1/*
2 * This is the new netlink-based wireless configuration interface.
3 *
4 * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5 * Copyright 2013-2014  Intel Mobile Communications GmbH
6 * Copyright 2015	Intel Deutschland GmbH
7 */
8
9#include <linux/if.h>
10#include <linux/module.h>
11#include <linux/err.h>
12#include <linux/slab.h>
13#include <linux/list.h>
14#include <linux/if_ether.h>
15#include <linux/ieee80211.h>
16#include <linux/nl80211.h>
17#include <linux/rtnetlink.h>
18#include <linux/netlink.h>
19#include <linux/etherdevice.h>
20#include <net/net_namespace.h>
21#include <net/genetlink.h>
22#include <net/cfg80211.h>
23#include <net/sock.h>
24#include <net/inet_connection_sock.h>
25#include "core.h"
26#include "nl80211.h"
27#include "reg.h"
28#include "rdev-ops.h"
29
30static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
31				   struct genl_info *info,
32				   struct cfg80211_crypto_settings *settings,
33				   int cipher_limit);
34
35static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
36			    struct genl_info *info);
37static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
38			      struct genl_info *info);
39
40/* the netlink family */
41static struct genl_family nl80211_fam = {
42	.id = GENL_ID_GENERATE,		/* don't bother with a hardcoded ID */
43	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
44	.hdrsize = 0,			/* no private header */
45	.version = 1,			/* no particular meaning now */
46	.maxattr = NL80211_ATTR_MAX,
47	.netnsok = true,
48	.pre_doit = nl80211_pre_doit,
49	.post_doit = nl80211_post_doit,
50};
51
52/* multicast groups */
53enum nl80211_multicast_groups {
54	NL80211_MCGRP_CONFIG,
55	NL80211_MCGRP_SCAN,
56	NL80211_MCGRP_REGULATORY,
57	NL80211_MCGRP_MLME,
58	NL80211_MCGRP_VENDOR,
59	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
60};
61
62static const struct genl_multicast_group nl80211_mcgrps[] = {
63	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
64	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
65	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
66	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
67	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
68#ifdef CONFIG_NL80211_TESTMODE
69	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
70#endif
71};
72
73/* returns ERR_PTR values */
74static struct wireless_dev *
75__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
76{
77	struct cfg80211_registered_device *rdev;
78	struct wireless_dev *result = NULL;
79	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
80	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
81	u64 wdev_id;
82	int wiphy_idx = -1;
83	int ifidx = -1;
84
85	ASSERT_RTNL();
86
87	if (!have_ifidx && !have_wdev_id)
88		return ERR_PTR(-EINVAL);
89
90	if (have_ifidx)
91		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
92	if (have_wdev_id) {
93		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
94		wiphy_idx = wdev_id >> 32;
95	}
96
97	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
98		struct wireless_dev *wdev;
99
100		if (wiphy_net(&rdev->wiphy) != netns)
101			continue;
102
103		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
104			continue;
105
106		list_for_each_entry(wdev, &rdev->wdev_list, list) {
107			if (have_ifidx && wdev->netdev &&
108			    wdev->netdev->ifindex == ifidx) {
109				result = wdev;
110				break;
111			}
112			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
113				result = wdev;
114				break;
115			}
116		}
117
118		if (result)
119			break;
120	}
121
122	if (result)
123		return result;
124	return ERR_PTR(-ENODEV);
125}
126
127static struct cfg80211_registered_device *
128__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
129{
130	struct cfg80211_registered_device *rdev = NULL, *tmp;
131	struct net_device *netdev;
132
133	ASSERT_RTNL();
134
135	if (!attrs[NL80211_ATTR_WIPHY] &&
136	    !attrs[NL80211_ATTR_IFINDEX] &&
137	    !attrs[NL80211_ATTR_WDEV])
138		return ERR_PTR(-EINVAL);
139
140	if (attrs[NL80211_ATTR_WIPHY])
141		rdev = cfg80211_rdev_by_wiphy_idx(
142				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
143
144	if (attrs[NL80211_ATTR_WDEV]) {
145		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
146		struct wireless_dev *wdev;
147		bool found = false;
148
149		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
150		if (tmp) {
151			/* make sure wdev exists */
152			list_for_each_entry(wdev, &tmp->wdev_list, list) {
153				if (wdev->identifier != (u32)wdev_id)
154					continue;
155				found = true;
156				break;
157			}
158
159			if (!found)
160				tmp = NULL;
161
162			if (rdev && tmp != rdev)
163				return ERR_PTR(-EINVAL);
164			rdev = tmp;
165		}
166	}
167
168	if (attrs[NL80211_ATTR_IFINDEX]) {
169		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
170		netdev = __dev_get_by_index(netns, ifindex);
171		if (netdev) {
172			if (netdev->ieee80211_ptr)
173				tmp = wiphy_to_rdev(
174					netdev->ieee80211_ptr->wiphy);
175			else
176				tmp = NULL;
177
178			/* not wireless device -- return error */
179			if (!tmp)
180				return ERR_PTR(-EINVAL);
181
182			/* mismatch -- return error */
183			if (rdev && tmp != rdev)
184				return ERR_PTR(-EINVAL);
185
186			rdev = tmp;
187		}
188	}
189
190	if (!rdev)
191		return ERR_PTR(-ENODEV);
192
193	if (netns != wiphy_net(&rdev->wiphy))
194		return ERR_PTR(-ENODEV);
195
196	return rdev;
197}
198
199/*
200 * This function returns a pointer to the driver
201 * that the genl_info item that is passed refers to.
202 *
203 * The result of this can be a PTR_ERR and hence must
204 * be checked with IS_ERR() for errors.
205 */
206static struct cfg80211_registered_device *
207cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
208{
209	return __cfg80211_rdev_from_attrs(netns, info->attrs);
210}
211
212/* policy for the attributes */
213static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
214	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
215	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
216				      .len = 20-1 },
217	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
218
219	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
220	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
221	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
222	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
223	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
224
225	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
226	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
227	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
228	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
229	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
230	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
231
232	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
233	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
234	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
235
236	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
237	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
238
239	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
240	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
241				    .len = WLAN_MAX_KEY_LEN },
242	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
243	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
244	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
245	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
246	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
247
248	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
249	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
250	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
251				       .len = IEEE80211_MAX_DATA_LEN },
252	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
253				       .len = IEEE80211_MAX_DATA_LEN },
254	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
255	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
256	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
257	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
258					       .len = NL80211_MAX_SUPP_RATES },
259	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
260	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
261	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
262	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
263				   .len = IEEE80211_MAX_MESH_ID_LEN },
264	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
265
266	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
267	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
268
269	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
270	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
271	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
272	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
273					   .len = NL80211_MAX_SUPP_RATES },
274	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
275
276	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
277	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
278
279	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
280
281	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
282	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
283			      .len = IEEE80211_MAX_DATA_LEN },
284	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
285	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
286
287	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
288				.len = IEEE80211_MAX_SSID_LEN },
289	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
290	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
291	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
292	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
293	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
294	[NL80211_ATTR_STA_FLAGS2] = {
295		.len = sizeof(struct nl80211_sta_flag_update),
296	},
297	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
298	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
299	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
300	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
301	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
302	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
303	[NL80211_ATTR_PID] = { .type = NLA_U32 },
304	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
305	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
306				 .len = WLAN_PMKID_LEN },
307	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
308	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
309	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
310	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
311				 .len = IEEE80211_MAX_DATA_LEN },
312	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
313	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
314	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
315	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
316	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
317	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
318	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
319	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
320	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
321	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
322	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
323	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
324	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
325	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
326	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
327	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
328	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
329	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
330	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
331	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
332					 .len = IEEE80211_MAX_DATA_LEN },
333	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
334					 .len = IEEE80211_MAX_DATA_LEN },
335	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
336	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
337	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
338	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
339	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
340	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
341	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
342	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
343	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
344	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
345	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
346				      .len = IEEE80211_MAX_DATA_LEN },
347	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
348	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
349	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
350		.len = NL80211_HT_CAPABILITY_LEN
351	},
352	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
353	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
354	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
355	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
356	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
357	[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
358	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
359	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
360	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
361	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
362	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
363	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
364	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
365	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
366	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
367	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
368	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
369		.len = NL80211_VHT_CAPABILITY_LEN,
370	},
371	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
372	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
373				  .len = IEEE80211_MAX_DATA_LEN },
374	[NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
375	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
376	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
377	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
378	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
379	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
380	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
381	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
382	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
383	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
384	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
385	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
386	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
387	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
388				   .len = IEEE80211_QOS_MAP_LEN_MAX },
389	[NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
390	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
391	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
392	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
393	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
394	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
395	[NL80211_ATTR_TSID] = { .type = NLA_U8 },
396	[NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
397	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
398	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
399	[NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
400	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
401	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
402	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
403	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
404};
405
406/* policy for the key attributes */
407static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
408	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
409	[NL80211_KEY_IDX] = { .type = NLA_U8 },
410	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
411	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
412	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
413	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
414	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
415	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
416};
417
418/* policy for the key default flags */
419static const struct nla_policy
420nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
421	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
422	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
423};
424
425/* policy for WoWLAN attributes */
426static const struct nla_policy
427nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
428	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
429	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
430	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
431	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
432	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
433	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
434	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
435	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
436	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
437	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
438};
439
440static const struct nla_policy
441nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
442	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
443	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
444	[NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
445	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
446	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
447	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
448	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
449		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
450	},
451	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
452		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
453	},
454	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
455	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
456	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
457};
458
459/* policy for coalesce rule attributes */
460static const struct nla_policy
461nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
462	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
463	[NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
464	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
465};
466
467/* policy for GTK rekey offload attributes */
468static const struct nla_policy
469nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
470	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
471	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
472	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
473};
474
475static const struct nla_policy
476nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
477	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
478						 .len = IEEE80211_MAX_SSID_LEN },
479	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
480};
481
482static const struct nla_policy
483nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
484	[NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
485	[NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
486};
487
488static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
489				     struct netlink_callback *cb,
490				     struct cfg80211_registered_device **rdev,
491				     struct wireless_dev **wdev)
492{
493	int err;
494
495	rtnl_lock();
496
497	if (!cb->args[0]) {
498		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
499				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
500				  nl80211_policy);
501		if (err)
502			goto out_unlock;
503
504		*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
505						   nl80211_fam.attrbuf);
506		if (IS_ERR(*wdev)) {
507			err = PTR_ERR(*wdev);
508			goto out_unlock;
509		}
510		*rdev = wiphy_to_rdev((*wdev)->wiphy);
511		/* 0 is the first index - add 1 to parse only once */
512		cb->args[0] = (*rdev)->wiphy_idx + 1;
513		cb->args[1] = (*wdev)->identifier;
514	} else {
515		/* subtract the 1 again here */
516		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
517		struct wireless_dev *tmp;
518
519		if (!wiphy) {
520			err = -ENODEV;
521			goto out_unlock;
522		}
523		*rdev = wiphy_to_rdev(wiphy);
524		*wdev = NULL;
525
526		list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
527			if (tmp->identifier == cb->args[1]) {
528				*wdev = tmp;
529				break;
530			}
531		}
532
533		if (!*wdev) {
534			err = -ENODEV;
535			goto out_unlock;
536		}
537	}
538
539	return 0;
540 out_unlock:
541	rtnl_unlock();
542	return err;
543}
544
545static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
546{
547	rtnl_unlock();
548}
549
550/* IE validation */
551static bool is_valid_ie_attr(const struct nlattr *attr)
552{
553	const u8 *pos;
554	int len;
555
556	if (!attr)
557		return true;
558
559	pos = nla_data(attr);
560	len = nla_len(attr);
561
562	while (len) {
563		u8 elemlen;
564
565		if (len < 2)
566			return false;
567		len -= 2;
568
569		elemlen = pos[1];
570		if (elemlen > len)
571			return false;
572
573		len -= elemlen;
574		pos += 2 + elemlen;
575	}
576
577	return true;
578}
579
580/* message building helper */
581static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
582				   int flags, u8 cmd)
583{
584	/* since there is no private header just add the generic one */
585	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
586}
587
588static int nl80211_msg_put_channel(struct sk_buff *msg,
589				   struct ieee80211_channel *chan,
590				   bool large)
591{
592	/* Some channels must be completely excluded from the
593	 * list to protect old user-space tools from breaking
594	 */
595	if (!large && chan->flags &
596	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
597		return 0;
598
599	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
600			chan->center_freq))
601		goto nla_put_failure;
602
603	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
604	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
605		goto nla_put_failure;
606	if (chan->flags & IEEE80211_CHAN_NO_IR) {
607		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
608			goto nla_put_failure;
609		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
610			goto nla_put_failure;
611	}
612	if (chan->flags & IEEE80211_CHAN_RADAR) {
613		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
614			goto nla_put_failure;
615		if (large) {
616			u32 time;
617
618			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
619
620			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
621					chan->dfs_state))
622				goto nla_put_failure;
623			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
624					time))
625				goto nla_put_failure;
626			if (nla_put_u32(msg,
627					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
628					chan->dfs_cac_ms))
629				goto nla_put_failure;
630		}
631	}
632
633	if (large) {
634		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
635		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
636			goto nla_put_failure;
637		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
638		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
639			goto nla_put_failure;
640		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
641		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
642			goto nla_put_failure;
643		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
644		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
645			goto nla_put_failure;
646		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
647		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
648			goto nla_put_failure;
649		if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
650		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
651			goto nla_put_failure;
652		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
653		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
654			goto nla_put_failure;
655		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
656		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
657			goto nla_put_failure;
658	}
659
660	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
661			DBM_TO_MBM(chan->max_power)))
662		goto nla_put_failure;
663
664	return 0;
665
666 nla_put_failure:
667	return -ENOBUFS;
668}
669
670/* netlink command implementations */
671
672struct key_parse {
673	struct key_params p;
674	int idx;
675	int type;
676	bool def, defmgmt;
677	bool def_uni, def_multi;
678};
679
680static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
681{
682	struct nlattr *tb[NL80211_KEY_MAX + 1];
683	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
684				   nl80211_key_policy);
685	if (err)
686		return err;
687
688	k->def = !!tb[NL80211_KEY_DEFAULT];
689	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
690
691	if (k->def) {
692		k->def_uni = true;
693		k->def_multi = true;
694	}
695	if (k->defmgmt)
696		k->def_multi = true;
697
698	if (tb[NL80211_KEY_IDX])
699		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
700
701	if (tb[NL80211_KEY_DATA]) {
702		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
703		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
704	}
705
706	if (tb[NL80211_KEY_SEQ]) {
707		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
708		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
709	}
710
711	if (tb[NL80211_KEY_CIPHER])
712		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
713
714	if (tb[NL80211_KEY_TYPE]) {
715		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
716		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
717			return -EINVAL;
718	}
719
720	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
721		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
722		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
723				       tb[NL80211_KEY_DEFAULT_TYPES],
724				       nl80211_key_default_policy);
725		if (err)
726			return err;
727
728		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
729		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
730	}
731
732	return 0;
733}
734
735static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
736{
737	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
738		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
