xref: /linux/net/wireless/nl80211.c (revision df68a01014fd5dea890349321787ca08a5377f0b) 
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  */
6 
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include <net/inet_connection_sock.h>
23 #include "core.h"
24 #include "nl80211.h"
25 #include "reg.h"
26 #include "rdev-ops.h"
27 
28 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
29 				   struct genl_info *info,
30 				   struct cfg80211_crypto_settings *settings,
31 				   int cipher_limit);
32 
33 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
34 			    struct genl_info *info);
35 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
36 			      struct genl_info *info);
37 
38 /* the netlink family */
39 static struct genl_family nl80211_fam = {
40 	.id = GENL_ID_GENERATE,		/* don't bother with a hardcoded ID */
41 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
42 	.hdrsize = 0,			/* no private header */
43 	.version = 1,			/* no particular meaning now */
44 	.maxattr = NL80211_ATTR_MAX,
45 	.netnsok = true,
46 	.pre_doit = nl80211_pre_doit,
47 	.post_doit = nl80211_post_doit,
48 };
49 
50 /* multicast groups */
51 enum nl80211_multicast_groups {
52 	NL80211_MCGRP_CONFIG,
53 	NL80211_MCGRP_SCAN,
54 	NL80211_MCGRP_REGULATORY,
55 	NL80211_MCGRP_MLME,
56 	NL80211_MCGRP_VENDOR,
57 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
58 };
59 
60 static const struct genl_multicast_group nl80211_mcgrps[] = {
61 	[NL80211_MCGRP_CONFIG] = { .name = "config", },
62 	[NL80211_MCGRP_SCAN] = { .name = "scan", },
63 	[NL80211_MCGRP_REGULATORY] = { .name = "regulatory", },
64 	[NL80211_MCGRP_MLME] = { .name = "mlme", },
65 	[NL80211_MCGRP_VENDOR] = { .name = "vendor", },
66 #ifdef CONFIG_NL80211_TESTMODE
67 	[NL80211_MCGRP_TESTMODE] = { .name = "testmode", }
68 #endif
69 };
70 
71 /* returns ERR_PTR values */
72 static struct wireless_dev *
73 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
74 {
75 	struct cfg80211_registered_device *rdev;
76 	struct wireless_dev *result = NULL;
77 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
78 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
79 	u64 wdev_id;
80 	int wiphy_idx = -1;
81 	int ifidx = -1;
82 
83 	ASSERT_RTNL();
84 
85 	if (!have_ifidx && !have_wdev_id)
86 		return ERR_PTR(-EINVAL);
87 
88 	if (have_ifidx)
89 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
90 	if (have_wdev_id) {
91 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
92 		wiphy_idx = wdev_id >> 32;
93 	}
94 
95 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
96 		struct wireless_dev *wdev;
97 
98 		if (wiphy_net(&rdev->wiphy) != netns)
99 			continue;
100 
101 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
102 			continue;
103 
104 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
105 			if (have_ifidx && wdev->netdev &&
106 			    wdev->netdev->ifindex == ifidx) {
107 				result = wdev;
108 				break;
109 			}
110 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
111 				result = wdev;
112 				break;
113 			}
114 		}
115 
116 		if (result)
117 			break;
118 	}
119 
120 	if (result)
121 		return result;
122 	return ERR_PTR(-ENODEV);
123 }
124 
125 static struct cfg80211_registered_device *
126 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
127 {
128 	struct cfg80211_registered_device *rdev = NULL, *tmp;
129 	struct net_device *netdev;
130 
131 	ASSERT_RTNL();
132 
133 	if (!attrs[NL80211_ATTR_WIPHY] &&
134 	    !attrs[NL80211_ATTR_IFINDEX] &&
135 	    !attrs[NL80211_ATTR_WDEV])
136 		return ERR_PTR(-EINVAL);
137 
138 	if (attrs[NL80211_ATTR_WIPHY])
139 		rdev = cfg80211_rdev_by_wiphy_idx(
140 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
141 
142 	if (attrs[NL80211_ATTR_WDEV]) {
143 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
144 		struct wireless_dev *wdev;
145 		bool found = false;
146 
147 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
148 		if (tmp) {
149 			/* make sure wdev exists */
150 			list_for_each_entry(wdev, &tmp->wdev_list, list) {
151 				if (wdev->identifier != (u32)wdev_id)
152 					continue;
153 				found = true;
154 				break;
155 			}
156 
157 			if (!found)
158 				tmp = NULL;
159 
160 			if (rdev && tmp != rdev)
161 				return ERR_PTR(-EINVAL);
162 			rdev = tmp;
163 		}
164 	}
165 
166 	if (attrs[NL80211_ATTR_IFINDEX]) {
167 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
168 		netdev = __dev_get_by_index(netns, ifindex);
169 		if (netdev) {
170 			if (netdev->ieee80211_ptr)
171 				tmp = wiphy_to_rdev(
172 					netdev->ieee80211_ptr->wiphy);
173 			else
174 				tmp = NULL;
175 
176 			/* not wireless device -- return error */
177 			if (!tmp)
178 				return ERR_PTR(-EINVAL);
179 
180 			/* mismatch -- return error */
181 			if (rdev && tmp != rdev)
182 				return ERR_PTR(-EINVAL);
183 
184 			rdev = tmp;
185 		}
186 	}
187 
188 	if (!rdev)
189 		return ERR_PTR(-ENODEV);
190 
191 	if (netns != wiphy_net(&rdev->wiphy))
192 		return ERR_PTR(-ENODEV);
193 
194 	return rdev;
195 }
196 
197 /*
198  * This function returns a pointer to the driver
199  * that the genl_info item that is passed refers to.
200  *
201  * The result of this can be a PTR_ERR and hence must
202  * be checked with IS_ERR() for errors.
203  */
204 static struct cfg80211_registered_device *
205 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
206 {
207 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
208 }
209 
210 /* policy for the attributes */
211 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
212 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
213 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
214 				      .len = 20-1 },
215 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
216 
217 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
218 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
219 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
220 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
221 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
222 
223 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
224 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
225 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
226 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
227 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
228 
229 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
230 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
231 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
232 
233 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
234 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
235 
236 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
237 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
238 				    .len = WLAN_MAX_KEY_LEN },
239 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
240 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
241 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
242 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
243 	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
244 
245 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
246 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
247 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
248 				       .len = IEEE80211_MAX_DATA_LEN },
249 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
250 				       .len = IEEE80211_MAX_DATA_LEN },
251 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
252 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
253 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
254 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
255 					       .len = NL80211_MAX_SUPP_RATES },
256 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
257 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
258 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
259 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
260 				   .len = IEEE80211_MAX_MESH_ID_LEN },
261 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
262 
263 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
264 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
265 
266 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
267 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
268 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
269 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
270 					   .len = NL80211_MAX_SUPP_RATES },
271 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
272 
273 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
274 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
275 
276 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
277 
278 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
279 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
280 			      .len = IEEE80211_MAX_DATA_LEN },
281 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
282 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
283 
284 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
285 				.len = IEEE80211_MAX_SSID_LEN },
286 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
287 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
288 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
289 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
290 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
291 	[NL80211_ATTR_STA_FLAGS2] = {
292 		.len = sizeof(struct nl80211_sta_flag_update),
293 	},
294 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
295 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
296 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
297 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
298 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
299 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
300 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
301 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
302 	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
303 				 .len = WLAN_PMKID_LEN },
304 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
305 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
306 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
307 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
308 				 .len = IEEE80211_MAX_DATA_LEN },
309 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
310 	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
311 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
312 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
313 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
314 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
315 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
316 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
317 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
318 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
319 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
320 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
321 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
322 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
323 	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
324 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
325 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
326 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
327 	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
328 	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
329 					 .len = IEEE80211_MAX_DATA_LEN },
330 	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
331 					 .len = IEEE80211_MAX_DATA_LEN },
332 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
333 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
334 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
335 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
336 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
337 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
338 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
339 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
340 	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
341 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
342 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
343 				      .len = IEEE80211_MAX_DATA_LEN },
344 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
345 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
346 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
347 		.len = NL80211_HT_CAPABILITY_LEN
348 	},
349 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
350 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
351 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
352 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
353 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
354 	[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
355 	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
356 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
357 	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
358 	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
359 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
360 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
361 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
362 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
363 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
364 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
365 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
366 		.len = NL80211_VHT_CAPABILITY_LEN,
367 	},
368 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
369 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
370 				  .len = IEEE80211_MAX_DATA_LEN },
371 	[NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
372 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
373 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
374 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
375 	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
376 	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
377 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
378 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
379 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
380 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
381 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
382 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
383 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
384 	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
385 				   .len = IEEE80211_QOS_MAP_LEN_MAX },
386 	[NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
387 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
388 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
389 	[NL80211_ATTR_IFACE_SOCKET_OWNER] = { .type = NLA_FLAG },
390 	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
391 };
392 
393 /* policy for the key attributes */
394 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
395 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
396 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
397 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
398 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
399 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
400 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
401 	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
402 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
403 };
404 
405 /* policy for the key default flags */
406 static const struct nla_policy
407 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
408 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
409 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
410 };
411 
412 /* policy for WoWLAN attributes */
413 static const struct nla_policy
414 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
415 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
416 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
417 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
418 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
419 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
420 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
421 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
422 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
423 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
424 };
425 
426 static const struct nla_policy
427 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
428 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
429 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
430 	[NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
431 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
432 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
433 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
434 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
435 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
436 	},
437 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
438 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
439 	},
440 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
441 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
442 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
443 };
444 
445 /* policy for coalesce rule attributes */
446 static const struct nla_policy
447 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
448 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
449 	[NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
450 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
451 };
452 
453 /* policy for GTK rekey offload attributes */
454 static const struct nla_policy
455 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
456 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
457 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
458 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
459 };
460 
461 static const struct nla_policy
462 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
463 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
464 						 .len = IEEE80211_MAX_SSID_LEN },
465 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
466 };
467 
468 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
469 				     struct netlink_callback *cb,
470 				     struct cfg80211_registered_device **rdev,
471 				     struct wireless_dev **wdev)
472 {
473 	int err;
474 
475 	rtnl_lock();
476 
477 	if (!cb->args[0]) {
478 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
479 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
480 				  nl80211_policy);
481 		if (err)
482 			goto out_unlock;
483 
484 		*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
485 						   nl80211_fam.attrbuf);
486 		if (IS_ERR(*wdev)) {
487 			err = PTR_ERR(*wdev);
488 			goto out_unlock;
489 		}
490 		*rdev = wiphy_to_rdev((*wdev)->wiphy);
491 		/* 0 is the first index - add 1 to parse only once */
492 		cb->args[0] = (*rdev)->wiphy_idx + 1;
493 		cb->args[1] = (*wdev)->identifier;
494 	} else {
495 		/* subtract the 1 again here */
496 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
497 		struct wireless_dev *tmp;
498 
499 		if (!wiphy) {
500 			err = -ENODEV;
501 			goto out_unlock;
502 		}
503 		*rdev = wiphy_to_rdev(wiphy);
504 		*wdev = NULL;
505 
506 		list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
507 			if (tmp->identifier == cb->args[1]) {
508 				*wdev = tmp;
509 				break;
510 			}
511 		}
512 
513 		if (!*wdev) {
514 			err = -ENODEV;
515 			goto out_unlock;
516 		}
517 	}
518 
519 	return 0;
520  out_unlock:
521 	rtnl_unlock();
522 	return err;
523 }
524 
525 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
526 {
527 	rtnl_unlock();
528 }
529 
530 /* IE validation */
531 static bool is_valid_ie_attr(const struct nlattr *attr)
532 {
533 	const u8 *pos;
534 	int len;
535 
536 	if (!attr)
537 		return true;
538 
539 	pos = nla_data(attr);
540 	len = nla_len(attr);
541 
542 	while (len) {
543 		u8 elemlen;
544 
545 		if (len < 2)
546 			return false;
547 		len -= 2;
548 
549 		elemlen = pos[1];
550 		if (elemlen > len)
551 			return false;
552 
553 		len -= elemlen;
554 		pos += 2 + elemlen;
555 	}
556 
557 	return true;
558 }
559 
560 /* message building helper */
561 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
562 				   int flags, u8 cmd)
563 {
564 	/* since there is no private header just add the generic one */
565 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
566 }
567 
568 static int nl80211_msg_put_channel(struct sk_buff *msg,
569 				   struct ieee80211_channel *chan,
570 				   bool large)
571 {
572 	/* Some channels must be completely excluded from the
573 	 * list to protect old user-space tools from breaking
574 	 */
575 	if (!large && chan->flags &
576 	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
577 		return 0;
578 
579 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
580 			chan->center_freq))
581 		goto nla_put_failure;
582 
583 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
584 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
585 		goto nla_put_failure;
586 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
587 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
588 			goto nla_put_failure;
589 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
590 			goto nla_put_failure;
591 	}
592 	if (chan->flags & IEEE80211_CHAN_RADAR) {
593 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
594 			goto nla_put_failure;
595 		if (large) {
596 			u32 time;
597 
598 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
599 
600 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
601 					chan->dfs_state))
602 				goto nla_put_failure;
603 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
604 					time))
605 				goto nla_put_failure;
606 			if (nla_put_u32(msg,
607 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
608 					chan->dfs_cac_ms))
609 				goto nla_put_failure;
610 		}
611 	}
612 
613 	if (large) {
614 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
615 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
616 			goto nla_put_failure;
617 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
618 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
619 			goto nla_put_failure;
620 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
621 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
622 			goto nla_put_failure;
623 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
624 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
625 			goto nla_put_failure;
626 		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
627 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
628 			goto nla_put_failure;
629 		if ((chan->flags & IEEE80211_CHAN_GO_CONCURRENT) &&
630 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_GO_CONCURRENT))
631 			goto nla_put_failure;
632 		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
633 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
634 			goto nla_put_failure;
635 		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
636 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
637 			goto nla_put_failure;
638 	}
639 
640 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
641 			DBM_TO_MBM(chan->max_power)))
642 		goto nla_put_failure;
643 
644 	return 0;
645 
646  nla_put_failure:
647 	return -ENOBUFS;
648 }
649 
650 /* netlink command implementations */
651 
652 struct key_parse {
653 	struct key_params p;
654 	int idx;
655 	int type;
656 	bool def, defmgmt;
657 	bool def_uni, def_multi;
658 };
659 
660 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
661 {
662 	struct nlattr *tb[NL80211_KEY_MAX + 1];
663 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
664 				   nl80211_key_policy);
665 	if (err)
666 		return err;
667 
668 	k->def = !!tb[NL80211_KEY_DEFAULT];
669 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
670 
671 	if (k->def) {
672 		k->def_uni = true;
673 		k->def_multi = true;
674 	}
675 	if (k->defmgmt)
676 		k->def_multi = true;
677 
678 	if (tb[NL80211_KEY_IDX])
679 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
680 
681 	if (tb[NL80211_KEY_DATA]) {
682 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
683 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
684 	}
685 
686 	if (tb[NL80211_KEY_SEQ]) {
687 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
688 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
689 	}
690 
691 	if (tb[NL80211_KEY_CIPHER])
692 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
693 
694 	if (tb[NL80211_KEY_TYPE]) {
695 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
696 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
697 			return -EINVAL;
698 	}
699 
700 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
701 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
702 		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
703 				       tb[NL80211_KEY_DEFAULT_TYPES],
704 				       nl80211_key_default_policy);
705 		if (err)
706 			return err;
707 
708 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
709 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
710 	}
711 
712 	return 0;
713 }
714 
715 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
716 {
717 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
718 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
719 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
720 	}
721 
722 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
723 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
724 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
725 	}
726 
727 	if (info->attrs[NL80211_ATTR_KEY_IDX])
728 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
729 
730 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
731 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
732 
733 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
734 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
735 
736 	if (k->def) {
737 		k->def_uni = true;
738 		k->def_multi = true;
739 	}
740 	if (k->defmgmt)
741 		k->def_multi = true;
742 
743 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
744 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
745 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
746 			return -EINVAL;
747 	}
748 
749 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
750 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
751 		int err = nla_parse_nested(
752 				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
753 				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
754 				nl80211_key_default_policy);
755 		if (err)
756 			return err;
757 
758 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
759 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
760 	}
761 
762 	return 0;
763 }
764 
765 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
766 {
767 	int err;
768 
769 	memset(k, 0, sizeof(*k));
770 	k->idx = -1;
771 	k->type = -1;
772 
773 	if (info->attrs[NL80211_ATTR_KEY])
774 		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
775 	else
776 		err = nl80211_parse_key_old(info, k);
777 
778 	if (err)
779 		return err;
780 
781 	if (k->def && k->defmgmt)
782 		return -EINVAL;
783 
784 	if (k->defmgmt) {
785 		if (k->def_uni || !k->def_multi)
786 			return -EINVAL;
787 	}
788 
789 	if (k->idx != -1) {
790 		if (k->defmgmt) {
791 			if (k->idx < 4 || k->idx > 5)
792 				return -EINVAL;
793 		} else if (k->def) {
794 			if (k->idx < 0 || k->idx > 3)
795 				return -EINVAL;
796 		} else {
797 			if (k->idx < 0 || k->idx > 5)
798 				return -EINVAL;
799 		}
800 	}
801 
802 	return 0;
803 }
804 
805 static struct cfg80211_cached_keys *
806 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
807 		       struct nlattr *keys, bool *no_ht)
808 {
809 	struct key_parse parse;
810 	struct nlattr *key;
811 	struct cfg80211_cached_keys *result;
812 	int rem, err, def = 0;
813 
814 	result = kzalloc(sizeof(*result), GFP_KERNEL);
815 	if (!result)
816 		return ERR_PTR(-ENOMEM);
817 
818 	result->def = -1;
819 	result->defmgmt = -1;
820 
821 	nla_for_each_nested(key, keys, rem) {
822 		memset(&parse, 0, sizeof(parse));
823 		parse.idx = -1;
824 
825 		err = nl80211_parse_key_new(key, &parse);
826 		if (err)
827 			goto error;
828 		err = -EINVAL;
829 		if (!parse.p.key)
830 			goto error;
831 		if (parse.idx < 0 || parse.idx > 4)
832 			goto error;
833 		if (parse.def) {
834 			if (def)
835 				goto error;
836 			def = 1;
837 			result->def = parse.idx;
838 			if (!parse.def_uni || !parse.def_multi)
839 				goto error;
840 		} else if (parse.defmgmt)
841 			goto error;
842 		err = cfg80211_validate_key_settings(rdev, &parse.p,
843 						     parse.idx, false, NULL);
844 		if (err)
845 			goto error;
846 		result->params[parse.idx].cipher = parse.p.cipher;
847 		result->params[parse.idx].key_len = parse.p.key_len;
848 		result->params[parse.idx].key = result->data[parse.idx];
849 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
850 
851 		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
852 		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
853 			if (no_ht)
854 				*no_ht = true;
855 		}
856 	}
857 
858 	return result;
859  error:
860 	kfree(result);
861 	return ERR_PTR(err);
862 }
863 
864 static int nl80211_key_allowed(struct wireless_dev *wdev)
865 {
866 	ASSERT_WDEV_LOCK(wdev);
867 
868 	switch (wdev->iftype) {
869 	case NL80211_IFTYPE_AP:
870 	case NL80211_IFTYPE_AP_VLAN:
871 	case NL80211_IFTYPE_P2P_GO:
872 	case NL80211_IFTYPE_MESH_POINT:
873 		break;
874 	case NL80211_IFTYPE_ADHOC:
875 	case NL80211_IFTYPE_STATION:
876 	case NL80211_IFTYPE_P2P_CLIENT:
877 		if (!wdev->current_bss)
878 			return -ENOLINK;
879 		break;
880 	default:
881 		return -EINVAL;
882 	}
883 
884 	return 0;
885 }
886 
887 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
888 							struct nlattr *tb)
889 {
890 	struct ieee80211_channel *chan;
891 
892 	if (tb == NULL)
893 		return NULL;
894 	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
895 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
896 		return NULL;
897 	return chan;
898 }
899 
900 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
901 {
902 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
903 	int i;
904 
905 	if (!nl_modes)
906 		goto nla_put_failure;
907 
908 	i = 0;
909 	while (ifmodes) {
910 		if ((ifmodes & 1) && nla_put_flag(msg, i))
911 			goto nla_put_failure;
912 		ifmodes >>= 1;
913 		i++;
914 	}
915 
916 	nla_nest_end(msg, nl_modes);
917 	return 0;
918 
919 nla_put_failure:
920 	return -ENOBUFS;
921 }
922 
923 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
924 					  struct sk_buff *msg,
925 					  bool large)
926 {
927 	struct nlattr *nl_combis;
928 	int i, j;
929 
930 	nl_combis = nla_nest_start(msg,
931 				NL80211_ATTR_INTERFACE_COMBINATIONS);
932 	if (!nl_combis)
933 		goto nla_put_failure;
934 
935 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
936 		const struct ieee80211_iface_combination *c;
937 		struct nlattr *nl_combi, *nl_limits;
938 
939 		c = &wiphy->iface_combinations[i];
940 
941 		nl_combi = nla_nest_start(msg, i + 1);
942 		if (!nl_combi)
943 			goto nla_put_failure;
944 
945 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
946 		if (!nl_limits)
947 			goto nla_put_failure;
948 
949 		for (j = 0; j < c->n_limits; j++) {
950 			struct nlattr *nl_limit;
951 
952 			nl_limit = nla_nest_start(msg, j + 1);
953 			if (!nl_limit)
954 				goto nla_put_failure;
955 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
956 					c->limits[j].max))
957 				goto nla_put_failure;
958 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
959 						c->limits[j].types))
960 				goto nla_put_failure;
961 			nla_nest_end(msg, nl_limit);
962 		}
963 
964 		nla_nest_end(msg, nl_limits);
965 
966 		if (c->beacon_int_infra_match &&
967 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
968 			goto nla_put_failure;
969 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
970 				c->num_different_channels) ||
971 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
972 				c->max_interfaces))
973 			goto nla_put_failure;
974 		if (large &&
975 		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
976 				c->radar_detect_widths) ||
977 		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
978 				c->radar_detect_regions)))
979 			goto nla_put_failure;
980 
981 		nla_nest_end(msg, nl_combi);
982 	}
983 
984 	nla_nest_end(msg, nl_combis);
985 
986 	return 0;
987 nla_put_failure:
988 	return -ENOBUFS;
989 }
990 
991 #ifdef CONFIG_PM
992 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
993 					struct sk_buff *msg)
994 {
995 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
996 	struct nlattr *nl_tcp;
997 
998 	if (!tcp)
999 		return 0;
1000 
1001 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1002 	if (!nl_tcp)
1003 		return -ENOBUFS;
1004 
1005 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1006 			tcp->data_payload_max))
1007 		return -ENOBUFS;
1008 
1009 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1010 			tcp->data_payload_max))
1011 		return -ENOBUFS;
1012 
1013 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1014 		return -ENOBUFS;
1015 
1016 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1017 				sizeof(*tcp->tok), tcp->tok))
1018 		return -ENOBUFS;
1019 
1020 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1021 			tcp->data_interval_max))
1022 		return -ENOBUFS;
1023 
1024 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1025 			tcp->wake_payload_max))
1026 		return -ENOBUFS;
1027 
1028 	nla_nest_end(msg, nl_tcp);
1029 	return 0;
1030 }
1031 
1032 static int nl80211_send_wowlan(struct sk_buff *msg,
1033 			       struct cfg80211_registered_device *rdev,
1034 			       bool large)
1035 {
1036 	struct nlattr *nl_wowlan;
1037 
1038 	if (!rdev->wiphy.wowlan)
1039 		return 0;
1040 
1041 	nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1042 	if (!nl_wowlan)
1043 		return -ENOBUFS;
1044 
1045 	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1046 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1047 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1048 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1049 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1050 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1051 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1052 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1053 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1054 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1055 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1056 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1057 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1058 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1059 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1060 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1061 		return -ENOBUFS;
1062 
1063 	if (rdev->wiphy.wowlan->n_patterns) {
1064 		struct nl80211_pattern_support pat = {
1065 			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1066 			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1067 			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1068 			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1069 		};
1070 
1071 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1072 			    sizeof(pat), &pat))
1073 			return -ENOBUFS;
1074 	}
1075 
1076 	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1077 		return -ENOBUFS;
1078 
1079 	nla_nest_end(msg, nl_wowlan);
1080 
1081 	return 0;
1082 }
1083 #endif
1084 
1085 static int nl80211_send_coalesce(struct sk_buff *msg,
1086 				 struct cfg80211_registered_device *rdev)
1087 {
1088 	struct nl80211_coalesce_rule_support rule;
1089 
1090 	if (!rdev->wiphy.coalesce)
1091 		return 0;
1092 
1093 	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1094 	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1095 	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1096 	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1097 	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1098 	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1099 
1100 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1101 		return -ENOBUFS;
1102 
1103 	return 0;
1104 }
1105 
1106 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1107 				      struct ieee80211_supported_band *sband)
1108 {
1109 	struct nlattr *nl_rates, *nl_rate;
1110 	struct ieee80211_rate *rate;
1111 	int i;
1112 
1113 	/* add HT info */
1114 	if (sband->ht_cap.ht_supported &&
1115 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1116 		     sizeof(sband->ht_cap.mcs),
1117 		     &sband->ht_cap.mcs) ||
1118 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1119 			 sband->ht_cap.cap) ||
1120 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1121 			sband->ht_cap.ampdu_factor) ||
1122 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1123 			sband->ht_cap.ampdu_density)))
1124 		return -ENOBUFS;
1125 
1126 	/* add VHT info */
1127 	if (sband->vht_cap.vht_supported &&
1128 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1129 		     sizeof(sband->vht_cap.vht_mcs),
1130 		     &sband->vht_cap.vht_mcs) ||
1131 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1132 			 sband->vht_cap.cap)))
1133 		return -ENOBUFS;
1134 
1135 	/* add bitrates */
1136 	nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1137 	if (!nl_rates)
1138 		return -ENOBUFS;
1139 
1140 	for (i = 0; i < sband->n_bitrates; i++) {
1141 		nl_rate = nla_nest_start(msg, i);
1142 		if (!nl_rate)
1143 			return -ENOBUFS;
1144 
1145 		rate = &sband->bitrates[i];
1146 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1147 				rate->bitrate))
1148 			return -ENOBUFS;
1149 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1150 		    nla_put_flag(msg,
1151 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1152 			return -ENOBUFS;
1153 
1154 		nla_nest_end(msg, nl_rate);
1155 	}
1156 
1157 	nla_nest_end(msg, nl_rates);
1158 
1159 	return 0;
1160 }
1161 
1162 static int
1163 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1164 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1165 {
1166 	u16 stypes;
1167 	struct nlattr *nl_ftypes, *nl_ifs;
1168 	enum nl80211_iftype ift;
1169 	int i;
1170 
1171 	if (!mgmt_stypes)
1172 		return 0;
1173 
1174 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1175 	if (!nl_ifs)
1176 		return -ENOBUFS;
1177 
1178 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1179 		nl_ftypes = nla_nest_start(msg, ift);
1180 		if (!nl_ftypes)
1181 			return -ENOBUFS;
1182 		i = 0;
1183 		stypes = mgmt_stypes[ift].tx;
1184 		while (stypes) {
1185 			if ((stypes & 1) &&
1186 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1187 					(i << 4) | IEEE80211_FTYPE_MGMT))
1188 				return -ENOBUFS;
1189 			stypes >>= 1;
1190 			i++;
1191 		}
1192 		nla_nest_end(msg, nl_ftypes);
1193 	}
1194 
1195 	nla_nest_end(msg, nl_ifs);
1196 
1197 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1198 	if (!nl_ifs)
1199 		return -ENOBUFS;
1200 
1201 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1202 		nl_ftypes = nla_nest_start(msg, ift);
1203 		if (!nl_ftypes)
1204 			return -ENOBUFS;
1205 		i = 0;
1206 		stypes = mgmt_stypes[ift].rx;
1207 		while (stypes) {
1208 			if ((stypes & 1) &&
1209 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1210 					(i << 4) | IEEE80211_FTYPE_MGMT))
1211 				return -ENOBUFS;
1212 			stypes >>= 1;
1213 			i++;
1214 		}
1215 		nla_nest_end(msg, nl_ftypes);
1216 	}
1217 	nla_nest_end(msg, nl_ifs);
1218 
1219 	return 0;
1220 }
1221 
1222 struct nl80211_dump_wiphy_state {
1223 	s64 filter_wiphy;
1224 	long start;
1225 	long split_start, band_start, chan_start;
1226 	bool split;
1227 };
1228 
1229 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1230 			      enum nl80211_commands cmd,
1231 			      struct sk_buff *msg, u32 portid, u32 seq,
1232 			      int flags, struct nl80211_dump_wiphy_state *state)
1233 {
1234 	void *hdr;
1235 	struct nlattr *nl_bands, *nl_band;
1236 	struct nlattr *nl_freqs, *nl_freq;
1237 	struct nlattr *nl_cmds;
1238 	enum ieee80211_band band;
1239 	struct ieee80211_channel *chan;
1240 	int i;
1241 	const struct ieee80211_txrx_stypes *mgmt_stypes =
1242 				rdev->wiphy.mgmt_stypes;
1243 	u32 features;
1244 
1245 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1246 	if (!hdr)
1247 		return -ENOBUFS;
1248 
1249 	if (WARN_ON(!state))
1250 		return -EINVAL;
1251 
1252 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1253 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1254 			   wiphy_name(&rdev->wiphy)) ||
1255 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1256 			cfg80211_rdev_list_generation))
1257 		goto nla_put_failure;
1258 
1259 	if (cmd != NL80211_CMD_NEW_WIPHY)
1260 		goto finish;
1261 
1262 	switch (state->split_start) {
1263 	case 0:
1264 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1265 			       rdev->wiphy.retry_short) ||
1266 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1267 			       rdev->wiphy.retry_long) ||
1268 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1269 				rdev->wiphy.frag_threshold) ||
1270 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1271 				rdev->wiphy.rts_threshold) ||
1272 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1273 			       rdev->wiphy.coverage_class) ||
1274 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1275 			       rdev->wiphy.max_scan_ssids) ||
1276 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1277 			       rdev->wiphy.max_sched_scan_ssids) ||
1278 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1279 				rdev->wiphy.max_scan_ie_len) ||
1280 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1281 				rdev->wiphy.max_sched_scan_ie_len) ||
1282 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1283 			       rdev->wiphy.max_match_sets))
1284 			goto nla_put_failure;
1285 
1286 		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1287 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1288 			goto nla_put_failure;
1289 		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1290 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1291 			goto nla_put_failure;
1292 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1293 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1294 			goto nla_put_failure;
1295 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1296 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1297 			goto nla_put_failure;
1298 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1299 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1300 			goto nla_put_failure;
1301 		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1302 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1303 			goto nla_put_failure;
1304 		state->split_start++;
1305 		if (state->split)
1306 			break;
1307 	case 1:
1308 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1309 			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
1310 			    rdev->wiphy.cipher_suites))
1311 			goto nla_put_failure;
1312 
1313 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1314 			       rdev->wiphy.max_num_pmkids))
1315 			goto nla_put_failure;
1316 
1317 		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1318 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1319 			goto nla_put_failure;
1320 
1321 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1322 				rdev->wiphy.available_antennas_tx) ||
1323 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1324 				rdev->wiphy.available_antennas_rx))
1325 			goto nla_put_failure;
1326 
1327 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1328 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1329 				rdev->wiphy.probe_resp_offload))
1330 			goto nla_put_failure;
1331 
1332 		if ((rdev->wiphy.available_antennas_tx ||
1333 		     rdev->wiphy.available_antennas_rx) &&
1334 		    rdev->ops->get_antenna) {
1335 			u32 tx_ant = 0, rx_ant = 0;
1336 			int res;
1337 			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1338 			if (!res) {
1339 				if (nla_put_u32(msg,
1340 						NL80211_ATTR_WIPHY_ANTENNA_TX,
1341 						tx_ant) ||
1342 				    nla_put_u32(msg,
1343 						NL80211_ATTR_WIPHY_ANTENNA_RX,
1344 						rx_ant))
1345 					goto nla_put_failure;
1346 			}
1347 		}
1348 
1349 		state->split_start++;
1350 		if (state->split)
1351 			break;
1352 	case 2:
1353 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1354 					rdev->wiphy.interface_modes))
1355 				goto nla_put_failure;
1356 		state->split_start++;
1357 		if (state->split)
1358 			break;
1359 	case 3:
1360 		nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1361 		if (!nl_bands)
1362 			goto nla_put_failure;
1363 
1364 		for (band = state->band_start;
1365 		     band < IEEE80211_NUM_BANDS; band++) {
1366 			struct ieee80211_supported_band *sband;
1367 
1368 			sband = rdev->wiphy.bands[band];
1369 
1370 			if (!sband)
1371 				continue;
1372 
1373 			nl_band = nla_nest_start(msg, band);
1374 			if (!nl_band)
1375 				goto nla_put_failure;
1376 
1377 			switch (state->chan_start) {
1378 			case 0:
1379 				if (nl80211_send_band_rateinfo(msg, sband))
1380 					goto nla_put_failure;
1381 				state->chan_start++;
1382 				if (state->split)
1383 					break;
1384 			default:
1385 				/* add frequencies */
1386 				nl_freqs = nla_nest_start(
1387 					msg, NL80211_BAND_ATTR_FREQS);
1388 				if (!nl_freqs)
1389 					goto nla_put_failure;
1390 
1391 				for (i = state->chan_start - 1;
1392 				     i < sband->n_channels;
1393 				     i++) {
1394 					nl_freq = nla_nest_start(msg, i);
1395 					if (!nl_freq)
1396 						goto nla_put_failure;
1397 
1398 					chan = &sband->channels[i];
1399 
1400 					if (nl80211_msg_put_channel(
1401 							msg, chan,
1402 							state->split))
1403 						goto nla_put_failure;
1404 
1405 					nla_nest_end(msg, nl_freq);
1406 					if (state->split)
1407 						break;
1408 				}
1409 				if (i < sband->n_channels)
1410 					state->chan_start = i + 2;
1411 				else
1412 					state->chan_start = 0;
1413 				nla_nest_end(msg, nl_freqs);
1414 			}
1415 
1416 			nla_nest_end(msg, nl_band);
1417 
1418 			if (state->split) {
1419 				/* start again here */
1420 				if (state->chan_start)
1421 					band--;
1422 				break;
1423 			}
1424 		}
1425 		nla_nest_end(msg, nl_bands);
1426 
1427 		if (band < IEEE80211_NUM_BANDS)
1428 			state->band_start = band + 1;
1429 		else
1430 			state->band_start = 0;
1431 
1432 		/* if bands & channels are done, continue outside */
1433 		if (state->band_start == 0 && state->chan_start == 0)
1434 			state->split_start++;
1435 		if (state->split)
1436 			break;
1437 	case 4:
1438 		nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1439 		if (!nl_cmds)
1440 			goto nla_put_failure;
1441 
1442 		i = 0;
1443 #define CMD(op, n)							\
1444 		 do {							\
1445 			if (rdev->ops->op) {				\
1446 				i++;					\
1447 				if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1448 					goto nla_put_failure;		\
1449 			}						\
1450 		} while (0)
1451 
1452 		CMD(add_virtual_intf, NEW_INTERFACE);
1453 		CMD(change_virtual_intf, SET_INTERFACE);
1454 		CMD(add_key, NEW_KEY);
1455 		CMD(start_ap, START_AP);
1456 		CMD(add_station, NEW_STATION);
1457 		CMD(add_mpath, NEW_MPATH);
1458 		CMD(update_mesh_config, SET_MESH_CONFIG);
1459 		CMD(change_bss, SET_BSS);
1460 		CMD(auth, AUTHENTICATE);
1461 		CMD(assoc, ASSOCIATE);
1462 		CMD(deauth, DEAUTHENTICATE);
1463 		CMD(disassoc, DISASSOCIATE);
1464 		CMD(join_ibss, JOIN_IBSS);
1465 		CMD(join_mesh, JOIN_MESH);
1466 		CMD(set_pmksa, SET_PMKSA);
1467 		CMD(del_pmksa, DEL_PMKSA);
1468 		CMD(flush_pmksa, FLUSH_PMKSA);
1469 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1470 			CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1471 		CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1472 		CMD(mgmt_tx, FRAME);
1473 		CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1474 		if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1475 			i++;
1476 			if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1477 				goto nla_put_failure;
1478 		}
1479 		if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1480 		    rdev->ops->join_mesh) {
1481 			i++;
1482 			if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1483 				goto nla_put_failure;
1484 		}
1485 		CMD(set_wds_peer, SET_WDS_PEER);
1486 		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1487 			CMD(tdls_mgmt, TDLS_MGMT);
1488 			CMD(tdls_oper, TDLS_OPER);
1489 		}
1490 		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1491 			CMD(sched_scan_start, START_SCHED_SCAN);
1492 		CMD(probe_client, PROBE_CLIENT);
1493 		CMD(set_noack_map, SET_NOACK_MAP);
1494 		if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1495 			i++;
1496 			if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1497 				goto nla_put_failure;
1498 		}
1499 		CMD(start_p2p_device, START_P2P_DEVICE);
1500 		CMD(set_mcast_rate, SET_MCAST_RATE);
1501 #ifdef CONFIG_NL80211_TESTMODE
1502 		CMD(testmode_cmd, TESTMODE);
1503 #endif
1504 		if (state->split) {
1505 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
1506 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1507 			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1508 				CMD(channel_switch, CHANNEL_SWITCH);
1509 			CMD(set_qos_map, SET_QOS_MAP);
1510 		}
1511 		/* add into the if now */
1512 #undef CMD
1513 
1514 		if (rdev->ops->connect || rdev->ops->auth) {
1515 			i++;
1516 			if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1517 				goto nla_put_failure;
1518 		}
1519 
1520 		if (rdev->ops->disconnect || rdev->ops->deauth) {
1521 			i++;
1522 			if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1523 				goto nla_put_failure;
1524 		}
1525 
1526 		nla_nest_end(msg, nl_cmds);
1527 		state->split_start++;
1528 		if (state->split)
1529 			break;
1530 	case 5:
1531 		if (rdev->ops->remain_on_channel &&
1532 		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1533 		    nla_put_u32(msg,
1534 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1535 				rdev->wiphy.max_remain_on_channel_duration))
1536 			goto nla_put_failure;
1537 
1538 		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1539 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1540 			goto nla_put_failure;
1541 
1542 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1543 			goto nla_put_failure;
1544 		state->split_start++;
1545 		if (state->split)
1546 			break;
1547 	case 6:
1548 #ifdef CONFIG_PM
1549 		if (nl80211_send_wowlan(msg, rdev, state->split))
1550 			goto nla_put_failure;
1551 		state->split_start++;
1552 		if (state->split)
1553 			break;
1554 #else
1555 		state->split_start++;
1556 #endif
1557 	case 7:
1558 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1559 					rdev->wiphy.software_iftypes))
1560 			goto nla_put_failure;
1561 
1562 		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1563 						   state->split))
1564 			goto nla_put_failure;
1565 
1566 		state->split_start++;
1567 		if (state->split)
1568 			break;
1569 	case 8:
1570 		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1571 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1572 				rdev->wiphy.ap_sme_capa))
1573 			goto nla_put_failure;
1574 
1575 		features = rdev->wiphy.features;
1576 		/*
1577 		 * We can only add the per-channel limit information if the
1578 		 * dump is split, otherwise it makes it too big. Therefore
1579 		 * only advertise it in that case.
1580 		 */
1581 		if (state->split)
1582 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1583 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1584 			goto nla_put_failure;
1585 
1586 		if (rdev->wiphy.ht_capa_mod_mask &&
1587 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1588 			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
1589 			    rdev->wiphy.ht_capa_mod_mask))
1590 			goto nla_put_failure;
1591 
1592 		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1593 		    rdev->wiphy.max_acl_mac_addrs &&
1594 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1595 				rdev->wiphy.max_acl_mac_addrs))
1596 			goto nla_put_failure;
1597 
1598 		/*
1599 		 * Any information below this point is only available to
1600 		 * applications that can deal with it being split. This
1601 		 * helps ensure that newly added capabilities don't break
1602 		 * older tools by overrunning their buffers.
1603 		 *
1604 		 * We still increment split_start so that in the split
1605 		 * case we'll continue with more data in the next round,
1606 		 * but break unconditionally so unsplit data stops here.
