xref: /linux/net/wireless/nl80211.c (revision ff5599816711d2e67da2d7561fd36ac48debd433) 
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  */
6 
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include <net/inet_connection_sock.h>
23 #include "core.h"
24 #include "nl80211.h"
25 #include "reg.h"
26 #include "rdev-ops.h"
27 
28 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
29 				   struct genl_info *info,
30 				   struct cfg80211_crypto_settings *settings,
31 				   int cipher_limit);
32 
33 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
34 			    struct genl_info *info);
35 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
36 			      struct genl_info *info);
37 
38 /* the netlink family */
39 static struct genl_family nl80211_fam = {
40 	.id = GENL_ID_GENERATE,		/* don't bother with a hardcoded ID */
41 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
42 	.hdrsize = 0,			/* no private header */
43 	.version = 1,			/* no particular meaning now */
44 	.maxattr = NL80211_ATTR_MAX,
45 	.netnsok = true,
46 	.pre_doit = nl80211_pre_doit,
47 	.post_doit = nl80211_post_doit,
48 };
49 
50 /* returns ERR_PTR values */
51 static struct wireless_dev *
52 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
53 {
54 	struct cfg80211_registered_device *rdev;
55 	struct wireless_dev *result = NULL;
56 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
57 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
58 	u64 wdev_id;
59 	int wiphy_idx = -1;
60 	int ifidx = -1;
61 
62 	ASSERT_RTNL();
63 
64 	if (!have_ifidx && !have_wdev_id)
65 		return ERR_PTR(-EINVAL);
66 
67 	if (have_ifidx)
68 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
69 	if (have_wdev_id) {
70 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
71 		wiphy_idx = wdev_id >> 32;
72 	}
73 
74 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
75 		struct wireless_dev *wdev;
76 
77 		if (wiphy_net(&rdev->wiphy) != netns)
78 			continue;
79 
80 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
81 			continue;
82 
83 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
84 			if (have_ifidx && wdev->netdev &&
85 			    wdev->netdev->ifindex == ifidx) {
86 				result = wdev;
87 				break;
88 			}
89 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
90 				result = wdev;
91 				break;
92 			}
93 		}
94 
95 		if (result)
96 			break;
97 	}
98 
99 	if (result)
100 		return result;
101 	return ERR_PTR(-ENODEV);
102 }
103 
104 static struct cfg80211_registered_device *
105 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
106 {
107 	struct cfg80211_registered_device *rdev = NULL, *tmp;
108 	struct net_device *netdev;
109 
110 	ASSERT_RTNL();
111 
112 	if (!attrs[NL80211_ATTR_WIPHY] &&
113 	    !attrs[NL80211_ATTR_IFINDEX] &&
114 	    !attrs[NL80211_ATTR_WDEV])
115 		return ERR_PTR(-EINVAL);
116 
117 	if (attrs[NL80211_ATTR_WIPHY])
118 		rdev = cfg80211_rdev_by_wiphy_idx(
119 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
120 
121 	if (attrs[NL80211_ATTR_WDEV]) {
122 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
123 		struct wireless_dev *wdev;
124 		bool found = false;
125 
126 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
127 		if (tmp) {
128 			/* make sure wdev exists */
129 			list_for_each_entry(wdev, &tmp->wdev_list, list) {
130 				if (wdev->identifier != (u32)wdev_id)
131 					continue;
132 				found = true;
133 				break;
134 			}
135 
136 			if (!found)
137 				tmp = NULL;
138 
139 			if (rdev && tmp != rdev)
140 				return ERR_PTR(-EINVAL);
141 			rdev = tmp;
142 		}
143 	}
144 
145 	if (attrs[NL80211_ATTR_IFINDEX]) {
146 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
147 		netdev = dev_get_by_index(netns, ifindex);
148 		if (netdev) {
149 			if (netdev->ieee80211_ptr)
150 				tmp = wiphy_to_dev(
151 						netdev->ieee80211_ptr->wiphy);
152 			else
153 				tmp = NULL;
154 
155 			dev_put(netdev);
156 
157 			/* not wireless device -- return error */
158 			if (!tmp)
159 				return ERR_PTR(-EINVAL);
160 
161 			/* mismatch -- return error */
162 			if (rdev && tmp != rdev)
163 				return ERR_PTR(-EINVAL);
164 
165 			rdev = tmp;
166 		}
167 	}
168 
169 	if (!rdev)
170 		return ERR_PTR(-ENODEV);
171 
172 	if (netns != wiphy_net(&rdev->wiphy))
173 		return ERR_PTR(-ENODEV);
174 
175 	return rdev;
176 }
177 
178 /*
179  * This function returns a pointer to the driver
180  * that the genl_info item that is passed refers to.
181  *
182  * The result of this can be a PTR_ERR and hence must
183  * be checked with IS_ERR() for errors.
184  */
185 static struct cfg80211_registered_device *
186 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
187 {
188 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
189 }
190 
191 /* policy for the attributes */
192 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
193 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
194 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
195 				      .len = 20-1 },
196 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
197 
198 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
199 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
200 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
201 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
202 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
203 
204 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
205 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
206 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
207 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
208 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
209 
210 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
211 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
212 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
213 
214 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
215 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
216 
217 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
218 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
219 				    .len = WLAN_MAX_KEY_LEN },
220 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
221 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
222 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
223 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
224 	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
225 
226 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
227 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
228 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
229 				       .len = IEEE80211_MAX_DATA_LEN },
230 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
231 				       .len = IEEE80211_MAX_DATA_LEN },
232 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
233 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
234 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
235 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
236 					       .len = NL80211_MAX_SUPP_RATES },
237 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
238 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
239 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
240 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
241 				   .len = IEEE80211_MAX_MESH_ID_LEN },
242 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
243 
244 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
245 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
246 
247 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
248 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
249 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
250 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
251 					   .len = NL80211_MAX_SUPP_RATES },
252 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
253 
254 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
255 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
256 
257 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
258 
259 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
260 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
261 			      .len = IEEE80211_MAX_DATA_LEN },
262 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
263 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
264 
265 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
266 				.len = IEEE80211_MAX_SSID_LEN },
267 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
268 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
269 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
270 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
271 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
272 	[NL80211_ATTR_STA_FLAGS2] = {
273 		.len = sizeof(struct nl80211_sta_flag_update),
274 	},
275 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
276 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
277 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
278 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
279 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
280 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
281 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
282 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
283 	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
284 				 .len = WLAN_PMKID_LEN },
285 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
286 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
287 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
288 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
289 				 .len = IEEE80211_MAX_DATA_LEN },
290 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
291 	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
292 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
293 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
294 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
295 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
296 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
297 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
298 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
299 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
300 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
301 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
302 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
303 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
304 	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
305 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
306 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
307 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
308 	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
309 	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
310 					 .len = IEEE80211_MAX_DATA_LEN },
311 	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
312 					 .len = IEEE80211_MAX_DATA_LEN },
313 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
314 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
315 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
316 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
317 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
318 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
319 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
320 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
321 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
322 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
323 				      .len = IEEE80211_MAX_DATA_LEN },
324 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
325 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
326 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
327 		.len = NL80211_HT_CAPABILITY_LEN
328 	},
329 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
330 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
331 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
332 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
333 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
334 	[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
335 	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
336 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
337 	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
338 	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
339 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
340 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
341 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
342 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
343 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
344 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
345 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
346 		.len = NL80211_VHT_CAPABILITY_LEN,
347 	},
348 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
349 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
350 				  .len = IEEE80211_MAX_DATA_LEN },
351 	[NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
352 };
353 
354 /* policy for the key attributes */
355 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
356 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
357 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
358 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
359 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
360 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
361 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
362 	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
363 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
364 };
365 
366 /* policy for the key default flags */
367 static const struct nla_policy
368 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
369 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
370 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
371 };
372 
373 /* policy for WoWLAN attributes */
374 static const struct nla_policy
375 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
376 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
377 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
378 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
379 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
380 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
381 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
382 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
383 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
384 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
385 };
386 
387 static const struct nla_policy
388 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
389 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
390 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
391 	[NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
392 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
393 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
394 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
395 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
396 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
397 	},
398 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
399 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
400 	},
401 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
402 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
403 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
404 };
405 
406 /* policy for GTK rekey offload attributes */
407 static const struct nla_policy
408 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
409 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
410 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
411 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
412 };
413 
414 static const struct nla_policy
415 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
416 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
417 						 .len = IEEE80211_MAX_SSID_LEN },
418 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
419 };
420 
421 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
422 				     struct netlink_callback *cb,
423 				     struct cfg80211_registered_device **rdev,
424 				     struct wireless_dev **wdev)
425 {
426 	int err;
427 
428 	rtnl_lock();
429 
430 	if (!cb->args[0]) {
431 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
432 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
433 				  nl80211_policy);
434 		if (err)
435 			goto out_unlock;
436 
437 		*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
438 						   nl80211_fam.attrbuf);
439 		if (IS_ERR(*wdev)) {
440 			err = PTR_ERR(*wdev);
441 			goto out_unlock;
442 		}
443 		*rdev = wiphy_to_dev((*wdev)->wiphy);
444 		cb->args[0] = (*rdev)->wiphy_idx;
445 		cb->args[1] = (*wdev)->identifier;
446 	} else {
447 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0]);
448 		struct wireless_dev *tmp;
449 
450 		if (!wiphy) {
451 			err = -ENODEV;
452 			goto out_unlock;
453 		}
454 		*rdev = wiphy_to_dev(wiphy);
455 		*wdev = NULL;
456 
457 		list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
458 			if (tmp->identifier == cb->args[1]) {
459 				*wdev = tmp;
460 				break;
461 			}
462 		}
463 
464 		if (!*wdev) {
465 			err = -ENODEV;
466 			goto out_unlock;
467 		}
468 	}
469 
470 	return 0;
471  out_unlock:
472 	rtnl_unlock();
473 	return err;
474 }
475 
476 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
477 {
478 	rtnl_unlock();
479 }
480 
481 /* IE validation */
482 static bool is_valid_ie_attr(const struct nlattr *attr)
483 {
484 	const u8 *pos;
485 	int len;
486 
487 	if (!attr)
488 		return true;
489 
490 	pos = nla_data(attr);
491 	len = nla_len(attr);
492 
493 	while (len) {
494 		u8 elemlen;
495 
496 		if (len < 2)
497 			return false;
498 		len -= 2;
499 
500 		elemlen = pos[1];
501 		if (elemlen > len)
502 			return false;
503 
504 		len -= elemlen;
505 		pos += 2 + elemlen;
506 	}
507 
508 	return true;
509 }
510 
511 /* message building helper */
512 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
513 				   int flags, u8 cmd)
514 {
515 	/* since there is no private header just add the generic one */
516 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
517 }
518 
519 static int nl80211_msg_put_channel(struct sk_buff *msg,
520 				   struct ieee80211_channel *chan,
521 				   bool large)
522 {
523 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
524 			chan->center_freq))
525 		goto nla_put_failure;
526 
527 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
528 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
529 		goto nla_put_failure;
530 	if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
531 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN))
532 		goto nla_put_failure;
533 	if ((chan->flags & IEEE80211_CHAN_NO_IBSS) &&
534 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS))
535 		goto nla_put_failure;
536 	if (chan->flags & IEEE80211_CHAN_RADAR) {
537 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
538 			goto nla_put_failure;
539 		if (large) {
540 			u32 time;
541 
542 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
543 
544 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
545 					chan->dfs_state))
546 				goto nla_put_failure;
547 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
548 					time))
549 				goto nla_put_failure;
550 		}
551 	}
552 
553 	if (large) {
554 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
555 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
556 			goto nla_put_failure;
557 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
558 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
559 			goto nla_put_failure;
560 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
561 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
562 			goto nla_put_failure;
563 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
564 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
565 			goto nla_put_failure;
566 	}
567 
568 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
569 			DBM_TO_MBM(chan->max_power)))
570 		goto nla_put_failure;
571 
572 	return 0;
573 
574  nla_put_failure:
575 	return -ENOBUFS;
576 }
577 
578 /* netlink command implementations */
579 
580 struct key_parse {
581 	struct key_params p;
582 	int idx;
583 	int type;
584 	bool def, defmgmt;
585 	bool def_uni, def_multi;
586 };
587 
588 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
589 {
590 	struct nlattr *tb[NL80211_KEY_MAX + 1];
591 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
592 				   nl80211_key_policy);
593 	if (err)
594 		return err;
595 
596 	k->def = !!tb[NL80211_KEY_DEFAULT];
597 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
598 
599 	if (k->def) {
600 		k->def_uni = true;
601 		k->def_multi = true;
602 	}
603 	if (k->defmgmt)
604 		k->def_multi = true;
605 
606 	if (tb[NL80211_KEY_IDX])
607 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
608 
609 	if (tb[NL80211_KEY_DATA]) {
610 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
611 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
612 	}
613 
614 	if (tb[NL80211_KEY_SEQ]) {
615 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
616 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
617 	}
618 
619 	if (tb[NL80211_KEY_CIPHER])
620 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
621 
622 	if (tb[NL80211_KEY_TYPE]) {
623 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
624 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
625 			return -EINVAL;
626 	}
627 
628 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
629 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
630 		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
631 				       tb[NL80211_KEY_DEFAULT_TYPES],
632 				       nl80211_key_default_policy);
633 		if (err)
634 			return err;
635 
636 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
637 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
638 	}
639 
640 	return 0;
641 }
642 
643 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
644 {
645 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
646 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
647 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
648 	}
649 
650 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
651 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
652 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
653 	}
654 
655 	if (info->attrs[NL80211_ATTR_KEY_IDX])
656 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
657 
658 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
659 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
660 
661 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
662 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
663 
664 	if (k->def) {
665 		k->def_uni = true;
666 		k->def_multi = true;
667 	}
668 	if (k->defmgmt)
669 		k->def_multi = true;
670 
671 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
672 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
673 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
674 			return -EINVAL;
675 	}
676 
677 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
678 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
679 		int err = nla_parse_nested(
680 				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
681 				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
682 				nl80211_key_default_policy);
683 		if (err)
684 			return err;
685 
686 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
687 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
688 	}
689 
690 	return 0;
691 }
692 
693 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
694 {
695 	int err;
696 
697 	memset(k, 0, sizeof(*k));
698 	k->idx = -1;
699 	k->type = -1;
700 
701 	if (info->attrs[NL80211_ATTR_KEY])
702 		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
703 	else
704 		err = nl80211_parse_key_old(info, k);
705 
706 	if (err)
707 		return err;
708 
709 	if (k->def && k->defmgmt)
710 		return -EINVAL;
711 
712 	if (k->defmgmt) {
713 		if (k->def_uni || !k->def_multi)
714 			return -EINVAL;
715 	}
716 
717 	if (k->idx != -1) {
718 		if (k->defmgmt) {
719 			if (k->idx < 4 || k->idx > 5)
720 				return -EINVAL;
721 		} else if (k->def) {
722 			if (k->idx < 0 || k->idx > 3)
723 				return -EINVAL;
724 		} else {
725 			if (k->idx < 0 || k->idx > 5)
726 				return -EINVAL;
727 		}
728 	}
729 
730 	return 0;
731 }
732 
733 static struct cfg80211_cached_keys *
734 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
735 		       struct nlattr *keys, bool *no_ht)
736 {
737 	struct key_parse parse;
738 	struct nlattr *key;
739 	struct cfg80211_cached_keys *result;
740 	int rem, err, def = 0;
741 
742 	result = kzalloc(sizeof(*result), GFP_KERNEL);
743 	if (!result)
744 		return ERR_PTR(-ENOMEM);
745 
746 	result->def = -1;
747 	result->defmgmt = -1;
748 
749 	nla_for_each_nested(key, keys, rem) {
750 		memset(&parse, 0, sizeof(parse));
751 		parse.idx = -1;
752 
753 		err = nl80211_parse_key_new(key, &parse);
754 		if (err)
755 			goto error;
756 		err = -EINVAL;
757 		if (!parse.p.key)
758 			goto error;
759 		if (parse.idx < 0 || parse.idx > 4)
760 			goto error;
761 		if (parse.def) {
762 			if (def)
763 				goto error;
764 			def = 1;
765 			result->def = parse.idx;
766 			if (!parse.def_uni || !parse.def_multi)
767 				goto error;
768 		} else if (parse.defmgmt)
769 			goto error;
770 		err = cfg80211_validate_key_settings(rdev, &parse.p,
771 						     parse.idx, false, NULL);
772 		if (err)
773 			goto error;
774 		result->params[parse.idx].cipher = parse.p.cipher;
775 		result->params[parse.idx].key_len = parse.p.key_len;
776 		result->params[parse.idx].key = result->data[parse.idx];
777 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
778 
779 		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
780 		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
781 			if (no_ht)
782 				*no_ht = true;
783 		}
784 	}
785 
786 	return result;
787  error:
788 	kfree(result);
789 	return ERR_PTR(err);
790 }
791 
792 static int nl80211_key_allowed(struct wireless_dev *wdev)
793 {
794 	ASSERT_WDEV_LOCK(wdev);
795 
796 	switch (wdev->iftype) {
797 	case NL80211_IFTYPE_AP:
798 	case NL80211_IFTYPE_AP_VLAN:
799 	case NL80211_IFTYPE_P2P_GO:
800 	case NL80211_IFTYPE_MESH_POINT:
801 		break;
802 	case NL80211_IFTYPE_ADHOC:
803 	case NL80211_IFTYPE_STATION:
804 	case NL80211_IFTYPE_P2P_CLIENT:
805 		if (!wdev->current_bss)
806 			return -ENOLINK;
807 		break;
808 	default:
809 		return -EINVAL;
810 	}
811 
812 	return 0;
813 }
814 
815 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
816 {
817 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
818 	int i;
819 
820 	if (!nl_modes)
821 		goto nla_put_failure;
822 
823 	i = 0;
824 	while (ifmodes) {
825 		if ((ifmodes & 1) && nla_put_flag(msg, i))
826 			goto nla_put_failure;
827 		ifmodes >>= 1;
828 		i++;
829 	}
830 
831 	nla_nest_end(msg, nl_modes);
832 	return 0;
833 
834 nla_put_failure:
835 	return -ENOBUFS;
836 }
837 
838 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
839 					  struct sk_buff *msg,
840 					  bool large)
841 {
842 	struct nlattr *nl_combis;
843 	int i, j;
844 
845 	nl_combis = nla_nest_start(msg,
846 				NL80211_ATTR_INTERFACE_COMBINATIONS);
847 	if (!nl_combis)
848 		goto nla_put_failure;
849 
850 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
851 		const struct ieee80211_iface_combination *c;
852 		struct nlattr *nl_combi, *nl_limits;
853 
854 		c = &wiphy->iface_combinations[i];
855 
856 		nl_combi = nla_nest_start(msg, i + 1);
857 		if (!nl_combi)
858 			goto nla_put_failure;
859 
860 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
861 		if (!nl_limits)
862 			goto nla_put_failure;
863 
864 		for (j = 0; j < c->n_limits; j++) {
865 			struct nlattr *nl_limit;
866 
867 			nl_limit = nla_nest_start(msg, j + 1);
868 			if (!nl_limit)
869 				goto nla_put_failure;
870 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
871 					c->limits[j].max))
872 				goto nla_put_failure;
873 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
874 						c->limits[j].types))
875 				goto nla_put_failure;
876 			nla_nest_end(msg, nl_limit);
877 		}
878 
879 		nla_nest_end(msg, nl_limits);
880 
881 		if (c->beacon_int_infra_match &&
882 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
883 			goto nla_put_failure;
884 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
885 				c->num_different_channels) ||
886 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
887 				c->max_interfaces))
888 			goto nla_put_failure;
889 		if (large &&
890 		    nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
891 				c->radar_detect_widths))
892 			goto nla_put_failure;
893 
894 		nla_nest_end(msg, nl_combi);
895 	}
896 
897 	nla_nest_end(msg, nl_combis);
898 
899 	return 0;
900 nla_put_failure:
901 	return -ENOBUFS;
902 }
903 
904 #ifdef CONFIG_PM
905 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
906 					struct sk_buff *msg)
907 {
908 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
909 	struct nlattr *nl_tcp;
910 
911 	if (!tcp)
912 		return 0;
913 
914 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
915 	if (!nl_tcp)
916 		return -ENOBUFS;
917 
918 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
919 			tcp->data_payload_max))
920 		return -ENOBUFS;
921 
922 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
923 			tcp->data_payload_max))
924 		return -ENOBUFS;
925 
926 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
927 		return -ENOBUFS;
928 
929 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
930 				sizeof(*tcp->tok), tcp->tok))
931 		return -ENOBUFS;
932 
933 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
934 			tcp->data_interval_max))
935 		return -ENOBUFS;
936 
937 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
938 			tcp->wake_payload_max))
939 		return -ENOBUFS;
940 
941 	nla_nest_end(msg, nl_tcp);
942 	return 0;
943 }
944 
945 static int nl80211_send_wowlan(struct sk_buff *msg,
946 			       struct cfg80211_registered_device *dev,
947 			       bool large)
948 {
949 	struct nlattr *nl_wowlan;
950 
951 	if (!dev->wiphy.wowlan)
952 		return 0;
953 
954 	nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
955 	if (!nl_wowlan)
956 		return -ENOBUFS;
957 
958 	if (((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
959 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
960 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
961 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
962 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
963 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
964 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
965 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
966 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
967 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
968 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
969 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
970 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
971 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
972 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
973 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
974 		return -ENOBUFS;
975 
976 	if (dev->wiphy.wowlan->n_patterns) {
977 		struct nl80211_wowlan_pattern_support pat = {
978 			.max_patterns = dev->wiphy.wowlan->n_patterns,
979 			.min_pattern_len = dev->wiphy.wowlan->pattern_min_len,
980 			.max_pattern_len = dev->wiphy.wowlan->pattern_max_len,
981 			.max_pkt_offset = dev->wiphy.wowlan->max_pkt_offset,
982 		};
983 
984 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
985 			    sizeof(pat), &pat))
986 			return -ENOBUFS;
987 	}
988 
989 	if (large && nl80211_send_wowlan_tcp_caps(dev, msg))
990 		return -ENOBUFS;
991 
992 	nla_nest_end(msg, nl_wowlan);
993 
994 	return 0;
995 }
996 #endif
997 
998 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
999 				      struct ieee80211_supported_band *sband)
1000 {
1001 	struct nlattr *nl_rates, *nl_rate;
1002 	struct ieee80211_rate *rate;
1003 	int i;
1004 
1005 	/* add HT info */
1006 	if (sband->ht_cap.ht_supported &&
1007 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1008 		     sizeof(sband->ht_cap.mcs),
1009 		     &sband->ht_cap.mcs) ||
1010 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1011 			 sband->ht_cap.cap) ||
1012 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1013 			sband->ht_cap.ampdu_factor) ||
1014 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1015 			sband->ht_cap.ampdu_density)))
1016 		return -ENOBUFS;
1017 
1018 	/* add VHT info */
1019 	if (sband->vht_cap.vht_supported &&
1020 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1021 		     sizeof(sband->vht_cap.vht_mcs),
1022 		     &sband->vht_cap.vht_mcs) ||
1023 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1024 			 sband->vht_cap.cap)))
1025 		return -ENOBUFS;
1026 
1027 	/* add bitrates */
1028 	nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1029 	if (!nl_rates)
1030 		return -ENOBUFS;
1031 
1032 	for (i = 0; i < sband->n_bitrates; i++) {
1033 		nl_rate = nla_nest_start(msg, i);
1034 		if (!nl_rate)
1035 			return -ENOBUFS;
1036 
1037 		rate = &sband->bitrates[i];
1038 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1039 				rate->bitrate))
1040 			return -ENOBUFS;
1041 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1042 		    nla_put_flag(msg,
1043 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1044 			return -ENOBUFS;
1045 
1046 		nla_nest_end(msg, nl_rate);
1047 	}
1048 
1049 	nla_nest_end(msg, nl_rates);
1050 
1051 	return 0;
1052 }
1053 
1054 static int
1055 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1056 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1057 {
1058 	u16 stypes;
1059 	struct nlattr *nl_ftypes, *nl_ifs;
1060 	enum nl80211_iftype ift;
1061 	int i;
1062 
1063 	if (!mgmt_stypes)
1064 		return 0;
1065 
1066 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1067 	if (!nl_ifs)
1068 		return -ENOBUFS;
1069 
1070 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1071 		nl_ftypes = nla_nest_start(msg, ift);
1072 		if (!nl_ftypes)
1073 			return -ENOBUFS;
1074 		i = 0;
1075 		stypes = mgmt_stypes[ift].tx;
1076 		while (stypes) {
1077 			if ((stypes & 1) &&
1078 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1079 					(i << 4) | IEEE80211_FTYPE_MGMT))
1080 				return -ENOBUFS;
1081 			stypes >>= 1;
1082 			i++;
1083 		}
1084 		nla_nest_end(msg, nl_ftypes);
1085 	}
1086 
1087 	nla_nest_end(msg, nl_ifs);
1088 
1089 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1090 	if (!nl_ifs)
1091 		return -ENOBUFS;
1092 
1093 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1094 		nl_ftypes = nla_nest_start(msg, ift);
1095 		if (!nl_ftypes)
1096 			return -ENOBUFS;
1097 		i = 0;
1098 		stypes = mgmt_stypes[ift].rx;
1099 		while (stypes) {
1100 			if ((stypes & 1) &&
1101 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1102 					(i << 4) | IEEE80211_FTYPE_MGMT))
1103 				return -ENOBUFS;
1104 			stypes >>= 1;
1105 			i++;
1106 		}
1107 		nla_nest_end(msg, nl_ftypes);
1108 	}
1109 	nla_nest_end(msg, nl_ifs);
1110 
1111 	return 0;
1112 }
1113 
1114 struct nl80211_dump_wiphy_state {
1115 	s64 filter_wiphy;
1116 	long start;
1117 	long split_start, band_start, chan_start;
1118 	bool split;
1119 };
1120 
1121 static int nl80211_send_wiphy(struct cfg80211_registered_device *dev,
1122 			      struct sk_buff *msg, u32 portid, u32 seq,
1123 			      int flags, struct nl80211_dump_wiphy_state *state)
1124 {
1125 	void *hdr;
1126 	struct nlattr *nl_bands, *nl_band;
1127 	struct nlattr *nl_freqs, *nl_freq;
1128 	struct nlattr *nl_cmds;
1129 	enum ieee80211_band band;
1130 	struct ieee80211_channel *chan;
1131 	int i;
1132 	const struct ieee80211_txrx_stypes *mgmt_stypes =
1133 				dev->wiphy.mgmt_stypes;
1134 	u32 features;
1135 
1136 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY);
1137 	if (!hdr)
1138 		return -ENOBUFS;
1139 
1140 	if (WARN_ON(!state))
1141 		return -EINVAL;
1142 
1143 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
1144 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1145 			   wiphy_name(&dev->wiphy)) ||
1146 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1147 			cfg80211_rdev_list_generation))
1148 		goto nla_put_failure;
1149 
1150 	switch (state->split_start) {
1151 	case 0:
1152 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1153 			       dev->wiphy.retry_short) ||
1154 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1155 			       dev->wiphy.retry_long) ||
1156 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1157 				dev->wiphy.frag_threshold) ||
1158 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1159 				dev->wiphy.rts_threshold) ||
1160 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1161 			       dev->wiphy.coverage_class) ||
1162 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1163 			       dev->wiphy.max_scan_ssids) ||
1164 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1165 			       dev->wiphy.max_sched_scan_ssids) ||
1166 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1167 				dev->wiphy.max_scan_ie_len) ||
1168 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1169 				dev->wiphy.max_sched_scan_ie_len) ||
1170 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1171 			       dev->wiphy.max_match_sets))
1172 			goto nla_put_failure;
1173 
1174 		if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1175 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1176 			goto nla_put_failure;
1177 		if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1178 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1179 			goto nla_put_failure;
1180 		if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1181 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1182 			goto nla_put_failure;
1183 		if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1184 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1185 			goto nla_put_failure;
1186 		if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1187 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1188 			goto nla_put_failure;
1189 		if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1190 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1191 			goto nla_put_failure;
1192 		if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1193 		    nla_put_flag(msg, WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1194 			goto nla_put_failure;
1195 
1196 		state->split_start++;
1197 		if (state->split)
1198 			break;
1199 	case 1:
1200 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1201 			    sizeof(u32) * dev->wiphy.n_cipher_suites,
1202 			    dev->wiphy.cipher_suites))
1203 			goto nla_put_failure;
1204 
1205 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1206 			       dev->wiphy.max_num_pmkids))
1207 			goto nla_put_failure;
1208 
1209 		if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1210 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1211 			goto nla_put_failure;
1212 
1213 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1214 				dev->wiphy.available_antennas_tx) ||
1215 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1216 				dev->wiphy.available_antennas_rx))
1217 			goto nla_put_failure;
1218 
1219 		if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1220 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1221 				dev->wiphy.probe_resp_offload))
1222 			goto nla_put_failure;
1223 
1224 		if ((dev->wiphy.available_antennas_tx ||
1225 		     dev->wiphy.available_antennas_rx) &&
1226 		    dev->ops->get_antenna) {
1227 			u32 tx_ant = 0, rx_ant = 0;
1228 			int res;
1229 			res = rdev_get_antenna(dev, &tx_ant, &rx_ant);
1230 			if (!res) {
1231 				if (nla_put_u32(msg,
1232 						NL80211_ATTR_WIPHY_ANTENNA_TX,
1233 						tx_ant) ||
1234 				    nla_put_u32(msg,
1235 						NL80211_ATTR_WIPHY_ANTENNA_RX,
1236 						rx_ant))
1237 					goto nla_put_failure;
1238 			}
1239 		}
1240 
1241 		state->split_start++;
1242 		if (state->split)
1243 			break;
1244 	case 2:
1245 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1246 					dev->wiphy.interface_modes))
1247 				goto nla_put_failure;
1248 		state->split_start++;
1249 		if (state->split)
1250 			break;
1251 	case 3:
1252 		nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1253 		if (!nl_bands)
1254 			goto nla_put_failure;
1255 
1256 		for (band = state->band_start;
1257 		     band < IEEE80211_NUM_BANDS; band++) {
1258 			struct ieee80211_supported_band *sband;
1259 
1260 			sband = dev->wiphy.bands[band];
1261 
1262 			if (!sband)
1263 				continue;
1264 
1265 			nl_band = nla_nest_start(msg, band);
1266 			if (!nl_band)
1267 				goto nla_put_failure;
1268 
1269 			switch (state->chan_start) {
1270 			case 0:
1271 				if (nl80211_send_band_rateinfo(msg, sband))
1272 					goto nla_put_failure;
1273 				state->chan_start++;
1274 				if (state->split)
1275 					break;
1276 			default:
1277 				/* add frequencies */
1278 				nl_freqs = nla_nest_start(
1279 					msg, NL80211_BAND_ATTR_FREQS);
1280 				if (!nl_freqs)
1281 					goto nla_put_failure;
1282 
1283 				for (i = state->chan_start - 1;
1284 				     i < sband->n_channels;
1285 				     i++) {
1286 					nl_freq = nla_nest_start(msg, i);
1287 					if (!nl_freq)
1288 						goto nla_put_failure;
1289 
1290 					chan = &sband->channels[i];
1291 
1292 					if (nl80211_msg_put_channel(
1293 							msg, chan,
1294 							state->split))
1295 						goto nla_put_failure;
1296 
1297 					nla_nest_end(msg, nl_freq);
1298 					if (state->split)
1299 						break;
1300 				}
1301 				if (i < sband->n_channels)
1302 					state->chan_start = i + 2;
1303 				else
1304 					state->chan_start = 0;
1305 				nla_nest_end(msg, nl_freqs);
1306 			}
1307 
1308 			nla_nest_end(msg, nl_band);
1309 
1310 			if (state->split) {
1311 				/* start again here */
1312 				if (state->chan_start)
1313 					band--;
1314 				break;
1315 			}
1316 		}
1317 		nla_nest_end(msg, nl_bands);
1318 
1319 		if (band < IEEE80211_NUM_BANDS)
1320 			state->band_start = band + 1;
1321 		else
1322 			state->band_start = 0;
1323 
1324 		/* if bands & channels are done, continue outside */
1325 		if (state->band_start == 0 && state->chan_start == 0)
1326 			state->split_start++;
1327 		if (state->split)
1328 			break;
1329 	case 4:
1330 		nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1331 		if (!nl_cmds)
1332 			goto nla_put_failure;
1333 
1334 		i = 0;
1335 #define CMD(op, n)							\
1336 		 do {							\
1337 			if (dev->ops->op) {				\
1338 				i++;					\
1339 				if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1340 					goto nla_put_failure;		\
1341 			}						\
1342 		} while (0)
1343 
1344 		CMD(add_virtual_intf, NEW_INTERFACE);
1345 		CMD(change_virtual_intf, SET_INTERFACE);
1346 		CMD(add_key, NEW_KEY);
1347 		CMD(start_ap, START_AP);
1348 		CMD(add_station, NEW_STATION);
1349 		CMD(add_mpath, NEW_MPATH);
1350 		CMD(update_mesh_config, SET_MESH_CONFIG);
1351 		CMD(change_bss, SET_BSS);
1352 		CMD(auth, AUTHENTICATE);
1353 		CMD(assoc, ASSOCIATE);
1354 		CMD(deauth, DEAUTHENTICATE);
1355 		CMD(disassoc, DISASSOCIATE);
1356 		CMD(join_ibss, JOIN_IBSS);
1357 		CMD(join_mesh, JOIN_MESH);
1358 		CMD(set_pmksa, SET_PMKSA);
1359 		CMD(del_pmksa, DEL_PMKSA);
1360 		CMD(flush_pmksa, FLUSH_PMKSA);
1361 		if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1362 			CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1363 		CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1364 		CMD(mgmt_tx, FRAME);
1365 		CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1366 		if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1367 			i++;
1368 			if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1369 				goto nla_put_failure;
1370 		}
1371 		if (dev->ops->set_monitor_channel || dev->ops->start_ap ||
1372 		    dev->ops->join_mesh) {
1373 			i++;
1374 			if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1375 				goto nla_put_failure;
1376 		}
1377 		CMD(set_wds_peer, SET_WDS_PEER);
1378 		if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1379 			CMD(tdls_mgmt, TDLS_MGMT);
1380 			CMD(tdls_oper, TDLS_OPER);
1381 		}
1382 		if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1383 			CMD(sched_scan_start, START_SCHED_SCAN);
1384 		CMD(probe_client, PROBE_CLIENT);
1385 		CMD(set_noack_map, SET_NOACK_MAP);
1386 		if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1387 			i++;
1388 			if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1389 				goto nla_put_failure;
1390 		}
1391 		CMD(start_p2p_device, START_P2P_DEVICE);
1392 		CMD(set_mcast_rate, SET_MCAST_RATE);
1393 		if (state->split) {
1394 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
1395 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1396 		}
1397 
1398 #ifdef CONFIG_NL80211_TESTMODE
1399 		CMD(testmode_cmd, TESTMODE);
1400 #endif
1401 
1402 #undef CMD
1403 
1404 		if (dev->ops->connect || dev->ops->auth) {
1405 			i++;
1406 			if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1407 				goto nla_put_failure;
1408 		}
1409 
1410 		if (dev->ops->disconnect || dev->ops->deauth) {
1411 			i++;
1412 			if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1413 				goto nla_put_failure;
1414 		}
1415 
1416 		nla_nest_end(msg, nl_cmds);
1417 		state->split_start++;
1418 		if (state->split)
1419 			break;
1420 	case 5:
1421 		if (dev->ops->remain_on_channel &&
1422 		    (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1423 		    nla_put_u32(msg,
1424 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1425 				dev->wiphy.max_remain_on_channel_duration))
1426 			goto nla_put_failure;
1427 
1428 		if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1429 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1430 			goto nla_put_failure;
1431 
1432 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1433 			goto nla_put_failure;
1434 		state->split_start++;
1435 		if (state->split)
1436 			break;
1437 	case 6:
1438 #ifdef CONFIG_PM
1439 		if (nl80211_send_wowlan(msg, dev, state->split))
1440 			goto nla_put_failure;
1441 		state->split_start++;
1442 		if (state->split)
1443 			break;
1444 #else
1445 		state->split_start++;
1446 #endif
1447 	case 7:
1448 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1449 					dev->wiphy.software_iftypes))
1450 			goto nla_put_failure;
1451 
1452 		if (nl80211_put_iface_combinations(&dev->wiphy, msg,
1453 						   state->split))
1454 			goto nla_put_failure;
1455 
1456 		state->split_start++;
1457 		if (state->split)
1458 			break;
1459 	case 8:
1460 		if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1461 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1462 				dev->wiphy.ap_sme_capa))
1463 			goto nla_put_failure;
1464 
1465 		features = dev->wiphy.features;
1466 		/*
1467 		 * We can only add the per-channel limit information if the
1468 		 * dump is split, otherwise it makes it too big. Therefore
1469 		 * only advertise it in that case.
1470 		 */
1471 		if (state->split)
1472 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1473 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1474 			goto nla_put_failure;
1475 
1476 		if (dev->wiphy.ht_capa_mod_mask &&
1477 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1478 			    sizeof(*dev->wiphy.ht_capa_mod_mask),
1479 			    dev->wiphy.ht_capa_mod_mask))
1480 			goto nla_put_failure;
1481 
1482 		if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1483 		    dev->wiphy.max_acl_mac_addrs &&
1484 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1485 				dev->wiphy.max_acl_mac_addrs))
1486 			goto nla_put_failure;
1487 
1488 		/*
1489 		 * Any information below this point is only available to
1490 		 * applications that can deal with it being split. This
1491 		 * helps ensure that newly added capabilities don't break
1492 		 * older tools by overrunning their buffers.