739		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
740	}
741
742	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
743		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
744		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
745	}
746
747	if (info->attrs[NL80211_ATTR_KEY_IDX])
748		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
749
750	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
751		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
752
753	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
754	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
755
756	if (k->def) {
757		k->def_uni = true;
758		k->def_multi = true;
759	}
760	if (k->defmgmt)
761		k->def_multi = true;
762
763	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
764		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
765		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
766			return -EINVAL;
767	}
768
769	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
770		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
771		int err = nla_parse_nested(
772				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
773				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
774				nl80211_key_default_policy);
775		if (err)
776			return err;
777
778		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
779		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
780	}
781
782	return 0;
783}
784
785static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
786{
787	int err;
788
789	memset(k, 0, sizeof(*k));
790	k->idx = -1;
791	k->type = -1;
792
793	if (info->attrs[NL80211_ATTR_KEY])
794		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
795	else
796		err = nl80211_parse_key_old(info, k);
797
798	if (err)
799		return err;
800
801	if (k->def && k->defmgmt)
802		return -EINVAL;
803
804	if (k->defmgmt) {
805		if (k->def_uni || !k->def_multi)
806			return -EINVAL;
807	}
808
809	if (k->idx != -1) {
810		if (k->defmgmt) {
811			if (k->idx < 4 || k->idx > 5)
812				return -EINVAL;
813		} else if (k->def) {
814			if (k->idx < 0 || k->idx > 3)
815				return -EINVAL;
816		} else {
817			if (k->idx < 0 || k->idx > 5)
818				return -EINVAL;
819		}
820	}
821
822	return 0;
823}
824
825static struct cfg80211_cached_keys *
826nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
827		       struct nlattr *keys, bool *no_ht)
828{
829	struct key_parse parse;
830	struct nlattr *key;
831	struct cfg80211_cached_keys *result;
832	int rem, err, def = 0;
833
834	result = kzalloc(sizeof(*result), GFP_KERNEL);
835	if (!result)
836		return ERR_PTR(-ENOMEM);
837
838	result->def = -1;
839	result->defmgmt = -1;
840
841	nla_for_each_nested(key, keys, rem) {
842		memset(&parse, 0, sizeof(parse));
843		parse.idx = -1;
844
845		err = nl80211_parse_key_new(key, &parse);
846		if (err)
847			goto error;
848		err = -EINVAL;
849		if (!parse.p.key)
850			goto error;
851		if (parse.idx < 0 || parse.idx > 4)
852			goto error;
853		if (parse.def) {
854			if (def)
855				goto error;
856			def = 1;
857			result->def = parse.idx;
858			if (!parse.def_uni || !parse.def_multi)
859				goto error;
860		} else if (parse.defmgmt)
861			goto error;
862		err = cfg80211_validate_key_settings(rdev, &parse.p,
863						     parse.idx, false, NULL);
864		if (err)
865			goto error;
866		result->params[parse.idx].cipher = parse.p.cipher;
867		result->params[parse.idx].key_len = parse.p.key_len;
868		result->params[parse.idx].key = result->data[parse.idx];
869		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
870
871		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
872		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
873			if (no_ht)
874				*no_ht = true;
875		}
876	}
877
878	return result;
879 error:
880	kfree(result);
881	return ERR_PTR(err);
882}
883
884static int nl80211_key_allowed(struct wireless_dev *wdev)
885{
886	ASSERT_WDEV_LOCK(wdev);
887
888	switch (wdev->iftype) {
889	case NL80211_IFTYPE_AP:
890	case NL80211_IFTYPE_AP_VLAN:
891	case NL80211_IFTYPE_P2P_GO:
892	case NL80211_IFTYPE_MESH_POINT:
893		break;
894	case NL80211_IFTYPE_ADHOC:
895	case NL80211_IFTYPE_STATION:
896	case NL80211_IFTYPE_P2P_CLIENT:
897		if (!wdev->current_bss)
898			return -ENOLINK;
899		break;
900	case NL80211_IFTYPE_UNSPECIFIED:
901	case NL80211_IFTYPE_OCB:
902	case NL80211_IFTYPE_MONITOR:
903	case NL80211_IFTYPE_P2P_DEVICE:
904	case NL80211_IFTYPE_WDS:
905	case NUM_NL80211_IFTYPES:
906		return -EINVAL;
907	}
908
909	return 0;
910}
911
912static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
913							struct nlattr *tb)
914{
915	struct ieee80211_channel *chan;
916
917	if (tb == NULL)
918		return NULL;
919	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
920	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
921		return NULL;
922	return chan;
923}
924
925static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
926{
927	struct nlattr *nl_modes = nla_nest_start(msg, attr);
928	int i;
929
930	if (!nl_modes)
931		goto nla_put_failure;
932
933	i = 0;
934	while (ifmodes) {
935		if ((ifmodes & 1) && nla_put_flag(msg, i))
936			goto nla_put_failure;
937		ifmodes >>= 1;
938		i++;
939	}
940
941	nla_nest_end(msg, nl_modes);
942	return 0;
943
944nla_put_failure:
945	return -ENOBUFS;
946}
947
948static int nl80211_put_iface_combinations(struct wiphy *wiphy,
949					  struct sk_buff *msg,
950					  bool large)
951{
952	struct nlattr *nl_combis;
953	int i, j;
954
955	nl_combis = nla_nest_start(msg,
956				NL80211_ATTR_INTERFACE_COMBINATIONS);
957	if (!nl_combis)
958		goto nla_put_failure;
959
960	for (i = 0; i < wiphy->n_iface_combinations; i++) {
961		const struct ieee80211_iface_combination *c;
962		struct nlattr *nl_combi, *nl_limits;
963
964		c = &wiphy->iface_combinations[i];
965
966		nl_combi = nla_nest_start(msg, i + 1);
967		if (!nl_combi)
968			goto nla_put_failure;
969
970		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
971		if (!nl_limits)
972			goto nla_put_failure;
973
974		for (j = 0; j < c->n_limits; j++) {
975			struct nlattr *nl_limit;
976
977			nl_limit = nla_nest_start(msg, j + 1);
978			if (!nl_limit)
979				goto nla_put_failure;
980			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
981					c->limits[j].max))
982				goto nla_put_failure;
983			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
984						c->limits[j].types))
985				goto nla_put_failure;
986			nla_nest_end(msg, nl_limit);
987		}
988
989		nla_nest_end(msg, nl_limits);
990
991		if (c->beacon_int_infra_match &&
992		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
993			goto nla_put_failure;
994		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
995				c->num_different_channels) ||
996		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
997				c->max_interfaces))
998			goto nla_put_failure;
999		if (large &&
1000		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1001				c->radar_detect_widths) ||
1002		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1003				c->radar_detect_regions)))
1004			goto nla_put_failure;
1005
1006		nla_nest_end(msg, nl_combi);
1007	}
1008
1009	nla_nest_end(msg, nl_combis);
1010
1011	return 0;
1012nla_put_failure:
1013	return -ENOBUFS;
1014}
1015
1016#ifdef CONFIG_PM
1017static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1018					struct sk_buff *msg)
1019{
1020	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1021	struct nlattr *nl_tcp;
1022
1023	if (!tcp)
1024		return 0;
1025
1026	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1027	if (!nl_tcp)
1028		return -ENOBUFS;
1029
1030	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1031			tcp->data_payload_max))
1032		return -ENOBUFS;
1033
1034	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1035			tcp->data_payload_max))
1036		return -ENOBUFS;
1037
1038	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1039		return -ENOBUFS;
1040
1041	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1042				sizeof(*tcp->tok), tcp->tok))
1043		return -ENOBUFS;
1044
1045	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1046			tcp->data_interval_max))
1047		return -ENOBUFS;
1048
1049	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1050			tcp->wake_payload_max))
1051		return -ENOBUFS;
1052
1053	nla_nest_end(msg, nl_tcp);
1054	return 0;
1055}
1056
1057static int nl80211_send_wowlan(struct sk_buff *msg,
1058			       struct cfg80211_registered_device *rdev,
1059			       bool large)
1060{
1061	struct nlattr *nl_wowlan;
1062
1063	if (!rdev->wiphy.wowlan)
1064		return 0;
1065
1066	nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1067	if (!nl_wowlan)
1068		return -ENOBUFS;
1069
1070	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1071	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1072	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1073	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1074	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1075	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1076	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1077	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1078	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1079	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1080	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1081	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1082	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1083	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1084	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1085	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1086		return -ENOBUFS;
1087
1088	if (rdev->wiphy.wowlan->n_patterns) {
1089		struct nl80211_pattern_support pat = {
1090			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1091			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1092			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1093			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1094		};
1095
1096		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1097			    sizeof(pat), &pat))
1098			return -ENOBUFS;
1099	}
1100
1101	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1102	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1103			rdev->wiphy.wowlan->max_nd_match_sets))
1104		return -ENOBUFS;
1105
1106	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1107		return -ENOBUFS;
1108
1109	nla_nest_end(msg, nl_wowlan);
1110
1111	return 0;
1112}
1113#endif
1114
1115static int nl80211_send_coalesce(struct sk_buff *msg,
1116				 struct cfg80211_registered_device *rdev)
1117{
1118	struct nl80211_coalesce_rule_support rule;
1119
1120	if (!rdev->wiphy.coalesce)
1121		return 0;
1122
1123	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1124	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1125	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1126	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1127	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1128	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1129
1130	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1131		return -ENOBUFS;
1132
1133	return 0;
1134}
1135
1136static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1137				      struct ieee80211_supported_band *sband)
1138{
1139	struct nlattr *nl_rates, *nl_rate;
1140	struct ieee80211_rate *rate;
1141	int i;
1142
1143	/* add HT info */
1144	if (sband->ht_cap.ht_supported &&
1145	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1146		     sizeof(sband->ht_cap.mcs),
1147		     &sband->ht_cap.mcs) ||
1148	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1149			 sband->ht_cap.cap) ||
1150	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1151			sband->ht_cap.ampdu_factor) ||
1152	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1153			sband->ht_cap.ampdu_density)))
1154		return -ENOBUFS;
1155
1156	/* add VHT info */
1157	if (sband->vht_cap.vht_supported &&
1158	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1159		     sizeof(sband->vht_cap.vht_mcs),
1160		     &sband->vht_cap.vht_mcs) ||
1161	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1162			 sband->vht_cap.cap)))
1163		return -ENOBUFS;
1164
1165	/* add bitrates */
1166	nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1167	if (!nl_rates)
1168		return -ENOBUFS;
1169
1170	for (i = 0; i < sband->n_bitrates; i++) {
1171		nl_rate = nla_nest_start(msg, i);
1172		if (!nl_rate)
1173			return -ENOBUFS;
1174
1175		rate = &sband->bitrates[i];
1176		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1177				rate->bitrate))
1178			return -ENOBUFS;
1179		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1180		    nla_put_flag(msg,
1181				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1182			return -ENOBUFS;
1183
1184		nla_nest_end(msg, nl_rate);
1185	}
1186
1187	nla_nest_end(msg, nl_rates);
1188
1189	return 0;
1190}
1191
1192static int
1193nl80211_send_mgmt_stypes(struct sk_buff *msg,
1194			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1195{
1196	u16 stypes;
1197	struct nlattr *nl_ftypes, *nl_ifs;
1198	enum nl80211_iftype ift;
1199	int i;
1200
1201	if (!mgmt_stypes)
1202		return 0;
1203
1204	nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1205	if (!nl_ifs)
1206		return -ENOBUFS;
1207
1208	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1209		nl_ftypes = nla_nest_start(msg, ift);
1210		if (!nl_ftypes)
1211			return -ENOBUFS;
1212		i = 0;
1213		stypes = mgmt_stypes[ift].tx;
1214		while (stypes) {
1215			if ((stypes & 1) &&
1216			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1217					(i << 4) | IEEE80211_FTYPE_MGMT))
1218				return -ENOBUFS;
1219			stypes >>= 1;
1220			i++;
1221		}
1222		nla_nest_end(msg, nl_ftypes);
1223	}
1224
1225	nla_nest_end(msg, nl_ifs);
1226
1227	nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1228	if (!nl_ifs)
1229		return -ENOBUFS;
1230
1231	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1232		nl_ftypes = nla_nest_start(msg, ift);
1233		if (!nl_ftypes)
1234			return -ENOBUFS;
1235		i = 0;
1236		stypes = mgmt_stypes[ift].rx;
1237		while (stypes) {
1238			if ((stypes & 1) &&
1239			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1240					(i << 4) | IEEE80211_FTYPE_MGMT))
1241				return -ENOBUFS;
1242			stypes >>= 1;
1243			i++;
1244		}
1245		nla_nest_end(msg, nl_ftypes);
1246	}
1247	nla_nest_end(msg, nl_ifs);
1248
1249	return 0;
1250}
1251
1252struct nl80211_dump_wiphy_state {
1253	s64 filter_wiphy;
1254	long start;
1255	long split_start, band_start, chan_start;
1256	bool split;
1257};
1258
1259static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1260			      enum nl80211_commands cmd,
1261			      struct sk_buff *msg, u32 portid, u32 seq,
1262			      int flags, struct nl80211_dump_wiphy_state *state)
1263{
1264	void *hdr;
1265	struct nlattr *nl_bands, *nl_band;
1266	struct nlattr *nl_freqs, *nl_freq;
1267	struct nlattr *nl_cmds;
1268	enum ieee80211_band band;
1269	struct ieee80211_channel *chan;
1270	int i;
1271	const struct ieee80211_txrx_stypes *mgmt_stypes =
1272				rdev->wiphy.mgmt_stypes;
1273	u32 features;
1274
1275	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1276	if (!hdr)
1277		return -ENOBUFS;
1278
1279	if (WARN_ON(!state))
1280		return -EINVAL;
1281
1282	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1283	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1284			   wiphy_name(&rdev->wiphy)) ||
1285	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1286			cfg80211_rdev_list_generation))
1287		goto nla_put_failure;
1288
1289	if (cmd != NL80211_CMD_NEW_WIPHY)
1290		goto finish;
1291
1292	switch (state->split_start) {
1293	case 0:
1294		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1295			       rdev->wiphy.retry_short) ||
1296		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1297			       rdev->wiphy.retry_long) ||
1298		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1299				rdev->wiphy.frag_threshold) ||
1300		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1301				rdev->wiphy.rts_threshold) ||
1302		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1303			       rdev->wiphy.coverage_class) ||
1304		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1305			       rdev->wiphy.max_scan_ssids) ||
1306		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1307			       rdev->wiphy.max_sched_scan_ssids) ||
1308		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1309				rdev->wiphy.max_scan_ie_len) ||
1310		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1311				rdev->wiphy.max_sched_scan_ie_len) ||
1312		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1313			       rdev->wiphy.max_match_sets) ||
1314		    nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1315				rdev->wiphy.max_sched_scan_plans) ||
1316		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1317				rdev->wiphy.max_sched_scan_plan_interval) ||
1318		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1319				rdev->wiphy.max_sched_scan_plan_iterations))
1320			goto nla_put_failure;
1321
1322		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1323		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1324			goto nla_put_failure;
1325		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1326		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1327			goto nla_put_failure;
1328		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1329		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1330			goto nla_put_failure;
1331		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1332		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1333			goto nla_put_failure;
1334		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1335		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1336			goto nla_put_failure;
1337		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1338		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1339			goto nla_put_failure;
1340		state->split_start++;
1341		if (state->split)
1342			break;
1343	case 1:
1344		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1345			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
1346			    rdev->wiphy.cipher_suites))
1347			goto nla_put_failure;
1348
1349		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1350			       rdev->wiphy.max_num_pmkids))
1351			goto nla_put_failure;
1352
1353		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1354		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1355			goto nla_put_failure;
1356
1357		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1358				rdev->wiphy.available_antennas_tx) ||
1359		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1360				rdev->wiphy.available_antennas_rx))
1361			goto nla_put_failure;
1362
1363		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1364		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1365				rdev->wiphy.probe_resp_offload))
1366			goto nla_put_failure;
1367
1368		if ((rdev->wiphy.available_antennas_tx ||
1369		     rdev->wiphy.available_antennas_rx) &&
1370		    rdev->ops->get_antenna) {
1371			u32 tx_ant = 0, rx_ant = 0;
1372			int res;
1373			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1374			if (!res) {
1375				if (nla_put_u32(msg,
1376						NL80211_ATTR_WIPHY_ANTENNA_TX,
1377						tx_ant) ||
1378				    nla_put_u32(msg,
1379						NL80211_ATTR_WIPHY_ANTENNA_RX,
1380						rx_ant))
1381					goto nla_put_failure;
1382			}
1383		}
1384
1385		state->split_start++;
1386		if (state->split)
1387			break;
1388	case 2:
1389		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1390					rdev->wiphy.interface_modes))
1391				goto nla_put_failure;
1392		state->split_start++;
1393		if (state->split)
1394			break;
1395	case 3:
1396		nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1397		if (!nl_bands)
1398			goto nla_put_failure;
1399
1400		for (band = state->band_start;
1401		     band < IEEE80211_NUM_BANDS; band++) {
1402			struct ieee80211_supported_band *sband;
1403
1404			sband = rdev->wiphy.bands[band];
1405
1406			if (!sband)
1407				continue;
1408
1409			nl_band = nla_nest_start(msg, band);
1410			if (!nl_band)
1411				goto nla_put_failure;
1412
1413			switch (state->chan_start) {
1414			case 0:
1415				if (nl80211_send_band_rateinfo(msg, sband))
1416					goto nla_put_failure;
1417				state->chan_start++;
1418				if (state->split)
1419					break;
1420			default:
1421				/* add frequencies */
1422				nl_freqs = nla_nest_start(
1423					msg, NL80211_BAND_ATTR_FREQS);
1424				if (!nl_freqs)
1425					goto nla_put_failure;
1426
1427				for (i = state->chan_start - 1;
1428				     i < sband->n_channels;
1429				     i++) {
1430					nl_freq = nla_nest_start(msg, i);
1431					if (!nl_freq)
1432						goto nla_put_failure;
1433
1434					chan = &sband->channels[i];
1435
1436					if (nl80211_msg_put_channel(
1437							msg, chan,
1438							state->split))
1439						goto nla_put_failure;
1440
1441					nla_nest_end(msg, nl_freq);
1442					if (state->split)
1443						break;
1444				}
1445				if (i < sband->n_channels)
1446					state->chan_start = i + 2;
1447				else
1448					state->chan_start = 0;
1449				nla_nest_end(msg, nl_freqs);
1450			}
1451
1452			nla_nest_end(msg, nl_band);
1453
1454			if (state->split) {
1455				/* start again here */
1456				if (state->chan_start)
1457					band--;
1458				break;
1459			}
1460		}
1461		nla_nest_end(msg, nl_bands);
1462
1463		if (band < IEEE80211_NUM_BANDS)
1464			state->band_start = band + 1;
1465		else
1466			state->band_start = 0;
1467
1468		/* if bands & channels are done, continue outside */
1469		if (state->band_start == 0 && state->chan_start == 0)
1470			state->split_start++;
1471		if (state->split)
1472			break;
1473	case 4:
1474		nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1475		if (!nl_cmds)
1476			goto nla_put_failure;
1477
1478		i = 0;
1479#define CMD(op, n)							\
1480		 do {							\
1481			if (rdev->ops->op) {				\
1482				i++;					\
1483				if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1484					goto nla_put_failure;		\
1485			}						\
1486		} while (0)
1487
1488		CMD(add_virtual_intf, NEW_INTERFACE);
1489		CMD(change_virtual_intf, SET_INTERFACE);
1490		CMD(add_key, NEW_KEY);
1491		CMD(start_ap, START_AP);
1492		CMD(add_station, NEW_STATION);
1493		CMD(add_mpath, NEW_MPATH);
1494		CMD(update_mesh_config, SET_MESH_CONFIG);
1495		CMD(change_bss, SET_BSS);
1496		CMD(auth, AUTHENTICATE);
1497		CMD(assoc, ASSOCIATE);
1498		CMD(deauth, DEAUTHENTICATE);
1499		CMD(disassoc, DISASSOCIATE);
1500		CMD(join_ibss, JOIN_IBSS);
1501		CMD(join_mesh, JOIN_MESH);
1502		CMD(set_pmksa, SET_PMKSA);
1503		CMD(del_pmksa, DEL_PMKSA);
1504		CMD(flush_pmksa, FLUSH_PMKSA);
1505		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1506			CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1507		CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1508		CMD(mgmt_tx, FRAME);
1509		CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1510		if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1511			i++;
1512			if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1513				goto nla_put_failure;
1514		}
1515		if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1516		    rdev->ops->join_mesh) {
1517			i++;
1518			if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1519				goto nla_put_failure;
1520		}
1521		CMD(set_wds_peer, SET_WDS_PEER);
1522		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1523			CMD(tdls_mgmt, TDLS_MGMT);
1524			CMD(tdls_oper, TDLS_OPER);
1525		}
1526		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1527			CMD(sched_scan_start, START_SCHED_SCAN);
1528		CMD(probe_client, PROBE_CLIENT);
1529		CMD(set_noack_map, SET_NOACK_MAP);
1530		if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1531			i++;
1532			if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1533				goto nla_put_failure;
1534		}
1535		CMD(start_p2p_device, START_P2P_DEVICE);
1536		CMD(set_mcast_rate, SET_MCAST_RATE);
1537#ifdef CONFIG_NL80211_TESTMODE
1538		CMD(testmode_cmd, TESTMODE);
1539#endif
1540		if (state->split) {
1541			CMD(crit_proto_start, CRIT_PROTOCOL_START);
1542			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1543			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1544				CMD(channel_switch, CHANNEL_SWITCH);
1545			CMD(set_qos_map, SET_QOS_MAP);
1546			if (rdev->wiphy.features &
1547					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1548				CMD(add_tx_ts, ADD_TX_TS);
1549		}
1550		/* add into the if now */
1551#undef CMD
1552
1553		if (rdev->ops->connect || rdev->ops->auth) {
1554			i++;
1555			if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1556				goto nla_put_failure;
1557		}
1558
1559		if (rdev->ops->disconnect || rdev->ops->deauth) {
1560			i++;
1561			if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1562				goto nla_put_failure;
1563		}
1564
1565		nla_nest_end(msg, nl_cmds);
1566		state->split_start++;
1567		if (state->split)
1568			break;
1569	case 5:
1570		if (rdev->ops->remain_on_channel &&
1571		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1572		    nla_put_u32(msg,
1573				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1574				rdev->wiphy.max_remain_on_channel_duration))
1575			goto nla_put_failure;
1576
1577		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1578		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1579			goto nla_put_failure;
1580
1581		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1582			goto nla_put_failure;
1583		state->split_start++;
1584		if (state->split)
1585			break;
1586	case 6:
1587#ifdef CONFIG_PM
1588		if (nl80211_send_wowlan(msg, rdev, state->split))
1589			goto nla_put_failure;
1590		state->split_start++;
1591		if (state->split)
1592			break;
1593#else
1594		state->split_start++;
1595#endif
1596	case 7:
1597		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1598					rdev->wiphy.software_iftypes))
1599			goto nla_put_failure;
1600
1601		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1602						   state->split))
1603			goto nla_put_failure;
1604
1605		state->split_start++;
1606		if (state->split)
1607			break;
1608	case 8:
1609		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1610		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1611				rdev->wiphy.ap_sme_capa))
1612			goto nla_put_failure;
1613
1614		features = rdev->wiphy.features;
1615		/*
1616		 * We can only add the per-channel limit information if the
1617		 * dump is split, otherwise it makes it too big. Therefore
1618		 * only advertise it in that case.