1607 		 */
1608 		state->split_start++;
1609 		break;
1610 	case 9:
1611 		if (rdev->wiphy.extended_capabilities &&
1612 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1613 			     rdev->wiphy.extended_capabilities_len,
1614 			     rdev->wiphy.extended_capabilities) ||
1615 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1616 			     rdev->wiphy.extended_capabilities_len,
1617 			     rdev->wiphy.extended_capabilities_mask)))
1618 			goto nla_put_failure;
1619 
1620 		if (rdev->wiphy.vht_capa_mod_mask &&
1621 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1622 			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
1623 			    rdev->wiphy.vht_capa_mod_mask))
1624 			goto nla_put_failure;
1625 
1626 		state->split_start++;
1627 		break;
1628 	case 10:
1629 		if (nl80211_send_coalesce(msg, rdev))
1630 			goto nla_put_failure;
1631 
1632 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1633 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1634 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1635 			goto nla_put_failure;
1636 
1637 		if (rdev->wiphy.max_ap_assoc_sta &&
1638 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1639 				rdev->wiphy.max_ap_assoc_sta))
1640 			goto nla_put_failure;
1641 
1642 		state->split_start++;
1643 		break;
1644 	case 11:
1645 		if (rdev->wiphy.n_vendor_commands) {
1646 			const struct nl80211_vendor_cmd_info *info;
1647 			struct nlattr *nested;
1648 
1649 			nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1650 			if (!nested)
1651 				goto nla_put_failure;
1652 
1653 			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1654 				info = &rdev->wiphy.vendor_commands[i].info;
1655 				if (nla_put(msg, i + 1, sizeof(*info), info))
1656 					goto nla_put_failure;
1657 			}
1658 			nla_nest_end(msg, nested);
1659 		}
1660 
1661 		if (rdev->wiphy.n_vendor_events) {
1662 			const struct nl80211_vendor_cmd_info *info;
1663 			struct nlattr *nested;
1664 
1665 			nested = nla_nest_start(msg,
1666 						NL80211_ATTR_VENDOR_EVENTS);
1667 			if (!nested)
1668 				goto nla_put_failure;
1669 
1670 			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1671 				info = &rdev->wiphy.vendor_events[i];
1672 				if (nla_put(msg, i + 1, sizeof(*info), info))
1673 					goto nla_put_failure;
1674 			}
1675 			nla_nest_end(msg, nested);
1676 		}
1677 		state->split_start++;
1678 		break;
1679 	case 12:
1680 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1681 		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1682 			       rdev->wiphy.max_num_csa_counters))
1683 			goto nla_put_failure;
1684 
1685 		/* done */
1686 		state->split_start = 0;
1687 		break;
1688 	}
1689  finish:
1690 	return genlmsg_end(msg, hdr);
1691 
1692  nla_put_failure:
1693 	genlmsg_cancel(msg, hdr);
1694 	return -EMSGSIZE;
1695 }
1696 
1697 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1698 				    struct netlink_callback *cb,
1699 				    struct nl80211_dump_wiphy_state *state)
1700 {
1701 	struct nlattr **tb = nl80211_fam.attrbuf;
1702 	int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1703 			      tb, nl80211_fam.maxattr, nl80211_policy);
1704 	/* ignore parse errors for backward compatibility */
1705 	if (ret)
1706 		return 0;
1707 
1708 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1709 	if (tb[NL80211_ATTR_WIPHY])
1710 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1711 	if (tb[NL80211_ATTR_WDEV])
1712 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1713 	if (tb[NL80211_ATTR_IFINDEX]) {
1714 		struct net_device *netdev;
1715 		struct cfg80211_registered_device *rdev;
1716 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1717 
1718 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1719 		if (!netdev)
1720 			return -ENODEV;
1721 		if (netdev->ieee80211_ptr) {
1722 			rdev = wiphy_to_rdev(
1723 				netdev->ieee80211_ptr->wiphy);
1724 			state->filter_wiphy = rdev->wiphy_idx;
1725 		}
1726 	}
1727 
1728 	return 0;
1729 }
1730 
1731 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1732 {
1733 	int idx = 0, ret;
1734 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1735 	struct cfg80211_registered_device *rdev;
1736 
1737 	rtnl_lock();
1738 	if (!state) {
1739 		state = kzalloc(sizeof(*state), GFP_KERNEL);
1740 		if (!state) {
1741 			rtnl_unlock();
1742 			return -ENOMEM;
1743 		}
1744 		state->filter_wiphy = -1;
1745 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
1746 		if (ret) {
1747 			kfree(state);
1748 			rtnl_unlock();
1749 			return ret;
1750 		}
1751 		cb->args[0] = (long)state;
1752 	}
1753 
1754 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1755 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1756 			continue;
1757 		if (++idx <= state->start)
1758 			continue;
1759 		if (state->filter_wiphy != -1 &&
1760 		    state->filter_wiphy != rdev->wiphy_idx)
1761 			continue;
1762 		/* attempt to fit multiple wiphy data chunks into the skb */
1763 		do {
1764 			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
1765 						 skb,
1766 						 NETLINK_CB(cb->skb).portid,
1767 						 cb->nlh->nlmsg_seq,
1768 						 NLM_F_MULTI, state);
1769 			if (ret < 0) {
1770 				/*
1771 				 * If sending the wiphy data didn't fit (ENOBUFS
1772 				 * or EMSGSIZE returned), this SKB is still
1773 				 * empty (so it's not too big because another
1774 				 * wiphy dataset is already in the skb) and
1775 				 * we've not tried to adjust the dump allocation
1776 				 * yet ... then adjust the alloc size to be
1777 				 * bigger, and return 1 but with the empty skb.
1778 				 * This results in an empty message being RX'ed
1779 				 * in userspace, but that is ignored.
1780 				 *
1781 				 * We can then retry with the larger buffer.
1782 				 */
1783 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1784 				    !skb->len && !state->split &&
1785 				    cb->min_dump_alloc < 4096) {
1786 					cb->min_dump_alloc = 4096;
1787 					state->split_start = 0;
1788 					rtnl_unlock();
1789 					return 1;
1790 				}
1791 				idx--;
1792 				break;
1793 			}
1794 		} while (state->split_start > 0);
1795 		break;
1796 	}
1797 	rtnl_unlock();
1798 
1799 	state->start = idx;
1800 
1801 	return skb->len;
1802 }
1803 
1804 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1805 {
1806 	kfree((void *)cb->args[0]);
1807 	return 0;
1808 }
1809 
1810 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1811 {
1812 	struct sk_buff *msg;
1813 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1814 	struct nl80211_dump_wiphy_state state = {};
1815 
1816 	msg = nlmsg_new(4096, GFP_KERNEL);
1817 	if (!msg)
1818 		return -ENOMEM;
1819 
1820 	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
1821 			       info->snd_portid, info->snd_seq, 0,
1822 			       &state) < 0) {
1823 		nlmsg_free(msg);
1824 		return -ENOBUFS;
1825 	}
1826 
1827 	return genlmsg_reply(msg, info);
1828 }
1829 
1830 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1831 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1832 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1833 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1834 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1835 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1836 };
1837 
1838 static int parse_txq_params(struct nlattr *tb[],
1839 			    struct ieee80211_txq_params *txq_params)
1840 {
1841 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1842 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1843 	    !tb[NL80211_TXQ_ATTR_AIFS])
1844 		return -EINVAL;
1845 
1846 	txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1847 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1848 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1849 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1850 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1851 
1852 	if (txq_params->ac >= NL80211_NUM_ACS)
1853 		return -EINVAL;
1854 
1855 	return 0;
1856 }
1857 
1858 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1859 {
1860 	/*
1861 	 * You can only set the channel explicitly for WDS interfaces,
1862 	 * all others have their channel managed via their respective
1863 	 * "establish a connection" command (connect, join, ...)
1864 	 *
1865 	 * For AP/GO and mesh mode, the channel can be set with the
1866 	 * channel userspace API, but is only stored and passed to the
1867 	 * low-level driver when the AP starts or the mesh is joined.
1868 	 * This is for backward compatibility, userspace can also give
1869 	 * the channel in the start-ap or join-mesh commands instead.
1870 	 *
1871 	 * Monitors are special as they are normally slaved to
1872 	 * whatever else is going on, so they have their own special
1873 	 * operation to set the monitor channel if possible.
1874 	 */
1875 	return !wdev ||
1876 		wdev->iftype == NL80211_IFTYPE_AP ||
1877 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1878 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
1879 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1880 }
1881 
1882 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1883 				 struct genl_info *info,
1884 				 struct cfg80211_chan_def *chandef)
1885 {
1886 	u32 control_freq;
1887 
1888 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1889 		return -EINVAL;
1890 
1891 	control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1892 
1893 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1894 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1895 	chandef->center_freq1 = control_freq;
1896 	chandef->center_freq2 = 0;
1897 
1898 	/* Primary channel not allowed */
1899 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1900 		return -EINVAL;
1901 
1902 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1903 		enum nl80211_channel_type chantype;
1904 
1905 		chantype = nla_get_u32(
1906 				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1907 
1908 		switch (chantype) {
1909 		case NL80211_CHAN_NO_HT:
1910 		case NL80211_CHAN_HT20:
1911 		case NL80211_CHAN_HT40PLUS:
1912 		case NL80211_CHAN_HT40MINUS:
1913 			cfg80211_chandef_create(chandef, chandef->chan,
1914 						chantype);
1915 			break;
1916 		default:
1917 			return -EINVAL;
1918 		}
1919 	} else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1920 		chandef->width =
1921 			nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1922 		if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1923 			chandef->center_freq1 =
1924 				nla_get_u32(
1925 					info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1926 		if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1927 			chandef->center_freq2 =
1928 				nla_get_u32(
1929 					info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1930 	}
1931 
1932 	if (!cfg80211_chandef_valid(chandef))
1933 		return -EINVAL;
1934 
1935 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1936 				     IEEE80211_CHAN_DISABLED))
1937 		return -EINVAL;
1938 
1939 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1940 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
1941 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1942 		return -EINVAL;
1943 
1944 	return 0;
1945 }
1946 
1947 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1948 				 struct net_device *dev,
1949 				 struct genl_info *info)
1950 {
1951 	struct cfg80211_chan_def chandef;
1952 	int result;
1953 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1954 	struct wireless_dev *wdev = NULL;
1955 
1956 	if (dev)
1957 		wdev = dev->ieee80211_ptr;
1958 	if (!nl80211_can_set_dev_channel(wdev))
1959 		return -EOPNOTSUPP;
1960 	if (wdev)
1961 		iftype = wdev->iftype;
1962 
1963 	result = nl80211_parse_chandef(rdev, info, &chandef);
1964 	if (result)
1965 		return result;
1966 
1967 	switch (iftype) {
1968 	case NL80211_IFTYPE_AP:
1969 	case NL80211_IFTYPE_P2P_GO:
1970 		if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef, iftype)) {
1971 			result = -EINVAL;
1972 			break;
1973 		}
1974 		if (wdev->beacon_interval) {
1975 			if (!dev || !rdev->ops->set_ap_chanwidth ||
1976 			    !(rdev->wiphy.features &
1977 			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
1978 				result = -EBUSY;
1979 				break;
1980 			}
1981 
1982 			/* Only allow dynamic channel width changes */
1983 			if (chandef.chan != wdev->preset_chandef.chan) {
1984 				result = -EBUSY;
1985 				break;
1986 			}
1987 			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
1988 			if (result)
1989 				break;
1990 		}
1991 		wdev->preset_chandef = chandef;
1992 		result = 0;
1993 		break;
1994 	case NL80211_IFTYPE_MESH_POINT:
1995 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
1996 		break;
1997 	case NL80211_IFTYPE_MONITOR:
1998 		result = cfg80211_set_monitor_channel(rdev, &chandef);
1999 		break;
2000 	default:
2001 		result = -EINVAL;
2002 	}
2003 
2004 	return result;
2005 }
2006 
2007 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2008 {
2009 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2010 	struct net_device *netdev = info->user_ptr[1];
2011 
2012 	return __nl80211_set_channel(rdev, netdev, info);
2013 }
2014 
2015 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2016 {
2017 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2018 	struct net_device *dev = info->user_ptr[1];
2019 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2020 	const u8 *bssid;
2021 
2022 	if (!info->attrs[NL80211_ATTR_MAC])
2023 		return -EINVAL;
2024 
2025 	if (netif_running(dev))
2026 		return -EBUSY;
2027 
2028 	if (!rdev->ops->set_wds_peer)
2029 		return -EOPNOTSUPP;
2030 
2031 	if (wdev->iftype != NL80211_IFTYPE_WDS)
2032 		return -EOPNOTSUPP;
2033 
2034 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2035 	return rdev_set_wds_peer(rdev, dev, bssid);
2036 }
2037 
2038 
2039 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2040 {
2041 	struct cfg80211_registered_device *rdev;
2042 	struct net_device *netdev = NULL;
2043 	struct wireless_dev *wdev;
2044 	int result = 0, rem_txq_params = 0;
2045 	struct nlattr *nl_txq_params;
2046 	u32 changed;
2047 	u8 retry_short = 0, retry_long = 0;
2048 	u32 frag_threshold = 0, rts_threshold = 0;
2049 	u8 coverage_class = 0;
2050 
2051 	ASSERT_RTNL();
2052 
2053 	/*
2054 	 * Try to find the wiphy and netdev. Normally this
2055 	 * function shouldn't need the netdev, but this is
2056 	 * done for backward compatibility -- previously
2057 	 * setting the channel was done per wiphy, but now
2058 	 * it is per netdev. Previous userland like hostapd
2059 	 * also passed a netdev to set_wiphy, so that it is
2060 	 * possible to let that go to the right netdev!
2061 	 */
2062 
2063 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
2064 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2065 
2066 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2067 		if (netdev && netdev->ieee80211_ptr)
2068 			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2069 		else
2070 			netdev = NULL;
2071 	}
2072 
2073 	if (!netdev) {
2074 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2075 						  info->attrs);
2076 		if (IS_ERR(rdev))
2077 			return PTR_ERR(rdev);
2078 		wdev = NULL;
2079 		netdev = NULL;
2080 		result = 0;
2081 	} else
2082 		wdev = netdev->ieee80211_ptr;
2083 
2084 	/*
2085 	 * end workaround code, by now the rdev is available
2086 	 * and locked, and wdev may or may not be NULL.
2087 	 */
2088 
2089 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2090 		result = cfg80211_dev_rename(
2091 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2092 
2093 	if (result)
2094 		return result;
2095 
2096 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2097 		struct ieee80211_txq_params txq_params;
2098 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2099 
2100 		if (!rdev->ops->set_txq_params)
2101 			return -EOPNOTSUPP;
2102 
2103 		if (!netdev)
2104 			return -EINVAL;
2105 
2106 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2107 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2108 			return -EINVAL;
2109 
2110 		if (!netif_running(netdev))
2111 			return -ENETDOWN;
2112 
2113 		nla_for_each_nested(nl_txq_params,
2114 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2115 				    rem_txq_params) {
2116 			result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2117 					   nla_data(nl_txq_params),
2118 					   nla_len(nl_txq_params),
2119 					   txq_params_policy);
2120 			if (result)
2121 				return result;
2122 			result = parse_txq_params(tb, &txq_params);
2123 			if (result)
2124 				return result;
2125 
2126 			result = rdev_set_txq_params(rdev, netdev,
2127 						     &txq_params);
2128 			if (result)
2129 				return result;
2130 		}
2131 	}
2132 
2133 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2134 		result = __nl80211_set_channel(
2135 			rdev,
2136 			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2137 			info);
2138 		if (result)
2139 			return result;
2140 	}
2141 
2142 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2143 		struct wireless_dev *txp_wdev = wdev;
2144 		enum nl80211_tx_power_setting type;
2145 		int idx, mbm = 0;
2146 
2147 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2148 			txp_wdev = NULL;
2149 
2150 		if (!rdev->ops->set_tx_power)
2151 			return -EOPNOTSUPP;
2152 
2153 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2154 		type = nla_get_u32(info->attrs[idx]);
2155 
2156 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2157 		    (type != NL80211_TX_POWER_AUTOMATIC))
2158 			return -EINVAL;
2159 
2160 		if (type != NL80211_TX_POWER_AUTOMATIC) {
2161 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2162 			mbm = nla_get_u32(info->attrs[idx]);
2163 		}
2164 
2165 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2166 		if (result)
2167 			return result;
2168 	}
2169 
2170 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2171 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2172 		u32 tx_ant, rx_ant;
2173 		if ((!rdev->wiphy.available_antennas_tx &&
2174 		     !rdev->wiphy.available_antennas_rx) ||
2175 		    !rdev->ops->set_antenna)
2176 			return -EOPNOTSUPP;
2177 
2178 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2179 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2180 
2181 		/* reject antenna configurations which don't match the
2182 		 * available antenna masks, except for the "all" mask */
2183 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2184 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2185 			return -EINVAL;
2186 
2187 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2188 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2189 
2190 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2191 		if (result)
2192 			return result;
2193 	}
2194 
2195 	changed = 0;
2196 
2197 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2198 		retry_short = nla_get_u8(
2199 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2200 		if (retry_short == 0)
2201 			return -EINVAL;
2202 
2203 		changed |= WIPHY_PARAM_RETRY_SHORT;
2204 	}
2205 
2206 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2207 		retry_long = nla_get_u8(
2208 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2209 		if (retry_long == 0)
2210 			return -EINVAL;
2211 
2212 		changed |= WIPHY_PARAM_RETRY_LONG;
2213 	}
2214 
2215 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2216 		frag_threshold = nla_get_u32(
2217 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2218 		if (frag_threshold < 256)
2219 			return -EINVAL;
2220 
2221 		if (frag_threshold != (u32) -1) {
2222 			/*
2223 			 * Fragments (apart from the last one) are required to
2224 			 * have even length. Make the fragmentation code
2225 			 * simpler by stripping LSB should someone try to use
2226 			 * odd threshold value.
2227 			 */
2228 			frag_threshold &= ~0x1;
2229 		}
2230 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2231 	}
2232 
2233 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2234 		rts_threshold = nla_get_u32(
2235 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2236 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2237 	}
2238 
2239 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2240 		coverage_class = nla_get_u8(
2241 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2242 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2243 	}
2244 
2245 	if (changed) {
2246 		u8 old_retry_short, old_retry_long;
2247 		u32 old_frag_threshold, old_rts_threshold;
2248 		u8 old_coverage_class;
2249 
2250 		if (!rdev->ops->set_wiphy_params)
2251 			return -EOPNOTSUPP;
2252 
2253 		old_retry_short = rdev->wiphy.retry_short;
2254 		old_retry_long = rdev->wiphy.retry_long;
2255 		old_frag_threshold = rdev->wiphy.frag_threshold;
2256 		old_rts_threshold = rdev->wiphy.rts_threshold;
2257 		old_coverage_class = rdev->wiphy.coverage_class;
2258 
2259 		if (changed & WIPHY_PARAM_RETRY_SHORT)
2260 			rdev->wiphy.retry_short = retry_short;
2261 		if (changed & WIPHY_PARAM_RETRY_LONG)
2262 			rdev->wiphy.retry_long = retry_long;
2263 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2264 			rdev->wiphy.frag_threshold = frag_threshold;
2265 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2266 			rdev->wiphy.rts_threshold = rts_threshold;
2267 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2268 			rdev->wiphy.coverage_class = coverage_class;
2269 
2270 		result = rdev_set_wiphy_params(rdev, changed);
2271 		if (result) {
2272 			rdev->wiphy.retry_short = old_retry_short;
2273 			rdev->wiphy.retry_long = old_retry_long;
2274 			rdev->wiphy.frag_threshold = old_frag_threshold;
2275 			rdev->wiphy.rts_threshold = old_rts_threshold;
2276 			rdev->wiphy.coverage_class = old_coverage_class;
2277 		}
2278 	}
2279 	return 0;
2280 }
2281 
2282 static inline u64 wdev_id(struct wireless_dev *wdev)
2283 {
2284 	return (u64)wdev->identifier |
2285 	       ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2286 }
2287 
2288 static int nl80211_send_chandef(struct sk_buff *msg,
2289 				const struct cfg80211_chan_def *chandef)
2290 {
2291 	WARN_ON(!cfg80211_chandef_valid(chandef));
2292 
2293 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2294 			chandef->chan->center_freq))
2295 		return -ENOBUFS;
2296 	switch (chandef->width) {
2297 	case NL80211_CHAN_WIDTH_20_NOHT:
2298 	case NL80211_CHAN_WIDTH_20:
2299 	case NL80211_CHAN_WIDTH_40:
2300 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2301 				cfg80211_get_chandef_type(chandef)))
2302 			return -ENOBUFS;
2303 		break;
2304 	default:
2305 		break;
2306 	}
2307 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2308 		return -ENOBUFS;
2309 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2310 		return -ENOBUFS;
2311 	if (chandef->center_freq2 &&
2312 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2313 		return -ENOBUFS;
2314 	return 0;
2315 }
2316 
2317 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2318 			      struct cfg80211_registered_device *rdev,
2319 			      struct wireless_dev *wdev)
2320 {
2321 	struct net_device *dev = wdev->netdev;
2322 	void *hdr;
2323 
2324 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
2325 	if (!hdr)
2326 		return -1;
2327 
2328 	if (dev &&
2329 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2330 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2331 		goto nla_put_failure;
2332 
2333 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2334 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2335 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2336 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2337 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
2338 			rdev->devlist_generation ^
2339 			(cfg80211_rdev_list_generation << 2)))
2340 		goto nla_put_failure;
2341 
2342 	if (rdev->ops->get_channel) {
2343 		int ret;
2344 		struct cfg80211_chan_def chandef;
2345 
2346 		ret = rdev_get_channel(rdev, wdev, &chandef);
2347 		if (ret == 0) {
2348 			if (nl80211_send_chandef(msg, &chandef))
2349 				goto nla_put_failure;
2350 		}
2351 	}
2352 
2353 	if (wdev->ssid_len) {
2354 		if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2355 			goto nla_put_failure;
2356 	}
2357 
2358 	return genlmsg_end(msg, hdr);
2359 
2360  nla_put_failure:
2361 	genlmsg_cancel(msg, hdr);
2362 	return -EMSGSIZE;
2363 }
2364 
2365 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2366 {
2367 	int wp_idx = 0;
2368 	int if_idx = 0;
2369 	int wp_start = cb->args[0];
2370 	int if_start = cb->args[1];
2371 	struct cfg80211_registered_device *rdev;
2372 	struct wireless_dev *wdev;
2373 
2374 	rtnl_lock();
2375 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2376 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2377 			continue;
2378 		if (wp_idx < wp_start) {
2379 			wp_idx++;
2380 			continue;
2381 		}
2382 		if_idx = 0;
2383 
2384 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
2385 			if (if_idx < if_start) {
2386 				if_idx++;
2387 				continue;
2388 			}
2389 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2390 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2391 					       rdev, wdev) < 0) {
2392 				goto out;
2393 			}
2394 			if_idx++;
2395 		}
2396 
2397 		wp_idx++;
2398 	}
2399  out:
2400 	rtnl_unlock();
2401 
2402 	cb->args[0] = wp_idx;
2403 	cb->args[1] = if_idx;
2404 
2405 	return skb->len;
2406 }
2407 
2408 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2409 {
2410 	struct sk_buff *msg;
2411 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2412 	struct wireless_dev *wdev = info->user_ptr[1];
2413 
2414 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2415 	if (!msg)
2416 		return -ENOMEM;
2417 
2418 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2419 			       rdev, wdev) < 0) {
2420 		nlmsg_free(msg);
2421 		return -ENOBUFS;
2422 	}
2423 
2424 	return genlmsg_reply(msg, info);
2425 }
2426 
2427 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2428 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2429 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2430 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2431 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2432 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2433 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2434 };
2435 
2436 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2437 {
2438 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2439 	int flag;
2440 
2441 	*mntrflags = 0;
2442 
2443 	if (!nla)
2444 		return -EINVAL;
2445 
2446 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2447 			     nla, mntr_flags_policy))
2448 		return -EINVAL;
2449 
2450 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2451 		if (flags[flag])
2452 			*mntrflags |= (1<<flag);
2453 
2454 	return 0;
2455 }
2456 
2457 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2458 			       struct net_device *netdev, u8 use_4addr,
2459 			       enum nl80211_iftype iftype)
2460 {
2461 	if (!use_4addr) {
2462 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2463 			return -EBUSY;
2464 		return 0;
2465 	}
2466 
2467 	switch (iftype) {
2468 	case NL80211_IFTYPE_AP_VLAN:
2469 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2470 			return 0;
2471 		break;
2472 	case NL80211_IFTYPE_STATION:
2473 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2474 			return 0;
2475 		break;
2476 	default:
2477 		break;
2478 	}
2479 
2480 	return -EOPNOTSUPP;
2481 }
2482 
2483 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2484 {
2485 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2486 	struct vif_params params;
2487 	int err;
2488 	enum nl80211_iftype otype, ntype;
2489 	struct net_device *dev = info->user_ptr[1];
2490 	u32 _flags, *flags = NULL;
2491 	bool change = false;
2492 
2493 	memset(&params, 0, sizeof(params));
2494 
2495 	otype = ntype = dev->ieee80211_ptr->iftype;
2496 
2497 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2498 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2499 		if (otype != ntype)
2500 			change = true;
2501 		if (ntype > NL80211_IFTYPE_MAX)
2502 			return -EINVAL;
2503 	}
2504 
2505 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
2506 		struct wireless_dev *wdev = dev->ieee80211_ptr;
2507 
2508 		if (ntype != NL80211_IFTYPE_MESH_POINT)
2509 			return -EINVAL;
2510 		if (netif_running(dev))
2511 			return -EBUSY;
2512 
2513 		wdev_lock(wdev);
2514 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2515 			     IEEE80211_MAX_MESH_ID_LEN);
2516 		wdev->mesh_id_up_len =
2517 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2518 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2519 		       wdev->mesh_id_up_len);
2520 		wdev_unlock(wdev);
2521 	}
2522 
2523 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2524 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2525 		change = true;
2526 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2527 		if (err)
2528 			return err;
2529 	} else {
2530 		params.use_4addr = -1;
2531 	}
2532 
2533 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2534 		if (ntype != NL80211_IFTYPE_MONITOR)
2535 			return -EINVAL;
2536 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2537 					  &_flags);
2538 		if (err)
2539 			return err;
2540 
2541 		flags = &_flags;
2542 		change = true;
2543 	}
2544 
2545 	if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2546 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2547 		return -EOPNOTSUPP;
2548 
2549 	if (change)
2550 		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2551 	else
2552 		err = 0;
2553 
2554 	if (!err && params.use_4addr != -1)
2555 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
2556 
2557 	return err;
2558 }
2559 
2560 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2561 {
2562 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2563 	struct vif_params params;
2564 	struct wireless_dev *wdev;
2565 	struct sk_buff *msg;
2566 	int err;
2567 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2568 	u32 flags;
2569 
2570 	/* to avoid failing a new interface creation due to pending removal */
2571 	cfg80211_destroy_ifaces(rdev);
2572 
2573 	memset(&params, 0, sizeof(params));
2574 
2575 	if (!info->attrs[NL80211_ATTR_IFNAME])
2576 		return -EINVAL;
2577 
2578 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2579 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2580 		if (type > NL80211_IFTYPE_MAX)
2581 			return -EINVAL;
2582 	}
2583 
2584 	if (!rdev->ops->add_virtual_intf ||
2585 	    !(rdev->wiphy.interface_modes & (1 << type)))
2586 		return -EOPNOTSUPP;
2587 
2588 	if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) {
2589 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2590 			   ETH_ALEN);
2591 		if (!is_valid_ether_addr(params.macaddr))
2592 			return -EADDRNOTAVAIL;
2593 	}
2594 
2595 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2596 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2597 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2598 		if (err)
2599 			return err;
2600 	}
2601 
2602 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2603 	if (!msg)
2604 		return -ENOMEM;
2605 
2606 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2607 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2608 				  &flags);
2609 
2610 	if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2611 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2612 		return -EOPNOTSUPP;
2613 
2614 	wdev = rdev_add_virtual_intf(rdev,
2615 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2616 				type, err ? NULL : &flags, &params);
2617 	if (IS_ERR(wdev)) {
2618 		nlmsg_free(msg);
2619 		return PTR_ERR(wdev);
2620 	}
2621 
2622 	if (info->attrs[NL80211_ATTR_IFACE_SOCKET_OWNER])
2623 		wdev->owner_nlportid = info->snd_portid;
2624 
2625 	switch (type) {
2626 	case NL80211_IFTYPE_MESH_POINT:
2627 		if (!info->attrs[NL80211_ATTR_MESH_ID])
2628 			break;
2629 		wdev_lock(wdev);
2630 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2631 			     IEEE80211_MAX_MESH_ID_LEN);
2632 		wdev->mesh_id_up_len =
2633 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2634 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2635 		       wdev->mesh_id_up_len);
2636 		wdev_unlock(wdev);
2637 		break;
2638 	case NL80211_IFTYPE_P2P_DEVICE:
2639 		/*
2640 		 * P2P Device doesn't have a netdev, so doesn't go
2641 		 * through the netdev notifier and must be added here
2642 		 */
2643 		mutex_init(&wdev->mtx);
2644 		INIT_LIST_HEAD(&wdev->event_list);
2645 		spin_lock_init(&wdev->event_lock);
2646 		INIT_LIST_HEAD(&wdev->mgmt_registrations);
2647 		spin_lock_init(&wdev->mgmt_registrations_lock);
2648 
2649 		wdev->identifier = ++rdev->wdev_id;
2650 		list_add_rcu(&wdev->list, &rdev->wdev_list);
2651 		rdev->devlist_generation++;
2652 		break;
2653 	default:
2654 		break;
2655 	}
2656 
2657 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2658 			       rdev, wdev) < 0) {
2659 		nlmsg_free(msg);
2660 		return -ENOBUFS;
2661 	}
2662 
2663 	return genlmsg_reply(msg, info);
2664 }
2665 
2666 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2667 {
2668 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2669 	struct wireless_dev *wdev = info->user_ptr[1];
2670 
2671 	if (!rdev->ops->del_virtual_intf)
2672 		return -EOPNOTSUPP;
2673 
2674 	/*
2675 	 * If we remove a wireless device without a netdev then clear
2676 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
2677 	 * to check if it needs to do dev_put(). Otherwise it crashes
2678 	 * since the wdev has been freed, unlike with a netdev where
2679 	 * we need the dev_put() for the netdev to really be freed.
2680 	 */
2681 	if (!wdev->netdev)
2682 		info->user_ptr[1] = NULL;
2683 
2684 	return rdev_del_virtual_intf(rdev, wdev);
2685 }
2686 
2687 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2688 {
2689 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2690 	struct net_device *dev = info->user_ptr[1];
2691 	u16 noack_map;
2692 
2693 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2694 		return -EINVAL;
2695 
2696 	if (!rdev->ops->set_noack_map)
2697 		return -EOPNOTSUPP;
2698 
2699 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2700 
2701 	return rdev_set_noack_map(rdev, dev, noack_map);
2702 }
2703 
2704 struct get_key_cookie {
2705 	struct sk_buff *msg;
2706 	int error;
2707 	int idx;
2708 };
2709 
2710 static void get_key_callback(void *c, struct key_params *params)
2711 {
2712 	struct nlattr *key;
2713 	struct get_key_cookie *cookie = c;
2714 
2715 	if ((params->key &&
2716 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2717 		     params->key_len, params->key)) ||
2718 	    (params->seq &&
2719 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2720 		     params->seq_len, params->seq)) ||
2721 	    (params->cipher &&
2722 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2723 			 params->cipher)))
2724 		goto nla_put_failure;
2725 
2726 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2727 	if (!key)
2728 		goto nla_put_failure;
2729 
2730 	if ((params->key &&
2731 	     nla_put(cookie->msg, NL80211_KEY_DATA,
2732 		     params->key_len, params->key)) ||
2733 	    (params->seq &&
2734 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
2735 		     params->seq_len, params->seq)) ||
2736 	    (params->cipher &&
2737 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2738 			 params->cipher)))
2739 		goto nla_put_failure;
2740 
2741 	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2742 		goto nla_put_failure;
2743 
2744 	nla_nest_end(cookie->msg, key);
2745 
2746 	return;
2747  nla_put_failure:
2748 	cookie->error = 1;
2749 }
2750 
2751 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2752 {
2753 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2754 	int err;
2755 	struct net_device *dev = info->user_ptr[1];
2756 	u8 key_idx = 0;
2757 	const u8 *mac_addr = NULL;
2758 	bool pairwise;
2759 	struct get_key_cookie cookie = {
2760 		.error = 0,
2761 	};
2762 	void *hdr;
2763 	struct sk_buff *msg;
2764 
2765 	if (info->attrs[NL80211_ATTR_KEY_IDX])
2766 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2767 
2768 	if (key_idx > 5)
2769 		return -EINVAL;
2770 
2771 	if (info->attrs[NL80211_ATTR_MAC])
2772 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2773 
2774 	pairwise = !!mac_addr;
2775 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2776 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2777 		if (kt >= NUM_NL80211_KEYTYPES)
2778 			return -EINVAL;
2779 		if (kt != NL80211_KEYTYPE_GROUP &&
2780 		    kt != NL80211_KEYTYPE_PAIRWISE)
2781 			return -EINVAL;
2782 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2783 	}
2784 
2785 	if (!rdev->ops->get_key)
2786 		return -EOPNOTSUPP;
2787 
2788 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2789 	if (!msg)
2790 		return -ENOMEM;
2791 
2792 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2793 			     NL80211_CMD_NEW_KEY);
2794 	if (!hdr)
2795 		goto nla_put_failure;
2796 
2797 	cookie.msg = msg;
2798 	cookie.idx = key_idx;
2799 
2800 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2801 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2802 		goto nla_put_failure;
2803 	if (mac_addr &&
2804 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2805 		goto nla_put_failure;
2806 
2807 	if (pairwise && mac_addr &&
2808 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2809 		return -ENOENT;
2810 
2811 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2812 			   get_key_callback);
2813 
2814 	if (err)
2815 		goto free_msg;
2816 
2817 	if (cookie.error)
2818 		goto nla_put_failure;
2819 
2820 	genlmsg_end(msg, hdr);
2821 	return genlmsg_reply(msg, info);
2822 
2823  nla_put_failure:
2824 	err = -ENOBUFS;
2825  free_msg:
2826 	nlmsg_free(msg);
2827 	return err;
2828 }
2829 
2830 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2831 {
2832 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2833 	struct key_parse key;
2834 	int err;
2835 	struct net_device *dev = info->user_ptr[1];
2836 
2837 	err = nl80211_parse_key(info, &key);
2838 	if (err)
2839 		return err;
2840 
2841 	if (key.idx < 0)
2842 		return -EINVAL;
2843 
2844 	/* only support setting default key */
2845 	if (!key.def && !key.defmgmt)
2846 		return -EINVAL;
2847 
2848 	wdev_lock(dev->ieee80211_ptr);
2849 
2850 	if (key.def) {
2851 		if (!rdev->ops->set_default_key) {
2852 			err = -EOPNOTSUPP;
2853 			goto out;
2854 		}
2855 
2856 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2857 		if (err)
2858 			goto out;
2859 
2860 		err = rdev_set_default_key(rdev, dev, key.idx,
2861 						 key.def_uni, key.def_multi);
2862 
2863 		if (err)
2864 			goto out;
2865 
2866 #ifdef CONFIG_CFG80211_WEXT
2867 		dev->ieee80211_ptr->wext.default_key = key.idx;
2868 #endif
2869 	} else {
2870 		if (key.def_uni || !key.def_multi) {
2871 			err = -EINVAL;
2872 			goto out;
2873 		}
2874 
2875 		if (!rdev->ops->set_default_mgmt_key) {
2876 			err = -EOPNOTSUPP;
2877 			goto out;
2878 		}
2879 
2880 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2881 		if (err)
2882 			goto out;
2883 
2884 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2885 		if (err)
2886 			goto out;
2887 
2888 #ifdef CONFIG_CFG80211_WEXT
2889 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2890 #endif
2891 	}
2892 
2893  out:
2894 	wdev_unlock(dev->ieee80211_ptr);
2895 
2896 	return err;
2897 }
2898 
2899 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2900 {
2901 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2902 	int err;
2903 	struct net_device *dev = info->user_ptr[1];
2904 	struct key_parse key;
2905 	const u8 *mac_addr = NULL;
2906 
2907 	err = nl80211_parse_key(info, &key);
2908 	if (err)
2909 		return err;
2910 
2911 	if (!key.p.key)
2912 		return -EINVAL;
2913 
2914 	if (info->attrs[NL80211_ATTR_MAC])
2915 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2916 
2917 	if (key.type == -1) {
2918 		if (mac_addr)
2919 			key.type = NL80211_KEYTYPE_PAIRWISE;
2920 		else
2921 			key.type = NL80211_KEYTYPE_GROUP;
2922 	}
2923 
2924 	/* for now */
2925 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2926 	    key.type != NL80211_KEYTYPE_GROUP)
2927 		return -EINVAL;
2928 
2929 	if (!rdev->ops->add_key)
2930 		return -EOPNOTSUPP;
2931 
2932 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2933 					   key.type == NL80211_KEYTYPE_PAIRWISE,
2934 					   mac_addr))
2935 		return -EINVAL;
2936 
2937 	wdev_lock(dev->ieee80211_ptr);
2938 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2939 	if (!err)
2940 		err = rdev_add_key(rdev, dev, key.idx,
2941 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2942 				    mac_addr, &key.p);
2943 	wdev_unlock(dev->ieee80211_ptr);
2944 
2945 	return err;
2946 }
2947 
2948 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2949 {
2950 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2951 	int err;
2952 	struct net_device *dev = info->user_ptr[1];
2953 	u8 *mac_addr = NULL;
2954 	struct key_parse key;
2955 
2956 	err = nl80211_parse_key(info, &key);
2957 	if (err)
2958 		return err;
2959 
2960 	if (info->attrs[NL80211_ATTR_MAC])
2961 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2962 
2963 	if (key.type == -1) {
2964 		if (mac_addr)
2965 			key.type = NL80211_KEYTYPE_PAIRWISE;
2966 		else
2967 			key.type = NL80211_KEYTYPE_GROUP;
2968 	}
2969 
2970 	/* for now */
2971 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2972 	    key.type != NL80211_KEYTYPE_GROUP)
2973 		return -EINVAL;
2974 
2975 	if (!rdev->ops->del_key)
2976 		return -EOPNOTSUPP;
2977 
2978 	wdev_lock(dev->ieee80211_ptr);
2979 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2980 
2981 	if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2982 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2983 		err = -ENOENT;
2984 
2985 	if (!err)
2986 		err = rdev_del_key(rdev, dev, key.idx,
2987 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2988 				   mac_addr);
2989 
2990 #ifdef CONFIG_CFG80211_WEXT
2991 	if (!err) {
2992 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
2993 			dev->ieee80211_ptr->wext.default_key = -1;
2994 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2995 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2996 	}
2997 #endif
2998 	wdev_unlock(dev->ieee80211_ptr);
2999 
3000 	return err;
3001 }
3002 
3003 /* This function returns an error or the number of nested attributes */
3004 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3005 {
3006 	struct nlattr *attr;
3007 	int n_entries = 0, tmp;
3008 
3009 	nla_for_each_nested(attr, nl_attr, tmp) {
3010 		if (nla_len(attr) != ETH_ALEN)
3011 			return -EINVAL;
3012 
3013 		n_entries++;
3014 	}
3015 
3016 	return n_entries;
3017 }
3018 
3019 /*
3020  * This function parses ACL information and allocates memory for ACL data.
3021  * On successful return, the calling function is responsible to free the
3022  * ACL buffer returned by this function.