1493 		 *
1494 		 * We still increment split_start so that in the split
1495 		 * case we'll continue with more data in the next round,
1496 		 * but break unconditionally so unsplit data stops here.
1497 		 */
1498 		state->split_start++;
1499 		break;
1500 	case 9:
1501 		if (dev->wiphy.extended_capabilities &&
1502 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1503 			     dev->wiphy.extended_capabilities_len,
1504 			     dev->wiphy.extended_capabilities) ||
1505 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1506 			     dev->wiphy.extended_capabilities_len,
1507 			     dev->wiphy.extended_capabilities_mask)))
1508 			goto nla_put_failure;
1509 
1510 		if (dev->wiphy.vht_capa_mod_mask &&
1511 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1512 			    sizeof(*dev->wiphy.vht_capa_mod_mask),
1513 			    dev->wiphy.vht_capa_mod_mask))
1514 			goto nla_put_failure;
1515 
1516 		/* done */
1517 		state->split_start = 0;
1518 		break;
1519 	}
1520 	return genlmsg_end(msg, hdr);
1521 
1522  nla_put_failure:
1523 	genlmsg_cancel(msg, hdr);
1524 	return -EMSGSIZE;
1525 }
1526 
1527 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1528 				    struct netlink_callback *cb,
1529 				    struct nl80211_dump_wiphy_state *state)
1530 {
1531 	struct nlattr **tb = nl80211_fam.attrbuf;
1532 	int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1533 			      tb, nl80211_fam.maxattr, nl80211_policy);
1534 	/* ignore parse errors for backward compatibility */
1535 	if (ret)
1536 		return 0;
1537 
1538 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1539 	if (tb[NL80211_ATTR_WIPHY])
1540 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1541 	if (tb[NL80211_ATTR_WDEV])
1542 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1543 	if (tb[NL80211_ATTR_IFINDEX]) {
1544 		struct net_device *netdev;
1545 		struct cfg80211_registered_device *rdev;
1546 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1547 
1548 		netdev = dev_get_by_index(sock_net(skb->sk), ifidx);
1549 		if (!netdev)
1550 			return -ENODEV;
1551 		if (netdev->ieee80211_ptr) {
1552 			rdev = wiphy_to_dev(
1553 				netdev->ieee80211_ptr->wiphy);
1554 			state->filter_wiphy = rdev->wiphy_idx;
1555 		}
1556 		dev_put(netdev);
1557 	}
1558 
1559 	return 0;
1560 }
1561 
1562 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1563 {
1564 	int idx = 0, ret;
1565 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1566 	struct cfg80211_registered_device *dev;
1567 
1568 	rtnl_lock();
1569 	if (!state) {
1570 		state = kzalloc(sizeof(*state), GFP_KERNEL);
1571 		if (!state) {
1572 			rtnl_unlock();
1573 			return -ENOMEM;
1574 		}
1575 		state->filter_wiphy = -1;
1576 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
1577 		if (ret) {
1578 			kfree(state);
1579 			rtnl_unlock();
1580 			return ret;
1581 		}
1582 		cb->args[0] = (long)state;
1583 	}
1584 
1585 	list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1586 		if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1587 			continue;
1588 		if (++idx <= state->start)
1589 			continue;
1590 		if (state->filter_wiphy != -1 &&
1591 		    state->filter_wiphy != dev->wiphy_idx)
1592 			continue;
1593 		/* attempt to fit multiple wiphy data chunks into the skb */
1594 		do {
1595 			ret = nl80211_send_wiphy(dev, skb,
1596 						 NETLINK_CB(cb->skb).portid,
1597 						 cb->nlh->nlmsg_seq,
1598 						 NLM_F_MULTI, state);
1599 			if (ret < 0) {
1600 				/*
1601 				 * If sending the wiphy data didn't fit (ENOBUFS
1602 				 * or EMSGSIZE returned), this SKB is still
1603 				 * empty (so it's not too big because another
1604 				 * wiphy dataset is already in the skb) and
1605 				 * we've not tried to adjust the dump allocation
1606 				 * yet ... then adjust the alloc size to be
1607 				 * bigger, and return 1 but with the empty skb.
1608 				 * This results in an empty message being RX'ed
1609 				 * in userspace, but that is ignored.
1610 				 *
1611 				 * We can then retry with the larger buffer.
1612 				 */
1613 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1614 				    !skb->len &&
1615 				    cb->min_dump_alloc < 4096) {
1616 					cb->min_dump_alloc = 4096;
1617 					rtnl_unlock();
1618 					return 1;
1619 				}
1620 				idx--;
1621 				break;
1622 			}
1623 		} while (state->split_start > 0);
1624 		break;
1625 	}
1626 	rtnl_unlock();
1627 
1628 	state->start = idx;
1629 
1630 	return skb->len;
1631 }
1632 
1633 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1634 {
1635 	kfree((void *)cb->args[0]);
1636 	return 0;
1637 }
1638 
1639 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1640 {
1641 	struct sk_buff *msg;
1642 	struct cfg80211_registered_device *dev = info->user_ptr[0];
1643 	struct nl80211_dump_wiphy_state state = {};
1644 
1645 	msg = nlmsg_new(4096, GFP_KERNEL);
1646 	if (!msg)
1647 		return -ENOMEM;
1648 
1649 	if (nl80211_send_wiphy(dev, msg, info->snd_portid, info->snd_seq, 0,
1650 			       &state) < 0) {
1651 		nlmsg_free(msg);
1652 		return -ENOBUFS;
1653 	}
1654 
1655 	return genlmsg_reply(msg, info);
1656 }
1657 
1658 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1659 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1660 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1661 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1662 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1663 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1664 };
1665 
1666 static int parse_txq_params(struct nlattr *tb[],
1667 			    struct ieee80211_txq_params *txq_params)
1668 {
1669 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1670 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1671 	    !tb[NL80211_TXQ_ATTR_AIFS])
1672 		return -EINVAL;
1673 
1674 	txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1675 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1676 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1677 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1678 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1679 
1680 	if (txq_params->ac >= NL80211_NUM_ACS)
1681 		return -EINVAL;
1682 
1683 	return 0;
1684 }
1685 
1686 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1687 {
1688 	/*
1689 	 * You can only set the channel explicitly for WDS interfaces,
1690 	 * all others have their channel managed via their respective
1691 	 * "establish a connection" command (connect, join, ...)
1692 	 *
1693 	 * For AP/GO and mesh mode, the channel can be set with the
1694 	 * channel userspace API, but is only stored and passed to the
1695 	 * low-level driver when the AP starts or the mesh is joined.
1696 	 * This is for backward compatibility, userspace can also give
1697 	 * the channel in the start-ap or join-mesh commands instead.
1698 	 *
1699 	 * Monitors are special as they are normally slaved to
1700 	 * whatever else is going on, so they have their own special
1701 	 * operation to set the monitor channel if possible.
1702 	 */
1703 	return !wdev ||
1704 		wdev->iftype == NL80211_IFTYPE_AP ||
1705 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1706 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
1707 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1708 }
1709 
1710 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1711 				 struct genl_info *info,
1712 				 struct cfg80211_chan_def *chandef)
1713 {
1714 	u32 control_freq;
1715 
1716 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1717 		return -EINVAL;
1718 
1719 	control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1720 
1721 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1722 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1723 	chandef->center_freq1 = control_freq;
1724 	chandef->center_freq2 = 0;
1725 
1726 	/* Primary channel not allowed */
1727 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1728 		return -EINVAL;
1729 
1730 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1731 		enum nl80211_channel_type chantype;
1732 
1733 		chantype = nla_get_u32(
1734 				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1735 
1736 		switch (chantype) {
1737 		case NL80211_CHAN_NO_HT:
1738 		case NL80211_CHAN_HT20:
1739 		case NL80211_CHAN_HT40PLUS:
1740 		case NL80211_CHAN_HT40MINUS:
1741 			cfg80211_chandef_create(chandef, chandef->chan,
1742 						chantype);
1743 			break;
1744 		default:
1745 			return -EINVAL;
1746 		}
1747 	} else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1748 		chandef->width =
1749 			nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1750 		if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1751 			chandef->center_freq1 =
1752 				nla_get_u32(
1753 					info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1754 		if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1755 			chandef->center_freq2 =
1756 				nla_get_u32(
1757 					info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1758 	}
1759 
1760 	if (!cfg80211_chandef_valid(chandef))
1761 		return -EINVAL;
1762 
1763 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1764 				     IEEE80211_CHAN_DISABLED))
1765 		return -EINVAL;
1766 
1767 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1768 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
1769 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1770 		return -EINVAL;
1771 
1772 	return 0;
1773 }
1774 
1775 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1776 				 struct wireless_dev *wdev,
1777 				 struct genl_info *info)
1778 {
1779 	struct cfg80211_chan_def chandef;
1780 	int result;
1781 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1782 
1783 	if (wdev)
1784 		iftype = wdev->iftype;
1785 
1786 	if (!nl80211_can_set_dev_channel(wdev))
1787 		return -EOPNOTSUPP;
1788 
1789 	result = nl80211_parse_chandef(rdev, info, &chandef);
1790 	if (result)
1791 		return result;
1792 
1793 	switch (iftype) {
1794 	case NL80211_IFTYPE_AP:
1795 	case NL80211_IFTYPE_P2P_GO:
1796 		if (wdev->beacon_interval) {
1797 			result = -EBUSY;
1798 			break;
1799 		}
1800 		if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef)) {
1801 			result = -EINVAL;
1802 			break;
1803 		}
1804 		wdev->preset_chandef = chandef;
1805 		result = 0;
1806 		break;
1807 	case NL80211_IFTYPE_MESH_POINT:
1808 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
1809 		break;
1810 	case NL80211_IFTYPE_MONITOR:
1811 		result = cfg80211_set_monitor_channel(rdev, &chandef);
1812 		break;
1813 	default:
1814 		result = -EINVAL;
1815 	}
1816 
1817 	return result;
1818 }
1819 
1820 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1821 {
1822 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1823 	struct net_device *netdev = info->user_ptr[1];
1824 
1825 	return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1826 }
1827 
1828 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1829 {
1830 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1831 	struct net_device *dev = info->user_ptr[1];
1832 	struct wireless_dev *wdev = dev->ieee80211_ptr;
1833 	const u8 *bssid;
1834 
1835 	if (!info->attrs[NL80211_ATTR_MAC])
1836 		return -EINVAL;
1837 
1838 	if (netif_running(dev))
1839 		return -EBUSY;
1840 
1841 	if (!rdev->ops->set_wds_peer)
1842 		return -EOPNOTSUPP;
1843 
1844 	if (wdev->iftype != NL80211_IFTYPE_WDS)
1845 		return -EOPNOTSUPP;
1846 
1847 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1848 	return rdev_set_wds_peer(rdev, dev, bssid);
1849 }
1850 
1851 
1852 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1853 {
1854 	struct cfg80211_registered_device *rdev;
1855 	struct net_device *netdev = NULL;
1856 	struct wireless_dev *wdev;
1857 	int result = 0, rem_txq_params = 0;
1858 	struct nlattr *nl_txq_params;
1859 	u32 changed;
1860 	u8 retry_short = 0, retry_long = 0;
1861 	u32 frag_threshold = 0, rts_threshold = 0;
1862 	u8 coverage_class = 0;
1863 
1864 	ASSERT_RTNL();
1865 
1866 	/*
1867 	 * Try to find the wiphy and netdev. Normally this
1868 	 * function shouldn't need the netdev, but this is
1869 	 * done for backward compatibility -- previously
1870 	 * setting the channel was done per wiphy, but now
1871 	 * it is per netdev. Previous userland like hostapd
1872 	 * also passed a netdev to set_wiphy, so that it is
1873 	 * possible to let that go to the right netdev!
1874 	 */
1875 
1876 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
1877 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1878 
1879 		netdev = dev_get_by_index(genl_info_net(info), ifindex);
1880 		if (netdev && netdev->ieee80211_ptr)
1881 			rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1882 		else
1883 			netdev = NULL;
1884 	}
1885 
1886 	if (!netdev) {
1887 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
1888 						  info->attrs);
1889 		if (IS_ERR(rdev))
1890 			return PTR_ERR(rdev);
1891 		wdev = NULL;
1892 		netdev = NULL;
1893 		result = 0;
1894 	} else
1895 		wdev = netdev->ieee80211_ptr;
1896 
1897 	/*
1898 	 * end workaround code, by now the rdev is available
1899 	 * and locked, and wdev may or may not be NULL.
1900 	 */
1901 
1902 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1903 		result = cfg80211_dev_rename(
1904 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1905 
1906 	if (result)
1907 		goto bad_res;
1908 
1909 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1910 		struct ieee80211_txq_params txq_params;
1911 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1912 
1913 		if (!rdev->ops->set_txq_params) {
1914 			result = -EOPNOTSUPP;
1915 			goto bad_res;
1916 		}
1917 
1918 		if (!netdev) {
1919 			result = -EINVAL;
1920 			goto bad_res;
1921 		}
1922 
1923 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1924 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1925 			result = -EINVAL;
1926 			goto bad_res;
1927 		}
1928 
1929 		if (!netif_running(netdev)) {
1930 			result = -ENETDOWN;
1931 			goto bad_res;
1932 		}
1933 
1934 		nla_for_each_nested(nl_txq_params,
1935 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1936 				    rem_txq_params) {
1937 			nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1938 				  nla_data(nl_txq_params),
1939 				  nla_len(nl_txq_params),
1940 				  txq_params_policy);
1941 			result = parse_txq_params(tb, &txq_params);
1942 			if (result)
1943 				goto bad_res;
1944 
1945 			result = rdev_set_txq_params(rdev, netdev,
1946 						     &txq_params);
1947 			if (result)
1948 				goto bad_res;
1949 		}
1950 	}
1951 
1952 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1953 		result = __nl80211_set_channel(rdev,
1954 				nl80211_can_set_dev_channel(wdev) ? wdev : NULL,
1955 				info);
1956 		if (result)
1957 			goto bad_res;
1958 	}
1959 
1960 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1961 		struct wireless_dev *txp_wdev = wdev;
1962 		enum nl80211_tx_power_setting type;
1963 		int idx, mbm = 0;
1964 
1965 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
1966 			txp_wdev = NULL;
1967 
1968 		if (!rdev->ops->set_tx_power) {
1969 			result = -EOPNOTSUPP;
1970 			goto bad_res;
1971 		}
1972 
1973 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1974 		type = nla_get_u32(info->attrs[idx]);
1975 
1976 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1977 		    (type != NL80211_TX_POWER_AUTOMATIC)) {
1978 			result = -EINVAL;
1979 			goto bad_res;
1980 		}
1981 
1982 		if (type != NL80211_TX_POWER_AUTOMATIC) {
1983 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1984 			mbm = nla_get_u32(info->attrs[idx]);
1985 		}
1986 
1987 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
1988 		if (result)
1989 			goto bad_res;
1990 	}
1991 
1992 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1993 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1994 		u32 tx_ant, rx_ant;
1995 		if ((!rdev->wiphy.available_antennas_tx &&
1996 		     !rdev->wiphy.available_antennas_rx) ||
1997 		    !rdev->ops->set_antenna) {
1998 			result = -EOPNOTSUPP;
1999 			goto bad_res;
2000 		}
2001 
2002 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2003 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2004 
2005 		/* reject antenna configurations which don't match the
2006 		 * available antenna masks, except for the "all" mask */
2007 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2008 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
2009 			result = -EINVAL;
2010 			goto bad_res;
2011 		}
2012 
2013 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2014 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2015 
2016 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2017 		if (result)
2018 			goto bad_res;
2019 	}
2020 
2021 	changed = 0;
2022 
2023 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2024 		retry_short = nla_get_u8(
2025 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2026 		if (retry_short == 0) {
2027 			result = -EINVAL;
2028 			goto bad_res;
2029 		}
2030 		changed |= WIPHY_PARAM_RETRY_SHORT;
2031 	}
2032 
2033 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2034 		retry_long = nla_get_u8(
2035 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2036 		if (retry_long == 0) {
2037 			result = -EINVAL;
2038 			goto bad_res;
2039 		}
2040 		changed |= WIPHY_PARAM_RETRY_LONG;
2041 	}
2042 
2043 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2044 		frag_threshold = nla_get_u32(
2045 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2046 		if (frag_threshold < 256) {
2047 			result = -EINVAL;
2048 			goto bad_res;
2049 		}
2050 		if (frag_threshold != (u32) -1) {
2051 			/*
2052 			 * Fragments (apart from the last one) are required to
2053 			 * have even length. Make the fragmentation code
2054 			 * simpler by stripping LSB should someone try to use
2055 			 * odd threshold value.
2056 			 */
2057 			frag_threshold &= ~0x1;
2058 		}
2059 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2060 	}
2061 
2062 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2063 		rts_threshold = nla_get_u32(
2064 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2065 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2066 	}
2067 
2068 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2069 		coverage_class = nla_get_u8(
2070 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2071 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2072 	}
2073 
2074 	if (changed) {
2075 		u8 old_retry_short, old_retry_long;
2076 		u32 old_frag_threshold, old_rts_threshold;
2077 		u8 old_coverage_class;
2078 
2079 		if (!rdev->ops->set_wiphy_params) {
2080 			result = -EOPNOTSUPP;
2081 			goto bad_res;
2082 		}
2083 
2084 		old_retry_short = rdev->wiphy.retry_short;
2085 		old_retry_long = rdev->wiphy.retry_long;
2086 		old_frag_threshold = rdev->wiphy.frag_threshold;
2087 		old_rts_threshold = rdev->wiphy.rts_threshold;
2088 		old_coverage_class = rdev->wiphy.coverage_class;
2089 
2090 		if (changed & WIPHY_PARAM_RETRY_SHORT)
2091 			rdev->wiphy.retry_short = retry_short;
2092 		if (changed & WIPHY_PARAM_RETRY_LONG)
2093 			rdev->wiphy.retry_long = retry_long;
2094 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2095 			rdev->wiphy.frag_threshold = frag_threshold;
2096 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2097 			rdev->wiphy.rts_threshold = rts_threshold;
2098 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2099 			rdev->wiphy.coverage_class = coverage_class;
2100 
2101 		result = rdev_set_wiphy_params(rdev, changed);
2102 		if (result) {
2103 			rdev->wiphy.retry_short = old_retry_short;
2104 			rdev->wiphy.retry_long = old_retry_long;
2105 			rdev->wiphy.frag_threshold = old_frag_threshold;
2106 			rdev->wiphy.rts_threshold = old_rts_threshold;
2107 			rdev->wiphy.coverage_class = old_coverage_class;
2108 		}
2109 	}
2110 
2111  bad_res:
2112 	if (netdev)
2113 		dev_put(netdev);
2114 	return result;
2115 }
2116 
2117 static inline u64 wdev_id(struct wireless_dev *wdev)
2118 {
2119 	return (u64)wdev->identifier |
2120 	       ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32);
2121 }
2122 
2123 static int nl80211_send_chandef(struct sk_buff *msg,
2124 				 struct cfg80211_chan_def *chandef)
2125 {
2126 	WARN_ON(!cfg80211_chandef_valid(chandef));
2127 
2128 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2129 			chandef->chan->center_freq))
2130 		return -ENOBUFS;
2131 	switch (chandef->width) {
2132 	case NL80211_CHAN_WIDTH_20_NOHT:
2133 	case NL80211_CHAN_WIDTH_20:
2134 	case NL80211_CHAN_WIDTH_40:
2135 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2136 				cfg80211_get_chandef_type(chandef)))
2137 			return -ENOBUFS;
2138 		break;
2139 	default:
2140 		break;
2141 	}
2142 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2143 		return -ENOBUFS;
2144 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2145 		return -ENOBUFS;
2146 	if (chandef->center_freq2 &&
2147 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2148 		return -ENOBUFS;
2149 	return 0;
2150 }
2151 
2152 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2153 			      struct cfg80211_registered_device *rdev,
2154 			      struct wireless_dev *wdev)
2155 {
2156 	struct net_device *dev = wdev->netdev;
2157 	void *hdr;
2158 
2159 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
2160 	if (!hdr)
2161 		return -1;
2162 
2163 	if (dev &&
2164 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2165 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2166 		goto nla_put_failure;
2167 
2168 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2169 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2170 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2171 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2172 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
2173 			rdev->devlist_generation ^
2174 			(cfg80211_rdev_list_generation << 2)))
2175 		goto nla_put_failure;
2176 
2177 	if (rdev->ops->get_channel) {
2178 		int ret;
2179 		struct cfg80211_chan_def chandef;
2180 
2181 		ret = rdev_get_channel(rdev, wdev, &chandef);
2182 		if (ret == 0) {
2183 			if (nl80211_send_chandef(msg, &chandef))
2184 				goto nla_put_failure;
2185 		}
2186 	}
2187 
2188 	if (wdev->ssid_len) {
2189 		if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2190 			goto nla_put_failure;
2191 	}
2192 
2193 	return genlmsg_end(msg, hdr);
2194 
2195  nla_put_failure:
2196 	genlmsg_cancel(msg, hdr);
2197 	return -EMSGSIZE;
2198 }
2199 
2200 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2201 {
2202 	int wp_idx = 0;
2203 	int if_idx = 0;
2204 	int wp_start = cb->args[0];
2205 	int if_start = cb->args[1];
2206 	struct cfg80211_registered_device *rdev;
2207 	struct wireless_dev *wdev;
2208 
2209 	rtnl_lock();
2210 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2211 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2212 			continue;
2213 		if (wp_idx < wp_start) {
2214 			wp_idx++;
2215 			continue;
2216 		}
2217 		if_idx = 0;
2218 
2219 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
2220 			if (if_idx < if_start) {
2221 				if_idx++;
2222 				continue;
2223 			}
2224 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2225 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2226 					       rdev, wdev) < 0) {
2227 				goto out;
2228 			}
2229 			if_idx++;
2230 		}
2231 
2232 		wp_idx++;
2233 	}
2234  out:
2235 	rtnl_unlock();
2236 
2237 	cb->args[0] = wp_idx;
2238 	cb->args[1] = if_idx;
2239 
2240 	return skb->len;
2241 }
2242 
2243 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2244 {
2245 	struct sk_buff *msg;
2246 	struct cfg80211_registered_device *dev = info->user_ptr[0];
2247 	struct wireless_dev *wdev = info->user_ptr[1];
2248 
2249 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2250 	if (!msg)
2251 		return -ENOMEM;
2252 
2253 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2254 			       dev, wdev) < 0) {
2255 		nlmsg_free(msg);
2256 		return -ENOBUFS;
2257 	}
2258 
2259 	return genlmsg_reply(msg, info);
2260 }
2261 
2262 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2263 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2264 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2265 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2266 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2267 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2268 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2269 };
2270 
2271 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2272 {
2273 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2274 	int flag;
2275 
2276 	*mntrflags = 0;
2277 
2278 	if (!nla)
2279 		return -EINVAL;
2280 
2281 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2282 			     nla, mntr_flags_policy))
2283 		return -EINVAL;
2284 
2285 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2286 		if (flags[flag])
2287 			*mntrflags |= (1<<flag);
2288 
2289 	return 0;
2290 }
2291 
2292 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2293 			       struct net_device *netdev, u8 use_4addr,
2294 			       enum nl80211_iftype iftype)
2295 {
2296 	if (!use_4addr) {
2297 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2298 			return -EBUSY;
2299 		return 0;
2300 	}
2301 
2302 	switch (iftype) {
2303 	case NL80211_IFTYPE_AP_VLAN:
2304 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2305 			return 0;
2306 		break;
2307 	case NL80211_IFTYPE_STATION:
2308 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2309 			return 0;
2310 		break;
2311 	default:
2312 		break;
2313 	}
2314 
2315 	return -EOPNOTSUPP;
2316 }
2317 
2318 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2319 {
2320 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2321 	struct vif_params params;
2322 	int err;
2323 	enum nl80211_iftype otype, ntype;
2324 	struct net_device *dev = info->user_ptr[1];
2325 	u32 _flags, *flags = NULL;
2326 	bool change = false;
2327 
2328 	memset(&params, 0, sizeof(params));
2329 
2330 	otype = ntype = dev->ieee80211_ptr->iftype;
2331 
2332 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2333 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2334 		if (otype != ntype)
2335 			change = true;
2336 		if (ntype > NL80211_IFTYPE_MAX)
2337 			return -EINVAL;
2338 	}
2339 
2340 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
2341 		struct wireless_dev *wdev = dev->ieee80211_ptr;
2342 
2343 		if (ntype != NL80211_IFTYPE_MESH_POINT)
2344 			return -EINVAL;
2345 		if (netif_running(dev))
2346 			return -EBUSY;
2347 
2348 		wdev_lock(wdev);
2349 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2350 			     IEEE80211_MAX_MESH_ID_LEN);
2351 		wdev->mesh_id_up_len =
2352 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2353 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2354 		       wdev->mesh_id_up_len);
2355 		wdev_unlock(wdev);
2356 	}
2357 
2358 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2359 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2360 		change = true;
2361 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2362 		if (err)
2363 			return err;
2364 	} else {
2365 		params.use_4addr = -1;
2366 	}
2367 
2368 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2369 		if (ntype != NL80211_IFTYPE_MONITOR)
2370 			return -EINVAL;
2371 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2372 					  &_flags);
2373 		if (err)
2374 			return err;
2375 
2376 		flags = &_flags;
2377 		change = true;
2378 	}
2379 
2380 	if (flags && (*flags & NL80211_MNTR_FLAG_ACTIVE) &&
2381 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2382 		return -EOPNOTSUPP;
2383 
2384 	if (change)
2385 		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2386 	else
2387 		err = 0;
2388 
2389 	if (!err && params.use_4addr != -1)
2390 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
2391 
2392 	return err;
2393 }
2394 
2395 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2396 {
2397 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2398 	struct vif_params params;
2399 	struct wireless_dev *wdev;
2400 	struct sk_buff *msg;
2401 	int err;
2402 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2403 	u32 flags;
2404 
2405 	memset(&params, 0, sizeof(params));
2406 
2407 	if (!info->attrs[NL80211_ATTR_IFNAME])
2408 		return -EINVAL;
2409 
2410 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2411 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2412 		if (type > NL80211_IFTYPE_MAX)
2413 			return -EINVAL;
2414 	}
2415 
2416 	if (!rdev->ops->add_virtual_intf ||
2417 	    !(rdev->wiphy.interface_modes & (1 << type)))
2418 		return -EOPNOTSUPP;
2419 
2420 	if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) {
2421 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2422 			   ETH_ALEN);
2423 		if (!is_valid_ether_addr(params.macaddr))
2424 			return -EADDRNOTAVAIL;
2425 	}
2426 
2427 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2428 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2429 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2430 		if (err)
2431 			return err;
2432 	}
2433 
2434 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2435 	if (!msg)
2436 		return -ENOMEM;
2437 
2438 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2439 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2440 				  &flags);
2441 
2442 	if (!err && (flags & NL80211_MNTR_FLAG_ACTIVE) &&
2443 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2444 		return -EOPNOTSUPP;
2445 
2446 	wdev = rdev_add_virtual_intf(rdev,
2447 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2448 				type, err ? NULL : &flags, &params);
2449 	if (IS_ERR(wdev)) {
2450 		nlmsg_free(msg);
2451 		return PTR_ERR(wdev);
2452 	}
2453 
2454 	switch (type) {
2455 	case NL80211_IFTYPE_MESH_POINT:
2456 		if (!info->attrs[NL80211_ATTR_MESH_ID])
2457 			break;
2458 		wdev_lock(wdev);
2459 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2460 			     IEEE80211_MAX_MESH_ID_LEN);
2461 		wdev->mesh_id_up_len =
2462 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2463 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2464 		       wdev->mesh_id_up_len);
2465 		wdev_unlock(wdev);
2466 		break;
2467 	case NL80211_IFTYPE_P2P_DEVICE:
2468 		/*
2469 		 * P2P Device doesn't have a netdev, so doesn't go
2470 		 * through the netdev notifier and must be added here
2471 		 */
2472 		mutex_init(&wdev->mtx);
2473 		INIT_LIST_HEAD(&wdev->event_list);
2474 		spin_lock_init(&wdev->event_lock);
2475 		INIT_LIST_HEAD(&wdev->mgmt_registrations);
2476 		spin_lock_init(&wdev->mgmt_registrations_lock);
2477 
2478 		wdev->identifier = ++rdev->wdev_id;
2479 		list_add_rcu(&wdev->list, &rdev->wdev_list);
2480 		rdev->devlist_generation++;
2481 		break;
2482 	default:
2483 		break;
2484 	}
2485 
2486 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2487 			       rdev, wdev) < 0) {
2488 		nlmsg_free(msg);
2489 		return -ENOBUFS;
2490 	}
2491 
2492 	return genlmsg_reply(msg, info);
2493 }
2494 
2495 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2496 {
2497 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2498 	struct wireless_dev *wdev = info->user_ptr[1];
2499 
2500 	if (!rdev->ops->del_virtual_intf)
2501 		return -EOPNOTSUPP;
2502 
2503 	/*
2504 	 * If we remove a wireless device without a netdev then clear
2505 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
2506 	 * to check if it needs to do dev_put(). Otherwise it crashes
2507 	 * since the wdev has been freed, unlike with a netdev where
2508 	 * we need the dev_put() for the netdev to really be freed.
2509 	 */
2510 	if (!wdev->netdev)
2511 		info->user_ptr[1] = NULL;
2512 
2513 	return rdev_del_virtual_intf(rdev, wdev);
2514 }
2515 
2516 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2517 {
2518 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2519 	struct net_device *dev = info->user_ptr[1];
2520 	u16 noack_map;
2521 
2522 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2523 		return -EINVAL;
2524 
2525 	if (!rdev->ops->set_noack_map)
2526 		return -EOPNOTSUPP;
2527 
2528 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2529 
2530 	return rdev_set_noack_map(rdev, dev, noack_map);
2531 }
2532 
2533 struct get_key_cookie {
2534 	struct sk_buff *msg;
2535 	int error;
2536 	int idx;
2537 };
2538 
2539 static void get_key_callback(void *c, struct key_params *params)
2540 {
2541 	struct nlattr *key;
2542 	struct get_key_cookie *cookie = c;
2543 
2544 	if ((params->key &&
2545 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2546 		     params->key_len, params->key)) ||
2547 	    (params->seq &&
2548 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2549 		     params->seq_len, params->seq)) ||
2550 	    (params->cipher &&
2551 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2552 			 params->cipher)))
2553 		goto nla_put_failure;
2554 
2555 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2556 	if (!key)
2557 		goto nla_put_failure;
2558 
2559 	if ((params->key &&
2560 	     nla_put(cookie->msg, NL80211_KEY_DATA,
2561 		     params->key_len, params->key)) ||
2562 	    (params->seq &&
2563 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
2564 		     params->seq_len, params->seq)) ||
2565 	    (params->cipher &&
2566 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2567 			 params->cipher)))
2568 		goto nla_put_failure;
2569 
2570 	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2571 		goto nla_put_failure;
2572 
2573 	nla_nest_end(cookie->msg, key);
2574 
2575 	return;
2576  nla_put_failure:
2577 	cookie->error = 1;
2578 }
2579 
2580 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2581 {
2582 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2583 	int err;
2584 	struct net_device *dev = info->user_ptr[1];
2585 	u8 key_idx = 0;
2586 	const u8 *mac_addr = NULL;
2587 	bool pairwise;
2588 	struct get_key_cookie cookie = {
2589 		.error = 0,
2590 	};
2591 	void *hdr;
2592 	struct sk_buff *msg;
2593 
2594 	if (info->attrs[NL80211_ATTR_KEY_IDX])
2595 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2596 
2597 	if (key_idx > 5)
2598 		return -EINVAL;
2599 
2600 	if (info->attrs[NL80211_ATTR_MAC])
2601 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2602 
2603 	pairwise = !!mac_addr;
2604 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2605 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2606 		if (kt >= NUM_NL80211_KEYTYPES)
2607 			return -EINVAL;
2608 		if (kt != NL80211_KEYTYPE_GROUP &&
2609 		    kt != NL80211_KEYTYPE_PAIRWISE)
2610 			return -EINVAL;
2611 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2612 	}
2613 
2614 	if (!rdev->ops->get_key)
2615 		return -EOPNOTSUPP;
2616 
2617 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2618 	if (!msg)
2619 		return -ENOMEM;
2620 
2621 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2622 			     NL80211_CMD_NEW_KEY);
2623 	if (IS_ERR(hdr))
2624 		return PTR_ERR(hdr);
2625 
2626 	cookie.msg = msg;
2627 	cookie.idx = key_idx;
2628 
2629 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2630 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2631 		goto nla_put_failure;
2632 	if (mac_addr &&
2633 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2634 		goto nla_put_failure;
2635 
2636 	if (pairwise && mac_addr &&
2637 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2638 		return -ENOENT;
2639 
2640 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2641 			   get_key_callback);
2642 
2643 	if (err)
2644 		goto free_msg;
2645 
2646 	if (cookie.error)
2647 		goto nla_put_failure;
2648 
2649 	genlmsg_end(msg, hdr);
2650 	return genlmsg_reply(msg, info);
2651 
2652  nla_put_failure:
2653 	err = -ENOBUFS;
2654  free_msg:
2655 	nlmsg_free(msg);
2656 	return err;
2657 }
2658 
2659 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2660 {
2661 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2662 	struct key_parse key;
2663 	int err;
2664 	struct net_device *dev = info->user_ptr[1];
2665 
2666 	err = nl80211_parse_key(info, &key);
2667 	if (err)
2668 		return err;
2669 
2670 	if (key.idx < 0)
2671 		return -EINVAL;
2672 
2673 	/* only support setting default key */
2674 	if (!key.def && !key.defmgmt)
2675 		return -EINVAL;
2676 
2677 	wdev_lock(dev->ieee80211_ptr);
2678 
2679 	if (key.def) {
2680 		if (!rdev->ops->set_default_key) {
2681 			err = -EOPNOTSUPP;
2682 			goto out;
2683 		}
2684 
2685 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2686 		if (err)
2687 			goto out;
2688 
2689 		err = rdev_set_default_key(rdev, dev, key.idx,
2690 						 key.def_uni, key.def_multi);
2691 
2692 		if (err)
2693 			goto out;
2694 
2695 #ifdef CONFIG_CFG80211_WEXT
2696 		dev->ieee80211_ptr->wext.default_key = key.idx;
2697 #endif
2698 	} else {
2699 		if (key.def_uni || !key.def_multi) {
2700 			err = -EINVAL;
2701 			goto out;
2702 		}
2703 
2704 		if (!rdev->ops->set_default_mgmt_key) {
2705 			err = -EOPNOTSUPP;
2706 			goto out;
2707 		}
2708 
2709 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2710 		if (err)
2711 			goto out;
2712 
2713 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2714 		if (err)
2715 			goto out;
2716 
2717 #ifdef CONFIG_CFG80211_WEXT
2718 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2719 #endif
2720 	}
2721 
2722  out:
2723 	wdev_unlock(dev->ieee80211_ptr);
2724 
2725 	return err;
2726 }
2727 
2728 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2729 {
2730 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2731 	int err;
2732 	struct net_device *dev = info->user_ptr[1];
2733 	struct key_parse key;
2734 	const u8 *mac_addr = NULL;
2735 
2736 	err = nl80211_parse_key(info, &key);
2737 	if (err)
2738 		return err;
2739 
2740 	if (!key.p.key)
2741 		return -EINVAL;
2742 
2743 	if (info->attrs[NL80211_ATTR_MAC])
2744 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2745 
2746 	if (key.type == -1) {
2747 		if (mac_addr)
2748 			key.type = NL80211_KEYTYPE_PAIRWISE;
2749 		else
2750 			key.type = NL80211_KEYTYPE_GROUP;
2751 	}
2752 
2753 	/* for now */
2754 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2755 	    key.type != NL80211_KEYTYPE_GROUP)
2756 		return -EINVAL;
2757 
2758 	if (!rdev->ops->add_key)
2759 		return -EOPNOTSUPP;
2760 
2761 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2762 					   key.type == NL80211_KEYTYPE_PAIRWISE,
2763 					   mac_addr))
2764 		return -EINVAL;
2765 
2766 	wdev_lock(dev->ieee80211_ptr);
2767 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2768 	if (!err)
2769 		err = rdev_add_key(rdev, dev, key.idx,
2770 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2771 				    mac_addr, &key.p);
2772 	wdev_unlock(dev->ieee80211_ptr);
2773 
2774 	return err;
2775 }
2776 
2777 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2778 {
2779 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2780 	int err;
2781 	struct net_device *dev = info->user_ptr[1];
2782 	u8 *mac_addr = NULL;
2783 	struct key_parse key;
2784 
2785 	err = nl80211_parse_key(info, &key);
2786 	if (err)
2787 		return err;
2788 
2789 	if (info->attrs[NL80211_ATTR_MAC])
2790 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2791 
2792 	if (key.type == -1) {
2793 		if (mac_addr)
2794 			key.type = NL80211_KEYTYPE_PAIRWISE;
2795 		else
2796 			key.type = NL80211_KEYTYPE_GROUP;
2797 	}
2798 
2799 	/* for now */
2800 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2801 	    key.type != NL80211_KEYTYPE_GROUP)
2802 		return -EINVAL;
2803 
2804 	if (!rdev->ops->del_key)
2805 		return -EOPNOTSUPP;
2806 
2807 	wdev_lock(dev->ieee80211_ptr);
2808 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2809 
2810 	if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2811 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2812 		err = -ENOENT;
2813 
2814 	if (!err)
2815 		err = rdev_del_key(rdev, dev, key.idx,
2816 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2817 				   mac_addr);
2818 
2819 #ifdef CONFIG_CFG80211_WEXT
2820 	if (!err) {
2821 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
2822 			dev->ieee80211_ptr->wext.default_key = -1;
2823 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2824 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2825 	}
2826 #endif
2827 	wdev_unlock(dev->ieee80211_ptr);
2828 
2829 	return err;
2830 }
2831 
2832 /* This function returns an error or the number of nested attributes */
2833 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
2834 {
2835 	struct nlattr *attr;
2836 	int n_entries = 0, tmp;
2837 
2838 	nla_for_each_nested(attr, nl_attr, tmp) {
2839 		if (nla_len(attr) != ETH_ALEN)
2840 			return -EINVAL;
2841 
2842 		n_entries++;
2843 	}
2844 
2845 	return n_entries;
2846 }
2847 
2848 /*
2849  * This function parses ACL information and allocates memory for ACL data.
