto free_msg;
15167 
15168 	if (wakeup) {
15169 		struct nlattr *reasons;
15170 
15171 		reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
15172 		if (!reasons)
15173 			goto free_msg;
15174 
15175 		if (wakeup->disconnect &&
15176 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
15177 			goto free_msg;
15178 		if (wakeup->magic_pkt &&
15179 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
15180 			goto free_msg;
15181 		if (wakeup->gtk_rekey_failure &&
15182 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
15183 			goto free_msg;
15184 		if (wakeup->eap_identity_req &&
15185 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
15186 			goto free_msg;
15187 		if (wakeup->four_way_handshake &&
15188 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
15189 			goto free_msg;
15190 		if (wakeup->rfkill_release &&
15191 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
15192 			goto free_msg;
15193 
15194 		if (wakeup->pattern_idx >= 0 &&
15195 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
15196 				wakeup->pattern_idx))
15197 			goto free_msg;
15198 
15199 		if (wakeup->tcp_match &&
15200 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
15201 			goto free_msg;
15202 
15203 		if (wakeup->tcp_connlost &&
15204 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
15205 			goto free_msg;
15206 
15207 		if (wakeup->tcp_nomoretokens &&
15208 		    nla_put_flag(msg,
15209 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
15210 			goto free_msg;
15211 
15212 		if (wakeup->packet) {
15213 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
15214 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
15215 
15216 			if (!wakeup->packet_80211) {
15217 				pkt_attr =
15218 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
15219 				len_attr =
15220 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
15221 			}
15222 
15223 			if (wakeup->packet_len &&
15224 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
15225 				goto free_msg;
15226 
15227 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
15228 				    wakeup->packet))
15229 				goto free_msg;
15230 		}
15231 
15232 		if (wakeup->net_detect &&
15233 		    cfg80211_net_detect_results(msg, wakeup))
15234 				goto free_msg;
15235 
15236 		nla_nest_end(msg, reasons);
15237 	}
15238 
15239 	genlmsg_end(msg, hdr);
15240 
15241 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15242 				NL80211_MCGRP_MLME, gfp);
15243 	return;
15244 
15245  free_msg:
15246 	nlmsg_free(msg);
15247 }
15248 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
15249 #endif
15250 
15251 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
15252 				enum nl80211_tdls_operation oper,
15253 				u16 reason_code, gfp_t gfp)
15254 {
15255 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15256 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15257 	struct sk_buff *msg;
15258 	void *hdr;
15259 
15260 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
15261 					 reason_code);
15262 
15263 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15264 	if (!msg)
15265 		return;
15266 
15267 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
15268 	if (!hdr) {
15269 		nlmsg_free(msg);
15270 		return;
15271 	}
15272 
15273 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15274 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15275 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
15276 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
15277 	    (reason_code > 0 &&
15278 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
15279 		goto nla_put_failure;
15280 
15281 	genlmsg_end(msg, hdr);
15282 
15283 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15284 				NL80211_MCGRP_MLME, gfp);
15285 	return;
15286 
15287  nla_put_failure:
15288 	nlmsg_free(msg);
15289 }
15290 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
15291 
15292 static int nl80211_netlink_notify(struct notifier_block * nb,
15293 				  unsigned long state,
15294 				  void *_notify)
15295 {
15296 	struct netlink_notify *notify = _notify;
15297 	struct cfg80211_registered_device *rdev;
15298 	struct wireless_dev *wdev;
15299 	struct cfg80211_beacon_registration *reg, *tmp;
15300 
15301 	if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
15302 		return NOTIFY_DONE;
15303 
15304 	rcu_read_lock();
15305 
15306 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
15307 		struct cfg80211_sched_scan_request *sched_scan_req;
15308 
15309 		list_for_each_entry_rcu(sched_scan_req,
15310 					&rdev->sched_scan_req_list,
15311 					list) {
15312 			if (sched_scan_req->owner_nlportid == notify->portid) {
15313 				sched_scan_req->nl_owner_dead = true;
15314 				schedule_work(&rdev->sched_scan_stop_wk);
15315 			}
15316 		}
15317 
15318 		list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
15319 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
15320 
15321 			if (wdev->owner_nlportid == notify->portid) {
15322 				wdev->nl_owner_dead = true;
15323 				schedule_work(&rdev->destroy_work);
15324 			} else if (wdev->conn_owner_nlportid == notify->portid) {
15325 				schedule_work(&wdev->disconnect_wk);
15326 			}
15327 		}
15328 
15329 		spin_lock_bh(&rdev->beacon_registrations_lock);
15330 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
15331 					 list) {
15332 			if (reg->nlportid == notify->portid) {
15333 				list_del(&reg->list);
15334 				kfree(reg);
15335 				break;
15336 			}
15337 		}
15338 		spin_unlock_bh(&rdev->beacon_registrations_lock);
15339 	}
15340 
15341 	rcu_read_unlock();
15342 
15343 	/*
15344 	 * It is possible that the user space process that is controlling the
15345 	 * indoor setting disappeared, so notify the regulatory core.