3023  */
3024 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3025 						struct genl_info *info)
3026 {
3027 	enum nl80211_acl_policy acl_policy;
3028 	struct nlattr *attr;
3029 	struct cfg80211_acl_data *acl;
3030 	int i = 0, n_entries, tmp;
3031 
3032 	if (!wiphy->max_acl_mac_addrs)
3033 		return ERR_PTR(-EOPNOTSUPP);
3034 
3035 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3036 		return ERR_PTR(-EINVAL);
3037 
3038 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3039 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3040 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3041 		return ERR_PTR(-EINVAL);
3042 
3043 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3044 		return ERR_PTR(-EINVAL);
3045 
3046 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3047 	if (n_entries < 0)
3048 		return ERR_PTR(n_entries);
3049 
3050 	if (n_entries > wiphy->max_acl_mac_addrs)
3051 		return ERR_PTR(-ENOTSUPP);
3052 
3053 	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3054 		      GFP_KERNEL);
3055 	if (!acl)
3056 		return ERR_PTR(-ENOMEM);
3057 
3058 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3059 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3060 		i++;
3061 	}
3062 
3063 	acl->n_acl_entries = n_entries;
3064 	acl->acl_policy = acl_policy;
3065 
3066 	return acl;
3067 }
3068 
3069 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3070 {
3071 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3072 	struct net_device *dev = info->user_ptr[1];
3073 	struct cfg80211_acl_data *acl;
3074 	int err;
3075 
3076 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3077 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3078 		return -EOPNOTSUPP;
3079 
3080 	if (!dev->ieee80211_ptr->beacon_interval)
3081 		return -EINVAL;
3082 
3083 	acl = parse_acl_data(&rdev->wiphy, info);
3084 	if (IS_ERR(acl))
3085 		return PTR_ERR(acl);
3086 
3087 	err = rdev_set_mac_acl(rdev, dev, acl);
3088 
3089 	kfree(acl);
3090 
3091 	return err;
3092 }
3093 
3094 static int nl80211_parse_beacon(struct nlattr *attrs[],
3095 				struct cfg80211_beacon_data *bcn)
3096 {
3097 	bool haveinfo = false;
3098 
3099 	if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3100 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3101 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3102 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3103 		return -EINVAL;
3104 
3105 	memset(bcn, 0, sizeof(*bcn));
3106 
3107 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3108 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3109 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3110 		if (!bcn->head_len)
3111 			return -EINVAL;
3112 		haveinfo = true;
3113 	}
3114 
3115 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3116 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3117 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3118 		haveinfo = true;
3119 	}
3120 
3121 	if (!haveinfo)
3122 		return -EINVAL;
3123 
3124 	if (attrs[NL80211_ATTR_IE]) {
3125 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3126 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3127 	}
3128 
3129 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3130 		bcn->proberesp_ies =
3131 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3132 		bcn->proberesp_ies_len =
3133 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3134 	}
3135 
3136 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3137 		bcn->assocresp_ies =
3138 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3139 		bcn->assocresp_ies_len =
3140 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3141 	}
3142 
3143 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
3144 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3145 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3146 	}
3147 
3148 	return 0;
3149 }
3150 
3151 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3152 				   struct cfg80211_ap_settings *params)
3153 {
3154 	struct wireless_dev *wdev;
3155 	bool ret = false;
3156 
3157 	list_for_each_entry(wdev, &rdev->wdev_list, list) {
3158 		if (wdev->iftype != NL80211_IFTYPE_AP &&
3159 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
3160 			continue;
3161 
3162 		if (!wdev->preset_chandef.chan)
3163 			continue;
3164 
3165 		params->chandef = wdev->preset_chandef;
3166 		ret = true;
3167 		break;
3168 	}
3169 
3170 	return ret;
3171 }
3172 
3173 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3174 				    enum nl80211_auth_type auth_type,
3175 				    enum nl80211_commands cmd)
3176 {
3177 	if (auth_type > NL80211_AUTHTYPE_MAX)
3178 		return false;
3179 
3180 	switch (cmd) {
3181 	case NL80211_CMD_AUTHENTICATE:
3182 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3183 		    auth_type == NL80211_AUTHTYPE_SAE)
3184 			return false;
3185 		return true;
3186 	case NL80211_CMD_CONNECT:
3187 	case NL80211_CMD_START_AP:
3188 		/* SAE not supported yet */
3189 		if (auth_type == NL80211_AUTHTYPE_SAE)
3190 			return false;
3191 		return true;
3192 	default:
3193 		return false;
3194 	}
3195 }
3196 
3197 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3198 {
3199 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3200 	struct net_device *dev = info->user_ptr[1];
3201 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3202 	struct cfg80211_ap_settings params;
3203 	int err;
3204 
3205 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3206 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3207 		return -EOPNOTSUPP;
3208 
3209 	if (!rdev->ops->start_ap)
3210 		return -EOPNOTSUPP;
3211 
3212 	if (wdev->beacon_interval)
3213 		return -EALREADY;
3214 
3215 	memset(&params, 0, sizeof(params));
3216 
3217 	/* these are required for START_AP */
3218 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3219 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3220 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
3221 		return -EINVAL;
3222 
3223 	err = nl80211_parse_beacon(info->attrs, &params.beacon);
3224 	if (err)
3225 		return err;
3226 
3227 	params.beacon_interval =
3228 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3229 	params.dtim_period =
3230 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3231 
3232 	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3233 	if (err)
3234 		return err;
3235 
3236 	/*
3237 	 * In theory, some of these attributes should be required here
3238 	 * but since they were not used when the command was originally
3239 	 * added, keep them optional for old user space programs to let
3240 	 * them continue to work with drivers that do not need the
3241 	 * additional information -- drivers must check!
3242 	 */
3243 	if (info->attrs[NL80211_ATTR_SSID]) {
3244 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3245 		params.ssid_len =
3246 			nla_len(info->attrs[NL80211_ATTR_SSID]);
3247 		if (params.ssid_len == 0 ||
3248 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
3249 			return -EINVAL;
3250 	}
3251 
3252 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3253 		params.hidden_ssid = nla_get_u32(
3254 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3255 		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3256 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3257 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3258 			return -EINVAL;
3259 	}
3260 
3261 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3262 
3263 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3264 		params.auth_type = nla_get_u32(
3265 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
3266 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
3267 					     NL80211_CMD_START_AP))
3268 			return -EINVAL;
3269 	} else
3270 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3271 
3272 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
3273 				      NL80211_MAX_NR_CIPHER_SUITES);
3274 	if (err)
3275 		return err;
3276 
3277 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3278 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3279 			return -EOPNOTSUPP;
3280 		params.inactivity_timeout = nla_get_u16(
3281 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3282 	}
3283 
3284 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3285 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3286 			return -EINVAL;
3287 		params.p2p_ctwindow =
3288 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3289 		if (params.p2p_ctwindow > 127)
3290 			return -EINVAL;
3291 		if (params.p2p_ctwindow != 0 &&
3292 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3293 			return -EINVAL;
3294 	}
3295 
3296 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3297 		u8 tmp;
3298 
3299 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3300 			return -EINVAL;
3301 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3302 		if (tmp > 1)
3303 			return -EINVAL;
3304 		params.p2p_opp_ps = tmp;
3305 		if (params.p2p_opp_ps != 0 &&
3306 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3307 			return -EINVAL;
3308 	}
3309 
3310 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3311 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
3312 		if (err)
3313 			return err;
3314 	} else if (wdev->preset_chandef.chan) {
3315 		params.chandef = wdev->preset_chandef;
3316 	} else if (!nl80211_get_ap_channel(rdev, &params))
3317 		return -EINVAL;
3318 
3319 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef,
3320 				     wdev->iftype))
3321 		return -EINVAL;
3322 
3323 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3324 		params.acl = parse_acl_data(&rdev->wiphy, info);
3325 		if (IS_ERR(params.acl))
3326 			return PTR_ERR(params.acl);
3327 	}
3328 
3329 	wdev_lock(wdev);
3330 	err = rdev_start_ap(rdev, dev, &params);
3331 	if (!err) {
3332 		wdev->preset_chandef = params.chandef;
3333 		wdev->beacon_interval = params.beacon_interval;
3334 		wdev->chandef = params.chandef;
3335 		wdev->ssid_len = params.ssid_len;
3336 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3337 	}
3338 	wdev_unlock(wdev);
3339 
3340 	kfree(params.acl);
3341 
3342 	return err;
3343 }
3344 
3345 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3346 {
3347 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3348 	struct net_device *dev = info->user_ptr[1];
3349 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3350 	struct cfg80211_beacon_data params;
3351 	int err;
3352 
3353 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3354 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3355 		return -EOPNOTSUPP;
3356 
3357 	if (!rdev->ops->change_beacon)
3358 		return -EOPNOTSUPP;
3359 
3360 	if (!wdev->beacon_interval)
3361 		return -EINVAL;
3362 
3363 	err = nl80211_parse_beacon(info->attrs, &params);
3364 	if (err)
3365 		return err;
3366 
3367 	wdev_lock(wdev);
3368 	err = rdev_change_beacon(rdev, dev, &params);
3369 	wdev_unlock(wdev);
3370 
3371 	return err;
3372 }
3373 
3374 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3375 {
3376 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3377 	struct net_device *dev = info->user_ptr[1];
3378 
3379 	return cfg80211_stop_ap(rdev, dev, false);
3380 }
3381 
3382 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3383 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3384 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3385 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3386 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3387 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3388 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3389 };
3390 
3391 static int parse_station_flags(struct genl_info *info,
3392 			       enum nl80211_iftype iftype,
3393 			       struct station_parameters *params)
3394 {
3395 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3396 	struct nlattr *nla;
3397 	int flag;
3398 
3399 	/*
3400 	 * Try parsing the new attribute first so userspace
3401 	 * can specify both for older kernels.
3402 	 */
3403 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3404 	if (nla) {
3405 		struct nl80211_sta_flag_update *sta_flags;
3406 
3407 		sta_flags = nla_data(nla);
3408 		params->sta_flags_mask = sta_flags->mask;
3409 		params->sta_flags_set = sta_flags->set;
3410 		params->sta_flags_set &= params->sta_flags_mask;
3411 		if ((params->sta_flags_mask |
3412 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3413 			return -EINVAL;
3414 		return 0;
3415 	}
3416 
3417 	/* if present, parse the old attribute */
3418 
3419 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3420 	if (!nla)
3421 		return 0;
3422 
3423 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3424 			     nla, sta_flags_policy))
3425 		return -EINVAL;
3426 
3427 	/*
3428 	 * Only allow certain flags for interface types so that
3429 	 * other attributes are silently ignored. Remember that
3430 	 * this is backward compatibility code with old userspace
3431 	 * and shouldn't be hit in other cases anyway.
3432 	 */
3433 	switch (iftype) {
3434 	case NL80211_IFTYPE_AP:
3435 	case NL80211_IFTYPE_AP_VLAN:
3436 	case NL80211_IFTYPE_P2P_GO:
3437 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3438 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3439 					 BIT(NL80211_STA_FLAG_WME) |
3440 					 BIT(NL80211_STA_FLAG_MFP);
3441 		break;
3442 	case NL80211_IFTYPE_P2P_CLIENT:
3443 	case NL80211_IFTYPE_STATION:
3444 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3445 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
3446 		break;
3447 	case NL80211_IFTYPE_MESH_POINT:
3448 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3449 					 BIT(NL80211_STA_FLAG_MFP) |
3450 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
3451 	default:
3452 		return -EINVAL;
3453 	}
3454 
3455 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3456 		if (flags[flag]) {
3457 			params->sta_flags_set |= (1<<flag);
3458 
3459 			/* no longer support new API additions in old API */
3460 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3461 				return -EINVAL;
3462 		}
3463 	}
3464 
3465 	return 0;
3466 }
3467 
3468 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3469 				 int attr)
3470 {
3471 	struct nlattr *rate;
3472 	u32 bitrate;
3473 	u16 bitrate_compat;
3474 
3475 	rate = nla_nest_start(msg, attr);
3476 	if (!rate)
3477 		return false;
3478 
3479 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3480 	bitrate = cfg80211_calculate_bitrate(info);
3481 	/* report 16-bit bitrate only if we can */
3482 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3483 	if (bitrate > 0 &&
3484 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3485 		return false;
3486 	if (bitrate_compat > 0 &&
3487 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3488 		return false;
3489 
3490 	if (info->flags & RATE_INFO_FLAGS_MCS) {
3491 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3492 			return false;
3493 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3494 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3495 			return false;
3496 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3497 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3498 			return false;
3499 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3500 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3501 			return false;
3502 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3503 			return false;
3504 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3505 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3506 			return false;
3507 		if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH &&
3508 		    nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH))
3509 			return false;
3510 		if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH &&
3511 		    nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH))
3512 			return false;
3513 		if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH &&
3514 		    nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH))
3515 			return false;
3516 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3517 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3518 			return false;
3519 	}
3520 
3521 	nla_nest_end(msg, rate);
3522 	return true;
3523 }
3524 
3525 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3526 			       int id)
3527 {
3528 	void *attr;
3529 	int i = 0;
3530 
3531 	if (!mask)
3532 		return true;
3533 
3534 	attr = nla_nest_start(msg, id);
3535 	if (!attr)
3536 		return false;
3537 
3538 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3539 		if (!(mask & BIT(i)))
3540 			continue;
3541 
3542 		if (nla_put_u8(msg, i, signal[i]))
3543 			return false;
3544 	}
3545 
3546 	nla_nest_end(msg, attr);
3547 
3548 	return true;
3549 }
3550 
3551 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
3552 				int flags,
3553 				struct cfg80211_registered_device *rdev,
3554 				struct net_device *dev,
3555 				const u8 *mac_addr, struct station_info *sinfo)
3556 {
3557 	void *hdr;
3558 	struct nlattr *sinfoattr, *bss_param;
3559 
3560 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3561 	if (!hdr)
3562 		return -1;
3563 
3564 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3565 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3566 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3567 		goto nla_put_failure;
3568 
3569 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3570 	if (!sinfoattr)
3571 		goto nla_put_failure;
3572 	if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
3573 	    nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
3574 			sinfo->connected_time))
3575 		goto nla_put_failure;
3576 	if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
3577 	    nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
3578 			sinfo->inactive_time))
3579 		goto nla_put_failure;
3580 	if ((sinfo->filled & (STATION_INFO_RX_BYTES |
3581 			      STATION_INFO_RX_BYTES64)) &&
3582 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3583 			(u32)sinfo->rx_bytes))
3584 		goto nla_put_failure;
3585 	if ((sinfo->filled & (STATION_INFO_TX_BYTES |
3586 			      STATION_INFO_TX_BYTES64)) &&
3587 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3588 			(u32)sinfo->tx_bytes))
3589 		goto nla_put_failure;
3590 	if ((sinfo->filled & STATION_INFO_RX_BYTES64) &&
3591 	    nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64,
3592 			sinfo->rx_bytes))
3593 		goto nla_put_failure;
3594 	if ((sinfo->filled & STATION_INFO_TX_BYTES64) &&
3595 	    nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64,
3596 			sinfo->tx_bytes))
3597 		goto nla_put_failure;
3598 	if ((sinfo->filled & STATION_INFO_LLID) &&
3599 	    nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
3600 		goto nla_put_failure;
3601 	if ((sinfo->filled & STATION_INFO_PLID) &&
3602 	    nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
3603 		goto nla_put_failure;
3604 	if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
3605 	    nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
3606 		       sinfo->plink_state))
3607 		goto nla_put_failure;
3608 	switch (rdev->wiphy.signal_type) {
3609 	case CFG80211_SIGNAL_TYPE_MBM:
3610 		if ((sinfo->filled & STATION_INFO_SIGNAL) &&
3611 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
3612 			       sinfo->signal))
3613 			goto nla_put_failure;
3614 		if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
3615 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
3616 			       sinfo->signal_avg))
3617 			goto nla_put_failure;
3618 		break;
3619 	default:
3620 		break;
3621 	}
3622 	if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL) {
3623 		if (!nl80211_put_signal(msg, sinfo->chains,
3624 					sinfo->chain_signal,
3625 					NL80211_STA_INFO_CHAIN_SIGNAL))
3626 			goto nla_put_failure;
3627 	}
3628 	if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL_AVG) {
3629 		if (!nl80211_put_signal(msg, sinfo->chains,
3630 					sinfo->chain_signal_avg,
3631 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3632 			goto nla_put_failure;
3633 	}
3634 	if (sinfo->filled & STATION_INFO_TX_BITRATE) {
3635 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3636 					  NL80211_STA_INFO_TX_BITRATE))
3637 			goto nla_put_failure;
3638 	}
3639 	if (sinfo->filled & STATION_INFO_RX_BITRATE) {
3640 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3641 					  NL80211_STA_INFO_RX_BITRATE))
3642 			goto nla_put_failure;
3643 	}
3644 	if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
3645 	    nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
3646 			sinfo->rx_packets))
3647 		goto nla_put_failure;
3648 	if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
3649 	    nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
3650 			sinfo->tx_packets))
3651 		goto nla_put_failure;
3652 	if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
3653 	    nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
3654 			sinfo->tx_retries))
3655 		goto nla_put_failure;
3656 	if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
3657 	    nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
3658 			sinfo->tx_failed))
3659 		goto nla_put_failure;
3660 	if ((sinfo->filled & STATION_INFO_EXPECTED_THROUGHPUT) &&
3661 	    nla_put_u32(msg, NL80211_STA_INFO_EXPECTED_THROUGHPUT,
3662 			sinfo->expected_throughput))
3663 		goto nla_put_failure;
3664 	if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
3665 	    nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
3666 			sinfo->beacon_loss_count))
3667 		goto nla_put_failure;
3668 	if ((sinfo->filled & STATION_INFO_LOCAL_PM) &&
3669 	    nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM,
3670 			sinfo->local_pm))
3671 		goto nla_put_failure;
3672 	if ((sinfo->filled & STATION_INFO_PEER_PM) &&
3673 	    nla_put_u32(msg, NL80211_STA_INFO_PEER_PM,
3674 			sinfo->peer_pm))
3675 		goto nla_put_failure;
3676 	if ((sinfo->filled & STATION_INFO_NONPEER_PM) &&
3677 	    nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM,
3678 			sinfo->nonpeer_pm))
3679 		goto nla_put_failure;
3680 	if (sinfo->filled & STATION_INFO_BSS_PARAM) {
3681 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3682 		if (!bss_param)
3683 			goto nla_put_failure;
3684 
3685 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3686 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3687 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3688 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3689 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3690 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3691 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3692 			       sinfo->bss_param.dtim_period) ||
3693 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3694 				sinfo->bss_param.beacon_interval))
3695 			goto nla_put_failure;
3696 
3697 		nla_nest_end(msg, bss_param);
3698 	}
3699 	if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
3700 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3701 		    sizeof(struct nl80211_sta_flag_update),
3702 		    &sinfo->sta_flags))
3703 		goto nla_put_failure;
3704 	if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
3705 		nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
3706 			    sinfo->t_offset))
3707 		goto nla_put_failure;
3708 	nla_nest_end(msg, sinfoattr);
3709 
3710 	if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
3711 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3712 		    sinfo->assoc_req_ies))
3713 		goto nla_put_failure;
3714 
3715 	return genlmsg_end(msg, hdr);
3716 
3717  nla_put_failure:
3718 	genlmsg_cancel(msg, hdr);
3719 	return -EMSGSIZE;
3720 }
3721 
3722 static int nl80211_dump_station(struct sk_buff *skb,
3723 				struct netlink_callback *cb)
3724 {
3725 	struct station_info sinfo;
3726 	struct cfg80211_registered_device *rdev;
3727 	struct wireless_dev *wdev;
3728 	u8 mac_addr[ETH_ALEN];
3729 	int sta_idx = cb->args[2];
3730 	int err;
3731 
3732 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
3733 	if (err)
3734 		return err;
3735 
3736 	if (!wdev->netdev) {
3737 		err = -EINVAL;
3738 		goto out_err;
3739 	}
3740 
3741 	if (!rdev->ops->dump_station) {
3742 		err = -EOPNOTSUPP;
3743 		goto out_err;
3744 	}
3745 
3746 	while (1) {
3747 		memset(&sinfo, 0, sizeof(sinfo));
3748 		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
3749 					mac_addr, &sinfo);
3750 		if (err == -ENOENT)
3751 			break;
3752 		if (err)
3753 			goto out_err;
3754 
3755 		if (nl80211_send_station(skb,
3756 				NETLINK_CB(cb->skb).portid,
3757 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
3758 				rdev, wdev->netdev, mac_addr,
3759 				&sinfo) < 0)
3760 			goto out;
3761 
3762 		sta_idx++;
3763 	}
3764 
3765 
3766  out:
3767 	cb->args[2] = sta_idx;
3768 	err = skb->len;
3769  out_err:
3770 	nl80211_finish_wdev_dump(rdev);
3771 
3772 	return err;
3773 }
3774 
3775 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3776 {
3777 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3778 	struct net_device *dev = info->user_ptr[1];
3779 	struct station_info sinfo;
3780 	struct sk_buff *msg;
3781 	u8 *mac_addr = NULL;
3782 	int err;
3783 
3784 	memset(&sinfo, 0, sizeof(sinfo));
3785 
3786 	if (!info->attrs[NL80211_ATTR_MAC])
3787 		return -EINVAL;
3788 
3789 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3790 
3791 	if (!rdev->ops->get_station)
3792 		return -EOPNOTSUPP;
3793 
3794 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3795 	if (err)
3796 		return err;
3797 
3798 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3799 	if (!msg)
3800 		return -ENOMEM;
3801 
3802 	if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
3803 				 rdev, dev, mac_addr, &sinfo) < 0) {
3804 		nlmsg_free(msg);
3805 		return -ENOBUFS;
3806 	}
3807 
3808 	return genlmsg_reply(msg, info);
3809 }
3810 
3811 int cfg80211_check_station_change(struct wiphy *wiphy,
3812 				  struct station_parameters *params,
3813 				  enum cfg80211_station_type statype)
3814 {
3815 	if (params->listen_interval != -1)
3816 		return -EINVAL;
3817 	if (params->aid &&
3818 	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3819 		return -EINVAL;
3820 
3821 	/* When you run into this, adjust the code below for the new flag */
3822 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3823 
3824 	switch (statype) {
3825 	case CFG80211_STA_MESH_PEER_KERNEL:
3826 	case CFG80211_STA_MESH_PEER_USER:
3827 		/*
3828 		 * No ignoring the TDLS flag here -- the userspace mesh
3829 		 * code doesn't have the bug of including TDLS in the
3830 		 * mask everywhere.
3831 		 */
3832 		if (params->sta_flags_mask &
3833 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3834 				  BIT(NL80211_STA_FLAG_MFP) |
3835 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
3836 			return -EINVAL;
3837 		break;
3838 	case CFG80211_STA_TDLS_PEER_SETUP:
3839 	case CFG80211_STA_TDLS_PEER_ACTIVE:
3840 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3841 			return -EINVAL;
3842 		/* ignore since it can't change */
3843 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3844 		break;
3845 	default:
3846 		/* disallow mesh-specific things */
3847 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3848 			return -EINVAL;
3849 		if (params->local_pm)
3850 			return -EINVAL;
3851 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3852 			return -EINVAL;
3853 	}
3854 
3855 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
3856 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
3857 		/* TDLS can't be set, ... */
3858 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3859 			return -EINVAL;
3860 		/*
3861 		 * ... but don't bother the driver with it. This works around
3862 		 * a hostapd/wpa_supplicant issue -- it always includes the
3863 		 * TLDS_PEER flag in the mask even for AP mode.
3864 		 */
3865 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3866 	}
3867 
3868 	if (statype != CFG80211_STA_TDLS_PEER_SETUP) {
3869 		/* reject other things that can't change */
3870 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
3871 			return -EINVAL;
3872 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
3873 			return -EINVAL;
3874 		if (params->supported_rates)
3875 			return -EINVAL;
3876 		if (params->ext_capab || params->ht_capa || params->vht_capa)
3877 			return -EINVAL;
3878 	}
3879 
3880 	if (statype != CFG80211_STA_AP_CLIENT) {
3881 		if (params->vlan)
3882 			return -EINVAL;
3883 	}
3884 
3885 	switch (statype) {
3886 	case CFG80211_STA_AP_MLME_CLIENT:
3887 		/* Use this only for authorizing/unauthorizing a station */
3888 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
3889 			return -EOPNOTSUPP;
3890 		break;
3891 	case CFG80211_STA_AP_CLIENT:
3892 		/* accept only the listed bits */
3893 		if (params->sta_flags_mask &
3894 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3895 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3896 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
3897 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3898 				  BIT(NL80211_STA_FLAG_WME) |
3899 				  BIT(NL80211_STA_FLAG_MFP)))
3900 			return -EINVAL;
3901 
3902 		/* but authenticated/associated only if driver handles it */
3903 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
3904 		    params->sta_flags_mask &
3905 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3906 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
3907 			return -EINVAL;
3908 		break;
3909 	case CFG80211_STA_IBSS:
3910 	case CFG80211_STA_AP_STA:
3911 		/* reject any changes other than AUTHORIZED */
3912 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3913 			return -EINVAL;
3914 		break;
3915 	case CFG80211_STA_TDLS_PEER_SETUP:
3916 		/* reject any changes other than AUTHORIZED or WME */
3917 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3918 					       BIT(NL80211_STA_FLAG_WME)))
3919 			return -EINVAL;
3920 		/* force (at least) rates when authorizing */
3921 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
3922 		    !params->supported_rates)
3923 			return -EINVAL;
3924 		break;
3925 	case CFG80211_STA_TDLS_PEER_ACTIVE:
3926 		/* reject any changes */
3927 		return -EINVAL;
3928 	case CFG80211_STA_MESH_PEER_KERNEL:
3929 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3930 			return -EINVAL;
3931 		break;
3932 	case CFG80211_STA_MESH_PEER_USER:
3933 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3934 			return -EINVAL;
3935 		break;
3936 	}
3937 
3938 	return 0;
3939 }
3940 EXPORT_SYMBOL(cfg80211_check_station_change);
3941 
3942 /*
3943  * Get vlan interface making sure it is running and on the right wiphy.
3944  */
3945 static struct net_device *get_vlan(struct genl_info *info,
3946 				   struct cfg80211_registered_device *rdev)
3947 {
3948 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
3949 	struct net_device *v;
3950 	int ret;
3951 
3952 	if (!vlanattr)
3953 		return NULL;
3954 
3955 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
3956 	if (!v)
3957 		return ERR_PTR(-ENODEV);
3958 
3959 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
3960 		ret = -EINVAL;
3961 		goto error;
3962 	}
3963 
3964 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3965 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3966 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3967 		ret = -EINVAL;
3968 		goto error;
3969 	}
3970 
3971 	if (!netif_running(v)) {
3972 		ret = -ENETDOWN;
3973 		goto error;
3974 	}
3975 
3976 	return v;
3977  error:
3978 	dev_put(v);
3979 	return ERR_PTR(ret);
3980 }
3981 
3982 static const struct nla_policy
3983 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
3984 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
3985 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
3986 };
3987 
3988 static int nl80211_parse_sta_wme(struct genl_info *info,
3989 				 struct station_parameters *params)
3990 {
3991 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3992 	struct nlattr *nla;
3993 	int err;
3994 
3995 	/* parse WME attributes if present */
3996 	if (!info->attrs[NL80211_ATTR_STA_WME])
3997 		return 0;
3998 
3999 	nla = info->attrs[NL80211_ATTR_STA_WME];
4000 	err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4001 			       nl80211_sta_wme_policy);
4002 	if (err)
4003 		return err;
4004 
4005 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4006 		params->uapsd_queues = nla_get_u8(
4007 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
4008 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4009 		return -EINVAL;
4010 
4011 	if (tb[NL80211_STA_WME_MAX_SP])
4012 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4013 
4014 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4015 		return -EINVAL;
4016 
4017 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4018 
4019 	return 0;
4020 }
4021 
4022 static int nl80211_parse_sta_channel_info(struct genl_info *info,
4023 				      struct station_parameters *params)
4024 {
4025 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4026 		params->supported_channels =
4027 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4028 		params->supported_channels_len =
4029 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4030 		/*
4031 		 * Need to include at least one (first channel, number of
4032 		 * channels) tuple for each subband, and must have proper
4033 		 * tuples for the rest of the data as well.
4034 		 */
4035 		if (params->supported_channels_len < 2)
4036 			return -EINVAL;
4037 		if (params->supported_channels_len % 2)
4038 			return -EINVAL;
4039 	}
4040 
4041 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4042 		params->supported_oper_classes =
4043 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4044 		params->supported_oper_classes_len =
4045 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4046 		/*
4047 		 * The value of the Length field of the Supported Operating
4048 		 * Classes element is between 2 and 253.
4049 		 */
4050 		if (params->supported_oper_classes_len < 2 ||
4051 		    params->supported_oper_classes_len > 253)
4052 			return -EINVAL;
4053 	}
4054 	return 0;
4055 }
4056 
4057 static int nl80211_set_station_tdls(struct genl_info *info,
4058 				    struct station_parameters *params)
4059 {
4060 	int err;
4061 	/* Dummy STA entry gets updated once the peer capabilities are known */
4062 	if (info->attrs[NL80211_ATTR_PEER_AID])
4063 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4064 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4065 		params->ht_capa =
4066 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4067 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4068 		params->vht_capa =
4069 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4070 
4071 	err = nl80211_parse_sta_channel_info(info, params);
4072 	if (err)
4073 		return err;
4074 
4075 	return nl80211_parse_sta_wme(info, params);
4076 }
4077 
4078 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4079 {
4080 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4081 	struct net_device *dev = info->user_ptr[1];
4082 	struct station_parameters params;
4083 	u8 *mac_addr;
4084 	int err;
4085 
4086 	memset(&params, 0, sizeof(params));
4087 
4088 	params.listen_interval = -1;
4089 
4090 	if (!rdev->ops->change_station)
4091 		return -EOPNOTSUPP;
4092 
4093 	if (info->attrs[NL80211_ATTR_STA_AID])
4094 		return -EINVAL;
4095 
4096 	if (!info->attrs[NL80211_ATTR_MAC])
4097 		return -EINVAL;
4098 
4099 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4100 
4101 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4102 		params.supported_rates =
4103 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4104 		params.supported_rates_len =
4105 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4106 	}
4107 
4108 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4109 		params.capability =
4110 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4111 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4112 	}
4113 
4114 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4115 		params.ext_capab =
4116 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4117 		params.ext_capab_len =
4118 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4119 	}
4120 
4121 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4122 		return -EINVAL;
4123 
4124 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4125 		return -EINVAL;
4126 
4127 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4128 		params.plink_action =
4129 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4130 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4131 			return -EINVAL;
4132 	}
4133 
4134 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4135 		params.plink_state =
4136 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4137 		if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4138 			return -EINVAL;
4139 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4140 	}
4141 
4142 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4143 		enum nl80211_mesh_power_mode pm = nla_get_u32(
4144 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4145 
4146 		if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4147 		    pm > NL80211_MESH_POWER_MAX)
4148 			return -EINVAL;
4149 
4150 		params.local_pm = pm;
4151 	}
4152 
4153 	/* Include parameters for TDLS peer (will check later) */
4154 	err = nl80211_set_station_tdls(info, &params);
4155 	if (err)
4156 		return err;
4157 
4158 	params.vlan = get_vlan(info, rdev);
4159 	if (IS_ERR(params.vlan))
4160 		return PTR_ERR(params.vlan);
4161 
4162 	switch (dev->ieee80211_ptr->iftype) {
4163 	case NL80211_IFTYPE_AP:
4164 	case NL80211_IFTYPE_AP_VLAN:
4165 	case NL80211_IFTYPE_P2P_GO:
4166 	case NL80211_IFTYPE_P2P_CLIENT:
4167 	case NL80211_IFTYPE_STATION:
4168 	case NL80211_IFTYPE_ADHOC:
4169 	case NL80211_IFTYPE_MESH_POINT:
4170 		break;
4171 	default:
4172 		err = -EOPNOTSUPP;
4173 		goto out_put_vlan;
4174 	}
4175 
4176 	/* driver will call cfg80211_check_station_change() */
4177 	err = rdev_change_station(rdev, dev, mac_addr, &params);
4178 
4179  out_put_vlan:
4180 	if (params.vlan)
4181 		dev_put(params.vlan);
4182 
4183 	return err;
4184 }
4185 
4186 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4187 {
4188 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4189 	int err;
4190 	struct net_device *dev = info->user_ptr[1];
4191 	struct station_parameters params;
4192 	u8 *mac_addr = NULL;
4193 
4194 	memset(&params, 0, sizeof(params));
4195 
4196 	if (!rdev->ops->add_station)
4197 		return -EOPNOTSUPP;
4198 
4199 	if (!info->attrs[NL80211_ATTR_MAC])
4200 		return -EINVAL;
4201 
4202 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4203 		return -EINVAL;
4204 
4205 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4206 		return -EINVAL;
4207 
4208 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
4209 	    !info->attrs[NL80211_ATTR_PEER_AID])
4210 		return -EINVAL;
4211 
4212 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4213 	params.supported_rates =
4214 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4215 	params.supported_rates_len =
4216 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4217 	params.listen_interval =
4218 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4219 
4220 	if (info->attrs[NL80211_ATTR_PEER_AID])
4221 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4222 	else
4223 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4224 	if (!params.aid || params.aid > IEEE80211_MAX_AID)
4225 		return -EINVAL;
4226 
4227 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4228 		params.capability =
4229 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4230 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4231 	}
4232 
4233 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4234 		params.ext_capab =
4235 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4236 		params.ext_capab_len =
4237 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4238 	}
4239 
4240 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4241 		params.ht_capa =
4242 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4243 
4244 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4245 		params.vht_capa =
4246 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4247 
4248 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4249 		params.opmode_notif_used = true;
4250 		params.opmode_notif =
4251 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4252 	}
4253 
4254 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4255 		params.plink_action =
4256 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4257 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4258 			return -EINVAL;
4259 	}
4260 
4261 	err = nl80211_parse_sta_channel_info(info, &params);
4262 	if (err)
4263 		return err;
4264 
4265 	err = nl80211_parse_sta_wme(info, &params);
4266 	if (err)
4267 		return err;
4268 
4269 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4270 		return -EINVAL;
4271 
4272 	/* When you run into this, adjust the code below for the new flag */
4273 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4274 
4275 	switch (dev->ieee80211_ptr->iftype) {
4276 	case NL80211_IFTYPE_AP:
4277 	case NL80211_IFTYPE_AP_VLAN:
4278 	case NL80211_IFTYPE_P2P_GO:
4279 		/* ignore WME attributes if iface/sta is not capable */
4280 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4281 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4282 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4283 
4284 		/* TDLS peers cannot be added */
4285 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4286 		    info->attrs[NL80211_ATTR_PEER_AID])
4287 			return -EINVAL;
4288 		/* but don't bother the driver with it */
4289 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4290 
4291 		/* allow authenticated/associated only if driver handles it */
4292 		if (!(rdev->wiphy.features &
4293 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4294 		    params.sta_flags_mask &
4295 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4296 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4297 			return -EINVAL;
4298 
4299 		/* must be last in here for error handling */
4300 		params.vlan = get_vlan(info, rdev);
4301 		if (IS_ERR(params.vlan))
4302 			return PTR_ERR(params.vlan);
4303 		break;
4304 	case NL80211_IFTYPE_MESH_POINT:
4305 		/* ignore uAPSD data */
4306 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4307 
4308 		/* associated is disallowed */
4309 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4310 			return -EINVAL;
4311 		/* TDLS peers cannot be added */
4312 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4313 		    info->attrs[NL80211_ATTR_PEER_AID])
4314 			return -EINVAL;
4315 		break;
4316 	case NL80211_IFTYPE_STATION:
4317 	case NL80211_IFTYPE_P2P_CLIENT:
4318 		/* ignore uAPSD data */
4319 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4320 
4321 		/* these are disallowed */
4322 		if (params.sta_flags_mask &
4323 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
4324 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4325 			return -EINVAL;
4326 		/* Only TDLS peers can be added */
4327 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4328 			return -EINVAL;
4329 		/* Can only add if TDLS ... */
4330 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4331 			return -EOPNOTSUPP;
4332 		/* ... with external setup is supported */
4333 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4334 			return -EOPNOTSUPP;
4335 		/*
4336 		 * Older wpa_supplicant versions always mark the TDLS peer
4337 		 * as authorized, but it shouldn't yet be.
4338 		 */
4339 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4340 		break;
4341 	default:
4342 		return -EOPNOTSUPP;
4343 	}
4344 
4345 	/* be aware of params.vlan when changing code here */
4346 
4347 	err = rdev_add_station(rdev, dev, mac_addr, &params);
4348 
4349 	if (params.vlan)
4350 		dev_put(params.vlan);
4351 	return err;
4352 }
4353 
4354 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4355 {
4356 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4357 	struct net_device *dev = info->user_ptr[1];
4358 	u8 *mac_addr = NULL;
4359 
4360 	if (info->attrs[NL80211_ATTR_MAC])
4361 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4362 
4363 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4364 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4365 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4366 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4367 		return -EINVAL;
4368 
4369 	if (!rdev->ops->del_station)
4370 		return -EOPNOTSUPP;
4371 
4372 	return rdev_del_station(rdev, dev, mac_addr);
4373 }
4374 
4375 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4376 				int flags, struct net_device *dev,
4377 				u8 *dst, u8 *next_hop,
4378 				struct mpath_info *pinfo)
4379 {
4380 	void *hdr;
4381 	struct nlattr *pinfoattr;
4382 
4383 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
4384 	if (!hdr)
4385 		return -1;
4386 
4387 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4388 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4389 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4390 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4391 		goto nla_put_failure;
4392 
4393 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4394 	if (!pinfoattr)
4395 		goto nla_put_failure;
4396 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4397 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4398 			pinfo->frame_qlen))
4399 		goto nla_put_failure;
4400 	if (((pinfo->filled & MPATH_INFO_SN) &&
4401 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4402 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
4403 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4404 			 pinfo->metric)) ||
4405 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4406 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4407 			 pinfo->exptime)) ||
4408 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
4409 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4410 			pinfo->flags)) ||
4411 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4412 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4413 			 pinfo->discovery_timeout)) ||
4414 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4415 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4416 			pinfo->discovery_retries)))
4417 		goto nla_put_failure;
4418 
4419 	nla_nest_end(msg, pinfoattr);
4420 
4421 	return genlmsg_end(msg, hdr);
4422 
4423  nla_put_failure:
4424 	genlmsg_cancel(msg, hdr);
4425 	return -EMSGSIZE;
4426 }
4427 
4428 static int nl80211_dump_mpath(struct sk_buff *skb,
4429 			      struct netlink_callback *cb)
4430 {
4431 	struct mpath_info pinfo;
4432 	struct cfg80211_registered_device *rdev;
4433 	struct wireless_dev *wdev;
4434 	u8 dst[ETH_ALEN];
4435 	u8 next_hop[ETH_ALEN];
4436 	int path_idx = cb->args[2];
4437 	int err;
4438 
4439 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4440 	if (err)
4441 		return err;
4442 
4443 	if (!rdev->ops->dump_mpath) {
4444 		err = -EOPNOTSUPP;
4445 		goto out_err;
4446 	}
4447 
4448 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4449 		err = -EOPNOTSUPP;
4450 		goto out_err;
4451 	}
4452 
4453 	while (1) {
4454 		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
4455 				      next_hop, &pinfo);
4456 		if (err == -ENOENT)
4457 			break;
4458 		if (err)
4459 			goto out_err;
4460 
4461 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4462 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4463 				       wdev->netdev, dst, next_hop,
4464 				       &pinfo) < 0)
4465 			goto out;
4466 
4467 		path_idx++;
4468 	}
4469 
4470 
4471  out:
4472 	cb->args[2] = path_idx;
4473 	err = skb->len;
4474  out_err:
4475 	nl80211_finish_wdev_dump(rdev);
4476 	return err;
4477 }
4478 
4479 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4480 {
4481 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4482 	int err;
4483 	struct net_device *dev = info->user_ptr[1];
4484 	struct mpath_info pinfo;
4485 	struct sk_buff *msg;
4486 	u8 *dst = NULL;
4487 	u8 next_hop[ETH_ALEN];
4488 
4489 	memset(&pinfo, 0, sizeof(pinfo));
4490 
4491 	if (!info->attrs[NL80211_ATTR_MAC])
4492 		return -EINVAL;
4493 
4494 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4495 
4496 	if (!rdev->ops->get_mpath)
4497 		return -EOPNOTSUPP;
4498 
4499 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4500 		return -EOPNOTSUPP;
4501 
4502 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4503 	if (err)
4504 		return err;
4505 
4506 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4507 	if (!msg)
4508 		return -ENOMEM;
4509 
4510 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4511 				 dev, dst, next_hop, &pinfo) < 0) {
4512 		nlmsg_free(msg);
4513 		return -ENOBUFS;
4514 	}
4515 
4516 	return genlmsg_reply(msg, info);
4517 }
4518 
4519 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4520 {
4521 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4522 	struct net_device *dev = info->user_ptr[1];
4523 	u8 *dst = NULL;
4524 	u8 *next_hop = NULL;
4525 
4526 	if (!info->attrs[NL80211_ATTR_MAC])
4527 		return -EINVAL;
4528 
4529 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4530 		return -EINVAL;
4531 
4532 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4533 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4534 
4535 	if (!rdev->ops->change_mpath)
4536 		return -EOPNOTSUPP;
4537 
4538 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4539 		return -EOPNOTSUPP;
4540 
4541 	return rdev_change_mpath(rdev, dev, dst, next_hop);
4542 }
4543 
4544 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4545 {
4546 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4547 	struct net_device *dev = info->user_ptr[1];
4548 	u8 *dst = NULL;
4549 	u8 *next_hop = NULL;
4550 
4551 	if (!info->attrs[NL80211_ATTR_MAC])
4552 		return -EINVAL;
4553 
4554 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4555 		return -EINVAL;
4556 
4557 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4558 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4559 
4560 	if (!rdev->ops->add_mpath)
4561 		return -EOPNOTSUPP;
4562 
4563 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4564 		return -EOPNOTSUPP;
4565 
4566 	return rdev_add_mpath(rdev, dev, dst, next_hop);
4567 }
4568 
4569 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4570 {
4571 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4572 	struct net_device *dev = info->user_ptr[1];
4573 	u8 *dst = NULL;
4574 
4575 	if (info->attrs[NL80211_ATTR_MAC])
4576 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4577 
4578 	if (!rdev->ops->del_mpath)
4579 		return -EOPNOTSUPP;
4580 
4581 	return rdev_del_mpath(rdev, dev, dst);
4582 }
4583 
4584 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4585 {
4586 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4587 	struct net_device *dev = info->user_ptr[1];
4588 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4589 	struct bss_parameters params;
4590 	int err;
4591 
4592 	memset(&params, 0, sizeof(params));
4593 	/* default to not changing parameters */
4594 	params.use_cts_prot = -1;
4595 	params.use_short_preamble = -1;
4596 	params.use_short_slot_time = -1;
4597 	params.ap_isolate = -1;
4598 	params.ht_opmode = -1;
4599 	params.p2p_ctwindow = -1;
4600 	params.p2p_opp_ps = -1;
4601 
4602 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4603 		params.use_cts_prot =
4604 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4605 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4606 		params.use_short_preamble =
4607 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4608 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4609 		params.use_short_slot_time =
4610 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4611 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4612 		params.basic_rates =
4613 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4614 		params.basic_rates_len =
4615 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4616 	}
4617 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4618 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4619 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4620 		params.ht_opmode =
4621 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4622 
4623 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4624 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4625 			return -EINVAL;
4626 		params.p2p_ctwindow =
4627 			nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4628 		if (params.p2p_ctwindow < 0)
4629 			return -EINVAL;
4630 		if (params.p2p_ctwindow != 0 &&
4631 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4632 			return -EINVAL;
4633 	}
4634 
4635 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4636 		u8 tmp;
4637 
4638 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4639 			return -EINVAL;
4640 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4641 		if (tmp > 1)
4642 			return -EINVAL;
4643 		params.p2p_opp_ps = tmp;
4644 		if (params.p2p_opp_ps &&
4645 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4646 			return -EINVAL;
4647 	}
4648 
4649 	if (!rdev->ops->change_bss)
4650 		return -EOPNOTSUPP;
4651 
4652 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4653 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4654 		return -EOPNOTSUPP;
4655 
4656 	wdev_lock(wdev);
4657 	err = rdev_change_bss(rdev, dev, &params);
4658 	wdev_unlock(wdev);
4659 
4660 	return err;
4661 }
4662 
4663 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
4664 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
4665 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
4666 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
4667 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
4668 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
4669 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
4670 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
4671 };
4672 
4673 static int parse_reg_rule(struct nlattr *tb[],
4674 	struct ieee80211_reg_rule *reg_rule)
4675 {
4676 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
4677 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
4678 
4679 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
4680 		return -EINVAL;
4681 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
4682 		return -EINVAL;
4683 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
4684 		return -EINVAL;
4685 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
4686 		return -EINVAL;
4687 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
4688 		return -EINVAL;
4689 
4690 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
4691 
4692 	freq_range->start_freq_khz =
4693 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
4694 	freq_range->end_freq_khz =
4695 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
4696 	freq_range->max_bandwidth_khz =
4697 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
4698 
4699 	power_rule->max_eirp =
4700 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
4701 
4702 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
4703 		power_rule->max_antenna_gain =
4704 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
4705 
4706 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
4707 		reg_rule->dfs_cac_ms =
4708 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
4709 
4710 	return 0;
4711 }
4712 
4713 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4714 {
4715 	char *data = NULL;
4716 	enum nl80211_user_reg_hint_type user_reg_hint_type;
4717 
4718 	/*
4719 	 * You should only get this when cfg80211 hasn't yet initialized
4720 	 * completely when built-in to the kernel right between the time
4721 	 * window between nl80211_init() and regulatory_init(), if that is
4722 	 * even possible.