2850  * On successful return, the calling function is responsible to free the
2851  * ACL buffer returned by this function.
2852  */
2853 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
2854 						struct genl_info *info)
2855 {
2856 	enum nl80211_acl_policy acl_policy;
2857 	struct nlattr *attr;
2858 	struct cfg80211_acl_data *acl;
2859 	int i = 0, n_entries, tmp;
2860 
2861 	if (!wiphy->max_acl_mac_addrs)
2862 		return ERR_PTR(-EOPNOTSUPP);
2863 
2864 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
2865 		return ERR_PTR(-EINVAL);
2866 
2867 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
2868 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
2869 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
2870 		return ERR_PTR(-EINVAL);
2871 
2872 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
2873 		return ERR_PTR(-EINVAL);
2874 
2875 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
2876 	if (n_entries < 0)
2877 		return ERR_PTR(n_entries);
2878 
2879 	if (n_entries > wiphy->max_acl_mac_addrs)
2880 		return ERR_PTR(-ENOTSUPP);
2881 
2882 	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
2883 		      GFP_KERNEL);
2884 	if (!acl)
2885 		return ERR_PTR(-ENOMEM);
2886 
2887 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
2888 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
2889 		i++;
2890 	}
2891 
2892 	acl->n_acl_entries = n_entries;
2893 	acl->acl_policy = acl_policy;
2894 
2895 	return acl;
2896 }
2897 
2898 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
2899 {
2900 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2901 	struct net_device *dev = info->user_ptr[1];
2902 	struct cfg80211_acl_data *acl;
2903 	int err;
2904 
2905 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2906 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2907 		return -EOPNOTSUPP;
2908 
2909 	if (!dev->ieee80211_ptr->beacon_interval)
2910 		return -EINVAL;
2911 
2912 	acl = parse_acl_data(&rdev->wiphy, info);
2913 	if (IS_ERR(acl))
2914 		return PTR_ERR(acl);
2915 
2916 	err = rdev_set_mac_acl(rdev, dev, acl);
2917 
2918 	kfree(acl);
2919 
2920 	return err;
2921 }
2922 
2923 static int nl80211_parse_beacon(struct nlattr *attrs[],
2924 				struct cfg80211_beacon_data *bcn)
2925 {
2926 	bool haveinfo = false;
2927 
2928 	if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
2929 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
2930 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
2931 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
2932 		return -EINVAL;
2933 
2934 	memset(bcn, 0, sizeof(*bcn));
2935 
2936 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
2937 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
2938 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
2939 		if (!bcn->head_len)
2940 			return -EINVAL;
2941 		haveinfo = true;
2942 	}
2943 
2944 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
2945 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
2946 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
2947 		haveinfo = true;
2948 	}
2949 
2950 	if (!haveinfo)
2951 		return -EINVAL;
2952 
2953 	if (attrs[NL80211_ATTR_IE]) {
2954 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
2955 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
2956 	}
2957 
2958 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
2959 		bcn->proberesp_ies =
2960 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
2961 		bcn->proberesp_ies_len =
2962 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
2963 	}
2964 
2965 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
2966 		bcn->assocresp_ies =
2967 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2968 		bcn->assocresp_ies_len =
2969 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2970 	}
2971 
2972 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
2973 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
2974 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
2975 	}
2976 
2977 	return 0;
2978 }
2979 
2980 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
2981 				   struct cfg80211_ap_settings *params)
2982 {
2983 	struct wireless_dev *wdev;
2984 	bool ret = false;
2985 
2986 	list_for_each_entry(wdev, &rdev->wdev_list, list) {
2987 		if (wdev->iftype != NL80211_IFTYPE_AP &&
2988 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
2989 			continue;
2990 
2991 		if (!wdev->preset_chandef.chan)
2992 			continue;
2993 
2994 		params->chandef = wdev->preset_chandef;
2995 		ret = true;
2996 		break;
2997 	}
2998 
2999 	return ret;
3000 }
3001 
3002 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3003 				    enum nl80211_auth_type auth_type,
3004 				    enum nl80211_commands cmd)
3005 {
3006 	if (auth_type > NL80211_AUTHTYPE_MAX)
3007 		return false;
3008 
3009 	switch (cmd) {
3010 	case NL80211_CMD_AUTHENTICATE:
3011 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3012 		    auth_type == NL80211_AUTHTYPE_SAE)
3013 			return false;
3014 		return true;
3015 	case NL80211_CMD_CONNECT:
3016 	case NL80211_CMD_START_AP:
3017 		/* SAE not supported yet */
3018 		if (auth_type == NL80211_AUTHTYPE_SAE)
3019 			return false;
3020 		return true;
3021 	default:
3022 		return false;
3023 	}
3024 }
3025 
3026 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3027 {
3028 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3029 	struct net_device *dev = info->user_ptr[1];
3030 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3031 	struct cfg80211_ap_settings params;
3032 	int err;
3033 	u8 radar_detect_width = 0;
3034 
3035 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3036 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3037 		return -EOPNOTSUPP;
3038 
3039 	if (!rdev->ops->start_ap)
3040 		return -EOPNOTSUPP;
3041 
3042 	if (wdev->beacon_interval)
3043 		return -EALREADY;
3044 
3045 	memset(&params, 0, sizeof(params));
3046 
3047 	/* these are required for START_AP */
3048 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3049 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3050 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
3051 		return -EINVAL;
3052 
3053 	err = nl80211_parse_beacon(info->attrs, &params.beacon);
3054 	if (err)
3055 		return err;
3056 
3057 	params.beacon_interval =
3058 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3059 	params.dtim_period =
3060 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3061 
3062 	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3063 	if (err)
3064 		return err;
3065 
3066 	/*
3067 	 * In theory, some of these attributes should be required here
3068 	 * but since they were not used when the command was originally
3069 	 * added, keep them optional for old user space programs to let
3070 	 * them continue to work with drivers that do not need the
3071 	 * additional information -- drivers must check!
3072 	 */
3073 	if (info->attrs[NL80211_ATTR_SSID]) {
3074 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3075 		params.ssid_len =
3076 			nla_len(info->attrs[NL80211_ATTR_SSID]);
3077 		if (params.ssid_len == 0 ||
3078 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
3079 			return -EINVAL;
3080 	}
3081 
3082 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3083 		params.hidden_ssid = nla_get_u32(
3084 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3085 		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3086 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3087 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3088 			return -EINVAL;
3089 	}
3090 
3091 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3092 
3093 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3094 		params.auth_type = nla_get_u32(
3095 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
3096 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
3097 					     NL80211_CMD_START_AP))
3098 			return -EINVAL;
3099 	} else
3100 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3101 
3102 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
3103 				      NL80211_MAX_NR_CIPHER_SUITES);
3104 	if (err)
3105 		return err;
3106 
3107 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3108 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3109 			return -EOPNOTSUPP;
3110 		params.inactivity_timeout = nla_get_u16(
3111 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3112 	}
3113 
3114 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3115 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3116 			return -EINVAL;
3117 		params.p2p_ctwindow =
3118 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3119 		if (params.p2p_ctwindow > 127)
3120 			return -EINVAL;
3121 		if (params.p2p_ctwindow != 0 &&
3122 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3123 			return -EINVAL;
3124 	}
3125 
3126 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3127 		u8 tmp;
3128 
3129 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3130 			return -EINVAL;
3131 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3132 		if (tmp > 1)
3133 			return -EINVAL;
3134 		params.p2p_opp_ps = tmp;
3135 		if (params.p2p_opp_ps != 0 &&
3136 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3137 			return -EINVAL;
3138 	}
3139 
3140 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3141 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
3142 		if (err)
3143 			return err;
3144 	} else if (wdev->preset_chandef.chan) {
3145 		params.chandef = wdev->preset_chandef;
3146 	} else if (!nl80211_get_ap_channel(rdev, &params))
3147 		return -EINVAL;
3148 
3149 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef))
3150 		return -EINVAL;
3151 
3152 	err = cfg80211_chandef_dfs_required(wdev->wiphy, &params.chandef);
3153 	if (err < 0)
3154 		return err;
3155 	if (err) {
3156 		radar_detect_width = BIT(params.chandef.width);
3157 		params.radar_required = true;
3158 	}
3159 
3160 	err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
3161 					   params.chandef.chan,
3162 					   CHAN_MODE_SHARED,
3163 					   radar_detect_width);
3164 	if (err)
3165 		return err;
3166 
3167 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3168 		params.acl = parse_acl_data(&rdev->wiphy, info);
3169 		if (IS_ERR(params.acl))
3170 			return PTR_ERR(params.acl);
3171 	}
3172 
3173 	err = rdev_start_ap(rdev, dev, &params);
3174 	if (!err) {
3175 		wdev->preset_chandef = params.chandef;
3176 		wdev->beacon_interval = params.beacon_interval;
3177 		wdev->channel = params.chandef.chan;
3178 		wdev->ssid_len = params.ssid_len;
3179 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3180 	}
3181 
3182 	kfree(params.acl);
3183 
3184 	return err;
3185 }
3186 
3187 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3188 {
3189 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3190 	struct net_device *dev = info->user_ptr[1];
3191 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3192 	struct cfg80211_beacon_data params;
3193 	int err;
3194 
3195 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3196 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3197 		return -EOPNOTSUPP;
3198 
3199 	if (!rdev->ops->change_beacon)
3200 		return -EOPNOTSUPP;
3201 
3202 	if (!wdev->beacon_interval)
3203 		return -EINVAL;
3204 
3205 	err = nl80211_parse_beacon(info->attrs, &params);
3206 	if (err)
3207 		return err;
3208 
3209 	return rdev_change_beacon(rdev, dev, &params);
3210 }
3211 
3212 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3213 {
3214 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3215 	struct net_device *dev = info->user_ptr[1];
3216 
3217 	return cfg80211_stop_ap(rdev, dev);
3218 }
3219 
3220 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3221 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3222 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3223 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3224 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3225 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3226 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3227 };
3228 
3229 static int parse_station_flags(struct genl_info *info,
3230 			       enum nl80211_iftype iftype,
3231 			       struct station_parameters *params)
3232 {
3233 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3234 	struct nlattr *nla;
3235 	int flag;
3236 
3237 	/*
3238 	 * Try parsing the new attribute first so userspace
3239 	 * can specify both for older kernels.
3240 	 */
3241 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3242 	if (nla) {
3243 		struct nl80211_sta_flag_update *sta_flags;
3244 
3245 		sta_flags = nla_data(nla);
3246 		params->sta_flags_mask = sta_flags->mask;
3247 		params->sta_flags_set = sta_flags->set;
3248 		params->sta_flags_set &= params->sta_flags_mask;
3249 		if ((params->sta_flags_mask |
3250 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3251 			return -EINVAL;
3252 		return 0;
3253 	}
3254 
3255 	/* if present, parse the old attribute */
3256 
3257 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3258 	if (!nla)
3259 		return 0;
3260 
3261 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3262 			     nla, sta_flags_policy))
3263 		return -EINVAL;
3264 
3265 	/*
3266 	 * Only allow certain flags for interface types so that
3267 	 * other attributes are silently ignored. Remember that
3268 	 * this is backward compatibility code with old userspace
3269 	 * and shouldn't be hit in other cases anyway.
3270 	 */
3271 	switch (iftype) {
3272 	case NL80211_IFTYPE_AP:
3273 	case NL80211_IFTYPE_AP_VLAN:
3274 	case NL80211_IFTYPE_P2P_GO:
3275 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3276 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3277 					 BIT(NL80211_STA_FLAG_WME) |
3278 					 BIT(NL80211_STA_FLAG_MFP);
3279 		break;
3280 	case NL80211_IFTYPE_P2P_CLIENT:
3281 	case NL80211_IFTYPE_STATION:
3282 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3283 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
3284 		break;
3285 	case NL80211_IFTYPE_MESH_POINT:
3286 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3287 					 BIT(NL80211_STA_FLAG_MFP) |
3288 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
3289 	default:
3290 		return -EINVAL;
3291 	}
3292 
3293 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3294 		if (flags[flag]) {
3295 			params->sta_flags_set |= (1<<flag);
3296 
3297 			/* no longer support new API additions in old API */
3298 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3299 				return -EINVAL;
3300 		}
3301 	}
3302 
3303 	return 0;
3304 }
3305 
3306 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3307 				 int attr)
3308 {
3309 	struct nlattr *rate;
3310 	u32 bitrate;
3311 	u16 bitrate_compat;
3312 
3313 	rate = nla_nest_start(msg, attr);
3314 	if (!rate)
3315 		return false;
3316 
3317 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3318 	bitrate = cfg80211_calculate_bitrate(info);
3319 	/* report 16-bit bitrate only if we can */
3320 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3321 	if (bitrate > 0 &&
3322 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3323 		return false;
3324 	if (bitrate_compat > 0 &&
3325 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3326 		return false;
3327 
3328 	if (info->flags & RATE_INFO_FLAGS_MCS) {
3329 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3330 			return false;
3331 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3332 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3333 			return false;
3334 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3335 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3336 			return false;
3337 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3338 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3339 			return false;
3340 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3341 			return false;
3342 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3343 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3344 			return false;
3345 		if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH &&
3346 		    nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH))
3347 			return false;
3348 		if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH &&
3349 		    nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH))
3350 			return false;
3351 		if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH &&
3352 		    nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH))
3353 			return false;
3354 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3355 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3356 			return false;
3357 	}
3358 
3359 	nla_nest_end(msg, rate);
3360 	return true;
3361 }
3362 
3363 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3364 			       int id)
3365 {
3366 	void *attr;
3367 	int i = 0;
3368 
3369 	if (!mask)
3370 		return true;
3371 
3372 	attr = nla_nest_start(msg, id);
3373 	if (!attr)
3374 		return false;
3375 
3376 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3377 		if (!(mask & BIT(i)))
3378 			continue;
3379 
3380 		if (nla_put_u8(msg, i, signal[i]))
3381 			return false;
3382 	}
3383 
3384 	nla_nest_end(msg, attr);
3385 
3386 	return true;
3387 }
3388 
3389 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
3390 				int flags,
3391 				struct cfg80211_registered_device *rdev,
3392 				struct net_device *dev,
3393 				const u8 *mac_addr, struct station_info *sinfo)
3394 {
3395 	void *hdr;
3396 	struct nlattr *sinfoattr, *bss_param;
3397 
3398 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3399 	if (!hdr)
3400 		return -1;
3401 
3402 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3403 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3404 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3405 		goto nla_put_failure;
3406 
3407 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3408 	if (!sinfoattr)
3409 		goto nla_put_failure;
3410 	if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
3411 	    nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
3412 			sinfo->connected_time))
3413 		goto nla_put_failure;
3414 	if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
3415 	    nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
3416 			sinfo->inactive_time))
3417 		goto nla_put_failure;
3418 	if ((sinfo->filled & (STATION_INFO_RX_BYTES |
3419 			      STATION_INFO_RX_BYTES64)) &&
3420 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3421 			(u32)sinfo->rx_bytes))
3422 		goto nla_put_failure;
3423 	if ((sinfo->filled & (STATION_INFO_TX_BYTES |
3424 			      STATION_INFO_TX_BYTES64)) &&
3425 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3426 			(u32)sinfo->tx_bytes))
3427 		goto nla_put_failure;
3428 	if ((sinfo->filled & STATION_INFO_RX_BYTES64) &&
3429 	    nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64,
3430 			sinfo->rx_bytes))
3431 		goto nla_put_failure;
3432 	if ((sinfo->filled & STATION_INFO_TX_BYTES64) &&
3433 	    nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64,
3434 			sinfo->tx_bytes))
3435 		goto nla_put_failure;
3436 	if ((sinfo->filled & STATION_INFO_LLID) &&
3437 	    nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
3438 		goto nla_put_failure;
3439 	if ((sinfo->filled & STATION_INFO_PLID) &&
3440 	    nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
3441 		goto nla_put_failure;
3442 	if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
3443 	    nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
3444 		       sinfo->plink_state))
3445 		goto nla_put_failure;
3446 	switch (rdev->wiphy.signal_type) {
3447 	case CFG80211_SIGNAL_TYPE_MBM:
3448 		if ((sinfo->filled & STATION_INFO_SIGNAL) &&
3449 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
3450 			       sinfo->signal))
3451 			goto nla_put_failure;
3452 		if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
3453 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
3454 			       sinfo->signal_avg))
3455 			goto nla_put_failure;
3456 		break;
3457 	default:
3458 		break;
3459 	}
3460 	if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL) {
3461 		if (!nl80211_put_signal(msg, sinfo->chains,
3462 					sinfo->chain_signal,
3463 					NL80211_STA_INFO_CHAIN_SIGNAL))
3464 			goto nla_put_failure;
3465 	}
3466 	if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL_AVG) {
3467 		if (!nl80211_put_signal(msg, sinfo->chains,
3468 					sinfo->chain_signal_avg,
3469 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3470 			goto nla_put_failure;
3471 	}
3472 	if (sinfo->filled & STATION_INFO_TX_BITRATE) {
3473 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3474 					  NL80211_STA_INFO_TX_BITRATE))
3475 			goto nla_put_failure;
3476 	}
3477 	if (sinfo->filled & STATION_INFO_RX_BITRATE) {
3478 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3479 					  NL80211_STA_INFO_RX_BITRATE))
3480 			goto nla_put_failure;
3481 	}
3482 	if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
3483 	    nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
3484 			sinfo->rx_packets))
3485 		goto nla_put_failure;
3486 	if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
3487 	    nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
3488 			sinfo->tx_packets))
3489 		goto nla_put_failure;
3490 	if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
3491 	    nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
3492 			sinfo->tx_retries))
3493 		goto nla_put_failure;
3494 	if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
3495 	    nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
3496 			sinfo->tx_failed))
3497 		goto nla_put_failure;
3498 	if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
3499 	    nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
3500 			sinfo->beacon_loss_count))
3501 		goto nla_put_failure;
3502 	if ((sinfo->filled & STATION_INFO_LOCAL_PM) &&
3503 	    nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM,
3504 			sinfo->local_pm))
3505 		goto nla_put_failure;
3506 	if ((sinfo->filled & STATION_INFO_PEER_PM) &&
3507 	    nla_put_u32(msg, NL80211_STA_INFO_PEER_PM,
3508 			sinfo->peer_pm))
3509 		goto nla_put_failure;
3510 	if ((sinfo->filled & STATION_INFO_NONPEER_PM) &&
3511 	    nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM,
3512 			sinfo->nonpeer_pm))
3513 		goto nla_put_failure;
3514 	if (sinfo->filled & STATION_INFO_BSS_PARAM) {
3515 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3516 		if (!bss_param)
3517 			goto nla_put_failure;
3518 
3519 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3520 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3521 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3522 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3523 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3524 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3525 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3526 			       sinfo->bss_param.dtim_period) ||
3527 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3528 				sinfo->bss_param.beacon_interval))
3529 			goto nla_put_failure;
3530 
3531 		nla_nest_end(msg, bss_param);
3532 	}
3533 	if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
3534 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3535 		    sizeof(struct nl80211_sta_flag_update),
3536 		    &sinfo->sta_flags))
3537 		goto nla_put_failure;
3538 	if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
3539 		nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
3540 			    sinfo->t_offset))
3541 		goto nla_put_failure;
3542 	nla_nest_end(msg, sinfoattr);
3543 
3544 	if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
3545 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3546 		    sinfo->assoc_req_ies))
3547 		goto nla_put_failure;
3548 
3549 	return genlmsg_end(msg, hdr);
3550 
3551  nla_put_failure:
3552 	genlmsg_cancel(msg, hdr);
3553 	return -EMSGSIZE;
3554 }
3555 
3556 static int nl80211_dump_station(struct sk_buff *skb,
3557 				struct netlink_callback *cb)
3558 {
3559 	struct station_info sinfo;
3560 	struct cfg80211_registered_device *dev;
3561 	struct wireless_dev *wdev;
3562 	u8 mac_addr[ETH_ALEN];
3563 	int sta_idx = cb->args[2];
3564 	int err;
3565 
3566 	err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
3567 	if (err)
3568 		return err;
3569 
3570 	if (!wdev->netdev) {
3571 		err = -EINVAL;
3572 		goto out_err;
3573 	}
3574 
3575 	if (!dev->ops->dump_station) {
3576 		err = -EOPNOTSUPP;
3577 		goto out_err;
3578 	}
3579 
3580 	while (1) {
3581 		memset(&sinfo, 0, sizeof(sinfo));
3582 		err = rdev_dump_station(dev, wdev->netdev, sta_idx,
3583 					mac_addr, &sinfo);
3584 		if (err == -ENOENT)
3585 			break;
3586 		if (err)
3587 			goto out_err;
3588 
3589 		if (nl80211_send_station(skb,
3590 				NETLINK_CB(cb->skb).portid,
3591 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
3592 				dev, wdev->netdev, mac_addr,
3593 				&sinfo) < 0)
3594 			goto out;
3595 
3596 		sta_idx++;
3597 	}
3598 
3599 
3600  out:
3601 	cb->args[2] = sta_idx;
3602 	err = skb->len;
3603  out_err:
3604 	nl80211_finish_wdev_dump(dev);
3605 
3606 	return err;
3607 }
3608 
3609 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3610 {
3611 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3612 	struct net_device *dev = info->user_ptr[1];
3613 	struct station_info sinfo;
3614 	struct sk_buff *msg;
3615 	u8 *mac_addr = NULL;
3616 	int err;
3617 
3618 	memset(&sinfo, 0, sizeof(sinfo));
3619 
3620 	if (!info->attrs[NL80211_ATTR_MAC])
3621 		return -EINVAL;
3622 
3623 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3624 
3625 	if (!rdev->ops->get_station)
3626 		return -EOPNOTSUPP;
3627 
3628 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3629 	if (err)
3630 		return err;
3631 
3632 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3633 	if (!msg)
3634 		return -ENOMEM;
3635 
3636 	if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
3637 				 rdev, dev, mac_addr, &sinfo) < 0) {
3638 		nlmsg_free(msg);
3639 		return -ENOBUFS;
3640 	}
3641 
3642 	return genlmsg_reply(msg, info);
3643 }
3644 
3645 int cfg80211_check_station_change(struct wiphy *wiphy,
3646 				  struct station_parameters *params,
3647 				  enum cfg80211_station_type statype)
3648 {
3649 	if (params->listen_interval != -1)
3650 		return -EINVAL;
3651 	if (params->aid)
3652 		return -EINVAL;
3653 
3654 	/* When you run into this, adjust the code below for the new flag */
3655 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3656 
3657 	switch (statype) {
3658 	case CFG80211_STA_MESH_PEER_KERNEL:
3659 	case CFG80211_STA_MESH_PEER_USER:
3660 		/*
3661 		 * No ignoring the TDLS flag here -- the userspace mesh
3662 		 * code doesn't have the bug of including TDLS in the
3663 		 * mask everywhere.
3664 		 */
3665 		if (params->sta_flags_mask &
3666 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3667 				  BIT(NL80211_STA_FLAG_MFP) |
3668 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
3669 			return -EINVAL;
3670 		break;
3671 	case CFG80211_STA_TDLS_PEER_SETUP:
3672 	case CFG80211_STA_TDLS_PEER_ACTIVE:
3673 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3674 			return -EINVAL;
3675 		/* ignore since it can't change */
3676 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3677 		break;
3678 	default:
3679 		/* disallow mesh-specific things */
3680 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3681 			return -EINVAL;
3682 		if (params->local_pm)
3683 			return -EINVAL;
3684 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3685 			return -EINVAL;
3686 	}
3687 
3688 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
3689 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
3690 		/* TDLS can't be set, ... */
3691 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3692 			return -EINVAL;
3693 		/*
3694 		 * ... but don't bother the driver with it. This works around
3695 		 * a hostapd/wpa_supplicant issue -- it always includes the
3696 		 * TLDS_PEER flag in the mask even for AP mode.
3697 		 */
3698 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3699 	}
3700 
3701 	if (statype != CFG80211_STA_TDLS_PEER_SETUP) {
3702 		/* reject other things that can't change */
3703 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
3704 			return -EINVAL;
3705 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
3706 			return -EINVAL;
3707 		if (params->supported_rates)
3708 			return -EINVAL;
3709 		if (params->ext_capab || params->ht_capa || params->vht_capa)
3710 			return -EINVAL;
3711 	}
3712 
3713 	if (statype != CFG80211_STA_AP_CLIENT) {
3714 		if (params->vlan)
3715 			return -EINVAL;
3716 	}
3717 
3718 	switch (statype) {
3719 	case CFG80211_STA_AP_MLME_CLIENT:
3720 		/* Use this only for authorizing/unauthorizing a station */
3721 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
3722 			return -EOPNOTSUPP;
3723 		break;
3724 	case CFG80211_STA_AP_CLIENT:
3725 		/* accept only the listed bits */
3726 		if (params->sta_flags_mask &
3727 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3728 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3729 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
3730 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3731 				  BIT(NL80211_STA_FLAG_WME) |
3732 				  BIT(NL80211_STA_FLAG_MFP)))
3733 			return -EINVAL;
3734 
3735 		/* but authenticated/associated only if driver handles it */
3736 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
3737 		    params->sta_flags_mask &
3738 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3739 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
3740 			return -EINVAL;
3741 		break;
3742 	case CFG80211_STA_IBSS:
3743 	case CFG80211_STA_AP_STA:
3744 		/* reject any changes other than AUTHORIZED */
3745 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3746 			return -EINVAL;
3747 		break;
3748 	case CFG80211_STA_TDLS_PEER_SETUP:
3749 		/* reject any changes other than AUTHORIZED or WME */
3750 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3751 					       BIT(NL80211_STA_FLAG_WME)))
3752 			return -EINVAL;
3753 		/* force (at least) rates when authorizing */
3754 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
3755 		    !params->supported_rates)
3756 			return -EINVAL;
3757 		break;
3758 	case CFG80211_STA_TDLS_PEER_ACTIVE:
3759 		/* reject any changes */
3760 		return -EINVAL;
3761 	case CFG80211_STA_MESH_PEER_KERNEL:
3762 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3763 			return -EINVAL;
3764 		break;
3765 	case CFG80211_STA_MESH_PEER_USER:
3766 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3767 			return -EINVAL;
3768 		break;
3769 	}
3770 
3771 	return 0;
3772 }
3773 EXPORT_SYMBOL(cfg80211_check_station_change);
3774 
3775 /*
3776  * Get vlan interface making sure it is running and on the right wiphy.
3777  */
3778 static struct net_device *get_vlan(struct genl_info *info,
3779 				   struct cfg80211_registered_device *rdev)
3780 {
3781 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
3782 	struct net_device *v;
3783 	int ret;
3784 
3785 	if (!vlanattr)
3786 		return NULL;
3787 
3788 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
3789 	if (!v)
3790 		return ERR_PTR(-ENODEV);
3791 
3792 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
3793 		ret = -EINVAL;
3794 		goto error;
3795 	}
3796 
3797 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3798 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3799 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3800 		ret = -EINVAL;
3801 		goto error;
3802 	}
3803 
3804 	if (!netif_running(v)) {
3805 		ret = -ENETDOWN;
3806 		goto error;
3807 	}
3808 
3809 	return v;
3810  error:
3811 	dev_put(v);
3812 	return ERR_PTR(ret);
3813 }
3814 
3815 static struct nla_policy
3816 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
3817 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
3818 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
3819 };
3820 
3821 static int nl80211_parse_sta_wme(struct genl_info *info,
3822 				 struct station_parameters *params)
3823 {
3824 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3825 	struct nlattr *nla;
3826 	int err;
3827 
3828 	/* parse WME attributes if present */
3829 	if (!info->attrs[NL80211_ATTR_STA_WME])
3830 		return 0;
3831 
3832 	nla = info->attrs[NL80211_ATTR_STA_WME];
3833 	err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
3834 			       nl80211_sta_wme_policy);
3835 	if (err)
3836 		return err;
3837 
3838 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
3839 		params->uapsd_queues = nla_get_u8(
3840 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
3841 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
3842 		return -EINVAL;
3843 
3844 	if (tb[NL80211_STA_WME_MAX_SP])
3845 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
3846 
3847 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
3848 		return -EINVAL;
3849 
3850 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
3851 
3852 	return 0;
3853 }
3854 
3855 static int nl80211_set_station_tdls(struct genl_info *info,
3856 				    struct station_parameters *params)
3857 {
3858 	/* Dummy STA entry gets updated once the peer capabilities are known */
3859 	if (info->attrs[NL80211_ATTR_PEER_AID])
3860 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
3861 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
3862 		params->ht_capa =
3863 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
3864 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
3865 		params->vht_capa =
3866 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
3867 
3868 	return nl80211_parse_sta_wme(info, params);
3869 }
3870 
3871 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
3872 {
3873 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3874 	struct net_device *dev = info->user_ptr[1];
3875 	struct station_parameters params;
3876 	u8 *mac_addr;
3877 	int err;
3878 
3879 	memset(&params, 0, sizeof(params));
3880 
3881 	params.listen_interval = -1;
3882 
3883 	if (!rdev->ops->change_station)
3884 		return -EOPNOTSUPP;
3885 
3886 	if (info->attrs[NL80211_ATTR_STA_AID])
3887 		return -EINVAL;
3888 
3889 	if (!info->attrs[NL80211_ATTR_MAC])
3890 		return -EINVAL;
3891 
3892 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3893 
3894 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
3895 		params.supported_rates =
3896 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3897 		params.supported_rates_len =
3898 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3899 	}
3900 
3901 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
3902 		params.capability =
3903 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
3904 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
3905 	}
3906 
3907 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
3908 		params.ext_capab =
3909 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
3910 		params.ext_capab_len =
3911 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
3912 	}
3913 
3914 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
3915 		return -EINVAL;
3916 
3917 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
3918 		return -EINVAL;
3919 
3920 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
3921 		params.plink_action =
3922 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
3923 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
3924 			return -EINVAL;
3925 	}
3926 
3927 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
3928 		params.plink_state =
3929 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
3930 		if (params.plink_state >= NUM_NL80211_PLINK_STATES)
3931 			return -EINVAL;
3932 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
3933 	}
3934 
3935 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
3936 		enum nl80211_mesh_power_mode pm = nla_get_u32(
3937 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
3938 
3939 		if (pm <= NL80211_MESH_POWER_UNKNOWN ||
3940 		    pm > NL80211_MESH_POWER_MAX)
3941 			return -EINVAL;
3942 
3943 		params.local_pm = pm;
3944 	}
3945 
3946 	/* Include parameters for TDLS peer (will check later) */
3947 	err = nl80211_set_station_tdls(info, &params);
3948 	if (err)
3949 		return err;
3950 
3951 	params.vlan = get_vlan(info, rdev);
3952 	if (IS_ERR(params.vlan))
3953 		return PTR_ERR(params.vlan);
3954 
3955 	switch (dev->ieee80211_ptr->iftype) {
3956 	case NL80211_IFTYPE_AP:
3957 	case NL80211_IFTYPE_AP_VLAN:
3958 	case NL80211_IFTYPE_P2P_GO:
3959 	case NL80211_IFTYPE_P2P_CLIENT:
3960 	case NL80211_IFTYPE_STATION:
3961 	case NL80211_IFTYPE_ADHOC:
3962 	case NL80211_IFTYPE_MESH_POINT:
3963 		break;
3964 	default:
3965 		err = -EOPNOTSUPP;
3966 		goto out_put_vlan;
3967 	}
3968 
3969 	/* driver will call cfg80211_check_station_change() */
3970 	err = rdev_change_station(rdev, dev, mac_addr, &params);
3971 
3972  out_put_vlan:
3973 	if (params.vlan)
3974 		dev_put(params.vlan);
3975 
3976 	return err;
3977 }
3978 
3979 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
3980 {
3981 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3982 	int err;
3983 	struct net_device *dev = info->user_ptr[1];
3984 	struct station_parameters params;
3985 	u8 *mac_addr = NULL;
3986 
3987 	memset(&params, 0, sizeof(params));
3988 
3989 	if (!rdev->ops->add_station)
3990 		return -EOPNOTSUPP;
3991 
3992 	if (!info->attrs[NL80211_ATTR_MAC])
3993 		return -EINVAL;
3994 
3995 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
3996 		return -EINVAL;
3997 
3998 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
3999 		return -EINVAL;
4000 
4001 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
4002 	    !info->attrs[NL80211_ATTR_PEER_AID])
4003 		return -EINVAL;
4004 
4005 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4006 	params.supported_rates =
4007 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4008 	params.supported_rates_len =
4009 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4010 	params.listen_interval =
4011 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4012 
4013 	if (info->attrs[NL80211_ATTR_PEER_AID])
4014 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4015 	else
4016 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4017 	if (!params.aid || params.aid > IEEE80211_MAX_AID)
4018 		return -EINVAL;
4019 
4020 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4021 		params.capability =
4022 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4023 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4024 	}
4025 
4026 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4027 		params.ext_capab =
4028 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4029 		params.ext_capab_len =
4030 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4031 	}
4032 
4033 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4034 		params.ht_capa =
4035 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4036 
4037 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4038 		params.vht_capa =
4039 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4040 
4041 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4042 		params.plink_action =
4043 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4044 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4045 			return -EINVAL;
4046 	}
4047 
4048 	err = nl80211_parse_sta_wme(info, &params);
4049 	if (err)
4050 		return err;
4051 
4052 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4053 		return -EINVAL;
4054 
4055 	/* When you run into this, adjust the code below for the new flag */
4056 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4057 
4058 	switch (dev->ieee80211_ptr->iftype) {
4059 	case NL80211_IFTYPE_AP:
4060 	case NL80211_IFTYPE_AP_VLAN:
4061 	case NL80211_IFTYPE_P2P_GO:
4062 		/* ignore WME attributes if iface/sta is not capable */
4063 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4064 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4065 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4066 
4067 		/* TDLS peers cannot be added */
4068 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4069 		    info->attrs[NL80211_ATTR_PEER_AID])
4070 			return -EINVAL;
4071 		/* but don't bother the driver with it */
4072 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4073 
4074 		/* allow authenticated/associated only if driver handles it */
4075 		if (!(rdev->wiphy.features &
4076 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4077 		    params.sta_flags_mask &
4078 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4079 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4080 			return -EINVAL;
4081 
4082 		/* must be last in here for error handling */
4083 		params.vlan = get_vlan(info, rdev);
4084 		if (IS_ERR(params.vlan))
4085 			return PTR_ERR(params.vlan);
4086 		break;
4087 	case NL80211_IFTYPE_MESH_POINT:
4088 		/* ignore uAPSD data */
4089 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4090 
4091 		/* associated is disallowed */
4092 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4093 			return -EINVAL;
4094 		/* TDLS peers cannot be added */
4095 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4096 		    info->attrs[NL80211_ATTR_PEER_AID])
4097 			return -EINVAL;
4098 		break;
4099 	case NL80211_IFTYPE_STATION:
4100 	case NL80211_IFTYPE_P2P_CLIENT:
4101 		/* ignore uAPSD data */
4102 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4103 
4104 		/* these are disallowed */
4105 		if (params.sta_flags_mask &
4106 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
4107 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4108 			return -EINVAL;
4109 		/* Only TDLS peers can be added */
4110 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4111 			return -EINVAL;
4112 		/* Can only add if TDLS ... */
4113 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4114 			return -EOPNOTSUPP;
4115 		/* ... with external setup is supported */
4116 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4117 			return -EOPNOTSUPP;
4118 		/*
4119 		 * Older wpa_supplicant versions always mark the TDLS peer
4120 		 * as authorized, but it shouldn't yet be.