15346 	 */
15347 	regulatory_netlink_notify(notify->portid);
15348 	return NOTIFY_OK;
15349 }
15350 
15351 static struct notifier_block nl80211_netlink_notifier = {
15352 	.notifier_call = nl80211_netlink_notify,
15353 };
15354 
15355 void cfg80211_ft_event(struct net_device *netdev,
15356 		       struct cfg80211_ft_event_params *ft_event)
15357 {
15358 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
15359 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15360 	struct sk_buff *msg;
15361 	void *hdr;
15362 
15363 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
15364 
15365 	if (!ft_event->target_ap)
15366 		return;
15367 
15368 	msg = nlmsg_new(100 + ft_event->ric_ies_len, GFP_KERNEL);
15369 	if (!msg)
15370 		return;
15371 
15372 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
15373 	if (!hdr)
15374 		goto out;
15375 
15376 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15377 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15378 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
15379 		goto out;
15380 
15381 	if (ft_event->ies &&
15382 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
15383 		goto out;
15384 	if (ft_event->ric_ies &&
15385 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
15386 		    ft_event->ric_ies))
15387 		goto out;
15388 
15389 	genlmsg_end(msg, hdr);
15390 
15391 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15392 				NL80211_MCGRP_MLME, GFP_KERNEL);
15393 	return;
15394  out:
15395 	nlmsg_free(msg);
15396 }
15397 EXPORT_SYMBOL(cfg80211_ft_event);
15398 
15399 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
15400 {
15401 	struct cfg80211_registered_device *rdev;
15402 	struct sk_buff *msg;
15403 	void *hdr;
15404 	u32 nlportid;
15405 
15406 	rdev = wiphy_to_rdev(wdev->wiphy);
15407 	if (!rdev->crit_proto_nlportid)
15408 		return;
15409 
15410 	nlportid = rdev->crit_proto_nlportid;
15411 	rdev->crit_proto_nlportid = 0;
15412 
15413 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15414 	if (!msg)
15415 		return;
15416 
15417 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
15418 	if (!hdr)
15419 		goto nla_put_failure;
15420 
15421 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15422 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15423 			      NL80211_ATTR_PAD))
15424 		goto nla_put_failure;
15425 
15426 	genlmsg_end(msg, hdr);
15427 
15428 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15429 	return;
15430 
15431  nla_put_failure:
15432 	nlmsg_free(msg);
15433 }
15434 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
15435 
15436 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
15437 {
15438 	struct wiphy *wiphy = wdev->wiphy;
15439 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15440 	struct sk_buff *msg;
15441 	void *hdr;
15442 
15443 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15444 	if (!msg)
15445 		return;
15446 
15447 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
15448 	if (!hdr)
15449 		goto out;
15450 
15451 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15452 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
15453 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15454 			      NL80211_ATTR_PAD))
15455 		goto out;
15456 
15457 	genlmsg_end(msg, hdr);
15458 
15459 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
15460 				NL80211_MCGRP_MLME, GFP_KERNEL);
15461 	return;
15462  out:
15463 	nlmsg_free(msg);
15464 }
15465 
15466 int cfg80211_external_auth_request(struct net_device *dev,
15467 				   struct cfg80211_external_auth_params *params,
15468 				   gfp_t gfp)
15469 {
15470 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15471 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15472 	struct sk_buff *msg;
15473 	void *hdr;
15474 
15475 	if (!wdev->conn_owner_nlportid)
15476 		return -EINVAL;
15477 
15478 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15479 	if (!msg)
15480 		return -ENOMEM;
15481 
15482 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
15483 	if (!hdr)
15484 		goto nla_put_failure;
15485 
15486 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15487 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15488 	    nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
15489 	    nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
15490 			params->action) ||
15491 	    nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
15492 	    nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
15493 		    params->ssid.ssid))
15494 		goto nla_put_failure;
15495 
15496 	genlmsg_end(msg, hdr);
15497 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
15498 			wdev->conn_owner_nlportid);
15499 	return 0;
15500 
15501  nla_put_failure:
15502 	nlmsg_free(msg);
15503 	return -ENOBUFS;
15504 }
15505 EXPORT_SYMBOL(cfg80211_external_auth_request);
15506 
15507 /* initialisation/exit functions */
15508 
15509 int __init nl80211_init(void)
15510 {
15511 	int err;
15512 
15513 	err = genl_register_family(&nl80211_fam);
15514 	if (err)
15515 		return err;
15516 
15517 	err = netlink_register_notifier(&nl80211_netlink_notifier);
15518 	if (err)
15519 		goto err_out;
15520 
15521 	return 0;
15522  err_out:
15523 	genl_unregister_family(&nl80211_fam);
15524 	return err;
15525 }
15526 
15527 void nl80211_exit(void)
15528 {
15529 	netlink_unregister_notifier(&nl80211_netlink_notifier);
15530 	genl_unregister_family(&nl80211_fam);
15531 }
15532