1619		 */
1620		if (state->split)
1621			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1622		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1623			goto nla_put_failure;
1624
1625		if (rdev->wiphy.ht_capa_mod_mask &&
1626		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1627			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
1628			    rdev->wiphy.ht_capa_mod_mask))
1629			goto nla_put_failure;
1630
1631		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1632		    rdev->wiphy.max_acl_mac_addrs &&
1633		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1634				rdev->wiphy.max_acl_mac_addrs))
1635			goto nla_put_failure;
1636
1637		/*
1638		 * Any information below this point is only available to
1639		 * applications that can deal with it being split. This
1640		 * helps ensure that newly added capabilities don't break
1641		 * older tools by overrunning their buffers.
1642		 *
1643		 * We still increment split_start so that in the split
1644		 * case we'll continue with more data in the next round,
1645		 * but break unconditionally so unsplit data stops here.
1646		 */
1647		state->split_start++;
1648		break;
1649	case 9:
1650		if (rdev->wiphy.extended_capabilities &&
1651		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1652			     rdev->wiphy.extended_capabilities_len,
1653			     rdev->wiphy.extended_capabilities) ||
1654		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1655			     rdev->wiphy.extended_capabilities_len,
1656			     rdev->wiphy.extended_capabilities_mask)))
1657			goto nla_put_failure;
1658
1659		if (rdev->wiphy.vht_capa_mod_mask &&
1660		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1661			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
1662			    rdev->wiphy.vht_capa_mod_mask))
1663			goto nla_put_failure;
1664
1665		state->split_start++;
1666		break;
1667	case 10:
1668		if (nl80211_send_coalesce(msg, rdev))
1669			goto nla_put_failure;
1670
1671		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1672		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1673		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1674			goto nla_put_failure;
1675
1676		if (rdev->wiphy.max_ap_assoc_sta &&
1677		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1678				rdev->wiphy.max_ap_assoc_sta))
1679			goto nla_put_failure;
1680
1681		state->split_start++;
1682		break;
1683	case 11:
1684		if (rdev->wiphy.n_vendor_commands) {
1685			const struct nl80211_vendor_cmd_info *info;
1686			struct nlattr *nested;
1687
1688			nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1689			if (!nested)
1690				goto nla_put_failure;
1691
1692			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1693				info = &rdev->wiphy.vendor_commands[i].info;
1694				if (nla_put(msg, i + 1, sizeof(*info), info))
1695					goto nla_put_failure;
1696			}
1697			nla_nest_end(msg, nested);
1698		}
1699
1700		if (rdev->wiphy.n_vendor_events) {
1701			const struct nl80211_vendor_cmd_info *info;
1702			struct nlattr *nested;
1703
1704			nested = nla_nest_start(msg,
1705						NL80211_ATTR_VENDOR_EVENTS);
1706			if (!nested)
1707				goto nla_put_failure;
1708
1709			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1710				info = &rdev->wiphy.vendor_events[i];
1711				if (nla_put(msg, i + 1, sizeof(*info), info))
1712					goto nla_put_failure;
1713			}
1714			nla_nest_end(msg, nested);
1715		}
1716		state->split_start++;
1717		break;
1718	case 12:
1719		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1720		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1721			       rdev->wiphy.max_num_csa_counters))
1722			goto nla_put_failure;
1723
1724		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1725		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1726			goto nla_put_failure;
1727
1728		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
1729			    sizeof(rdev->wiphy.ext_features),
1730			    rdev->wiphy.ext_features))
1731			goto nla_put_failure;
1732
1733		/* done */
1734		state->split_start = 0;
1735		break;
1736	}
1737 finish:
1738	genlmsg_end(msg, hdr);
1739	return 0;
1740
1741 nla_put_failure:
1742	genlmsg_cancel(msg, hdr);
1743	return -EMSGSIZE;
1744}
1745
1746static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1747				    struct netlink_callback *cb,
1748				    struct nl80211_dump_wiphy_state *state)
1749{
1750	struct nlattr **tb = nl80211_fam.attrbuf;
1751	int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1752			      tb, nl80211_fam.maxattr, nl80211_policy);
1753	/* ignore parse errors for backward compatibility */
1754	if (ret)
1755		return 0;
1756
1757	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1758	if (tb[NL80211_ATTR_WIPHY])
1759		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1760	if (tb[NL80211_ATTR_WDEV])
1761		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1762	if (tb[NL80211_ATTR_IFINDEX]) {
1763		struct net_device *netdev;
1764		struct cfg80211_registered_device *rdev;
1765		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1766
1767		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1768		if (!netdev)
1769			return -ENODEV;
1770		if (netdev->ieee80211_ptr) {
1771			rdev = wiphy_to_rdev(
1772				netdev->ieee80211_ptr->wiphy);
1773			state->filter_wiphy = rdev->wiphy_idx;
1774		}
1775	}
1776
1777	return 0;
1778}
1779
1780static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1781{
1782	int idx = 0, ret;
1783	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1784	struct cfg80211_registered_device *rdev;
1785
1786	rtnl_lock();
1787	if (!state) {
1788		state = kzalloc(sizeof(*state), GFP_KERNEL);
1789		if (!state) {
1790			rtnl_unlock();
1791			return -ENOMEM;
1792		}
1793		state->filter_wiphy = -1;
1794		ret = nl80211_dump_wiphy_parse(skb, cb, state);
1795		if (ret) {
1796			kfree(state);
1797			rtnl_unlock();
1798			return ret;
1799		}
1800		cb->args[0] = (long)state;
1801	}
1802
1803	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1804		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1805			continue;
1806		if (++idx <= state->start)
1807			continue;
1808		if (state->filter_wiphy != -1 &&
1809		    state->filter_wiphy != rdev->wiphy_idx)
1810			continue;
1811		/* attempt to fit multiple wiphy data chunks into the skb */
1812		do {
1813			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
1814						 skb,
1815						 NETLINK_CB(cb->skb).portid,
1816						 cb->nlh->nlmsg_seq,
1817						 NLM_F_MULTI, state);
1818			if (ret < 0) {
1819				/*
1820				 * If sending the wiphy data didn't fit (ENOBUFS
1821				 * or EMSGSIZE returned), this SKB is still
1822				 * empty (so it's not too big because another
1823				 * wiphy dataset is already in the skb) and
1824				 * we've not tried to adjust the dump allocation
1825				 * yet ... then adjust the alloc size to be
1826				 * bigger, and return 1 but with the empty skb.
1827				 * This results in an empty message being RX'ed
1828				 * in userspace, but that is ignored.
1829				 *
1830				 * We can then retry with the larger buffer.
1831				 */
1832				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1833				    !skb->len && !state->split &&
1834				    cb->min_dump_alloc < 4096) {
1835					cb->min_dump_alloc = 4096;
1836					state->split_start = 0;
1837					rtnl_unlock();
1838					return 1;
1839				}
1840				idx--;
1841				break;
1842			}
1843		} while (state->split_start > 0);
1844		break;
1845	}
1846	rtnl_unlock();
1847
1848	state->start = idx;
1849
1850	return skb->len;
1851}
1852
1853static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1854{
1855	kfree((void *)cb->args[0]);
1856	return 0;
1857}
1858
1859static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1860{
1861	struct sk_buff *msg;
1862	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1863	struct nl80211_dump_wiphy_state state = {};
1864
1865	msg = nlmsg_new(4096, GFP_KERNEL);
1866	if (!msg)
1867		return -ENOMEM;
1868
1869	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
1870			       info->snd_portid, info->snd_seq, 0,
1871			       &state) < 0) {
1872		nlmsg_free(msg);
1873		return -ENOBUFS;
1874	}
1875
1876	return genlmsg_reply(msg, info);
1877}
1878
1879static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1880	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1881	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1882	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1883	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1884	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1885};
1886
1887static int parse_txq_params(struct nlattr *tb[],
1888			    struct ieee80211_txq_params *txq_params)
1889{
1890	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1891	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1892	    !tb[NL80211_TXQ_ATTR_AIFS])
1893		return -EINVAL;
1894
1895	txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1896	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1897	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1898	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1899	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1900
1901	if (txq_params->ac >= NL80211_NUM_ACS)
1902		return -EINVAL;
1903
1904	return 0;
1905}
1906
1907static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1908{
1909	/*
1910	 * You can only set the channel explicitly for WDS interfaces,
1911	 * all others have their channel managed via their respective
1912	 * "establish a connection" command (connect, join, ...)
1913	 *
1914	 * For AP/GO and mesh mode, the channel can be set with the
1915	 * channel userspace API, but is only stored and passed to the
1916	 * low-level driver when the AP starts or the mesh is joined.
1917	 * This is for backward compatibility, userspace can also give
1918	 * the channel in the start-ap or join-mesh commands instead.
1919	 *
1920	 * Monitors are special as they are normally slaved to
1921	 * whatever else is going on, so they have their own special
1922	 * operation to set the monitor channel if possible.
1923	 */
1924	return !wdev ||
1925		wdev->iftype == NL80211_IFTYPE_AP ||
1926		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1927		wdev->iftype == NL80211_IFTYPE_MONITOR ||
1928		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1929}
1930
1931static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1932				 struct genl_info *info,
1933				 struct cfg80211_chan_def *chandef)
1934{
1935	u32 control_freq;
1936
1937	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1938		return -EINVAL;
1939
1940	control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1941
1942	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1943	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1944	chandef->center_freq1 = control_freq;
1945	chandef->center_freq2 = 0;
1946
1947	/* Primary channel not allowed */
1948	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1949		return -EINVAL;
1950
1951	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1952		enum nl80211_channel_type chantype;
1953
1954		chantype = nla_get_u32(
1955				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1956
1957		switch (chantype) {
1958		case NL80211_CHAN_NO_HT:
1959		case NL80211_CHAN_HT20:
1960		case NL80211_CHAN_HT40PLUS:
1961		case NL80211_CHAN_HT40MINUS:
1962			cfg80211_chandef_create(chandef, chandef->chan,
1963						chantype);
1964			break;
1965		default:
1966			return -EINVAL;
1967		}
1968	} else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1969		chandef->width =
1970			nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1971		if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1972			chandef->center_freq1 =
1973				nla_get_u32(
1974					info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1975		if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1976			chandef->center_freq2 =
1977				nla_get_u32(
1978					info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1979	}
1980
1981	if (!cfg80211_chandef_valid(chandef))
1982		return -EINVAL;
1983
1984	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1985				     IEEE80211_CHAN_DISABLED))
1986		return -EINVAL;
1987
1988	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1989	     chandef->width == NL80211_CHAN_WIDTH_10) &&
1990	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1991		return -EINVAL;
1992
1993	return 0;
1994}
1995
1996static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1997				 struct net_device *dev,
1998				 struct genl_info *info)
1999{
2000	struct cfg80211_chan_def chandef;
2001	int result;
2002	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2003	struct wireless_dev *wdev = NULL;
2004
2005	if (dev)
2006		wdev = dev->ieee80211_ptr;
2007	if (!nl80211_can_set_dev_channel(wdev))
2008		return -EOPNOTSUPP;
2009	if (wdev)
2010		iftype = wdev->iftype;
2011
2012	result = nl80211_parse_chandef(rdev, info, &chandef);
2013	if (result)
2014		return result;
2015
2016	switch (iftype) {
2017	case NL80211_IFTYPE_AP:
2018	case NL80211_IFTYPE_P2P_GO:
2019		if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2020						   iftype)) {
2021			result = -EINVAL;
2022			break;
2023		}
2024		if (wdev->beacon_interval) {
2025			if (!dev || !rdev->ops->set_ap_chanwidth ||
2026			    !(rdev->wiphy.features &
2027			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2028				result = -EBUSY;
2029				break;
2030			}
2031
2032			/* Only allow dynamic channel width changes */
2033			if (chandef.chan != wdev->preset_chandef.chan) {
2034				result = -EBUSY;
2035				break;
2036			}
2037			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2038			if (result)
2039				break;
2040		}
2041		wdev->preset_chandef = chandef;
2042		result = 0;
2043		break;
2044	case NL80211_IFTYPE_MESH_POINT:
2045		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2046		break;
2047	case NL80211_IFTYPE_MONITOR:
2048		result = cfg80211_set_monitor_channel(rdev, &chandef);
2049		break;
2050	default:
2051		result = -EINVAL;
2052	}
2053
2054	return result;
2055}
2056
2057static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2058{
2059	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2060	struct net_device *netdev = info->user_ptr[1];
2061
2062	return __nl80211_set_channel(rdev, netdev, info);
2063}
2064
2065static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2066{
2067	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2068	struct net_device *dev = info->user_ptr[1];
2069	struct wireless_dev *wdev = dev->ieee80211_ptr;
2070	const u8 *bssid;
2071
2072	if (!info->attrs[NL80211_ATTR_MAC])
2073		return -EINVAL;
2074
2075	if (netif_running(dev))
2076		return -EBUSY;
2077
2078	if (!rdev->ops->set_wds_peer)
2079		return -EOPNOTSUPP;
2080
2081	if (wdev->iftype != NL80211_IFTYPE_WDS)
2082		return -EOPNOTSUPP;
2083
2084	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2085	return rdev_set_wds_peer(rdev, dev, bssid);
2086}
2087
2088
2089static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2090{
2091	struct cfg80211_registered_device *rdev;
2092	struct net_device *netdev = NULL;
2093	struct wireless_dev *wdev;
2094	int result = 0, rem_txq_params = 0;
2095	struct nlattr *nl_txq_params;
2096	u32 changed;
2097	u8 retry_short = 0, retry_long = 0;
2098	u32 frag_threshold = 0, rts_threshold = 0;
2099	u8 coverage_class = 0;
2100
2101	ASSERT_RTNL();
2102
2103	/*
2104	 * Try to find the wiphy and netdev. Normally this
2105	 * function shouldn't need the netdev, but this is
2106	 * done for backward compatibility -- previously
2107	 * setting the channel was done per wiphy, but now
2108	 * it is per netdev. Previous userland like hostapd
2109	 * also passed a netdev to set_wiphy, so that it is
2110	 * possible to let that go to the right netdev!
2111	 */
2112
2113	if (info->attrs[NL80211_ATTR_IFINDEX]) {
2114		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2115
2116		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2117		if (netdev && netdev->ieee80211_ptr)
2118			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2119		else
2120			netdev = NULL;
2121	}
2122
2123	if (!netdev) {
2124		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2125						  info->attrs);
2126		if (IS_ERR(rdev))
2127			return PTR_ERR(rdev);
2128		wdev = NULL;
2129		netdev = NULL;
2130		result = 0;
2131	} else
2132		wdev = netdev->ieee80211_ptr;
2133
2134	/*
2135	 * end workaround code, by now the rdev is available
2136	 * and locked, and wdev may or may not be NULL.