4121 		 */
4122 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4123 		break;
4124 	default:
4125 		return -EOPNOTSUPP;
4126 	}
4127 
4128 	/* be aware of params.vlan when changing code here */
4129 
4130 	err = rdev_add_station(rdev, dev, mac_addr, &params);
4131 
4132 	if (params.vlan)
4133 		dev_put(params.vlan);
4134 	return err;
4135 }
4136 
4137 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4138 {
4139 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4140 	struct net_device *dev = info->user_ptr[1];
4141 	u8 *mac_addr = NULL;
4142 
4143 	if (info->attrs[NL80211_ATTR_MAC])
4144 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4145 
4146 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4147 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4148 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4149 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4150 		return -EINVAL;
4151 
4152 	if (!rdev->ops->del_station)
4153 		return -EOPNOTSUPP;
4154 
4155 	return rdev_del_station(rdev, dev, mac_addr);
4156 }
4157 
4158 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4159 				int flags, struct net_device *dev,
4160 				u8 *dst, u8 *next_hop,
4161 				struct mpath_info *pinfo)
4162 {
4163 	void *hdr;
4164 	struct nlattr *pinfoattr;
4165 
4166 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
4167 	if (!hdr)
4168 		return -1;
4169 
4170 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4171 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4172 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4173 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4174 		goto nla_put_failure;
4175 
4176 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4177 	if (!pinfoattr)
4178 		goto nla_put_failure;
4179 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4180 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4181 			pinfo->frame_qlen))
4182 		goto nla_put_failure;
4183 	if (((pinfo->filled & MPATH_INFO_SN) &&
4184 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4185 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
4186 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4187 			 pinfo->metric)) ||
4188 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4189 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4190 			 pinfo->exptime)) ||
4191 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
4192 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4193 			pinfo->flags)) ||
4194 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4195 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4196 			 pinfo->discovery_timeout)) ||
4197 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4198 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4199 			pinfo->discovery_retries)))
4200 		goto nla_put_failure;
4201 
4202 	nla_nest_end(msg, pinfoattr);
4203 
4204 	return genlmsg_end(msg, hdr);
4205 
4206  nla_put_failure:
4207 	genlmsg_cancel(msg, hdr);
4208 	return -EMSGSIZE;
4209 }
4210 
4211 static int nl80211_dump_mpath(struct sk_buff *skb,
4212 			      struct netlink_callback *cb)
4213 {
4214 	struct mpath_info pinfo;
4215 	struct cfg80211_registered_device *dev;
4216 	struct wireless_dev *wdev;
4217 	u8 dst[ETH_ALEN];
4218 	u8 next_hop[ETH_ALEN];
4219 	int path_idx = cb->args[2];
4220 	int err;
4221 
4222 	err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
4223 	if (err)
4224 		return err;
4225 
4226 	if (!dev->ops->dump_mpath) {
4227 		err = -EOPNOTSUPP;
4228 		goto out_err;
4229 	}
4230 
4231 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4232 		err = -EOPNOTSUPP;
4233 		goto out_err;
4234 	}
4235 
4236 	while (1) {
4237 		err = rdev_dump_mpath(dev, wdev->netdev, path_idx, dst,
4238 				      next_hop, &pinfo);
4239 		if (err == -ENOENT)
4240 			break;
4241 		if (err)
4242 			goto out_err;
4243 
4244 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4245 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4246 				       wdev->netdev, dst, next_hop,
4247 				       &pinfo) < 0)
4248 			goto out;
4249 
4250 		path_idx++;
4251 	}
4252 
4253 
4254  out:
4255 	cb->args[2] = path_idx;
4256 	err = skb->len;
4257  out_err:
4258 	nl80211_finish_wdev_dump(dev);
4259 	return err;
4260 }
4261 
4262 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4263 {
4264 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4265 	int err;
4266 	struct net_device *dev = info->user_ptr[1];
4267 	struct mpath_info pinfo;
4268 	struct sk_buff *msg;
4269 	u8 *dst = NULL;
4270 	u8 next_hop[ETH_ALEN];
4271 
4272 	memset(&pinfo, 0, sizeof(pinfo));
4273 
4274 	if (!info->attrs[NL80211_ATTR_MAC])
4275 		return -EINVAL;
4276 
4277 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4278 
4279 	if (!rdev->ops->get_mpath)
4280 		return -EOPNOTSUPP;
4281 
4282 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4283 		return -EOPNOTSUPP;
4284 
4285 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4286 	if (err)
4287 		return err;
4288 
4289 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4290 	if (!msg)
4291 		return -ENOMEM;
4292 
4293 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4294 				 dev, dst, next_hop, &pinfo) < 0) {
4295 		nlmsg_free(msg);
4296 		return -ENOBUFS;
4297 	}
4298 
4299 	return genlmsg_reply(msg, info);
4300 }
4301 
4302 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4303 {
4304 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4305 	struct net_device *dev = info->user_ptr[1];
4306 	u8 *dst = NULL;
4307 	u8 *next_hop = NULL;
4308 
4309 	if (!info->attrs[NL80211_ATTR_MAC])
4310 		return -EINVAL;
4311 
4312 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4313 		return -EINVAL;
4314 
4315 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4316 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4317 
4318 	if (!rdev->ops->change_mpath)
4319 		return -EOPNOTSUPP;
4320 
4321 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4322 		return -EOPNOTSUPP;
4323 
4324 	return rdev_change_mpath(rdev, dev, dst, next_hop);
4325 }
4326 
4327 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4328 {
4329 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4330 	struct net_device *dev = info->user_ptr[1];
4331 	u8 *dst = NULL;
4332 	u8 *next_hop = NULL;
4333 
4334 	if (!info->attrs[NL80211_ATTR_MAC])
4335 		return -EINVAL;
4336 
4337 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4338 		return -EINVAL;
4339 
4340 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4341 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4342 
4343 	if (!rdev->ops->add_mpath)
4344 		return -EOPNOTSUPP;
4345 
4346 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4347 		return -EOPNOTSUPP;
4348 
4349 	return rdev_add_mpath(rdev, dev, dst, next_hop);
4350 }
4351 
4352 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4353 {
4354 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4355 	struct net_device *dev = info->user_ptr[1];
4356 	u8 *dst = NULL;
4357 
4358 	if (info->attrs[NL80211_ATTR_MAC])
4359 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4360 
4361 	if (!rdev->ops->del_mpath)
4362 		return -EOPNOTSUPP;
4363 
4364 	return rdev_del_mpath(rdev, dev, dst);
4365 }
4366 
4367 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4368 {
4369 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4370 	struct net_device *dev = info->user_ptr[1];
4371 	struct bss_parameters params;
4372 
4373 	memset(&params, 0, sizeof(params));
4374 	/* default to not changing parameters */
4375 	params.use_cts_prot = -1;
4376 	params.use_short_preamble = -1;
4377 	params.use_short_slot_time = -1;
4378 	params.ap_isolate = -1;
4379 	params.ht_opmode = -1;
4380 	params.p2p_ctwindow = -1;
4381 	params.p2p_opp_ps = -1;
4382 
4383 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4384 		params.use_cts_prot =
4385 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4386 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4387 		params.use_short_preamble =
4388 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4389 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4390 		params.use_short_slot_time =
4391 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4392 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4393 		params.basic_rates =
4394 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4395 		params.basic_rates_len =
4396 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4397 	}
4398 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4399 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4400 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4401 		params.ht_opmode =
4402 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4403 
4404 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4405 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4406 			return -EINVAL;
4407 		params.p2p_ctwindow =
4408 			nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4409 		if (params.p2p_ctwindow < 0)
4410 			return -EINVAL;
4411 		if (params.p2p_ctwindow != 0 &&
4412 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4413 			return -EINVAL;
4414 	}
4415 
4416 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4417 		u8 tmp;
4418 
4419 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4420 			return -EINVAL;
4421 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4422 		if (tmp > 1)
4423 			return -EINVAL;
4424 		params.p2p_opp_ps = tmp;
4425 		if (params.p2p_opp_ps &&
4426 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4427 			return -EINVAL;
4428 	}
4429 
4430 	if (!rdev->ops->change_bss)
4431 		return -EOPNOTSUPP;
4432 
4433 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4434 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4435 		return -EOPNOTSUPP;
4436 
4437 	return rdev_change_bss(rdev, dev, &params);
4438 }
4439 
4440 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
4441 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
4442 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
4443 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
4444 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
4445 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
4446 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
4447 };
4448 
4449 static int parse_reg_rule(struct nlattr *tb[],
4450 	struct ieee80211_reg_rule *reg_rule)
4451 {
4452 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
4453 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
4454 
4455 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
4456 		return -EINVAL;
4457 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
4458 		return -EINVAL;
4459 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
4460 		return -EINVAL;
4461 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
4462 		return -EINVAL;
4463 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
4464 		return -EINVAL;
4465 
4466 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
4467 
4468 	freq_range->start_freq_khz =
4469 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
4470 	freq_range->end_freq_khz =
4471 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
4472 	freq_range->max_bandwidth_khz =
4473 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
4474 
4475 	power_rule->max_eirp =
4476 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
4477 
4478 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
4479 		power_rule->max_antenna_gain =
4480 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
4481 
4482 	return 0;
4483 }
4484 
4485 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4486 {
4487 	int r;
4488 	char *data = NULL;
4489 	enum nl80211_user_reg_hint_type user_reg_hint_type;
4490 
4491 	/*
4492 	 * You should only get this when cfg80211 hasn't yet initialized
4493 	 * completely when built-in to the kernel right between the time
4494 	 * window between nl80211_init() and regulatory_init(), if that is
4495 	 * even possible.
4496 	 */
4497 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4498 		return -EINPROGRESS;
4499 
4500 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4501 		return -EINVAL;
4502 
4503 	data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4504 
4505 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4506 		user_reg_hint_type =
4507 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4508 	else
4509 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4510 
4511 	switch (user_reg_hint_type) {
4512 	case NL80211_USER_REG_HINT_USER:
4513 	case NL80211_USER_REG_HINT_CELL_BASE:
4514 		break;
4515 	default:
4516 		return -EINVAL;
4517 	}
4518 
4519 	r = regulatory_hint_user(data, user_reg_hint_type);
4520 
4521 	return r;
4522 }
4523 
4524 static int nl80211_get_mesh_config(struct sk_buff *skb,
4525 				   struct genl_info *info)
4526 {
4527 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4528 	struct net_device *dev = info->user_ptr[1];
4529 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4530 	struct mesh_config cur_params;
4531 	int err = 0;
4532 	void *hdr;
4533 	struct nlattr *pinfoattr;
4534 	struct sk_buff *msg;
4535 
4536 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4537 		return -EOPNOTSUPP;
4538 
4539 	if (!rdev->ops->get_mesh_config)
4540 		return -EOPNOTSUPP;
4541 
4542 	wdev_lock(wdev);
4543 	/* If not connected, get default parameters */
4544 	if (!wdev->mesh_id_len)
4545 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
4546 	else
4547 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
4548 	wdev_unlock(wdev);
4549 
4550 	if (err)
4551 		return err;
4552 
4553 	/* Draw up a netlink message to send back */
4554 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4555 	if (!msg)
4556 		return -ENOMEM;
4557 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4558 			     NL80211_CMD_GET_MESH_CONFIG);
4559 	if (!hdr)
4560 		goto out;
4561 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
4562 	if (!pinfoattr)
4563 		goto nla_put_failure;
4564 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4565 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
4566 			cur_params.dot11MeshRetryTimeout) ||
4567 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4568 			cur_params.dot11MeshConfirmTimeout) ||
4569 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
4570 			cur_params.dot11MeshHoldingTimeout) ||
4571 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
4572 			cur_params.dot11MeshMaxPeerLinks) ||
4573 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
4574 		       cur_params.dot11MeshMaxRetries) ||
4575 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
4576 		       cur_params.dot11MeshTTL) ||
4577 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
4578 		       cur_params.element_ttl) ||
4579 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4580 		       cur_params.auto_open_plinks) ||
4581 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4582 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
4583 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4584 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
4585 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
4586 			cur_params.path_refresh_time) ||
4587 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4588 			cur_params.min_discovery_timeout) ||
4589 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4590 			cur_params.dot11MeshHWMPactivePathTimeout) ||
4591 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4592 			cur_params.dot11MeshHWMPpreqMinInterval) ||
4593 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4594 			cur_params.dot11MeshHWMPperrMinInterval) ||
4595 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4596 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
4597 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
4598 		       cur_params.dot11MeshHWMPRootMode) ||
4599 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4600 			cur_params.dot11MeshHWMPRannInterval) ||
4601 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4602 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
4603 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
4604 		       cur_params.dot11MeshForwarding) ||
4605 	    nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
4606 			cur_params.rssi_threshold) ||
4607 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
4608 			cur_params.ht_opmode) ||
4609 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4610 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
4611 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4612 			cur_params.dot11MeshHWMProotInterval) ||
4613 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4614 			cur_params.dot11MeshHWMPconfirmationInterval) ||
4615 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
4616 			cur_params.power_mode) ||
4617 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
4618 			cur_params.dot11MeshAwakeWindowDuration) ||
4619 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
4620 			cur_params.plink_timeout))
4621 		goto nla_put_failure;
4622 	nla_nest_end(msg, pinfoattr);
4623 	genlmsg_end(msg, hdr);
4624 	return genlmsg_reply(msg, info);
4625 
4626  nla_put_failure:
4627 	genlmsg_cancel(msg, hdr);
4628  out:
4629 	nlmsg_free(msg);
4630 	return -ENOBUFS;
4631 }
4632 
4633 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
4634 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
4635 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
4636 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
4637 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
4638 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
4639 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
4640 	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
4641 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
4642 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
4643 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
4644 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
4645 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
4646 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
4647 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
4648 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
4649 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
4650 	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
4651 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
4652 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
4653 	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
4654 	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
4655 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
4656 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
4657 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
4658 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
4659 	[NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
4660 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
4661 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
4662 };
4663 
4664 static const struct nla_policy
4665 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
4666 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
4667 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
4668 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
4669 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
4670 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
4671 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
4672 	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
4673 				    .len = IEEE80211_MAX_DATA_LEN },
4674 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
4675 };
4676 
4677 static int nl80211_parse_mesh_config(struct genl_info *info,
4678 				     struct mesh_config *cfg,
4679 				     u32 *mask_out)
4680 {
4681 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
4682 	u32 mask = 0;
4683 
4684 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
4685 do {									    \
4686 	if (tb[attr]) {							    \
4687 		if (fn(tb[attr]) < min || fn(tb[attr]) > max)		    \
4688 			return -EINVAL;					    \
4689 		cfg->param = fn(tb[attr]);				    \
4690 		mask |= (1 << (attr - 1));				    \
4691 	}								    \
4692 } while (0)
4693 
4694 
4695 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
4696 		return -EINVAL;
4697 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
4698 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
4699 			     nl80211_meshconf_params_policy))
4700 		return -EINVAL;
4701 
4702 	/* This makes sure that there aren't more than 32 mesh config
4703 	 * parameters (otherwise our bitfield scheme would not work.) */
4704 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
4705 
4706 	/* Fill in the params struct */
4707 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
4708 				  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
4709 				  nla_get_u16);
4710 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
4711 				  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4712 				  nla_get_u16);
4713 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
4714 				  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
4715 				  nla_get_u16);
4716 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
4717 				  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
4718 				  nla_get_u16);
4719 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
4720 				  mask, NL80211_MESHCONF_MAX_RETRIES,
4721 				  nla_get_u8);
4722 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
4723 				  mask, NL80211_MESHCONF_TTL, nla_get_u8);
4724 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
4725 				  mask, NL80211_MESHCONF_ELEMENT_TTL,
4726 				  nla_get_u8);
4727 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
4728 				  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4729 				  nla_get_u8);
4730 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
4731 				  1, 255, mask,
4732 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4733 				  nla_get_u32);
4734 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
4735 				  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4736 				  nla_get_u8);
4737 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
4738 				  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
4739 				  nla_get_u32);
4740 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
4741 				  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4742 				  nla_get_u16);
4743 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
4744 				  1, 65535, mask,
4745 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4746 				  nla_get_u32);
4747 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
4748 				  1, 65535, mask,
4749 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4750 				  nla_get_u16);
4751 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
4752 				  1, 65535, mask,
4753 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4754 				  nla_get_u16);
4755 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4756 				  dot11MeshHWMPnetDiameterTraversalTime,
4757 				  1, 65535, mask,
4758 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4759 				  nla_get_u16);
4760 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
4761 				  mask, NL80211_MESHCONF_HWMP_ROOTMODE,
4762 				  nla_get_u8);
4763 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
4764 				  mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4765 				  nla_get_u16);
4766 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4767 				  dot11MeshGateAnnouncementProtocol, 0, 1,
4768 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4769 				  nla_get_u8);
4770 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
4771 				  mask, NL80211_MESHCONF_FORWARDING,
4772 				  nla_get_u8);
4773 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 1, 255,
4774 				  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
4775 				  nla_get_u32);
4776 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
4777 				  mask, NL80211_MESHCONF_HT_OPMODE,
4778 				  nla_get_u16);
4779 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
4780 				  1, 65535, mask,
4781 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4782 				  nla_get_u32);
4783 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
4784 				  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4785 				  nla_get_u16);
4786 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4787 				  dot11MeshHWMPconfirmationInterval,
4788 				  1, 65535, mask,
4789 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4790 				  nla_get_u16);
4791 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
4792 				  NL80211_MESH_POWER_ACTIVE,
4793 				  NL80211_MESH_POWER_MAX,
4794 				  mask, NL80211_MESHCONF_POWER_MODE,
4795 				  nla_get_u32);
4796 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
4797 				  0, 65535, mask,
4798 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
4799 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 1, 0xffffffff,
4800 				  mask, NL80211_MESHCONF_PLINK_TIMEOUT,
4801 				  nla_get_u32);
4802 	if (mask_out)
4803 		*mask_out = mask;
4804 
4805 	return 0;
4806 
4807 #undef FILL_IN_MESH_PARAM_IF_SET
4808 }
4809 
4810 static int nl80211_parse_mesh_setup(struct genl_info *info,
4811 				     struct mesh_setup *setup)
4812 {
4813 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4814 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
4815 
4816 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
4817 		return -EINVAL;
4818 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
4819 			     info->attrs[NL80211_ATTR_MESH_SETUP],
4820 			     nl80211_mesh_setup_params_policy))
4821 		return -EINVAL;
4822 
4823 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
4824 		setup->sync_method =
4825 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
4826 		 IEEE80211_SYNC_METHOD_VENDOR :
4827 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
4828 
4829 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
4830 		setup->path_sel_proto =
4831 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
4832 		 IEEE80211_PATH_PROTOCOL_VENDOR :
4833 		 IEEE80211_PATH_PROTOCOL_HWMP;
4834 
4835 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
4836 		setup->path_metric =
4837 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
4838 		 IEEE80211_PATH_METRIC_VENDOR :
4839 		 IEEE80211_PATH_METRIC_AIRTIME;
4840 
4841 
4842 	if (tb[NL80211_MESH_SETUP_IE]) {
4843 		struct nlattr *ieattr =
4844 			tb[NL80211_MESH_SETUP_IE];
4845 		if (!is_valid_ie_attr(ieattr))
4846 			return -EINVAL;
4847 		setup->ie = nla_data(ieattr);
4848 		setup->ie_len = nla_len(ieattr);
4849 	}
4850 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
4851 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
4852 		return -EINVAL;
4853 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
4854 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
4855 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
4856 	if (setup->is_secure)
4857 		setup->user_mpm = true;
4858 
4859 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
4860 		if (!setup->user_mpm)
4861 			return -EINVAL;
4862 		setup->auth_id =
4863 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
4864 	}
4865 
4866 	return 0;
4867 }
4868 
4869 static int nl80211_update_mesh_config(struct sk_buff *skb,
4870 				      struct genl_info *info)
4871 {
4872 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4873 	struct net_device *dev = info->user_ptr[1];
4874 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4875 	struct mesh_config cfg;
4876 	u32 mask;
4877 	int err;
4878 
4879 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4880 		return -EOPNOTSUPP;
4881 
4882 	if (!rdev->ops->update_mesh_config)
4883 		return -EOPNOTSUPP;
4884 
4885 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
4886 	if (err)
4887 		return err;
4888 
4889 	wdev_lock(wdev);
4890 	if (!wdev->mesh_id_len)
4891 		err = -ENOLINK;
4892 
4893 	if (!err)
4894 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
4895 
4896 	wdev_unlock(wdev);
4897 
4898 	return err;
4899 }
4900 
4901 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
4902 {
4903 	const struct ieee80211_regdomain *regdom;
4904 	struct sk_buff *msg;
4905 	void *hdr = NULL;
4906 	struct nlattr *nl_reg_rules;
4907 	unsigned int i;
4908 
4909 	if (!cfg80211_regdomain)
4910 		return -EINVAL;
4911 
4912 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4913 	if (!msg)
4914 		return -ENOBUFS;
4915 
4916 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4917 			     NL80211_CMD_GET_REG);
4918 	if (!hdr)
4919 		goto put_failure;
4920 
4921 	if (reg_last_request_cell_base() &&
4922 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
4923 			NL80211_USER_REG_HINT_CELL_BASE))
4924 		goto nla_put_failure;
4925 
4926 	rcu_read_lock();
4927 	regdom = rcu_dereference(cfg80211_regdomain);
4928 
4929 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
4930 	    (regdom->dfs_region &&
4931 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
4932 		goto nla_put_failure_rcu;
4933 
4934 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
4935 	if (!nl_reg_rules)
4936 		goto nla_put_failure_rcu;
4937 
4938 	for (i = 0; i < regdom->n_reg_rules; i++) {
4939 		struct nlattr *nl_reg_rule;
4940 		const struct ieee80211_reg_rule *reg_rule;
4941 		const struct ieee80211_freq_range *freq_range;
4942 		const struct ieee80211_power_rule *power_rule;
4943 
4944 		reg_rule = &regdom->reg_rules[i];
4945 		freq_range = &reg_rule->freq_range;
4946 		power_rule = &reg_rule->power_rule;
4947 
4948 		nl_reg_rule = nla_nest_start(msg, i);
4949 		if (!nl_reg_rule)
4950 			goto nla_put_failure_rcu;
4951 
4952 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
4953 				reg_rule->flags) ||
4954 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
4955 				freq_range->start_freq_khz) ||
4956 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
4957 				freq_range->end_freq_khz) ||
4958 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
4959 				freq_range->max_bandwidth_khz) ||
4960 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
4961 				power_rule->max_antenna_gain) ||
4962 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
4963 				power_rule->max_eirp))
4964 			goto nla_put_failure_rcu;
4965 
4966 		nla_nest_end(msg, nl_reg_rule);
4967 	}
4968 	rcu_read_unlock();
4969 
4970 	nla_nest_end(msg, nl_reg_rules);
4971 
4972 	genlmsg_end(msg, hdr);
4973 	return genlmsg_reply(msg, info);
4974 
4975 nla_put_failure_rcu:
4976 	rcu_read_unlock();
4977 nla_put_failure:
4978 	genlmsg_cancel(msg, hdr);
4979 put_failure:
4980 	nlmsg_free(msg);
4981 	return -EMSGSIZE;
4982 }
4983 
4984 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
4985 {
4986 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
4987 	struct nlattr *nl_reg_rule;
4988 	char *alpha2 = NULL;
4989 	int rem_reg_rules = 0, r = 0;
4990 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
4991 	u8 dfs_region = 0;
4992 	struct ieee80211_regdomain *rd = NULL;
4993 
4994 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4995 		return -EINVAL;
4996 
4997 	if (!info->attrs[NL80211_ATTR_REG_RULES])
4998 		return -EINVAL;
4999 
5000 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5001 
5002 	if (info->attrs[NL80211_ATTR_DFS_REGION])
5003 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5004 
5005 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5006 			    rem_reg_rules) {
5007 		num_rules++;
5008 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5009 			return -EINVAL;
5010 	}
5011 
5012 	size_of_regd = sizeof(struct ieee80211_regdomain) +
5013 		       num_rules * sizeof(struct ieee80211_reg_rule);
5014 
5015 	rd = kzalloc(size_of_regd, GFP_KERNEL);
5016 	if (!rd)
5017 		return -ENOMEM;
5018 
5019 	rd->n_reg_rules = num_rules;
5020 	rd->alpha2[0] = alpha2[0];
5021 	rd->alpha2[1] = alpha2[1];
5022 
5023 	/*
5024 	 * Disable DFS master mode if the DFS region was
5025 	 * not supported or known on this kernel.
5026 	 */
5027 	if (reg_supported_dfs_region(dfs_region))
5028 		rd->dfs_region = dfs_region;
5029 
5030 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5031 			    rem_reg_rules) {
5032 		nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5033 			  nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5034 			  reg_rule_policy);
5035 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5036 		if (r)
5037 			goto bad_reg;
5038 
5039 		rule_idx++;
5040 
5041 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5042 			r = -EINVAL;
5043 			goto bad_reg;
5044 		}
5045 	}
5046 
5047 	r = set_regdom(rd);
5048 	/* set_regdom took ownership */
5049 	rd = NULL;
5050 
5051  bad_reg:
5052 	kfree(rd);
5053 	return r;
5054 }
5055 
5056 static int validate_scan_freqs(struct nlattr *freqs)
5057 {
5058 	struct nlattr *attr1, *attr2;
5059 	int n_channels = 0, tmp1, tmp2;
5060 
5061 	nla_for_each_nested(attr1, freqs, tmp1) {
5062 		n_channels++;
5063 		/*
5064 		 * Some hardware has a limited channel list for
5065 		 * scanning, and it is pretty much nonsensical
5066 		 * to scan for a channel twice, so disallow that
5067 		 * and don't require drivers to check that the
5068 		 * channel list they get isn't longer than what
5069 		 * they can scan, as long as they can scan all
5070 		 * the channels they registered at once.
5071 		 */
5072 		nla_for_each_nested(attr2, freqs, tmp2)
5073 			if (attr1 != attr2 &&
5074 			    nla_get_u32(attr1) == nla_get_u32(attr2))
5075 				return 0;
5076 	}
5077 
5078 	return n_channels;
5079 }
5080 
5081 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5082 {
5083 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5084 	struct wireless_dev *wdev = info->user_ptr[1];
5085 	struct cfg80211_scan_request *request;
5086 	struct nlattr *attr;
5087 	struct wiphy *wiphy;
5088 	int err, tmp, n_ssids = 0, n_channels, i;
5089 	size_t ie_len;
5090 
5091 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5092 		return -EINVAL;
5093 
5094 	wiphy = &rdev->wiphy;
5095 
5096 	if (!rdev->ops->scan)
5097 		return -EOPNOTSUPP;
5098 
5099 	if (rdev->scan_req) {
5100 		err = -EBUSY;
5101 		goto unlock;
5102 	}
5103 
5104 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5105 		n_channels = validate_scan_freqs(
5106 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5107 		if (!n_channels) {
5108 			err = -EINVAL;
5109 			goto unlock;
5110 		}
5111 	} else {
5112 		enum ieee80211_band band;
5113 		n_channels = 0;
5114 
5115 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
5116 			if (wiphy->bands[band])
5117 				n_channels += wiphy->bands[band]->n_channels;
5118 	}
5119 
5120 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5121 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5122 			n_ssids++;
5123 
5124 	if (n_ssids > wiphy->max_scan_ssids) {
5125 		err = -EINVAL;
5126 		goto unlock;
5127 	}
5128 
5129 	if (info->attrs[NL80211_ATTR_IE])
5130 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5131 	else
5132 		ie_len = 0;
5133 
5134 	if (ie_len > wiphy->max_scan_ie_len) {
5135 		err = -EINVAL;
5136 		goto unlock;
5137 	}
5138 
5139 	request = kzalloc(sizeof(*request)
5140 			+ sizeof(*request->ssids) * n_ssids
5141 			+ sizeof(*request->channels) * n_channels
5142 			+ ie_len, GFP_KERNEL);
5143 	if (!request) {
5144 		err = -ENOMEM;
5145 		goto unlock;
5146 	}
5147 
5148 	if (n_ssids)
5149 		request->ssids = (void *)&request->channels[n_channels];
5150 	request->n_ssids = n_ssids;
5151 	if (ie_len) {
5152 		if (request->ssids)
5153 			request->ie = (void *)(request->ssids + n_ssids);
5154 		else
5155 			request->ie = (void *)(request->channels + n_channels);
5156 	}
5157 
5158 	i = 0;
5159 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5160 		/* user specified, bail out if channel not found */
5161 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5162 			struct ieee80211_channel *chan;
5163 
5164 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5165 
5166 			if (!chan) {
5167 				err = -EINVAL;
5168 				goto out_free;
5169 			}
5170 
5171 			/* ignore disabled channels */
5172 			if (chan->flags & IEEE80211_CHAN_DISABLED)
5173 				continue;
5174 
5175 			request->channels[i] = chan;
5176 			i++;
5177 		}
5178 	} else {
5179 		enum ieee80211_band band;
5180 
5181 		/* all channels */
5182 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5183 			int j;
5184 			if (!wiphy->bands[band])
5185 				continue;
5186 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5187 				struct ieee80211_channel *chan;
5188 
5189 				chan = &wiphy->bands[band]->channels[j];
5190 
5191 				if (chan->flags & IEEE80211_CHAN_DISABLED)
5192 					continue;
5193 
5194 				request->channels[i] = chan;
5195 				i++;
5196 			}
5197 		}
5198 	}
5199 
5200 	if (!i) {
5201 		err = -EINVAL;
5202 		goto out_free;
5203 	}
5204 
5205 	request->n_channels = i;
5206 
5207 	i = 0;
5208 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5209 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5210 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5211 				err = -EINVAL;
5212 				goto out_free;
5213 			}
5214 			request->ssids[i].ssid_len = nla_len(attr);
5215 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5216 			i++;
5217 		}
5218 	}
5219 
5220 	if (info->attrs[NL80211_ATTR_IE]) {
5221 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5222 		memcpy((void *)request->ie,
5223 		       nla_data(info->attrs[NL80211_ATTR_IE]),
5224 		       request->ie_len);
5225 	}
5226 
5227 	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5228 		if (wiphy->bands[i])
5229 			request->rates[i] =
5230 				(1 << wiphy->bands[i]->n_bitrates) - 1;
5231 
5232 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5233 		nla_for_each_nested(attr,
5234 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5235 				    tmp) {
5236 			enum ieee80211_band band = nla_type(attr);
5237 
5238 			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5239 				err = -EINVAL;
5240 				goto out_free;
5241 			}
5242 			err = ieee80211_get_ratemask(wiphy->bands[band],
5243 						     nla_data(attr),
5244 						     nla_len(attr),
5245 						     &request->rates[band]);
5246 			if (err)
5247 				goto out_free;
5248 		}
5249 	}
5250 
5251 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5252 		request->flags = nla_get_u32(
5253 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5254 		if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5255 		     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
5256 		    ((request->flags & NL80211_SCAN_FLAG_FLUSH) &&
5257 		     !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) {
5258 			err = -EOPNOTSUPP;
5259 			goto out_free;
5260 		}
5261 	}
5262 
5263 	request->no_cck =
5264 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5265 
5266 	request->wdev = wdev;
5267 	request->wiphy = &rdev->wiphy;
5268 	request->scan_start = jiffies;
5269 
5270 	rdev->scan_req = request;
5271 	err = rdev_scan(rdev, request);
5272 
5273 	if (!err) {
5274 		nl80211_send_scan_start(rdev, wdev);
5275 		if (wdev->netdev)
5276 			dev_hold(wdev->netdev);
5277 	} else {
5278  out_free:
5279 		rdev->scan_req = NULL;
5280 		kfree(request);
5281 	}
5282 
5283  unlock:
5284 	return err;
5285 }
5286 
5287 static int nl80211_start_sched_scan(struct sk_buff *skb,
5288 				    struct genl_info *info)
5289 {
5290 	struct cfg80211_sched_scan_request *request;
5291 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5292 	struct net_device *dev = info->user_ptr[1];
5293 	struct nlattr *attr;
5294 	struct wiphy *wiphy;
5295 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
5296 	u32 interval;
5297 	enum ieee80211_band band;
5298 	size_t ie_len;
5299 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
5300 
5301 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5302 	    !rdev->ops->sched_scan_start)
5303 		return -EOPNOTSUPP;
5304 
5305 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5306 		return -EINVAL;
5307 
5308 	if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
5309 		return -EINVAL;
5310 
5311 	interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
5312 	if (interval == 0)
5313 		return -EINVAL;
5314 
5315 	wiphy = &rdev->wiphy;
5316 
5317 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5318 		n_channels = validate_scan_freqs(
5319 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5320 		if (!n_channels)
5321 			return -EINVAL;
5322 	} else {
5323 		n_channels = 0;
5324 
5325 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
5326 			if (wiphy->bands[band])
5327 				n_channels += wiphy->bands[band]->n_channels;
5328 	}
5329 
5330 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5331 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5332 				    tmp)
5333 			n_ssids++;
5334 
5335 	if (n_ssids > wiphy->max_sched_scan_ssids)
5336 		return -EINVAL;
5337 
5338 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
5339 		nla_for_each_nested(attr,
5340 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5341 				    tmp)
5342 			n_match_sets++;
5343 
5344 	if (n_match_sets > wiphy->max_match_sets)
5345 		return -EINVAL;
5346 
5347 	if (info->attrs[NL80211_ATTR_IE])
5348 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5349 	else
5350 		ie_len = 0;
5351 
5352 	if (ie_len > wiphy->max_sched_scan_ie_len)
5353 		return -EINVAL;
5354 
5355 	if (rdev->sched_scan_req) {
5356 		err = -EINPROGRESS;
5357 		goto out;
5358 	}
5359 
5360 	request = kzalloc(sizeof(*request)
5361 			+ sizeof(*request->ssids) * n_ssids
5362 			+ sizeof(*request->match_sets) * n_match_sets
5363 			+ sizeof(*request->channels) * n_channels
5364 			+ ie_len, GFP_KERNEL);
5365 	if (!request) {
5366 		err = -ENOMEM;
5367 		goto out;
5368 	}
5369 
5370 	if (n_ssids)
5371 		request->ssids = (void *)&request->channels[n_channels];
5372 	request->n_ssids = n_ssids;
5373 	if (ie_len) {
5374 		if (request->ssids)
5375 			request->ie = (void *)(request->ssids + n_ssids);
5376 		else
5377 			request->ie = (void *)(request->channels + n_channels);
5378 	}
5379 
5380 	if (n_match_sets) {
5381 		if (request->ie)
5382 			request->match_sets = (void *)(request->ie + ie_len);
5383 		else if (request->ssids)
5384 			request->match_sets =
5385 				(void *)(request->ssids + n_ssids);
5386 		else
5387 			request->match_sets =
5388 				(void *)(request->channels + n_channels);
5389 	}
5390 	request->n_match_sets = n_match_sets;
5391 
5392 	i = 0;
5393 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5394 		/* user specified, bail out if channel not found */
5395 		nla_for_each_nested(attr,
5396 				    info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
5397 				    tmp) {
5398 			struct ieee80211_channel *chan;
5399 
5400 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5401 
5402 			if (!chan) {
5403 				err = -EINVAL;
5404 				goto out_free;
5405 			}
5406 
5407 			/* ignore disabled channels */
5408 			if (chan->flags & IEEE80211_CHAN_DISABLED)
5409 				continue;
5410 
5411 			request->channels[i] = chan;
5412 			i++;
5413 		}
5414 	} else {
5415 		/* all channels */
5416 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5417 			int j;
5418 			if (!wiphy->bands[band])
5419 				continue;
5420 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5421 				struct ieee80211_channel *chan;
5422 
5423 				chan = &wiphy->bands[band]->channels[j];
5424 
5425 				if (chan->flags & IEEE80211_CHAN_DISABLED)
5426 					continue;
5427 
5428 				request->channels[i] = chan;
5429 				i++;
5430 			}
5431 		}
5432 	}
5433 
5434 	if (!i) {
5435 		err = -EINVAL;
5436 		goto out_free;
5437 	}
5438 
5439 	request->n_channels = i;
5440 
5441 	i = 0;
5442 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5443 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5444 				    tmp) {
5445 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5446 				err = -EINVAL;
5447 				goto out_free;
5448 			}
5449 			request->ssids[i].ssid_len = nla_len(attr);
5450 			memcpy(request->ssids[i].ssid, nla_data(attr),
5451 			       nla_len(attr));
5452 			i++;
5453 		}
5454 	}
5455 
5456 	i = 0;
5457 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5458 		nla_for_each_nested(attr,
5459 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5460 				    tmp) {
5461 			struct nlattr *ssid, *rssi;
5462 
5463 			nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5464 				  nla_data(attr), nla_len(attr),
5465 				  nl80211_match_policy);
5466 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
5467 			if (ssid) {