4723 	 */
4724 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4725 		return -EINPROGRESS;
4726 
4727 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4728 		user_reg_hint_type =
4729 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4730 	else
4731 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4732 
4733 	switch (user_reg_hint_type) {
4734 	case NL80211_USER_REG_HINT_USER:
4735 	case NL80211_USER_REG_HINT_CELL_BASE:
4736 		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4737 			return -EINVAL;
4738 
4739 		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4740 		return regulatory_hint_user(data, user_reg_hint_type);
4741 	case NL80211_USER_REG_HINT_INDOOR:
4742 		return regulatory_hint_indoor_user();
4743 	default:
4744 		return -EINVAL;
4745 	}
4746 }
4747 
4748 static int nl80211_get_mesh_config(struct sk_buff *skb,
4749 				   struct genl_info *info)
4750 {
4751 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4752 	struct net_device *dev = info->user_ptr[1];
4753 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4754 	struct mesh_config cur_params;
4755 	int err = 0;
4756 	void *hdr;
4757 	struct nlattr *pinfoattr;
4758 	struct sk_buff *msg;
4759 
4760 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4761 		return -EOPNOTSUPP;
4762 
4763 	if (!rdev->ops->get_mesh_config)
4764 		return -EOPNOTSUPP;
4765 
4766 	wdev_lock(wdev);
4767 	/* If not connected, get default parameters */
4768 	if (!wdev->mesh_id_len)
4769 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
4770 	else
4771 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
4772 	wdev_unlock(wdev);
4773 
4774 	if (err)
4775 		return err;
4776 
4777 	/* Draw up a netlink message to send back */
4778 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4779 	if (!msg)
4780 		return -ENOMEM;
4781 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4782 			     NL80211_CMD_GET_MESH_CONFIG);
4783 	if (!hdr)
4784 		goto out;
4785 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
4786 	if (!pinfoattr)
4787 		goto nla_put_failure;
4788 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4789 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
4790 			cur_params.dot11MeshRetryTimeout) ||
4791 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4792 			cur_params.dot11MeshConfirmTimeout) ||
4793 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
4794 			cur_params.dot11MeshHoldingTimeout) ||
4795 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
4796 			cur_params.dot11MeshMaxPeerLinks) ||
4797 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
4798 		       cur_params.dot11MeshMaxRetries) ||
4799 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
4800 		       cur_params.dot11MeshTTL) ||
4801 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
4802 		       cur_params.element_ttl) ||
4803 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4804 		       cur_params.auto_open_plinks) ||
4805 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4806 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
4807 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4808 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
4809 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
4810 			cur_params.path_refresh_time) ||
4811 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4812 			cur_params.min_discovery_timeout) ||
4813 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4814 			cur_params.dot11MeshHWMPactivePathTimeout) ||
4815 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4816 			cur_params.dot11MeshHWMPpreqMinInterval) ||
4817 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4818 			cur_params.dot11MeshHWMPperrMinInterval) ||
4819 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4820 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
4821 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
4822 		       cur_params.dot11MeshHWMPRootMode) ||
4823 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4824 			cur_params.dot11MeshHWMPRannInterval) ||
4825 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4826 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
4827 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
4828 		       cur_params.dot11MeshForwarding) ||
4829 	    nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
4830 			cur_params.rssi_threshold) ||
4831 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
4832 			cur_params.ht_opmode) ||
4833 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4834 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
4835 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4836 			cur_params.dot11MeshHWMProotInterval) ||
4837 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4838 			cur_params.dot11MeshHWMPconfirmationInterval) ||
4839 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
4840 			cur_params.power_mode) ||
4841 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
4842 			cur_params.dot11MeshAwakeWindowDuration) ||
4843 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
4844 			cur_params.plink_timeout))
4845 		goto nla_put_failure;
4846 	nla_nest_end(msg, pinfoattr);
4847 	genlmsg_end(msg, hdr);
4848 	return genlmsg_reply(msg, info);
4849 
4850  nla_put_failure:
4851 	genlmsg_cancel(msg, hdr);
4852  out:
4853 	nlmsg_free(msg);
4854 	return -ENOBUFS;
4855 }
4856 
4857 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
4858 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
4859 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
4860 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
4861 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
4862 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
4863 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
4864 	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
4865 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
4866 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
4867 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
4868 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
4869 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
4870 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
4871 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
4872 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
4873 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
4874 	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
4875 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
4876 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
4877 	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
4878 	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
4879 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
4880 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
4881 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
4882 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
4883 	[NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
4884 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
4885 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
4886 };
4887 
4888 static const struct nla_policy
4889 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
4890 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
4891 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
4892 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
4893 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
4894 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
4895 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
4896 	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
4897 				    .len = IEEE80211_MAX_DATA_LEN },
4898 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
4899 };
4900 
4901 static int nl80211_parse_mesh_config(struct genl_info *info,
4902 				     struct mesh_config *cfg,
4903 				     u32 *mask_out)
4904 {
4905 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
4906 	u32 mask = 0;
4907 
4908 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
4909 do {									    \
4910 	if (tb[attr]) {							    \
4911 		if (fn(tb[attr]) < min || fn(tb[attr]) > max)		    \
4912 			return -EINVAL;					    \
4913 		cfg->param = fn(tb[attr]);				    \
4914 		mask |= (1 << (attr - 1));				    \
4915 	}								    \
4916 } while (0)
4917 
4918 
4919 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
4920 		return -EINVAL;
4921 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
4922 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
4923 			     nl80211_meshconf_params_policy))
4924 		return -EINVAL;
4925 
4926 	/* This makes sure that there aren't more than 32 mesh config
4927 	 * parameters (otherwise our bitfield scheme would not work.) */
4928 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
4929 
4930 	/* Fill in the params struct */
4931 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
4932 				  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
4933 				  nla_get_u16);
4934 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
4935 				  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4936 				  nla_get_u16);
4937 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
4938 				  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
4939 				  nla_get_u16);
4940 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
4941 				  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
4942 				  nla_get_u16);
4943 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
4944 				  mask, NL80211_MESHCONF_MAX_RETRIES,
4945 				  nla_get_u8);
4946 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
4947 				  mask, NL80211_MESHCONF_TTL, nla_get_u8);
4948 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
4949 				  mask, NL80211_MESHCONF_ELEMENT_TTL,
4950 				  nla_get_u8);
4951 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
4952 				  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4953 				  nla_get_u8);
4954 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
4955 				  1, 255, mask,
4956 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4957 				  nla_get_u32);
4958 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
4959 				  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4960 				  nla_get_u8);
4961 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
4962 				  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
4963 				  nla_get_u32);
4964 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
4965 				  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4966 				  nla_get_u16);
4967 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
4968 				  1, 65535, mask,
4969 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4970 				  nla_get_u32);
4971 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
4972 				  1, 65535, mask,
4973 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4974 				  nla_get_u16);
4975 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
4976 				  1, 65535, mask,
4977 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4978 				  nla_get_u16);
4979 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4980 				  dot11MeshHWMPnetDiameterTraversalTime,
4981 				  1, 65535, mask,
4982 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4983 				  nla_get_u16);
4984 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
4985 				  mask, NL80211_MESHCONF_HWMP_ROOTMODE,
4986 				  nla_get_u8);
4987 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
4988 				  mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4989 				  nla_get_u16);
4990 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4991 				  dot11MeshGateAnnouncementProtocol, 0, 1,
4992 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4993 				  nla_get_u8);
4994 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
4995 				  mask, NL80211_MESHCONF_FORWARDING,
4996 				  nla_get_u8);
4997 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
4998 				  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
4999 				  nla_get_s32);
5000 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
5001 				  mask, NL80211_MESHCONF_HT_OPMODE,
5002 				  nla_get_u16);
5003 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
5004 				  1, 65535, mask,
5005 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5006 				  nla_get_u32);
5007 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
5008 				  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5009 				  nla_get_u16);
5010 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5011 				  dot11MeshHWMPconfirmationInterval,
5012 				  1, 65535, mask,
5013 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5014 				  nla_get_u16);
5015 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
5016 				  NL80211_MESH_POWER_ACTIVE,
5017 				  NL80211_MESH_POWER_MAX,
5018 				  mask, NL80211_MESHCONF_POWER_MODE,
5019 				  nla_get_u32);
5020 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
5021 				  0, 65535, mask,
5022 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
5023 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 1, 0xffffffff,
5024 				  mask, NL80211_MESHCONF_PLINK_TIMEOUT,
5025 				  nla_get_u32);
5026 	if (mask_out)
5027 		*mask_out = mask;
5028 
5029 	return 0;
5030 
5031 #undef FILL_IN_MESH_PARAM_IF_SET
5032 }
5033 
5034 static int nl80211_parse_mesh_setup(struct genl_info *info,
5035 				     struct mesh_setup *setup)
5036 {
5037 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5038 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
5039 
5040 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
5041 		return -EINVAL;
5042 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
5043 			     info->attrs[NL80211_ATTR_MESH_SETUP],
5044 			     nl80211_mesh_setup_params_policy))
5045 		return -EINVAL;
5046 
5047 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
5048 		setup->sync_method =
5049 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
5050 		 IEEE80211_SYNC_METHOD_VENDOR :
5051 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
5052 
5053 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
5054 		setup->path_sel_proto =
5055 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
5056 		 IEEE80211_PATH_PROTOCOL_VENDOR :
5057 		 IEEE80211_PATH_PROTOCOL_HWMP;
5058 
5059 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
5060 		setup->path_metric =
5061 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
5062 		 IEEE80211_PATH_METRIC_VENDOR :
5063 		 IEEE80211_PATH_METRIC_AIRTIME;
5064 
5065 
5066 	if (tb[NL80211_MESH_SETUP_IE]) {
5067 		struct nlattr *ieattr =
5068 			tb[NL80211_MESH_SETUP_IE];
5069 		if (!is_valid_ie_attr(ieattr))
5070 			return -EINVAL;
5071 		setup->ie = nla_data(ieattr);
5072 		setup->ie_len = nla_len(ieattr);
5073 	}
5074 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
5075 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
5076 		return -EINVAL;
5077 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
5078 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
5079 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
5080 	if (setup->is_secure)
5081 		setup->user_mpm = true;
5082 
5083 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
5084 		if (!setup->user_mpm)
5085 			return -EINVAL;
5086 		setup->auth_id =
5087 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
5088 	}
5089 
5090 	return 0;
5091 }
5092 
5093 static int nl80211_update_mesh_config(struct sk_buff *skb,
5094 				      struct genl_info *info)
5095 {
5096 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5097 	struct net_device *dev = info->user_ptr[1];
5098 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5099 	struct mesh_config cfg;
5100 	u32 mask;
5101 	int err;
5102 
5103 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5104 		return -EOPNOTSUPP;
5105 
5106 	if (!rdev->ops->update_mesh_config)
5107 		return -EOPNOTSUPP;
5108 
5109 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
5110 	if (err)
5111 		return err;
5112 
5113 	wdev_lock(wdev);
5114 	if (!wdev->mesh_id_len)
5115 		err = -ENOLINK;
5116 
5117 	if (!err)
5118 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5119 
5120 	wdev_unlock(wdev);
5121 
5122 	return err;
5123 }
5124 
5125 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
5126 {
5127 	const struct ieee80211_regdomain *regdom;
5128 	struct sk_buff *msg;
5129 	void *hdr = NULL;
5130 	struct nlattr *nl_reg_rules;
5131 	unsigned int i;
5132 
5133 	if (!cfg80211_regdomain)
5134 		return -EINVAL;
5135 
5136 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5137 	if (!msg)
5138 		return -ENOBUFS;
5139 
5140 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5141 			     NL80211_CMD_GET_REG);
5142 	if (!hdr)
5143 		goto put_failure;
5144 
5145 	if (reg_last_request_cell_base() &&
5146 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5147 			NL80211_USER_REG_HINT_CELL_BASE))
5148 		goto nla_put_failure;
5149 
5150 	rcu_read_lock();
5151 	regdom = rcu_dereference(cfg80211_regdomain);
5152 
5153 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
5154 	    (regdom->dfs_region &&
5155 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
5156 		goto nla_put_failure_rcu;
5157 
5158 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
5159 	if (!nl_reg_rules)
5160 		goto nla_put_failure_rcu;
5161 
5162 	for (i = 0; i < regdom->n_reg_rules; i++) {
5163 		struct nlattr *nl_reg_rule;
5164 		const struct ieee80211_reg_rule *reg_rule;
5165 		const struct ieee80211_freq_range *freq_range;
5166 		const struct ieee80211_power_rule *power_rule;
5167 		unsigned int max_bandwidth_khz;
5168 
5169 		reg_rule = &regdom->reg_rules[i];
5170 		freq_range = &reg_rule->freq_range;
5171 		power_rule = &reg_rule->power_rule;
5172 
5173 		nl_reg_rule = nla_nest_start(msg, i);
5174 		if (!nl_reg_rule)
5175 			goto nla_put_failure_rcu;
5176 
5177 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
5178 		if (!max_bandwidth_khz)
5179 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
5180 								  reg_rule);
5181 
5182 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
5183 				reg_rule->flags) ||
5184 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
5185 				freq_range->start_freq_khz) ||
5186 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
5187 				freq_range->end_freq_khz) ||
5188 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5189 				max_bandwidth_khz) ||
5190 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
5191 				power_rule->max_antenna_gain) ||
5192 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5193 				power_rule->max_eirp) ||
5194 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
5195 				reg_rule->dfs_cac_ms))
5196 			goto nla_put_failure_rcu;
5197 
5198 		nla_nest_end(msg, nl_reg_rule);
5199 	}
5200 	rcu_read_unlock();
5201 
5202 	nla_nest_end(msg, nl_reg_rules);
5203 
5204 	genlmsg_end(msg, hdr);
5205 	return genlmsg_reply(msg, info);
5206 
5207 nla_put_failure_rcu:
5208 	rcu_read_unlock();
5209 nla_put_failure:
5210 	genlmsg_cancel(msg, hdr);
5211 put_failure:
5212 	nlmsg_free(msg);
5213 	return -EMSGSIZE;
5214 }
5215 
5216 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5217 {
5218 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5219 	struct nlattr *nl_reg_rule;
5220 	char *alpha2 = NULL;
5221 	int rem_reg_rules = 0, r = 0;
5222 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
5223 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5224 	struct ieee80211_regdomain *rd = NULL;
5225 
5226 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5227 		return -EINVAL;
5228 
5229 	if (!info->attrs[NL80211_ATTR_REG_RULES])
5230 		return -EINVAL;
5231 
5232 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5233 
5234 	if (info->attrs[NL80211_ATTR_DFS_REGION])
5235 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5236 
5237 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5238 			    rem_reg_rules) {
5239 		num_rules++;
5240 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5241 			return -EINVAL;
5242 	}
5243 
5244 	if (!reg_is_valid_request(alpha2))
5245 		return -EINVAL;
5246 
5247 	size_of_regd = sizeof(struct ieee80211_regdomain) +
5248 		       num_rules * sizeof(struct ieee80211_reg_rule);
5249 
5250 	rd = kzalloc(size_of_regd, GFP_KERNEL);
5251 	if (!rd)
5252 		return -ENOMEM;
5253 
5254 	rd->n_reg_rules = num_rules;
5255 	rd->alpha2[0] = alpha2[0];
5256 	rd->alpha2[1] = alpha2[1];
5257 
5258 	/*
5259 	 * Disable DFS master mode if the DFS region was
5260 	 * not supported or known on this kernel.
5261 	 */
5262 	if (reg_supported_dfs_region(dfs_region))
5263 		rd->dfs_region = dfs_region;
5264 
5265 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5266 			    rem_reg_rules) {
5267 		r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5268 			      nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5269 			      reg_rule_policy);
5270 		if (r)
5271 			goto bad_reg;
5272 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5273 		if (r)
5274 			goto bad_reg;
5275 
5276 		rule_idx++;
5277 
5278 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5279 			r = -EINVAL;
5280 			goto bad_reg;
5281 		}
5282 	}
5283 
5284 	r = set_regdom(rd);
5285 	/* set_regdom took ownership */
5286 	rd = NULL;
5287 
5288  bad_reg:
5289 	kfree(rd);
5290 	return r;
5291 }
5292 
5293 static int validate_scan_freqs(struct nlattr *freqs)
5294 {
5295 	struct nlattr *attr1, *attr2;
5296 	int n_channels = 0, tmp1, tmp2;
5297 
5298 	nla_for_each_nested(attr1, freqs, tmp1) {
5299 		n_channels++;
5300 		/*
5301 		 * Some hardware has a limited channel list for
5302 		 * scanning, and it is pretty much nonsensical
5303 		 * to scan for a channel twice, so disallow that
5304 		 * and don't require drivers to check that the
5305 		 * channel list they get isn't longer than what
5306 		 * they can scan, as long as they can scan all
5307 		 * the channels they registered at once.
5308 		 */
5309 		nla_for_each_nested(attr2, freqs, tmp2)
5310 			if (attr1 != attr2 &&
5311 			    nla_get_u32(attr1) == nla_get_u32(attr2))
5312 				return 0;
5313 	}
5314 
5315 	return n_channels;
5316 }
5317 
5318 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5319 {
5320 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5321 	struct wireless_dev *wdev = info->user_ptr[1];
5322 	struct cfg80211_scan_request *request;
5323 	struct nlattr *attr;
5324 	struct wiphy *wiphy;
5325 	int err, tmp, n_ssids = 0, n_channels, i;
5326 	size_t ie_len;
5327 
5328 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5329 		return -EINVAL;
5330 
5331 	wiphy = &rdev->wiphy;
5332 
5333 	if (!rdev->ops->scan)
5334 		return -EOPNOTSUPP;
5335 
5336 	if (rdev->scan_req || rdev->scan_msg) {
5337 		err = -EBUSY;
5338 		goto unlock;
5339 	}
5340 
5341 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5342 		n_channels = validate_scan_freqs(
5343 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5344 		if (!n_channels) {
5345 			err = -EINVAL;
5346 			goto unlock;
5347 		}
5348 	} else {
5349 		n_channels = ieee80211_get_num_supported_channels(wiphy);
5350 	}
5351 
5352 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5353 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5354 			n_ssids++;
5355 
5356 	if (n_ssids > wiphy->max_scan_ssids) {
5357 		err = -EINVAL;
5358 		goto unlock;
5359 	}
5360 
5361 	if (info->attrs[NL80211_ATTR_IE])
5362 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5363 	else
5364 		ie_len = 0;
5365 
5366 	if (ie_len > wiphy->max_scan_ie_len) {
5367 		err = -EINVAL;
5368 		goto unlock;
5369 	}
5370 
5371 	request = kzalloc(sizeof(*request)
5372 			+ sizeof(*request->ssids) * n_ssids
5373 			+ sizeof(*request->channels) * n_channels
5374 			+ ie_len, GFP_KERNEL);
5375 	if (!request) {
5376 		err = -ENOMEM;
5377 		goto unlock;
5378 	}
5379 
5380 	if (n_ssids)
5381 		request->ssids = (void *)&request->channels[n_channels];
5382 	request->n_ssids = n_ssids;
5383 	if (ie_len) {
5384 		if (request->ssids)
5385 			request->ie = (void *)(request->ssids + n_ssids);
5386 		else
5387 			request->ie = (void *)(request->channels + n_channels);
5388 	}
5389 
5390 	i = 0;
5391 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5392 		/* user specified, bail out if channel not found */
5393 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5394 			struct ieee80211_channel *chan;
5395 
5396 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5397 
5398 			if (!chan) {
5399 				err = -EINVAL;
5400 				goto out_free;
5401 			}
5402 
5403 			/* ignore disabled channels */
5404 			if (chan->flags & IEEE80211_CHAN_DISABLED)
5405 				continue;
5406 
5407 			request->channels[i] = chan;
5408 			i++;
5409 		}
5410 	} else {
5411 		enum ieee80211_band band;
5412 
5413 		/* all channels */
5414 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5415 			int j;
5416 			if (!wiphy->bands[band])
5417 				continue;
5418 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5419 				struct ieee80211_channel *chan;
5420 
5421 				chan = &wiphy->bands[band]->channels[j];
5422 
5423 				if (chan->flags & IEEE80211_CHAN_DISABLED)
5424 					continue;
5425 
5426 				request->channels[i] = chan;
5427 				i++;
5428 			}
5429 		}
5430 	}
5431 
5432 	if (!i) {
5433 		err = -EINVAL;
5434 		goto out_free;
5435 	}
5436 
5437 	request->n_channels = i;
5438 
5439 	i = 0;
5440 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5441 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5442 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5443 				err = -EINVAL;
5444 				goto out_free;
5445 			}
5446 			request->ssids[i].ssid_len = nla_len(attr);
5447 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5448 			i++;
5449 		}
5450 	}
5451 
5452 	if (info->attrs[NL80211_ATTR_IE]) {
5453 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5454 		memcpy((void *)request->ie,
5455 		       nla_data(info->attrs[NL80211_ATTR_IE]),
5456 		       request->ie_len);
5457 	}
5458 
5459 	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5460 		if (wiphy->bands[i])
5461 			request->rates[i] =
5462 				(1 << wiphy->bands[i]->n_bitrates) - 1;
5463 
5464 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5465 		nla_for_each_nested(attr,
5466 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5467 				    tmp) {
5468 			enum ieee80211_band band = nla_type(attr);
5469 
5470 			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5471 				err = -EINVAL;
5472 				goto out_free;
5473 			}
5474 
5475 			if (!wiphy->bands[band])
5476 				continue;
5477 
5478 			err = ieee80211_get_ratemask(wiphy->bands[band],
5479 						     nla_data(attr),
5480 						     nla_len(attr),
5481 						     &request->rates[band]);
5482 			if (err)
5483 				goto out_free;
5484 		}
5485 	}
5486 
5487 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5488 		request->flags = nla_get_u32(
5489 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5490 		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5491 		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5492 			err = -EOPNOTSUPP;
5493 			goto out_free;
5494 		}
5495 	}
5496 
5497 	request->no_cck =
5498 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5499 
5500 	request->wdev = wdev;
5501 	request->wiphy = &rdev->wiphy;
5502 	request->scan_start = jiffies;
5503 
5504 	rdev->scan_req = request;
5505 	err = rdev_scan(rdev, request);
5506 
5507 	if (!err) {
5508 		nl80211_send_scan_start(rdev, wdev);
5509 		if (wdev->netdev)
5510 			dev_hold(wdev->netdev);
5511 	} else {
5512  out_free:
5513 		rdev->scan_req = NULL;
5514 		kfree(request);
5515 	}
5516 
5517  unlock:
5518 	return err;
5519 }
5520 
5521 static int nl80211_start_sched_scan(struct sk_buff *skb,
5522 				    struct genl_info *info)
5523 {
5524 	struct cfg80211_sched_scan_request *request;
5525 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5526 	struct net_device *dev = info->user_ptr[1];
5527 	struct nlattr *attr;
5528 	struct wiphy *wiphy;
5529 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
5530 	u32 interval;
5531 	enum ieee80211_band band;
5532 	size_t ie_len;
5533 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
5534 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
5535 
5536 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5537 	    !rdev->ops->sched_scan_start)
5538 		return -EOPNOTSUPP;
5539 
5540 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5541 		return -EINVAL;
5542 
5543 	if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
5544 		return -EINVAL;
5545 
5546 	interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
5547 	if (interval == 0)
5548 		return -EINVAL;
5549 
5550 	wiphy = &rdev->wiphy;
5551 
5552 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5553 		n_channels = validate_scan_freqs(
5554 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5555 		if (!n_channels)
5556 			return -EINVAL;
5557 	} else {
5558 		n_channels = ieee80211_get_num_supported_channels(wiphy);
5559 	}
5560 
5561 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5562 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5563 				    tmp)
5564 			n_ssids++;
5565 
5566 	if (n_ssids > wiphy->max_sched_scan_ssids)
5567 		return -EINVAL;
5568 
5569 	/*
5570 	 * First, count the number of 'real' matchsets. Due to an issue with
5571 	 * the old implementation, matchsets containing only the RSSI attribute
5572 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
5573 	 * RSSI for all matchsets, rather than their own matchset for reporting
5574 	 * all APs with a strong RSSI. This is needed to be compatible with
5575 	 * older userspace that treated a matchset with only the RSSI as the
5576 	 * global RSSI for all other matchsets - if there are other matchsets.
5577 	 */
5578 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5579 		nla_for_each_nested(attr,
5580 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5581 				    tmp) {
5582 			struct nlattr *rssi;
5583 
5584 			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5585 					nla_data(attr), nla_len(attr),
5586 					nl80211_match_policy);
5587 			if (err)
5588 				return err;
5589 			/* add other standalone attributes here */
5590 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
5591 				n_match_sets++;
5592 				continue;
5593 			}
5594 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5595 			if (rssi)
5596 				default_match_rssi = nla_get_s32(rssi);
5597 		}
5598 	}
5599 
5600 	/* However, if there's no other matchset, add the RSSI one */
5601 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
5602 		n_match_sets = 1;
5603 
5604 	if (n_match_sets > wiphy->max_match_sets)
5605 		return -EINVAL;
5606 
5607 	if (info->attrs[NL80211_ATTR_IE])
5608 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5609 	else
5610 		ie_len = 0;
5611 
5612 	if (ie_len > wiphy->max_sched_scan_ie_len)
5613 		return -EINVAL;
5614 
5615 	if (rdev->sched_scan_req) {
5616 		err = -EINPROGRESS;
5617 		goto out;
5618 	}
5619 
5620 	request = kzalloc(sizeof(*request)
5621 			+ sizeof(*request->ssids) * n_ssids
5622 			+ sizeof(*request->match_sets) * n_match_sets
5623 			+ sizeof(*request->channels) * n_channels
5624 			+ ie_len, GFP_KERNEL);
5625 	if (!request) {
5626 		err = -ENOMEM;
5627 		goto out;
5628 	}
5629 
5630 	if (n_ssids)
5631 		request->ssids = (void *)&request->channels[n_channels];
5632 	request->n_ssids = n_ssids;
5633 	if (ie_len) {
5634 		if (request->ssids)
5635 			request->ie = (void *)(request->ssids + n_ssids);
5636 		else
5637 			request->ie = (void *)(request->channels + n_channels);
5638 	}
5639 
5640 	if (n_match_sets) {
5641 		if (request->ie)
5642 			request->match_sets = (void *)(request->ie + ie_len);
5643 		else if (request->ssids)
5644 			request->match_sets =
5645 				(void *)(request->ssids + n_ssids);
5646 		else
5647 			request->match_sets =
5648 				(void *)(request->channels + n_channels);
5649 	}
5650 	request->n_match_sets = n_match_sets;
5651 
5652 	i = 0;
5653 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5654 		/* user specified, bail out if channel not found */
5655 		nla_for_each_nested(attr,
5656 				    info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
5657 				    tmp) {
5658 			struct ieee80211_channel *chan;
5659 
5660 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5661 
5662 			if (!chan) {
5663 				err = -EINVAL;
5664 				goto out_free;
5665 			}
5666 
5667 			/* ignore disabled channels */
5668 			if (chan->flags & IEEE80211_CHAN_DISABLED)
5669 				continue;
5670 
5671 			request->channels[i] = chan;
5672 			i++;
5673 		}
5674 	} else {
5675 		/* all channels */
5676 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5677 			int j;
5678 			if (!wiphy->bands[band])
5679 				continue;
5680 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5681 				struct ieee80211_channel *chan;
5682 
5683 				chan = &wiphy->bands[band]->channels[j];
5684 
5685 				if (chan->flags & IEEE80211_CHAN_DISABLED)
5686 					continue;
5687 
5688 				request->channels[i] = chan;
5689 				i++;
5690 			}
5691 		}
5692 	}
5693 
5694 	if (!i) {
5695 		err = -EINVAL;
5696 		goto out_free;
5697 	}
5698 
5699 	request->n_channels = i;
5700 
5701 	i = 0;
5702 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5703 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5704 				    tmp) {
5705 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5706 				err = -EINVAL;
5707 				goto out_free;
5708 			}
5709 			request->ssids[i].ssid_len = nla_len(attr);
5710 			memcpy(request->ssids[i].ssid, nla_data(attr),
5711 			       nla_len(attr));
5712 			i++;
5713 		}
5714 	}
5715 
5716 	i = 0;
5717 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5718 		nla_for_each_nested(attr,
5719 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5720 				    tmp) {
5721 			struct nlattr *ssid, *rssi;
5722 
5723 			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5724 					nla_data(attr), nla_len(attr),
5725 					nl80211_match_policy);
5726 			if (err)
5727 				goto out_free;
5728 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
5729 			if (ssid) {
5730 				if (WARN_ON(i >= n_match_sets)) {
5731 					/* this indicates a programming error,
5732 					 * the loop above should have verified
5733 					 * things properly
5734 					 */
5735 					err = -EINVAL;
5736 					goto out_free;
5737 				}
5738 
5739 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
5740 					err = -EINVAL;
5741 					goto out_free;
5742 				}
5743 				memcpy(request->match_sets[i].ssid.ssid,
5744 				       nla_data(ssid), nla_len(ssid));
5745 				request->match_sets[i].ssid.ssid_len =
5746 					nla_len(ssid);
5747 				/* special attribute - old implemenation w/a */
5748 				request->match_sets[i].rssi_thold =
5749 					default_match_rssi;
5750 				rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5751 				if (rssi)
5752 					request->match_sets[i].rssi_thold =
5753 						nla_get_s32(rssi);
5754 			}
5755 			i++;
5756 		}
5757 
5758 		/* there was no other matchset, so the RSSI one is alone */
5759 		if (i == 0)
5760 			request->match_sets[0].rssi_thold = default_match_rssi;
5761 
5762 		request->min_rssi_thold = INT_MAX;
5763 		for (i = 0; i < n_match_sets; i++)
5764 			request->min_rssi_thold =
5765 				min(request->match_sets[i].rssi_thold,
5766 				    request->min_rssi_thold);
5767 	} else {
5768 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
5769 	}
5770 
5771 	if (ie_len) {
5772 		request->ie_len = ie_len;
5773 		memcpy((void *)request->ie,
5774 		       nla_data(info->attrs[NL80211_ATTR_IE]),
5775 		       request->ie_len);
5776 	}
5777 
5778 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5779 		request->flags = nla_get_u32(
5780 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5781 		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5782 		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5783 			err = -EOPNOTSUPP;
5784 			goto out_free;
5785 		}
5786 	}
5787 
5788 	request->dev = dev;
5789 	request->wiphy = &rdev->wiphy;
5790 	request->interval = interval;
5791 	request->scan_start = jiffies;
5792 
5793 	err = rdev_sched_scan_start(rdev, dev, request);
5794 	if (!err) {
5795 		rdev->sched_scan_req = request;
5796 		nl80211_send_sched_scan(rdev, dev,
5797 					NL80211_CMD_START_SCHED_SCAN);
5798 		goto out;
5799 	}
5800 
5801 out_free:
5802 	kfree(request);
5803 out:
5804 	return err;
5805 }
5806 
5807 static int nl80211_stop_sched_scan(struct sk_buff *skb,
5808 				   struct genl_info *info)
5809 {
5810 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5811 
5812 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5813 	    !rdev->ops->sched_scan_stop)
5814 		return -EOPNOTSUPP;
5815 
5816 	return __cfg80211_stop_sched_scan(rdev, false);
5817 }
5818 
5819 static int nl80211_start_radar_detection(struct sk_buff *skb,
5820 					 struct genl_info *info)
5821 {
5822 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5823 	struct net_device *dev = info->user_ptr[1];
5824 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5825 	struct cfg80211_chan_def chandef;
5826 	enum nl80211_dfs_regions dfs_region;
5827 	unsigned int cac_time_ms;
5828 	int err;
5829 
5830 	dfs_region = reg_get_dfs_region(wdev->wiphy);
5831 	if (dfs_region == NL80211_DFS_UNSET)
5832 		return -EINVAL;
5833 
5834 	err = nl80211_parse_chandef(rdev, info, &chandef);
5835 	if (err)
5836 		return err;
5837 
5838 	if (netif_carrier_ok(dev))
5839 		return -EBUSY;
5840 
5841 	if (wdev->cac_started)
5842 		return -EBUSY;
5843 
5844 	err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
5845 					    wdev->iftype);
5846 	if (err < 0)
5847 		return err;
5848 
5849 	if (err == 0)
5850 		return -EINVAL;
5851 
5852 	if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
5853 		return -EINVAL;
5854 
5855 	if (!rdev->ops->start_radar_detection)
5856 		return -EOPNOTSUPP;
5857 
5858 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
5859 	if (WARN_ON(!cac_time_ms))
5860 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
5861 
5862 	err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef,
5863 					       cac_time_ms);
5864 	if (!err) {
5865 		wdev->chandef = chandef;
5866 		wdev->cac_started = true;
5867 		wdev->cac_start_time = jiffies;
5868 		wdev->cac_time_ms = cac_time_ms;
5869 	}
5870 	return err;
5871 }
5872 
5873 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
5874 {
5875 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5876 	struct net_device *dev = info->user_ptr[1];
5877 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5878 	struct cfg80211_csa_settings params;
5879 	/* csa_attrs is defined static to avoid waste of stack size - this
5880 	 * function is called under RTNL lock, so this should not be a problem.