2137	 */
2138
2139	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2140		result = cfg80211_dev_rename(
2141			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2142
2143	if (result)
2144		return result;
2145
2146	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2147		struct ieee80211_txq_params txq_params;
2148		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2149
2150		if (!rdev->ops->set_txq_params)
2151			return -EOPNOTSUPP;
2152
2153		if (!netdev)
2154			return -EINVAL;
2155
2156		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2157		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2158			return -EINVAL;
2159
2160		if (!netif_running(netdev))
2161			return -ENETDOWN;
2162
2163		nla_for_each_nested(nl_txq_params,
2164				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2165				    rem_txq_params) {
2166			result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2167					   nla_data(nl_txq_params),
2168					   nla_len(nl_txq_params),
2169					   txq_params_policy);
2170			if (result)
2171				return result;
2172			result = parse_txq_params(tb, &txq_params);
2173			if (result)
2174				return result;
2175
2176			result = rdev_set_txq_params(rdev, netdev,
2177						     &txq_params);
2178			if (result)
2179				return result;
2180		}
2181	}
2182
2183	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2184		result = __nl80211_set_channel(
2185			rdev,
2186			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2187			info);
2188		if (result)
2189			return result;
2190	}
2191
2192	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2193		struct wireless_dev *txp_wdev = wdev;
2194		enum nl80211_tx_power_setting type;
2195		int idx, mbm = 0;
2196
2197		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2198			txp_wdev = NULL;
2199
2200		if (!rdev->ops->set_tx_power)
2201			return -EOPNOTSUPP;
2202
2203		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2204		type = nla_get_u32(info->attrs[idx]);
2205
2206		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2207		    (type != NL80211_TX_POWER_AUTOMATIC))
2208			return -EINVAL;
2209
2210		if (type != NL80211_TX_POWER_AUTOMATIC) {
2211			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2212			mbm = nla_get_u32(info->attrs[idx]);
2213		}
2214
2215		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2216		if (result)
2217			return result;
2218	}
2219
2220	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2221	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2222		u32 tx_ant, rx_ant;
2223		if ((!rdev->wiphy.available_antennas_tx &&
2224		     !rdev->wiphy.available_antennas_rx) ||
2225		    !rdev->ops->set_antenna)
2226			return -EOPNOTSUPP;
2227
2228		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2229		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2230
2231		/* reject antenna configurations which don't match the
2232		 * available antenna masks, except for the "all" mask */
2233		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2234		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2235			return -EINVAL;
2236
2237		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2238		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2239
2240		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2241		if (result)
2242			return result;
2243	}
2244
2245	changed = 0;
2246
2247	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2248		retry_short = nla_get_u8(
2249			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2250		if (retry_short == 0)
2251			return -EINVAL;
2252
2253		changed |= WIPHY_PARAM_RETRY_SHORT;
2254	}
2255
2256	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2257		retry_long = nla_get_u8(
2258			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2259		if (retry_long == 0)
2260			return -EINVAL;
2261
2262		changed |= WIPHY_PARAM_RETRY_LONG;
2263	}
2264
2265	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2266		frag_threshold = nla_get_u32(
2267			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2268		if (frag_threshold < 256)
2269			return -EINVAL;
2270
2271		if (frag_threshold != (u32) -1) {
2272			/*
2273			 * Fragments (apart from the last one) are required to
2274			 * have even length. Make the fragmentation code
2275			 * simpler by stripping LSB should someone try to use
2276			 * odd threshold value.
2277			 */
2278			frag_threshold &= ~0x1;
2279		}
2280		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2281	}
2282
2283	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2284		rts_threshold = nla_get_u32(
2285			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2286		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2287	}
2288
2289	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2290		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2291			return -EINVAL;
2292
2293		coverage_class = nla_get_u8(
2294			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2295		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2296	}
2297
2298	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2299		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2300			return -EOPNOTSUPP;
2301
2302		changed |= WIPHY_PARAM_DYN_ACK;
2303	}
2304
2305	if (changed) {
2306		u8 old_retry_short, old_retry_long;
2307		u32 old_frag_threshold, old_rts_threshold;
2308		u8 old_coverage_class;
2309
2310		if (!rdev->ops->set_wiphy_params)
2311			return -EOPNOTSUPP;
2312
2313		old_retry_short = rdev->wiphy.retry_short;
2314		old_retry_long = rdev->wiphy.retry_long;
2315		old_frag_threshold = rdev->wiphy.frag_threshold;
2316		old_rts_threshold = rdev->wiphy.rts_threshold;
2317		old_coverage_class = rdev->wiphy.coverage_class;
2318
2319		if (changed & WIPHY_PARAM_RETRY_SHORT)
2320			rdev->wiphy.retry_short = retry_short;
2321		if (changed & WIPHY_PARAM_RETRY_LONG)
2322			rdev->wiphy.retry_long = retry_long;
2323		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2324			rdev->wiphy.frag_threshold = frag_threshold;
2325		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2326			rdev->wiphy.rts_threshold = rts_threshold;
2327		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2328			rdev->wiphy.coverage_class = coverage_class;
2329
2330		result = rdev_set_wiphy_params(rdev, changed);
2331		if (result) {
2332			rdev->wiphy.retry_short = old_retry_short;
2333			rdev->wiphy.retry_long = old_retry_long;
2334			rdev->wiphy.frag_threshold = old_frag_threshold;
2335			rdev->wiphy.rts_threshold = old_rts_threshold;
2336			rdev->wiphy.coverage_class = old_coverage_class;
2337			return result;
2338		}
2339	}
2340	return 0;
2341}
2342
2343static inline u64 wdev_id(struct wireless_dev *wdev)
2344{
2345	return (u64)wdev->identifier |
2346	       ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2347}
2348
2349static int nl80211_send_chandef(struct sk_buff *msg,
2350				const struct cfg80211_chan_def *chandef)
2351{
2352	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2353		return -EINVAL;
2354
2355	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2356			chandef->chan->center_freq))
2357		return -ENOBUFS;
2358	switch (chandef->width) {
2359	case NL80211_CHAN_WIDTH_20_NOHT:
2360	case NL80211_CHAN_WIDTH_20:
2361	case NL80211_CHAN_WIDTH_40:
2362		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2363				cfg80211_get_chandef_type(chandef)))
2364			return -ENOBUFS;
2365		break;
2366	default:
2367		break;
2368	}
2369	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2370		return -ENOBUFS;
2371	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2372		return -ENOBUFS;
2373	if (chandef->center_freq2 &&
2374	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2375		return -ENOBUFS;
2376	return 0;
2377}
2378
2379static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2380			      struct cfg80211_registered_device *rdev,
2381			      struct wireless_dev *wdev, bool removal)
2382{
2383	struct net_device *dev = wdev->netdev;
2384	u8 cmd = NL80211_CMD_NEW_INTERFACE;
2385	void *hdr;
2386
2387	if (removal)
2388		cmd = NL80211_CMD_DEL_INTERFACE;
2389
2390	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2391	if (!hdr)
2392		return -1;
2393
2394	if (dev &&
2395	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2396	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2397		goto nla_put_failure;
2398
2399	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2400	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2401	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2402	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2403	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
2404			rdev->devlist_generation ^
2405			(cfg80211_rdev_list_generation << 2)))
2406		goto nla_put_failure;
2407
2408	if (rdev->ops->get_channel) {
2409		int ret;
2410		struct cfg80211_chan_def chandef;
2411
2412		ret = rdev_get_channel(rdev, wdev, &chandef);
2413		if (ret == 0) {
2414			if (nl80211_send_chandef(msg, &chandef))
2415				goto nla_put_failure;
2416		}
2417	}
2418
2419	if (rdev->ops->get_tx_power) {
2420		int dbm, ret;
2421
2422		ret = rdev_get_tx_power(rdev, wdev, &dbm);
2423		if (ret == 0 &&
2424		    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2425				DBM_TO_MBM(dbm)))
2426			goto nla_put_failure;
2427	}
2428
2429	if (wdev->ssid_len) {
2430		if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2431			goto nla_put_failure;
2432	}
2433
2434	genlmsg_end(msg, hdr);
2435	return 0;
2436
2437 nla_put_failure:
2438	genlmsg_cancel(msg, hdr);
2439	return -EMSGSIZE;
2440}
2441
2442static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2443{
2444	int wp_idx = 0;
2445	int if_idx = 0;
2446	int wp_start = cb->args[0];
2447	int if_start = cb->args[1];
2448	struct cfg80211_registered_device *rdev;
2449	struct wireless_dev *wdev;
2450
2451	rtnl_lock();
2452	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2453		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2454			continue;
2455		if (wp_idx < wp_start) {
2456			wp_idx++;
2457			continue;
2458		}
2459		if_idx = 0;
2460
2461		list_for_each_entry(wdev, &rdev->wdev_list, list) {
2462			if (if_idx < if_start) {
2463				if_idx++;
2464				continue;
2465			}
2466			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2467					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2468					       rdev, wdev, false) < 0) {
2469				goto out;
2470			}
2471			if_idx++;
2472		}
2473
2474		wp_idx++;
2475	}
2476 out:
2477	rtnl_unlock();
2478
2479	cb->args[0] = wp_idx;
2480	cb->args[1] = if_idx;
2481
2482	return skb->len;
2483}
2484
2485static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2486{
2487	struct sk_buff *msg;
2488	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2489	struct wireless_dev *wdev = info->user_ptr[1];
2490
2491	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2492	if (!msg)
2493		return -ENOMEM;
2494
2495	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2496			       rdev, wdev, false) < 0) {
2497		nlmsg_free(msg);
2498		return -ENOBUFS;
2499	}
2500
2501	return genlmsg_reply(msg, info);
2502}
2503
2504static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2505	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2506	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2507	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2508	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2509	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2510	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2511};
2512
2513static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2514{
2515	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2516	int flag;
2517
2518	*mntrflags = 0;
2519
2520	if (!nla)
2521		return -EINVAL;
2522
2523	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2524			     nla, mntr_flags_policy))
2525		return -EINVAL;
2526
2527	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2528		if (flags[flag])
2529			*mntrflags |= (1<<flag);
2530
2531	return 0;
2532}
2533
2534static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2535			       struct net_device *netdev, u8 use_4addr,
2536			       enum nl80211_iftype iftype)
2537{
2538	if (!use_4addr) {
2539		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2540			return -EBUSY;
2541		return 0;
2542	}
2543
2544	switch (iftype) {
2545	case NL80211_IFTYPE_AP_VLAN:
2546		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2547			return 0;
2548		break;
2549	case NL80211_IFTYPE_STATION:
2550		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2551			return 0;
2552		break;
2553	default:
2554		break;
2555	}
2556
2557	return -EOPNOTSUPP;
2558}
2559
2560static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2561{
2562	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2563	struct vif_params params;
2564	int err;
2565	enum nl80211_iftype otype, ntype;
2566	struct net_device *dev = info->user_ptr[1];
2567	u32 _flags, *flags = NULL;
2568	bool change = false;
2569
2570	memset(&params, 0, sizeof(params));
2571
2572	otype = ntype = dev->ieee80211_ptr->iftype;
2573
2574	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2575		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2576		if (otype != ntype)
2577			change = true;
2578		if (ntype > NL80211_IFTYPE_MAX)
2579			return -EINVAL;
2580	}
2581
2582	if (info->attrs[NL80211_ATTR_MESH_ID]) {
2583		struct wireless_dev *wdev = dev->ieee80211_ptr;
2584
2585		if (ntype != NL80211_IFTYPE_MESH_POINT)
2586			return -EINVAL;
2587		if (netif_running(dev))
2588			return -EBUSY;
2589
2590		wdev_lock(wdev);
2591		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2592			     IEEE80211_MAX_MESH_ID_LEN);
2593		wdev->mesh_id_up_len =
2594			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2595		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2596		       wdev->mesh_id_up_len);
2597		wdev_unlock(wdev);
2598	}
2599
2600	if (info->attrs[NL80211_ATTR_4ADDR]) {
2601		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2602		change = true;
2603		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2604		if (err)
2605			return err;
2606	} else {
2607		params.use_4addr = -1;
2608	}
2609
2610	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2611		if (ntype != NL80211_IFTYPE_MONITOR)
2612			return -EINVAL;
2613		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2614					  &_flags);
2615		if (err)
2616			return err;
2617
2618		flags = &_flags;
2619		change = true;
2620	}
2621
2622	if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2623	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2624		return -EOPNOTSUPP;
2625
2626	if (change)
2627		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2628	else
2629		err = 0;
2630
2631	if (!err && params.use_4addr != -1)
2632		dev->ieee80211_ptr->use_4addr = params.use_4addr;
2633
2634	return err;
2635}
2636
2637static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2638{
2639	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2640	struct vif_params params;
2641	struct wireless_dev *wdev;
2642	struct sk_buff *msg, *event;
2643	int err;
2644	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2645	u32 flags;
2646
2647	/* to avoid failing a new interface creation due to pending removal */
2648	cfg80211_destroy_ifaces(rdev);
2649
2650	memset(&params, 0, sizeof(params));
2651
2652	if (!info->attrs[NL80211_ATTR_IFNAME])
2653		return -EINVAL;
2654
2655	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2656		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2657		if (type > NL80211_IFTYPE_MAX)
2658			return -EINVAL;
2659	}
2660
2661	if (!rdev->ops->add_virtual_intf ||
2662	    !(rdev->wiphy.interface_modes & (1 << type)))
2663		return -EOPNOTSUPP;
2664
2665	if ((type == NL80211_IFTYPE_P2P_DEVICE ||
2666	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
2667	    info->attrs[NL80211_ATTR_MAC]) {
2668		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2669			   ETH_ALEN);
2670		if (!is_valid_ether_addr(params.macaddr))
2671			return -EADDRNOTAVAIL;
2672	}
2673
2674	if (info->attrs[NL80211_ATTR_4ADDR]) {
2675		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2676		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2677		if (err)
2678			return err;
2679	}
2680
2681	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2682				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2683				  &flags);
2684
2685	if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2686	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2687		return -EOPNOTSUPP;
2688
2689	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2690	if (!msg)
2691		return -ENOMEM;
2692
2693	wdev = rdev_add_virtual_intf(rdev,
2694				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2695				NET_NAME_USER, type, err ? NULL : &flags,
2696				&params);
2697	if (WARN_ON(!wdev)) {
2698		nlmsg_free(msg);
2699		return -EPROTO;
2700	} else if (IS_ERR(wdev)) {
2701		nlmsg_free(msg);
2702		return PTR_ERR(wdev);
2703	}
2704
2705	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
2706		wdev->owner_nlportid = info->snd_portid;
2707
2708	switch (type) {
2709	case NL80211_IFTYPE_MESH_POINT:
2710		if (!info->attrs[NL80211_ATTR_MESH_ID])
2711			break;
2712		wdev_lock(wdev);
2713		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2714			     IEEE80211_MAX_MESH_ID_LEN);
2715		wdev->mesh_id_up_len =
2716			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2717		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2718		       wdev->mesh_id_up_len);
2719		wdev_unlock(wdev);
2720		break;
2721	case NL80211_IFTYPE_P2P_DEVICE:
2722		/*
2723		 * P2P Device doesn't have a netdev, so doesn't go
2724		 * through the netdev notifier and must be added here
2725		 */
2726		mutex_init(&wdev->mtx);
2727		INIT_LIST_HEAD(&wdev->event_list);
2728		spin_lock_init(&wdev->event_lock);
2729		INIT_LIST_HEAD(&wdev->mgmt_registrations);
2730		spin_lock_init(&wdev->mgmt_registrations_lock);
2731
2732		wdev->identifier = ++rdev->wdev_id;
2733		list_add_rcu(&wdev->list, &rdev->wdev_list);
2734		rdev->devlist_generation++;
2735		break;
2736	default:
2737		break;
2738	}
2739
2740	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2741			       rdev, wdev, false) < 0) {
2742		nlmsg_free(msg);
2743		return -ENOBUFS;
2744	}
2745
2746	event = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2747	if (event) {
2748		if (nl80211_send_iface(event, 0, 0, 0,
2749				       rdev, wdev, false) < 0) {
2750			nlmsg_free(event);
2751			goto out;
2752		}
2753
2754		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
2755					event, 0, NL80211_MCGRP_CONFIG,
2756					GFP_KERNEL);
2757	}
2758
2759out:
2760	return genlmsg_reply(msg, info);
2761}
2762
2763static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2764{
2765	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2766	struct wireless_dev *wdev = info->user_ptr[1];
2767	struct sk_buff *msg;
2768	int status;
2769
2770	if (!rdev->ops->del_virtual_intf)
2771		return -EOPNOTSUPP;
2772
2773	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2774	if (msg && nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, true) < 0) {
2775		nlmsg_free(msg);
2776		msg = NULL;
2777	}
2778
2779	/*
2780	 * If we remove a wireless device without a netdev then clear
2781	 * user_ptr[1] so that nl80211_post_doit won't dereference it
2782	 * to check if it needs to do dev_put(). Otherwise it crashes
2783	 * since the wdev has been freed, unlike with a netdev where
2784	 * we need the dev_put() for the netdev to really be freed.