5468 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
5469 					err = -EINVAL;
5470 					goto out_free;
5471 				}
5472 				memcpy(request->match_sets[i].ssid.ssid,
5473 				       nla_data(ssid), nla_len(ssid));
5474 				request->match_sets[i].ssid.ssid_len =
5475 					nla_len(ssid);
5476 			}
5477 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5478 			if (rssi)
5479 				request->rssi_thold = nla_get_u32(rssi);
5480 			else
5481 				request->rssi_thold =
5482 						   NL80211_SCAN_RSSI_THOLD_OFF;
5483 			i++;
5484 		}
5485 	}
5486 
5487 	if (info->attrs[NL80211_ATTR_IE]) {
5488 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5489 		memcpy((void *)request->ie,
5490 		       nla_data(info->attrs[NL80211_ATTR_IE]),
5491 		       request->ie_len);
5492 	}
5493 
5494 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5495 		request->flags = nla_get_u32(
5496 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5497 		if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5498 		     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
5499 		    ((request->flags & NL80211_SCAN_FLAG_FLUSH) &&
5500 		     !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) {
5501 			err = -EOPNOTSUPP;
5502 			goto out_free;
5503 		}
5504 	}
5505 
5506 	request->dev = dev;
5507 	request->wiphy = &rdev->wiphy;
5508 	request->interval = interval;
5509 	request->scan_start = jiffies;
5510 
5511 	err = rdev_sched_scan_start(rdev, dev, request);
5512 	if (!err) {
5513 		rdev->sched_scan_req = request;
5514 		nl80211_send_sched_scan(rdev, dev,
5515 					NL80211_CMD_START_SCHED_SCAN);
5516 		goto out;
5517 	}
5518 
5519 out_free:
5520 	kfree(request);
5521 out:
5522 	return err;
5523 }
5524 
5525 static int nl80211_stop_sched_scan(struct sk_buff *skb,
5526 				   struct genl_info *info)
5527 {
5528 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5529 
5530 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5531 	    !rdev->ops->sched_scan_stop)
5532 		return -EOPNOTSUPP;
5533 
5534 	return __cfg80211_stop_sched_scan(rdev, false);
5535 }
5536 
5537 static int nl80211_start_radar_detection(struct sk_buff *skb,
5538 					 struct genl_info *info)
5539 {
5540 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5541 	struct net_device *dev = info->user_ptr[1];
5542 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5543 	struct cfg80211_chan_def chandef;
5544 	int err;
5545 
5546 	err = nl80211_parse_chandef(rdev, info, &chandef);
5547 	if (err)
5548 		return err;
5549 
5550 	if (wdev->cac_started)
5551 		return -EBUSY;
5552 
5553 	err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef);
5554 	if (err < 0)
5555 		return err;
5556 
5557 	if (err == 0)
5558 		return -EINVAL;
5559 
5560 	if (chandef.chan->dfs_state != NL80211_DFS_USABLE)
5561 		return -EINVAL;
5562 
5563 	if (!rdev->ops->start_radar_detection)
5564 		return -EOPNOTSUPP;
5565 
5566 	err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
5567 					   chandef.chan, CHAN_MODE_SHARED,
5568 					   BIT(chandef.width));
5569 	if (err)
5570 		return err;
5571 
5572 	err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef);
5573 	if (!err) {
5574 		wdev->channel = chandef.chan;
5575 		wdev->cac_started = true;
5576 		wdev->cac_start_time = jiffies;
5577 	}
5578 	return err;
5579 }
5580 
5581 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
5582 			    u32 seq, int flags,
5583 			    struct cfg80211_registered_device *rdev,
5584 			    struct wireless_dev *wdev,
5585 			    struct cfg80211_internal_bss *intbss)
5586 {
5587 	struct cfg80211_bss *res = &intbss->pub;
5588 	const struct cfg80211_bss_ies *ies;
5589 	void *hdr;
5590 	struct nlattr *bss;
5591 	bool tsf = false;
5592 
5593 	ASSERT_WDEV_LOCK(wdev);
5594 
5595 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5596 			     NL80211_CMD_NEW_SCAN_RESULTS);
5597 	if (!hdr)
5598 		return -1;
5599 
5600 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5601 
5602 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
5603 		goto nla_put_failure;
5604 	if (wdev->netdev &&
5605 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
5606 		goto nla_put_failure;
5607 	if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
5608 		goto nla_put_failure;
5609 
5610 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
5611 	if (!bss)
5612 		goto nla_put_failure;
5613 	if ((!is_zero_ether_addr(res->bssid) &&
5614 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
5615 		goto nla_put_failure;
5616 
5617 	rcu_read_lock();
5618 	ies = rcu_dereference(res->ies);
5619 	if (ies) {
5620 		if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
5621 			goto fail_unlock_rcu;
5622 		tsf = true;
5623 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
5624 					ies->len, ies->data))
5625 			goto fail_unlock_rcu;
5626 	}
5627 	ies = rcu_dereference(res->beacon_ies);
5628 	if (ies) {
5629 		if (!tsf && nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
5630 			goto fail_unlock_rcu;
5631 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
5632 					ies->len, ies->data))
5633 			goto fail_unlock_rcu;
5634 	}
5635 	rcu_read_unlock();
5636 
5637 	if (res->beacon_interval &&
5638 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
5639 		goto nla_put_failure;
5640 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
5641 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
5642 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
5643 			jiffies_to_msecs(jiffies - intbss->ts)))
5644 		goto nla_put_failure;
5645 
5646 	switch (rdev->wiphy.signal_type) {
5647 	case CFG80211_SIGNAL_TYPE_MBM:
5648 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
5649 			goto nla_put_failure;
5650 		break;
5651 	case CFG80211_SIGNAL_TYPE_UNSPEC:
5652 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
5653 			goto nla_put_failure;
5654 		break;
5655 	default:
5656 		break;
5657 	}
5658 
5659 	switch (wdev->iftype) {
5660 	case NL80211_IFTYPE_P2P_CLIENT:
5661 	case NL80211_IFTYPE_STATION:
5662 		if (intbss == wdev->current_bss &&
5663 		    nla_put_u32(msg, NL80211_BSS_STATUS,
5664 				NL80211_BSS_STATUS_ASSOCIATED))
5665 			goto nla_put_failure;
5666 		break;
5667 	case NL80211_IFTYPE_ADHOC:
5668 		if (intbss == wdev->current_bss &&
5669 		    nla_put_u32(msg, NL80211_BSS_STATUS,
5670 				NL80211_BSS_STATUS_IBSS_JOINED))
5671 			goto nla_put_failure;
5672 		break;
5673 	default:
5674 		break;
5675 	}
5676 
5677 	nla_nest_end(msg, bss);
5678 
5679 	return genlmsg_end(msg, hdr);
5680 
5681  fail_unlock_rcu:
5682 	rcu_read_unlock();
5683  nla_put_failure:
5684 	genlmsg_cancel(msg, hdr);
5685 	return -EMSGSIZE;
5686 }
5687 
5688 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
5689 {
5690 	struct cfg80211_registered_device *rdev;
5691 	struct cfg80211_internal_bss *scan;
5692 	struct wireless_dev *wdev;
5693 	int start = cb->args[2], idx = 0;
5694 	int err;
5695 
5696 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5697 	if (err)
5698 		return err;
5699 
5700 	wdev_lock(wdev);
5701 	spin_lock_bh(&rdev->bss_lock);
5702 	cfg80211_bss_expire(rdev);
5703 
5704 	cb->seq = rdev->bss_generation;
5705 
5706 	list_for_each_entry(scan, &rdev->bss_list, list) {
5707 		if (++idx <= start)
5708 			continue;
5709 		if (nl80211_send_bss(skb, cb,
5710 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
5711 				rdev, wdev, scan) < 0) {
5712 			idx--;
5713 			break;
5714 		}
5715 	}
5716 
5717 	spin_unlock_bh(&rdev->bss_lock);
5718 	wdev_unlock(wdev);
5719 
5720 	cb->args[2] = idx;
5721 	nl80211_finish_wdev_dump(rdev);
5722 
5723 	return skb->len;
5724 }
5725 
5726 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
5727 				int flags, struct net_device *dev,
5728 				struct survey_info *survey)
5729 {
5730 	void *hdr;
5731 	struct nlattr *infoattr;
5732 
5733 	hdr = nl80211hdr_put(msg, portid, seq, flags,
5734 			     NL80211_CMD_NEW_SURVEY_RESULTS);
5735 	if (!hdr)
5736 		return -ENOMEM;
5737 
5738 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
5739 		goto nla_put_failure;
5740 
5741 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
5742 	if (!infoattr)
5743 		goto nla_put_failure;
5744 
5745 	if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
5746 			survey->channel->center_freq))
5747 		goto nla_put_failure;
5748 
5749 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
5750 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
5751 		goto nla_put_failure;
5752 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
5753 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
5754 		goto nla_put_failure;
5755 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
5756 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
5757 			survey->channel_time))
5758 		goto nla_put_failure;
5759 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
5760 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
5761 			survey->channel_time_busy))
5762 		goto nla_put_failure;
5763 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
5764 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
5765 			survey->channel_time_ext_busy))
5766 		goto nla_put_failure;
5767 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
5768 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
5769 			survey->channel_time_rx))
5770 		goto nla_put_failure;
5771 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
5772 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
5773 			survey->channel_time_tx))
5774 		goto nla_put_failure;
5775 
5776 	nla_nest_end(msg, infoattr);
5777 
5778 	return genlmsg_end(msg, hdr);
5779 
5780  nla_put_failure:
5781 	genlmsg_cancel(msg, hdr);
5782 	return -EMSGSIZE;
5783 }
5784 
5785 static int nl80211_dump_survey(struct sk_buff *skb,
5786 			struct netlink_callback *cb)
5787 {
5788 	struct survey_info survey;
5789 	struct cfg80211_registered_device *dev;
5790 	struct wireless_dev *wdev;
5791 	int survey_idx = cb->args[2];
5792 	int res;
5793 
5794 	res = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
5795 	if (res)
5796 		return res;
5797 
5798 	if (!wdev->netdev) {
5799 		res = -EINVAL;
5800 		goto out_err;
5801 	}
5802 
5803 	if (!dev->ops->dump_survey) {
5804 		res = -EOPNOTSUPP;
5805 		goto out_err;
5806 	}
5807 
5808 	while (1) {
5809 		struct ieee80211_channel *chan;
5810 
5811 		res = rdev_dump_survey(dev, wdev->netdev, survey_idx, &survey);
5812 		if (res == -ENOENT)
5813 			break;
5814 		if (res)
5815 			goto out_err;
5816 
5817 		/* Survey without a channel doesn't make sense */
5818 		if (!survey.channel) {
5819 			res = -EINVAL;
5820 			goto out;
5821 		}
5822 
5823 		chan = ieee80211_get_channel(&dev->wiphy,
5824 					     survey.channel->center_freq);
5825 		if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
5826 			survey_idx++;
5827 			continue;
5828 		}
5829 
5830 		if (nl80211_send_survey(skb,
5831 				NETLINK_CB(cb->skb).portid,
5832 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
5833 				wdev->netdev, &survey) < 0)
5834 			goto out;
5835 		survey_idx++;
5836 	}
5837 
5838  out:
5839 	cb->args[2] = survey_idx;
5840 	res = skb->len;
5841  out_err:
5842 	nl80211_finish_wdev_dump(dev);
5843 	return res;
5844 }
5845 
5846 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
5847 {
5848 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
5849 				  NL80211_WPA_VERSION_2));
5850 }
5851 
5852 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
5853 {
5854 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5855 	struct net_device *dev = info->user_ptr[1];
5856 	struct ieee80211_channel *chan;
5857 	const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
5858 	int err, ssid_len, ie_len = 0, sae_data_len = 0;
5859 	enum nl80211_auth_type auth_type;
5860 	struct key_parse key;
5861 	bool local_state_change;
5862 
5863 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5864 		return -EINVAL;
5865 
5866 	if (!info->attrs[NL80211_ATTR_MAC])
5867 		return -EINVAL;
5868 
5869 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
5870 		return -EINVAL;
5871 
5872 	if (!info->attrs[NL80211_ATTR_SSID])
5873 		return -EINVAL;
5874 
5875 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
5876 		return -EINVAL;
5877 
5878 	err = nl80211_parse_key(info, &key);
5879 	if (err)
5880 		return err;
5881 
5882 	if (key.idx >= 0) {
5883 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
5884 			return -EINVAL;
5885 		if (!key.p.key || !key.p.key_len)
5886 			return -EINVAL;
5887 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
5888 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
5889 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
5890 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
5891 			return -EINVAL;
5892 		if (key.idx > 4)
5893 			return -EINVAL;
5894 	} else {
5895 		key.p.key_len = 0;
5896 		key.p.key = NULL;
5897 	}
5898 
5899 	if (key.idx >= 0) {
5900 		int i;
5901 		bool ok = false;
5902 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
5903 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
5904 				ok = true;
5905 				break;
5906 			}
5907 		}
5908 		if (!ok)
5909 			return -EINVAL;
5910 	}
5911 
5912 	if (!rdev->ops->auth)
5913 		return -EOPNOTSUPP;
5914 
5915 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5916 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5917 		return -EOPNOTSUPP;
5918 
5919 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5920 	chan = ieee80211_get_channel(&rdev->wiphy,
5921 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
5922 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
5923 		return -EINVAL;
5924 
5925 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5926 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
5927 
5928 	if (info->attrs[NL80211_ATTR_IE]) {
5929 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5930 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5931 	}
5932 
5933 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
5934 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
5935 		return -EINVAL;
5936 
5937 	if (auth_type == NL80211_AUTHTYPE_SAE &&
5938 	    !info->attrs[NL80211_ATTR_SAE_DATA])
5939 		return -EINVAL;
5940 
5941 	if (info->attrs[NL80211_ATTR_SAE_DATA]) {
5942 		if (auth_type != NL80211_AUTHTYPE_SAE)
5943 			return -EINVAL;
5944 		sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
5945 		sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
5946 		/* need to include at least Auth Transaction and Status Code */
5947 		if (sae_data_len < 4)
5948 			return -EINVAL;
5949 	}
5950 
5951 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
5952 
5953 	/*
5954 	 * Since we no longer track auth state, ignore
5955 	 * requests to only change local state.
5956 	 */
5957 	if (local_state_change)
5958 		return 0;
5959 
5960 	wdev_lock(dev->ieee80211_ptr);
5961 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
5962 				 ssid, ssid_len, ie, ie_len,
5963 				 key.p.key, key.p.key_len, key.idx,
5964 				 sae_data, sae_data_len);
5965 	wdev_unlock(dev->ieee80211_ptr);
5966 	return err;
5967 }
5968 
5969 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
5970 				   struct genl_info *info,
5971 				   struct cfg80211_crypto_settings *settings,
5972 				   int cipher_limit)
5973 {
5974 	memset(settings, 0, sizeof(*settings));
5975 
5976 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
5977 
5978 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
5979 		u16 proto;
5980 		proto = nla_get_u16(
5981 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
5982 		settings->control_port_ethertype = cpu_to_be16(proto);
5983 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
5984 		    proto != ETH_P_PAE)
5985 			return -EINVAL;
5986 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
5987 			settings->control_port_no_encrypt = true;
5988 	} else
5989 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
5990 
5991 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
5992 		void *data;
5993 		int len, i;
5994 
5995 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
5996 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
5997 		settings->n_ciphers_pairwise = len / sizeof(u32);
5998 
5999 		if (len % sizeof(u32))
6000 			return -EINVAL;
6001 
6002 		if (settings->n_ciphers_pairwise > cipher_limit)
6003 			return -EINVAL;
6004 
6005 		memcpy(settings->ciphers_pairwise, data, len);
6006 
6007 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
6008 			if (!cfg80211_supported_cipher_suite(
6009 					&rdev->wiphy,
6010 					settings->ciphers_pairwise[i]))
6011 				return -EINVAL;
6012 	}
6013 
6014 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
6015 		settings->cipher_group =
6016 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
6017 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
6018 						     settings->cipher_group))
6019 			return -EINVAL;
6020 	}
6021 
6022 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
6023 		settings->wpa_versions =
6024 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
6025 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
6026 			return -EINVAL;
6027 	}
6028 
6029 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
6030 		void *data;
6031 		int len;
6032 
6033 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
6034 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
6035 		settings->n_akm_suites = len / sizeof(u32);
6036 
6037 		if (len % sizeof(u32))
6038 			return -EINVAL;
6039 
6040 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
6041 			return -EINVAL;
6042 
6043 		memcpy(settings->akm_suites, data, len);
6044 	}
6045 
6046 	return 0;
6047 }
6048 
6049 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
6050 {
6051 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6052 	struct net_device *dev = info->user_ptr[1];
6053 	struct ieee80211_channel *chan;
6054 	struct cfg80211_assoc_request req = {};
6055 	const u8 *bssid, *ssid;
6056 	int err, ssid_len = 0;
6057 
6058 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6059 		return -EINVAL;
6060 
6061 	if (!info->attrs[NL80211_ATTR_MAC] ||
6062 	    !info->attrs[NL80211_ATTR_SSID] ||
6063 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
6064 		return -EINVAL;
6065 
6066 	if (!rdev->ops->assoc)
6067 		return -EOPNOTSUPP;
6068 
6069 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6070 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6071 		return -EOPNOTSUPP;
6072 
6073 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6074 
6075 	chan = ieee80211_get_channel(&rdev->wiphy,
6076 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
6077 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
6078 		return -EINVAL;
6079 
6080 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6081 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6082 
6083 	if (info->attrs[NL80211_ATTR_IE]) {
6084 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6085 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6086 	}
6087 
6088 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
6089 		enum nl80211_mfp mfp =
6090 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6091 		if (mfp == NL80211_MFP_REQUIRED)
6092 			req.use_mfp = true;
6093 		else if (mfp != NL80211_MFP_NO)
6094 			return -EINVAL;
6095 	}
6096 
6097 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
6098 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
6099 
6100 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6101 		req.flags |= ASSOC_REQ_DISABLE_HT;
6102 
6103 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6104 		memcpy(&req.ht_capa_mask,
6105 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6106 		       sizeof(req.ht_capa_mask));
6107 
6108 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6109 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6110 			return -EINVAL;
6111 		memcpy(&req.ht_capa,
6112 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6113 		       sizeof(req.ht_capa));
6114 	}
6115 
6116 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
6117 		req.flags |= ASSOC_REQ_DISABLE_VHT;
6118 
6119 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6120 		memcpy(&req.vht_capa_mask,
6121 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
6122 		       sizeof(req.vht_capa_mask));
6123 
6124 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
6125 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6126 			return -EINVAL;
6127 		memcpy(&req.vht_capa,
6128 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
6129 		       sizeof(req.vht_capa));
6130 	}
6131 
6132 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
6133 	if (!err) {
6134 		wdev_lock(dev->ieee80211_ptr);
6135 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
6136 					  ssid, ssid_len, &req);
6137 		wdev_unlock(dev->ieee80211_ptr);
6138 	}
6139 
6140 	return err;
6141 }
6142 
6143 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
6144 {
6145 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6146 	struct net_device *dev = info->user_ptr[1];
6147 	const u8 *ie = NULL, *bssid;
6148 	int ie_len = 0, err;
6149 	u16 reason_code;
6150 	bool local_state_change;
6151 
6152 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6153 		return -EINVAL;
6154 
6155 	if (!info->attrs[NL80211_ATTR_MAC])
6156 		return -EINVAL;
6157 
6158 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
6159 		return -EINVAL;
6160 
6161 	if (!rdev->ops->deauth)
6162 		return -EOPNOTSUPP;
6163 
6164 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6165 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6166 		return -EOPNOTSUPP;
6167 
6168 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6169 
6170 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6171 	if (reason_code == 0) {
6172 		/* Reason Code 0 is reserved */
6173 		return -EINVAL;
6174 	}
6175 
6176 	if (info->attrs[NL80211_ATTR_IE]) {
6177 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6178 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6179 	}
6180 
6181 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6182 
6183 	wdev_lock(dev->ieee80211_ptr);
6184 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
6185 				   local_state_change);
6186 	wdev_unlock(dev->ieee80211_ptr);
6187 	return err;
6188 }
6189 
6190 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
6191 {
6192 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6193 	struct net_device *dev = info->user_ptr[1];
6194 	const u8 *ie = NULL, *bssid;
6195 	int ie_len = 0, err;
6196 	u16 reason_code;
6197 	bool local_state_change;
6198 
6199 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6200 		return -EINVAL;
6201 
6202 	if (!info->attrs[NL80211_ATTR_MAC])
6203 		return -EINVAL;
6204 
6205 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
6206 		return -EINVAL;
6207 
6208 	if (!rdev->ops->disassoc)
6209 		return -EOPNOTSUPP;
6210 
6211 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6212 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6213 		return -EOPNOTSUPP;
6214 
6215 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6216 
6217 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6218 	if (reason_code == 0) {
6219 		/* Reason Code 0 is reserved */
6220 		return -EINVAL;
6221 	}
6222 
6223 	if (info->attrs[NL80211_ATTR_IE]) {
6224 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6225 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6226 	}
6227 
6228 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6229 
6230 	wdev_lock(dev->ieee80211_ptr);
6231 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
6232 				     local_state_change);
6233 	wdev_unlock(dev->ieee80211_ptr);
6234 	return err;
6235 }
6236 
6237 static bool
6238 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
6239 			 int mcast_rate[IEEE80211_NUM_BANDS],
6240 			 int rateval)
6241 {
6242 	struct wiphy *wiphy = &rdev->wiphy;
6243 	bool found = false;
6244 	int band, i;
6245 
6246 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6247 		struct ieee80211_supported_band *sband;
6248 
6249 		sband = wiphy->bands[band];
6250 		if (!sband)
6251 			continue;
6252 
6253 		for (i = 0; i < sband->n_bitrates; i++) {
6254 			if (sband->bitrates[i].bitrate == rateval) {
6255 				mcast_rate[band] = i + 1;
6256 				found = true;
6257 				break;
6258 			}
6259 		}
6260 	}
6261 
6262 	return found;
6263 }
6264 
6265 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
6266 {
6267 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6268 	struct net_device *dev = info->user_ptr[1];
6269 	struct cfg80211_ibss_params ibss;
6270 	struct wiphy *wiphy;
6271 	struct cfg80211_cached_keys *connkeys = NULL;
6272 	int err;
6273 
6274 	memset(&ibss, 0, sizeof(ibss));
6275 
6276 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6277 		return -EINVAL;
6278 
6279 	if (!info->attrs[NL80211_ATTR_SSID] ||
6280 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
6281 		return -EINVAL;
6282 
6283 	ibss.beacon_interval = 100;
6284 
6285 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
6286 		ibss.beacon_interval =
6287 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6288 		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
6289 			return -EINVAL;
6290 	}
6291 
6292 	if (!rdev->ops->join_ibss)
6293 		return -EOPNOTSUPP;
6294 
6295 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6296 		return -EOPNOTSUPP;
6297 
6298 	wiphy = &rdev->wiphy;
6299 
6300 	if (info->attrs[NL80211_ATTR_MAC]) {
6301 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6302 
6303 		if (!is_valid_ether_addr(ibss.bssid))
6304 			return -EINVAL;
6305 	}
6306 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6307 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6308 
6309 	if (info->attrs[NL80211_ATTR_IE]) {
6310 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6311 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6312 	}
6313 
6314 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
6315 	if (err)
6316 		return err;
6317 
6318 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef))
6319 		return -EINVAL;
6320 
6321 	switch (ibss.chandef.width) {
6322 	case NL80211_CHAN_WIDTH_20_NOHT:
6323 		break;
6324 	case NL80211_CHAN_WIDTH_20:
6325 	case NL80211_CHAN_WIDTH_40:
6326 		if (rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)
6327 			break;
6328 	default:
6329 		return -EINVAL;
6330 	}
6331 
6332 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
6333 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6334 
6335 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6336 		u8 *rates =
6337 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6338 		int n_rates =
6339 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6340 		struct ieee80211_supported_band *sband =
6341 			wiphy->bands[ibss.chandef.chan->band];
6342 
6343 		err = ieee80211_get_ratemask(sband, rates, n_rates,
6344 					     &ibss.basic_rates);
6345 		if (err)
6346 			return err;
6347 	}
6348 
6349 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
6350 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
6351 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
6352 		return -EINVAL;
6353 
6354 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
6355 		bool no_ht = false;
6356 
6357 		connkeys = nl80211_parse_connkeys(rdev,
6358 					  info->attrs[NL80211_ATTR_KEYS],
6359 					  &no_ht);
6360 		if (IS_ERR(connkeys))
6361 			return PTR_ERR(connkeys);
6362 
6363 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
6364 		    no_ht) {
6365 			kfree(connkeys);
6366 			return -EINVAL;
6367 		}
6368 	}
6369 
6370 	ibss.control_port =
6371 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
6372 
6373 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
6374 	if (err)
6375 		kfree(connkeys);
6376 	return err;
6377 }
6378 
6379 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
6380 {
6381 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6382 	struct net_device *dev = info->user_ptr[1];
6383 
6384 	if (!rdev->ops->leave_ibss)
6385 		return -EOPNOTSUPP;
6386 
6387 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6388 		return -EOPNOTSUPP;
6389 
6390 	return cfg80211_leave_ibss(rdev, dev, false);
6391 }
6392 
6393 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
6394 {
6395 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6396 	struct net_device *dev = info->user_ptr[1];
6397 	int mcast_rate[IEEE80211_NUM_BANDS];
6398 	u32 nla_rate;
6399 	int err;
6400 
6401 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
6402 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6403 		return -EOPNOTSUPP;
6404 
6405 	if (!rdev->ops->set_mcast_rate)
6406 		return -EOPNOTSUPP;
6407 
6408 	memset(mcast_rate, 0, sizeof(mcast_rate));
6409 
6410 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
6411 		return -EINVAL;
6412 
6413 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
6414 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
6415 		return -EINVAL;
6416 
6417 	err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
6418 
6419 	return err;
6420 }
6421 
6422 
6423 #ifdef CONFIG_NL80211_TESTMODE
6424 static struct genl_multicast_group nl80211_testmode_mcgrp = {
6425 	.name = "testmode",
6426 };
6427 
6428 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
6429 {
6430 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6431 	int err;
6432 
6433 	if (!info->attrs[NL80211_ATTR_TESTDATA])
6434 		return -EINVAL;
6435 
6436 	err = -EOPNOTSUPP;
6437 	if (rdev->ops->testmode_cmd) {
6438 		rdev->testmode_info = info;
6439 		err = rdev_testmode_cmd(rdev,
6440 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
6441 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
6442 		rdev->testmode_info = NULL;
6443 	}
6444 
6445 	return err;
6446 }
6447 
6448 static int nl80211_testmode_dump(struct sk_buff *skb,
6449 				 struct netlink_callback *cb)
6450 {
6451 	struct cfg80211_registered_device *rdev;
6452 	int err;
6453 	long phy_idx;
6454 	void *data = NULL;
6455 	int data_len = 0;
6456 
6457 	rtnl_lock();
6458 
6459 	if (cb->args[0]) {
6460 		/*
6461 		 * 0 is a valid index, but not valid for args[0],
6462 		 * so we need to offset by 1.
6463 		 */
6464 		phy_idx = cb->args[0] - 1;
6465 	} else {
6466 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
6467 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
6468 				  nl80211_policy);
6469 		if (err)
6470 			goto out_err;
6471 
6472 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
6473 						  nl80211_fam.attrbuf);
6474 		if (IS_ERR(rdev)) {
6475 			err = PTR_ERR(rdev);
6476 			goto out_err;
6477 		}
6478 		phy_idx = rdev->wiphy_idx;
6479 		rdev = NULL;
6480 
6481 		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
6482 			cb->args[1] =
6483 				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
6484 	}
6485 
6486 	if (cb->args[1]) {
6487 		data = nla_data((void *)cb->args[1]);
6488 		data_len = nla_len((void *)cb->args[1]);
6489 	}
6490 
6491 	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
6492 	if (!rdev) {
6493 		err = -ENOENT;
6494 		goto out_err;
6495 	}
6496 
6497 	if (!rdev->ops->testmode_dump) {
6498 		err = -EOPNOTSUPP;
6499 		goto out_err;
6500 	}
6501 
6502 	while (1) {
6503 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
6504 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
6505 					   NL80211_CMD_TESTMODE);
6506 		struct nlattr *tmdata;
6507 
6508 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
6509 			genlmsg_cancel(skb, hdr);
6510 			break;
6511 		}
6512 
6513 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
6514 		if (!tmdata) {
6515 			genlmsg_cancel(skb, hdr);
6516 			break;
6517 		}
6518 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
6519 		nla_nest_end(skb, tmdata);
6520 
6521 		if (err == -ENOBUFS || err == -ENOENT) {
6522 			genlmsg_cancel(skb, hdr);
6523 			break;
6524 		} else if (err) {
6525 			genlmsg_cancel(skb, hdr);
6526 			goto out_err;
6527 		}
6528 
6529 		genlmsg_end(skb, hdr);
6530 	}
6531 
6532 	err = skb->len;
6533 	/* see above */
6534 	cb->args[0] = phy_idx + 1;
6535  out_err:
6536 	rtnl_unlock();
6537 	return err;
6538 }
6539 
6540 static struct sk_buff *
6541 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
6542 			      int approxlen, u32 portid, u32 seq, gfp_t gfp)
6543 {
6544 	struct sk_buff *skb;
6545 	void *hdr;
6546 	struct nlattr *data;
6547 
6548 	skb = nlmsg_new(approxlen + 100, gfp);
6549 	if (!skb)
6550 		return NULL;
6551 
6552 	hdr = nl80211hdr_put(skb, portid, seq, 0, NL80211_CMD_TESTMODE);
6553 	if (!hdr) {
6554 		kfree_skb(skb);
6555 		return NULL;
6556 	}
6557 
6558 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
6559 		goto nla_put_failure;
6560 	data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
6561 
6562 	((void **)skb->cb)[0] = rdev;
6563 	((void **)skb->cb)[1] = hdr;
6564 	((void **)skb->cb)[2] = data;
6565 
6566 	return skb;
6567 
6568  nla_put_failure:
6569 	kfree_skb(skb);
6570 	return NULL;
6571 }
6572 
6573 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
6574 						  int approxlen)
6575 {
6576 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
6577 
6578 	if (WARN_ON(!rdev->testmode_info))
6579 		return NULL;
6580 
6581 	return __cfg80211_testmode_alloc_skb(rdev, approxlen,
6582 				rdev->testmode_info->snd_portid,
6583 				rdev->testmode_info->snd_seq,
6584 				GFP_KERNEL);
6585 }
6586 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
6587 
6588 int cfg80211_testmode_reply(struct sk_buff *skb)
6589 {
6590 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
6591 	void *hdr = ((void **)skb->cb)[1];
6592 	struct nlattr *data = ((void **)skb->cb)[2];
6593 
6594 	if (WARN_ON(!rdev->testmode_info)) {
6595 		kfree_skb(skb);
6596 		return -EINVAL;
6597 	}
6598 
6599 	nla_nest_end(skb, data);
6600 	genlmsg_end(skb, hdr);
6601 	return genlmsg_reply(skb, rdev->testmode_info);
6602 }
6603 EXPORT_SYMBOL(cfg80211_testmode_reply);
6604 
6605 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
6606 						  int approxlen, gfp_t gfp)
6607 {
6608 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
6609 
6610 	return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
6611 }
6612 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
6613 
6614 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
6615 {
6616 	void *hdr = ((void **)skb->cb)[1];
6617 	struct nlattr *data = ((void **)skb->cb)[2];
6618 
6619 	nla_nest_end(skb, data);
6620 	genlmsg_end(skb, hdr);
6621 	genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
6622 }
6623 EXPORT_SYMBOL(cfg80211_testmode_event);
6624 #endif
6625 
6626 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
6627 {
6628 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6629 	struct net_device *dev = info->user_ptr[1];
6630 	struct cfg80211_connect_params connect;
6631 	struct wiphy *wiphy;
6632 	struct cfg80211_cached_keys *connkeys = NULL;
6633 	int err;
6634 
6635 	memset(&connect, 0, sizeof(connect));
6636 
6637 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6638 		return -EINVAL;
6639 
6640 	if (!info->attrs[NL80211_ATTR_SSID] ||
6641 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
6642 		return -EINVAL;
6643 
6644 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
6645 		connect.auth_type =
6646 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6647 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
6648 					     NL80211_CMD_CONNECT))
6649 			return -EINVAL;
6650 	} else
6651 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
6652 
6653 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
6654 
6655 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
6656 				      NL80211_MAX_NR_CIPHER_SUITES);
6657 	if (err)
6658 		return err;
6659 
6660 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6661 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6662 		return -EOPNOTSUPP;
6663 
6664 	wiphy = &rdev->wiphy;
6665 
6666 	connect.bg_scan_period = -1;
6667 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
6668 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
6669 		connect.bg_scan_period =
6670 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
6671 	}
6672 
6673 	if (info->attrs[NL80211_ATTR_MAC])
6674 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6675 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6676 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6677 
6678 	if (info->attrs[NL80211_ATTR_IE]) {
6679 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6680 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6681 	}
6682 
6683 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
6684 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6685 		if (connect.mfp != NL80211_MFP_REQUIRED &&
6686 		    connect.mfp != NL80211_MFP_NO)
6687 			return -EINVAL;
6688 	} else {
6689 		connect.mfp = NL80211_MFP_NO;
6690 	}
6691 
6692 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
6693 		connect.channel =
6694 			ieee80211_get_channel(wiphy,
6695 			    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
6696 		if (!connect.channel ||
6697 		    connect.channel->flags & IEEE80211_CHAN_DISABLED)
6698 			return -EINVAL;
6699 	}
6700 
6701 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
6702 		connkeys = nl80211_parse_connkeys(rdev,
6703 					  info->attrs[NL80211_ATTR_KEYS], NULL);
6704 		if (IS_ERR(connkeys))
6705 			return PTR_ERR(connkeys);
6706 	}
6707 
6708 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6709 		connect.flags |= ASSOC_REQ_DISABLE_HT;
6710 
6711 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6712 		memcpy(&connect.ht_capa_mask,
6713 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6714 		       sizeof(connect.ht_capa_mask));
6715 
6716 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6717 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
6718 			kfree(connkeys);
6719 			return -EINVAL;
6720 		}
6721 		memcpy(&connect.ht_capa,
6722 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6723 		       sizeof(connect.ht_capa));
6724 	}
6725 
6726 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
6727 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
6728 
6729 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6730 		memcpy(&connect.vht_capa_mask,
6731 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
6732 		       sizeof(connect.vht_capa_mask));
6733 
6734 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
6735 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
6736 			kfree(connkeys);
6737 			return -EINVAL;
6738 		}
6739 		memcpy(&connect.vht_capa,
6740 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
6741 		       sizeof(connect.vht_capa));
6742 	}
6743 
6744 	wdev_lock(dev->ieee80211_ptr);
6745 	err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
6746 	wdev_unlock(dev->ieee80211_ptr);
6747 	if (err)
6748 		kfree(connkeys);
6749 	return err;
6750 }
6751 
6752 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
6753 {
6754 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6755 	struct net_device *dev = info->user_ptr[1];
6756 	u16 reason;
6757 	int ret;
6758 
6759 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
6760 		reason = WLAN_REASON_DEAUTH_LEAVING;
6761 	else
6762 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6763 
6764 	if (reason == 0)
6765 		return -EINVAL;
6766 
6767 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6768 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6769 		return -EOPNOTSUPP;
6770 
6771 	wdev_lock(dev->ieee80211_ptr);
6772 	ret = cfg80211_disconnect(rdev, dev, reason, true);
6773 	wdev_unlock(dev->ieee80211_ptr);
6774 	return ret;
6775 }
6776 
6777 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
6778 {
6779 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6780 	struct net *net;
6781 	int err;
6782 	u32 pid;
6783 
6784 	if (!info->attrs[NL80211_ATTR_PID])
6785 		return -EINVAL;
6786 
6787 	pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
6788 
6789 	net = get_net_ns_by_pid(pid);
6790 	if (IS_ERR(net))
6791 		return PTR_ERR(net);
6792 
6793 	err = 0;
6794 
6795 	/* check if anything to do */
6796 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
6797 		err = cfg80211_switch_netns(rdev, net);
6798 
6799 	put_net(net);
6800 	return err;
6801 }
6802 
6803 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
6804 {
6805 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6806 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
6807 			struct cfg80211_pmksa *pmksa) = NULL;
6808 	struct net_device *dev = info->user_ptr[1];
6809 	struct cfg80211_pmksa pmksa;
6810 
6811 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
6812 
6813 	if (!info->attrs[NL80211_ATTR_MAC])
6814 		return -EINVAL;
6815 
6816 	if (!info->attrs[NL80211_ATTR_PMKID])
6817 		return -EINVAL;
6818 
6819 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
6820 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6821 
6822 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6823 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6824 		return -EOPNOTSUPP;
6825 
6826 	switch (info->genlhdr->cmd) {
6827 	case NL80211_CMD_SET_PMKSA:
6828 		rdev_ops = rdev->ops->set_pmksa;
6829 		break;
6830 	case NL80211_CMD_DEL_PMKSA:
6831 		rdev_ops = rdev->ops->del_pmksa;
6832 		break;
6833 	default:
6834 		WARN_ON(1);
6835 		break;
6836 	}
6837 
6838 	if (!rdev_ops)
6839 		return -EOPNOTSUPP;
6840 
6841 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
6842 }
6843 
6844 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
6845 {
6846 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6847 	struct net_device *dev = info->user_ptr[1];
6848 
6849 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6850 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6851 		return -EOPNOTSUPP;
6852 
6853 	if (!rdev->ops->flush_pmksa)
6854 		return -EOPNOTSUPP;
6855 
6856 	return rdev_flush_pmksa(rdev, dev);
6857 }
6858 
6859 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
6860 {
6861 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6862 	struct net_device *dev = info->user_ptr[1];
6863 	u8 action_code, dialog_token;
6864 	u16 status_code;
6865 	u8 *peer;
6866 
6867 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
6868 	    !rdev->ops->tdls_mgmt)
6869 		return -EOPNOTSUPP;
6870 
6871 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
6872 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
6873 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
6874 	    !info->attrs[NL80211_ATTR_IE] ||
6875 	    !info->attrs[NL80211_ATTR_MAC])
6876 		return -EINVAL;
6877 
6878 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
6879 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
6880 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
6881 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
6882 
6883 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
6884 			      dialog_token, status_code,
6885 			      nla_data(info->attrs[NL80211_ATTR_IE]),
6886 			      nla_len(info->attrs[NL80211_ATTR_IE]));
6887 }
6888 
6889 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
6890 {
6891 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6892 	struct net_device *dev = info->user_ptr[1];
6893 	enum nl80211_tdls_operation operation;
6894 	u8 *peer;
6895 
6896 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
6897 	    !rdev->ops->tdls_oper)
6898 		return -EOPNOTSUPP;
6899 
6900 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
6901 	    !info->attrs[NL80211_ATTR_MAC])
6902 		return -EINVAL;
6903 
6904 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
6905 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
6906 
6907 	return rdev_tdls_oper(rdev, dev, peer, operation);
6908 }
6909 
6910 static int nl80211_remain_on_channel(struct sk_buff *skb,
6911 				     struct genl_info *info)
6912 {
6913 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6914 	struct wireless_dev *wdev = info->user_ptr[1];
6915 	struct cfg80211_chan_def chandef;
6916 	struct sk_buff *msg;
6917 	void *hdr;
6918 	u64 cookie;
6919 	u32 duration;
6920 	int err;
6921 
6922 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
6923 	    !info->attrs[NL80211_ATTR_DURATION])
6924 		return -EINVAL;
6925 
6926 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
6927 
6928 	if (!rdev->ops->remain_on_channel ||
6929 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
6930 		return -EOPNOTSUPP;
6931 
6932 	/*
6933 	 * We should be on that channel for at least a minimum amount of
6934 	 * time (10ms) but no longer than the driver supports.