5881 	 */
5882 	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
5883 	u8 radar_detect_width = 0;
5884 	int err;
5885 	bool need_new_beacon = false;
5886 	int len, i;
5887 
5888 	if (!rdev->ops->channel_switch ||
5889 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
5890 		return -EOPNOTSUPP;
5891 
5892 	switch (dev->ieee80211_ptr->iftype) {
5893 	case NL80211_IFTYPE_AP:
5894 	case NL80211_IFTYPE_P2P_GO:
5895 		need_new_beacon = true;
5896 
5897 		/* useless if AP is not running */
5898 		if (!wdev->beacon_interval)
5899 			return -ENOTCONN;
5900 		break;
5901 	case NL80211_IFTYPE_ADHOC:
5902 		if (!wdev->ssid_len)
5903 			return -ENOTCONN;
5904 		break;
5905 	case NL80211_IFTYPE_MESH_POINT:
5906 		if (!wdev->mesh_id_len)
5907 			return -ENOTCONN;
5908 		break;
5909 	default:
5910 		return -EOPNOTSUPP;
5911 	}
5912 
5913 	memset(&params, 0, sizeof(params));
5914 
5915 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
5916 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
5917 		return -EINVAL;
5918 
5919 	/* only important for AP, IBSS and mesh create IEs internally */
5920 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
5921 		return -EINVAL;
5922 
5923 	params.count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
5924 
5925 	if (!need_new_beacon)
5926 		goto skip_beacons;
5927 
5928 	err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
5929 	if (err)
5930 		return err;
5931 
5932 	err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
5933 			       info->attrs[NL80211_ATTR_CSA_IES],
5934 			       nl80211_policy);
5935 	if (err)
5936 		return err;
5937 
5938 	err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
5939 	if (err)
5940 		return err;
5941 
5942 	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
5943 		return -EINVAL;
5944 
5945 	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
5946 	if (!len || (len % sizeof(u16)))
5947 		return -EINVAL;
5948 
5949 	params.n_counter_offsets_beacon = len / sizeof(u16);
5950 	if (rdev->wiphy.max_num_csa_counters &&
5951 	    (params.n_counter_offsets_beacon >
5952 	     rdev->wiphy.max_num_csa_counters))
5953 		return -EINVAL;
5954 
5955 	params.counter_offsets_beacon =
5956 		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
5957 
5958 	/* sanity checks - counters should fit and be the same */
5959 	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
5960 		u16 offset = params.counter_offsets_beacon[i];
5961 
5962 		if (offset >= params.beacon_csa.tail_len)
5963 			return -EINVAL;
5964 
5965 		if (params.beacon_csa.tail[offset] != params.count)
5966 			return -EINVAL;
5967 	}
5968 
5969 	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
5970 		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
5971 		if (!len || (len % sizeof(u16)))
5972 			return -EINVAL;
5973 
5974 		params.n_counter_offsets_presp = len / sizeof(u16);
5975 		if (rdev->wiphy.max_num_csa_counters &&
5976 		    (params.n_counter_offsets_beacon >
5977 		     rdev->wiphy.max_num_csa_counters))
5978 			return -EINVAL;
5979 
5980 		params.counter_offsets_presp =
5981 			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
5982 
5983 		/* sanity checks - counters should fit and be the same */
5984 		for (i = 0; i < params.n_counter_offsets_presp; i++) {
5985 			u16 offset = params.counter_offsets_presp[i];
5986 
5987 			if (offset >= params.beacon_csa.probe_resp_len)
5988 				return -EINVAL;
5989 
5990 			if (params.beacon_csa.probe_resp[offset] !=
5991 			    params.count)
5992 				return -EINVAL;
5993 		}
5994 	}
5995 
5996 skip_beacons:
5997 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
5998 	if (err)
5999 		return err;
6000 
6001 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef,
6002 				     wdev->iftype))
6003 		return -EINVAL;
6004 
6005 	err = cfg80211_chandef_dfs_required(wdev->wiphy,
6006 					    &params.chandef,
6007 					    wdev->iftype);
6008 	if (err < 0)
6009 		return err;
6010 
6011 	if (err > 0) {
6012 		radar_detect_width = BIT(params.chandef.width);
6013 		params.radar_required = true;
6014 	}
6015 
6016 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
6017 		params.block_tx = true;
6018 
6019 	wdev_lock(wdev);
6020 	err = rdev_channel_switch(rdev, dev, &params);
6021 	wdev_unlock(wdev);
6022 
6023 	return err;
6024 }
6025 
6026 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
6027 			    u32 seq, int flags,
6028 			    struct cfg80211_registered_device *rdev,
6029 			    struct wireless_dev *wdev,
6030 			    struct cfg80211_internal_bss *intbss)
6031 {
6032 	struct cfg80211_bss *res = &intbss->pub;
6033 	const struct cfg80211_bss_ies *ies;
6034 	void *hdr;
6035 	struct nlattr *bss;
6036 	bool tsf = false;
6037 
6038 	ASSERT_WDEV_LOCK(wdev);
6039 
6040 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6041 			     NL80211_CMD_NEW_SCAN_RESULTS);
6042 	if (!hdr)
6043 		return -1;
6044 
6045 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
6046 
6047 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
6048 		goto nla_put_failure;
6049 	if (wdev->netdev &&
6050 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
6051 		goto nla_put_failure;
6052 	if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
6053 		goto nla_put_failure;
6054 
6055 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
6056 	if (!bss)
6057 		goto nla_put_failure;
6058 	if ((!is_zero_ether_addr(res->bssid) &&
6059 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
6060 		goto nla_put_failure;
6061 
6062 	rcu_read_lock();
6063 	ies = rcu_dereference(res->ies);
6064 	if (ies) {
6065 		if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
6066 			goto fail_unlock_rcu;
6067 		tsf = true;
6068 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
6069 					ies->len, ies->data))
6070 			goto fail_unlock_rcu;
6071 	}
6072 	ies = rcu_dereference(res->beacon_ies);
6073 	if (ies) {
6074 		if (!tsf && nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
6075 			goto fail_unlock_rcu;
6076 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
6077 					ies->len, ies->data))
6078 			goto fail_unlock_rcu;
6079 	}
6080 	rcu_read_unlock();
6081 
6082 	if (res->beacon_interval &&
6083 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
6084 		goto nla_put_failure;
6085 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
6086 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
6087 	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
6088 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
6089 			jiffies_to_msecs(jiffies - intbss->ts)))
6090 		goto nla_put_failure;
6091 
6092 	switch (rdev->wiphy.signal_type) {
6093 	case CFG80211_SIGNAL_TYPE_MBM:
6094 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
6095 			goto nla_put_failure;
6096 		break;
6097 	case CFG80211_SIGNAL_TYPE_UNSPEC:
6098 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
6099 			goto nla_put_failure;
6100 		break;
6101 	default:
6102 		break;
6103 	}
6104 
6105 	switch (wdev->iftype) {
6106 	case NL80211_IFTYPE_P2P_CLIENT:
6107 	case NL80211_IFTYPE_STATION:
6108 		if (intbss == wdev->current_bss &&
6109 		    nla_put_u32(msg, NL80211_BSS_STATUS,
6110 				NL80211_BSS_STATUS_ASSOCIATED))
6111 			goto nla_put_failure;
6112 		break;
6113 	case NL80211_IFTYPE_ADHOC:
6114 		if (intbss == wdev->current_bss &&
6115 		    nla_put_u32(msg, NL80211_BSS_STATUS,
6116 				NL80211_BSS_STATUS_IBSS_JOINED))
6117 			goto nla_put_failure;
6118 		break;
6119 	default:
6120 		break;
6121 	}
6122 
6123 	nla_nest_end(msg, bss);
6124 
6125 	return genlmsg_end(msg, hdr);
6126 
6127  fail_unlock_rcu:
6128 	rcu_read_unlock();
6129  nla_put_failure:
6130 	genlmsg_cancel(msg, hdr);
6131 	return -EMSGSIZE;
6132 }
6133 
6134 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
6135 {
6136 	struct cfg80211_registered_device *rdev;
6137 	struct cfg80211_internal_bss *scan;
6138 	struct wireless_dev *wdev;
6139 	int start = cb->args[2], idx = 0;
6140 	int err;
6141 
6142 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6143 	if (err)
6144 		return err;
6145 
6146 	wdev_lock(wdev);
6147 	spin_lock_bh(&rdev->bss_lock);
6148 	cfg80211_bss_expire(rdev);
6149 
6150 	cb->seq = rdev->bss_generation;
6151 
6152 	list_for_each_entry(scan, &rdev->bss_list, list) {
6153 		if (++idx <= start)
6154 			continue;
6155 		if (nl80211_send_bss(skb, cb,
6156 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6157 				rdev, wdev, scan) < 0) {
6158 			idx--;
6159 			break;
6160 		}
6161 	}
6162 
6163 	spin_unlock_bh(&rdev->bss_lock);
6164 	wdev_unlock(wdev);
6165 
6166 	cb->args[2] = idx;
6167 	nl80211_finish_wdev_dump(rdev);
6168 
6169 	return skb->len;
6170 }
6171 
6172 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
6173 				int flags, struct net_device *dev,
6174 				struct survey_info *survey)
6175 {
6176 	void *hdr;
6177 	struct nlattr *infoattr;
6178 
6179 	hdr = nl80211hdr_put(msg, portid, seq, flags,
6180 			     NL80211_CMD_NEW_SURVEY_RESULTS);
6181 	if (!hdr)
6182 		return -ENOMEM;
6183 
6184 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
6185 		goto nla_put_failure;
6186 
6187 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
6188 	if (!infoattr)
6189 		goto nla_put_failure;
6190 
6191 	if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
6192 			survey->channel->center_freq))
6193 		goto nla_put_failure;
6194 
6195 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
6196 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
6197 		goto nla_put_failure;
6198 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
6199 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
6200 		goto nla_put_failure;
6201 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
6202 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
6203 			survey->channel_time))
6204 		goto nla_put_failure;
6205 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
6206 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
6207 			survey->channel_time_busy))
6208 		goto nla_put_failure;
6209 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
6210 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
6211 			survey->channel_time_ext_busy))
6212 		goto nla_put_failure;
6213 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
6214 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
6215 			survey->channel_time_rx))
6216 		goto nla_put_failure;
6217 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
6218 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
6219 			survey->channel_time_tx))
6220 		goto nla_put_failure;
6221 
6222 	nla_nest_end(msg, infoattr);
6223 
6224 	return genlmsg_end(msg, hdr);
6225 
6226  nla_put_failure:
6227 	genlmsg_cancel(msg, hdr);
6228 	return -EMSGSIZE;
6229 }
6230 
6231 static int nl80211_dump_survey(struct sk_buff *skb,
6232 			struct netlink_callback *cb)
6233 {
6234 	struct survey_info survey;
6235 	struct cfg80211_registered_device *rdev;
6236 	struct wireless_dev *wdev;
6237 	int survey_idx = cb->args[2];
6238 	int res;
6239 
6240 	res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6241 	if (res)
6242 		return res;
6243 
6244 	if (!wdev->netdev) {
6245 		res = -EINVAL;
6246 		goto out_err;
6247 	}
6248 
6249 	if (!rdev->ops->dump_survey) {
6250 		res = -EOPNOTSUPP;
6251 		goto out_err;
6252 	}
6253 
6254 	while (1) {
6255 		struct ieee80211_channel *chan;
6256 
6257 		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
6258 		if (res == -ENOENT)
6259 			break;
6260 		if (res)
6261 			goto out_err;
6262 
6263 		/* Survey without a channel doesn't make sense */
6264 		if (!survey.channel) {
6265 			res = -EINVAL;
6266 			goto out;
6267 		}
6268 
6269 		chan = ieee80211_get_channel(&rdev->wiphy,
6270 					     survey.channel->center_freq);
6271 		if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
6272 			survey_idx++;
6273 			continue;
6274 		}
6275 
6276 		if (nl80211_send_survey(skb,
6277 				NETLINK_CB(cb->skb).portid,
6278 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6279 				wdev->netdev, &survey) < 0)
6280 			goto out;
6281 		survey_idx++;
6282 	}
6283 
6284  out:
6285 	cb->args[2] = survey_idx;
6286 	res = skb->len;
6287  out_err:
6288 	nl80211_finish_wdev_dump(rdev);
6289 	return res;
6290 }
6291 
6292 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
6293 {
6294 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
6295 				  NL80211_WPA_VERSION_2));
6296 }
6297 
6298 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
6299 {
6300 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6301 	struct net_device *dev = info->user_ptr[1];
6302 	struct ieee80211_channel *chan;
6303 	const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
6304 	int err, ssid_len, ie_len = 0, sae_data_len = 0;
6305 	enum nl80211_auth_type auth_type;
6306 	struct key_parse key;
6307 	bool local_state_change;
6308 
6309 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6310 		return -EINVAL;
6311 
6312 	if (!info->attrs[NL80211_ATTR_MAC])
6313 		return -EINVAL;
6314 
6315 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
6316 		return -EINVAL;
6317 
6318 	if (!info->attrs[NL80211_ATTR_SSID])
6319 		return -EINVAL;
6320 
6321 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
6322 		return -EINVAL;
6323 
6324 	err = nl80211_parse_key(info, &key);
6325 	if (err)
6326 		return err;
6327 
6328 	if (key.idx >= 0) {
6329 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
6330 			return -EINVAL;
6331 		if (!key.p.key || !key.p.key_len)
6332 			return -EINVAL;
6333 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
6334 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
6335 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
6336 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
6337 			return -EINVAL;
6338 		if (key.idx > 4)
6339 			return -EINVAL;
6340 	} else {
6341 		key.p.key_len = 0;
6342 		key.p.key = NULL;
6343 	}
6344 
6345 	if (key.idx >= 0) {
6346 		int i;
6347 		bool ok = false;
6348 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
6349 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
6350 				ok = true;
6351 				break;
6352 			}
6353 		}
6354 		if (!ok)
6355 			return -EINVAL;
6356 	}
6357 
6358 	if (!rdev->ops->auth)
6359 		return -EOPNOTSUPP;
6360 
6361 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6362 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6363 		return -EOPNOTSUPP;
6364 
6365 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6366 	chan = nl80211_get_valid_chan(&rdev->wiphy,
6367 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
6368 	if (!chan)
6369 		return -EINVAL;
6370 
6371 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6372 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6373 
6374 	if (info->attrs[NL80211_ATTR_IE]) {
6375 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6376 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6377 	}
6378 
6379 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6380 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
6381 		return -EINVAL;
6382 
6383 	if (auth_type == NL80211_AUTHTYPE_SAE &&
6384 	    !info->attrs[NL80211_ATTR_SAE_DATA])
6385 		return -EINVAL;
6386 
6387 	if (info->attrs[NL80211_ATTR_SAE_DATA]) {
6388 		if (auth_type != NL80211_AUTHTYPE_SAE)
6389 			return -EINVAL;
6390 		sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
6391 		sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
6392 		/* need to include at least Auth Transaction and Status Code */
6393 		if (sae_data_len < 4)
6394 			return -EINVAL;
6395 	}
6396 
6397 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6398 
6399 	/*
6400 	 * Since we no longer track auth state, ignore
6401 	 * requests to only change local state.
6402 	 */
6403 	if (local_state_change)
6404 		return 0;
6405 
6406 	wdev_lock(dev->ieee80211_ptr);
6407 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
6408 				 ssid, ssid_len, ie, ie_len,
6409 				 key.p.key, key.p.key_len, key.idx,
6410 				 sae_data, sae_data_len);
6411 	wdev_unlock(dev->ieee80211_ptr);
6412 	return err;
6413 }
6414 
6415 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
6416 				   struct genl_info *info,
6417 				   struct cfg80211_crypto_settings *settings,
6418 				   int cipher_limit)
6419 {
6420 	memset(settings, 0, sizeof(*settings));
6421 
6422 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
6423 
6424 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
6425 		u16 proto;
6426 		proto = nla_get_u16(
6427 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
6428 		settings->control_port_ethertype = cpu_to_be16(proto);
6429 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
6430 		    proto != ETH_P_PAE)
6431 			return -EINVAL;
6432 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
6433 			settings->control_port_no_encrypt = true;
6434 	} else
6435 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
6436 
6437 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
6438 		void *data;
6439 		int len, i;
6440 
6441 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6442 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6443 		settings->n_ciphers_pairwise = len / sizeof(u32);
6444 
6445 		if (len % sizeof(u32))
6446 			return -EINVAL;
6447 
6448 		if (settings->n_ciphers_pairwise > cipher_limit)
6449 			return -EINVAL;
6450 
6451 		memcpy(settings->ciphers_pairwise, data, len);
6452 
6453 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
6454 			if (!cfg80211_supported_cipher_suite(
6455 					&rdev->wiphy,
6456 					settings->ciphers_pairwise[i]))
6457 				return -EINVAL;
6458 	}
6459 
6460 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
6461 		settings->cipher_group =
6462 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
6463 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
6464 						     settings->cipher_group))
6465 			return -EINVAL;
6466 	}
6467 
6468 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
6469 		settings->wpa_versions =
6470 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
6471 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
6472 			return -EINVAL;
6473 	}
6474 
6475 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
6476 		void *data;
6477 		int len;
6478 
6479 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
6480 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
6481 		settings->n_akm_suites = len / sizeof(u32);
6482 
6483 		if (len % sizeof(u32))
6484 			return -EINVAL;
6485 
6486 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
6487 			return -EINVAL;
6488 
6489 		memcpy(settings->akm_suites, data, len);
6490 	}
6491 
6492 	return 0;
6493 }
6494 
6495 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
6496 {
6497 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6498 	struct net_device *dev = info->user_ptr[1];
6499 	struct ieee80211_channel *chan;
6500 	struct cfg80211_assoc_request req = {};
6501 	const u8 *bssid, *ssid;
6502 	int err, ssid_len = 0;
6503 
6504 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6505 		return -EINVAL;
6506 
6507 	if (!info->attrs[NL80211_ATTR_MAC] ||
6508 	    !info->attrs[NL80211_ATTR_SSID] ||
6509 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
6510 		return -EINVAL;
6511 
6512 	if (!rdev->ops->assoc)
6513 		return -EOPNOTSUPP;
6514 
6515 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6516 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6517 		return -EOPNOTSUPP;
6518 
6519 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6520 
6521 	chan = nl80211_get_valid_chan(&rdev->wiphy,
6522 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
6523 	if (!chan)
6524 		return -EINVAL;
6525 
6526 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6527 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6528 
6529 	if (info->attrs[NL80211_ATTR_IE]) {
6530 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6531 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6532 	}
6533 
6534 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
6535 		enum nl80211_mfp mfp =
6536 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6537 		if (mfp == NL80211_MFP_REQUIRED)
6538 			req.use_mfp = true;
6539 		else if (mfp != NL80211_MFP_NO)
6540 			return -EINVAL;
6541 	}
6542 
6543 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
6544 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
6545 
6546 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6547 		req.flags |= ASSOC_REQ_DISABLE_HT;
6548 
6549 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6550 		memcpy(&req.ht_capa_mask,
6551 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6552 		       sizeof(req.ht_capa_mask));
6553 
6554 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6555 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6556 			return -EINVAL;
6557 		memcpy(&req.ht_capa,
6558 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6559 		       sizeof(req.ht_capa));
6560 	}
6561 
6562 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
6563 		req.flags |= ASSOC_REQ_DISABLE_VHT;
6564 
6565 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6566 		memcpy(&req.vht_capa_mask,
6567 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
6568 		       sizeof(req.vht_capa_mask));
6569 
6570 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
6571 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6572 			return -EINVAL;
6573 		memcpy(&req.vht_capa,
6574 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
6575 		       sizeof(req.vht_capa));
6576 	}
6577 
6578 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
6579 	if (!err) {
6580 		wdev_lock(dev->ieee80211_ptr);
6581 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
6582 					  ssid, ssid_len, &req);
6583 		wdev_unlock(dev->ieee80211_ptr);
6584 	}
6585 
6586 	return err;
6587 }
6588 
6589 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
6590 {
6591 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6592 	struct net_device *dev = info->user_ptr[1];
6593 	const u8 *ie = NULL, *bssid;
6594 	int ie_len = 0, err;
6595 	u16 reason_code;
6596 	bool local_state_change;
6597 
6598 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6599 		return -EINVAL;
6600 
6601 	if (!info->attrs[NL80211_ATTR_MAC])
6602 		return -EINVAL;
6603 
6604 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
6605 		return -EINVAL;
6606 
6607 	if (!rdev->ops->deauth)
6608 		return -EOPNOTSUPP;
6609 
6610 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6611 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6612 		return -EOPNOTSUPP;
6613 
6614 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6615 
6616 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6617 	if (reason_code == 0) {
6618 		/* Reason Code 0 is reserved */
6619 		return -EINVAL;
6620 	}
6621 
6622 	if (info->attrs[NL80211_ATTR_IE]) {
6623 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6624 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6625 	}
6626 
6627 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6628 
6629 	wdev_lock(dev->ieee80211_ptr);
6630 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
6631 				   local_state_change);
6632 	wdev_unlock(dev->ieee80211_ptr);
6633 	return err;
6634 }
6635 
6636 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
6637 {
6638 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6639 	struct net_device *dev = info->user_ptr[1];
6640 	const u8 *ie = NULL, *bssid;
6641 	int ie_len = 0, err;
6642 	u16 reason_code;
6643 	bool local_state_change;
6644 
6645 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6646 		return -EINVAL;
6647 
6648 	if (!info->attrs[NL80211_ATTR_MAC])
6649 		return -EINVAL;
6650 
6651 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
6652 		return -EINVAL;
6653 
6654 	if (!rdev->ops->disassoc)
6655 		return -EOPNOTSUPP;
6656 
6657 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6658 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6659 		return -EOPNOTSUPP;
6660 
6661 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6662 
6663 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6664 	if (reason_code == 0) {
6665 		/* Reason Code 0 is reserved */
6666 		return -EINVAL;
6667 	}
6668 
6669 	if (info->attrs[NL80211_ATTR_IE]) {
6670 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6671 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6672 	}
6673 
6674 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6675 
6676 	wdev_lock(dev->ieee80211_ptr);
6677 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
6678 				     local_state_change);
6679 	wdev_unlock(dev->ieee80211_ptr);
6680 	return err;
6681 }
6682 
6683 static bool
6684 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
6685 			 int mcast_rate[IEEE80211_NUM_BANDS],
6686 			 int rateval)
6687 {
6688 	struct wiphy *wiphy = &rdev->wiphy;
6689 	bool found = false;
6690 	int band, i;
6691 
6692 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6693 		struct ieee80211_supported_band *sband;
6694 
6695 		sband = wiphy->bands[band];
6696 		if (!sband)
6697 			continue;
6698 
6699 		for (i = 0; i < sband->n_bitrates; i++) {
6700 			if (sband->bitrates[i].bitrate == rateval) {
6701 				mcast_rate[band] = i + 1;
6702 				found = true;
6703 				break;
6704 			}
6705 		}
6706 	}
6707 
6708 	return found;
6709 }
6710 
6711 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
6712 {
6713 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6714 	struct net_device *dev = info->user_ptr[1];
6715 	struct cfg80211_ibss_params ibss;
6716 	struct wiphy *wiphy;
6717 	struct cfg80211_cached_keys *connkeys = NULL;
6718 	int err;
6719 
6720 	memset(&ibss, 0, sizeof(ibss));
6721 
6722 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6723 		return -EINVAL;
6724 
6725 	if (!info->attrs[NL80211_ATTR_SSID] ||
6726 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
6727 		return -EINVAL;
6728 
6729 	ibss.beacon_interval = 100;
6730 
6731 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
6732 		ibss.beacon_interval =
6733 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6734 		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
6735 			return -EINVAL;
6736 	}
6737 
6738 	if (!rdev->ops->join_ibss)
6739 		return -EOPNOTSUPP;
6740 
6741 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6742 		return -EOPNOTSUPP;
6743 
6744 	wiphy = &rdev->wiphy;
6745 
6746 	if (info->attrs[NL80211_ATTR_MAC]) {
6747 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6748 
6749 		if (!is_valid_ether_addr(ibss.bssid))
6750 			return -EINVAL;
6751 	}
6752 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6753 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6754 
6755 	if (info->attrs[NL80211_ATTR_IE]) {
6756 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6757 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6758 	}
6759 
6760 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
6761 	if (err)
6762 		return err;
6763 
6764 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
6765 				     NL80211_IFTYPE_ADHOC))
6766 		return -EINVAL;
6767 
6768 	switch (ibss.chandef.width) {
6769 	case NL80211_CHAN_WIDTH_5:
6770 	case NL80211_CHAN_WIDTH_10:
6771 	case NL80211_CHAN_WIDTH_20_NOHT:
6772 		break;
6773 	case NL80211_CHAN_WIDTH_20:
6774 	case NL80211_CHAN_WIDTH_40:
6775 		if (rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)
6776 			break;
6777 	default:
6778 		return -EINVAL;
6779 	}
6780 
6781 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
6782 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6783 
6784 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6785 		u8 *rates =
6786 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6787 		int n_rates =
6788 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6789 		struct ieee80211_supported_band *sband =
6790 			wiphy->bands[ibss.chandef.chan->band];
6791 
6792 		err = ieee80211_get_ratemask(sband, rates, n_rates,
6793 					     &ibss.basic_rates);
6794 		if (err)
6795 			return err;
6796 	}
6797 
6798 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6799 		memcpy(&ibss.ht_capa_mask,
6800 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6801 		       sizeof(ibss.ht_capa_mask));
6802 
6803 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6804 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6805 			return -EINVAL;
6806 		memcpy(&ibss.ht_capa,
6807 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6808 		       sizeof(ibss.ht_capa));
6809 	}
6810 
6811 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
6812 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
6813 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
6814 		return -EINVAL;
6815 
6816 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
6817 		bool no_ht = false;
6818 
6819 		connkeys = nl80211_parse_connkeys(rdev,
6820 					  info->attrs[NL80211_ATTR_KEYS],
6821 					  &no_ht);
6822 		if (IS_ERR(connkeys))
6823 			return PTR_ERR(connkeys);
6824 
6825 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
6826 		    no_ht) {
6827 			kfree(connkeys);
6828 			return -EINVAL;
6829 		}
6830 	}
6831 
6832 	ibss.control_port =
6833 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
6834 
6835 	ibss.userspace_handles_dfs =
6836 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
6837 
6838 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
6839 	if (err)
6840 		kfree(connkeys);
6841 	return err;
6842 }
6843 
6844 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
6845 {
6846 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6847 	struct net_device *dev = info->user_ptr[1];
6848 
6849 	if (!rdev->ops->leave_ibss)
6850 		return -EOPNOTSUPP;
6851 
6852 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6853 		return -EOPNOTSUPP;
6854 
6855 	return cfg80211_leave_ibss(rdev, dev, false);
6856 }
6857 
6858 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
6859 {
6860 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6861 	struct net_device *dev = info->user_ptr[1];
6862 	int mcast_rate[IEEE80211_NUM_BANDS];
6863 	u32 nla_rate;
6864 	int err;
6865 
6866 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
6867 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6868 		return -EOPNOTSUPP;
6869 
6870 	if (!rdev->ops->set_mcast_rate)
6871 		return -EOPNOTSUPP;
6872 
6873 	memset(mcast_rate, 0, sizeof(mcast_rate));
6874 
6875 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
6876 		return -EINVAL;
6877 
6878 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
6879 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
6880 		return -EINVAL;
6881 
6882 	err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
6883 
6884 	return err;
6885 }
6886 
6887 static struct sk_buff *
6888 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
6889 			    int approxlen, u32 portid, u32 seq,
6890 			    enum nl80211_commands cmd,
6891 			    enum nl80211_attrs attr,
6892 			    const struct nl80211_vendor_cmd_info *info,
6893 			    gfp_t gfp)
6894 {
6895 	struct sk_buff *skb;
6896 	void *hdr;
6897 	struct nlattr *data;
6898 
6899 	skb = nlmsg_new(approxlen + 100, gfp);
6900 	if (!skb)
6901 		return NULL;
6902 
6903 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
6904 	if (!hdr) {
6905 		kfree_skb(skb);
6906 		return NULL;
6907 	}
6908 
6909 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
6910 		goto nla_put_failure;
6911 
6912 	if (info) {
6913 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
6914 				info->vendor_id))
6915 			goto nla_put_failure;
6916 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
6917 				info->subcmd))
6918 			goto nla_put_failure;
6919 	}
6920 
6921 	data = nla_nest_start(skb, attr);
6922 
6923 	((void **)skb->cb)[0] = rdev;
6924 	((void **)skb->cb)[1] = hdr;
6925 	((void **)skb->cb)[2] = data;
6926 
6927 	return skb;
6928 
6929  nla_put_failure:
6930 	kfree_skb(skb);
6931 	return NULL;
6932 }
6933 
6934 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
6935 					   enum nl80211_commands cmd,
6936 					   enum nl80211_attrs attr,
6937 					   int vendor_event_idx,
6938 					   int approxlen, gfp_t gfp)
6939 {
6940 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
6941 	const struct nl80211_vendor_cmd_info *info;
6942 
6943 	switch (cmd) {
6944 	case NL80211_CMD_TESTMODE:
6945 		if (WARN_ON(vendor_event_idx != -1))
6946 			return NULL;
6947 		info = NULL;
6948 		break;
6949 	case NL80211_CMD_VENDOR:
6950 		if (WARN_ON(vendor_event_idx < 0 ||
6951 			    vendor_event_idx >= wiphy->n_vendor_events))
6952 			return NULL;
6953 		info = &wiphy->vendor_events[vendor_event_idx];
6954 		break;
6955 	default:
6956 		WARN_ON(1);
6957 		return NULL;
6958 	}
6959 
6960 	return __cfg80211_alloc_vendor_skb(rdev, approxlen, 0, 0,
6961 					   cmd, attr, info, gfp);
6962 }
6963 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
6964 
6965 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
6966 {
6967 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
6968 	void *hdr = ((void **)skb->cb)[1];
6969 	struct nlattr *data = ((void **)skb->cb)[2];
6970 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
6971 
6972 	/* clear CB data for netlink core to own from now on */
6973 	memset(skb->cb, 0, sizeof(skb->cb));
6974 
6975 	nla_nest_end(skb, data);
6976 	genlmsg_end(skb, hdr);
6977 
6978 	if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
6979 		mcgrp = NL80211_MCGRP_VENDOR;
6980 
6981 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
6982 				mcgrp, gfp);
6983 }
6984 EXPORT_SYMBOL(__cfg80211_send_event_skb);
6985 
6986 #ifdef CONFIG_NL80211_TESTMODE
6987 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
6988 {
6989 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6990 	struct wireless_dev *wdev =
6991 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
6992 	int err;
6993 
6994 	if (!rdev->ops->testmode_cmd)
6995 		return -EOPNOTSUPP;
6996 
6997 	if (IS_ERR(wdev)) {
6998 		err = PTR_ERR(wdev);
6999 		if (err != -EINVAL)
7000 			return err;
7001 		wdev = NULL;
7002 	} else if (wdev->wiphy != &rdev->wiphy) {
7003 		return -EINVAL;
7004 	}
7005 
7006 	if (!info->attrs[NL80211_ATTR_TESTDATA])
7007 		return -EINVAL;
7008 
7009 	rdev->cur_cmd_info = info;
7010 	err = rdev_testmode_cmd(rdev, wdev,
7011 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
7012 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
7013 	rdev->cur_cmd_info = NULL;
7014 
7015 	return err;
7016 }
7017 
7018 static int nl80211_testmode_dump(struct sk_buff *skb,
7019 				 struct netlink_callback *cb)
7020 {
7021 	struct cfg80211_registered_device *rdev;
7022 	int err;
7023 	long phy_idx;
7024 	void *data = NULL;
7025 	int data_len = 0;
7026 
7027 	rtnl_lock();
7028 
7029 	if (cb->args[0]) {
7030 		/*
7031 		 * 0 is a valid index, but not valid for args[0],
7032 		 * so we need to offset by 1.
7033 		 */
7034 		phy_idx = cb->args[0] - 1;
7035 	} else {
7036 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
7037 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
7038 				  nl80211_policy);
7039 		if (err)
7040 			goto out_err;
7041 
7042 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
7043 						  nl80211_fam.attrbuf);
7044 		if (IS_ERR(rdev)) {
7045 			err = PTR_ERR(rdev);
7046 			goto out_err;
7047 		}
7048 		phy_idx = rdev->wiphy_idx;
7049 		rdev = NULL;
7050 
7051 		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
7052 			cb->args[1] =
7053 				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
7054 	}
7055 
7056 	if (cb->args[1]) {
7057 		data = nla_data((void *)cb->args[1]);
7058 		data_len = nla_len((void *)cb->args[1]);
7059 	}
7060 
7061 	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
7062 	if (!rdev) {
7063 		err = -ENOENT;
7064 		goto out_err;
7065 	}
7066 
7067 	if (!rdev->ops->testmode_dump) {
7068 		err = -EOPNOTSUPP;
7069 		goto out_err;
7070 	}
7071 
7072 	while (1) {
7073 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
7074 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
7075 					   NL80211_CMD_TESTMODE);
7076 		struct nlattr *tmdata;
7077 
7078 		if (!hdr)
7079 			break;
7080 
7081 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
7082 			genlmsg_cancel(skb, hdr);
7083 			break;
7084 		}
7085 
7086 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
7087 		if (!tmdata) {
7088 			genlmsg_cancel(skb, hdr);
7089 			break;
7090 		}
7091 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
7092 		nla_nest_end(skb, tmdata);
7093 
7094 		if (err == -ENOBUFS || err == -ENOENT) {
7095 			genlmsg_cancel(skb, hdr);
7096 			break;
7097 		} else if (err) {
7098 			genlmsg_cancel(skb, hdr);
7099 			goto out_err;
7100 		}
7101 
7102 		genlmsg_end(skb, hdr);
7103 	}
7104 
7105 	err = skb->len;
7106 	/* see above */
7107 	cb->args[0] = phy_idx + 1;
7108  out_err:
7109 	rtnl_unlock();
7110 	return err;
7111 }
7112 #endif
7113 
7114 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
7115 {
7116 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7117 	struct net_device *dev = info->user_ptr[1];
7118 	struct cfg80211_connect_params connect;
7119 	struct wiphy *wiphy;
7120 	struct cfg80211_cached_keys *connkeys = NULL;
7121 	int err;
7122 
7123 	memset(&connect, 0, sizeof(connect));
7124 
7125 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7126 		return -EINVAL;
7127 
7128 	if (!info->attrs[NL80211_ATTR_SSID] ||
7129 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
7130 		return -EINVAL;
7131 
7132 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
7133 		connect.auth_type =
7134 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7135 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
7136 					     NL80211_CMD_CONNECT))
7137 			return -EINVAL;
7138 	} else
7139 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
7140 
7141 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
7142 
7143 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
7144 				      NL80211_MAX_NR_CIPHER_SUITES);
7145 	if (err)
7146 		return err;
7147 
7148 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7149 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7150 		return -EOPNOTSUPP;
7151 
7152 	wiphy = &rdev->wiphy;
7153 
7154 	connect.bg_scan_period = -1;
7155 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
7156 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
7157 		connect.bg_scan_period =
7158 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
7159 	}
7160 
7161 	if (info->attrs[NL80211_ATTR_MAC])
7162 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7163 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
7164 		connect.bssid_hint =
7165 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
7166 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7167 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7168 
7169 	if (info->attrs[NL80211_ATTR_IE]) {
7170 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7171 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7172 	}
7173 
7174 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
7175 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7176 		if (connect.mfp != NL80211_MFP_REQUIRED &&
7177 		    connect.mfp != NL80211_MFP_NO)
7178 			return -EINVAL;
7179 	} else {
7180 		connect.mfp = NL80211_MFP_NO;
7181 	}
7182 
7183 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7184 		connect.channel = nl80211_get_valid_chan(
7185 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7186 		if (!connect.channel)
7187 			return -EINVAL;
7188 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
7189 		connect.channel_hint = nl80211_get_valid_chan(
7190 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
7191 		if (!connect.channel_hint)
7192 			return -EINVAL;
7193 	}
7194 
7195 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7196 		connkeys = nl80211_parse_connkeys(rdev,
7197 					  info->attrs[NL80211_ATTR_KEYS], NULL);
7198 		if (IS_ERR(connkeys))
7199 			return PTR_ERR(connkeys);
7200 	}
7201 
7202 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7203 		connect.flags |= ASSOC_REQ_DISABLE_HT;
7204 
7205 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7206 		memcpy(&connect.ht_capa_mask,
7207 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7208 		       sizeof(connect.ht_capa_mask));
7209 
7210 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7211 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
7212 			kfree(connkeys);
7213 			return -EINVAL;
7214 		}
7215 		memcpy(&connect.ht_capa,
7216 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7217 		       sizeof(connect.ht_capa));
7218 	}
7219 
7220 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7221 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
7222 
7223 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7224 		memcpy(&connect.vht_capa_mask,
7225 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7226 		       sizeof(connect.vht_capa_mask));
7227 
7228 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7229 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
7230 			kfree(connkeys);
7231 			return -EINVAL;
7232 		}
7233 		memcpy(&connect.vht_capa,
7234 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7235 		       sizeof(connect.vht_capa));
7236 	}
7237 
7238 	wdev_lock(dev->ieee80211_ptr);
7239 	err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
7240 	wdev_unlock(dev->ieee80211_ptr);
7241 	if (err)
7242 		kfree(connkeys);
7243 	return err;
7244 }
7245 
7246 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
7247 {
7248 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7249 	struct net_device *dev = info->user_ptr[1];
7250 	u16 reason;
7251 	int ret;
7252 
7253 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7254 		reason = WLAN_REASON_DEAUTH_LEAVING;
7255 	else
7256 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7257 
7258 	if (reason == 0)
7259 		return -EINVAL;
7260 
7261 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7262 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7263 		return -EOPNOTSUPP;
7264 
7265 	wdev_lock(dev->ieee80211_ptr);
7266 	ret = cfg80211_disconnect(rdev, dev, reason, true);
7267 	wdev_unlock(dev->ieee80211_ptr);
7268 	return ret;
7269 }
7270 
7271 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
7272 {
7273 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7274 	struct net *net;
7275 	int err;
7276 	u32 pid;
7277 
7278 	if (!info->attrs[NL80211_ATTR_PID])
7279 		return -EINVAL;
7280 
7281 	pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
7282 
7283 	net = get_net_ns_by_pid(pid);
7284 	if (IS_ERR(net))
7285 		return PTR_ERR(net);
7286 
7287 	err = 0;
7288 
7289 	/* check if anything to do */
7290 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
7291 		err = cfg80211_switch_netns(rdev, net);
7292 
7293 	put_net(net);
7294 	return err;
7295 }
7296 
7297 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
7298 {
7299 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7300 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
7301 			struct cfg80211_pmksa *pmksa) = NULL;
7302 	struct net_device *dev = info->user_ptr[1];
7303 	struct cfg80211_pmksa pmksa;
7304 
7305 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
7306 
7307 	if (!info->attrs[NL80211_ATTR_MAC])
7308 		return -EINVAL;
7309 
7310 	if (!info->attrs[NL80211_ATTR_PMKID])
7311 		return -EINVAL;
7312 
7313 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
7314 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7315 
7316 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7317 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7318 		return -EOPNOTSUPP;
7319 
7320 	switch (info->genlhdr->cmd) {
7321 	case NL80211_CMD_SET_PMKSA:
7322 		rdev_ops = rdev->ops->set_pmksa;
7323 		break;
7324 	case NL80211_CMD_DEL_PMKSA:
7325 		rdev_ops = rdev->ops->del_pmksa;
7326 		break;
7327 	default:
7328 		WARN_ON(1);
7329 		break;
7330 	}
7331 
7332 	if (!rdev_ops)
7333 		return -EOPNOTSUPP;
7334 
7335 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
7336 }
7337 
7338 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
7339 {
7340 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7341 	struct net_device *dev = info->user_ptr[1];
7342 
7343 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7344 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7345 		return -EOPNOTSUPP;
7346 
7347 	if (!rdev->ops->flush_pmksa)
7348 		return -EOPNOTSUPP;
7349 
7350 	return rdev_flush_pmksa(rdev, dev);
7351 }
7352 
7353 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
7354 {
7355 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7356 	struct net_device *dev = info->user_ptr[1];
7357 	u8 action_code, dialog_token;
7358 	u32 peer_capability = 0;
7359 	u16 status_code;
7360 	u8 *peer;
7361 	bool initiator;
7362 
7363 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7364 	    !rdev->ops->tdls_mgmt)
7365 		return -EOPNOTSUPP;
7366 
7367 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
7368 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
7369 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
7370 	    !info->attrs[NL80211_ATTR_IE] ||
7371 	    !info->attrs[NL80211_ATTR_MAC])
7372 		return -EINVAL;
7373 
7374 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7375 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
7376 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
7377 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
7378 	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
7379 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
7380 		peer_capability =
7381 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
7382 
7383 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
7384 			      dialog_token, status_code, peer_capability,
7385 			      initiator,
7386 			      nla_data(info->attrs[NL80211_ATTR_IE]),
7387 			      nla_len(info->attrs[NL80211_ATTR_IE]));
7388 }
7389 
7390 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
7391 {
7392 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7393 	struct net_device *dev = info->user_ptr[1];
7394 	enum nl80211_tdls_operation operation;
7395 	u8 *peer;
7396 
7397 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7398 	    !rdev->ops->tdls_oper)
7399 		return -EOPNOTSUPP;
7400 
7401 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
7402 	    !info->attrs[NL80211_ATTR_MAC])
7403 		return -EINVAL;
7404 
7405 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
7406 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7407 
7408 	return rdev_tdls_oper(rdev, dev, peer, operation);
7409 }
7410 
7411 static int nl80211_remain_on_channel(struct sk_buff *skb,
7412 				     struct genl_info *info)
7413 {
7414 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7415 	struct wireless_dev *wdev = info->user_ptr[1];
7416 	struct cfg80211_chan_def chandef;
7417 	struct sk_buff *msg;
7418 	void *hdr;
7419 	u64 cookie;
7420 	u32 duration;
7421 	int err;
7422 
7423 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7424 	    !info->attrs[NL80211_ATTR_DURATION])
7425 		return -EINVAL;
7426 
7427 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7428 
7429 	if (!rdev->ops->remain_on_channel ||
7430 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
7431 		return -EOPNOTSUPP;
7432 
7433 	/*
7434 	 * We should be on that channel for at least a minimum amount of
7435 	 * time (10ms) but no longer than the driver supports.