2785	 */
2786	if (!wdev->netdev)
2787		info->user_ptr[1] = NULL;
2788
2789	status = rdev_del_virtual_intf(rdev, wdev);
2790	if (status >= 0 && msg)
2791		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
2792					msg, 0, NL80211_MCGRP_CONFIG,
2793					GFP_KERNEL);
2794	else
2795		nlmsg_free(msg);
2796
2797	return status;
2798}
2799
2800static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2801{
2802	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2803	struct net_device *dev = info->user_ptr[1];
2804	u16 noack_map;
2805
2806	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2807		return -EINVAL;
2808
2809	if (!rdev->ops->set_noack_map)
2810		return -EOPNOTSUPP;
2811
2812	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2813
2814	return rdev_set_noack_map(rdev, dev, noack_map);
2815}
2816
2817struct get_key_cookie {
2818	struct sk_buff *msg;
2819	int error;
2820	int idx;
2821};
2822
2823static void get_key_callback(void *c, struct key_params *params)
2824{
2825	struct nlattr *key;
2826	struct get_key_cookie *cookie = c;
2827
2828	if ((params->key &&
2829	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2830		     params->key_len, params->key)) ||
2831	    (params->seq &&
2832	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2833		     params->seq_len, params->seq)) ||
2834	    (params->cipher &&
2835	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2836			 params->cipher)))
2837		goto nla_put_failure;
2838
2839	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2840	if (!key)
2841		goto nla_put_failure;
2842
2843	if ((params->key &&
2844	     nla_put(cookie->msg, NL80211_KEY_DATA,
2845		     params->key_len, params->key)) ||
2846	    (params->seq &&
2847	     nla_put(cookie->msg, NL80211_KEY_SEQ,
2848		     params->seq_len, params->seq)) ||
2849	    (params->cipher &&
2850	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2851			 params->cipher)))
2852		goto nla_put_failure;
2853
2854	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2855		goto nla_put_failure;
2856
2857	nla_nest_end(cookie->msg, key);
2858
2859	return;
2860 nla_put_failure:
2861	cookie->error = 1;
2862}
2863
2864static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2865{
2866	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2867	int err;
2868	struct net_device *dev = info->user_ptr[1];
2869	u8 key_idx = 0;
2870	const u8 *mac_addr = NULL;
2871	bool pairwise;
2872	struct get_key_cookie cookie = {
2873		.error = 0,
2874	};
2875	void *hdr;
2876	struct sk_buff *msg;
2877
2878	if (info->attrs[NL80211_ATTR_KEY_IDX])
2879		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2880
2881	if (key_idx > 5)
2882		return -EINVAL;
2883
2884	if (info->attrs[NL80211_ATTR_MAC])
2885		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2886
2887	pairwise = !!mac_addr;
2888	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2889		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2890		if (kt >= NUM_NL80211_KEYTYPES)
2891			return -EINVAL;
2892		if (kt != NL80211_KEYTYPE_GROUP &&
2893		    kt != NL80211_KEYTYPE_PAIRWISE)
2894			return -EINVAL;
2895		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2896	}
2897
2898	if (!rdev->ops->get_key)
2899		return -EOPNOTSUPP;
2900
2901	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2902		return -ENOENT;
2903
2904	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2905	if (!msg)
2906		return -ENOMEM;
2907
2908	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2909			     NL80211_CMD_NEW_KEY);
2910	if (!hdr)
2911		goto nla_put_failure;
2912
2913	cookie.msg = msg;
2914	cookie.idx = key_idx;
2915
2916	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2917	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2918		goto nla_put_failure;
2919	if (mac_addr &&
2920	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2921		goto nla_put_failure;
2922
2923	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2924			   get_key_callback);
2925
2926	if (err)
2927		goto free_msg;
2928
2929	if (cookie.error)
2930		goto nla_put_failure;
2931
2932	genlmsg_end(msg, hdr);
2933	return genlmsg_reply(msg, info);
2934
2935 nla_put_failure:
2936	err = -ENOBUFS;
2937 free_msg:
2938	nlmsg_free(msg);
2939	return err;
2940}
2941
2942static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2943{
2944	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2945	struct key_parse key;
2946	int err;
2947	struct net_device *dev = info->user_ptr[1];
2948
2949	err = nl80211_parse_key(info, &key);
2950	if (err)
2951		return err;
2952
2953	if (key.idx < 0)
2954		return -EINVAL;
2955
2956	/* only support setting default key */
2957	if (!key.def && !key.defmgmt)
2958		return -EINVAL;
2959
2960	wdev_lock(dev->ieee80211_ptr);
2961
2962	if (key.def) {
2963		if (!rdev->ops->set_default_key) {
2964			err = -EOPNOTSUPP;
2965			goto out;
2966		}
2967
2968		err = nl80211_key_allowed(dev->ieee80211_ptr);
2969		if (err)
2970			goto out;
2971
2972		err = rdev_set_default_key(rdev, dev, key.idx,
2973						 key.def_uni, key.def_multi);
2974
2975		if (err)
2976			goto out;
2977
2978#ifdef CONFIG_CFG80211_WEXT
2979		dev->ieee80211_ptr->wext.default_key = key.idx;
2980#endif
2981	} else {
2982		if (key.def_uni || !key.def_multi) {
2983			err = -EINVAL;
2984			goto out;
2985		}
2986
2987		if (!rdev->ops->set_default_mgmt_key) {
2988			err = -EOPNOTSUPP;
2989			goto out;
2990		}
2991
2992		err = nl80211_key_allowed(dev->ieee80211_ptr);
2993		if (err)
2994			goto out;
2995
2996		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2997		if (err)
2998			goto out;
2999
3000#ifdef CONFIG_CFG80211_WEXT
3001		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3002#endif
3003	}
3004
3005 out:
3006	wdev_unlock(dev->ieee80211_ptr);
3007
3008	return err;
3009}
3010
3011static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3012{
3013	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3014	int err;
3015	struct net_device *dev = info->user_ptr[1];
3016	struct key_parse key;
3017	const u8 *mac_addr = NULL;
3018
3019	err = nl80211_parse_key(info, &key);
3020	if (err)
3021		return err;
3022
3023	if (!key.p.key)
3024		return -EINVAL;
3025
3026	if (info->attrs[NL80211_ATTR_MAC])
3027		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3028
3029	if (key.type == -1) {
3030		if (mac_addr)
3031			key.type = NL80211_KEYTYPE_PAIRWISE;
3032		else
3033			key.type = NL80211_KEYTYPE_GROUP;
3034	}
3035
3036	/* for now */
3037	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3038	    key.type != NL80211_KEYTYPE_GROUP)
3039		return -EINVAL;
3040
3041	if (!rdev->ops->add_key)
3042		return -EOPNOTSUPP;
3043
3044	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3045					   key.type == NL80211_KEYTYPE_PAIRWISE,
3046					   mac_addr))
3047		return -EINVAL;
3048
3049	wdev_lock(dev->ieee80211_ptr);
3050	err = nl80211_key_allowed(dev->ieee80211_ptr);
3051	if (!err)
3052		err = rdev_add_key(rdev, dev, key.idx,
3053				   key.type == NL80211_KEYTYPE_PAIRWISE,
3054				    mac_addr, &key.p);
3055	wdev_unlock(dev->ieee80211_ptr);
3056
3057	return err;
3058}
3059
3060static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3061{
3062	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3063	int err;
3064	struct net_device *dev = info->user_ptr[1];
3065	u8 *mac_addr = NULL;
3066	struct key_parse key;
3067
3068	err = nl80211_parse_key(info, &key);
3069	if (err)
3070		return err;
3071
3072	if (info->attrs[NL80211_ATTR_MAC])
3073		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3074
3075	if (key.type == -1) {
3076		if (mac_addr)
3077			key.type = NL80211_KEYTYPE_PAIRWISE;
3078		else
3079			key.type = NL80211_KEYTYPE_GROUP;
3080	}
3081
3082	/* for now */
3083	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3084	    key.type != NL80211_KEYTYPE_GROUP)
3085		return -EINVAL;
3086
3087	if (!rdev->ops->del_key)
3088		return -EOPNOTSUPP;
3089
3090	wdev_lock(dev->ieee80211_ptr);
3091	err = nl80211_key_allowed(dev->ieee80211_ptr);
3092
3093	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3094	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3095		err = -ENOENT;
3096
3097	if (!err)
3098		err = rdev_del_key(rdev, dev, key.idx,
3099				   key.type == NL80211_KEYTYPE_PAIRWISE,
3100				   mac_addr);
3101
3102#ifdef CONFIG_CFG80211_WEXT
3103	if (!err) {
3104		if (key.idx == dev->ieee80211_ptr->wext.default_key)
3105			dev->ieee80211_ptr->wext.default_key = -1;
3106		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3107			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3108	}
3109#endif
3110	wdev_unlock(dev->ieee80211_ptr);
3111
3112	return err;
3113}
3114
3115/* This function returns an error or the number of nested attributes */
3116static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3117{
3118	struct nlattr *attr;
3119	int n_entries = 0, tmp;
3120
3121	nla_for_each_nested(attr, nl_attr, tmp) {
3122		if (nla_len(attr) != ETH_ALEN)
3123			return -EINVAL;
3124
3125		n_entries++;
3126	}
3127
3128	return n_entries;
3129}
3130
3131/*
3132 * This function parses ACL information and allocates memory for ACL data.
3133 * On successful return, the calling function is responsible to free the
3134 * ACL buffer returned by this function.
3135 */
3136static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3137						struct genl_info *info)
3138{
3139	enum nl80211_acl_policy acl_policy;
3140	struct nlattr *attr;
3141	struct cfg80211_acl_data *acl;
3142	int i = 0, n_entries, tmp;
3143
3144	if (!wiphy->max_acl_mac_addrs)
3145		return ERR_PTR(-EOPNOTSUPP);
3146
3147	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3148		return ERR_PTR(-EINVAL);
3149
3150	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3151	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3152	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3153		return ERR_PTR(-EINVAL);
3154
3155	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3156		return ERR_PTR(-EINVAL);
3157
3158	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3159	if (n_entries < 0)
3160		return ERR_PTR(n_entries);
3161
3162	if (n_entries > wiphy->max_acl_mac_addrs)
3163		return ERR_PTR(-ENOTSUPP);
3164
3165	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3166		      GFP_KERNEL);
3167	if (!acl)
3168		return ERR_PTR(-ENOMEM);
3169
3170	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3171		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3172		i++;
3173	}
3174
3175	acl->n_acl_entries = n_entries;
3176	acl->acl_policy = acl_policy;
3177
3178	return acl;
3179}
3180
3181static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3182{
3183	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3184	struct net_device *dev = info->user_ptr[1];
3185	struct cfg80211_acl_data *acl;
3186	int err;
3187
3188	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3189	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3190		return -EOPNOTSUPP;
3191
3192	if (!dev->ieee80211_ptr->beacon_interval)
3193		return -EINVAL;
3194
3195	acl = parse_acl_data(&rdev->wiphy, info);
3196	if (IS_ERR(acl))
3197		return PTR_ERR(acl);
3198
3199	err = rdev_set_mac_acl(rdev, dev, acl);
3200
3201	kfree(acl);
3202
3203	return err;
3204}
3205
3206static int nl80211_parse_beacon(struct nlattr *attrs[],
3207				struct cfg80211_beacon_data *bcn)
3208{
3209	bool haveinfo = false;
3210
3211	if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3212	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3213	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3214	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3215		return -EINVAL;
3216
3217	memset(bcn, 0, sizeof(*bcn));
3218
3219	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3220		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3221		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3222		if (!bcn->head_len)
3223			return -EINVAL;
3224		haveinfo = true;
3225	}
3226
3227	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3228		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3229		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3230		haveinfo = true;
3231	}
3232
3233	if (!haveinfo)
3234		return -EINVAL;
3235
3236	if (attrs[NL80211_ATTR_IE]) {
3237		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3238		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3239	}
3240
3241	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3242		bcn->proberesp_ies =
3243			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3244		bcn->proberesp_ies_len =
3245			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3246	}
3247
3248	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3249		bcn->assocresp_ies =
3250			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3251		bcn->assocresp_ies_len =
3252			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3253	}
3254
3255	if (attrs[NL80211_ATTR_PROBE_RESP]) {
3256		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3257		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3258	}
3259
3260	return 0;
3261}
3262
3263static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3264				   struct cfg80211_ap_settings *params)
3265{
3266	struct wireless_dev *wdev;
3267	bool ret = false;
3268
3269	list_for_each_entry(wdev, &rdev->wdev_list, list) {
3270		if (wdev->iftype != NL80211_IFTYPE_AP &&
3271		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
3272			continue;
3273
3274		if (!wdev->preset_chandef.chan)
3275			continue;
3276
3277		params->chandef = wdev->preset_chandef;
3278		ret = true;
3279		break;
3280	}
3281
3282	return ret;
3283}
3284
3285static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3286				    enum nl80211_auth_type auth_type,
3287				    enum nl80211_commands cmd)
3288{
3289	if (auth_type > NL80211_AUTHTYPE_MAX)
3290		return false;
3291
3292	switch (cmd) {
3293	case NL80211_CMD_AUTHENTICATE:
3294		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3295		    auth_type == NL80211_AUTHTYPE_SAE)
3296			return false;
3297		return true;
3298	case NL80211_CMD_CONNECT:
3299	case NL80211_CMD_START_AP:
3300		/* SAE not supported yet */
3301		if (auth_type == NL80211_AUTHTYPE_SAE)
3302			return false;
3303		return true;
3304	default:
3305		return false;
3306	}
3307}
3308
3309static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3310{
3311	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3312	struct net_device *dev = info->user_ptr[1];
3313	struct wireless_dev *wdev = dev->ieee80211_ptr;
3314	struct cfg80211_ap_settings params;
3315	int err;
3316
3317	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3318	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3319		return -EOPNOTSUPP;
3320
3321	if (!rdev->ops->start_ap)
3322		return -EOPNOTSUPP;
3323
3324	if (wdev->beacon_interval)
3325		return -EALREADY;
3326
3327	memset(&params, 0, sizeof(params));
3328
3329	/* these are required for START_AP */
3330	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3331	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3332	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
3333		return -EINVAL;
3334
3335	err = nl80211_parse_beacon(info->attrs, &params.beacon);
3336	if (err)
3337		return err;
3338
3339	params.beacon_interval =
3340		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3341	params.dtim_period =
3342		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3343
3344	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3345	if (err)
3346		return err;
3347
3348	/*
3349	 * In theory, some of these attributes should be required here
3350	 * but since they were not used when the command was originally
3351	 * added, keep them optional for old user space programs to let
3352	 * them continue to work with drivers that do not need the
3353	 * additional information -- drivers must check!
3354	 */
3355	if (info->attrs[NL80211_ATTR_SSID]) {
3356		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3357		params.ssid_len =
3358			nla_len(info->attrs[NL80211_ATTR_SSID]);
3359		if (params.ssid_len == 0 ||
3360		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
3361			return -EINVAL;
3362	}
3363
3364	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3365		params.hidden_ssid = nla_get_u32(
3366			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3367		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3368		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3369		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3370			return -EINVAL;
3371	}
3372
3373	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3374
3375	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3376		params.auth_type = nla_get_u32(
3377			info->attrs[NL80211_ATTR_AUTH_TYPE]);
3378		if (!nl80211_valid_auth_type(rdev, params.auth_type,
3379					     NL80211_CMD_START_AP))
3380			return -EINVAL;
3381	} else
3382		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3383
3384	err = nl80211_crypto_settings(rdev, info, &params.crypto,
3385				      NL80211_MAX_NR_CIPHER_SUITES);
3386	if (err)
3387		return err;
3388
3389	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3390		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3391			return -EOPNOTSUPP;
3392		params.inactivity_timeout = nla_get_u16(
3393			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3394	}
3395
3396	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3397		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3398			return -EINVAL;
3399		params.p2p_ctwindow =
3400			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3401		if (params.p2p_ctwindow > 127)
3402			return -EINVAL;
3403		if (params.p2p_ctwindow != 0 &&
3404		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3405			return -EINVAL;
3406	}
3407
3408	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3409		u8 tmp;
3410
3411		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3412			return -EINVAL;
3413		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3414		if (tmp > 1)
3415			return -EINVAL;
3416		params.p2p_opp_ps = tmp;
3417		if (params.p2p_opp_ps != 0 &&
3418		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3419			return -EINVAL;
3420	}
3421
3422	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3423		err = nl80211_parse_chandef(rdev, info, &params.chandef);
3424		if (err)
3425			return err;
3426	} else if (wdev->preset_chandef.chan) {
3427		params.chandef = wdev->preset_chandef;
3428	} else if (!nl80211_get_ap_channel(rdev, &params))
3429		return -EINVAL;
3430
3431	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
3432					   wdev->iftype))
3433		return -EINVAL;
3434
3435	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
3436		params.smps_mode =
3437			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
3438		switch (params.smps_mode) {
3439		case NL80211_SMPS_OFF:
3440			break;
3441		case NL80211_SMPS_STATIC:
3442			if (!(rdev->wiphy.features &
3443			      NL80211_FEATURE_STATIC_SMPS))
3444				return -EINVAL;
3445			break;
3446		case NL80211_SMPS_DYNAMIC:
3447			if (!(rdev->wiphy.features &
3448			      NL80211_FEATURE_DYNAMIC_SMPS))
3449				return -EINVAL;
3450			break;
3451		default:
3452			return -EINVAL;
3453		}
3454	} else {
3455		params.smps_mode = NL80211_SMPS_OFF;
3456	}
3457
3458	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3459		params.acl = parse_acl_data(&rdev->wiphy, info);
3460		if (IS_ERR(params.acl))
3461			return PTR_ERR(params.acl);
3462	}
3463
3464	wdev_lock(wdev);
3465	err = rdev_start_ap(rdev, dev, &params);
3466	if (!err) {
3467		wdev->preset_chandef = params.chandef;
3468		wdev->beacon_interval = params.beacon_interval;
3469		wdev->chandef = params.chandef;
3470		wdev->ssid_len = params.ssid_len;
3471		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3472	}
3473	wdev_unlock(wdev);
3474
3475	kfree(params.acl);
3476
3477	return err;
3478}
3479
3480static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3481{
3482	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3483	struct net_device *dev = info->user_ptr[1];
3484	struct wireless_dev *wdev = dev->ieee80211_ptr;
3485	struct cfg80211_beacon_data params;
3486	int err;
3487
3488	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3489	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3490		return -EOPNOTSUPP;
3491
3492	if (!rdev->ops->change_beacon)
3493		return -EOPNOTSUPP;
3494
3495	if (!wdev->beacon_interval)
3496		return -EINVAL;
3497
3498	err = nl80211_parse_beacon(info->attrs, &params);
3499	if (err)
3500		return err;
3501
3502	wdev_lock(wdev);
3503	err = rdev_change_beacon(rdev, dev, &params);
3504	wdev_unlock(wdev);
3505
3506	return err;
3507}
3508
3509static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3510{
3511	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3512	struct net_device *dev = info->user_ptr[1];
3513
3514	return cfg80211_stop_ap(rdev, dev, false);
3515}
3516
3517static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3518	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3519	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3520	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3521	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3522	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3523	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3524};
3525
3526static int parse_station_flags(struct genl_info *info,
3527			       enum nl80211_iftype iftype,
3528			       struct station_parameters *params)
3529{
3530	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3531	struct nlattr *nla;
3532	int flag;
3533
3534	/*
3535	 * Try parsing the new attribute first so userspace
3536	 * can specify both for older kernels.
3537	 */
3538	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3539	if (nla) {
3540		struct nl80211_sta_flag_update *sta_flags;
3541
3542		sta_flags = nla_data(nla);
3543		params->sta_flags_mask = sta_flags->mask;
3544		params->sta_flags_set = sta_flags->set;
3545		params->sta_flags_set &= params->sta_flags_mask;
3546		if ((params->sta_flags_mask |
3547		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3548			return -EINVAL;
3549		return 0;
3550	}
3551
3552	/* if present, parse the old attribute */
3553
3554	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3555	if (!nla)
3556		return 0;
3557
3558	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3559			     nla, sta_flags_policy))
3560		return -EINVAL;
3561
3562	/*
3563	 * Only allow certain flags for interface types so that
3564	 * other attributes are silently ignored. Remember that
3565	 * this is backward compatibility code with old userspace
3566	 * and shouldn't be hit in other cases anyway.