6935 	 */
6936 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
6937 	    duration > rdev->wiphy.max_remain_on_channel_duration)
6938 		return -EINVAL;
6939 
6940 	err = nl80211_parse_chandef(rdev, info, &chandef);
6941 	if (err)
6942 		return err;
6943 
6944 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6945 	if (!msg)
6946 		return -ENOMEM;
6947 
6948 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6949 			     NL80211_CMD_REMAIN_ON_CHANNEL);
6950 
6951 	if (IS_ERR(hdr)) {
6952 		err = PTR_ERR(hdr);
6953 		goto free_msg;
6954 	}
6955 
6956 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
6957 				     duration, &cookie);
6958 
6959 	if (err)
6960 		goto free_msg;
6961 
6962 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
6963 		goto nla_put_failure;
6964 
6965 	genlmsg_end(msg, hdr);
6966 
6967 	return genlmsg_reply(msg, info);
6968 
6969  nla_put_failure:
6970 	err = -ENOBUFS;
6971  free_msg:
6972 	nlmsg_free(msg);
6973 	return err;
6974 }
6975 
6976 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
6977 					    struct genl_info *info)
6978 {
6979 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6980 	struct wireless_dev *wdev = info->user_ptr[1];
6981 	u64 cookie;
6982 
6983 	if (!info->attrs[NL80211_ATTR_COOKIE])
6984 		return -EINVAL;
6985 
6986 	if (!rdev->ops->cancel_remain_on_channel)
6987 		return -EOPNOTSUPP;
6988 
6989 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
6990 
6991 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
6992 }
6993 
6994 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
6995 			   u8 *rates, u8 rates_len)
6996 {
6997 	u8 i;
6998 	u32 mask = 0;
6999 
7000 	for (i = 0; i < rates_len; i++) {
7001 		int rate = (rates[i] & 0x7f) * 5;
7002 		int ridx;
7003 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
7004 			struct ieee80211_rate *srate =
7005 				&sband->bitrates[ridx];
7006 			if (rate == srate->bitrate) {
7007 				mask |= 1 << ridx;
7008 				break;
7009 			}
7010 		}
7011 		if (ridx == sband->n_bitrates)
7012 			return 0; /* rate not found */
7013 	}
7014 
7015 	return mask;
7016 }
7017 
7018 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
7019 			       u8 *rates, u8 rates_len,
7020 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
7021 {
7022 	u8 i;
7023 
7024 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
7025 
7026 	for (i = 0; i < rates_len; i++) {
7027 		int ridx, rbit;
7028 
7029 		ridx = rates[i] / 8;
7030 		rbit = BIT(rates[i] % 8);
7031 
7032 		/* check validity */
7033 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
7034 			return false;
7035 
7036 		/* check availability */
7037 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
7038 			mcs[ridx] |= rbit;
7039 		else
7040 			return false;
7041 	}
7042 
7043 	return true;
7044 }
7045 
7046 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
7047 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
7048 				    .len = NL80211_MAX_SUPP_RATES },
7049 	[NL80211_TXRATE_MCS] = { .type = NLA_BINARY,
7050 				 .len = NL80211_MAX_SUPP_HT_RATES },
7051 };
7052 
7053 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
7054 				       struct genl_info *info)
7055 {
7056 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
7057 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7058 	struct cfg80211_bitrate_mask mask;
7059 	int rem, i;
7060 	struct net_device *dev = info->user_ptr[1];
7061 	struct nlattr *tx_rates;
7062 	struct ieee80211_supported_band *sband;
7063 
7064 	if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
7065 		return -EINVAL;
7066 
7067 	if (!rdev->ops->set_bitrate_mask)
7068 		return -EOPNOTSUPP;
7069 
7070 	memset(&mask, 0, sizeof(mask));
7071 	/* Default to all rates enabled */
7072 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
7073 		sband = rdev->wiphy.bands[i];
7074 		mask.control[i].legacy =
7075 			sband ? (1 << sband->n_bitrates) - 1 : 0;
7076 		if (sband)
7077 			memcpy(mask.control[i].mcs,
7078 			       sband->ht_cap.mcs.rx_mask,
7079 			       sizeof(mask.control[i].mcs));
7080 		else
7081 			memset(mask.control[i].mcs, 0,
7082 			       sizeof(mask.control[i].mcs));
7083 	}
7084 
7085 	/*
7086 	 * The nested attribute uses enum nl80211_band as the index. This maps
7087 	 * directly to the enum ieee80211_band values used in cfg80211.
7088 	 */
7089 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
7090 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
7091 	{
7092 		enum ieee80211_band band = nla_type(tx_rates);
7093 		if (band < 0 || band >= IEEE80211_NUM_BANDS)
7094 			return -EINVAL;
7095 		sband = rdev->wiphy.bands[band];
7096 		if (sband == NULL)
7097 			return -EINVAL;
7098 		nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
7099 			  nla_len(tx_rates), nl80211_txattr_policy);
7100 		if (tb[NL80211_TXRATE_LEGACY]) {
7101 			mask.control[band].legacy = rateset_to_mask(
7102 				sband,
7103 				nla_data(tb[NL80211_TXRATE_LEGACY]),
7104 				nla_len(tb[NL80211_TXRATE_LEGACY]));
7105 			if ((mask.control[band].legacy == 0) &&
7106 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
7107 				return -EINVAL;
7108 		}
7109 		if (tb[NL80211_TXRATE_MCS]) {
7110 			if (!ht_rateset_to_mask(
7111 					sband,
7112 					nla_data(tb[NL80211_TXRATE_MCS]),
7113 					nla_len(tb[NL80211_TXRATE_MCS]),
7114 					mask.control[band].mcs))
7115 				return -EINVAL;
7116 		}
7117 
7118 		if (mask.control[band].legacy == 0) {
7119 			/* don't allow empty legacy rates if HT
7120 			 * is not even supported. */
7121 			if (!rdev->wiphy.bands[band]->ht_cap.ht_supported)
7122 				return -EINVAL;
7123 
7124 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
7125 				if (mask.control[band].mcs[i])
7126 					break;
7127 
7128 			/* legacy and mcs rates may not be both empty */
7129 			if (i == IEEE80211_HT_MCS_MASK_LEN)
7130 				return -EINVAL;
7131 		}
7132 	}
7133 
7134 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
7135 }
7136 
7137 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
7138 {
7139 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7140 	struct wireless_dev *wdev = info->user_ptr[1];
7141 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
7142 
7143 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
7144 		return -EINVAL;
7145 
7146 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
7147 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
7148 
7149 	switch (wdev->iftype) {
7150 	case NL80211_IFTYPE_STATION:
7151 	case NL80211_IFTYPE_ADHOC:
7152 	case NL80211_IFTYPE_P2P_CLIENT:
7153 	case NL80211_IFTYPE_AP:
7154 	case NL80211_IFTYPE_AP_VLAN:
7155 	case NL80211_IFTYPE_MESH_POINT:
7156 	case NL80211_IFTYPE_P2P_GO:
7157 	case NL80211_IFTYPE_P2P_DEVICE:
7158 		break;
7159 	default:
7160 		return -EOPNOTSUPP;
7161 	}
7162 
7163 	/* not much point in registering if we can't reply */
7164 	if (!rdev->ops->mgmt_tx)
7165 		return -EOPNOTSUPP;
7166 
7167 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
7168 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
7169 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
7170 }
7171 
7172 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
7173 {
7174 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7175 	struct wireless_dev *wdev = info->user_ptr[1];
7176 	struct cfg80211_chan_def chandef;
7177 	int err;
7178 	void *hdr = NULL;
7179 	u64 cookie;
7180 	struct sk_buff *msg = NULL;
7181 	unsigned int wait = 0;
7182 	bool offchan, no_cck, dont_wait_for_ack;
7183 
7184 	dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
7185 
7186 	if (!info->attrs[NL80211_ATTR_FRAME])
7187 		return -EINVAL;
7188 
7189 	if (!rdev->ops->mgmt_tx)
7190 		return -EOPNOTSUPP;
7191 
7192 	switch (wdev->iftype) {
7193 	case NL80211_IFTYPE_P2P_DEVICE:
7194 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
7195 			return -EINVAL;
7196 	case NL80211_IFTYPE_STATION:
7197 	case NL80211_IFTYPE_ADHOC:
7198 	case NL80211_IFTYPE_P2P_CLIENT:
7199 	case NL80211_IFTYPE_AP:
7200 	case NL80211_IFTYPE_AP_VLAN:
7201 	case NL80211_IFTYPE_MESH_POINT:
7202 	case NL80211_IFTYPE_P2P_GO:
7203 		break;
7204 	default:
7205 		return -EOPNOTSUPP;
7206 	}
7207 
7208 	if (info->attrs[NL80211_ATTR_DURATION]) {
7209 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7210 			return -EINVAL;
7211 		wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7212 
7213 		/*
7214 		 * We should wait on the channel for at least a minimum amount
7215 		 * of time (10ms) but no longer than the driver supports.
7216 		 */
7217 		if (wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7218 		    wait > rdev->wiphy.max_remain_on_channel_duration)
7219 			return -EINVAL;
7220 
7221 	}
7222 
7223 	offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
7224 
7225 	if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7226 		return -EINVAL;
7227 
7228 	no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7229 
7230 	/* get the channel if any has been specified, otherwise pass NULL to
7231 	 * the driver. The latter will use the current one
7232 	 */
7233 	chandef.chan = NULL;
7234 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7235 		err = nl80211_parse_chandef(rdev, info, &chandef);
7236 		if (err)
7237 			return err;
7238 	}
7239 
7240 	if (!chandef.chan && offchan)
7241 		return -EINVAL;
7242 
7243 	if (!dont_wait_for_ack) {
7244 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7245 		if (!msg)
7246 			return -ENOMEM;
7247 
7248 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7249 				     NL80211_CMD_FRAME);
7250 
7251 		if (IS_ERR(hdr)) {
7252 			err = PTR_ERR(hdr);
7253 			goto free_msg;
7254 		}
7255 	}
7256 
7257 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, chandef.chan, offchan, wait,
7258 				    nla_data(info->attrs[NL80211_ATTR_FRAME]),
7259 				    nla_len(info->attrs[NL80211_ATTR_FRAME]),
7260 				    no_cck, dont_wait_for_ack, &cookie);
7261 	if (err)
7262 		goto free_msg;
7263 
7264 	if (msg) {
7265 		if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7266 			goto nla_put_failure;
7267 
7268 		genlmsg_end(msg, hdr);
7269 		return genlmsg_reply(msg, info);
7270 	}
7271 
7272 	return 0;
7273 
7274  nla_put_failure:
7275 	err = -ENOBUFS;
7276  free_msg:
7277 	nlmsg_free(msg);
7278 	return err;
7279 }
7280 
7281 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
7282 {
7283 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7284 	struct wireless_dev *wdev = info->user_ptr[1];
7285 	u64 cookie;
7286 
7287 	if (!info->attrs[NL80211_ATTR_COOKIE])
7288 		return -EINVAL;
7289 
7290 	if (!rdev->ops->mgmt_tx_cancel_wait)
7291 		return -EOPNOTSUPP;
7292 
7293 	switch (wdev->iftype) {
7294 	case NL80211_IFTYPE_STATION:
7295 	case NL80211_IFTYPE_ADHOC:
7296 	case NL80211_IFTYPE_P2P_CLIENT:
7297 	case NL80211_IFTYPE_AP:
7298 	case NL80211_IFTYPE_AP_VLAN:
7299 	case NL80211_IFTYPE_P2P_GO:
7300 	case NL80211_IFTYPE_P2P_DEVICE:
7301 		break;
7302 	default:
7303 		return -EOPNOTSUPP;
7304 	}
7305 
7306 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7307 
7308 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
7309 }
7310 
7311 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
7312 {
7313 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7314 	struct wireless_dev *wdev;
7315 	struct net_device *dev = info->user_ptr[1];
7316 	u8 ps_state;
7317 	bool state;
7318 	int err;
7319 
7320 	if (!info->attrs[NL80211_ATTR_PS_STATE])
7321 		return -EINVAL;
7322 
7323 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
7324 
7325 	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
7326 		return -EINVAL;
7327 
7328 	wdev = dev->ieee80211_ptr;
7329 
7330 	if (!rdev->ops->set_power_mgmt)
7331 		return -EOPNOTSUPP;
7332 
7333 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
7334 
7335 	if (state == wdev->ps)
7336 		return 0;
7337 
7338 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
7339 	if (!err)
7340 		wdev->ps = state;
7341 	return err;
7342 }
7343 
7344 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
7345 {
7346 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7347 	enum nl80211_ps_state ps_state;
7348 	struct wireless_dev *wdev;
7349 	struct net_device *dev = info->user_ptr[1];
7350 	struct sk_buff *msg;
7351 	void *hdr;
7352 	int err;
7353 
7354 	wdev = dev->ieee80211_ptr;
7355 
7356 	if (!rdev->ops->set_power_mgmt)
7357 		return -EOPNOTSUPP;
7358 
7359 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7360 	if (!msg)
7361 		return -ENOMEM;
7362 
7363 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7364 			     NL80211_CMD_GET_POWER_SAVE);
7365 	if (!hdr) {
7366 		err = -ENOBUFS;
7367 		goto free_msg;
7368 	}
7369 
7370 	if (wdev->ps)
7371 		ps_state = NL80211_PS_ENABLED;
7372 	else
7373 		ps_state = NL80211_PS_DISABLED;
7374 
7375 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
7376 		goto nla_put_failure;
7377 
7378 	genlmsg_end(msg, hdr);
7379 	return genlmsg_reply(msg, info);
7380 
7381  nla_put_failure:
7382 	err = -ENOBUFS;
7383  free_msg:
7384 	nlmsg_free(msg);
7385 	return err;
7386 }
7387 
7388 static struct nla_policy
7389 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
7390 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
7391 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
7392 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
7393 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
7394 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
7395 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
7396 };
7397 
7398 static int nl80211_set_cqm_txe(struct genl_info *info,
7399 			       u32 rate, u32 pkts, u32 intvl)
7400 {
7401 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7402 	struct wireless_dev *wdev;
7403 	struct net_device *dev = info->user_ptr[1];
7404 
7405 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
7406 		return -EINVAL;
7407 
7408 	wdev = dev->ieee80211_ptr;
7409 
7410 	if (!rdev->ops->set_cqm_txe_config)
7411 		return -EOPNOTSUPP;
7412 
7413 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
7414 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
7415 		return -EOPNOTSUPP;
7416 
7417 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
7418 }
7419 
7420 static int nl80211_set_cqm_rssi(struct genl_info *info,
7421 				s32 threshold, u32 hysteresis)
7422 {
7423 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7424 	struct wireless_dev *wdev;
7425 	struct net_device *dev = info->user_ptr[1];
7426 
7427 	if (threshold > 0)
7428 		return -EINVAL;
7429 
7430 	wdev = dev->ieee80211_ptr;
7431 
7432 	if (!rdev->ops->set_cqm_rssi_config)
7433 		return -EOPNOTSUPP;
7434 
7435 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
7436 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
7437 		return -EOPNOTSUPP;
7438 
7439 	return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
7440 }
7441 
7442 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
7443 {
7444 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
7445 	struct nlattr *cqm;
7446 	int err;
7447 
7448 	cqm = info->attrs[NL80211_ATTR_CQM];
7449 	if (!cqm) {
7450 		err = -EINVAL;
7451 		goto out;
7452 	}
7453 
7454 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
7455 			       nl80211_attr_cqm_policy);
7456 	if (err)
7457 		goto out;
7458 
7459 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
7460 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
7461 		s32 threshold;
7462 		u32 hysteresis;
7463 		threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
7464 		hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
7465 		err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
7466 	} else if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
7467 		   attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
7468 		   attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
7469 		u32 rate, pkts, intvl;
7470 		rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
7471 		pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
7472 		intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
7473 		err = nl80211_set_cqm_txe(info, rate, pkts, intvl);
7474 	} else
7475 		err = -EINVAL;
7476 
7477 out:
7478 	return err;
7479 }
7480 
7481 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
7482 {
7483 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7484 	struct net_device *dev = info->user_ptr[1];
7485 	struct mesh_config cfg;
7486 	struct mesh_setup setup;
7487 	int err;
7488 
7489 	/* start with default */
7490 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
7491 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
7492 
7493 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
7494 		/* and parse parameters if given */
7495 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
7496 		if (err)
7497 			return err;
7498 	}
7499 
7500 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
7501 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
7502 		return -EINVAL;
7503 
7504 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
7505 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
7506 
7507 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
7508 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
7509 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
7510 			return -EINVAL;
7511 
7512 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
7513 		setup.beacon_interval =
7514 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
7515 		if (setup.beacon_interval < 10 ||
7516 		    setup.beacon_interval > 10000)
7517 			return -EINVAL;
7518 	}
7519 
7520 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
7521 		setup.dtim_period =
7522 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
7523 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
7524 			return -EINVAL;
7525 	}
7526 
7527 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
7528 		/* parse additional setup parameters if given */
7529 		err = nl80211_parse_mesh_setup(info, &setup);
7530 		if (err)
7531 			return err;
7532 	}
7533 
7534 	if (setup.user_mpm)
7535 		cfg.auto_open_plinks = false;
7536 
7537 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7538 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
7539 		if (err)
7540 			return err;
7541 	} else {
7542 		/* cfg80211_join_mesh() will sort it out */
7543 		setup.chandef.chan = NULL;
7544 	}
7545 
7546 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
7547 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7548 		int n_rates =
7549 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7550 		struct ieee80211_supported_band *sband;
7551 
7552 		if (!setup.chandef.chan)
7553 			return -EINVAL;
7554 
7555 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
7556 
7557 		err = ieee80211_get_ratemask(sband, rates, n_rates,
7558 					     &setup.basic_rates);
7559 		if (err)
7560 			return err;
7561 	}
7562 
7563 	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
7564 }
7565 
7566 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
7567 {
7568 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7569 	struct net_device *dev = info->user_ptr[1];
7570 
7571 	return cfg80211_leave_mesh(rdev, dev);
7572 }
7573 
7574 #ifdef CONFIG_PM
7575 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
7576 					struct cfg80211_registered_device *rdev)
7577 {
7578 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
7579 	struct nlattr *nl_pats, *nl_pat;
7580 	int i, pat_len;
7581 
7582 	if (!wowlan->n_patterns)
7583 		return 0;
7584 
7585 	nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
7586 	if (!nl_pats)
7587 		return -ENOBUFS;
7588 
7589 	for (i = 0; i < wowlan->n_patterns; i++) {
7590 		nl_pat = nla_nest_start(msg, i + 1);
7591 		if (!nl_pat)
7592 			return -ENOBUFS;
7593 		pat_len = wowlan->patterns[i].pattern_len;
7594 		if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK,
7595 			    DIV_ROUND_UP(pat_len, 8),
7596 			    wowlan->patterns[i].mask) ||
7597 		    nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
7598 			    pat_len, wowlan->patterns[i].pattern) ||
7599 		    nla_put_u32(msg, NL80211_WOWLAN_PKTPAT_OFFSET,
7600 				wowlan->patterns[i].pkt_offset))
7601 			return -ENOBUFS;
7602 		nla_nest_end(msg, nl_pat);
7603 	}
7604 	nla_nest_end(msg, nl_pats);
7605 
7606 	return 0;
7607 }
7608 
7609 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
7610 				   struct cfg80211_wowlan_tcp *tcp)
7611 {
7612 	struct nlattr *nl_tcp;
7613 
7614 	if (!tcp)
7615 		return 0;
7616 
7617 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
7618 	if (!nl_tcp)
7619 		return -ENOBUFS;
7620 
7621 	if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
7622 	    nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
7623 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
7624 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
7625 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
7626 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
7627 		    tcp->payload_len, tcp->payload) ||
7628 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
7629 			tcp->data_interval) ||
7630 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
7631 		    tcp->wake_len, tcp->wake_data) ||
7632 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
7633 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
7634 		return -ENOBUFS;
7635 
7636 	if (tcp->payload_seq.len &&
7637 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
7638 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
7639 		return -ENOBUFS;
7640 
7641 	if (tcp->payload_tok.len &&
7642 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
7643 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
7644 		    &tcp->payload_tok))
7645 		return -ENOBUFS;
7646 
7647 	nla_nest_end(msg, nl_tcp);
7648 
7649 	return 0;
7650 }
7651 
7652 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
7653 {
7654 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7655 	struct sk_buff *msg;
7656 	void *hdr;
7657 	u32 size = NLMSG_DEFAULT_SIZE;
7658 
7659 	if (!rdev->wiphy.wowlan)
7660 		return -EOPNOTSUPP;
7661 
7662 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
7663 		/* adjust size to have room for all the data */
7664 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
7665 			rdev->wiphy.wowlan_config->tcp->payload_len +
7666 			rdev->wiphy.wowlan_config->tcp->wake_len +
7667 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
7668 	}
7669 
7670 	msg = nlmsg_new(size, GFP_KERNEL);
7671 	if (!msg)
7672 		return -ENOMEM;
7673 
7674 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7675 			     NL80211_CMD_GET_WOWLAN);
7676 	if (!hdr)
7677 		goto nla_put_failure;
7678 
7679 	if (rdev->wiphy.wowlan_config) {
7680 		struct nlattr *nl_wowlan;
7681 
7682 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
7683 		if (!nl_wowlan)
7684 			goto nla_put_failure;
7685 
7686 		if ((rdev->wiphy.wowlan_config->any &&
7687 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
7688 		    (rdev->wiphy.wowlan_config->disconnect &&
7689 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
7690 		    (rdev->wiphy.wowlan_config->magic_pkt &&
7691 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
7692 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
7693 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
7694 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
7695 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
7696 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
7697 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
7698 		    (rdev->wiphy.wowlan_config->rfkill_release &&
7699 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
7700 			goto nla_put_failure;
7701 
7702 		if (nl80211_send_wowlan_patterns(msg, rdev))
7703 			goto nla_put_failure;
7704 
7705 		if (nl80211_send_wowlan_tcp(msg,
7706 					    rdev->wiphy.wowlan_config->tcp))
7707 			goto nla_put_failure;
7708 
7709 		nla_nest_end(msg, nl_wowlan);
7710 	}
7711 
7712 	genlmsg_end(msg, hdr);
7713 	return genlmsg_reply(msg, info);
7714 
7715 nla_put_failure:
7716 	nlmsg_free(msg);
7717 	return -ENOBUFS;
7718 }
7719 
7720 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
7721 				    struct nlattr *attr,
7722 				    struct cfg80211_wowlan *trig)
7723 {
7724 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
7725 	struct cfg80211_wowlan_tcp *cfg;
7726 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
7727 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
7728 	u32 size;
7729 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
7730 	int err, port;
7731 
7732 	if (!rdev->wiphy.wowlan->tcp)
7733 		return -EINVAL;
7734 
7735 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
7736 			nla_data(attr), nla_len(attr),
7737 			nl80211_wowlan_tcp_policy);
7738 	if (err)
7739 		return err;
7740 
7741 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
7742 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
7743 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
7744 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
7745 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
7746 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
7747 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
7748 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
7749 		return -EINVAL;
7750 
7751 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
7752 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
7753 		return -EINVAL;
7754 
7755 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
7756 			rdev->wiphy.wowlan->tcp->data_interval_max ||
7757 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
7758 		return -EINVAL;
7759 
7760 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
7761 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
7762 		return -EINVAL;
7763 
7764 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
7765 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
7766 		return -EINVAL;
7767 
7768 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
7769 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
7770 
7771 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
7772 		tokens_size = tokln - sizeof(*tok);
7773 
7774 		if (!tok->len || tokens_size % tok->len)
7775 			return -EINVAL;
7776 		if (!rdev->wiphy.wowlan->tcp->tok)
7777 			return -EINVAL;
7778 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
7779 			return -EINVAL;
7780 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
7781 			return -EINVAL;
7782 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
7783 			return -EINVAL;
7784 		if (tok->offset + tok->len > data_size)
7785 			return -EINVAL;
7786 	}
7787 
7788 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
7789 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
7790 		if (!rdev->wiphy.wowlan->tcp->seq)
7791 			return -EINVAL;
7792 		if (seq->len == 0 || seq->len > 4)
7793 			return -EINVAL;
7794 		if (seq->len + seq->offset > data_size)
7795 			return -EINVAL;
7796 	}
7797 
7798 	size = sizeof(*cfg);
7799 	size += data_size;
7800 	size += wake_size + wake_mask_size;
7801 	size += tokens_size;
7802 
7803 	cfg = kzalloc(size, GFP_KERNEL);
7804 	if (!cfg)
7805 		return -ENOMEM;
7806 	cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
7807 	cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
7808 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
7809 	       ETH_ALEN);
7810 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
7811 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
7812 	else
7813 		port = 0;
7814 #ifdef CONFIG_INET
7815 	/* allocate a socket and port for it and use it */
7816 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
7817 			    IPPROTO_TCP, &cfg->sock, 1);
7818 	if (err) {
7819 		kfree(cfg);
7820 		return err;
7821 	}
7822 	if (inet_csk_get_port(cfg->sock->sk, port)) {
7823 		sock_release(cfg->sock);
7824 		kfree(cfg);
7825 		return -EADDRINUSE;
7826 	}
7827 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
7828 #else
7829 	if (!port) {
7830 		kfree(cfg);
7831 		return -EINVAL;
7832 	}
7833 	cfg->src_port = port;
7834 #endif
7835 
7836 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
7837 	cfg->payload_len = data_size;
7838 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
7839 	memcpy((void *)cfg->payload,
7840 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
7841 	       data_size);
7842 	if (seq)
7843 		cfg->payload_seq = *seq;
7844 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
7845 	cfg->wake_len = wake_size;
7846 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
7847 	memcpy((void *)cfg->wake_data,
7848 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
7849 	       wake_size);
7850 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
7851 			 data_size + wake_size;
7852 	memcpy((void *)cfg->wake_mask,
7853 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
7854 	       wake_mask_size);
7855 	if (tok) {
7856 		cfg->tokens_size = tokens_size;
7857 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
7858 	}
7859 
7860 	trig->tcp = cfg;
7861 
7862 	return 0;
7863 }
7864 
7865 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
7866 {
7867 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7868 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
7869 	struct cfg80211_wowlan new_triggers = {};
7870 	struct cfg80211_wowlan *ntrig;
7871 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
7872 	int err, i;
7873 	bool prev_enabled = rdev->wiphy.wowlan_config;
7874 
7875 	if (!wowlan)
7876 		return -EOPNOTSUPP;
7877 
7878 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
7879 		cfg80211_rdev_free_wowlan(rdev);
7880 		rdev->wiphy.wowlan_config = NULL;
7881 		goto set_wakeup;
7882 	}
7883 
7884 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
7885 			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
7886 			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
7887 			nl80211_wowlan_policy);
7888 	if (err)
7889 		return err;
7890 
7891 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
7892 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
7893 			return -EINVAL;
7894 		new_triggers.any = true;
7895 	}
7896 
7897 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
7898 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
7899 			return -EINVAL;
7900 		new_triggers.disconnect = true;
7901 	}
7902 
7903 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
7904 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
7905 			return -EINVAL;
7906 		new_triggers.magic_pkt = true;
7907 	}
7908 
7909 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
7910 		return -EINVAL;
7911 
7912 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
7913 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
7914 			return -EINVAL;
7915 		new_triggers.gtk_rekey_failure = true;
7916 	}
7917 
7918 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
7919 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
7920 			return -EINVAL;
7921 		new_triggers.eap_identity_req = true;
7922 	}
7923 
7924 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
7925 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
7926 			return -EINVAL;
7927 		new_triggers.four_way_handshake = true;
7928 	}
7929 
7930 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
7931 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
7932 			return -EINVAL;
7933 		new_triggers.rfkill_release = true;
7934 	}
7935 
7936 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
7937 		struct nlattr *pat;
7938 		int n_patterns = 0;
7939 		int rem, pat_len, mask_len, pkt_offset;
7940 		struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
7941 
7942 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
7943 				    rem)
7944 			n_patterns++;
7945 		if (n_patterns > wowlan->n_patterns)
7946 			return -EINVAL;
7947 
7948 		new_triggers.patterns = kcalloc(n_patterns,
7949 						sizeof(new_triggers.patterns[0]),
7950 						GFP_KERNEL);
7951 		if (!new_triggers.patterns)
7952 			return -ENOMEM;
7953 
7954 		new_triggers.n_patterns = n_patterns;
7955 		i = 0;
7956 
7957 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
7958 				    rem) {
7959 			nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
7960 				  nla_data(pat), nla_len(pat), NULL);
7961 			err = -EINVAL;
7962 			if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
7963 			    !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
7964 				goto error;
7965 			pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
7966 			mask_len = DIV_ROUND_UP(pat_len, 8);
7967 			if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
7968 			    mask_len)
7969 				goto error;
7970 			if (pat_len > wowlan->pattern_max_len ||
7971 			    pat_len < wowlan->pattern_min_len)
7972 				goto error;
7973 
7974 			if (!pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET])
7975 				pkt_offset = 0;
7976 			else
7977 				pkt_offset = nla_get_u32(
7978 					pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]);
7979 			if (pkt_offset > wowlan->max_pkt_offset)
7980 				goto error;
7981 			new_triggers.patterns[i].pkt_offset = pkt_offset;
7982 
7983 			new_triggers.patterns[i].mask =
7984 				kmalloc(mask_len + pat_len, GFP_KERNEL);
7985 			if (!new_triggers.patterns[i].mask) {
7986 				err = -ENOMEM;
7987 				goto error;
7988 			}
7989 			new_triggers.patterns[i].pattern =
7990 				new_triggers.patterns[i].mask + mask_len;
7991 			memcpy(new_triggers.patterns[i].mask,
7992 			       nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
7993 			       mask_len);
7994 			new_triggers.patterns[i].pattern_len = pat_len;
7995 			memcpy(new_triggers.patterns[i].pattern,
7996 			       nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
7997 			       pat_len);
7998 			i++;
7999 		}
8000 	}
8001 
8002 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
8003 		err = nl80211_parse_wowlan_tcp(
8004 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
8005 			&new_triggers);
8006 		if (err)
8007 			goto error;
8008 	}
8009 
8010 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
8011 	if (!ntrig) {
8012 		err = -ENOMEM;
8013 		goto error;
8014 	}
8015 	cfg80211_rdev_free_wowlan(rdev);
8016 	rdev->wiphy.wowlan_config = ntrig;
8017 
8018  set_wakeup:
8019 	if (rdev->ops->set_wakeup &&
8020 	    prev_enabled != !!rdev->wiphy.wowlan_config)
8021 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
8022 
8023 	return 0;
8024  error:
8025 	for (i = 0; i < new_triggers.n_patterns; i++)
8026 		kfree(new_triggers.patterns[i].mask);
8027 	kfree(new_triggers.patterns);
8028 	if (new_triggers.tcp && new_triggers.tcp->sock)
8029 		sock_release(new_triggers.tcp->sock);
8030 	kfree(new_triggers.tcp);
8031 	return err;
8032 }
8033 #endif
8034 
8035 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
8036 {
8037 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8038 	struct net_device *dev = info->user_ptr[1];
8039 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8040 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
8041 	struct cfg80211_gtk_rekey_data rekey_data;
8042 	int err;
8043 
8044 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
8045 		return -EINVAL;
8046 
8047 	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
8048 			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
8049 			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
8050 			nl80211_rekey_policy);
8051 	if (err)
8052 		return err;
8053 
8054 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
8055 		return -ERANGE;
8056 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
8057 		return -ERANGE;
8058 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
8059 		return -ERANGE;
8060 
8061 	memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
8062 	       NL80211_KEK_LEN);
8063 	memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