7436 	 */
7437 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7438 	    duration > rdev->wiphy.max_remain_on_channel_duration)
7439 		return -EINVAL;
7440 
7441 	err = nl80211_parse_chandef(rdev, info, &chandef);
7442 	if (err)
7443 		return err;
7444 
7445 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7446 	if (!msg)
7447 		return -ENOMEM;
7448 
7449 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7450 			     NL80211_CMD_REMAIN_ON_CHANNEL);
7451 	if (!hdr) {
7452 		err = -ENOBUFS;
7453 		goto free_msg;
7454 	}
7455 
7456 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
7457 				     duration, &cookie);
7458 
7459 	if (err)
7460 		goto free_msg;
7461 
7462 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7463 		goto nla_put_failure;
7464 
7465 	genlmsg_end(msg, hdr);
7466 
7467 	return genlmsg_reply(msg, info);
7468 
7469  nla_put_failure:
7470 	err = -ENOBUFS;
7471  free_msg:
7472 	nlmsg_free(msg);
7473 	return err;
7474 }
7475 
7476 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
7477 					    struct genl_info *info)
7478 {
7479 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7480 	struct wireless_dev *wdev = info->user_ptr[1];
7481 	u64 cookie;
7482 
7483 	if (!info->attrs[NL80211_ATTR_COOKIE])
7484 		return -EINVAL;
7485 
7486 	if (!rdev->ops->cancel_remain_on_channel)
7487 		return -EOPNOTSUPP;
7488 
7489 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7490 
7491 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
7492 }
7493 
7494 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
7495 			   u8 *rates, u8 rates_len)
7496 {
7497 	u8 i;
7498 	u32 mask = 0;
7499 
7500 	for (i = 0; i < rates_len; i++) {
7501 		int rate = (rates[i] & 0x7f) * 5;
7502 		int ridx;
7503 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
7504 			struct ieee80211_rate *srate =
7505 				&sband->bitrates[ridx];
7506 			if (rate == srate->bitrate) {
7507 				mask |= 1 << ridx;
7508 				break;
7509 			}
7510 		}
7511 		if (ridx == sband->n_bitrates)
7512 			return 0; /* rate not found */
7513 	}
7514 
7515 	return mask;
7516 }
7517 
7518 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
7519 			       u8 *rates, u8 rates_len,
7520 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
7521 {
7522 	u8 i;
7523 
7524 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
7525 
7526 	for (i = 0; i < rates_len; i++) {
7527 		int ridx, rbit;
7528 
7529 		ridx = rates[i] / 8;
7530 		rbit = BIT(rates[i] % 8);
7531 
7532 		/* check validity */
7533 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
7534 			return false;
7535 
7536 		/* check availability */
7537 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
7538 			mcs[ridx] |= rbit;
7539 		else
7540 			return false;
7541 	}
7542 
7543 	return true;
7544 }
7545 
7546 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
7547 {
7548 	u16 mcs_mask = 0;
7549 
7550 	switch (vht_mcs_map) {
7551 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
7552 		break;
7553 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
7554 		mcs_mask = 0x00FF;
7555 		break;
7556 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
7557 		mcs_mask = 0x01FF;
7558 		break;
7559 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
7560 		mcs_mask = 0x03FF;
7561 		break;
7562 	default:
7563 		break;
7564 	}
7565 
7566 	return mcs_mask;
7567 }
7568 
7569 static void vht_build_mcs_mask(u16 vht_mcs_map,
7570 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
7571 {
7572 	u8 nss;
7573 
7574 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
7575 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
7576 		vht_mcs_map >>= 2;
7577 	}
7578 }
7579 
7580 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
7581 			     struct nl80211_txrate_vht *txrate,
7582 			     u16 mcs[NL80211_VHT_NSS_MAX])
7583 {
7584 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
7585 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
7586 	u8 i;
7587 
7588 	if (!sband->vht_cap.vht_supported)
7589 		return false;
7590 
7591 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
7592 
7593 	/* Build vht_mcs_mask from VHT capabilities */
7594 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
7595 
7596 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
7597 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
7598 			mcs[i] = txrate->mcs[i];
7599 		else
7600 			return false;
7601 	}
7602 
7603 	return true;
7604 }
7605 
7606 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
7607 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
7608 				    .len = NL80211_MAX_SUPP_RATES },
7609 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
7610 				.len = NL80211_MAX_SUPP_HT_RATES },
7611 	[NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
7612 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
7613 };
7614 
7615 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
7616 				       struct genl_info *info)
7617 {
7618 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
7619 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7620 	struct cfg80211_bitrate_mask mask;
7621 	int rem, i;
7622 	struct net_device *dev = info->user_ptr[1];
7623 	struct nlattr *tx_rates;
7624 	struct ieee80211_supported_band *sband;
7625 	u16 vht_tx_mcs_map;
7626 
7627 	if (!rdev->ops->set_bitrate_mask)
7628 		return -EOPNOTSUPP;
7629 
7630 	memset(&mask, 0, sizeof(mask));
7631 	/* Default to all rates enabled */
7632 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
7633 		sband = rdev->wiphy.bands[i];
7634 
7635 		if (!sband)
7636 			continue;
7637 
7638 		mask.control[i].legacy = (1 << sband->n_bitrates) - 1;
7639 		memcpy(mask.control[i].ht_mcs,
7640 		       sband->ht_cap.mcs.rx_mask,
7641 		       sizeof(mask.control[i].ht_mcs));
7642 
7643 		if (!sband->vht_cap.vht_supported)
7644 			continue;
7645 
7646 		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
7647 		vht_build_mcs_mask(vht_tx_mcs_map, mask.control[i].vht_mcs);
7648 	}
7649 
7650 	/* if no rates are given set it back to the defaults */
7651 	if (!info->attrs[NL80211_ATTR_TX_RATES])
7652 		goto out;
7653 
7654 	/*
7655 	 * The nested attribute uses enum nl80211_band as the index. This maps
7656 	 * directly to the enum ieee80211_band values used in cfg80211.
7657 	 */
7658 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
7659 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
7660 		enum ieee80211_band band = nla_type(tx_rates);
7661 		int err;
7662 
7663 		if (band < 0 || band >= IEEE80211_NUM_BANDS)
7664 			return -EINVAL;
7665 		sband = rdev->wiphy.bands[band];
7666 		if (sband == NULL)
7667 			return -EINVAL;
7668 		err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
7669 				nla_len(tx_rates), nl80211_txattr_policy);
7670 		if (err)
7671 			return err;
7672 		if (tb[NL80211_TXRATE_LEGACY]) {
7673 			mask.control[band].legacy = rateset_to_mask(
7674 				sband,
7675 				nla_data(tb[NL80211_TXRATE_LEGACY]),
7676 				nla_len(tb[NL80211_TXRATE_LEGACY]));
7677 			if ((mask.control[band].legacy == 0) &&
7678 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
7679 				return -EINVAL;
7680 		}
7681 		if (tb[NL80211_TXRATE_HT]) {
7682 			if (!ht_rateset_to_mask(
7683 					sband,
7684 					nla_data(tb[NL80211_TXRATE_HT]),
7685 					nla_len(tb[NL80211_TXRATE_HT]),
7686 					mask.control[band].ht_mcs))
7687 				return -EINVAL;
7688 		}
7689 		if (tb[NL80211_TXRATE_VHT]) {
7690 			if (!vht_set_mcs_mask(
7691 					sband,
7692 					nla_data(tb[NL80211_TXRATE_VHT]),
7693 					mask.control[band].vht_mcs))
7694 				return -EINVAL;
7695 		}
7696 		if (tb[NL80211_TXRATE_GI]) {
7697 			mask.control[band].gi =
7698 				nla_get_u8(tb[NL80211_TXRATE_GI]);
7699 			if (mask.control[band].gi > NL80211_TXRATE_FORCE_LGI)
7700 				return -EINVAL;
7701 		}
7702 
7703 		if (mask.control[band].legacy == 0) {
7704 			/* don't allow empty legacy rates if HT or VHT
7705 			 * are not even supported.
7706 			 */
7707 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
7708 			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
7709 				return -EINVAL;
7710 
7711 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
7712 				if (mask.control[band].ht_mcs[i])
7713 					goto out;
7714 
7715 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
7716 				if (mask.control[band].vht_mcs[i])
7717 					goto out;
7718 
7719 			/* legacy and mcs rates may not be both empty */
7720 			return -EINVAL;
7721 		}
7722 	}
7723 
7724 out:
7725 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
7726 }
7727 
7728 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
7729 {
7730 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7731 	struct wireless_dev *wdev = info->user_ptr[1];
7732 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
7733 
7734 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
7735 		return -EINVAL;
7736 
7737 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
7738 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
7739 
7740 	switch (wdev->iftype) {
7741 	case NL80211_IFTYPE_STATION:
7742 	case NL80211_IFTYPE_ADHOC:
7743 	case NL80211_IFTYPE_P2P_CLIENT:
7744 	case NL80211_IFTYPE_AP:
7745 	case NL80211_IFTYPE_AP_VLAN:
7746 	case NL80211_IFTYPE_MESH_POINT:
7747 	case NL80211_IFTYPE_P2P_GO:
7748 	case NL80211_IFTYPE_P2P_DEVICE:
7749 		break;
7750 	default:
7751 		return -EOPNOTSUPP;
7752 	}
7753 
7754 	/* not much point in registering if we can't reply */
7755 	if (!rdev->ops->mgmt_tx)
7756 		return -EOPNOTSUPP;
7757 
7758 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
7759 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
7760 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
7761 }
7762 
7763 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
7764 {
7765 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7766 	struct wireless_dev *wdev = info->user_ptr[1];
7767 	struct cfg80211_chan_def chandef;
7768 	int err;
7769 	void *hdr = NULL;
7770 	u64 cookie;
7771 	struct sk_buff *msg = NULL;
7772 	struct cfg80211_mgmt_tx_params params = {
7773 		.dont_wait_for_ack =
7774 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
7775 	};
7776 
7777 	if (!info->attrs[NL80211_ATTR_FRAME])
7778 		return -EINVAL;
7779 
7780 	if (!rdev->ops->mgmt_tx)
7781 		return -EOPNOTSUPP;
7782 
7783 	switch (wdev->iftype) {
7784 	case NL80211_IFTYPE_P2P_DEVICE:
7785 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
7786 			return -EINVAL;
7787 	case NL80211_IFTYPE_STATION:
7788 	case NL80211_IFTYPE_ADHOC:
7789 	case NL80211_IFTYPE_P2P_CLIENT:
7790 	case NL80211_IFTYPE_AP:
7791 	case NL80211_IFTYPE_AP_VLAN:
7792 	case NL80211_IFTYPE_MESH_POINT:
7793 	case NL80211_IFTYPE_P2P_GO:
7794 		break;
7795 	default:
7796 		return -EOPNOTSUPP;
7797 	}
7798 
7799 	if (info->attrs[NL80211_ATTR_DURATION]) {
7800 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7801 			return -EINVAL;
7802 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7803 
7804 		/*
7805 		 * We should wait on the channel for at least a minimum amount
7806 		 * of time (10ms) but no longer than the driver supports.
7807 		 */
7808 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7809 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
7810 			return -EINVAL;
7811 
7812 	}
7813 
7814 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
7815 
7816 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7817 		return -EINVAL;
7818 
7819 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7820 
7821 	/* get the channel if any has been specified, otherwise pass NULL to
7822 	 * the driver. The latter will use the current one
7823 	 */
7824 	chandef.chan = NULL;
7825 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7826 		err = nl80211_parse_chandef(rdev, info, &chandef);
7827 		if (err)
7828 			return err;
7829 	}
7830 
7831 	if (!chandef.chan && params.offchan)
7832 		return -EINVAL;
7833 
7834 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
7835 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
7836 
7837 	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
7838 		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
7839 		int i;
7840 
7841 		if (len % sizeof(u16))
7842 			return -EINVAL;
7843 
7844 		params.n_csa_offsets = len / sizeof(u16);
7845 		params.csa_offsets =
7846 			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
7847 
7848 		/* check that all the offsets fit the frame */
7849 		for (i = 0; i < params.n_csa_offsets; i++) {
7850 			if (params.csa_offsets[i] >= params.len)
7851 				return -EINVAL;
7852 		}
7853 	}
7854 
7855 	if (!params.dont_wait_for_ack) {
7856 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7857 		if (!msg)
7858 			return -ENOMEM;
7859 
7860 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7861 				     NL80211_CMD_FRAME);
7862 		if (!hdr) {
7863 			err = -ENOBUFS;
7864 			goto free_msg;
7865 		}
7866 	}
7867 
7868 	params.chan = chandef.chan;
7869 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
7870 	if (err)
7871 		goto free_msg;
7872 
7873 	if (msg) {
7874 		if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7875 			goto nla_put_failure;
7876 
7877 		genlmsg_end(msg, hdr);
7878 		return genlmsg_reply(msg, info);
7879 	}
7880 
7881 	return 0;
7882 
7883  nla_put_failure:
7884 	err = -ENOBUFS;
7885  free_msg:
7886 	nlmsg_free(msg);
7887 	return err;
7888 }
7889 
7890 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
7891 {
7892 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7893 	struct wireless_dev *wdev = info->user_ptr[1];
7894 	u64 cookie;
7895 
7896 	if (!info->attrs[NL80211_ATTR_COOKIE])
7897 		return -EINVAL;
7898 
7899 	if (!rdev->ops->mgmt_tx_cancel_wait)
7900 		return -EOPNOTSUPP;
7901 
7902 	switch (wdev->iftype) {
7903 	case NL80211_IFTYPE_STATION:
7904 	case NL80211_IFTYPE_ADHOC:
7905 	case NL80211_IFTYPE_P2P_CLIENT:
7906 	case NL80211_IFTYPE_AP:
7907 	case NL80211_IFTYPE_AP_VLAN:
7908 	case NL80211_IFTYPE_P2P_GO:
7909 	case NL80211_IFTYPE_P2P_DEVICE:
7910 		break;
7911 	default:
7912 		return -EOPNOTSUPP;
7913 	}
7914 
7915 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7916 
7917 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
7918 }
7919 
7920 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
7921 {
7922 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7923 	struct wireless_dev *wdev;
7924 	struct net_device *dev = info->user_ptr[1];
7925 	u8 ps_state;
7926 	bool state;
7927 	int err;
7928 
7929 	if (!info->attrs[NL80211_ATTR_PS_STATE])
7930 		return -EINVAL;
7931 
7932 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
7933 
7934 	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
7935 		return -EINVAL;
7936 
7937 	wdev = dev->ieee80211_ptr;
7938 
7939 	if (!rdev->ops->set_power_mgmt)
7940 		return -EOPNOTSUPP;
7941 
7942 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
7943 
7944 	if (state == wdev->ps)
7945 		return 0;
7946 
7947 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
7948 	if (!err)
7949 		wdev->ps = state;
7950 	return err;
7951 }
7952 
7953 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
7954 {
7955 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7956 	enum nl80211_ps_state ps_state;
7957 	struct wireless_dev *wdev;
7958 	struct net_device *dev = info->user_ptr[1];
7959 	struct sk_buff *msg;
7960 	void *hdr;
7961 	int err;
7962 
7963 	wdev = dev->ieee80211_ptr;
7964 
7965 	if (!rdev->ops->set_power_mgmt)
7966 		return -EOPNOTSUPP;
7967 
7968 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7969 	if (!msg)
7970 		return -ENOMEM;
7971 
7972 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7973 			     NL80211_CMD_GET_POWER_SAVE);
7974 	if (!hdr) {
7975 		err = -ENOBUFS;
7976 		goto free_msg;
7977 	}
7978 
7979 	if (wdev->ps)
7980 		ps_state = NL80211_PS_ENABLED;
7981 	else
7982 		ps_state = NL80211_PS_DISABLED;
7983 
7984 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
7985 		goto nla_put_failure;
7986 
7987 	genlmsg_end(msg, hdr);
7988 	return genlmsg_reply(msg, info);
7989 
7990  nla_put_failure:
7991 	err = -ENOBUFS;
7992  free_msg:
7993 	nlmsg_free(msg);
7994 	return err;
7995 }
7996 
7997 static const struct nla_policy
7998 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
7999 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
8000 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
8001 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
8002 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
8003 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
8004 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
8005 };
8006 
8007 static int nl80211_set_cqm_txe(struct genl_info *info,
8008 			       u32 rate, u32 pkts, u32 intvl)
8009 {
8010 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8011 	struct net_device *dev = info->user_ptr[1];
8012 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8013 
8014 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
8015 		return -EINVAL;
8016 
8017 	if (!rdev->ops->set_cqm_txe_config)
8018 		return -EOPNOTSUPP;
8019 
8020 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
8021 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8022 		return -EOPNOTSUPP;
8023 
8024 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
8025 }
8026 
8027 static int nl80211_set_cqm_rssi(struct genl_info *info,
8028 				s32 threshold, u32 hysteresis)
8029 {
8030 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8031 	struct net_device *dev = info->user_ptr[1];
8032 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8033 
8034 	if (threshold > 0)
8035 		return -EINVAL;
8036 
8037 	/* disabling - hysteresis should also be zero then */
8038 	if (threshold == 0)
8039 		hysteresis = 0;
8040 
8041 	if (!rdev->ops->set_cqm_rssi_config)
8042 		return -EOPNOTSUPP;
8043 
8044 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
8045 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8046 		return -EOPNOTSUPP;
8047 
8048 	return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
8049 }
8050 
8051 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
8052 {
8053 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
8054 	struct nlattr *cqm;
8055 	int err;
8056 
8057 	cqm = info->attrs[NL80211_ATTR_CQM];
8058 	if (!cqm)
8059 		return -EINVAL;
8060 
8061 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
8062 			       nl80211_attr_cqm_policy);
8063 	if (err)
8064 		return err;
8065 
8066 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
8067 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
8068 		s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
8069 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
8070 
8071 		return nl80211_set_cqm_rssi(info, threshold, hysteresis);
8072 	}
8073 
8074 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
8075 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
8076 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
8077 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
8078 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
8079 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
8080 
8081 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
8082 	}
8083 
8084 	return -EINVAL;
8085 }
8086 
8087 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
8088 {
8089 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8090 	struct net_device *dev = info->user_ptr[1];
8091 	struct mesh_config cfg;
8092 	struct mesh_setup setup;
8093 	int err;
8094 
8095 	/* start with default */
8096 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
8097 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
8098 
8099 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
8100 		/* and parse parameters if given */
8101 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
8102 		if (err)
8103 			return err;
8104 	}
8105 
8106 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
8107 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
8108 		return -EINVAL;
8109 
8110 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
8111 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
8112 
8113 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8114 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
8115 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8116 			return -EINVAL;
8117 
8118 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
8119 		setup.beacon_interval =
8120 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8121 		if (setup.beacon_interval < 10 ||
8122 		    setup.beacon_interval > 10000)
8123 			return -EINVAL;
8124 	}
8125 
8126 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
8127 		setup.dtim_period =
8128 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
8129 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
8130 			return -EINVAL;
8131 	}
8132 
8133 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
8134 		/* parse additional setup parameters if given */
8135 		err = nl80211_parse_mesh_setup(info, &setup);
8136 		if (err)
8137 			return err;
8138 	}
8139 
8140 	if (setup.user_mpm)
8141 		cfg.auto_open_plinks = false;
8142 
8143 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8144 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8145 		if (err)
8146 			return err;
8147 	} else {
8148 		/* cfg80211_join_mesh() will sort it out */
8149 		setup.chandef.chan = NULL;
8150 	}
8151 
8152 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8153 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8154 		int n_rates =
8155 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8156 		struct ieee80211_supported_band *sband;
8157 
8158 		if (!setup.chandef.chan)
8159 			return -EINVAL;
8160 
8161 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
8162 
8163 		err = ieee80211_get_ratemask(sband, rates, n_rates,
8164 					     &setup.basic_rates);
8165 		if (err)
8166 			return err;
8167 	}
8168 
8169 	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
8170 }
8171 
8172 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
8173 {
8174 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8175 	struct net_device *dev = info->user_ptr[1];
8176 
8177 	return cfg80211_leave_mesh(rdev, dev);
8178 }
8179 
8180 #ifdef CONFIG_PM
8181 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
8182 					struct cfg80211_registered_device *rdev)
8183 {
8184 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
8185 	struct nlattr *nl_pats, *nl_pat;
8186 	int i, pat_len;
8187 
8188 	if (!wowlan->n_patterns)
8189 		return 0;
8190 
8191 	nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
8192 	if (!nl_pats)
8193 		return -ENOBUFS;
8194 
8195 	for (i = 0; i < wowlan->n_patterns; i++) {
8196 		nl_pat = nla_nest_start(msg, i + 1);
8197 		if (!nl_pat)
8198 			return -ENOBUFS;
8199 		pat_len = wowlan->patterns[i].pattern_len;
8200 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
8201 			    wowlan->patterns[i].mask) ||
8202 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8203 			    wowlan->patterns[i].pattern) ||
8204 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8205 				wowlan->patterns[i].pkt_offset))
8206 			return -ENOBUFS;
8207 		nla_nest_end(msg, nl_pat);
8208 	}
8209 	nla_nest_end(msg, nl_pats);
8210 
8211 	return 0;
8212 }
8213 
8214 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
8215 				   struct cfg80211_wowlan_tcp *tcp)
8216 {
8217 	struct nlattr *nl_tcp;
8218 
8219 	if (!tcp)
8220 		return 0;
8221 
8222 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
8223 	if (!nl_tcp)
8224 		return -ENOBUFS;
8225 
8226 	if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
8227 	    nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
8228 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
8229 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
8230 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
8231 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
8232 		    tcp->payload_len, tcp->payload) ||
8233 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
8234 			tcp->data_interval) ||
8235 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
8236 		    tcp->wake_len, tcp->wake_data) ||
8237 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
8238 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
8239 		return -ENOBUFS;
8240 
8241 	if (tcp->payload_seq.len &&
8242 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
8243 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
8244 		return -ENOBUFS;
8245 
8246 	if (tcp->payload_tok.len &&
8247 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
8248 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
8249 		    &tcp->payload_tok))
8250 		return -ENOBUFS;
8251 
8252 	nla_nest_end(msg, nl_tcp);
8253 
8254 	return 0;
8255 }
8256 
8257 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
8258 {
8259 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8260 	struct sk_buff *msg;
8261 	void *hdr;
8262 	u32 size = NLMSG_DEFAULT_SIZE;
8263 
8264 	if (!rdev->wiphy.wowlan)
8265 		return -EOPNOTSUPP;
8266 
8267 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
8268 		/* adjust size to have room for all the data */
8269 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
8270 			rdev->wiphy.wowlan_config->tcp->payload_len +
8271 			rdev->wiphy.wowlan_config->tcp->wake_len +
8272 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
8273 	}
8274 
8275 	msg = nlmsg_new(size, GFP_KERNEL);
8276 	if (!msg)
8277 		return -ENOMEM;
8278 
8279 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8280 			     NL80211_CMD_GET_WOWLAN);
8281 	if (!hdr)
8282 		goto nla_put_failure;
8283 
8284 	if (rdev->wiphy.wowlan_config) {
8285 		struct nlattr *nl_wowlan;
8286 
8287 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
8288 		if (!nl_wowlan)
8289 			goto nla_put_failure;
8290 
8291 		if ((rdev->wiphy.wowlan_config->any &&
8292 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
8293 		    (rdev->wiphy.wowlan_config->disconnect &&
8294 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
8295 		    (rdev->wiphy.wowlan_config->magic_pkt &&
8296 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
8297 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
8298 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
8299 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
8300 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
8301 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
8302 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
8303 		    (rdev->wiphy.wowlan_config->rfkill_release &&
8304 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
8305 			goto nla_put_failure;
8306 
8307 		if (nl80211_send_wowlan_patterns(msg, rdev))
8308 			goto nla_put_failure;
8309 
8310 		if (nl80211_send_wowlan_tcp(msg,
8311 					    rdev->wiphy.wowlan_config->tcp))
8312 			goto nla_put_failure;
8313 
8314 		nla_nest_end(msg, nl_wowlan);
8315 	}
8316 
8317 	genlmsg_end(msg, hdr);
8318 	return genlmsg_reply(msg, info);
8319 
8320 nla_put_failure:
8321 	nlmsg_free(msg);
8322 	return -ENOBUFS;
8323 }
8324 
8325 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
8326 				    struct nlattr *attr,
8327 				    struct cfg80211_wowlan *trig)
8328 {
8329 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
8330 	struct cfg80211_wowlan_tcp *cfg;
8331 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
8332 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
8333 	u32 size;
8334 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
8335 	int err, port;
8336 
8337 	if (!rdev->wiphy.wowlan->tcp)
8338 		return -EINVAL;
8339 
8340 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
8341 			nla_data(attr), nla_len(attr),
8342 			nl80211_wowlan_tcp_policy);
8343 	if (err)
8344 		return err;
8345 
8346 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
8347 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
8348 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
8349 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
8350 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
8351 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
8352 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
8353 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
8354 		return -EINVAL;
8355 
8356 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
8357 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
8358 		return -EINVAL;
8359 
8360 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
8361 			rdev->wiphy.wowlan->tcp->data_interval_max ||
8362 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
8363 		return -EINVAL;
8364 
8365 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
8366 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
8367 		return -EINVAL;
8368 
8369 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
8370 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
8371 		return -EINVAL;
8372 
8373 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
8374 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8375 
8376 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8377 		tokens_size = tokln - sizeof(*tok);
8378 
8379 		if (!tok->len || tokens_size % tok->len)
8380 			return -EINVAL;
8381 		if (!rdev->wiphy.wowlan->tcp->tok)
8382 			return -EINVAL;
8383 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
8384 			return -EINVAL;
8385 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
8386 			return -EINVAL;
8387 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
8388 			return -EINVAL;
8389 		if (tok->offset + tok->len > data_size)
8390 			return -EINVAL;
8391 	}
8392 
8393 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
8394 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
8395 		if (!rdev->wiphy.wowlan->tcp->seq)
8396 			return -EINVAL;
8397 		if (seq->len == 0 || seq->len > 4)
8398 			return -EINVAL;
8399 		if (seq->len + seq->offset > data_size)
8400 			return -EINVAL;
8401 	}
8402 
8403 	size = sizeof(*cfg);
8404 	size += data_size;
8405 	size += wake_size + wake_mask_size;
8406 	size += tokens_size;
8407 
8408 	cfg = kzalloc(size, GFP_KERNEL);
8409 	if (!cfg)
8410 		return -ENOMEM;
8411 	cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
8412 	cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
8413 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
8414 	       ETH_ALEN);
8415 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
8416 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
8417 	else
8418 		port = 0;
8419 #ifdef CONFIG_INET
8420 	/* allocate a socket and port for it and use it */
8421 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
8422 			    IPPROTO_TCP, &cfg->sock, 1);
8423 	if (err) {
8424 		kfree(cfg);
8425 		return err;
8426 	}
8427 	if (inet_csk_get_port(cfg->sock->sk, port)) {
8428 		sock_release(cfg->sock);
8429 		kfree(cfg);
8430 		return -EADDRINUSE;
8431 	}
8432 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
8433 #else
8434 	if (!port) {
8435 		kfree(cfg);
8436 		return -EINVAL;
8437 	}
8438 	cfg->src_port = port;
8439 #endif
8440 
8441 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
8442 	cfg->payload_len = data_size;
8443 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
8444 	memcpy((void *)cfg->payload,
8445 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
8446 	       data_size);
8447 	if (seq)
8448 		cfg->payload_seq = *seq;
8449 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
8450 	cfg->wake_len = wake_size;
8451 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
8452 	memcpy((void *)cfg->wake_data,
8453 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
8454 	       wake_size);
8455 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
8456 			 data_size + wake_size;
8457 	memcpy((void *)cfg->wake_mask,
8458 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
8459 	       wake_mask_size);
8460 	if (tok) {
8461 		cfg->tokens_size = tokens_size;
8462 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
8463 	}
8464 
8465 	trig->tcp = cfg;
8466 
8467 	return 0;
8468 }
8469 
8470 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
8471 {
8472 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8473 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
8474 	struct cfg80211_wowlan new_triggers = {};
8475 	struct cfg80211_wowlan *ntrig;
8476 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
8477 	int err, i;
8478 	bool prev_enabled = rdev->wiphy.wowlan_config;
8479 
8480 	if (!wowlan)
8481 		return -EOPNOTSUPP;
8482 
8483 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
8484 		cfg80211_rdev_free_wowlan(rdev);
8485 		rdev->wiphy.wowlan_config = NULL;
8486 		goto set_wakeup;
8487 	}
8488 
8489 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
8490 			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8491 			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8492 			nl80211_wowlan_policy);
8493 	if (err)
8494 		return err;
8495 
8496 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
8497 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
8498 			return -EINVAL;
8499 		new_triggers.any = true;
8500 	}
8501 
8502 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
8503 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
8504 			return -EINVAL;
8505 		new_triggers.disconnect = true;
8506 	}
8507 
8508 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
8509 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
8510 			return -EINVAL;
8511 		new_triggers.magic_pkt = true;
8512 	}
8513 
8514 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
8515 		return -EINVAL;
8516 
8517 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
8518 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
8519 			return -EINVAL;
8520 		new_triggers.gtk_rekey_failure = true;
8521 	}
8522 
8523 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
8524 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
8525 			return -EINVAL;
8526 		new_triggers.eap_identity_req = true;
8527 	}
8528 
8529 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
8530 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
8531 			return -EINVAL;
8532 		new_triggers.four_way_handshake = true;
8533 	}
8534 
8535 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
8536 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
8537 			return -EINVAL;
8538 		new_triggers.rfkill_release = true;
8539 	}
8540 
8541 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
8542 		struct nlattr *pat;
8543 		int n_patterns = 0;
8544 		int rem, pat_len, mask_len, pkt_offset;
8545 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8546 
8547 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8548 				    rem)
8549 			n_patterns++;
8550 		if (n_patterns > wowlan->n_patterns)
8551 			return -EINVAL;
8552 
8553 		new_triggers.patterns = kcalloc(n_patterns,
8554 						sizeof(new_triggers.patterns[0]),
8555 						GFP_KERNEL);
8556 		if (!new_triggers.patterns)
8557 			return -ENOMEM;
8558 
8559 		new_triggers.n_patterns = n_patterns;
8560 		i = 0;
8561 
8562 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8563 				    rem) {
8564 			u8 *mask_pat;
8565 
8566 			nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8567 				  nla_len(pat), NULL);
8568 			err = -EINVAL;
8569 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
8570 			    !pat_tb[NL80211_PKTPAT_PATTERN])
8571 				goto error;
8572 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8573 			mask_len = DIV_ROUND_UP(pat_len, 8);
8574 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8575 				goto error;
8576 			if (pat_len > wowlan->pattern_max_len ||
8577 			    pat_len < wowlan->pattern_min_len)
8578 				goto error;
8579 
8580 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
8581 				pkt_offset = 0;
8582 			else
8583 				pkt_offset = nla_get_u32(
8584 					pat_tb[NL80211_PKTPAT_OFFSET]);
8585 			if (pkt_offset > wowlan->max_pkt_offset)
8586 				goto error;
8587 			new_triggers.patterns[i].pkt_offset = pkt_offset;
8588 
8589 			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
8590 			if (!mask_pat) {
8591 				err = -ENOMEM;
8592 				goto error;
8593 			}
8594 			new_triggers.patterns[i].mask = mask_pat;
8595 			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
8596 			       mask_len);
8597 			mask_pat += mask_len;
8598 			new_triggers.patterns[i].pattern = mask_pat;
8599 			new_triggers.patterns[i].pattern_len = pat_len;
8600 			memcpy(mask_pat,
8601 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
8602 			       pat_len);
8603 			i++;
8604 		}
8605 	}
8606 
8607 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
8608 		err = nl80211_parse_wowlan_tcp(
8609 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
8610 			&new_triggers);
8611 		if (err)
8612 			goto error;
8613 	}
8614 
8615 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
8616 	if (!ntrig) {
8617 		err = -ENOMEM;
8618 		goto error;
8619 	}
8620 	cfg80211_rdev_free_wowlan(rdev);
8621 	rdev->wiphy.wowlan_config = ntrig;
8622 
8623  set_wakeup:
8624 	if (rdev->ops->set_wakeup &&
8625 	    prev_enabled != !!rdev->wiphy.wowlan_config)
8626 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
8627 
8628 	return 0;
8629  error:
8630 	for (i = 0; i < new_triggers.n_patterns; i++)
8631 		kfree(new_triggers.patterns[i].mask);
8632 	kfree(new_triggers.patterns);
8633 	if (new_triggers.tcp && new_triggers.tcp->sock)
8634 		sock_release(new_triggers.tcp->sock);
8635 	kfree(new_triggers.tcp);
8636 	return err;
8637 }
8638 #endif
8639 
8640 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
8641 				       struct cfg80211_registered_device *rdev)
8642 {
8643 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
8644 	int i, j, pat_len;
8645 	struct cfg80211_coalesce_rules *rule;
8646 
8647 	if (!rdev->coalesce->n_rules)
8648 		return 0;
8649 
8650 	nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
8651 	if (!nl_rules)
8652 		return -ENOBUFS;
8653 
8654 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
8655 		nl_rule = nla_nest_start(msg, i + 1);
8656 		if (!nl_rule)
8657 			return -ENOBUFS;
8658 
8659 		rule = &rdev->coalesce->rules[i];
8660 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
8661 				rule->delay))
8662 			return -ENOBUFS;
8663 
8664 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
8665 				rule->condition))
8666 			return -ENOBUFS;
8667 
8668 		nl_pats = nla_nest_start(msg,
8669 				NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
8670 		if (!nl_pats)
8671 			return -ENOBUFS;
8672 
8673 		for (j = 0; j < rule->n_patterns; j++) {
8674 			nl_pat = nla_nest_start(msg, j + 1);
8675 			if (!nl_pat)
8676 				return -ENOBUFS;
8677 			pat_len = rule->patterns[j].pattern_len;
8678 			if (nla_put(msg, NL80211_PKTPAT_MASK,
8679 				    DIV_ROUND_UP(pat_len, 8),
8680 				    rule->patterns[j].mask) ||
8681 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8682 				    rule->patterns[j].pattern) ||
8683 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8684 					rule->patterns[j].pkt_offset))
8685 				return -ENOBUFS;
8686 			nla_nest_end(msg, nl_pat);
8687 		}
8688 		nla_nest_end(msg, nl_pats);
8689 		nla_nest_end(msg, nl_rule);
8690 	}
8691 	nla_nest_end(msg, nl_rules);
8692 
8693 	return 0;
8694 }
8695 
8696 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
8697 {
8698 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8699 	struct sk_buff *msg;
8700 	void *hdr;
8701 
8702 	if (!rdev->wiphy.coalesce)
8703 		return -EOPNOTSUPP;
8704 
8705 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8706 	if (!msg)
8707 		return -ENOMEM;
8708 
8709 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8710 			     NL80211_CMD_GET_COALESCE);
8711 	if (!hdr)
8712 		goto nla_put_failure;
8713 
8714 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
8715 		goto nla_put_failure;
8716 
8717 	genlmsg_end(msg, hdr);
8718 	return genlmsg_reply(msg, info);
8719 
8720 nla_put_failure:
8721 	nlmsg_free(msg);
8722 	return -ENOBUFS;
8723 }
8724 
8725 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
8726 {
8727 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
8728 	int i, j;
8729 	struct cfg80211_coalesce_rules *rule;
8730 
8731 	if (!coalesce)
8732 		return;
8733 
8734 	for (i = 0; i < coalesce->n_rules; i++) {
8735 		rule = &coalesce->rules[i];
8736 		for (j = 0; j < rule->n_patterns; j++)
8737 			kfree(rule->patterns[j].mask);
8738 		kfree(rule->patterns);
8739 	}
8740 	kfree(coalesce->rules);
8741 	kfree(coalesce);
8742 	rdev->coalesce = NULL;
8743 }
8744 
8745 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
8746 				       struct nlattr *rule,
8747 				       struct cfg80211_coalesce_rules *new_rule)
8748 {
8749 	int err, i;
8750 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8751 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
8752 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
8753 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8754 
8755 	err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
8756 			nla_len(rule), nl80211_coalesce_policy);
8757 	if (err)
8758 		return err;
8759 
8760 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
8761 		new_rule->delay =
8762 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
8763 	if (new_rule->delay > coalesce->max_delay)
8764 		return -EINVAL;
8765 
8766 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
8767 		new_rule->condition =
8768 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
8769 	if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
8770 	    new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
8771 		return -EINVAL;
8772 
8773 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
8774 		return -EINVAL;
8775 
8776 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8777 			    rem)
8778 		n_patterns++;
8779 	if (n_patterns > coalesce->n_patterns)
8780 		return -EINVAL;
8781 
8782 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
8783 				     GFP_KERNEL);
8784 	if (!new_rule->patterns)
8785 		return -ENOMEM;
8786 
8787 	new_rule->n_patterns = n_patterns;
8788 	i = 0;
8789 
8790 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8791 			    rem) {
8792 		u8 *mask_pat;
8793 
8794 		nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8795 			  nla_len(pat), NULL);
8796 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
8797 		    !pat_tb[NL80211_PKTPAT_PATTERN])
8798 			return -EINVAL;
8799 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8800 		mask_len = DIV_ROUND_UP(pat_len, 8);
8801 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8802 			return -EINVAL;
8803 		if (pat_len > coalesce->pattern_max_len ||
8804 		    pat_len < coalesce->pattern_min_len)
8805 			return -EINVAL;
8806 
8807 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
8808 			pkt_offset = 0;
8809 		else
8810 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
8811 		if (pkt_offset > coalesce->max_pkt_offset)
8812 			return -EINVAL;
8813 		new_rule->patterns[i].pkt_offset = pkt_offset;
8814 
8815 		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
8816 		if (!mask_pat)
8817 			return -ENOMEM;
8818 
8819 		new_rule->patterns[i].mask = mask_pat;
8820 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
8821 		       mask_len);
8822 
8823 		mask_pat += mask_len;
8824 		new_rule->patterns[i].pattern = mask_pat;
8825 		new_rule->patterns[i].pattern_len = pat_len;
8826 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
8827 		       pat_len);
8828 		i++;
8829 	}
8830 
8831 	return 0;
8832 }
8833 
8834 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
8835 {
8836 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8837 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8838 	struct cfg80211_coalesce new_coalesce = {};
8839 	struct cfg80211_coalesce *n_coalesce;
8840 	int err, rem_rule, n_rules = 0, i, j;
8841 	struct nlattr *rule;
8842 	struct cfg80211_coalesce_rules *tmp_rule;
8843 
8844 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
8845 		return -EOPNOTSUPP;
8846 
8847 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
8848 		cfg80211_rdev_free_coalesce(rdev);