3567	 */
3568	switch (iftype) {
3569	case NL80211_IFTYPE_AP:
3570	case NL80211_IFTYPE_AP_VLAN:
3571	case NL80211_IFTYPE_P2P_GO:
3572		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3573					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3574					 BIT(NL80211_STA_FLAG_WME) |
3575					 BIT(NL80211_STA_FLAG_MFP);
3576		break;
3577	case NL80211_IFTYPE_P2P_CLIENT:
3578	case NL80211_IFTYPE_STATION:
3579		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3580					 BIT(NL80211_STA_FLAG_TDLS_PEER);
3581		break;
3582	case NL80211_IFTYPE_MESH_POINT:
3583		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3584					 BIT(NL80211_STA_FLAG_MFP) |
3585					 BIT(NL80211_STA_FLAG_AUTHORIZED);
3586	default:
3587		return -EINVAL;
3588	}
3589
3590	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3591		if (flags[flag]) {
3592			params->sta_flags_set |= (1<<flag);
3593
3594			/* no longer support new API additions in old API */
3595			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3596				return -EINVAL;
3597		}
3598	}
3599
3600	return 0;
3601}
3602
3603static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3604				 int attr)
3605{
3606	struct nlattr *rate;
3607	u32 bitrate;
3608	u16 bitrate_compat;
3609	enum nl80211_attrs rate_flg;
3610
3611	rate = nla_nest_start(msg, attr);
3612	if (!rate)
3613		return false;
3614
3615	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3616	bitrate = cfg80211_calculate_bitrate(info);
3617	/* report 16-bit bitrate only if we can */
3618	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3619	if (bitrate > 0 &&
3620	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3621		return false;
3622	if (bitrate_compat > 0 &&
3623	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3624		return false;
3625
3626	switch (info->bw) {
3627	case RATE_INFO_BW_5:
3628		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
3629		break;
3630	case RATE_INFO_BW_10:
3631		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
3632		break;
3633	default:
3634		WARN_ON(1);
3635		/* fall through */
3636	case RATE_INFO_BW_20:
3637		rate_flg = 0;
3638		break;
3639	case RATE_INFO_BW_40:
3640		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
3641		break;
3642	case RATE_INFO_BW_80:
3643		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
3644		break;
3645	case RATE_INFO_BW_160:
3646		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
3647		break;
3648	}
3649
3650	if (rate_flg && nla_put_flag(msg, rate_flg))
3651		return false;
3652
3653	if (info->flags & RATE_INFO_FLAGS_MCS) {
3654		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3655			return false;
3656		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3657		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3658			return false;
3659	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3660		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3661			return false;
3662		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3663			return false;
3664		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3665		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3666			return false;
3667	}
3668
3669	nla_nest_end(msg, rate);
3670	return true;
3671}
3672
3673static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3674			       int id)
3675{
3676	void *attr;
3677	int i = 0;
3678
3679	if (!mask)
3680		return true;
3681
3682	attr = nla_nest_start(msg, id);
3683	if (!attr)
3684		return false;
3685
3686	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3687		if (!(mask & BIT(i)))
3688			continue;
3689
3690		if (nla_put_u8(msg, i, signal[i]))
3691			return false;
3692	}
3693
3694	nla_nest_end(msg, attr);
3695
3696	return true;
3697}
3698
3699static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
3700				u32 seq, int flags,
3701				struct cfg80211_registered_device *rdev,
3702				struct net_device *dev,
3703				const u8 *mac_addr, struct station_info *sinfo)
3704{
3705	void *hdr;
3706	struct nlattr *sinfoattr, *bss_param;
3707
3708	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3709	if (!hdr)
3710		return -1;
3711
3712	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3713	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3714	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3715		goto nla_put_failure;
3716
3717	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3718	if (!sinfoattr)
3719		goto nla_put_failure;
3720
3721#define PUT_SINFO(attr, memb, type) do {				\
3722	if (sinfo->filled & BIT(NL80211_STA_INFO_ ## attr) &&		\
3723	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
3724			     sinfo->memb))				\
3725		goto nla_put_failure;					\
3726	} while (0)
3727
3728	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
3729	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
3730
3731	if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) |
3732			     BIT(NL80211_STA_INFO_RX_BYTES64)) &&
3733	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3734			(u32)sinfo->rx_bytes))
3735		goto nla_put_failure;
3736
3737	if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) |
3738			     BIT(NL80211_STA_INFO_TX_BYTES64)) &&
3739	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3740			(u32)sinfo->tx_bytes))
3741		goto nla_put_failure;
3742
3743	PUT_SINFO(RX_BYTES64, rx_bytes, u64);
3744	PUT_SINFO(TX_BYTES64, tx_bytes, u64);
3745	PUT_SINFO(LLID, llid, u16);
3746	PUT_SINFO(PLID, plid, u16);
3747	PUT_SINFO(PLINK_STATE, plink_state, u8);
3748
3749	switch (rdev->wiphy.signal_type) {
3750	case CFG80211_SIGNAL_TYPE_MBM:
3751		PUT_SINFO(SIGNAL, signal, u8);
3752		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
3753		break;
3754	default:
3755		break;
3756	}
3757	if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) {
3758		if (!nl80211_put_signal(msg, sinfo->chains,
3759					sinfo->chain_signal,
3760					NL80211_STA_INFO_CHAIN_SIGNAL))
3761			goto nla_put_failure;
3762	}
3763	if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
3764		if (!nl80211_put_signal(msg, sinfo->chains,
3765					sinfo->chain_signal_avg,
3766					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3767			goto nla_put_failure;
3768	}
3769	if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
3770		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3771					  NL80211_STA_INFO_TX_BITRATE))
3772			goto nla_put_failure;
3773	}
3774	if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) {
3775		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3776					  NL80211_STA_INFO_RX_BITRATE))
3777			goto nla_put_failure;
3778	}
3779
3780	PUT_SINFO(RX_PACKETS, rx_packets, u32);
3781	PUT_SINFO(TX_PACKETS, tx_packets, u32);
3782	PUT_SINFO(TX_RETRIES, tx_retries, u32);
3783	PUT_SINFO(TX_FAILED, tx_failed, u32);
3784	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
3785	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
3786	PUT_SINFO(LOCAL_PM, local_pm, u32);
3787	PUT_SINFO(PEER_PM, peer_pm, u32);
3788	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
3789
3790	if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) {
3791		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3792		if (!bss_param)
3793			goto nla_put_failure;
3794
3795		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3796		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3797		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3798		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3799		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3800		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3801		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3802			       sinfo->bss_param.dtim_period) ||
3803		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3804				sinfo->bss_param.beacon_interval))
3805			goto nla_put_failure;
3806
3807		nla_nest_end(msg, bss_param);
3808	}
3809	if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) &&
3810	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3811		    sizeof(struct nl80211_sta_flag_update),
3812		    &sinfo->sta_flags))
3813		goto nla_put_failure;
3814
3815	PUT_SINFO(T_OFFSET, t_offset, u64);
3816	PUT_SINFO(RX_DROP_MISC, rx_dropped_misc, u64);
3817	PUT_SINFO(BEACON_RX, rx_beacon, u64);
3818	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
3819
3820#undef PUT_SINFO
3821
3822	if (sinfo->filled & BIT(NL80211_STA_INFO_TID_STATS)) {
3823		struct nlattr *tidsattr;
3824		int tid;
3825
3826		tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
3827		if (!tidsattr)
3828			goto nla_put_failure;
3829
3830		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
3831			struct cfg80211_tid_stats *tidstats;
3832			struct nlattr *tidattr;
3833
3834			tidstats = &sinfo->pertid[tid];
3835
3836			if (!tidstats->filled)
3837				continue;
3838
3839			tidattr = nla_nest_start(msg, tid + 1);
3840			if (!tidattr)
3841				goto nla_put_failure;
3842
3843#define PUT_TIDVAL(attr, memb, type) do {				\
3844	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
3845	    nla_put_ ## type(msg, NL80211_TID_STATS_ ## attr,		\
3846			     tidstats->memb))				\
3847		goto nla_put_failure;					\
3848	} while (0)
3849
3850			PUT_TIDVAL(RX_MSDU, rx_msdu, u64);
3851			PUT_TIDVAL(TX_MSDU, tx_msdu, u64);
3852			PUT_TIDVAL(TX_MSDU_RETRIES, tx_msdu_retries, u64);
3853			PUT_TIDVAL(TX_MSDU_FAILED, tx_msdu_failed, u64);
3854
3855#undef PUT_TIDVAL
3856			nla_nest_end(msg, tidattr);
3857		}
3858
3859		nla_nest_end(msg, tidsattr);
3860	}
3861
3862	nla_nest_end(msg, sinfoattr);
3863
3864	if (sinfo->assoc_req_ies_len &&
3865	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3866		    sinfo->assoc_req_ies))
3867		goto nla_put_failure;
3868
3869	genlmsg_end(msg, hdr);
3870	return 0;
3871
3872 nla_put_failure:
3873	genlmsg_cancel(msg, hdr);
3874	return -EMSGSIZE;
3875}
3876
3877static int nl80211_dump_station(struct sk_buff *skb,
3878				struct netlink_callback *cb)
3879{
3880	struct station_info sinfo;
3881	struct cfg80211_registered_device *rdev;
3882	struct wireless_dev *wdev;
3883	u8 mac_addr[ETH_ALEN];
3884	int sta_idx = cb->args[2];
3885	int err;
3886
3887	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
3888	if (err)
3889		return err;
3890
3891	if (!wdev->netdev) {
3892		err = -EINVAL;
3893		goto out_err;
3894	}
3895
3896	if (!rdev->ops->dump_station) {
3897		err = -EOPNOTSUPP;
3898		goto out_err;
3899	}
3900
3901	while (1) {
3902		memset(&sinfo, 0, sizeof(sinfo));
3903		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
3904					mac_addr, &sinfo);
3905		if (err == -ENOENT)
3906			break;
3907		if (err)
3908			goto out_err;
3909
3910		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
3911				NETLINK_CB(cb->skb).portid,
3912				cb->nlh->nlmsg_seq, NLM_F_MULTI,
3913				rdev, wdev->netdev, mac_addr,
3914				&sinfo) < 0)
3915			goto out;
3916
3917		sta_idx++;
3918	}
3919
3920
3921 out:
3922	cb->args[2] = sta_idx;
3923	err = skb->len;
3924 out_err:
3925	nl80211_finish_wdev_dump(rdev);
3926
3927	return err;
3928}
3929
3930static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3931{
3932	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3933	struct net_device *dev = info->user_ptr[1];
3934	struct station_info sinfo;
3935	struct sk_buff *msg;
3936	u8 *mac_addr = NULL;
3937	int err;
3938
3939	memset(&sinfo, 0, sizeof(sinfo));
3940
3941	if (!info->attrs[NL80211_ATTR_MAC])
3942		return -EINVAL;
3943
3944	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3945
3946	if (!rdev->ops->get_station)
3947		return -EOPNOTSUPP;
3948
3949	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3950	if (err)
3951		return err;
3952
3953	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3954	if (!msg)
3955		return -ENOMEM;
3956
3957	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
3958				 info->snd_portid, info->snd_seq, 0,
3959				 rdev, dev, mac_addr, &sinfo) < 0) {
3960		nlmsg_free(msg);
3961		return -ENOBUFS;
3962	}
3963
3964	return genlmsg_reply(msg, info);
3965}
3966
3967int cfg80211_check_station_change(struct wiphy *wiphy,
3968				  struct station_parameters *params,
3969				  enum cfg80211_station_type statype)
3970{
3971	if (params->listen_interval != -1 &&
3972	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
3973		return -EINVAL;
3974
3975	if (params->aid &&
3976	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
3977	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
3978		return -EINVAL;
3979
3980	/* When you run into this, adjust the code below for the new flag */
3981	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3982
3983	switch (statype) {
3984	case CFG80211_STA_MESH_PEER_KERNEL:
3985	case CFG80211_STA_MESH_PEER_USER:
3986		/*
3987		 * No ignoring the TDLS flag here -- the userspace mesh
3988		 * code doesn't have the bug of including TDLS in the
3989		 * mask everywhere.
3990		 */
3991		if (params->sta_flags_mask &
3992				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3993				  BIT(NL80211_STA_FLAG_MFP) |
3994				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
3995			return -EINVAL;
3996		break;
3997	case CFG80211_STA_TDLS_PEER_SETUP:
3998	case CFG80211_STA_TDLS_PEER_ACTIVE:
3999		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4000			return -EINVAL;
4001		/* ignore since it can't change */
4002		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4003		break;
4004	default:
4005		/* disallow mesh-specific things */
4006		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
4007			return -EINVAL;
4008		if (params->local_pm)
4009			return -EINVAL;
4010		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4011			return -EINVAL;
4012	}
4013
4014	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4015	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
4016		/* TDLS can't be set, ... */
4017		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
4018			return -EINVAL;
4019		/*
4020		 * ... but don't bother the driver with it. This works around
4021		 * a hostapd/wpa_supplicant issue -- it always includes the
4022		 * TLDS_PEER flag in the mask even for AP mode.
4023		 */
4024		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4025	}
4026
4027	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4028	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4029		/* reject other things that can't change */
4030		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
4031			return -EINVAL;
4032		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
4033			return -EINVAL;
4034		if (params->supported_rates)
4035			return -EINVAL;
4036		if (params->ext_capab || params->ht_capa || params->vht_capa)
4037			return -EINVAL;
4038	}
4039
4040	if (statype != CFG80211_STA_AP_CLIENT &&
4041	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4042		if (params->vlan)
4043			return -EINVAL;
4044	}
4045
4046	switch (statype) {
4047	case CFG80211_STA_AP_MLME_CLIENT:
4048		/* Use this only for authorizing/unauthorizing a station */
4049		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
4050			return -EOPNOTSUPP;
4051		break;
4052	case CFG80211_STA_AP_CLIENT:
4053	case CFG80211_STA_AP_CLIENT_UNASSOC:
4054		/* accept only the listed bits */
4055		if (params->sta_flags_mask &
4056				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4057				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4058				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
4059				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4060				  BIT(NL80211_STA_FLAG_WME) |
4061				  BIT(NL80211_STA_FLAG_MFP)))
4062			return -EINVAL;
4063
4064		/* but authenticated/associated only if driver handles it */
4065		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4066		    params->sta_flags_mask &
4067				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4068				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4069			return -EINVAL;
4070		break;
4071	case CFG80211_STA_IBSS:
4072	case CFG80211_STA_AP_STA:
4073		/* reject any changes other than AUTHORIZED */
4074		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
4075			return -EINVAL;
4076		break;
4077	case CFG80211_STA_TDLS_PEER_SETUP:
4078		/* reject any changes other than AUTHORIZED or WME */
4079		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4080					       BIT(NL80211_STA_FLAG_WME)))
4081			return -EINVAL;
4082		/* force (at least) rates when authorizing */
4083		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
4084		    !params->supported_rates)
4085			return -EINVAL;
4086		break;
4087	case CFG80211_STA_TDLS_PEER_ACTIVE:
4088		/* reject any changes */
4089		return -EINVAL;
4090	case CFG80211_STA_MESH_PEER_KERNEL:
4091		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4092			return -EINVAL;
4093		break;
4094	case CFG80211_STA_MESH_PEER_USER:
4095		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
4096		    params->plink_action != NL80211_PLINK_ACTION_BLOCK)
4097			return -EINVAL;
4098		break;
4099	}
4100
4101	return 0;
4102}
4103EXPORT_SYMBOL(cfg80211_check_station_change);
4104
4105/*
4106 * Get vlan interface making sure it is running and on the right wiphy.
4107 */
4108static struct net_device *get_vlan(struct genl_info *info,
4109				   struct cfg80211_registered_device *rdev)
4110{
4111	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
4112	struct net_device *v;
4113	int ret;
4114
4115	if (!vlanattr)
4116		return NULL;
4117
4118	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
4119	if (!v)
4120		return ERR_PTR(-ENODEV);
4121
4122	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
4123		ret = -EINVAL;
4124		goto error;
4125	}
4126
4127	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4128	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4129	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
4130		ret = -EINVAL;
4131		goto error;
4132	}
4133
4134	if (!netif_running(v)) {
4135		ret = -ENETDOWN;
4136		goto error;
4137	}
4138
4139	return v;
4140 error:
4141	dev_put(v);
4142	return ERR_PTR(ret);
4143}
4144
4145static const struct nla_policy
4146nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4147	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
4148	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
4149};
4150
4151static int nl80211_parse_sta_wme(struct genl_info *info,
4152				 struct station_parameters *params)
4153{
4154	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
4155	struct nlattr *nla;
4156	int err;
4157
4158	/* parse WME attributes if present */
4159	if (!info->attrs[NL80211_ATTR_STA_WME])
4160		return 0;
4161
4162	nla = info->attrs[NL80211_ATTR_STA_WME];
4163	err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4164			       nl80211_sta_wme_policy);
4165	if (err)
4166		return err;
4167
4168	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4169		params->uapsd_queues = nla_get_u8(
4170			tb[NL80211_STA_WME_UAPSD_QUEUES]);
4171	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4172		return -EINVAL;
4173
4174	if (tb[NL80211_STA_WME_MAX_SP])
4175		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4176
4177	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4178		return -EINVAL;
4179
4180	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4181
4182	return 0;
4183}
4184
4185static int nl80211_parse_sta_channel_info(struct genl_info *info,
4186				      struct station_parameters *params)
4187{
4188	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4189		params->supported_channels =
4190		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4191		params->supported_channels_len =
4192		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4193		/*
4194		 * Need to include at least one (first channel, number of
4195		 * channels) tuple for each subband, and must have proper
4196		 * tuples for the rest of the data as well.
4197		 */
4198		if (params->supported_channels_len < 2)
4199			return -EINVAL;
4200		if (params->supported_channels_len % 2)
4201			return -EINVAL;
4202	}
4203
4204	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4205		params->supported_oper_classes =
4206		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4207		params->supported_oper_classes_len =
4208		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4209		/*
4210		 * The value of the Length field of the Supported Operating
4211		 * Classes element is between 2 and 253.