8064 	       NL80211_KCK_LEN);
8065 	memcpy(rekey_data.replay_ctr,
8066 	       nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
8067 	       NL80211_REPLAY_CTR_LEN);
8068 
8069 	wdev_lock(wdev);
8070 	if (!wdev->current_bss) {
8071 		err = -ENOTCONN;
8072 		goto out;
8073 	}
8074 
8075 	if (!rdev->ops->set_rekey_data) {
8076 		err = -EOPNOTSUPP;
8077 		goto out;
8078 	}
8079 
8080 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
8081  out:
8082 	wdev_unlock(wdev);
8083 	return err;
8084 }
8085 
8086 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
8087 					     struct genl_info *info)
8088 {
8089 	struct net_device *dev = info->user_ptr[1];
8090 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8091 
8092 	if (wdev->iftype != NL80211_IFTYPE_AP &&
8093 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
8094 		return -EINVAL;
8095 
8096 	if (wdev->ap_unexpected_nlportid)
8097 		return -EBUSY;
8098 
8099 	wdev->ap_unexpected_nlportid = info->snd_portid;
8100 	return 0;
8101 }
8102 
8103 static int nl80211_probe_client(struct sk_buff *skb,
8104 				struct genl_info *info)
8105 {
8106 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8107 	struct net_device *dev = info->user_ptr[1];
8108 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8109 	struct sk_buff *msg;
8110 	void *hdr;
8111 	const u8 *addr;
8112 	u64 cookie;
8113 	int err;
8114 
8115 	if (wdev->iftype != NL80211_IFTYPE_AP &&
8116 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
8117 		return -EOPNOTSUPP;
8118 
8119 	if (!info->attrs[NL80211_ATTR_MAC])
8120 		return -EINVAL;
8121 
8122 	if (!rdev->ops->probe_client)
8123 		return -EOPNOTSUPP;
8124 
8125 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8126 	if (!msg)
8127 		return -ENOMEM;
8128 
8129 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8130 			     NL80211_CMD_PROBE_CLIENT);
8131 
8132 	if (IS_ERR(hdr)) {
8133 		err = PTR_ERR(hdr);
8134 		goto free_msg;
8135 	}
8136 
8137 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8138 
8139 	err = rdev_probe_client(rdev, dev, addr, &cookie);
8140 	if (err)
8141 		goto free_msg;
8142 
8143 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8144 		goto nla_put_failure;
8145 
8146 	genlmsg_end(msg, hdr);
8147 
8148 	return genlmsg_reply(msg, info);
8149 
8150  nla_put_failure:
8151 	err = -ENOBUFS;
8152  free_msg:
8153 	nlmsg_free(msg);
8154 	return err;
8155 }
8156 
8157 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
8158 {
8159 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8160 	struct cfg80211_beacon_registration *reg, *nreg;
8161 	int rv;
8162 
8163 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
8164 		return -EOPNOTSUPP;
8165 
8166 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
8167 	if (!nreg)
8168 		return -ENOMEM;
8169 
8170 	/* First, check if already registered. */
8171 	spin_lock_bh(&rdev->beacon_registrations_lock);
8172 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
8173 		if (reg->nlportid == info->snd_portid) {
8174 			rv = -EALREADY;
8175 			goto out_err;
8176 		}
8177 	}
8178 	/* Add it to the list */
8179 	nreg->nlportid = info->snd_portid;
8180 	list_add(&nreg->list, &rdev->beacon_registrations);
8181 
8182 	spin_unlock_bh(&rdev->beacon_registrations_lock);
8183 
8184 	return 0;
8185 out_err:
8186 	spin_unlock_bh(&rdev->beacon_registrations_lock);
8187 	kfree(nreg);
8188 	return rv;
8189 }
8190 
8191 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
8192 {
8193 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8194 	struct wireless_dev *wdev = info->user_ptr[1];
8195 	int err;
8196 
8197 	if (!rdev->ops->start_p2p_device)
8198 		return -EOPNOTSUPP;
8199 
8200 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
8201 		return -EOPNOTSUPP;
8202 
8203 	if (wdev->p2p_started)
8204 		return 0;
8205 
8206 	err = cfg80211_can_add_interface(rdev, wdev->iftype);
8207 	if (err)
8208 		return err;
8209 
8210 	err = rdev_start_p2p_device(rdev, wdev);
8211 	if (err)
8212 		return err;
8213 
8214 	wdev->p2p_started = true;
8215 	rdev->opencount++;
8216 
8217 	return 0;
8218 }
8219 
8220 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
8221 {
8222 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8223 	struct wireless_dev *wdev = info->user_ptr[1];
8224 
8225 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
8226 		return -EOPNOTSUPP;
8227 
8228 	if (!rdev->ops->stop_p2p_device)
8229 		return -EOPNOTSUPP;
8230 
8231 	cfg80211_stop_p2p_device(rdev, wdev);
8232 
8233 	return 0;
8234 }
8235 
8236 static int nl80211_get_protocol_features(struct sk_buff *skb,
8237 					 struct genl_info *info)
8238 {
8239 	void *hdr;
8240 	struct sk_buff *msg;
8241 
8242 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8243 	if (!msg)
8244 		return -ENOMEM;
8245 
8246 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8247 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
8248 	if (!hdr)
8249 		goto nla_put_failure;
8250 
8251 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
8252 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
8253 		goto nla_put_failure;
8254 
8255 	genlmsg_end(msg, hdr);
8256 	return genlmsg_reply(msg, info);
8257 
8258  nla_put_failure:
8259 	kfree_skb(msg);
8260 	return -ENOBUFS;
8261 }
8262 
8263 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
8264 {
8265 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8266 	struct cfg80211_update_ft_ies_params ft_params;
8267 	struct net_device *dev = info->user_ptr[1];
8268 
8269 	if (!rdev->ops->update_ft_ies)
8270 		return -EOPNOTSUPP;
8271 
8272 	if (!info->attrs[NL80211_ATTR_MDID] ||
8273 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8274 		return -EINVAL;
8275 
8276 	memset(&ft_params, 0, sizeof(ft_params));
8277 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
8278 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8279 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8280 
8281 	return rdev_update_ft_ies(rdev, dev, &ft_params);
8282 }
8283 
8284 static int nl80211_crit_protocol_start(struct sk_buff *skb,
8285 				       struct genl_info *info)
8286 {
8287 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8288 	struct wireless_dev *wdev = info->user_ptr[1];
8289 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
8290 	u16 duration;
8291 	int ret;
8292 
8293 	if (!rdev->ops->crit_proto_start)
8294 		return -EOPNOTSUPP;
8295 
8296 	if (WARN_ON(!rdev->ops->crit_proto_stop))
8297 		return -EINVAL;
8298 
8299 	if (rdev->crit_proto_nlportid)
8300 		return -EBUSY;
8301 
8302 	/* determine protocol if provided */
8303 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
8304 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
8305 
8306 	if (proto >= NUM_NL80211_CRIT_PROTO)
8307 		return -EINVAL;
8308 
8309 	/* timeout must be provided */
8310 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
8311 		return -EINVAL;
8312 
8313 	duration =
8314 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
8315 
8316 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
8317 		return -ERANGE;
8318 
8319 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
8320 	if (!ret)
8321 		rdev->crit_proto_nlportid = info->snd_portid;
8322 
8323 	return ret;
8324 }
8325 
8326 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
8327 				      struct genl_info *info)
8328 {
8329 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8330 	struct wireless_dev *wdev = info->user_ptr[1];
8331 
8332 	if (!rdev->ops->crit_proto_stop)
8333 		return -EOPNOTSUPP;
8334 
8335 	if (rdev->crit_proto_nlportid) {
8336 		rdev->crit_proto_nlportid = 0;
8337 		rdev_crit_proto_stop(rdev, wdev);
8338 	}
8339 	return 0;
8340 }
8341 
8342 #define NL80211_FLAG_NEED_WIPHY		0x01
8343 #define NL80211_FLAG_NEED_NETDEV	0x02
8344 #define NL80211_FLAG_NEED_RTNL		0x04
8345 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
8346 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
8347 					 NL80211_FLAG_CHECK_NETDEV_UP)
8348 #define NL80211_FLAG_NEED_WDEV		0x10
8349 /* If a netdev is associated, it must be UP, P2P must be started */
8350 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
8351 					 NL80211_FLAG_CHECK_NETDEV_UP)
8352 
8353 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
8354 			    struct genl_info *info)
8355 {
8356 	struct cfg80211_registered_device *rdev;
8357 	struct wireless_dev *wdev;
8358 	struct net_device *dev;
8359 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
8360 
8361 	if (rtnl)
8362 		rtnl_lock();
8363 
8364 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
8365 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
8366 		if (IS_ERR(rdev)) {
8367 			if (rtnl)
8368 				rtnl_unlock();
8369 			return PTR_ERR(rdev);
8370 		}
8371 		info->user_ptr[0] = rdev;
8372 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
8373 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
8374 		ASSERT_RTNL();
8375 
8376 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
8377 						  info->attrs);
8378 		if (IS_ERR(wdev)) {
8379 			if (rtnl)
8380 				rtnl_unlock();
8381 			return PTR_ERR(wdev);
8382 		}
8383 
8384 		dev = wdev->netdev;
8385 		rdev = wiphy_to_dev(wdev->wiphy);
8386 
8387 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
8388 			if (!dev) {
8389 				if (rtnl)
8390 					rtnl_unlock();
8391 				return -EINVAL;
8392 			}
8393 
8394 			info->user_ptr[1] = dev;
8395 		} else {
8396 			info->user_ptr[1] = wdev;
8397 		}
8398 
8399 		if (dev) {
8400 			if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
8401 			    !netif_running(dev)) {
8402 				if (rtnl)
8403 					rtnl_unlock();
8404 				return -ENETDOWN;
8405 			}
8406 
8407 			dev_hold(dev);
8408 		} else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
8409 			if (!wdev->p2p_started) {
8410 				if (rtnl)
8411 					rtnl_unlock();
8412 				return -ENETDOWN;
8413 			}
8414 		}
8415 
8416 		info->user_ptr[0] = rdev;
8417 	}
8418 
8419 	return 0;
8420 }
8421 
8422 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
8423 			      struct genl_info *info)
8424 {
8425 	if (info->user_ptr[1]) {
8426 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
8427 			struct wireless_dev *wdev = info->user_ptr[1];
8428 
8429 			if (wdev->netdev)
8430 				dev_put(wdev->netdev);
8431 		} else {
8432 			dev_put(info->user_ptr[1]);
8433 		}
8434 	}
8435 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
8436 		rtnl_unlock();
8437 }
8438 
8439 static struct genl_ops nl80211_ops[] = {
8440 	{
8441 		.cmd = NL80211_CMD_GET_WIPHY,
8442 		.doit = nl80211_get_wiphy,
8443 		.dumpit = nl80211_dump_wiphy,
8444 		.done = nl80211_dump_wiphy_done,
8445 		.policy = nl80211_policy,
8446 		/* can be retrieved by unprivileged users */
8447 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
8448 				  NL80211_FLAG_NEED_RTNL,
8449 	},
8450 	{
8451 		.cmd = NL80211_CMD_SET_WIPHY,
8452 		.doit = nl80211_set_wiphy,
8453 		.policy = nl80211_policy,
8454 		.flags = GENL_ADMIN_PERM,
8455 		.internal_flags = NL80211_FLAG_NEED_RTNL,
8456 	},
8457 	{
8458 		.cmd = NL80211_CMD_GET_INTERFACE,
8459 		.doit = nl80211_get_interface,
8460 		.dumpit = nl80211_dump_interface,
8461 		.policy = nl80211_policy,
8462 		/* can be retrieved by unprivileged users */
8463 		.internal_flags = NL80211_FLAG_NEED_WDEV |
8464 				  NL80211_FLAG_NEED_RTNL,
8465 	},
8466 	{
8467 		.cmd = NL80211_CMD_SET_INTERFACE,
8468 		.doit = nl80211_set_interface,
8469 		.policy = nl80211_policy,
8470 		.flags = GENL_ADMIN_PERM,
8471 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8472 				  NL80211_FLAG_NEED_RTNL,
8473 	},
8474 	{
8475 		.cmd = NL80211_CMD_NEW_INTERFACE,
8476 		.doit = nl80211_new_interface,
8477 		.policy = nl80211_policy,
8478 		.flags = GENL_ADMIN_PERM,
8479 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
8480 				  NL80211_FLAG_NEED_RTNL,
8481 	},
8482 	{
8483 		.cmd = NL80211_CMD_DEL_INTERFACE,
8484 		.doit = nl80211_del_interface,
8485 		.policy = nl80211_policy,
8486 		.flags = GENL_ADMIN_PERM,
8487 		.internal_flags = NL80211_FLAG_NEED_WDEV |
8488 				  NL80211_FLAG_NEED_RTNL,
8489 	},
8490 	{
8491 		.cmd = NL80211_CMD_GET_KEY,
8492 		.doit = nl80211_get_key,
8493 		.policy = nl80211_policy,
8494 		.flags = GENL_ADMIN_PERM,
8495 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8496 				  NL80211_FLAG_NEED_RTNL,
8497 	},
8498 	{
8499 		.cmd = NL80211_CMD_SET_KEY,
8500 		.doit = nl80211_set_key,
8501 		.policy = nl80211_policy,
8502 		.flags = GENL_ADMIN_PERM,
8503 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8504 				  NL80211_FLAG_NEED_RTNL,
8505 	},
8506 	{
8507 		.cmd = NL80211_CMD_NEW_KEY,
8508 		.doit = nl80211_new_key,
8509 		.policy = nl80211_policy,
8510 		.flags = GENL_ADMIN_PERM,
8511 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8512 				  NL80211_FLAG_NEED_RTNL,
8513 	},
8514 	{
8515 		.cmd = NL80211_CMD_DEL_KEY,
8516 		.doit = nl80211_del_key,
8517 		.policy = nl80211_policy,
8518 		.flags = GENL_ADMIN_PERM,
8519 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8520 				  NL80211_FLAG_NEED_RTNL,
8521 	},
8522 	{
8523 		.cmd = NL80211_CMD_SET_BEACON,
8524 		.policy = nl80211_policy,
8525 		.flags = GENL_ADMIN_PERM,
8526 		.doit = nl80211_set_beacon,
8527 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8528 				  NL80211_FLAG_NEED_RTNL,
8529 	},
8530 	{
8531 		.cmd = NL80211_CMD_START_AP,
8532 		.policy = nl80211_policy,
8533 		.flags = GENL_ADMIN_PERM,
8534 		.doit = nl80211_start_ap,
8535 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8536 				  NL80211_FLAG_NEED_RTNL,
8537 	},
8538 	{
8539 		.cmd = NL80211_CMD_STOP_AP,
8540 		.policy = nl80211_policy,
8541 		.flags = GENL_ADMIN_PERM,
8542 		.doit = nl80211_stop_ap,
8543 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8544 				  NL80211_FLAG_NEED_RTNL,
8545 	},
8546 	{
8547 		.cmd = NL80211_CMD_GET_STATION,
8548 		.doit = nl80211_get_station,
8549 		.dumpit = nl80211_dump_station,
8550 		.policy = nl80211_policy,
8551 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8552 				  NL80211_FLAG_NEED_RTNL,
8553 	},
8554 	{
8555 		.cmd = NL80211_CMD_SET_STATION,
8556 		.doit = nl80211_set_station,
8557 		.policy = nl80211_policy,
8558 		.flags = GENL_ADMIN_PERM,
8559 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8560 				  NL80211_FLAG_NEED_RTNL,
8561 	},
8562 	{
8563 		.cmd = NL80211_CMD_NEW_STATION,
8564 		.doit = nl80211_new_station,
8565 		.policy = nl80211_policy,
8566 		.flags = GENL_ADMIN_PERM,
8567 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8568 				  NL80211_FLAG_NEED_RTNL,
8569 	},
8570 	{
8571 		.cmd = NL80211_CMD_DEL_STATION,
8572 		.doit = nl80211_del_station,
8573 		.policy = nl80211_policy,
8574 		.flags = GENL_ADMIN_PERM,
8575 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8576 				  NL80211_FLAG_NEED_RTNL,
8577 	},
8578 	{
8579 		.cmd = NL80211_CMD_GET_MPATH,
8580 		.doit = nl80211_get_mpath,
8581 		.dumpit = nl80211_dump_mpath,
8582 		.policy = nl80211_policy,
8583 		.flags = GENL_ADMIN_PERM,
8584 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8585 				  NL80211_FLAG_NEED_RTNL,
8586 	},
8587 	{
8588 		.cmd = NL80211_CMD_SET_MPATH,
8589 		.doit = nl80211_set_mpath,
8590 		.policy = nl80211_policy,
8591 		.flags = GENL_ADMIN_PERM,
8592 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8593 				  NL80211_FLAG_NEED_RTNL,
8594 	},
8595 	{
8596 		.cmd = NL80211_CMD_NEW_MPATH,
8597 		.doit = nl80211_new_mpath,
8598 		.policy = nl80211_policy,
8599 		.flags = GENL_ADMIN_PERM,
8600 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8601 				  NL80211_FLAG_NEED_RTNL,
8602 	},
8603 	{
8604 		.cmd = NL80211_CMD_DEL_MPATH,
8605 		.doit = nl80211_del_mpath,
8606 		.policy = nl80211_policy,
8607 		.flags = GENL_ADMIN_PERM,
8608 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8609 				  NL80211_FLAG_NEED_RTNL,
8610 	},
8611 	{
8612 		.cmd = NL80211_CMD_SET_BSS,
8613 		.doit = nl80211_set_bss,
8614 		.policy = nl80211_policy,
8615 		.flags = GENL_ADMIN_PERM,
8616 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8617 				  NL80211_FLAG_NEED_RTNL,
8618 	},
8619 	{
8620 		.cmd = NL80211_CMD_GET_REG,
8621 		.doit = nl80211_get_reg,
8622 		.policy = nl80211_policy,
8623 		.internal_flags = NL80211_FLAG_NEED_RTNL,
8624 		/* can be retrieved by unprivileged users */
8625 	},
8626 	{
8627 		.cmd = NL80211_CMD_SET_REG,
8628 		.doit = nl80211_set_reg,
8629 		.policy = nl80211_policy,
8630 		.flags = GENL_ADMIN_PERM,
8631 		.internal_flags = NL80211_FLAG_NEED_RTNL,
8632 	},
8633 	{
8634 		.cmd = NL80211_CMD_REQ_SET_REG,
8635 		.doit = nl80211_req_set_reg,
8636 		.policy = nl80211_policy,
8637 		.flags = GENL_ADMIN_PERM,
8638 	},
8639 	{
8640 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
8641 		.doit = nl80211_get_mesh_config,
8642 		.policy = nl80211_policy,
8643 		/* can be retrieved by unprivileged users */
8644 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8645 				  NL80211_FLAG_NEED_RTNL,
8646 	},
8647 	{
8648 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
8649 		.doit = nl80211_update_mesh_config,
8650 		.policy = nl80211_policy,
8651 		.flags = GENL_ADMIN_PERM,
8652 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8653 				  NL80211_FLAG_NEED_RTNL,
8654 	},
8655 	{
8656 		.cmd = NL80211_CMD_TRIGGER_SCAN,
8657 		.doit = nl80211_trigger_scan,
8658 		.policy = nl80211_policy,
8659 		.flags = GENL_ADMIN_PERM,
8660 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8661 				  NL80211_FLAG_NEED_RTNL,
8662 	},
8663 	{
8664 		.cmd = NL80211_CMD_GET_SCAN,
8665 		.policy = nl80211_policy,
8666 		.dumpit = nl80211_dump_scan,
8667 	},
8668 	{
8669 		.cmd = NL80211_CMD_START_SCHED_SCAN,
8670 		.doit = nl80211_start_sched_scan,
8671 		.policy = nl80211_policy,
8672 		.flags = GENL_ADMIN_PERM,
8673 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8674 				  NL80211_FLAG_NEED_RTNL,
8675 	},
8676 	{
8677 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
8678 		.doit = nl80211_stop_sched_scan,
8679 		.policy = nl80211_policy,
8680 		.flags = GENL_ADMIN_PERM,
8681 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8682 				  NL80211_FLAG_NEED_RTNL,
8683 	},
8684 	{
8685 		.cmd = NL80211_CMD_AUTHENTICATE,
8686 		.doit = nl80211_authenticate,
8687 		.policy = nl80211_policy,
8688 		.flags = GENL_ADMIN_PERM,
8689 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8690 				  NL80211_FLAG_NEED_RTNL,
8691 	},
8692 	{
8693 		.cmd = NL80211_CMD_ASSOCIATE,
8694 		.doit = nl80211_associate,
8695 		.policy = nl80211_policy,
8696 		.flags = GENL_ADMIN_PERM,
8697 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8698 				  NL80211_FLAG_NEED_RTNL,
8699 	},
8700 	{
8701 		.cmd = NL80211_CMD_DEAUTHENTICATE,
8702 		.doit = nl80211_deauthenticate,
8703 		.policy = nl80211_policy,
8704 		.flags = GENL_ADMIN_PERM,
8705 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8706 				  NL80211_FLAG_NEED_RTNL,
8707 	},
8708 	{
8709 		.cmd = NL80211_CMD_DISASSOCIATE,
8710 		.doit = nl80211_disassociate,
8711 		.policy = nl80211_policy,
8712 		.flags = GENL_ADMIN_PERM,
8713 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8714 				  NL80211_FLAG_NEED_RTNL,
8715 	},
8716 	{
8717 		.cmd = NL80211_CMD_JOIN_IBSS,
8718 		.doit = nl80211_join_ibss,
8719 		.policy = nl80211_policy,
8720 		.flags = GENL_ADMIN_PERM,
8721 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8722 				  NL80211_FLAG_NEED_RTNL,
8723 	},
8724 	{
8725 		.cmd = NL80211_CMD_LEAVE_IBSS,
8726 		.doit = nl80211_leave_ibss,
8727 		.policy = nl80211_policy,
8728 		.flags = GENL_ADMIN_PERM,
8729 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8730 				  NL80211_FLAG_NEED_RTNL,
8731 	},
8732 #ifdef CONFIG_NL80211_TESTMODE
8733 	{
8734 		.cmd = NL80211_CMD_TESTMODE,
8735 		.doit = nl80211_testmode_do,
8736 		.dumpit = nl80211_testmode_dump,
8737 		.policy = nl80211_policy,
8738 		.flags = GENL_ADMIN_PERM,
8739 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
8740 				  NL80211_FLAG_NEED_RTNL,
8741 	},
8742 #endif
8743 	{
8744 		.cmd = NL80211_CMD_CONNECT,
8745 		.doit = nl80211_connect,
8746 		.policy = nl80211_policy,
8747 		.flags = GENL_ADMIN_PERM,
8748 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8749 				  NL80211_FLAG_NEED_RTNL,
8750 	},
8751 	{
8752 		.cmd = NL80211_CMD_DISCONNECT,
8753 		.doit = nl80211_disconnect,
8754 		.policy = nl80211_policy,
8755 		.flags = GENL_ADMIN_PERM,
8756 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8757 				  NL80211_FLAG_NEED_RTNL,
8758 	},
8759 	{
8760 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
8761 		.doit = nl80211_wiphy_netns,
8762 		.policy = nl80211_policy,
8763 		.flags = GENL_ADMIN_PERM,
8764 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
8765 				  NL80211_FLAG_NEED_RTNL,
8766 	},
8767 	{
8768 		.cmd = NL80211_CMD_GET_SURVEY,
8769 		.policy = nl80211_policy,
8770 		.dumpit = nl80211_dump_survey,
8771 	},
8772 	{
8773 		.cmd = NL80211_CMD_SET_PMKSA,
8774 		.doit = nl80211_setdel_pmksa,
8775 		.policy = nl80211_policy,
8776 		.flags = GENL_ADMIN_PERM,
8777 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8778 				  NL80211_FLAG_NEED_RTNL,
8779 	},
8780 	{
8781 		.cmd = NL80211_CMD_DEL_PMKSA,
8782 		.doit = nl80211_setdel_pmksa,
8783 		.policy = nl80211_policy,
8784 		.flags = GENL_ADMIN_PERM,
8785 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8786 				  NL80211_FLAG_NEED_RTNL,
8787 	},
8788 	{
8789 		.cmd = NL80211_CMD_FLUSH_PMKSA,
8790 		.doit = nl80211_flush_pmksa,
8791 		.policy = nl80211_policy,
8792 		.flags = GENL_ADMIN_PERM,
8793 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8794 				  NL80211_FLAG_NEED_RTNL,
8795 	},
8796 	{
8797 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
8798 		.doit = nl80211_remain_on_channel,
8799 		.policy = nl80211_policy,
8800 		.flags = GENL_ADMIN_PERM,
8801 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8802 				  NL80211_FLAG_NEED_RTNL,
8803 	},
8804 	{
8805 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
8806 		.doit = nl80211_cancel_remain_on_channel,
8807 		.policy = nl80211_policy,
8808 		.flags = GENL_ADMIN_PERM,
8809 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8810 				  NL80211_FLAG_NEED_RTNL,
8811 	},
8812 	{
8813 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
8814 		.doit = nl80211_set_tx_bitrate_mask,
8815 		.policy = nl80211_policy,
8816 		.flags = GENL_ADMIN_PERM,
8817 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8818 				  NL80211_FLAG_NEED_RTNL,
8819 	},
8820 	{
8821 		.cmd = NL80211_CMD_REGISTER_FRAME,
8822 		.doit = nl80211_register_mgmt,
8823 		.policy = nl80211_policy,
8824 		.flags = GENL_ADMIN_PERM,
8825 		.internal_flags = NL80211_FLAG_NEED_WDEV |
8826 				  NL80211_FLAG_NEED_RTNL,
8827 	},
8828 	{
8829 		.cmd = NL80211_CMD_FRAME,
8830 		.doit = nl80211_tx_mgmt,
8831 		.policy = nl80211_policy,
8832 		.flags = GENL_ADMIN_PERM,
8833 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8834 				  NL80211_FLAG_NEED_RTNL,
8835 	},
8836 	{
8837 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
8838 		.doit = nl80211_tx_mgmt_cancel_wait,
8839 		.policy = nl80211_policy,
8840 		.flags = GENL_ADMIN_PERM,
8841 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8842 				  NL80211_FLAG_NEED_RTNL,
8843 	},
8844 	{
8845 		.cmd = NL80211_CMD_SET_POWER_SAVE,
8846 		.doit = nl80211_set_power_save,
8847 		.policy = nl80211_policy,
8848 		.flags = GENL_ADMIN_PERM,
8849 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8850 				  NL80211_FLAG_NEED_RTNL,
8851 	},
8852 	{
8853 		.cmd = NL80211_CMD_GET_POWER_SAVE,
8854 		.doit = nl80211_get_power_save,
8855 		.policy = nl80211_policy,
8856 		/* can be retrieved by unprivileged users */
8857 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8858 				  NL80211_FLAG_NEED_RTNL,
8859 	},
8860 	{
8861 		.cmd = NL80211_CMD_SET_CQM,
8862 		.doit = nl80211_set_cqm,
8863 		.policy = nl80211_policy,
8864 		.flags = GENL_ADMIN_PERM,
8865 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8866 				  NL80211_FLAG_NEED_RTNL,
8867 	},
8868 	{
8869 		.cmd = NL80211_CMD_SET_CHANNEL,
8870 		.doit = nl80211_set_channel,
8871 		.policy = nl80211_policy,
8872 		.flags = GENL_ADMIN_PERM,
8873 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8874 				  NL80211_FLAG_NEED_RTNL,
8875 	},
8876 	{
8877 		.cmd = NL80211_CMD_SET_WDS_PEER,
8878 		.doit = nl80211_set_wds_peer,
8879 		.policy = nl80211_policy,
8880 		.flags = GENL_ADMIN_PERM,
8881 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8882 				  NL80211_FLAG_NEED_RTNL,
8883 	},
8884 	{
8885 		.cmd = NL80211_CMD_JOIN_MESH,
8886 		.doit = nl80211_join_mesh,
8887 		.policy = nl80211_policy,
8888 		.flags = GENL_ADMIN_PERM,
8889 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8890 				  NL80211_FLAG_NEED_RTNL,
8891 	},
8892 	{
8893 		.cmd = NL80211_CMD_LEAVE_MESH,
8894 		.doit = nl80211_leave_mesh,
8895 		.policy = nl80211_policy,
8896 		.flags = GENL_ADMIN_PERM,
8897 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8898 				  NL80211_FLAG_NEED_RTNL,
8899 	},
8900 #ifdef CONFIG_PM
8901 	{
8902 		.cmd = NL80211_CMD_GET_WOWLAN,
8903 		.doit = nl80211_get_wowlan,
8904 		.policy = nl80211_policy,
8905 		/* can be retrieved by unprivileged users */
8906 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
8907 				  NL80211_FLAG_NEED_RTNL,
8908 	},
8909 	{
8910 		.cmd = NL80211_CMD_SET_WOWLAN,
8911 		.doit = nl80211_set_wowlan,
8912 		.policy = nl80211_policy,
8913 		.flags = GENL_ADMIN_PERM,
8914 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
8915 				  NL80211_FLAG_NEED_RTNL,
8916 	},
8917 #endif
8918 	{
8919 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
8920 		.doit = nl80211_set_rekey_data,
8921 		.policy = nl80211_policy,
8922 		.flags = GENL_ADMIN_PERM,
8923 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8924 				  NL80211_FLAG_NEED_RTNL,
8925 	},
8926 	{
8927 		.cmd = NL80211_CMD_TDLS_MGMT,
8928 		.doit = nl80211_tdls_mgmt,
8929 		.policy = nl80211_policy,
8930 		.flags = GENL_ADMIN_PERM,
8931 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8932 				  NL80211_FLAG_NEED_RTNL,
8933 	},
8934 	{
8935 		.cmd = NL80211_CMD_TDLS_OPER,
8936 		.doit = nl80211_tdls_oper,
8937 		.policy = nl80211_policy,
8938 		.flags = GENL_ADMIN_PERM,
8939 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8940 				  NL80211_FLAG_NEED_RTNL,
8941 	},
8942 	{
8943 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
8944 		.doit = nl80211_register_unexpected_frame,
8945 		.policy = nl80211_policy,
8946 		.flags = GENL_ADMIN_PERM,
8947 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8948 				  NL80211_FLAG_NEED_RTNL,
8949 	},
8950 	{
8951 		.cmd = NL80211_CMD_PROBE_CLIENT,
8952 		.doit = nl80211_probe_client,
8953 		.policy = nl80211_policy,
8954 		.flags = GENL_ADMIN_PERM,
8955 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8956 				  NL80211_FLAG_NEED_RTNL,
8957 	},
8958 	{
8959 		.cmd = NL80211_CMD_REGISTER_BEACONS,
8960 		.doit = nl80211_register_beacons,
8961 		.policy = nl80211_policy,
8962 		.flags = GENL_ADMIN_PERM,
8963 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
8964 				  NL80211_FLAG_NEED_RTNL,
8965 	},
8966 	{
8967 		.cmd = NL80211_CMD_SET_NOACK_MAP,
8968 		.doit = nl80211_set_noack_map,
8969 		.policy = nl80211_policy,
8970 		.flags = GENL_ADMIN_PERM,
8971 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8972 				  NL80211_FLAG_NEED_RTNL,
8973 	},
8974 	{
8975 		.cmd = NL80211_CMD_START_P2P_DEVICE,
8976 		.doit = nl80211_start_p2p_device,
8977 		.policy = nl80211_policy,
8978 		.flags = GENL_ADMIN_PERM,
8979 		.internal_flags = NL80211_FLAG_NEED_WDEV |
8980 				  NL80211_FLAG_NEED_RTNL,
8981 	},
8982 	{
8983 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
8984 		.doit = nl80211_stop_p2p_device,
8985 		.policy = nl80211_policy,
8986 		.flags = GENL_ADMIN_PERM,
8987 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8988 				  NL80211_FLAG_NEED_RTNL,
8989 	},
8990 	{
8991 		.cmd = NL80211_CMD_SET_MCAST_RATE,
8992 		.doit = nl80211_set_mcast_rate,
8993 		.policy = nl80211_policy,
8994 		.flags = GENL_ADMIN_PERM,
8995 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
8996 				  NL80211_FLAG_NEED_RTNL,
8997 	},
8998 	{
8999 		.cmd = NL80211_CMD_SET_MAC_ACL,
9000 		.doit = nl80211_set_mac_acl,
9001 		.policy = nl80211_policy,
9002 		.flags = GENL_ADMIN_PERM,
9003 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9004 				  NL80211_FLAG_NEED_RTNL,
9005 	},
9006 	{
9007 		.cmd = NL80211_CMD_RADAR_DETECT,
9008 		.doit = nl80211_start_radar_detection,
9009 		.policy = nl80211_policy,
9010 		.flags = GENL_ADMIN_PERM,
9011 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9012 				  NL80211_FLAG_NEED_RTNL,
9013 	},
9014 	{
9015 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
9016 		.doit = nl80211_get_protocol_features,
9017 		.policy = nl80211_policy,
9018 	},
9019 	{
9020 		.cmd = NL80211_CMD_UPDATE_FT_IES,
9021 		.doit = nl80211_update_ft_ies,
9022 		.policy = nl80211_policy,
9023 		.flags = GENL_ADMIN_PERM,
9024 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9025 				  NL80211_FLAG_NEED_RTNL,
9026 	},
9027 	{
9028 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
9029 		.doit = nl80211_crit_protocol_start,
9030 		.policy = nl80211_policy,
9031 		.flags = GENL_ADMIN_PERM,
9032 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9033 				  NL80211_FLAG_NEED_RTNL,
9034 	},
9035 	{
9036 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
9037 		.doit = nl80211_crit_protocol_stop,
9038 		.policy = nl80211_policy,
9039 		.flags = GENL_ADMIN_PERM,
9040 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9041 				  NL80211_FLAG_NEED_RTNL,
9042 	}
9043 };
9044 
9045 static struct genl_multicast_group nl80211_mlme_mcgrp = {
9046 	.name = "mlme",
9047 };
9048 
9049 /* multicast groups */
9050 static struct genl_multicast_group nl80211_config_mcgrp = {
9051 	.name = "config",
9052 };
9053 static struct genl_multicast_group nl80211_scan_mcgrp = {
9054 	.name = "scan",
9055 };
9056 static struct genl_multicast_group nl80211_regulatory_mcgrp = {
9057 	.name = "regulatory",
9058 };
9059 
9060 /* notification functions */
9061 
9062 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
9063 {
9064 	struct sk_buff *msg;
9065 	struct nl80211_dump_wiphy_state state = {};
9066 
9067 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9068 	if (!msg)
9069 		return;
9070 
9071 	if (nl80211_send_wiphy(rdev, msg, 0, 0, 0, &state) < 0) {
9072 		nlmsg_free(msg);
9073 		return;
9074 	}
9075 
9076 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9077 				nl80211_config_mcgrp.id, GFP_KERNEL);
9078 }
9079 
9080 static int nl80211_add_scan_req(struct sk_buff *msg,
9081 				struct cfg80211_registered_device *rdev)
9082 {
9083 	struct cfg80211_scan_request *req = rdev->scan_req;
9084 	struct nlattr *nest;
9085 	int i;
9086 
9087 	if (WARN_ON(!req))
9088 		return 0;
9089 
9090 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
9091 	if (!nest)
9092 		goto nla_put_failure;
9093 	for (i = 0; i < req->n_ssids; i++) {
9094 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
9095 			goto nla_put_failure;
9096 	}
9097 	nla_nest_end(msg, nest);
9098 
9099 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
9100 	if (!nest)
9101 		goto nla_put_failure;
9102 	for (i = 0; i < req->n_channels; i++) {
9103 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
9104 			goto nla_put_failure;
9105 	}
9106 	nla_nest_end(msg, nest);
9107 
9108 	if (req->ie &&
9109 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
9110 		goto nla_put_failure;
9111 
9112 	if (req->flags)
9113 		nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags);
9114 
9115 	return 0;
9116  nla_put_failure:
9117 	return -ENOBUFS;
9118 }
9119 
9120 static int nl80211_send_scan_msg(struct sk_buff *msg,
9121 				 struct cfg80211_registered_device *rdev,
9122 				 struct wireless_dev *wdev,
9123 				 u32 portid, u32 seq, int flags,
9124 				 u32 cmd)
9125 {
9126 	void *hdr;
9127 
9128 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
9129 	if (!hdr)
9130 		return -1;
9131 
9132 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9133 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
9134 					 wdev->netdev->ifindex)) ||
9135 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
9136 		goto nla_put_failure;
9137 
9138 	/* ignore errors and send incomplete event anyway */
9139 	nl80211_add_scan_req(msg, rdev);
9140 
9141 	return genlmsg_end(msg, hdr);
9142 
9143  nla_put_failure:
9144 	genlmsg_cancel(msg, hdr);
9145 	return -EMSGSIZE;
9146 }
9147 
9148 static int
9149 nl80211_send_sched_scan_msg(struct sk_buff *msg,
9150 			    struct cfg80211_registered_device *rdev,
9151 			    struct net_device *netdev,
9152 			    u32 portid, u32 seq, int flags, u32 cmd)
9153 {
9154 	void *hdr;
9155 
9156 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
9157 	if (!hdr)
9158 		return -1;
9159 
9160 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9161 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
9162 		goto nla_put_failure;
9163 
9164 	return genlmsg_end(msg, hdr);
9165 
9166  nla_put_failure:
9167 	genlmsg_cancel(msg, hdr);
9168 	return -EMSGSIZE;
9169 }
9170 
9171 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
9172 			     struct wireless_dev *wdev)
9173 {
9174 	struct sk_buff *msg;
9175 
9176 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9177 	if (!msg)
9178 		return;
9179 
9180 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
9181 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
9182 		nlmsg_free(msg);
9183 		return;
9184 	}
9185 
9186 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9187 				nl80211_scan_mcgrp.id, GFP_KERNEL);
9188 }
9189 
9190 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
9191 			    struct wireless_dev *wdev)
9192 {
9193 	struct sk_buff *msg;
9194 
9195 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9196 	if (!msg)
9197 		return;
9198 
9199 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
9200 				  NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
9201 		nlmsg_free(msg);
9202 		return;
9203 	}
9204 
9205 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9206 				nl80211_scan_mcgrp.id, GFP_KERNEL);
9207 }
9208 
9209 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
9210 			       struct wireless_dev *wdev)
9211 {
9212 	struct sk_buff *msg;
9213 
9214 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9215 	if (!msg)
9216 		return;
9217 
9218 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
9219 				  NL80211_CMD_SCAN_ABORTED) < 0) {
9220 		nlmsg_free(msg);
9221 		return;
9222 	}
9223 
9224 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9225 				nl80211_scan_mcgrp.id, GFP_KERNEL);
9226 }
9227 
9228 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
9229 				     struct net_device *netdev)
9230 {
9231 	struct sk_buff *msg;
9232 
9233 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9234 	if (!msg)
9235 		return;
9236 
9237 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
9238 					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
9239 		nlmsg_free(msg);
9240 		return;
9241 	}
9242 
9243 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9244 				nl80211_scan_mcgrp.id, GFP_KERNEL);
9245 }
9246 
9247 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
9248 			     struct net_device *netdev, u32 cmd)
9249 {
9250 	struct sk_buff *msg;
9251 
9252 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9253 	if (!msg)
9254 		return;
9255 
9256 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
9257 		nlmsg_free(msg);
9258 		return;
9259 	}
9260 
9261 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9262 				nl80211_scan_mcgrp.id, GFP_KERNEL);
9263 }
9264 
9265 /*
9266  * This can happen on global regulatory changes or device specific settings
9267  * based on custom world regulatory domains.