8849 		rdev->ops->set_coalesce(&rdev->wiphy, NULL);
8850 		return 0;
8851 	}
8852 
8853 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8854 			    rem_rule)
8855 		n_rules++;
8856 	if (n_rules > coalesce->n_rules)
8857 		return -EINVAL;
8858 
8859 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
8860 				     GFP_KERNEL);
8861 	if (!new_coalesce.rules)
8862 		return -ENOMEM;
8863 
8864 	new_coalesce.n_rules = n_rules;
8865 	i = 0;
8866 
8867 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8868 			    rem_rule) {
8869 		err = nl80211_parse_coalesce_rule(rdev, rule,
8870 						  &new_coalesce.rules[i]);
8871 		if (err)
8872 			goto error;
8873 
8874 		i++;
8875 	}
8876 
8877 	err = rdev->ops->set_coalesce(&rdev->wiphy, &new_coalesce);
8878 	if (err)
8879 		goto error;
8880 
8881 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
8882 	if (!n_coalesce) {
8883 		err = -ENOMEM;
8884 		goto error;
8885 	}
8886 	cfg80211_rdev_free_coalesce(rdev);
8887 	rdev->coalesce = n_coalesce;
8888 
8889 	return 0;
8890 error:
8891 	for (i = 0; i < new_coalesce.n_rules; i++) {
8892 		tmp_rule = &new_coalesce.rules[i];
8893 		for (j = 0; j < tmp_rule->n_patterns; j++)
8894 			kfree(tmp_rule->patterns[j].mask);
8895 		kfree(tmp_rule->patterns);
8896 	}
8897 	kfree(new_coalesce.rules);
8898 
8899 	return err;
8900 }
8901 
8902 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
8903 {
8904 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8905 	struct net_device *dev = info->user_ptr[1];
8906 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8907 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
8908 	struct cfg80211_gtk_rekey_data rekey_data;
8909 	int err;
8910 
8911 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
8912 		return -EINVAL;
8913 
8914 	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
8915 			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
8916 			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
8917 			nl80211_rekey_policy);
8918 	if (err)
8919 		return err;
8920 
8921 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
8922 		return -ERANGE;
8923 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
8924 		return -ERANGE;
8925 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
8926 		return -ERANGE;
8927 
8928 	memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
8929 	       NL80211_KEK_LEN);
8930 	memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
8931 	       NL80211_KCK_LEN);
8932 	memcpy(rekey_data.replay_ctr,
8933 	       nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
8934 	       NL80211_REPLAY_CTR_LEN);
8935 
8936 	wdev_lock(wdev);
8937 	if (!wdev->current_bss) {
8938 		err = -ENOTCONN;
8939 		goto out;
8940 	}
8941 
8942 	if (!rdev->ops->set_rekey_data) {
8943 		err = -EOPNOTSUPP;
8944 		goto out;
8945 	}
8946 
8947 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
8948  out:
8949 	wdev_unlock(wdev);
8950 	return err;
8951 }
8952 
8953 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
8954 					     struct genl_info *info)
8955 {
8956 	struct net_device *dev = info->user_ptr[1];
8957 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8958 
8959 	if (wdev->iftype != NL80211_IFTYPE_AP &&
8960 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
8961 		return -EINVAL;
8962 
8963 	if (wdev->ap_unexpected_nlportid)
8964 		return -EBUSY;
8965 
8966 	wdev->ap_unexpected_nlportid = info->snd_portid;
8967 	return 0;
8968 }
8969 
8970 static int nl80211_probe_client(struct sk_buff *skb,
8971 				struct genl_info *info)
8972 {
8973 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8974 	struct net_device *dev = info->user_ptr[1];
8975 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8976 	struct sk_buff *msg;
8977 	void *hdr;
8978 	const u8 *addr;
8979 	u64 cookie;
8980 	int err;
8981 
8982 	if (wdev->iftype != NL80211_IFTYPE_AP &&
8983 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
8984 		return -EOPNOTSUPP;
8985 
8986 	if (!info->attrs[NL80211_ATTR_MAC])
8987 		return -EINVAL;
8988 
8989 	if (!rdev->ops->probe_client)
8990 		return -EOPNOTSUPP;
8991 
8992 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8993 	if (!msg)
8994 		return -ENOMEM;
8995 
8996 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8997 			     NL80211_CMD_PROBE_CLIENT);
8998 	if (!hdr) {
8999 		err = -ENOBUFS;
9000 		goto free_msg;
9001 	}
9002 
9003 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
9004 
9005 	err = rdev_probe_client(rdev, dev, addr, &cookie);
9006 	if (err)
9007 		goto free_msg;
9008 
9009 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
9010 		goto nla_put_failure;
9011 
9012 	genlmsg_end(msg, hdr);
9013 
9014 	return genlmsg_reply(msg, info);
9015 
9016  nla_put_failure:
9017 	err = -ENOBUFS;
9018  free_msg:
9019 	nlmsg_free(msg);
9020 	return err;
9021 }
9022 
9023 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
9024 {
9025 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9026 	struct cfg80211_beacon_registration *reg, *nreg;
9027 	int rv;
9028 
9029 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
9030 		return -EOPNOTSUPP;
9031 
9032 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
9033 	if (!nreg)
9034 		return -ENOMEM;
9035 
9036 	/* First, check if already registered. */
9037 	spin_lock_bh(&rdev->beacon_registrations_lock);
9038 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
9039 		if (reg->nlportid == info->snd_portid) {
9040 			rv = -EALREADY;
9041 			goto out_err;
9042 		}
9043 	}
9044 	/* Add it to the list */
9045 	nreg->nlportid = info->snd_portid;
9046 	list_add(&nreg->list, &rdev->beacon_registrations);
9047 
9048 	spin_unlock_bh(&rdev->beacon_registrations_lock);
9049 
9050 	return 0;
9051 out_err:
9052 	spin_unlock_bh(&rdev->beacon_registrations_lock);
9053 	kfree(nreg);
9054 	return rv;
9055 }
9056 
9057 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
9058 {
9059 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9060 	struct wireless_dev *wdev = info->user_ptr[1];
9061 	int err;
9062 
9063 	if (!rdev->ops->start_p2p_device)
9064 		return -EOPNOTSUPP;
9065 
9066 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9067 		return -EOPNOTSUPP;
9068 
9069 	if (wdev->p2p_started)
9070 		return 0;
9071 
9072 	if (rfkill_blocked(rdev->rfkill))
9073 		return -ERFKILL;
9074 
9075 	err = rdev_start_p2p_device(rdev, wdev);
9076 	if (err)
9077 		return err;
9078 
9079 	wdev->p2p_started = true;
9080 	rdev->opencount++;
9081 
9082 	return 0;
9083 }
9084 
9085 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
9086 {
9087 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9088 	struct wireless_dev *wdev = info->user_ptr[1];
9089 
9090 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9091 		return -EOPNOTSUPP;
9092 
9093 	if (!rdev->ops->stop_p2p_device)
9094 		return -EOPNOTSUPP;
9095 
9096 	cfg80211_stop_p2p_device(rdev, wdev);
9097 
9098 	return 0;
9099 }
9100 
9101 static int nl80211_get_protocol_features(struct sk_buff *skb,
9102 					 struct genl_info *info)
9103 {
9104 	void *hdr;
9105 	struct sk_buff *msg;
9106 
9107 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9108 	if (!msg)
9109 		return -ENOMEM;
9110 
9111 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9112 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
9113 	if (!hdr)
9114 		goto nla_put_failure;
9115 
9116 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
9117 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
9118 		goto nla_put_failure;
9119 
9120 	genlmsg_end(msg, hdr);
9121 	return genlmsg_reply(msg, info);
9122 
9123  nla_put_failure:
9124 	kfree_skb(msg);
9125 	return -ENOBUFS;
9126 }
9127 
9128 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
9129 {
9130 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9131 	struct cfg80211_update_ft_ies_params ft_params;
9132 	struct net_device *dev = info->user_ptr[1];
9133 
9134 	if (!rdev->ops->update_ft_ies)
9135 		return -EOPNOTSUPP;
9136 
9137 	if (!info->attrs[NL80211_ATTR_MDID] ||
9138 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9139 		return -EINVAL;
9140 
9141 	memset(&ft_params, 0, sizeof(ft_params));
9142 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
9143 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9144 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9145 
9146 	return rdev_update_ft_ies(rdev, dev, &ft_params);
9147 }
9148 
9149 static int nl80211_crit_protocol_start(struct sk_buff *skb,
9150 				       struct genl_info *info)
9151 {
9152 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9153 	struct wireless_dev *wdev = info->user_ptr[1];
9154 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
9155 	u16 duration;
9156 	int ret;
9157 
9158 	if (!rdev->ops->crit_proto_start)
9159 		return -EOPNOTSUPP;
9160 
9161 	if (WARN_ON(!rdev->ops->crit_proto_stop))
9162 		return -EINVAL;
9163 
9164 	if (rdev->crit_proto_nlportid)
9165 		return -EBUSY;
9166 
9167 	/* determine protocol if provided */
9168 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
9169 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
9170 
9171 	if (proto >= NUM_NL80211_CRIT_PROTO)
9172 		return -EINVAL;
9173 
9174 	/* timeout must be provided */
9175 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
9176 		return -EINVAL;
9177 
9178 	duration =
9179 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
9180 
9181 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
9182 		return -ERANGE;
9183 
9184 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
9185 	if (!ret)
9186 		rdev->crit_proto_nlportid = info->snd_portid;
9187 
9188 	return ret;
9189 }
9190 
9191 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
9192 				      struct genl_info *info)
9193 {
9194 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9195 	struct wireless_dev *wdev = info->user_ptr[1];
9196 
9197 	if (!rdev->ops->crit_proto_stop)
9198 		return -EOPNOTSUPP;
9199 
9200 	if (rdev->crit_proto_nlportid) {
9201 		rdev->crit_proto_nlportid = 0;
9202 		rdev_crit_proto_stop(rdev, wdev);
9203 	}
9204 	return 0;
9205 }
9206 
9207 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
9208 {
9209 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9210 	struct wireless_dev *wdev =
9211 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9212 	int i, err;
9213 	u32 vid, subcmd;
9214 
9215 	if (!rdev->wiphy.vendor_commands)
9216 		return -EOPNOTSUPP;
9217 
9218 	if (IS_ERR(wdev)) {
9219 		err = PTR_ERR(wdev);
9220 		if (err != -EINVAL)
9221 			return err;
9222 		wdev = NULL;
9223 	} else if (wdev->wiphy != &rdev->wiphy) {
9224 		return -EINVAL;
9225 	}
9226 
9227 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
9228 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
9229 		return -EINVAL;
9230 
9231 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
9232 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
9233 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
9234 		const struct wiphy_vendor_command *vcmd;
9235 		void *data = NULL;
9236 		int len = 0;
9237 
9238 		vcmd = &rdev->wiphy.vendor_commands[i];
9239 
9240 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
9241 			continue;
9242 
9243 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
9244 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
9245 			if (!wdev)
9246 				return -EINVAL;
9247 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
9248 			    !wdev->netdev)
9249 				return -EINVAL;
9250 
9251 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
9252 				if (wdev->netdev &&
9253 				    !netif_running(wdev->netdev))
9254 					return -ENETDOWN;
9255 				if (!wdev->netdev && !wdev->p2p_started)
9256 					return -ENETDOWN;
9257 			}
9258 		} else {
9259 			wdev = NULL;
9260 		}
9261 
9262 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
9263 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9264 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9265 		}
9266 
9267 		rdev->cur_cmd_info = info;
9268 		err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
9269 							  data, len);
9270 		rdev->cur_cmd_info = NULL;
9271 		return err;
9272 	}
9273 
9274 	return -EOPNOTSUPP;
9275 }
9276 
9277 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
9278 					   enum nl80211_commands cmd,
9279 					   enum nl80211_attrs attr,
9280 					   int approxlen)
9281 {
9282 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9283 
9284 	if (WARN_ON(!rdev->cur_cmd_info))
9285 		return NULL;
9286 
9287 	return __cfg80211_alloc_vendor_skb(rdev, approxlen,
9288 					   rdev->cur_cmd_info->snd_portid,
9289 					   rdev->cur_cmd_info->snd_seq,
9290 					   cmd, attr, NULL, GFP_KERNEL);
9291 }
9292 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
9293 
9294 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
9295 {
9296 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9297 	void *hdr = ((void **)skb->cb)[1];
9298 	struct nlattr *data = ((void **)skb->cb)[2];
9299 
9300 	/* clear CB data for netlink core to own from now on */
9301 	memset(skb->cb, 0, sizeof(skb->cb));
9302 
9303 	if (WARN_ON(!rdev->cur_cmd_info)) {
9304 		kfree_skb(skb);
9305 		return -EINVAL;
9306 	}
9307 
9308 	nla_nest_end(skb, data);
9309 	genlmsg_end(skb, hdr);
9310 	return genlmsg_reply(skb, rdev->cur_cmd_info);
9311 }
9312 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
9313 
9314 
9315 static int nl80211_set_qos_map(struct sk_buff *skb,
9316 			       struct genl_info *info)
9317 {
9318 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9319 	struct cfg80211_qos_map *qos_map = NULL;
9320 	struct net_device *dev = info->user_ptr[1];
9321 	u8 *pos, len, num_des, des_len, des;
9322 	int ret;
9323 
9324 	if (!rdev->ops->set_qos_map)
9325 		return -EOPNOTSUPP;
9326 
9327 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
9328 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
9329 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
9330 
9331 		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
9332 		    len > IEEE80211_QOS_MAP_LEN_MAX)
9333 			return -EINVAL;
9334 
9335 		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
9336 		if (!qos_map)
9337 			return -ENOMEM;
9338 
9339 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
9340 		if (num_des) {
9341 			des_len = num_des *
9342 				sizeof(struct cfg80211_dscp_exception);
9343 			memcpy(qos_map->dscp_exception, pos, des_len);
9344 			qos_map->num_des = num_des;
9345 			for (des = 0; des < num_des; des++) {
9346 				if (qos_map->dscp_exception[des].up > 7) {
9347 					kfree(qos_map);
9348 					return -EINVAL;
9349 				}
9350 			}
9351 			pos += des_len;
9352 		}
9353 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
9354 	}
9355 
9356 	wdev_lock(dev->ieee80211_ptr);
9357 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
9358 	if (!ret)
9359 		ret = rdev_set_qos_map(rdev, dev, qos_map);
9360 	wdev_unlock(dev->ieee80211_ptr);
9361 
9362 	kfree(qos_map);
9363 	return ret;
9364 }
9365 
9366 #define NL80211_FLAG_NEED_WIPHY		0x01
9367 #define NL80211_FLAG_NEED_NETDEV	0x02
9368 #define NL80211_FLAG_NEED_RTNL		0x04
9369 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
9370 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
9371 					 NL80211_FLAG_CHECK_NETDEV_UP)
9372 #define NL80211_FLAG_NEED_WDEV		0x10
9373 /* If a netdev is associated, it must be UP, P2P must be started */
9374 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
9375 					 NL80211_FLAG_CHECK_NETDEV_UP)
9376 
9377 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
9378 			    struct genl_info *info)
9379 {
9380 	struct cfg80211_registered_device *rdev;
9381 	struct wireless_dev *wdev;
9382 	struct net_device *dev;
9383 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
9384 
9385 	if (rtnl)
9386 		rtnl_lock();
9387 
9388 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
9389 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
9390 		if (IS_ERR(rdev)) {
9391 			if (rtnl)
9392 				rtnl_unlock();
9393 			return PTR_ERR(rdev);
9394 		}
9395 		info->user_ptr[0] = rdev;
9396 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
9397 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
9398 		ASSERT_RTNL();
9399 
9400 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
9401 						  info->attrs);
9402 		if (IS_ERR(wdev)) {
9403 			if (rtnl)
9404 				rtnl_unlock();
9405 			return PTR_ERR(wdev);
9406 		}
9407 
9408 		dev = wdev->netdev;
9409 		rdev = wiphy_to_rdev(wdev->wiphy);
9410 
9411 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
9412 			if (!dev) {
9413 				if (rtnl)
9414 					rtnl_unlock();
9415 				return -EINVAL;
9416 			}
9417 
9418 			info->user_ptr[1] = dev;
9419 		} else {
9420 			info->user_ptr[1] = wdev;
9421 		}
9422 
9423 		if (dev) {
9424 			if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
9425 			    !netif_running(dev)) {
9426 				if (rtnl)
9427 					rtnl_unlock();
9428 				return -ENETDOWN;
9429 			}
9430 
9431 			dev_hold(dev);
9432 		} else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
9433 			if (!wdev->p2p_started) {
9434 				if (rtnl)
9435 					rtnl_unlock();
9436 				return -ENETDOWN;
9437 			}
9438 		}
9439 
9440 		info->user_ptr[0] = rdev;
9441 	}
9442 
9443 	return 0;
9444 }
9445 
9446 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
9447 			      struct genl_info *info)
9448 {
9449 	if (info->user_ptr[1]) {
9450 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
9451 			struct wireless_dev *wdev = info->user_ptr[1];
9452 
9453 			if (wdev->netdev)
9454 				dev_put(wdev->netdev);
9455 		} else {
9456 			dev_put(info->user_ptr[1]);
9457 		}
9458 	}
9459 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
9460 		rtnl_unlock();
9461 }
9462 
9463 static const struct genl_ops nl80211_ops[] = {
9464 	{
9465 		.cmd = NL80211_CMD_GET_WIPHY,
9466 		.doit = nl80211_get_wiphy,
9467 		.dumpit = nl80211_dump_wiphy,
9468 		.done = nl80211_dump_wiphy_done,
9469 		.policy = nl80211_policy,
9470 		/* can be retrieved by unprivileged users */
9471 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9472 				  NL80211_FLAG_NEED_RTNL,
9473 	},
9474 	{
9475 		.cmd = NL80211_CMD_SET_WIPHY,
9476 		.doit = nl80211_set_wiphy,
9477 		.policy = nl80211_policy,
9478 		.flags = GENL_ADMIN_PERM,
9479 		.internal_flags = NL80211_FLAG_NEED_RTNL,
9480 	},
9481 	{
9482 		.cmd = NL80211_CMD_GET_INTERFACE,
9483 		.doit = nl80211_get_interface,
9484 		.dumpit = nl80211_dump_interface,
9485 		.policy = nl80211_policy,
9486 		/* can be retrieved by unprivileged users */
9487 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9488 				  NL80211_FLAG_NEED_RTNL,
9489 	},
9490 	{
9491 		.cmd = NL80211_CMD_SET_INTERFACE,
9492 		.doit = nl80211_set_interface,
9493 		.policy = nl80211_policy,
9494 		.flags = GENL_ADMIN_PERM,
9495 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9496 				  NL80211_FLAG_NEED_RTNL,
9497 	},
9498 	{
9499 		.cmd = NL80211_CMD_NEW_INTERFACE,
9500 		.doit = nl80211_new_interface,
9501 		.policy = nl80211_policy,
9502 		.flags = GENL_ADMIN_PERM,
9503 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9504 				  NL80211_FLAG_NEED_RTNL,
9505 	},
9506 	{
9507 		.cmd = NL80211_CMD_DEL_INTERFACE,
9508 		.doit = nl80211_del_interface,
9509 		.policy = nl80211_policy,
9510 		.flags = GENL_ADMIN_PERM,
9511 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9512 				  NL80211_FLAG_NEED_RTNL,
9513 	},
9514 	{
9515 		.cmd = NL80211_CMD_GET_KEY,
9516 		.doit = nl80211_get_key,
9517 		.policy = nl80211_policy,
9518 		.flags = GENL_ADMIN_PERM,
9519 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9520 				  NL80211_FLAG_NEED_RTNL,
9521 	},
9522 	{
9523 		.cmd = NL80211_CMD_SET_KEY,
9524 		.doit = nl80211_set_key,
9525 		.policy = nl80211_policy,
9526 		.flags = GENL_ADMIN_PERM,
9527 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9528 				  NL80211_FLAG_NEED_RTNL,
9529 	},
9530 	{
9531 		.cmd = NL80211_CMD_NEW_KEY,
9532 		.doit = nl80211_new_key,
9533 		.policy = nl80211_policy,
9534 		.flags = GENL_ADMIN_PERM,
9535 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9536 				  NL80211_FLAG_NEED_RTNL,
9537 	},
9538 	{
9539 		.cmd = NL80211_CMD_DEL_KEY,
9540 		.doit = nl80211_del_key,
9541 		.policy = nl80211_policy,
9542 		.flags = GENL_ADMIN_PERM,
9543 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9544 				  NL80211_FLAG_NEED_RTNL,
9545 	},
9546 	{
9547 		.cmd = NL80211_CMD_SET_BEACON,
9548 		.policy = nl80211_policy,
9549 		.flags = GENL_ADMIN_PERM,
9550 		.doit = nl80211_set_beacon,
9551 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9552 				  NL80211_FLAG_NEED_RTNL,
9553 	},
9554 	{
9555 		.cmd = NL80211_CMD_START_AP,
9556 		.policy = nl80211_policy,
9557 		.flags = GENL_ADMIN_PERM,
9558 		.doit = nl80211_start_ap,
9559 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9560 				  NL80211_FLAG_NEED_RTNL,
9561 	},
9562 	{
9563 		.cmd = NL80211_CMD_STOP_AP,
9564 		.policy = nl80211_policy,
9565 		.flags = GENL_ADMIN_PERM,
9566 		.doit = nl80211_stop_ap,
9567 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9568 				  NL80211_FLAG_NEED_RTNL,
9569 	},
9570 	{
9571 		.cmd = NL80211_CMD_GET_STATION,
9572 		.doit = nl80211_get_station,
9573 		.dumpit = nl80211_dump_station,
9574 		.policy = nl80211_policy,
9575 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9576 				  NL80211_FLAG_NEED_RTNL,
9577 	},
9578 	{
9579 		.cmd = NL80211_CMD_SET_STATION,
9580 		.doit = nl80211_set_station,
9581 		.policy = nl80211_policy,
9582 		.flags = GENL_ADMIN_PERM,
9583 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9584 				  NL80211_FLAG_NEED_RTNL,
9585 	},
9586 	{
9587 		.cmd = NL80211_CMD_NEW_STATION,
9588 		.doit = nl80211_new_station,
9589 		.policy = nl80211_policy,
9590 		.flags = GENL_ADMIN_PERM,
9591 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9592 				  NL80211_FLAG_NEED_RTNL,
9593 	},
9594 	{
9595 		.cmd = NL80211_CMD_DEL_STATION,
9596 		.doit = nl80211_del_station,
9597 		.policy = nl80211_policy,
9598 		.flags = GENL_ADMIN_PERM,
9599 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9600 				  NL80211_FLAG_NEED_RTNL,
9601 	},
9602 	{
9603 		.cmd = NL80211_CMD_GET_MPATH,
9604 		.doit = nl80211_get_mpath,
9605 		.dumpit = nl80211_dump_mpath,
9606 		.policy = nl80211_policy,
9607 		.flags = GENL_ADMIN_PERM,
9608 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9609 				  NL80211_FLAG_NEED_RTNL,
9610 	},
9611 	{
9612 		.cmd = NL80211_CMD_SET_MPATH,
9613 		.doit = nl80211_set_mpath,
9614 		.policy = nl80211_policy,
9615 		.flags = GENL_ADMIN_PERM,
9616 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9617 				  NL80211_FLAG_NEED_RTNL,
9618 	},
9619 	{
9620 		.cmd = NL80211_CMD_NEW_MPATH,
9621 		.doit = nl80211_new_mpath,
9622 		.policy = nl80211_policy,
9623 		.flags = GENL_ADMIN_PERM,
9624 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9625 				  NL80211_FLAG_NEED_RTNL,
9626 	},
9627 	{
9628 		.cmd = NL80211_CMD_DEL_MPATH,
9629 		.doit = nl80211_del_mpath,
9630 		.policy = nl80211_policy,
9631 		.flags = GENL_ADMIN_PERM,
9632 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9633 				  NL80211_FLAG_NEED_RTNL,
9634 	},
9635 	{
9636 		.cmd = NL80211_CMD_SET_BSS,
9637 		.doit = nl80211_set_bss,
9638 		.policy = nl80211_policy,
9639 		.flags = GENL_ADMIN_PERM,
9640 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9641 				  NL80211_FLAG_NEED_RTNL,
9642 	},
9643 	{
9644 		.cmd = NL80211_CMD_GET_REG,
9645 		.doit = nl80211_get_reg,
9646 		.policy = nl80211_policy,
9647 		.internal_flags = NL80211_FLAG_NEED_RTNL,
9648 		/* can be retrieved by unprivileged users */
9649 	},
9650 	{
9651 		.cmd = NL80211_CMD_SET_REG,
9652 		.doit = nl80211_set_reg,
9653 		.policy = nl80211_policy,
9654 		.flags = GENL_ADMIN_PERM,
9655 		.internal_flags = NL80211_FLAG_NEED_RTNL,
9656 	},
9657 	{
9658 		.cmd = NL80211_CMD_REQ_SET_REG,
9659 		.doit = nl80211_req_set_reg,
9660 		.policy = nl80211_policy,
9661 		.flags = GENL_ADMIN_PERM,
9662 	},
9663 	{
9664 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
9665 		.doit = nl80211_get_mesh_config,
9666 		.policy = nl80211_policy,
9667 		/* can be retrieved by unprivileged users */
9668 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9669 				  NL80211_FLAG_NEED_RTNL,
9670 	},
9671 	{
9672 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
9673 		.doit = nl80211_update_mesh_config,
9674 		.policy = nl80211_policy,
9675 		.flags = GENL_ADMIN_PERM,
9676 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9677 				  NL80211_FLAG_NEED_RTNL,
9678 	},
9679 	{
9680 		.cmd = NL80211_CMD_TRIGGER_SCAN,
9681 		.doit = nl80211_trigger_scan,
9682 		.policy = nl80211_policy,
9683 		.flags = GENL_ADMIN_PERM,
9684 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9685 				  NL80211_FLAG_NEED_RTNL,
9686 	},
9687 	{
9688 		.cmd = NL80211_CMD_GET_SCAN,
9689 		.policy = nl80211_policy,
9690 		.dumpit = nl80211_dump_scan,
9691 	},
9692 	{
9693 		.cmd = NL80211_CMD_START_SCHED_SCAN,
9694 		.doit = nl80211_start_sched_scan,
9695 		.policy = nl80211_policy,
9696 		.flags = GENL_ADMIN_PERM,
9697 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9698 				  NL80211_FLAG_NEED_RTNL,
9699 	},
9700 	{
9701 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
9702 		.doit = nl80211_stop_sched_scan,
9703 		.policy = nl80211_policy,
9704 		.flags = GENL_ADMIN_PERM,
9705 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9706 				  NL80211_FLAG_NEED_RTNL,
9707 	},
9708 	{
9709 		.cmd = NL80211_CMD_AUTHENTICATE,
9710 		.doit = nl80211_authenticate,
9711 		.policy = nl80211_policy,
9712 		.flags = GENL_ADMIN_PERM,
9713 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9714 				  NL80211_FLAG_NEED_RTNL,
9715 	},
9716 	{
9717 		.cmd = NL80211_CMD_ASSOCIATE,
9718 		.doit = nl80211_associate,
9719 		.policy = nl80211_policy,
9720 		.flags = GENL_ADMIN_PERM,
9721 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9722 				  NL80211_FLAG_NEED_RTNL,
9723 	},
9724 	{
9725 		.cmd = NL80211_CMD_DEAUTHENTICATE,
9726 		.doit = nl80211_deauthenticate,
9727 		.policy = nl80211_policy,
9728 		.flags = GENL_ADMIN_PERM,
9729 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9730 				  NL80211_FLAG_NEED_RTNL,
9731 	},
9732 	{
9733 		.cmd = NL80211_CMD_DISASSOCIATE,
9734 		.doit = nl80211_disassociate,
9735 		.policy = nl80211_policy,
9736 		.flags = GENL_ADMIN_PERM,
9737 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9738 				  NL80211_FLAG_NEED_RTNL,
9739 	},
9740 	{
9741 		.cmd = NL80211_CMD_JOIN_IBSS,
9742 		.doit = nl80211_join_ibss,
9743 		.policy = nl80211_policy,
9744 		.flags = GENL_ADMIN_PERM,
9745 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9746 				  NL80211_FLAG_NEED_RTNL,
9747 	},
9748 	{
9749 		.cmd = NL80211_CMD_LEAVE_IBSS,
9750 		.doit = nl80211_leave_ibss,
9751 		.policy = nl80211_policy,
9752 		.flags = GENL_ADMIN_PERM,
9753 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9754 				  NL80211_FLAG_NEED_RTNL,
9755 	},
9756 #ifdef CONFIG_NL80211_TESTMODE
9757 	{
9758 		.cmd = NL80211_CMD_TESTMODE,
9759 		.doit = nl80211_testmode_do,
9760 		.dumpit = nl80211_testmode_dump,
9761 		.policy = nl80211_policy,
9762 		.flags = GENL_ADMIN_PERM,
9763 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9764 				  NL80211_FLAG_NEED_RTNL,
9765 	},
9766 #endif
9767 	{
9768 		.cmd = NL80211_CMD_CONNECT,
9769 		.doit = nl80211_connect,
9770 		.policy = nl80211_policy,
9771 		.flags = GENL_ADMIN_PERM,
9772 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9773 				  NL80211_FLAG_NEED_RTNL,
9774 	},
9775 	{
9776 		.cmd = NL80211_CMD_DISCONNECT,
9777 		.doit = nl80211_disconnect,
9778 		.policy = nl80211_policy,
9779 		.flags = GENL_ADMIN_PERM,
9780 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9781 				  NL80211_FLAG_NEED_RTNL,
9782 	},
9783 	{
9784 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
9785 		.doit = nl80211_wiphy_netns,
9786 		.policy = nl80211_policy,
9787 		.flags = GENL_ADMIN_PERM,
9788 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9789 				  NL80211_FLAG_NEED_RTNL,
9790 	},
9791 	{
9792 		.cmd = NL80211_CMD_GET_SURVEY,
9793 		.policy = nl80211_policy,
9794 		.dumpit = nl80211_dump_survey,
9795 	},
9796 	{
9797 		.cmd = NL80211_CMD_SET_PMKSA,
9798 		.doit = nl80211_setdel_pmksa,
9799 		.policy = nl80211_policy,
9800 		.flags = GENL_ADMIN_PERM,
9801 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9802 				  NL80211_FLAG_NEED_RTNL,
9803 	},
9804 	{
9805 		.cmd = NL80211_CMD_DEL_PMKSA,
9806 		.doit = nl80211_setdel_pmksa,
9807 		.policy = nl80211_policy,
9808 		.flags = GENL_ADMIN_PERM,
9809 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9810 				  NL80211_FLAG_NEED_RTNL,
9811 	},
9812 	{
9813 		.cmd = NL80211_CMD_FLUSH_PMKSA,
9814 		.doit = nl80211_flush_pmksa,
9815 		.policy = nl80211_policy,
9816 		.flags = GENL_ADMIN_PERM,
9817 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9818 				  NL80211_FLAG_NEED_RTNL,
9819 	},
9820 	{
9821 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
9822 		.doit = nl80211_remain_on_channel,
9823 		.policy = nl80211_policy,
9824 		.flags = GENL_ADMIN_PERM,
9825 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9826 				  NL80211_FLAG_NEED_RTNL,
9827 	},
9828 	{
9829 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
9830 		.doit = nl80211_cancel_remain_on_channel,
9831 		.policy = nl80211_policy,
9832 		.flags = GENL_ADMIN_PERM,
9833 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9834 				  NL80211_FLAG_NEED_RTNL,
9835 	},
9836 	{
9837 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
9838 		.doit = nl80211_set_tx_bitrate_mask,
9839 		.policy = nl80211_policy,
9840 		.flags = GENL_ADMIN_PERM,
9841 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9842 				  NL80211_FLAG_NEED_RTNL,
9843 	},
9844 	{
9845 		.cmd = NL80211_CMD_REGISTER_FRAME,
9846 		.doit = nl80211_register_mgmt,
9847 		.policy = nl80211_policy,
9848 		.flags = GENL_ADMIN_PERM,
9849 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9850 				  NL80211_FLAG_NEED_RTNL,
9851 	},
9852 	{
9853 		.cmd = NL80211_CMD_FRAME,
9854 		.doit = nl80211_tx_mgmt,
9855 		.policy = nl80211_policy,
9856 		.flags = GENL_ADMIN_PERM,
9857 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9858 				  NL80211_FLAG_NEED_RTNL,
9859 	},
9860 	{
9861 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
9862 		.doit = nl80211_tx_mgmt_cancel_wait,
9863 		.policy = nl80211_policy,
9864 		.flags = GENL_ADMIN_PERM,
9865 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9866 				  NL80211_FLAG_NEED_RTNL,
9867 	},
9868 	{
9869 		.cmd = NL80211_CMD_SET_POWER_SAVE,
9870 		.doit = nl80211_set_power_save,
9871 		.policy = nl80211_policy,
9872 		.flags = GENL_ADMIN_PERM,
9873 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9874 				  NL80211_FLAG_NEED_RTNL,
9875 	},
9876 	{
9877 		.cmd = NL80211_CMD_GET_POWER_SAVE,
9878 		.doit = nl80211_get_power_save,
9879 		.policy = nl80211_policy,
9880 		/* can be retrieved by unprivileged users */
9881 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9882 				  NL80211_FLAG_NEED_RTNL,
9883 	},
9884 	{
9885 		.cmd = NL80211_CMD_SET_CQM,
9886 		.doit = nl80211_set_cqm,
9887 		.policy = nl80211_policy,
9888 		.flags = GENL_ADMIN_PERM,
9889 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9890 				  NL80211_FLAG_NEED_RTNL,
9891 	},
9892 	{
9893 		.cmd = NL80211_CMD_SET_CHANNEL,
9894 		.doit = nl80211_set_channel,
9895 		.policy = nl80211_policy,
9896 		.flags = GENL_ADMIN_PERM,
9897 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9898 				  NL80211_FLAG_NEED_RTNL,
9899 	},
9900 	{
9901 		.cmd = NL80211_CMD_SET_WDS_PEER,
9902 		.doit = nl80211_set_wds_peer,
9903 		.policy = nl80211_policy,
9904 		.flags = GENL_ADMIN_PERM,
9905 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9906 				  NL80211_FLAG_NEED_RTNL,
9907 	},
9908 	{
9909 		.cmd = NL80211_CMD_JOIN_MESH,
9910 		.doit = nl80211_join_mesh,
9911 		.policy = nl80211_policy,
9912 		.flags = GENL_ADMIN_PERM,
9913 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9914 				  NL80211_FLAG_NEED_RTNL,
9915 	},
9916 	{
9917 		.cmd = NL80211_CMD_LEAVE_MESH,
9918 		.doit = nl80211_leave_mesh,
9919 		.policy = nl80211_policy,
9920 		.flags = GENL_ADMIN_PERM,
9921 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9922 				  NL80211_FLAG_NEED_RTNL,
9923 	},
9924 #ifdef CONFIG_PM
9925 	{
9926 		.cmd = NL80211_CMD_GET_WOWLAN,
9927 		.doit = nl80211_get_wowlan,
9928 		.policy = nl80211_policy,
9929 		/* can be retrieved by unprivileged users */
9930 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9931 				  NL80211_FLAG_NEED_RTNL,
9932 	},
9933 	{
9934 		.cmd = NL80211_CMD_SET_WOWLAN,
9935 		.doit = nl80211_set_wowlan,
9936 		.policy = nl80211_policy,
9937 		.flags = GENL_ADMIN_PERM,
9938 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9939 				  NL80211_FLAG_NEED_RTNL,
9940 	},
9941 #endif
9942 	{
9943 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
9944 		.doit = nl80211_set_rekey_data,
9945 		.policy = nl80211_policy,
9946 		.flags = GENL_ADMIN_PERM,
9947 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9948 				  NL80211_FLAG_NEED_RTNL,
9949 	},
9950 	{
9951 		.cmd = NL80211_CMD_TDLS_MGMT,
9952 		.doit = nl80211_tdls_mgmt,
9953 		.policy = nl80211_policy,
9954 		.flags = GENL_ADMIN_PERM,
9955 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9956 				  NL80211_FLAG_NEED_RTNL,
9957 	},
9958 	{
9959 		.cmd = NL80211_CMD_TDLS_OPER,
9960 		.doit = nl80211_tdls_oper,
9961 		.policy = nl80211_policy,
9962 		.flags = GENL_ADMIN_PERM,
9963 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9964 				  NL80211_FLAG_NEED_RTNL,
9965 	},
9966 	{
9967 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
9968 		.doit = nl80211_register_unexpected_frame,
9969 		.policy = nl80211_policy,
9970 		.flags = GENL_ADMIN_PERM,
9971 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9972 				  NL80211_FLAG_NEED_RTNL,
9973 	},
9974 	{
9975 		.cmd = NL80211_CMD_PROBE_CLIENT,
9976 		.doit = nl80211_probe_client,
9977 		.policy = nl80211_policy,
9978 		.flags = GENL_ADMIN_PERM,
9979 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9980 				  NL80211_FLAG_NEED_RTNL,
9981 	},
9982 	{
9983 		.cmd = NL80211_CMD_REGISTER_BEACONS,
9984 		.doit = nl80211_register_beacons,
9985 		.policy = nl80211_policy,
9986 		.flags = GENL_ADMIN_PERM,
9987 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9988 				  NL80211_FLAG_NEED_RTNL,
9989 	},
9990 	{
9991 		.cmd = NL80211_CMD_SET_NOACK_MAP,
9992 		.doit = nl80211_set_noack_map,
9993 		.policy = nl80211_policy,
9994 		.flags = GENL_ADMIN_PERM,
9995 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9996 				  NL80211_FLAG_NEED_RTNL,
9997 	},
9998 	{
9999 		.cmd = NL80211_CMD_START_P2P_DEVICE,
10000 		.doit = nl80211_start_p2p_device,
10001 		.policy = nl80211_policy,
10002 		.flags = GENL_ADMIN_PERM,
10003 		.internal_flags = NL80211_FLAG_NEED_WDEV |
10004 				  NL80211_FLAG_NEED_RTNL,
10005 	},
10006 	{
10007 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
10008 		.doit = nl80211_stop_p2p_device,
10009 		.policy = nl80211_policy,
10010 		.flags = GENL_ADMIN_PERM,
10011 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10012 				  NL80211_FLAG_NEED_RTNL,
10013 	},
10014 	{
10015 		.cmd = NL80211_CMD_SET_MCAST_RATE,
10016 		.doit = nl80211_set_mcast_rate,
10017 		.policy = nl80211_policy,
10018 		.flags = GENL_ADMIN_PERM,
10019 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10020 				  NL80211_FLAG_NEED_RTNL,
10021 	},
10022 	{
10023 		.cmd = NL80211_CMD_SET_MAC_ACL,
10024 		.doit = nl80211_set_mac_acl,
10025 		.policy = nl80211_policy,
10026 		.flags = GENL_ADMIN_PERM,
10027 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10028 				  NL80211_FLAG_NEED_RTNL,
10029 	},
10030 	{
10031 		.cmd = NL80211_CMD_RADAR_DETECT,
10032 		.doit = nl80211_start_radar_detection,
10033 		.policy = nl80211_policy,
10034 		.flags = GENL_ADMIN_PERM,
10035 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10036 				  NL80211_FLAG_NEED_RTNL,
10037 	},
10038 	{
10039 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
10040 		.doit = nl80211_get_protocol_features,
10041 		.policy = nl80211_policy,
10042 	},
10043 	{
10044 		.cmd = NL80211_CMD_UPDATE_FT_IES,
10045 		.doit = nl80211_update_ft_ies,
10046 		.policy = nl80211_policy,
10047 		.flags = GENL_ADMIN_PERM,
10048 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10049 				  NL80211_FLAG_NEED_RTNL,
10050 	},
10051 	{
10052 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
10053 		.doit = nl80211_crit_protocol_start,
10054 		.policy = nl80211_policy,
10055 		.flags = GENL_ADMIN_PERM,
10056 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10057 				  NL80211_FLAG_NEED_RTNL,
10058 	},
10059 	{
10060 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
10061 		.doit = nl80211_crit_protocol_stop,
10062 		.policy = nl80211_policy,
10063 		.flags = GENL_ADMIN_PERM,
10064 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10065 				  NL80211_FLAG_NEED_RTNL,
10066 	},
10067 	{
10068 		.cmd = NL80211_CMD_GET_COALESCE,
10069 		.doit = nl80211_get_coalesce,
10070 		.policy = nl80211_policy,
10071 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10072 				  NL80211_FLAG_NEED_RTNL,
10073 	},
10074 	{
10075 		.cmd = NL80211_CMD_SET_COALESCE,
10076 		.doit = nl80211_set_coalesce,
10077 		.policy = nl80211_policy,
10078 		.flags = GENL_ADMIN_PERM,
10079 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10080 				  NL80211_FLAG_NEED_RTNL,
10081 	},
10082 	{
10083 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
10084 		.doit = nl80211_channel_switch,
10085 		.policy = nl80211_policy,
10086 		.flags = GENL_ADMIN_PERM,
10087 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10088 				  NL80211_FLAG_NEED_RTNL,
10089 	},
10090 	{
10091 		.cmd = NL80211_CMD_VENDOR,
10092 		.doit = nl80211_vendor_cmd,
10093 		.policy = nl80211_policy,
10094 		.flags = GENL_ADMIN_PERM,
10095 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10096 				  NL80211_FLAG_NEED_RTNL,
10097 	},
10098 	{
10099 		.cmd = NL80211_CMD_SET_QOS_MAP,
10100 		.doit = nl80211_set_qos_map,
10101 		.policy = nl80211_policy,
10102 		.flags = GENL_ADMIN_PERM,
10103 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10104 				  NL80211_FLAG_NEED_RTNL,
10105 	},
10106 };
10107 
10108 /* notification functions */
10109 
10110 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
10111 			  enum nl80211_commands cmd)
10112 {
10113 	struct sk_buff *msg;
10114 	struct nl80211_dump_wiphy_state state = {};
10115 
10116 	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
10117 		cmd != NL80211_CMD_DEL_WIPHY);
10118 
10119 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10120 	if (!msg)
10121 		return;
10122 
10123 	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
10124 		nlmsg_free(msg);
10125 		return;
10126 	}
10127 
10128 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10129 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
10130 }
10131 
10132 static int nl80211_add_scan_req(struct sk_buff *msg,
10133 				struct cfg80211_registered_device *rdev)
10134 {
10135 	struct cfg80211_scan_request *req = rdev->scan_req;
10136 	struct nlattr *nest;
10137 	int i;
10138 
10139 	if (WARN_ON(!req))
10140 		return 0;
10141 
10142 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
10143 	if (!nest)
10144 		goto nla_put_failure;
10145 	for (i = 0; i < req->n_ssids; i++) {
10146 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
10147 			goto nla_put_failure;
10148 	}
10149 	nla_nest_end(msg, nest);
10150 
10151 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10152 	if (!nest)
10153 		goto nla_put_failure;
10154 	for (i = 0; i < req->n_channels; i++) {
10155 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
10156 			goto nla_put_failure;
10157 	}
10158 	nla_nest_end(msg, nest);
10159 
10160 	if (req->ie &&
10161 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
10162 		goto nla_put_failure;
10163 
10164 	if (req->flags &&
10165 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
10166 		goto nla_put_failure;
10167 
10168 	return 0;
10169  nla_put_failure:
10170 	return -ENOBUFS;
10171 }
10172 
10173 static int nl80211_send_scan_msg(struct sk_buff *msg,
10174 				 struct cfg80211_registered_device *rdev,
10175 				 struct wireless_dev *wdev,
10176 				 u32 portid, u32 seq, int flags,
10177 				 u32 cmd)
10178 {
10179 	void *hdr;
10180 
10181 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
10182 	if (!hdr)
10183 		return -1;
10184 
10185 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10186 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10187 					 wdev->netdev->ifindex)) ||
10188 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10189 		goto nla_put_failure;
10190 
10191 	/* ignore errors and send incomplete event anyway */
10192 	nl80211_add_scan_req(msg, rdev);
10193 
10194 	return genlmsg_end(msg, hdr);
10195 
10196  nla_put_failure:
10197 	genlmsg_cancel(msg, hdr);
10198 	return -EMSGSIZE;
10199 }
10200 
10201 static int
10202 nl80211_send_sched_scan_msg(struct sk_buff *msg,
10203 			    struct cfg80211_registered_device *rdev,
10204 			    struct net_device *netdev,
10205 			    u32 portid, u32 seq, int flags, u32 cmd)
10206 {
10207 	void *hdr;
10208 
10209 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
10210 	if (!hdr)
10211 		return -1;
10212 
10213 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10214 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
10215 		goto nla_put_failure;
10216 
10217 	return genlmsg_end(msg, hdr);
10218 
10219  nla_put_failure:
10220 	genlmsg_cancel(msg, hdr);
10221 	return -EMSGSIZE;
10222 }
10223 
10224 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
10225 			     struct wireless_dev *wdev)
10226 {
10227 	struct sk_buff *msg;
10228 
10229 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10230 	if (!msg)
10231 		return;
10232 
10233 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10234 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
10235 		nlmsg_free(msg);
10236 		return;
10237 	}
10238 
10239 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10240 				NL80211_MCGRP_SCAN, GFP_KERNEL);
10241 }
10242 
10243 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
10244 				       struct wireless_dev *wdev, bool aborted)
10245 {
10246 	struct sk_buff *msg;
10247 
10248 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10249 	if (!msg)
10250 		return NULL;
10251 
10252 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10253 				  aborted ? NL80211_CMD_SCAN_ABORTED :
10254 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
10255 		nlmsg_free(msg);
10256 		return NULL;
10257 	}
10258 
10259 	return msg;
10260 }
10261 
10262 void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
10263 			      struct sk_buff *msg)
10264 {
10265 	if (!msg)
10266 		return;
10267 
10268 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10269 				NL80211_MCGRP_SCAN, GFP_KERNEL);
10270 }
10271 
10272 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
10273 				     struct net_device *netdev)
10274 {
10275 	struct sk_buff *msg;
10276 
10277 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10278 	if (!msg)
10279 		return;
10280 
10281 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
10282 					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
10283 		nlmsg_free(msg);
10284 		return;
10285 	}
10286 
10287 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10288 				NL80211_MCGRP_SCAN, GFP_KERNEL);
10289 }
10290 
10291 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
10292 			     struct net_device *netdev, u32 cmd)
10293 {
10294 	struct sk_buff *msg;
10295 
10296 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10297 	if (!msg)
10298 		return;
10299 
10300 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
10301 		nlmsg_free(msg);
10302 		return;
10303 	}
10304 
10305 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10306 				NL80211_MCGRP_SCAN, GFP_KERNEL);
10307 }
10308 
10309 /*
10310  * This can happen on global regulatory changes or device specific settings
10311  * based on custom world regulatory domains.