4212		 */
4213		if (params->supported_oper_classes_len < 2 ||
4214		    params->supported_oper_classes_len > 253)
4215			return -EINVAL;
4216	}
4217	return 0;
4218}
4219
4220static int nl80211_set_station_tdls(struct genl_info *info,
4221				    struct station_parameters *params)
4222{
4223	int err;
4224	/* Dummy STA entry gets updated once the peer capabilities are known */
4225	if (info->attrs[NL80211_ATTR_PEER_AID])
4226		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4227	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4228		params->ht_capa =
4229			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4230	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4231		params->vht_capa =
4232			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4233
4234	err = nl80211_parse_sta_channel_info(info, params);
4235	if (err)
4236		return err;
4237
4238	return nl80211_parse_sta_wme(info, params);
4239}
4240
4241static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4242{
4243	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4244	struct net_device *dev = info->user_ptr[1];
4245	struct station_parameters params;
4246	u8 *mac_addr;
4247	int err;
4248
4249	memset(&params, 0, sizeof(params));
4250
4251	if (!rdev->ops->change_station)
4252		return -EOPNOTSUPP;
4253
4254	/*
4255	 * AID and listen_interval properties can be set only for unassociated
4256	 * station. Include these parameters here and will check them in
4257	 * cfg80211_check_station_change().
4258	 */
4259	if (info->attrs[NL80211_ATTR_PEER_AID])
4260		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4261
4262	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4263		params.listen_interval =
4264		     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4265	else
4266		params.listen_interval = -1;
4267
4268	if (!info->attrs[NL80211_ATTR_MAC])
4269		return -EINVAL;
4270
4271	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4272
4273	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4274		params.supported_rates =
4275			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4276		params.supported_rates_len =
4277			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4278	}
4279
4280	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4281		params.capability =
4282			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4283		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4284	}
4285
4286	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4287		params.ext_capab =
4288			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4289		params.ext_capab_len =
4290			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4291	}
4292
4293	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4294		return -EINVAL;
4295
4296	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4297		params.plink_action =
4298			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4299		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4300			return -EINVAL;
4301	}
4302
4303	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4304		params.plink_state =
4305			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4306		if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4307			return -EINVAL;
4308		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4309	}
4310
4311	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4312		enum nl80211_mesh_power_mode pm = nla_get_u32(
4313			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4314
4315		if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4316		    pm > NL80211_MESH_POWER_MAX)
4317			return -EINVAL;
4318
4319		params.local_pm = pm;
4320	}
4321
4322	/* Include parameters for TDLS peer (will check later) */
4323	err = nl80211_set_station_tdls(info, &params);
4324	if (err)
4325		return err;
4326
4327	params.vlan = get_vlan(info, rdev);
4328	if (IS_ERR(params.vlan))
4329		return PTR_ERR(params.vlan);
4330
4331	switch (dev->ieee80211_ptr->iftype) {
4332	case NL80211_IFTYPE_AP:
4333	case NL80211_IFTYPE_AP_VLAN:
4334	case NL80211_IFTYPE_P2P_GO:
4335	case NL80211_IFTYPE_P2P_CLIENT:
4336	case NL80211_IFTYPE_STATION:
4337	case NL80211_IFTYPE_ADHOC:
4338	case NL80211_IFTYPE_MESH_POINT:
4339		break;
4340	default:
4341		err = -EOPNOTSUPP;
4342		goto out_put_vlan;
4343	}
4344
4345	/* driver will call cfg80211_check_station_change() */
4346	err = rdev_change_station(rdev, dev, mac_addr, &params);
4347
4348 out_put_vlan:
4349	if (params.vlan)
4350		dev_put(params.vlan);
4351
4352	return err;
4353}
4354
4355static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4356{
4357	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4358	int err;
4359	struct net_device *dev = info->user_ptr[1];
4360	struct station_parameters params;
4361	u8 *mac_addr = NULL;
4362
4363	memset(&params, 0, sizeof(params));
4364
4365	if (!rdev->ops->add_station)
4366		return -EOPNOTSUPP;
4367
4368	if (!info->attrs[NL80211_ATTR_MAC])
4369		return -EINVAL;
4370
4371	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4372		return -EINVAL;
4373
4374	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4375		return -EINVAL;
4376
4377	if (!info->attrs[NL80211_ATTR_STA_AID] &&
4378	    !info->attrs[NL80211_ATTR_PEER_AID])
4379		return -EINVAL;
4380
4381	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4382	params.supported_rates =
4383		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4384	params.supported_rates_len =
4385		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4386	params.listen_interval =
4387		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4388
4389	if (info->attrs[NL80211_ATTR_PEER_AID])
4390		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4391	else
4392		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4393	if (!params.aid || params.aid > IEEE80211_MAX_AID)
4394		return -EINVAL;
4395
4396	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4397		params.capability =
4398			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4399		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4400	}
4401
4402	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4403		params.ext_capab =
4404			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4405		params.ext_capab_len =
4406			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4407	}
4408
4409	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4410		params.ht_capa =
4411			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4412
4413	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4414		params.vht_capa =
4415			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4416
4417	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4418		params.opmode_notif_used = true;
4419		params.opmode_notif =
4420			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4421	}
4422
4423	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4424		params.plink_action =
4425			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4426		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4427			return -EINVAL;
4428	}
4429
4430	err = nl80211_parse_sta_channel_info(info, &params);
4431	if (err)
4432		return err;
4433
4434	err = nl80211_parse_sta_wme(info, &params);
4435	if (err)
4436		return err;
4437
4438	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4439		return -EINVAL;
4440
4441	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
4442	 * as userspace might just pass through the capabilities from the IEs
4443	 * directly, rather than enforcing this restriction and returning an
4444	 * error in this case.
4445	 */
4446	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
4447		params.ht_capa = NULL;
4448		params.vht_capa = NULL;
4449	}
4450
4451	/* When you run into this, adjust the code below for the new flag */
4452	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4453
4454	switch (dev->ieee80211_ptr->iftype) {
4455	case NL80211_IFTYPE_AP:
4456	case NL80211_IFTYPE_AP_VLAN:
4457	case NL80211_IFTYPE_P2P_GO:
4458		/* ignore WME attributes if iface/sta is not capable */
4459		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4460		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4461			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4462
4463		/* TDLS peers cannot be added */
4464		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4465		    info->attrs[NL80211_ATTR_PEER_AID])
4466			return -EINVAL;
4467		/* but don't bother the driver with it */
4468		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4469
4470		/* allow authenticated/associated only if driver handles it */
4471		if (!(rdev->wiphy.features &
4472				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4473		    params.sta_flags_mask &
4474				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4475				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4476			return -EINVAL;
4477
4478		/* must be last in here for error handling */
4479		params.vlan = get_vlan(info, rdev);
4480		if (IS_ERR(params.vlan))
4481			return PTR_ERR(params.vlan);
4482		break;
4483	case NL80211_IFTYPE_MESH_POINT:
4484		/* ignore uAPSD data */
4485		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4486
4487		/* associated is disallowed */
4488		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4489			return -EINVAL;
4490		/* TDLS peers cannot be added */
4491		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4492		    info->attrs[NL80211_ATTR_PEER_AID])
4493			return -EINVAL;
4494		break;
4495	case NL80211_IFTYPE_STATION:
4496	case NL80211_IFTYPE_P2P_CLIENT:
4497		/* ignore uAPSD data */
4498		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4499
4500		/* these are disallowed */
4501		if (params.sta_flags_mask &
4502				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
4503				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4504			return -EINVAL;
4505		/* Only TDLS peers can be added */
4506		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4507			return -EINVAL;
4508		/* Can only add if TDLS ... */
4509		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4510			return -EOPNOTSUPP;
4511		/* ... with external setup is supported */
4512		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4513			return -EOPNOTSUPP;
4514		/*
4515		 * Older wpa_supplicant versions always mark the TDLS peer
4516		 * as authorized, but it shouldn't yet be.
4517		 */
4518		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4519		break;
4520	default:
4521		return -EOPNOTSUPP;
4522	}
4523
4524	/* be aware of params.vlan when changing code here */
4525
4526	err = rdev_add_station(rdev, dev, mac_addr, &params);
4527
4528	if (params.vlan)
4529		dev_put(params.vlan);
4530	return err;
4531}
4532
4533static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4534{
4535	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4536	struct net_device *dev = info->user_ptr[1];
4537	struct station_del_parameters params;
4538
4539	memset(&params, 0, sizeof(params));
4540
4541	if (info->attrs[NL80211_ATTR_MAC])
4542		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
4543
4544	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4545	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4546	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4547	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4548		return -EINVAL;
4549
4550	if (!rdev->ops->del_station)
4551		return -EOPNOTSUPP;
4552
4553	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
4554		params.subtype =
4555			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
4556		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
4557		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
4558			return -EINVAL;
4559	} else {
4560		/* Default to Deauthentication frame */
4561		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
4562	}
4563
4564	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
4565		params.reason_code =
4566			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4567		if (params.reason_code == 0)
4568			return -EINVAL; /* 0 is reserved */
4569	} else {
4570		/* Default to reason code 2 */
4571		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
4572	}
4573
4574	return rdev_del_station(rdev, dev, &params);
4575}
4576
4577static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4578				int flags, struct net_device *dev,
4579				u8 *dst, u8 *next_hop,
4580				struct mpath_info *pinfo)
4581{
4582	void *hdr;
4583	struct nlattr *pinfoattr;
4584
4585	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
4586	if (!hdr)
4587		return -1;
4588
4589	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4590	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4591	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4592	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4593		goto nla_put_failure;
4594
4595	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4596	if (!pinfoattr)
4597		goto nla_put_failure;
4598	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4599	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4600			pinfo->frame_qlen))
4601		goto nla_put_failure;
4602	if (((pinfo->filled & MPATH_INFO_SN) &&
4603	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4604	    ((pinfo->filled & MPATH_INFO_METRIC) &&
4605	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4606			 pinfo->metric)) ||
4607	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4608	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4609			 pinfo->exptime)) ||
4610	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
4611	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4612			pinfo->flags)) ||
4613	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4614	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4615			 pinfo->discovery_timeout)) ||
4616	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4617	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4618			pinfo->discovery_retries)))
4619		goto nla_put_failure;
4620
4621	nla_nest_end(msg, pinfoattr);
4622
4623	genlmsg_end(msg, hdr);
4624	return 0;
4625
4626 nla_put_failure:
4627	genlmsg_cancel(msg, hdr);
4628	return -EMSGSIZE;
4629}
4630
4631static int nl80211_dump_mpath(struct sk_buff *skb,
4632			      struct netlink_callback *cb)
4633{
4634	struct mpath_info pinfo;
4635	struct cfg80211_registered_device *rdev;
4636	struct wireless_dev *wdev;
4637	u8 dst[ETH_ALEN];
4638	u8 next_hop[ETH_ALEN];
4639	int path_idx = cb->args[2];
4640	int err;
4641
4642	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4643	if (err)
4644		return err;
4645
4646	if (!rdev->ops->dump_mpath) {
4647		err = -EOPNOTSUPP;
4648		goto out_err;
4649	}
4650
4651	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4652		err = -EOPNOTSUPP;
4653		goto out_err;
4654	}
4655
4656	while (1) {
4657		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
4658				      next_hop, &pinfo);
4659		if (err == -ENOENT)
4660			break;
4661		if (err)
4662			goto out_err;
4663
4664		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4665				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4666				       wdev->netdev, dst, next_hop,
4667				       &pinfo) < 0)
4668			goto out;
4669
4670		path_idx++;
4671	}
4672
4673
4674 out:
4675	cb->args[2] = path_idx;
4676	err = skb->len;
4677 out_err:
4678	nl80211_finish_wdev_dump(rdev);
4679	return err;
4680}
4681
4682static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4683{
4684	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4685	int err;
4686	struct net_device *dev = info->user_ptr[1];
4687	struct mpath_info pinfo;
4688	struct sk_buff *msg;
4689	u8 *dst = NULL;
4690	u8 next_hop[ETH_ALEN];
4691
4692	memset(&pinfo, 0, sizeof(pinfo));
4693
4694	if (!info->attrs[NL80211_ATTR_MAC])
4695		return -EINVAL;
4696
4697	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4698
4699	if (!rdev->ops->get_mpath)
4700		return -EOPNOTSUPP;
4701
4702	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4703		return -EOPNOTSUPP;
4704
4705	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4706	if (err)
4707		return err;
4708
4709	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4710	if (!msg)
4711		return -ENOMEM;
4712
4713	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4714				 dev, dst, next_hop, &pinfo) < 0) {
4715		nlmsg_free(msg);
4716		return -ENOBUFS;
4717	}
4718
4719	return genlmsg_reply(msg, info);
4720}
4721
4722static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4723{
4724	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4725	struct net_device *dev = info->user_ptr[1];
4726	u8 *dst = NULL;
4727	u8 *next_hop = NULL;
4728
4729	if (!info->attrs[NL80211_ATTR_MAC])
4730		return -EINVAL;
4731
4732	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4733		return -EINVAL;
4734
4735	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4736	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4737
4738	if (!rdev->ops->change_mpath)
4739		return -EOPNOTSUPP;
4740
4741	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4742		return -EOPNOTSUPP;
4743
4744	return rdev_change_mpath(rdev, dev, dst, next_hop);
4745}
4746
4747static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4748{
4749	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4750	struct net_device *dev = info->user_ptr[1];
4751	u8 *dst = NULL;
4752	u8 *next_hop = NULL;
4753
4754	if (!info->attrs[NL80211_ATTR_MAC])
4755		return -EINVAL;
4756
4757	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4758		return -EINVAL;
4759
4760	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4761	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4762
4763	if (!rdev->ops->add_mpath)
4764		return -EOPNOTSUPP;
4765
4766	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4767		return -EOPNOTSUPP;
4768
4769	return rdev_add_mpath(rdev, dev, dst, next_hop);
4770}
4771
4772static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4773{
4774	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4775	struct net_device *dev = info->user_ptr[1];
4776	u8 *dst = NULL;
4777
4778	if (info->attrs[NL80211_ATTR_MAC])
4779		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4780
4781	if (!rdev->ops->del_mpath)
4782		return -EOPNOTSUPP;
4783
4784	return rdev_del_mpath(rdev, dev, dst);
4785}
4786
4787static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
4788{
4789	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4790	int err;
4791	struct net_device *dev = info->user_ptr[1];
4792	struct mpath_info pinfo;
4793	struct sk_buff *msg;
4794	u8 *dst = NULL;
4795	u8 mpp[ETH_ALEN];
4796
4797	memset(&pinfo, 0, sizeof(pinfo));
4798
4799	if (!info->attrs[NL80211_ATTR_MAC])
4800		return -EINVAL;
4801
4802	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4803
4804	if (!rdev->ops->get_mpp)
4805		return -EOPNOTSUPP;
4806
4807	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4808		return -EOPNOTSUPP;
4809
4810	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
4811	if (err)
4812		return err;
4813
4814	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4815	if (!msg)
4816		return -ENOMEM;
4817
4818	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4819			       dev, dst, mpp, &pinfo) < 0) {
4820		nlmsg_free(msg);
4821		return -ENOBUFS;
4822	}
4823
4824	return genlmsg_reply(msg, info);
4825}
4826
4827static int nl80211_dump_mpp(struct sk_buff *skb,
4828			    struct netlink_callback *cb)
4829{
4830	struct mpath_info pinfo;
4831	struct cfg80211_registered_device *rdev;
4832	struct wireless_dev *wdev;
4833	u8 dst[ETH_ALEN];
4834	u8 mpp[ETH_ALEN];
4835	int path_idx = cb->args[2];
4836	int err;
4837
4838	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4839	if (err)
4840		return err;
4841
4842	if (!rdev->ops->dump_mpp) {
4843		err = -EOPNOTSUPP;
4844		goto out_err;
4845	}
4846
4847	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4848		err = -EOPNOTSUPP;
4849		goto out_err;
4850	}
4851
4852	while (1) {
4853		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
4854				    mpp, &pinfo);
4855		if (err == -ENOENT)
4856			break;
4857		if (err)
4858			goto out_err;
4859
4860		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4861				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4862				       wdev->netdev, dst, mpp,
4863				       &pinfo) < 0)
4864			goto out;
4865
4866		path_idx++;
4867	}
4868
4869 out:
4870	cb->args[2] = path_idx;
4871	err = skb->len;
4872 out_err:
4873	nl80211_finish_wdev_dump(rdev);
4874	return err;
4875}
4876
4877static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4878{
4879	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4880	struct net_device *dev = info->user_ptr[1];
4881	struct wireless_dev *wdev = dev->ieee80211_ptr;
4882	struct bss_parameters params;
4883	int err;
4884
4885	memset(&params, 0, sizeof(params));
4886	/* default to not changing parameters */
4887	params.use_cts_prot = -1;
4888	params.use_short_preamble = -1;
4889	params.use_short_slot_time = -1;
4890	params.ap_isolate = -1;
4891	params.ht_opmode = -1;
4892	params.p2p_ctwindow = -1;
4893	params.p2p_opp_ps = -1;
4894
4895	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4896		params.use_cts_prot =
4897		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4898	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4899		params.use_short_preamble =
4900		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4901	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4902		params.use_short_slot_time =
4903		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4904	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4905		params.basic_rates =
4906			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4907		params.basic_rates_len =
4908			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4909	}
4910	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4911		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4912	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4913		params.ht_opmode =
4914			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4915
4916	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4917		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4918			return -EINVAL;
4919		params.p2p_ctwindow =
4920			nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4921		if (params.p2p_ctwindow < 0)
4922			return -EINVAL;
4923		if (params.p2p_ctwindow != 0 &&
4924		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4925			return -EINVAL;
4926	}
4927
4928	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4929		u8 tmp;
4930
4931		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4932			return -EINVAL;
4933		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4934		if (tmp > 1)
4935			return -EINVAL;
4936		params.p2p_opp_ps = tmp;
4937		if (params.p2p_opp_ps &&
4938		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4939			return -EINVAL;
4940	}
4941
4942	if (!rdev->ops->change_bss)
4943		return -EOPNOTSUPP;
4944
4945	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4946	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4947		return -EOPNOTSUPP;
4948
4949	wdev_lock(wdev);
4950	err = rdev_change_bss(rdev, dev, &params);
4951	wdev_unlock(wdev);
4952
4953	return err;
4954}
4955
4956static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4957{
4958	char *data = NULL;
4959	bool is_indoor;
4960	enum nl80211_user_reg_hint_type user_reg_hint_type;
4961	u32 owner_nlportid;
4962
4963
4964	/*
4965	 * You should only get this when cfg80211 hasn't yet initialized
4966	 * completely when built-in to the kernel right between the time
4967	 * window between nl80211_init() and regulatory_init(), if that is
4968	 * even possible.