9268  */
9269 void nl80211_send_reg_change_event(struct regulatory_request *request)
9270 {
9271 	struct sk_buff *msg;
9272 	void *hdr;
9273 
9274 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9275 	if (!msg)
9276 		return;
9277 
9278 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
9279 	if (!hdr) {
9280 		nlmsg_free(msg);
9281 		return;
9282 	}
9283 
9284 	/* Userspace can always count this one always being set */
9285 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
9286 		goto nla_put_failure;
9287 
9288 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
9289 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
9290 			       NL80211_REGDOM_TYPE_WORLD))
9291 			goto nla_put_failure;
9292 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
9293 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
9294 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
9295 			goto nla_put_failure;
9296 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
9297 		   request->intersect) {
9298 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
9299 			       NL80211_REGDOM_TYPE_INTERSECTION))
9300 			goto nla_put_failure;
9301 	} else {
9302 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
9303 			       NL80211_REGDOM_TYPE_COUNTRY) ||
9304 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
9305 				   request->alpha2))
9306 			goto nla_put_failure;
9307 	}
9308 
9309 	if (request->wiphy_idx != WIPHY_IDX_INVALID &&
9310 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
9311 		goto nla_put_failure;
9312 
9313 	genlmsg_end(msg, hdr);
9314 
9315 	rcu_read_lock();
9316 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
9317 				GFP_ATOMIC);
9318 	rcu_read_unlock();
9319 
9320 	return;
9321 
9322 nla_put_failure:
9323 	genlmsg_cancel(msg, hdr);
9324 	nlmsg_free(msg);
9325 }
9326 
9327 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
9328 				    struct net_device *netdev,
9329 				    const u8 *buf, size_t len,
9330 				    enum nl80211_commands cmd, gfp_t gfp)
9331 {
9332 	struct sk_buff *msg;
9333 	void *hdr;
9334 
9335 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9336 	if (!msg)
9337 		return;
9338 
9339 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
9340 	if (!hdr) {
9341 		nlmsg_free(msg);
9342 		return;
9343 	}
9344 
9345 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9346 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9347 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
9348 		goto nla_put_failure;
9349 
9350 	genlmsg_end(msg, hdr);
9351 
9352 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9353 				nl80211_mlme_mcgrp.id, gfp);
9354 	return;
9355 
9356  nla_put_failure:
9357 	genlmsg_cancel(msg, hdr);
9358 	nlmsg_free(msg);
9359 }
9360 
9361 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
9362 			  struct net_device *netdev, const u8 *buf,
9363 			  size_t len, gfp_t gfp)
9364 {
9365 	nl80211_send_mlme_event(rdev, netdev, buf, len,
9366 				NL80211_CMD_AUTHENTICATE, gfp);
9367 }
9368 
9369 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
9370 			   struct net_device *netdev, const u8 *buf,
9371 			   size_t len, gfp_t gfp)
9372 {
9373 	nl80211_send_mlme_event(rdev, netdev, buf, len,
9374 				NL80211_CMD_ASSOCIATE, gfp);
9375 }
9376 
9377 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
9378 			 struct net_device *netdev, const u8 *buf,
9379 			 size_t len, gfp_t gfp)
9380 {
9381 	nl80211_send_mlme_event(rdev, netdev, buf, len,
9382 				NL80211_CMD_DEAUTHENTICATE, gfp);
9383 }
9384 
9385 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
9386 			   struct net_device *netdev, const u8 *buf,
9387 			   size_t len, gfp_t gfp)
9388 {
9389 	nl80211_send_mlme_event(rdev, netdev, buf, len,
9390 				NL80211_CMD_DISASSOCIATE, gfp);
9391 }
9392 
9393 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
9394 				  size_t len)
9395 {
9396 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9397 	struct wiphy *wiphy = wdev->wiphy;
9398 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9399 	const struct ieee80211_mgmt *mgmt = (void *)buf;
9400 	u32 cmd;
9401 
9402 	if (WARN_ON(len < 2))
9403 		return;
9404 
9405 	if (ieee80211_is_deauth(mgmt->frame_control))
9406 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
9407 	else
9408 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
9409 
9410 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
9411 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC);
9412 }
9413 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
9414 
9415 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
9416 				      struct net_device *netdev, int cmd,
9417 				      const u8 *addr, gfp_t gfp)
9418 {
9419 	struct sk_buff *msg;
9420 	void *hdr;
9421 
9422 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9423 	if (!msg)
9424 		return;
9425 
9426 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
9427 	if (!hdr) {
9428 		nlmsg_free(msg);
9429 		return;
9430 	}
9431 
9432 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9433 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9434 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
9435 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
9436 		goto nla_put_failure;
9437 
9438 	genlmsg_end(msg, hdr);
9439 
9440 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9441 				nl80211_mlme_mcgrp.id, gfp);
9442 	return;
9443 
9444  nla_put_failure:
9445 	genlmsg_cancel(msg, hdr);
9446 	nlmsg_free(msg);
9447 }
9448 
9449 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
9450 			       struct net_device *netdev, const u8 *addr,
9451 			       gfp_t gfp)
9452 {
9453 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
9454 				  addr, gfp);
9455 }
9456 
9457 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
9458 				struct net_device *netdev, const u8 *addr,
9459 				gfp_t gfp)
9460 {
9461 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
9462 				  addr, gfp);
9463 }
9464 
9465 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
9466 				 struct net_device *netdev, const u8 *bssid,
9467 				 const u8 *req_ie, size_t req_ie_len,
9468 				 const u8 *resp_ie, size_t resp_ie_len,
9469 				 u16 status, gfp_t gfp)
9470 {
9471 	struct sk_buff *msg;
9472 	void *hdr;
9473 
9474 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9475 	if (!msg)
9476 		return;
9477 
9478 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
9479 	if (!hdr) {
9480 		nlmsg_free(msg);
9481 		return;
9482 	}
9483 
9484 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9485 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9486 	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
9487 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
9488 	    (req_ie &&
9489 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
9490 	    (resp_ie &&
9491 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
9492 		goto nla_put_failure;
9493 
9494 	genlmsg_end(msg, hdr);
9495 
9496 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9497 				nl80211_mlme_mcgrp.id, gfp);
9498 	return;
9499 
9500  nla_put_failure:
9501 	genlmsg_cancel(msg, hdr);
9502 	nlmsg_free(msg);
9503 
9504 }
9505 
9506 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
9507 			 struct net_device *netdev, const u8 *bssid,
9508 			 const u8 *req_ie, size_t req_ie_len,
9509 			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
9510 {
9511 	struct sk_buff *msg;
9512 	void *hdr;
9513 
9514 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9515 	if (!msg)
9516 		return;
9517 
9518 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
9519 	if (!hdr) {
9520 		nlmsg_free(msg);
9521 		return;
9522 	}
9523 
9524 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9525 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9526 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
9527 	    (req_ie &&
9528 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
9529 	    (resp_ie &&
9530 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
9531 		goto nla_put_failure;
9532 
9533 	genlmsg_end(msg, hdr);
9534 
9535 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9536 				nl80211_mlme_mcgrp.id, gfp);
9537 	return;
9538 
9539  nla_put_failure:
9540 	genlmsg_cancel(msg, hdr);
9541 	nlmsg_free(msg);
9542 
9543 }
9544 
9545 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
9546 			       struct net_device *netdev, u16 reason,
9547 			       const u8 *ie, size_t ie_len, bool from_ap)
9548 {
9549 	struct sk_buff *msg;
9550 	void *hdr;
9551 
9552 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9553 	if (!msg)
9554 		return;
9555 
9556 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
9557 	if (!hdr) {
9558 		nlmsg_free(msg);
9559 		return;
9560 	}
9561 
9562 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9563 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9564 	    (from_ap && reason &&
9565 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
9566 	    (from_ap &&
9567 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
9568 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
9569 		goto nla_put_failure;
9570 
9571 	genlmsg_end(msg, hdr);
9572 
9573 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9574 				nl80211_mlme_mcgrp.id, GFP_KERNEL);
9575 	return;
9576 
9577  nla_put_failure:
9578 	genlmsg_cancel(msg, hdr);
9579 	nlmsg_free(msg);
9580 
9581 }
9582 
9583 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
9584 			     struct net_device *netdev, const u8 *bssid,
9585 			     gfp_t gfp)
9586 {
9587 	struct sk_buff *msg;
9588 	void *hdr;
9589 
9590 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9591 	if (!msg)
9592 		return;
9593 
9594 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
9595 	if (!hdr) {
9596 		nlmsg_free(msg);
9597 		return;
9598 	}
9599 
9600 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9601 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9602 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
9603 		goto nla_put_failure;
9604 
9605 	genlmsg_end(msg, hdr);
9606 
9607 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9608 				nl80211_mlme_mcgrp.id, gfp);
9609 	return;
9610 
9611  nla_put_failure:
9612 	genlmsg_cancel(msg, hdr);
9613 	nlmsg_free(msg);
9614 }
9615 
9616 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
9617 					const u8* ie, u8 ie_len, gfp_t gfp)
9618 {
9619 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9620 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
9621 	struct sk_buff *msg;
9622 	void *hdr;
9623 
9624 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
9625 		return;
9626 
9627 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
9628 
9629 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9630 	if (!msg)
9631 		return;
9632 
9633 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
9634 	if (!hdr) {
9635 		nlmsg_free(msg);
9636 		return;
9637 	}
9638 
9639 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9640 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9641 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
9642 	    (ie_len && ie &&
9643 	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
9644 		goto nla_put_failure;
9645 
9646 	genlmsg_end(msg, hdr);
9647 
9648 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9649 				nl80211_mlme_mcgrp.id, gfp);
9650 	return;
9651 
9652  nla_put_failure:
9653 	genlmsg_cancel(msg, hdr);
9654 	nlmsg_free(msg);
9655 }
9656 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
9657 
9658 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
9659 				 struct net_device *netdev, const u8 *addr,
9660 				 enum nl80211_key_type key_type, int key_id,
9661 				 const u8 *tsc, gfp_t gfp)
9662 {
9663 	struct sk_buff *msg;
9664 	void *hdr;
9665 
9666 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9667 	if (!msg)
9668 		return;
9669 
9670 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
9671 	if (!hdr) {
9672 		nlmsg_free(msg);
9673 		return;
9674 	}
9675 
9676 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9677 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9678 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
9679 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
9680 	    (key_id != -1 &&
9681 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
9682 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
9683 		goto nla_put_failure;
9684 
9685 	genlmsg_end(msg, hdr);
9686 
9687 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9688 				nl80211_mlme_mcgrp.id, gfp);
9689 	return;
9690 
9691  nla_put_failure:
9692 	genlmsg_cancel(msg, hdr);
9693 	nlmsg_free(msg);
9694 }
9695 
9696 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
9697 				    struct ieee80211_channel *channel_before,
9698 				    struct ieee80211_channel *channel_after)
9699 {
9700 	struct sk_buff *msg;
9701 	void *hdr;
9702 	struct nlattr *nl_freq;
9703 
9704 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
9705 	if (!msg)
9706 		return;
9707 
9708 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
9709 	if (!hdr) {
9710 		nlmsg_free(msg);
9711 		return;
9712 	}
9713 
9714 	/*
9715 	 * Since we are applying the beacon hint to a wiphy we know its
9716 	 * wiphy_idx is valid
9717 	 */
9718 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
9719 		goto nla_put_failure;
9720 
9721 	/* Before */
9722 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
9723 	if (!nl_freq)
9724 		goto nla_put_failure;
9725 	if (nl80211_msg_put_channel(msg, channel_before, false))
9726 		goto nla_put_failure;
9727 	nla_nest_end(msg, nl_freq);
9728 
9729 	/* After */
9730 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
9731 	if (!nl_freq)
9732 		goto nla_put_failure;
9733 	if (nl80211_msg_put_channel(msg, channel_after, false))
9734 		goto nla_put_failure;
9735 	nla_nest_end(msg, nl_freq);
9736 
9737 	genlmsg_end(msg, hdr);
9738 
9739 	rcu_read_lock();
9740 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
9741 				GFP_ATOMIC);
9742 	rcu_read_unlock();
9743 
9744 	return;
9745 
9746 nla_put_failure:
9747 	genlmsg_cancel(msg, hdr);
9748 	nlmsg_free(msg);
9749 }
9750 
9751 static void nl80211_send_remain_on_chan_event(
9752 	int cmd, struct cfg80211_registered_device *rdev,
9753 	struct wireless_dev *wdev, u64 cookie,
9754 	struct ieee80211_channel *chan,
9755 	unsigned int duration, gfp_t gfp)
9756 {
9757 	struct sk_buff *msg;
9758 	void *hdr;
9759 
9760 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9761 	if (!msg)
9762 		return;
9763 
9764 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
9765 	if (!hdr) {
9766 		nlmsg_free(msg);
9767 		return;
9768 	}
9769 
9770 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9771 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
9772 					 wdev->netdev->ifindex)) ||
9773 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
9774 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
9775 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
9776 			NL80211_CHAN_NO_HT) ||
9777 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
9778 		goto nla_put_failure;
9779 
9780 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
9781 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
9782 		goto nla_put_failure;
9783 
9784 	genlmsg_end(msg, hdr);
9785 
9786 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9787 				nl80211_mlme_mcgrp.id, gfp);
9788 	return;
9789 
9790  nla_put_failure:
9791 	genlmsg_cancel(msg, hdr);
9792 	nlmsg_free(msg);
9793 }
9794 
9795 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
9796 			       struct ieee80211_channel *chan,
9797 			       unsigned int duration, gfp_t gfp)
9798 {
9799 	struct wiphy *wiphy = wdev->wiphy;
9800 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9801 
9802 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
9803 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
9804 					  rdev, wdev, cookie, chan,
9805 					  duration, gfp);
9806 }
9807 EXPORT_SYMBOL(cfg80211_ready_on_channel);
9808 
9809 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
9810 					struct ieee80211_channel *chan,
9811 					gfp_t gfp)
9812 {
9813 	struct wiphy *wiphy = wdev->wiphy;
9814 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9815 
9816 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
9817 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
9818 					  rdev, wdev, cookie, chan, 0, gfp);
9819 }
9820 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
9821 
9822 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
9823 		      struct station_info *sinfo, gfp_t gfp)
9824 {
9825 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
9826 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9827 	struct sk_buff *msg;
9828 
9829 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
9830 
9831 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9832 	if (!msg)
9833 		return;
9834 
9835 	if (nl80211_send_station(msg, 0, 0, 0,
9836 				 rdev, dev, mac_addr, sinfo) < 0) {
9837 		nlmsg_free(msg);
9838 		return;
9839 	}
9840 
9841 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9842 				nl80211_mlme_mcgrp.id, gfp);
9843 }
9844 EXPORT_SYMBOL(cfg80211_new_sta);
9845 
9846 void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp)
9847 {
9848 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
9849 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9850 	struct sk_buff *msg;
9851 	void *hdr;
9852 
9853 	trace_cfg80211_del_sta(dev, mac_addr);
9854 
9855 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9856 	if (!msg)
9857 		return;
9858 
9859 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
9860 	if (!hdr) {
9861 		nlmsg_free(msg);
9862 		return;
9863 	}
9864 
9865 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9866 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
9867 		goto nla_put_failure;
9868 
9869 	genlmsg_end(msg, hdr);
9870 
9871 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9872 				nl80211_mlme_mcgrp.id, gfp);
9873 	return;
9874 
9875  nla_put_failure:
9876 	genlmsg_cancel(msg, hdr);
9877 	nlmsg_free(msg);
9878 }
9879 EXPORT_SYMBOL(cfg80211_del_sta);
9880 
9881 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
9882 			  enum nl80211_connect_failed_reason reason,
9883 			  gfp_t gfp)
9884 {
9885 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
9886 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9887 	struct sk_buff *msg;
9888 	void *hdr;
9889 
9890 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
9891 	if (!msg)
9892 		return;
9893 
9894 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
9895 	if (!hdr) {
9896 		nlmsg_free(msg);
9897 		return;
9898 	}
9899 
9900 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9901 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
9902 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
9903 		goto nla_put_failure;
9904 
9905 	genlmsg_end(msg, hdr);
9906 
9907 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9908 				nl80211_mlme_mcgrp.id, gfp);
9909 	return;
9910 
9911  nla_put_failure:
9912 	genlmsg_cancel(msg, hdr);
9913 	nlmsg_free(msg);
9914 }
9915 EXPORT_SYMBOL(cfg80211_conn_failed);
9916 
9917 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
9918 				       const u8 *addr, gfp_t gfp)
9919 {
9920 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9921 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
9922 	struct sk_buff *msg;
9923 	void *hdr;
9924 	u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
9925 
9926 	if (!nlportid)
9927 		return false;
9928 
9929 	msg = nlmsg_new(100, gfp);
9930 	if (!msg)
9931 		return true;
9932 
9933 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
9934 	if (!hdr) {
9935 		nlmsg_free(msg);
9936 		return true;
9937 	}
9938 
9939 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9940 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9941 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
9942 		goto nla_put_failure;
9943 
9944 	genlmsg_end(msg, hdr);
9945 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
9946 	return true;
9947 
9948  nla_put_failure:
9949 	genlmsg_cancel(msg, hdr);
9950 	nlmsg_free(msg);
9951 	return true;
9952 }
9953 
9954 bool cfg80211_rx_spurious_frame(struct net_device *dev,
9955 				const u8 *addr, gfp_t gfp)
9956 {
9957 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9958 	bool ret;
9959 
9960 	trace_cfg80211_rx_spurious_frame(dev, addr);
9961 
9962 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
9963 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
9964 		trace_cfg80211_return_bool(false);
9965 		return false;
9966 	}
9967 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
9968 					 addr, gfp);
9969 	trace_cfg80211_return_bool(ret);
9970 	return ret;
9971 }
9972 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
9973 
9974 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
9975 					const u8 *addr, gfp_t gfp)
9976 {
9977 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9978 	bool ret;
9979 
9980 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
9981 
9982 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
9983 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
9984 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
9985 		trace_cfg80211_return_bool(false);
9986 		return false;
9987 	}
9988 	ret = __nl80211_unexpected_frame(dev,
9989 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
9990 					 addr, gfp);
9991 	trace_cfg80211_return_bool(ret);
9992 	return ret;
9993 }
9994 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
9995 
9996 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
9997 		      struct wireless_dev *wdev, u32 nlportid,
9998 		      int freq, int sig_dbm,
9999 		      const u8 *buf, size_t len, gfp_t gfp)
10000 {
10001 	struct net_device *netdev = wdev->netdev;
10002 	struct sk_buff *msg;
10003 	void *hdr;
10004 
10005 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10006 	if (!msg)
10007 		return -ENOMEM;
10008 
10009 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
10010 	if (!hdr) {
10011 		nlmsg_free(msg);
10012 		return -ENOMEM;
10013 	}
10014 
10015 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10016 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10017 					netdev->ifindex)) ||
10018 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10019 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
10020 	    (sig_dbm &&
10021 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
10022 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
10023 		goto nla_put_failure;
10024 
10025 	genlmsg_end(msg, hdr);
10026 
10027 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10028 
10029  nla_put_failure:
10030 	genlmsg_cancel(msg, hdr);
10031 	nlmsg_free(msg);
10032 	return -ENOBUFS;
10033 }
10034 
10035 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
10036 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
10037 {
10038 	struct wiphy *wiphy = wdev->wiphy;
10039 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10040 	struct net_device *netdev = wdev->netdev;
10041 	struct sk_buff *msg;
10042 	void *hdr;
10043 
10044 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
10045 
10046 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10047 	if (!msg)
10048 		return;
10049 
10050 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
10051 	if (!hdr) {
10052 		nlmsg_free(msg);
10053 		return;
10054 	}
10055 
10056 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10057 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10058 				   netdev->ifindex)) ||
10059 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10060 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
10061 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
10062 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
10063 		goto nla_put_failure;
10064 
10065 	genlmsg_end(msg, hdr);
10066 
10067 	genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
10068 	return;
10069 
10070  nla_put_failure:
10071 	genlmsg_cancel(msg, hdr);
10072 	nlmsg_free(msg);
10073 }
10074 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
10075 
10076 void cfg80211_cqm_rssi_notify(struct net_device *dev,
10077 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
10078 			      gfp_t gfp)
10079 {
10080 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10081 	struct wiphy *wiphy = wdev->wiphy;
10082 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10083 	struct sk_buff *msg;
10084 	struct nlattr *pinfoattr;
10085 	void *hdr;
10086 
10087 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
10088 
10089 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10090 	if (!msg)
10091 		return;
10092 
10093 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
10094 	if (!hdr) {
10095 		nlmsg_free(msg);
10096 		return;
10097 	}
10098 
10099 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10100 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
10101 		goto nla_put_failure;
10102 
10103 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
10104 	if (!pinfoattr)
10105 		goto nla_put_failure;
10106 
10107 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
10108 			rssi_event))
10109 		goto nla_put_failure;
10110 
10111 	nla_nest_end(msg, pinfoattr);
10112 
10113 	genlmsg_end(msg, hdr);
10114 
10115 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10116 				nl80211_mlme_mcgrp.id, gfp);
10117 	return;
10118 
10119  nla_put_failure:
10120 	genlmsg_cancel(msg, hdr);
10121 	nlmsg_free(msg);
10122 }
10123 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
10124 
10125 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
10126 				     struct net_device *netdev, const u8 *bssid,
10127 				     const u8 *replay_ctr, gfp_t gfp)
10128 {
10129 	struct sk_buff *msg;
10130 	struct nlattr *rekey_attr;
10131 	void *hdr;
10132 
10133 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10134 	if (!msg)
10135 		return;
10136 
10137 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
10138 	if (!hdr) {
10139 		nlmsg_free(msg);
10140 		return;
10141 	}
10142 
10143 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10144 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10145 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
10146 		goto nla_put_failure;
10147 
10148 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
10149 	if (!rekey_attr)
10150 		goto nla_put_failure;
10151 
10152 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
10153 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
10154 		goto nla_put_failure;
10155 
10156 	nla_nest_end(msg, rekey_attr);
10157 
10158 	genlmsg_end(msg, hdr);
10159 
10160 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10161 				nl80211_mlme_mcgrp.id, gfp);
10162 	return;
10163 
10164  nla_put_failure:
10165 	genlmsg_cancel(msg, hdr);
10166 	nlmsg_free(msg);
10167 }
10168 
10169 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
10170 			       const u8 *replay_ctr, gfp_t gfp)
10171 {
10172 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10173 	struct wiphy *wiphy = wdev->wiphy;
10174 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10175 
10176 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
10177 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
10178 }
10179 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
10180 
10181 static void
10182 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
10183 			       struct net_device *netdev, int index,
10184 			       const u8 *bssid, bool preauth, gfp_t gfp)
10185 {
10186 	struct sk_buff *msg;
10187 	struct nlattr *attr;
10188 	void *hdr;
10189 
10190 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10191 	if (!msg)
10192 		return;
10193 
10194 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
10195 	if (!hdr) {
10196 		nlmsg_free(msg);
10197 		return;
10198 	}
10199 
10200 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10201 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
10202 		goto nla_put_failure;
10203 
10204 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
10205 	if (!attr)
10206 		goto nla_put_failure;
10207 
10208 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
10209 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
10210 	    (preauth &&
10211 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
10212 		goto nla_put_failure;
10213 
10214 	nla_nest_end(msg, attr);
10215 
10216 	genlmsg_end(msg, hdr);
10217 
10218 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10219 				nl80211_mlme_mcgrp.id, gfp);
10220 	return;
10221 
10222  nla_put_failure:
10223 	genlmsg_cancel(msg, hdr);
10224 	nlmsg_free(msg);
10225 }
10226 
10227 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
10228 				     const u8 *bssid, bool preauth, gfp_t gfp)
10229 {
10230 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10231 	struct wiphy *wiphy = wdev->wiphy;
10232 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10233 
10234 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
10235 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
10236 }
10237 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
10238 
10239 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
10240 				     struct net_device *netdev,
10241 				     struct cfg80211_chan_def *chandef,
10242 				     gfp_t gfp)
10243 {
10244 	struct sk_buff *msg;
10245 	void *hdr;
10246 
10247 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10248 	if (!msg)
10249 		return;
10250 
10251 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY);
10252 	if (!hdr) {
10253 		nlmsg_free(msg);
10254 		return;
10255 	}
10256 
10257 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
10258 		goto nla_put_failure;
10259 
10260 	if (nl80211_send_chandef(msg, chandef))
10261 		goto nla_put_failure;
10262 
10263 	genlmsg_end(msg, hdr);
10264 
10265 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10266 				nl80211_mlme_mcgrp.id, gfp);
10267 	return;
10268 
10269  nla_put_failure:
10270 	genlmsg_cancel(msg, hdr);
10271 	nlmsg_free(msg);
10272 }
10273 
10274 void cfg80211_ch_switch_notify(struct net_device *dev,
10275 			       struct cfg80211_chan_def *chandef)
10276 {
10277 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10278 	struct wiphy *wiphy = wdev->wiphy;
10279 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10280 
10281 	trace_cfg80211_ch_switch_notify(dev, chandef);
10282 
10283 	wdev_lock(wdev);
10284 
10285 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
10286 		    wdev->iftype != NL80211_IFTYPE_P2P_GO))
10287 		goto out;
10288 
10289 	wdev->channel = chandef->chan;
10290 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
10291 out:
10292 	wdev_unlock(wdev);
10293 	return;
10294 }
10295 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
10296 
10297 void cfg80211_cqm_txe_notify(struct net_device *dev,
10298 			     const u8 *peer, u32 num_packets,
10299 			     u32 rate, u32 intvl, gfp_t gfp)
10300 {
10301 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10302 	struct wiphy *wiphy = wdev->wiphy;
10303 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10304 	struct sk_buff *msg;
10305 	struct nlattr *pinfoattr;
10306 	void *hdr;
10307 
10308 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
10309 	if (!msg)
10310 		return;
10311 
10312 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
10313 	if (!hdr) {
10314 		nlmsg_free(msg);
10315 		return;
10316 	}
10317 
10318 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10319 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10320 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
10321 		goto nla_put_failure;
10322 
10323 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
10324 	if (!pinfoattr)
10325 		goto nla_put_failure;
10326 
10327 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
10328 		goto nla_put_failure;
10329 
10330 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
10331 		goto nla_put_failure;
10332 
10333 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
10334 		goto nla_put_failure;
10335 
10336 	nla_nest_end(msg, pinfoattr);
10337 
10338 	genlmsg_end(msg, hdr);
10339 
10340 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10341 				nl80211_mlme_mcgrp.id, gfp);
10342 	return;
10343 
10344  nla_put_failure:
10345 	genlmsg_cancel(msg, hdr);
10346 	nlmsg_free(msg);
10347 }
10348 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
10349 
10350 void
10351 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
10352 		     struct cfg80211_chan_def *chandef,
10353 		     enum nl80211_radar_event event,
10354 		     struct net_device *netdev, gfp_t gfp)
10355 {
10356 	struct sk_buff *msg;
10357 	void *hdr;
10358 
10359 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10360 	if (!msg)
10361 		return;
10362 
10363 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
10364 	if (!hdr) {
10365 		nlmsg_free(msg);
10366 		return;
10367 	}
10368 
10369 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
10370 		goto nla_put_failure;
10371 
10372 	/* NOP and radar events don't need a netdev parameter */
10373 	if (netdev) {
10374 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
10375 
10376 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10377 		    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10378 			goto nla_put_failure;
10379 	}
10380 
10381 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
10382 		goto nla_put_failure;
10383 
10384 	if (nl80211_send_chandef(msg, chandef))
10385 		goto nla_put_failure;
10386 
10387 	genlmsg_end(msg, hdr);
10388 
10389 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10390 				nl80211_mlme_mcgrp.id, gfp);
10391 	return;
10392 
10393  nla_put_failure:
10394 	genlmsg_cancel(msg, hdr);
10395 	nlmsg_free(msg);
10396 }
10397 
10398 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
10399 				 const u8 *peer, u32 num_packets, gfp_t gfp)
10400 {
10401 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10402 	struct wiphy *wiphy = wdev->wiphy;
10403 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10404 	struct sk_buff *msg;
10405 	struct nlattr *pinfoattr;
10406 	void *hdr;
10407 
10408 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
10409 
10410 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10411 	if (!msg)
10412 		return;
10413 
10414 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
10415 	if (!hdr) {
10416 		nlmsg_free(msg);
10417 		return;
10418 	}
10419 
10420 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10421 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10422 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
10423 		goto nla_put_failure;
10424 
10425 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
10426 	if (!pinfoattr)
10427 		goto nla_put_failure;
10428 
10429 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
10430 		goto nla_put_failure;
10431 
10432 	nla_nest_end(msg, pinfoattr);
10433 
10434 	genlmsg_end(msg, hdr);
10435 
10436 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10437 				nl80211_mlme_mcgrp.id, gfp);
10438 	return;
10439 
10440  nla_put_failure:
10441 	genlmsg_cancel(msg, hdr);
10442 	nlmsg_free(msg);
10443 }
10444 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
10445 
10446 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
10447 			   u64 cookie, bool acked, gfp_t gfp)
10448 {
10449 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10450 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10451 	struct sk_buff *msg;
10452 	void *hdr;
10453 
10454 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
10455 
10456 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10457 
10458 	if (!msg)
10459 		return;
10460 
10461 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
10462 	if (!hdr) {
10463 		nlmsg_free(msg);
10464 		return;
10465 	}
10466 
10467 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10468 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10469 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
10470 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
10471 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
10472 		goto nla_put_failure;
10473 
10474 	genlmsg_end(msg, hdr);
10475 
10476 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10477 				nl80211_mlme_mcgrp.id, gfp);
10478 	return;
10479 
10480  nla_put_failure:
10481 	genlmsg_cancel(msg, hdr);
10482 	nlmsg_free(msg);
10483 }
10484 EXPORT_SYMBOL(cfg80211_probe_status);
10485 
10486 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
10487 				 const u8 *frame, size_t len,
10488 				 int freq, int sig_dbm)
10489 {
10490 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10491 	struct sk_buff *msg;
10492 	void *hdr;
10493 	struct cfg80211_beacon_registration *reg;
10494 
10495 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
10496 
10497 	spin_lock_bh(&rdev->beacon_registrations_lock);
10498 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
10499 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
10500 		if (!msg) {
10501 			spin_unlock_bh(&rdev->beacon_registrations_lock);
10502 			return;
10503 		}
10504 
10505 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
10506 		if (!hdr)
10507 			goto nla_put_failure;
10508 
10509 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10510 		    (freq &&
10511 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
10512 		    (sig_dbm &&
10513 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
10514 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
10515 			goto nla_put_failure;
10516 
10517 		genlmsg_end(msg, hdr);
10518 
10519 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
10520 	}
10521 	spin_unlock_bh(&rdev->beacon_registrations_lock);
10522 	return;
10523 
10524  nla_put_failure:
10525 	spin_unlock_bh(&rdev->beacon_registrations_lock);
10526 	if (hdr)
10527 		genlmsg_cancel(msg, hdr);
10528 	nlmsg_free(msg);
10529 }
10530 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
10531 
10532 #ifdef CONFIG_PM
10533 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
10534 				   struct cfg80211_wowlan_wakeup *wakeup,
10535 				   gfp_t gfp)
10536 {
10537 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10538 	struct sk_buff *msg;
10539 	void *hdr;
10540 	int size = 200;
10541 
10542 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
10543 
10544 	if (wakeup)
10545 		size += wakeup->packet_present_len;
10546 
10547 	msg = nlmsg_new(size, gfp);
10548 	if (!msg)
10549 		return;
10550 
10551 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
10552 	if (!hdr)
10553 		goto free_msg;
10554 
10555 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10556 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10557 		goto free_msg;
10558 
10559 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10560 					wdev->netdev->ifindex))
10561 		goto free_msg;
10562 
10563 	if (wakeup) {
10564 		struct nlattr *reasons;
10565 
10566 		reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
10567 
10568 		if (wakeup->disconnect &&
10569 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
10570 			goto free_msg;
10571 		if (wakeup->magic_pkt &&
10572 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
10573 			goto free_msg;
10574 		if (wakeup->gtk_rekey_failure &&
10575 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
10576 			goto free_msg;
10577 		if (wakeup->eap_identity_req &&
10578 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
10579 			goto free_msg;
10580 		if (wakeup->four_way_handshake &&
10581 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
10582 			goto free_msg;
10583 		if (wakeup->rfkill_release &&
10584 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
10585 			goto free_msg;
10586 
10587 		if (wakeup->pattern_idx >= 0 &&
10588 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
10589 				wakeup->pattern_idx))
10590 			goto free_msg;
10591 
10592 		if (wakeup->tcp_match)
10593 			nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH);
10594 
10595 		if (wakeup->tcp_connlost)
10596 			nla_put_flag(msg,
10597 				     NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST);
10598 
10599 		if (wakeup->tcp_nomoretokens)
10600 			nla_put_flag(msg,
10601 				NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS);
10602 
10603 		if (wakeup->packet) {
10604 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
10605 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
10606 
10607 			if (!wakeup->packet_80211) {
10608 				pkt_attr =
10609 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
10610 				len_attr =
10611 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
10612 			}
10613 
10614 			if (wakeup->packet_len &&
10615 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
10616 				goto free_msg;
10617 
10618 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
10619 				    wakeup->packet))
10620 				goto free_msg;
10621 		}
10622 
10623 		nla_nest_end(msg, reasons);
10624 	}
10625 
10626 	genlmsg_end(msg, hdr);
10627 
10628 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10629 				nl80211_mlme_mcgrp.id, gfp);
10630 	return;
10631 
10632  free_msg:
10633 	nlmsg_free(msg);
10634 }
10635 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
10636 #endif
10637 
10638 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
10639 				enum nl80211_tdls_operation oper,
10640 				u16 reason_code, gfp_t gfp)
10641 {
10642 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10643 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10644 	struct sk_buff *msg;
10645 	void *hdr;
10646 
10647 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
10648 					 reason_code);
10649 
10650 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10651 	if (!msg)
10652 		return;
10653 
10654 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
10655 	if (!hdr) {
10656 		nlmsg_free(msg);
10657 		return;
10658 	}
10659 
10660 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10661 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10662 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
10663 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
10664 	    (reason_code > 0 &&
10665 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
10666 		goto nla_put_failure;
10667 
10668 	genlmsg_end(msg, hdr);
10669 
10670 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10671 				nl80211_mlme_mcgrp.id, gfp);
10672 	return;
10673 
10674  nla_put_failure:
10675 	genlmsg_cancel(msg, hdr);
10676 	nlmsg_free(msg);
10677 }
10678 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
10679 
10680 static int nl80211_netlink_notify(struct notifier_block * nb,
10681 				  unsigned long state,
10682 				  void *_notify)
10683 {
10684 	struct netlink_notify *notify = _notify;
10685 	struct cfg80211_registered_device *rdev;
10686 	struct wireless_dev *wdev;
10687 	struct cfg80211_beacon_registration *reg, *tmp;
10688 
10689 	if (state != NETLINK_URELEASE)
10690 		return NOTIFY_DONE;
10691 
10692 	rcu_read_lock();
10693 
10694 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
10695 		list_for_each_entry_rcu(wdev, &rdev->wdev_list, list)
10696 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
10697 
10698 		spin_lock_bh(&rdev->beacon_registrations_lock);
10699 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
10700 					 list) {
10701 			if (reg->nlportid == notify->portid) {
10702 				list_del(&reg->list);
10703 				kfree(reg);
10704 				break;
10705 			}
10706 		}
10707 		spin_unlock_bh(&rdev->beacon_registrations_lock);
10708 	}
10709 
10710 	rcu_read_unlock();
10711 
10712 	return NOTIFY_DONE;
10713 }
10714 
10715 static struct notifier_block nl80211_netlink_notifier = {
10716 	.notifier_call = nl80211_netlink_notify,
10717 };
10718 
10719 void cfg80211_ft_event(struct net_device *netdev,
10720 		       struct cfg80211_ft_event_params *ft_event)
10721 {
10722 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
10723 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10724 	struct sk_buff *msg;
10725 	void *hdr;
10726 
10727 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
10728 
10729 	if (!ft_event->target_ap)
10730 		return;
10731 
10732 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10733 	if (!msg)
10734 		return;
10735 
10736 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
10737 	if (!hdr) {
10738 		nlmsg_free(msg);
10739 		return;
10740 	}
10741 
10742 	nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
10743 	nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
10744 	nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap);
10745 	if (ft_event->ies)
10746 		nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies);
10747 	if (ft_event->ric_ies)
10748 		nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
10749 			ft_event->ric_ies);
10750 
10751 	genlmsg_end(msg, hdr);
10752 
10753 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10754 				nl80211_mlme_mcgrp.id, GFP_KERNEL);
10755 }
10756 EXPORT_SYMBOL(cfg80211_ft_event);
10757 
10758 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
10759 {
10760 	struct cfg80211_registered_device *rdev;
10761 	struct sk_buff *msg;
10762 	void *hdr;
10763 	u32 nlportid;
10764 
10765 	rdev = wiphy_to_dev(wdev->wiphy);
10766 	if (!rdev->crit_proto_nlportid)
10767 		return;
10768 
10769 	nlportid = rdev->crit_proto_nlportid;
10770 	rdev->crit_proto_nlportid = 0;
10771 
10772 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10773 	if (!msg)
10774 		return;
10775 
10776 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
10777 	if (!hdr)
10778 		goto nla_put_failure;
10779 
10780 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10781 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10782 		goto nla_put_failure;
10783 
10784 	genlmsg_end(msg, hdr);
10785 
10786 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10787 	return;
10788 
10789  nla_put_failure:
10790 	if (hdr)
10791 		genlmsg_cancel(msg, hdr);
10792 	nlmsg_free(msg);
10793 
10794 }
10795 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
10796 
10797 /* initialisation/exit functions */
10798 
10799 int nl80211_init(void)
10800 {
10801 	int err;
10802 
10803 	err = genl_register_family_with_ops(&nl80211_fam,
10804 		nl80211_ops, ARRAY_SIZE(nl80211_ops));
10805 	if (err)
10806 		return err;
10807 
10808 	err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
10809 	if (err)
10810 		goto err_out;
10811 
10812 	err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp);
10813 	if (err)
10814 		goto err_out;
10815 
10816 	err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp);
10817 	if (err)
10818 		goto err_out;
10819 
10820 	err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp);
10821 	if (err)
10822 		goto err_out;
10823 
10824 #ifdef CONFIG_NL80211_TESTMODE
10825 	err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp);
10826 	if (err)
10827 		goto err_out;
10828 #endif
10829 
10830 	err = netlink_register_notifier(&nl80211_netlink_notifier);
10831 	if (err)
10832 		goto err_out;
10833 
10834 	return 0;
10835  err_out:
10836 	genl_unregister_family(&nl80211_fam);
10837 	return err;
10838 }
10839 
10840 void nl80211_exit(void)
10841 {
10842 	netlink_unregister_notifier(&nl80211_netlink_notifier);
10843 	genl_unregister_family(&nl80211_fam);
10844 }
10845