10312  */
10313 void nl80211_send_reg_change_event(struct regulatory_request *request)
10314 {
10315 	struct sk_buff *msg;
10316 	void *hdr;
10317 
10318 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10319 	if (!msg)
10320 		return;
10321 
10322 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
10323 	if (!hdr) {
10324 		nlmsg_free(msg);
10325 		return;
10326 	}
10327 
10328 	/* Userspace can always count this one always being set */
10329 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
10330 		goto nla_put_failure;
10331 
10332 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
10333 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10334 			       NL80211_REGDOM_TYPE_WORLD))
10335 			goto nla_put_failure;
10336 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
10337 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10338 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
10339 			goto nla_put_failure;
10340 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
10341 		   request->intersect) {
10342 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10343 			       NL80211_REGDOM_TYPE_INTERSECTION))
10344 			goto nla_put_failure;
10345 	} else {
10346 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10347 			       NL80211_REGDOM_TYPE_COUNTRY) ||
10348 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
10349 				   request->alpha2))
10350 			goto nla_put_failure;
10351 	}
10352 
10353 	if (request->wiphy_idx != WIPHY_IDX_INVALID &&
10354 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
10355 		goto nla_put_failure;
10356 
10357 	genlmsg_end(msg, hdr);
10358 
10359 	rcu_read_lock();
10360 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10361 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10362 	rcu_read_unlock();
10363 
10364 	return;
10365 
10366 nla_put_failure:
10367 	genlmsg_cancel(msg, hdr);
10368 	nlmsg_free(msg);
10369 }
10370 
10371 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
10372 				    struct net_device *netdev,
10373 				    const u8 *buf, size_t len,
10374 				    enum nl80211_commands cmd, gfp_t gfp)
10375 {
10376 	struct sk_buff *msg;
10377 	void *hdr;
10378 
10379 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10380 	if (!msg)
10381 		return;
10382 
10383 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10384 	if (!hdr) {
10385 		nlmsg_free(msg);
10386 		return;
10387 	}
10388 
10389 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10390 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10391 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
10392 		goto nla_put_failure;
10393 
10394 	genlmsg_end(msg, hdr);
10395 
10396 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10397 				NL80211_MCGRP_MLME, gfp);
10398 	return;
10399 
10400  nla_put_failure:
10401 	genlmsg_cancel(msg, hdr);
10402 	nlmsg_free(msg);
10403 }
10404 
10405 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
10406 			  struct net_device *netdev, const u8 *buf,
10407 			  size_t len, gfp_t gfp)
10408 {
10409 	nl80211_send_mlme_event(rdev, netdev, buf, len,
10410 				NL80211_CMD_AUTHENTICATE, gfp);
10411 }
10412 
10413 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
10414 			   struct net_device *netdev, const u8 *buf,
10415 			   size_t len, gfp_t gfp)
10416 {
10417 	nl80211_send_mlme_event(rdev, netdev, buf, len,
10418 				NL80211_CMD_ASSOCIATE, gfp);
10419 }
10420 
10421 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
10422 			 struct net_device *netdev, const u8 *buf,
10423 			 size_t len, gfp_t gfp)
10424 {
10425 	nl80211_send_mlme_event(rdev, netdev, buf, len,
10426 				NL80211_CMD_DEAUTHENTICATE, gfp);
10427 }
10428 
10429 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
10430 			   struct net_device *netdev, const u8 *buf,
10431 			   size_t len, gfp_t gfp)
10432 {
10433 	nl80211_send_mlme_event(rdev, netdev, buf, len,
10434 				NL80211_CMD_DISASSOCIATE, gfp);
10435 }
10436 
10437 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
10438 				  size_t len)
10439 {
10440 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10441 	struct wiphy *wiphy = wdev->wiphy;
10442 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10443 	const struct ieee80211_mgmt *mgmt = (void *)buf;
10444 	u32 cmd;
10445 
10446 	if (WARN_ON(len < 2))
10447 		return;
10448 
10449 	if (ieee80211_is_deauth(mgmt->frame_control))
10450 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
10451 	else
10452 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
10453 
10454 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
10455 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC);
10456 }
10457 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
10458 
10459 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
10460 				      struct net_device *netdev, int cmd,
10461 				      const u8 *addr, gfp_t gfp)
10462 {
10463 	struct sk_buff *msg;
10464 	void *hdr;
10465 
10466 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10467 	if (!msg)
10468 		return;
10469 
10470 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10471 	if (!hdr) {
10472 		nlmsg_free(msg);
10473 		return;
10474 	}
10475 
10476 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10477 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10478 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
10479 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
10480 		goto nla_put_failure;
10481 
10482 	genlmsg_end(msg, hdr);
10483 
10484 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10485 				NL80211_MCGRP_MLME, gfp);
10486 	return;
10487 
10488  nla_put_failure:
10489 	genlmsg_cancel(msg, hdr);
10490 	nlmsg_free(msg);
10491 }
10492 
10493 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
10494 			       struct net_device *netdev, const u8 *addr,
10495 			       gfp_t gfp)
10496 {
10497 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
10498 				  addr, gfp);
10499 }
10500 
10501 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
10502 				struct net_device *netdev, const u8 *addr,
10503 				gfp_t gfp)
10504 {
10505 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
10506 				  addr, gfp);
10507 }
10508 
10509 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
10510 				 struct net_device *netdev, const u8 *bssid,
10511 				 const u8 *req_ie, size_t req_ie_len,
10512 				 const u8 *resp_ie, size_t resp_ie_len,
10513 				 u16 status, gfp_t gfp)
10514 {
10515 	struct sk_buff *msg;
10516 	void *hdr;
10517 
10518 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10519 	if (!msg)
10520 		return;
10521 
10522 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
10523 	if (!hdr) {
10524 		nlmsg_free(msg);
10525 		return;
10526 	}
10527 
10528 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10529 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10530 	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
10531 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
10532 	    (req_ie &&
10533 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10534 	    (resp_ie &&
10535 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10536 		goto nla_put_failure;
10537 
10538 	genlmsg_end(msg, hdr);
10539 
10540 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10541 				NL80211_MCGRP_MLME, gfp);
10542 	return;
10543 
10544  nla_put_failure:
10545 	genlmsg_cancel(msg, hdr);
10546 	nlmsg_free(msg);
10547 
10548 }
10549 
10550 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
10551 			 struct net_device *netdev, const u8 *bssid,
10552 			 const u8 *req_ie, size_t req_ie_len,
10553 			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
10554 {
10555 	struct sk_buff *msg;
10556 	void *hdr;
10557 
10558 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10559 	if (!msg)
10560 		return;
10561 
10562 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
10563 	if (!hdr) {
10564 		nlmsg_free(msg);
10565 		return;
10566 	}
10567 
10568 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10569 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10570 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
10571 	    (req_ie &&
10572 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10573 	    (resp_ie &&
10574 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10575 		goto nla_put_failure;
10576 
10577 	genlmsg_end(msg, hdr);
10578 
10579 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10580 				NL80211_MCGRP_MLME, gfp);
10581 	return;
10582 
10583  nla_put_failure:
10584 	genlmsg_cancel(msg, hdr);
10585 	nlmsg_free(msg);
10586 
10587 }
10588 
10589 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
10590 			       struct net_device *netdev, u16 reason,
10591 			       const u8 *ie, size_t ie_len, bool from_ap)
10592 {
10593 	struct sk_buff *msg;
10594 	void *hdr;
10595 
10596 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10597 	if (!msg)
10598 		return;
10599 
10600 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
10601 	if (!hdr) {
10602 		nlmsg_free(msg);
10603 		return;
10604 	}
10605 
10606 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10607 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10608 	    (from_ap && reason &&
10609 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
10610 	    (from_ap &&
10611 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
10612 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
10613 		goto nla_put_failure;
10614 
10615 	genlmsg_end(msg, hdr);
10616 
10617 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10618 				NL80211_MCGRP_MLME, GFP_KERNEL);
10619 	return;
10620 
10621  nla_put_failure:
10622 	genlmsg_cancel(msg, hdr);
10623 	nlmsg_free(msg);
10624 
10625 }
10626 
10627 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
10628 			     struct net_device *netdev, const u8 *bssid,
10629 			     gfp_t gfp)
10630 {
10631 	struct sk_buff *msg;
10632 	void *hdr;
10633 
10634 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10635 	if (!msg)
10636 		return;
10637 
10638 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
10639 	if (!hdr) {
10640 		nlmsg_free(msg);
10641 		return;
10642 	}
10643 
10644 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10645 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10646 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
10647 		goto nla_put_failure;
10648 
10649 	genlmsg_end(msg, hdr);
10650 
10651 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10652 				NL80211_MCGRP_MLME, gfp);
10653 	return;
10654 
10655  nla_put_failure:
10656 	genlmsg_cancel(msg, hdr);
10657 	nlmsg_free(msg);
10658 }
10659 
10660 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
10661 					const u8* ie, u8 ie_len, gfp_t gfp)
10662 {
10663 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10664 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
10665 	struct sk_buff *msg;
10666 	void *hdr;
10667 
10668 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
10669 		return;
10670 
10671 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
10672 
10673 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10674 	if (!msg)
10675 		return;
10676 
10677 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
10678 	if (!hdr) {
10679 		nlmsg_free(msg);
10680 		return;
10681 	}
10682 
10683 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10684 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10685 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
10686 	    (ie_len && ie &&
10687 	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
10688 		goto nla_put_failure;
10689 
10690 	genlmsg_end(msg, hdr);
10691 
10692 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10693 				NL80211_MCGRP_MLME, gfp);
10694 	return;
10695 
10696  nla_put_failure:
10697 	genlmsg_cancel(msg, hdr);
10698 	nlmsg_free(msg);
10699 }
10700 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
10701 
10702 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
10703 				 struct net_device *netdev, const u8 *addr,
10704 				 enum nl80211_key_type key_type, int key_id,
10705 				 const u8 *tsc, gfp_t gfp)
10706 {
10707 	struct sk_buff *msg;
10708 	void *hdr;
10709 
10710 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10711 	if (!msg)
10712 		return;
10713 
10714 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
10715 	if (!hdr) {
10716 		nlmsg_free(msg);
10717 		return;
10718 	}
10719 
10720 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10721 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10722 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
10723 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
10724 	    (key_id != -1 &&
10725 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
10726 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
10727 		goto nla_put_failure;
10728 
10729 	genlmsg_end(msg, hdr);
10730 
10731 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10732 				NL80211_MCGRP_MLME, gfp);
10733 	return;
10734 
10735  nla_put_failure:
10736 	genlmsg_cancel(msg, hdr);
10737 	nlmsg_free(msg);
10738 }
10739 
10740 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
10741 				    struct ieee80211_channel *channel_before,
10742 				    struct ieee80211_channel *channel_after)
10743 {
10744 	struct sk_buff *msg;
10745 	void *hdr;
10746 	struct nlattr *nl_freq;
10747 
10748 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
10749 	if (!msg)
10750 		return;
10751 
10752 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
10753 	if (!hdr) {
10754 		nlmsg_free(msg);
10755 		return;
10756 	}
10757 
10758 	/*
10759 	 * Since we are applying the beacon hint to a wiphy we know its
10760 	 * wiphy_idx is valid
10761 	 */
10762 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
10763 		goto nla_put_failure;
10764 
10765 	/* Before */
10766 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
10767 	if (!nl_freq)
10768 		goto nla_put_failure;
10769 	if (nl80211_msg_put_channel(msg, channel_before, false))
10770 		goto nla_put_failure;
10771 	nla_nest_end(msg, nl_freq);
10772 
10773 	/* After */
10774 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
10775 	if (!nl_freq)
10776 		goto nla_put_failure;
10777 	if (nl80211_msg_put_channel(msg, channel_after, false))
10778 		goto nla_put_failure;
10779 	nla_nest_end(msg, nl_freq);
10780 
10781 	genlmsg_end(msg, hdr);
10782 
10783 	rcu_read_lock();
10784 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10785 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10786 	rcu_read_unlock();
10787 
10788 	return;
10789 
10790 nla_put_failure:
10791 	genlmsg_cancel(msg, hdr);
10792 	nlmsg_free(msg);
10793 }
10794 
10795 static void nl80211_send_remain_on_chan_event(
10796 	int cmd, struct cfg80211_registered_device *rdev,
10797 	struct wireless_dev *wdev, u64 cookie,
10798 	struct ieee80211_channel *chan,
10799 	unsigned int duration, gfp_t gfp)
10800 {
10801 	struct sk_buff *msg;
10802 	void *hdr;
10803 
10804 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10805 	if (!msg)
10806 		return;
10807 
10808 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10809 	if (!hdr) {
10810 		nlmsg_free(msg);
10811 		return;
10812 	}
10813 
10814 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10815 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10816 					 wdev->netdev->ifindex)) ||
10817 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10818 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
10819 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
10820 			NL80211_CHAN_NO_HT) ||
10821 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
10822 		goto nla_put_failure;
10823 
10824 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
10825 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
10826 		goto nla_put_failure;
10827 
10828 	genlmsg_end(msg, hdr);
10829 
10830 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10831 				NL80211_MCGRP_MLME, gfp);
10832 	return;
10833 
10834  nla_put_failure:
10835 	genlmsg_cancel(msg, hdr);
10836 	nlmsg_free(msg);
10837 }
10838 
10839 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
10840 			       struct ieee80211_channel *chan,
10841 			       unsigned int duration, gfp_t gfp)
10842 {
10843 	struct wiphy *wiphy = wdev->wiphy;
10844 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10845 
10846 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
10847 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
10848 					  rdev, wdev, cookie, chan,
10849 					  duration, gfp);
10850 }
10851 EXPORT_SYMBOL(cfg80211_ready_on_channel);
10852 
10853 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
10854 					struct ieee80211_channel *chan,
10855 					gfp_t gfp)
10856 {
10857 	struct wiphy *wiphy = wdev->wiphy;
10858 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10859 
10860 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
10861 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
10862 					  rdev, wdev, cookie, chan, 0, gfp);
10863 }
10864 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
10865 
10866 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
10867 		      struct station_info *sinfo, gfp_t gfp)
10868 {
10869 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10870 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10871 	struct sk_buff *msg;
10872 
10873 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
10874 
10875 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10876 	if (!msg)
10877 		return;
10878 
10879 	if (nl80211_send_station(msg, 0, 0, 0,
10880 				 rdev, dev, mac_addr, sinfo) < 0) {
10881 		nlmsg_free(msg);
10882 		return;
10883 	}
10884 
10885 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10886 				NL80211_MCGRP_MLME, gfp);
10887 }
10888 EXPORT_SYMBOL(cfg80211_new_sta);
10889 
10890 void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp)
10891 {
10892 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10893 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10894 	struct sk_buff *msg;
10895 	void *hdr;
10896 
10897 	trace_cfg80211_del_sta(dev, mac_addr);
10898 
10899 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10900 	if (!msg)
10901 		return;
10902 
10903 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
10904 	if (!hdr) {
10905 		nlmsg_free(msg);
10906 		return;
10907 	}
10908 
10909 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10910 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
10911 		goto nla_put_failure;
10912 
10913 	genlmsg_end(msg, hdr);
10914 
10915 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10916 				NL80211_MCGRP_MLME, gfp);
10917 	return;
10918 
10919  nla_put_failure:
10920 	genlmsg_cancel(msg, hdr);
10921 	nlmsg_free(msg);
10922 }
10923 EXPORT_SYMBOL(cfg80211_del_sta);
10924 
10925 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
10926 			  enum nl80211_connect_failed_reason reason,
10927 			  gfp_t gfp)
10928 {
10929 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10930 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10931 	struct sk_buff *msg;
10932 	void *hdr;
10933 
10934 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
10935 	if (!msg)
10936 		return;
10937 
10938 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
10939 	if (!hdr) {
10940 		nlmsg_free(msg);
10941 		return;
10942 	}
10943 
10944 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10945 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
10946 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
10947 		goto nla_put_failure;
10948 
10949 	genlmsg_end(msg, hdr);
10950 
10951 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10952 				NL80211_MCGRP_MLME, gfp);
10953 	return;
10954 
10955  nla_put_failure:
10956 	genlmsg_cancel(msg, hdr);
10957 	nlmsg_free(msg);
10958 }
10959 EXPORT_SYMBOL(cfg80211_conn_failed);
10960 
10961 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
10962 				       const u8 *addr, gfp_t gfp)
10963 {
10964 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10965 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
10966 	struct sk_buff *msg;
10967 	void *hdr;
10968 	u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
10969 
10970 	if (!nlportid)
10971 		return false;
10972 
10973 	msg = nlmsg_new(100, gfp);
10974 	if (!msg)
10975 		return true;
10976 
10977 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10978 	if (!hdr) {
10979 		nlmsg_free(msg);
10980 		return true;
10981 	}
10982 
10983 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10984 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10985 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
10986 		goto nla_put_failure;
10987 
10988 	genlmsg_end(msg, hdr);
10989 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10990 	return true;
10991 
10992  nla_put_failure:
10993 	genlmsg_cancel(msg, hdr);
10994 	nlmsg_free(msg);
10995 	return true;
10996 }
10997 
10998 bool cfg80211_rx_spurious_frame(struct net_device *dev,
10999 				const u8 *addr, gfp_t gfp)
11000 {
11001 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11002 	bool ret;
11003 
11004 	trace_cfg80211_rx_spurious_frame(dev, addr);
11005 
11006 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11007 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
11008 		trace_cfg80211_return_bool(false);
11009 		return false;
11010 	}
11011 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
11012 					 addr, gfp);
11013 	trace_cfg80211_return_bool(ret);
11014 	return ret;
11015 }
11016 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
11017 
11018 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
11019 					const u8 *addr, gfp_t gfp)
11020 {
11021 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11022 	bool ret;
11023 
11024 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
11025 
11026 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11027 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
11028 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
11029 		trace_cfg80211_return_bool(false);
11030 		return false;
11031 	}
11032 	ret = __nl80211_unexpected_frame(dev,
11033 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
11034 					 addr, gfp);
11035 	trace_cfg80211_return_bool(ret);
11036 	return ret;
11037 }
11038 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
11039 
11040 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
11041 		      struct wireless_dev *wdev, u32 nlportid,
11042 		      int freq, int sig_dbm,
11043 		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
11044 {
11045 	struct net_device *netdev = wdev->netdev;
11046 	struct sk_buff *msg;
11047 	void *hdr;
11048 
11049 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11050 	if (!msg)
11051 		return -ENOMEM;
11052 
11053 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
11054 	if (!hdr) {
11055 		nlmsg_free(msg);
11056 		return -ENOMEM;
11057 	}
11058 
11059 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11060 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11061 					netdev->ifindex)) ||
11062 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
11063 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
11064 	    (sig_dbm &&
11065 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
11066 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
11067 	    (flags &&
11068 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
11069 		goto nla_put_failure;
11070 
11071 	genlmsg_end(msg, hdr);
11072 
11073 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11074 
11075  nla_put_failure:
11076 	genlmsg_cancel(msg, hdr);
11077 	nlmsg_free(msg);
11078 	return -ENOBUFS;
11079 }
11080 
11081 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
11082 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
11083 {
11084 	struct wiphy *wiphy = wdev->wiphy;
11085 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11086 	struct net_device *netdev = wdev->netdev;
11087 	struct sk_buff *msg;
11088 	void *hdr;
11089 
11090 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
11091 
11092 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11093 	if (!msg)
11094 		return;
11095 
11096 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
11097 	if (!hdr) {
11098 		nlmsg_free(msg);
11099 		return;
11100 	}
11101 
11102 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11103 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11104 				   netdev->ifindex)) ||
11105 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
11106 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
11107 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
11108 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
11109 		goto nla_put_failure;
11110 
11111 	genlmsg_end(msg, hdr);
11112 
11113 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11114 				NL80211_MCGRP_MLME, gfp);
11115 	return;
11116 
11117  nla_put_failure:
11118 	genlmsg_cancel(msg, hdr);
11119 	nlmsg_free(msg);
11120 }
11121 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
11122 
11123 void cfg80211_cqm_rssi_notify(struct net_device *dev,
11124 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
11125 			      gfp_t gfp)
11126 {
11127 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11128 	struct wiphy *wiphy = wdev->wiphy;
11129 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11130 	struct sk_buff *msg;
11131 	struct nlattr *pinfoattr;
11132 	void *hdr;
11133 
11134 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
11135 
11136 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11137 	if (!msg)
11138 		return;
11139 
11140 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11141 	if (!hdr) {
11142 		nlmsg_free(msg);
11143 		return;
11144 	}
11145 
11146 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11147 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
11148 		goto nla_put_failure;
11149 
11150 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11151 	if (!pinfoattr)
11152 		goto nla_put_failure;
11153 
11154 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
11155 			rssi_event))
11156 		goto nla_put_failure;
11157 
11158 	nla_nest_end(msg, pinfoattr);
11159 
11160 	genlmsg_end(msg, hdr);
11161 
11162 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11163 				NL80211_MCGRP_MLME, gfp);
11164 	return;
11165 
11166  nla_put_failure:
11167 	genlmsg_cancel(msg, hdr);
11168 	nlmsg_free(msg);
11169 }
11170 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
11171 
11172 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
11173 				     struct net_device *netdev, const u8 *bssid,
11174 				     const u8 *replay_ctr, gfp_t gfp)
11175 {
11176 	struct sk_buff *msg;
11177 	struct nlattr *rekey_attr;
11178 	void *hdr;
11179 
11180 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11181 	if (!msg)
11182 		return;
11183 
11184 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
11185 	if (!hdr) {
11186 		nlmsg_free(msg);
11187 		return;
11188 	}
11189 
11190 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11191 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11192 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
11193 		goto nla_put_failure;
11194 
11195 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
11196 	if (!rekey_attr)
11197 		goto nla_put_failure;
11198 
11199 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
11200 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
11201 		goto nla_put_failure;
11202 
11203 	nla_nest_end(msg, rekey_attr);
11204 
11205 	genlmsg_end(msg, hdr);
11206 
11207 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11208 				NL80211_MCGRP_MLME, gfp);
11209 	return;
11210 
11211  nla_put_failure:
11212 	genlmsg_cancel(msg, hdr);
11213 	nlmsg_free(msg);
11214 }
11215 
11216 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
11217 			       const u8 *replay_ctr, gfp_t gfp)
11218 {
11219 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11220 	struct wiphy *wiphy = wdev->wiphy;
11221 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11222 
11223 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
11224 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
11225 }
11226 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
11227 
11228 static void
11229 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
11230 			       struct net_device *netdev, int index,
11231 			       const u8 *bssid, bool preauth, gfp_t gfp)
11232 {
11233 	struct sk_buff *msg;
11234 	struct nlattr *attr;
11235 	void *hdr;
11236 
11237 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11238 	if (!msg)
11239 		return;
11240 
11241 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
11242 	if (!hdr) {
11243 		nlmsg_free(msg);
11244 		return;
11245 	}
11246 
11247 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11248 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11249 		goto nla_put_failure;
11250 
11251 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
11252 	if (!attr)
11253 		goto nla_put_failure;
11254 
11255 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
11256 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
11257 	    (preauth &&
11258 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
11259 		goto nla_put_failure;
11260 
11261 	nla_nest_end(msg, attr);
11262 
11263 	genlmsg_end(msg, hdr);
11264 
11265 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11266 				NL80211_MCGRP_MLME, gfp);
11267 	return;
11268 
11269  nla_put_failure:
11270 	genlmsg_cancel(msg, hdr);
11271 	nlmsg_free(msg);
11272 }
11273 
11274 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
11275 				     const u8 *bssid, bool preauth, gfp_t gfp)
11276 {
11277 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11278 	struct wiphy *wiphy = wdev->wiphy;
11279 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11280 
11281 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
11282 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
11283 }
11284 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
11285 
11286 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
11287 				     struct net_device *netdev,
11288 				     struct cfg80211_chan_def *chandef,
11289 				     gfp_t gfp)
11290 {
11291 	struct sk_buff *msg;
11292 	void *hdr;
11293 
11294 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11295 	if (!msg)
11296 		return;
11297 
11298 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY);
11299 	if (!hdr) {
11300 		nlmsg_free(msg);
11301 		return;
11302 	}
11303 
11304 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11305 		goto nla_put_failure;
11306 
11307 	if (nl80211_send_chandef(msg, chandef))
11308 		goto nla_put_failure;
11309 
11310 	genlmsg_end(msg, hdr);
11311 
11312 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11313 				NL80211_MCGRP_MLME, gfp);
11314 	return;
11315 
11316  nla_put_failure:
11317 	genlmsg_cancel(msg, hdr);
11318 	nlmsg_free(msg);
11319 }
11320 
11321 void cfg80211_ch_switch_notify(struct net_device *dev,
11322 			       struct cfg80211_chan_def *chandef)
11323 {
11324 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11325 	struct wiphy *wiphy = wdev->wiphy;
11326 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11327 
11328 	ASSERT_WDEV_LOCK(wdev);
11329 
11330 	trace_cfg80211_ch_switch_notify(dev, chandef);
11331 
11332 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11333 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
11334 		    wdev->iftype != NL80211_IFTYPE_ADHOC &&
11335 		    wdev->iftype != NL80211_IFTYPE_MESH_POINT))
11336 		return;
11337 
11338 	wdev->chandef = *chandef;
11339 	wdev->preset_chandef = *chandef;
11340 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
11341 }
11342 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
11343 
11344 void cfg80211_cqm_txe_notify(struct net_device *dev,
11345 			     const u8 *peer, u32 num_packets,
11346 			     u32 rate, u32 intvl, gfp_t gfp)
11347 {
11348 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11349 	struct wiphy *wiphy = wdev->wiphy;
11350 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11351 	struct sk_buff *msg;
11352 	struct nlattr *pinfoattr;
11353 	void *hdr;
11354 
11355 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
11356 	if (!msg)
11357 		return;
11358 
11359 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11360 	if (!hdr) {
11361 		nlmsg_free(msg);
11362 		return;
11363 	}
11364 
11365 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11366 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11367 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
11368 		goto nla_put_failure;
11369 
11370 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11371 	if (!pinfoattr)
11372 		goto nla_put_failure;
11373 
11374 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
11375 		goto nla_put_failure;
11376 
11377 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
11378 		goto nla_put_failure;
11379 
11380 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
11381 		goto nla_put_failure;
11382 
11383 	nla_nest_end(msg, pinfoattr);
11384 
11385 	genlmsg_end(msg, hdr);
11386 
11387 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11388 				NL80211_MCGRP_MLME, gfp);
11389 	return;
11390 
11391  nla_put_failure:
11392 	genlmsg_cancel(msg, hdr);
11393 	nlmsg_free(msg);
11394 }
11395 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
11396 
11397 void
11398 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
11399 		     const struct cfg80211_chan_def *chandef,
11400 		     enum nl80211_radar_event event,
11401 		     struct net_device *netdev, gfp_t gfp)
11402 {
11403 	struct sk_buff *msg;
11404 	void *hdr;
11405 
11406 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11407 	if (!msg)
11408 		return;
11409 
11410 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
11411 	if (!hdr) {
11412 		nlmsg_free(msg);
11413 		return;
11414 	}
11415 
11416 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
11417 		goto nla_put_failure;
11418 
11419 	/* NOP and radar events don't need a netdev parameter */
11420 	if (netdev) {
11421 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
11422 
11423 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11424 		    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11425 			goto nla_put_failure;
11426 	}
11427 
11428 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
11429 		goto nla_put_failure;
11430 
11431 	if (nl80211_send_chandef(msg, chandef))
11432 		goto nla_put_failure;
11433 
11434 	genlmsg_end(msg, hdr);
11435 
11436 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11437 				NL80211_MCGRP_MLME, gfp);
11438 	return;
11439 
11440  nla_put_failure:
11441 	genlmsg_cancel(msg, hdr);
11442 	nlmsg_free(msg);
11443 }
11444 
11445 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
11446 				 const u8 *peer, u32 num_packets, gfp_t gfp)
11447 {
11448 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11449 	struct wiphy *wiphy = wdev->wiphy;
11450 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11451 	struct sk_buff *msg;
11452 	struct nlattr *pinfoattr;
11453 	void *hdr;
11454 
11455 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
11456 
11457 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11458 	if (!msg)
11459 		return;
11460 
11461 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11462 	if (!hdr) {
11463 		nlmsg_free(msg);
11464 		return;
11465 	}
11466 
11467 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11468 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11469 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
11470 		goto nla_put_failure;
11471 
11472 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11473 	if (!pinfoattr)
11474 		goto nla_put_failure;
11475 
11476 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
11477 		goto nla_put_failure;
11478 
11479 	nla_nest_end(msg, pinfoattr);
11480 
11481 	genlmsg_end(msg, hdr);
11482 
11483 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11484 				NL80211_MCGRP_MLME, gfp);
11485 	return;
11486 
11487  nla_put_failure:
11488 	genlmsg_cancel(msg, hdr);
11489 	nlmsg_free(msg);
11490 }
11491 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
11492 
11493 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
11494 			   u64 cookie, bool acked, gfp_t gfp)
11495 {
11496 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11497 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11498 	struct sk_buff *msg;
11499 	void *hdr;
11500 
11501 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
11502 
11503 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11504 
11505 	if (!msg)
11506 		return;
11507 
11508 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
11509 	if (!hdr) {
11510 		nlmsg_free(msg);
11511 		return;
11512 	}
11513 
11514 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11515 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11516 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
11517 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
11518 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
11519 		goto nla_put_failure;
11520 
11521 	genlmsg_end(msg, hdr);
11522 
11523 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11524 				NL80211_MCGRP_MLME, gfp);
11525 	return;
11526 
11527  nla_put_failure:
11528 	genlmsg_cancel(msg, hdr);
11529 	nlmsg_free(msg);
11530 }
11531 EXPORT_SYMBOL(cfg80211_probe_status);
11532 
11533 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
11534 				 const u8 *frame, size_t len,
11535 				 int freq, int sig_dbm)
11536 {
11537 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11538 	struct sk_buff *msg;
11539 	void *hdr;
11540 	struct cfg80211_beacon_registration *reg;
11541 
11542 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
11543 
11544 	spin_lock_bh(&rdev->beacon_registrations_lock);
11545 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11546 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
11547 		if (!msg) {
11548 			spin_unlock_bh(&rdev->beacon_registrations_lock);
11549 			return;
11550 		}
11551 
11552 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
11553 		if (!hdr)
11554 			goto nla_put_failure;
11555 
11556 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11557 		    (freq &&
11558 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
11559 		    (sig_dbm &&
11560 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
11561 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
11562 			goto nla_put_failure;
11563 
11564 		genlmsg_end(msg, hdr);
11565 
11566 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
11567 	}
11568 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11569 	return;
11570 
11571  nla_put_failure:
11572 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11573 	if (hdr)
11574 		genlmsg_cancel(msg, hdr);
11575 	nlmsg_free(msg);
11576 }
11577 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
11578 
11579 #ifdef CONFIG_PM
11580 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
11581 				   struct cfg80211_wowlan_wakeup *wakeup,
11582 				   gfp_t gfp)
11583 {
11584 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11585 	struct sk_buff *msg;
11586 	void *hdr;
11587 	int size = 200;
11588 
11589 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
11590 
11591 	if (wakeup)
11592 		size += wakeup->packet_present_len;
11593 
11594 	msg = nlmsg_new(size, gfp);
11595 	if (!msg)
11596 		return;
11597 
11598 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
11599 	if (!hdr)
11600 		goto free_msg;
11601 
11602 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11603 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11604 		goto free_msg;
11605 
11606 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11607 					wdev->netdev->ifindex))
11608 		goto free_msg;
11609 
11610 	if (wakeup) {
11611 		struct nlattr *reasons;
11612 
11613 		reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
11614 		if (!reasons)
11615 			goto free_msg;
11616 
11617 		if (wakeup->disconnect &&
11618 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
11619 			goto free_msg;
11620 		if (wakeup->magic_pkt &&
11621 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
11622 			goto free_msg;
11623 		if (wakeup->gtk_rekey_failure &&
11624 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
11625 			goto free_msg;
11626 		if (wakeup->eap_identity_req &&
11627 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
11628 			goto free_msg;
11629 		if (wakeup->four_way_handshake &&
11630 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
11631 			goto free_msg;
11632 		if (wakeup->rfkill_release &&
11633 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
11634 			goto free_msg;
11635 
11636 		if (wakeup->pattern_idx >= 0 &&
11637 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
11638 				wakeup->pattern_idx))
11639 			goto free_msg;
11640 
11641 		if (wakeup->tcp_match &&
11642 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
11643 			goto free_msg;
11644 
11645 		if (wakeup->tcp_connlost &&
11646 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
11647 			goto free_msg;
11648 
11649 		if (wakeup->tcp_nomoretokens &&
11650 		    nla_put_flag(msg,
11651 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
11652 			goto free_msg;
11653 
11654 		if (wakeup->packet) {
11655 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
11656 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
11657 
11658 			if (!wakeup->packet_80211) {
11659 				pkt_attr =
11660 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
11661 				len_attr =
11662 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
11663 			}
11664 
11665 			if (wakeup->packet_len &&
11666 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
11667 				goto free_msg;
11668 
11669 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
11670 				    wakeup->packet))
11671 				goto free_msg;
11672 		}
11673 
11674 		nla_nest_end(msg, reasons);
11675 	}
11676 
11677 	genlmsg_end(msg, hdr);
11678 
11679 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11680 				NL80211_MCGRP_MLME, gfp);
11681 	return;
11682 
11683  free_msg:
11684 	nlmsg_free(msg);
11685 }
11686 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
11687 #endif
11688 
11689 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
11690 				enum nl80211_tdls_operation oper,
11691 				u16 reason_code, gfp_t gfp)
11692 {
11693 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11694 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11695 	struct sk_buff *msg;
11696 	void *hdr;
11697 
11698 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
11699 					 reason_code);
11700 
11701 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11702 	if (!msg)
11703 		return;
11704 
11705 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
11706 	if (!hdr) {
11707 		nlmsg_free(msg);
11708 		return;
11709 	}
11710 
11711 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11712 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11713 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
11714 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
11715 	    (reason_code > 0 &&
11716 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
11717 		goto nla_put_failure;
11718 
11719 	genlmsg_end(msg, hdr);
11720 
11721 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11722 				NL80211_MCGRP_MLME, gfp);
11723 	return;
11724 
11725  nla_put_failure:
11726 	genlmsg_cancel(msg, hdr);
11727 	nlmsg_free(msg);
11728 }
11729 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
11730 
11731 static int nl80211_netlink_notify(struct notifier_block * nb,
11732 				  unsigned long state,
11733 				  void *_notify)
11734 {
11735 	struct netlink_notify *notify = _notify;
11736 	struct cfg80211_registered_device *rdev;
11737 	struct wireless_dev *wdev;
11738 	struct cfg80211_beacon_registration *reg, *tmp;
11739 
11740 	if (state != NETLINK_URELEASE)
11741 		return NOTIFY_DONE;
11742 
11743 	rcu_read_lock();
11744 
11745 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
11746 		bool schedule_destroy_work = false;
11747 
11748 		list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) {
11749 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
11750 
11751 			if (wdev->owner_nlportid == notify->portid)
11752 				schedule_destroy_work = true;
11753 		}
11754 
11755 		spin_lock_bh(&rdev->beacon_registrations_lock);
11756 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
11757 					 list) {
11758 			if (reg->nlportid == notify->portid) {
11759 				list_del(&reg->list);
11760 				kfree(reg);
11761 				break;
11762 			}
11763 		}
11764 		spin_unlock_bh(&rdev->beacon_registrations_lock);
11765 
11766 		if (schedule_destroy_work) {
11767 			struct cfg80211_iface_destroy *destroy;
11768 
11769 			destroy = kzalloc(sizeof(*destroy), GFP_ATOMIC);
11770 			if (destroy) {
11771 				destroy->nlportid = notify->portid;
11772 				spin_lock(&rdev->destroy_list_lock);
11773 				list_add(&destroy->list, &rdev->destroy_list);
11774 				spin_unlock(&rdev->destroy_list_lock);
11775 				schedule_work(&rdev->destroy_work);
11776 			}
11777 		}
11778 	}
11779 
11780 	rcu_read_unlock();
11781 
11782 	return NOTIFY_OK;
11783 }
11784 
11785 static struct notifier_block nl80211_netlink_notifier = {
11786 	.notifier_call = nl80211_netlink_notify,
11787 };
11788 
11789 void cfg80211_ft_event(struct net_device *netdev,
11790 		       struct cfg80211_ft_event_params *ft_event)
11791 {
11792 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
11793 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11794 	struct sk_buff *msg;
11795 	void *hdr;
11796 
11797 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
11798 
11799 	if (!ft_event->target_ap)
11800 		return;
11801 
11802 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11803 	if (!msg)
11804 		return;
11805 
11806 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
11807 	if (!hdr)
11808 		goto out;
11809 
11810 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11811 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11812 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
11813 		goto out;
11814 
11815 	if (ft_event->ies &&
11816 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
11817 		goto out;
11818 	if (ft_event->ric_ies &&
11819 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
11820 		    ft_event->ric_ies))
11821 		goto out;
11822 
11823 	genlmsg_end(msg, hdr);
11824 
11825 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11826 				NL80211_MCGRP_MLME, GFP_KERNEL);
11827 	return;
11828  out:
11829 	nlmsg_free(msg);
11830 }
11831 EXPORT_SYMBOL(cfg80211_ft_event);
11832 
11833 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
11834 {
11835 	struct cfg80211_registered_device *rdev;
11836 	struct sk_buff *msg;
11837 	void *hdr;
11838 	u32 nlportid;
11839 
11840 	rdev = wiphy_to_rdev(wdev->wiphy);
11841 	if (!rdev->crit_proto_nlportid)
11842 		return;
11843 
11844 	nlportid = rdev->crit_proto_nlportid;
11845 	rdev->crit_proto_nlportid = 0;
11846 
11847 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11848 	if (!msg)
11849 		return;
11850 
11851 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
11852 	if (!hdr)
11853 		goto nla_put_failure;
11854 
11855 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11856 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11857 		goto nla_put_failure;
11858 
11859 	genlmsg_end(msg, hdr);
11860 
11861 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11862 	return;
11863 
11864  nla_put_failure:
11865 	if (hdr)
11866 		genlmsg_cancel(msg, hdr);
11867 	nlmsg_free(msg);
11868 
11869 }
11870 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
11871 
11872 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
11873 {
11874 	struct wiphy *wiphy = wdev->wiphy;
11875 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11876 	struct sk_buff *msg;
11877 	void *hdr;
11878 
11879 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11880 	if (!msg)
11881 		return;
11882 
11883 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
11884 	if (!hdr)
11885 		goto out;
11886 
11887 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11888 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
11889 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11890 		goto out;
11891 
11892 	genlmsg_end(msg, hdr);
11893 
11894 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
11895 				NL80211_MCGRP_MLME, GFP_KERNEL);
11896 	return;
11897  out:
11898 	nlmsg_free(msg);
11899 }
11900 
11901 /* initialisation/exit functions */
11902 
11903 int nl80211_init(void)
11904 {
11905 	int err;
11906 
11907 	err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
11908 						   nl80211_mcgrps);
11909 	if (err)
11910 		return err;
11911 
11912 	err = netlink_register_notifier(&nl80211_netlink_notifier);
11913 	if (err)
11914 		goto err_out;
11915 
11916 	return 0;
11917  err_out:
11918 	genl_unregister_family(&nl80211_fam);
11919 	return err;
11920 }
11921 
11922 void nl80211_exit(void)
11923 {
11924 	netlink_unregister_notifier(&nl80211_netlink_notifier);
11925 	genl_unregister_family(&nl80211_fam);
11926 }
11927