4969	 */
4970	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4971		return -EINPROGRESS;
4972
4973	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4974		user_reg_hint_type =
4975		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4976	else
4977		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4978
4979	switch (user_reg_hint_type) {
4980	case NL80211_USER_REG_HINT_USER:
4981	case NL80211_USER_REG_HINT_CELL_BASE:
4982		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4983			return -EINVAL;
4984
4985		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4986		return regulatory_hint_user(data, user_reg_hint_type);
4987	case NL80211_USER_REG_HINT_INDOOR:
4988		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
4989			owner_nlportid = info->snd_portid;
4990			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
4991		} else {
4992			owner_nlportid = 0;
4993			is_indoor = true;
4994		}
4995
4996		return regulatory_hint_indoor(is_indoor, owner_nlportid);
4997	default:
4998		return -EINVAL;
4999	}
5000}
5001
5002static int nl80211_get_mesh_config(struct sk_buff *skb,
5003				   struct genl_info *info)
5004{
5005	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5006	struct net_device *dev = info->user_ptr[1];
5007	struct wireless_dev *wdev = dev->ieee80211_ptr;
5008	struct mesh_config cur_params;
5009	int err = 0;
5010	void *hdr;
5011	struct nlattr *pinfoattr;
5012	struct sk_buff *msg;
5013
5014	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5015		return -EOPNOTSUPP;
5016
5017	if (!rdev->ops->get_mesh_config)
5018		return -EOPNOTSUPP;
5019
5020	wdev_lock(wdev);
5021	/* If not connected, get default parameters */
5022	if (!wdev->mesh_id_len)
5023		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
5024	else
5025		err = rdev_get_mesh_config(rdev, dev, &cur_params);
5026	wdev_unlock(wdev);
5027
5028	if (err)
5029		return err;
5030
5031	/* Draw up a netlink message to send back */
5032	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5033	if (!msg)
5034		return -ENOMEM;
5035	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5036			     NL80211_CMD_GET_MESH_CONFIG);
5037	if (!hdr)
5038		goto out;
5039	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
5040	if (!pinfoattr)
5041		goto nla_put_failure;
5042	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5043	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
5044			cur_params.dot11MeshRetryTimeout) ||
5045	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5046			cur_params.dot11MeshConfirmTimeout) ||
5047	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
5048			cur_params.dot11MeshHoldingTimeout) ||
5049	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
5050			cur_params.dot11MeshMaxPeerLinks) ||
5051	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
5052		       cur_params.dot11MeshMaxRetries) ||
5053	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
5054		       cur_params.dot11MeshTTL) ||
5055	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
5056		       cur_params.element_ttl) ||
5057	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5058		       cur_params.auto_open_plinks) ||
5059	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5060			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
5061	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5062		       cur_params.dot11MeshHWMPmaxPREQretries) ||
5063	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
5064			cur_params.path_refresh_time) ||
5065	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5066			cur_params.min_discovery_timeout) ||
5067	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5068			cur_params.dot11MeshHWMPactivePathTimeout) ||
5069	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5070			cur_params.dot11MeshHWMPpreqMinInterval) ||
5071	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5072			cur_params.dot11MeshHWMPperrMinInterval) ||
5073	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5074			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
5075	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
5076		       cur_params.dot11MeshHWMPRootMode) ||
5077	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5078			cur_params.dot11MeshHWMPRannInterval) ||
5079	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5080		       cur_params.dot11MeshGateAnnouncementProtocol) ||
5081	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
5082		       cur_params.dot11MeshForwarding) ||
5083	    nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
5084			cur_params.rssi_threshold) ||
5085	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
5086			cur_params.ht_opmode) ||
5087	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5088			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
5089	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5090			cur_params.dot11MeshHWMProotInterval) ||
5091	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5092			cur_params.dot11MeshHWMPconfirmationInterval) ||
5093	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
5094			cur_params.power_mode) ||
5095	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
5096			cur_params.dot11MeshAwakeWindowDuration) ||
5097	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
5098			cur_params.plink_timeout))
5099		goto nla_put_failure;
5100	nla_nest_end(msg, pinfoattr);
5101	genlmsg_end(msg, hdr);
5102	return genlmsg_reply(msg, info);
5103
5104 nla_put_failure:
5105	genlmsg_cancel(msg, hdr);
5106 out:
5107	nlmsg_free(msg);
5108	return -ENOBUFS;
5109}
5110
5111static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
5112	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
5113	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
5114	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
5115	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
5116	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
5117	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
5118	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
5119	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
5120	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
5121	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
5122	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
5123	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
5124	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
5125	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
5126	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
5127	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
5128	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
5129	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
5130	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
5131	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
5132	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
5133	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
5134	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
5135	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
5136	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
5137	[NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
5138	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
5139	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
5140};
5141
5142static const struct nla_policy
5143	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
5144	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
5145	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
5146	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
5147	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
5148	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
5149	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
5150	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
5151				    .len = IEEE80211_MAX_DATA_LEN },
5152	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
5153};
5154
5155static int nl80211_parse_mesh_config(struct genl_info *info,
5156				     struct mesh_config *cfg,
5157				     u32 *mask_out)
5158{
5159	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
5160	u32 mask = 0;
5161
5162#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
5163do {									    \
5164	if (tb[attr]) {							    \
5165		if (fn(tb[attr]) < min || fn(tb[attr]) > max)		    \
5166			return -EINVAL;					    \
5167		cfg->param = fn(tb[attr]);				    \
5168		mask |= (1 << (attr - 1));				    \
5169	}								    \
5170} while (0)
5171
5172
5173	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
5174		return -EINVAL;
5175	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
5176			     info->attrs[NL80211_ATTR_MESH_CONFIG],
5177			     nl80211_meshconf_params_policy))
5178		return -EINVAL;
5179
5180	/* This makes sure that there aren't more than 32 mesh config
5181	 * parameters (otherwise our bitfield scheme would not work.) */
5182	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
5183
5184	/* Fill in the params struct */
5185	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
5186				  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
5187				  nla_get_u16);
5188	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
5189				  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5190				  nla_get_u16);
5191	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
5192				  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
5193				  nla_get_u16);
5194	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
5195				  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
5196				  nla_get_u16);
5197	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
5198				  mask, NL80211_MESHCONF_MAX_RETRIES,
5199				  nla_get_u8);
5200	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
5201				  mask, NL80211_MESHCONF_TTL, nla_get_u8);
5202	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
5203				  mask, NL80211_MESHCONF_ELEMENT_TTL,
5204				  nla_get_u8);
5205	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
5206				  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5207				  nla_get_u8);
5208	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
5209				  1, 255, mask,
5210				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5211				  nla_get_u32);
5212	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
5213				  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5214				  nla_get_u8);
5215	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
5216				  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
5217				  nla_get_u32);
5218	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
5219				  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5220				  nla_get_u16);
5221	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
5222				  1, 65535, mask,
5223				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5224				  nla_get_u32);
5225	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
5226				  1, 65535, mask,
5227				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5228				  nla_get_u16);
5229	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
5230				  1, 65535, mask,
5231				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5232				  nla_get_u16);
5233	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5234				  dot11MeshHWMPnetDiameterTraversalTime,
5235				  1, 65535, mask,
5236				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5237				  nla_get_u16);
5238	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
5239				  mask, NL80211_MESHCONF_HWMP_ROOTMODE,
5240				  nla_get_u8);
5241	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
5242				  mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5243				  nla_get_u16);
5244	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5245				  dot11MeshGateAnnouncementProtocol, 0, 1,
5246				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5247				  nla_get_u8);
5248	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
5249				  mask, NL80211_MESHCONF_FORWARDING,
5250				  nla_get_u8);
5251	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
5252				  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
5253				  nla_get_s32);
5254	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
5255				  mask, NL80211_MESHCONF_HT_OPMODE,
5256				  nla_get_u16);
5257	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
5258				  1, 65535, mask,
5259				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5260				  nla_get_u32);
5261	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
5262				  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5263				  nla_get_u16);
5264	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5265				  dot11MeshHWMPconfirmationInterval,
5266				  1, 65535, mask,
5267				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5268				  nla_get_u16);
5269	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
5270				  NL80211_MESH_POWER_ACTIVE,
5271				  NL80211_MESH_POWER_MAX,
5272				  mask, NL80211_MESHCONF_POWER_MODE,
5273				  nla_get_u32);
5274	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
5275				  0, 65535, mask,
5276				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
5277	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
5278				  mask, NL80211_MESHCONF_PLINK_TIMEOUT,
5279				  nla_get_u32);
5280	if (mask_out)
5281		*mask_out = mask;
5282
5283	return 0;
5284
5285#undef FILL_IN_MESH_PARAM_IF_SET
5286}
5287
5288static int nl80211_parse_mesh_setup(struct genl_info *info,
5289				     struct mesh_setup *setup)
5290{
5291	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5292	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
5293
5294	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
5295		return -EINVAL;
5296	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
5297			     info->attrs[NL80211_ATTR_MESH_SETUP],
5298			     nl80211_mesh_setup_params_policy))
5299		return -EINVAL;
5300
5301	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
5302		setup->sync_method =
5303		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
5304		 IEEE80211_SYNC_METHOD_VENDOR :
5305		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
5306
5307	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
5308		setup->path_sel_proto =
5309		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
5310		 IEEE80211_PATH_PROTOCOL_VENDOR :
5311		 IEEE80211_PATH_PROTOCOL_HWMP;
5312
5313	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
5314		setup->path_metric =
5315		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
5316		 IEEE80211_PATH_METRIC_VENDOR :
5317		 IEEE80211_PATH_METRIC_AIRTIME;
5318
5319
5320	if (tb[NL80211_MESH_SETUP_IE]) {
5321		struct nlattr *ieattr =
5322			tb[NL80211_MESH_SETUP_IE];
5323		if (!is_valid_ie_attr(ieattr))
5324			return -EINVAL;
5325		setup->ie = nla_data(ieattr);
5326		setup->ie_len = nla_len(ieattr);
5327	}
5328	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
5329	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
5330		return -EINVAL;
5331	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
5332	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
5333	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
5334	if (setup->is_secure)
5335		setup->user_mpm = true;
5336
5337	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
5338		if (!setup->user_mpm)
5339			return -EINVAL;
5340		setup->auth_id =
5341			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
5342	}
5343
5344	return 0;
5345}
5346
5347static int nl80211_update_mesh_config(struct sk_buff *skb,
5348				      struct genl_info *info)
5349{
5350	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5351	struct net_device *dev = info->user_ptr[1];
5352	struct wireless_dev *wdev = dev->ieee80211_ptr;
5353	struct mesh_config cfg;
5354	u32 mask;
5355	int err;
5356
5357	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5358		return -EOPNOTSUPP;
5359
5360	if (!rdev->ops->update_mesh_config)
5361		return -EOPNOTSUPP;
5362
5363	err = nl80211_parse_mesh_config(info, &cfg, &mask);
5364	if (err)
5365		return err;
5366
5367	wdev_lock(wdev);
5368	if (!wdev->mesh_id_len)
5369		err = -ENOLINK;
5370
5371	if (!err)
5372		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5373
5374	wdev_unlock(wdev);
5375
5376	return err;
5377}
5378
5379static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
5380			      struct sk_buff *msg)
5381{
5382	struct nlattr *nl_reg_rules;
5383	unsigned int i;
5384
5385	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
5386	    (regdom->dfs_region &&
5387	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
5388		goto nla_put_failure;
5389
5390	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
5391	if (!nl_reg_rules)
5392		goto nla_put_failure;
5393
5394	for (i = 0; i < regdom->n_reg_rules; i++) {
5395		struct nlattr *nl_reg_rule;
5396		const struct ieee80211_reg_rule *reg_rule;
5397		const struct ieee80211_freq_range *freq_range;
5398		const struct ieee80211_power_rule *power_rule;
5399		unsigned int max_bandwidth_khz;
5400
5401		reg_rule = &regdom->reg_rules[i];
5402		freq_range = &reg_rule->freq_range;
5403		power_rule = &reg_rule->power_rule;
5404
5405		nl_reg_rule = nla_nest_start(msg, i);
5406		if (!nl_reg_rule)
5407			goto nla_put_failure;
5408
5409		max_bandwidth_khz = freq_range->max_bandwidth_khz;
5410		if (!max_bandwidth_khz)
5411			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
5412								  reg_rule);
5413
5414		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
5415				reg_rule->flags) ||
5416		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
5417				freq_range->start_freq_khz) ||
5418		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
5419				freq_range->end_freq_khz) ||
5420		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5421				max_bandwidth_khz) ||
5422		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
5423				power_rule->max_antenna_gain) ||
5424		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5425				power_rule->max_eirp) ||
5426		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
5427				reg_rule->dfs_cac_ms))
5428			goto nla_put_failure;
5429
5430		nla_nest_end(msg, nl_reg_rule);
5431	}
5432
5433	nla_nest_end(msg, nl_reg_rules);
5434	return 0;
5435
5436nla_put_failure:
5437	return -EMSGSIZE;
5438}
5439
5440static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
5441{
5442	const struct ieee80211_regdomain *regdom = NULL;
5443	struct cfg80211_registered_device *rdev;
5444	struct wiphy *wiphy = NULL;
5445	struct sk_buff *msg;
5446	void *hdr;
5447
5448	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5449	if (!msg)
5450		return -ENOBUFS;
5451
5452	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5453			     NL80211_CMD_GET_REG);
5454	if (!hdr)
5455		goto put_failure;
5456
5457	if (info->attrs[NL80211_ATTR_WIPHY]) {
5458		bool self_managed;
5459
5460		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
5461		if (IS_ERR(rdev)) {
5462			nlmsg_free(msg);
5463			return PTR_ERR(rdev);
5464		}
5465
5466		wiphy = &rdev->wiphy;
5467		self_managed = wiphy->regulatory_flags &
5468			       REGULATORY_WIPHY_SELF_MANAGED;
5469		regdom = get_wiphy_regdom(wiphy);
5470
5471		/* a self-managed-reg device must have a private regdom */
5472		if (WARN_ON(!regdom && self_managed)) {
5473			nlmsg_free(msg);
5474			return -EINVAL;
5475		}
5476
5477		if (regdom &&
5478		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
5479			goto nla_put_failure;
5480	}
5481
5482	if (!wiphy && reg_last_request_cell_base() &&
5483	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5484			NL80211_USER_REG_HINT_CELL_BASE))
5485		goto nla_put_failure;
5486
5487	rcu_read_lock();
5488
5489	if (!regdom)
5490		regdom = rcu_dereference(cfg80211_regdomain);
5491
5492	if (nl80211_put_regdom(regdom, msg))
5493		goto nla_put_failure_rcu;
5494
5495	rcu_read_unlock();
5496
5497	genlmsg_end(msg, hdr);
5498	return genlmsg_reply(msg, info);
5499
5500nla_put_failure_rcu:
5501	rcu_read_unlock();
5502nla_put_failure:
5503	genlmsg_cancel(msg, hdr);
5504put_failure:
5505	nlmsg_free(msg);
5506	return -EMSGSIZE;
5507}
5508
5509static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
5510			       u32 seq, int flags, struct wiphy *wiphy,
5511			       const struct ieee80211_regdomain *regdom)
5512{
5513	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5514				   NL80211_CMD_GET_REG);
5515
5516	if (!hdr)
5517		return -1;
5518
5519	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5520
5521	if (nl80211_put_regdom(regdom, msg))
5522		goto nla_put_failure;
5523
5524	if (!wiphy && reg_last_request_cell_base() &&
5525	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5526			NL80211_USER_REG_HINT_CELL_BASE))
5527		goto nla_put_failure;
5528
5529	if (wiphy &&
5530	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
5531		goto nla_put_failure;
5532
5533	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
5534	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
5535		goto nla_put_failure;
5536
5537	genlmsg_end(msg, hdr);
5538	return 0;
5539
5540nla_put_failure:
5541	genlmsg_cancel(msg, hdr);
5542	return -EMSGSIZE;
5543}
5544
5545static int nl80211_get_reg_dump(struct sk_buff *skb,
5546				struct netlink_callback *cb)
5547{
5548	const struct ieee80211_regdomain *regdom = NULL;
5549	struct cfg80211_registered_device *rdev;
5550	int err, reg_idx, start = cb->args[2];
5551
5552	rtnl_lock();
5553
5554	if (cfg80211_regdomain && start == 0) {
5555		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
5556					  NLM_F_MULTI, NULL,
5557					  rtnl_dereference(cfg80211_regdomain));
5558		if (err < 0)
5559			goto out_err;
5560	}
5561
5562	/* the global regdom is idx 0 */
5563	reg_idx = 1;
5564	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
5565		regdom = get_wiphy_regdom(&rdev->wiphy);
5566		if (!regdom)
5567			continue;
5568
5569		if (++reg_idx <= start)
5570			continue;
5571
5572		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
5573					  NLM_F_MULTI, &rdev->wiphy, regdom);
5574		if (err < 0) {
5575			reg_idx--;
5576			break;
5577		}
5578	}
5579
5580	cb->args[2] = reg_idx;
5581	err = skb->len;
5582out_err:
5583	rtnl_unlock();
5584	return err;
5585}
5586
5587#ifdef CONFIG_CFG80211_CRDA_SUPPORT
5588static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
5589	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
5590	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
5591	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
5592	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
5593	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
5594	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
5595	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
5596};
5597
5598static int parse_reg_rule(struct nlattr *tb[],
5599	struct ieee80211_reg_rule *reg_rule)
5600{
5601	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
5602	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
5603
5604	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
5605		return -EINVAL;
5606	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
5607		return -EINVAL;
5608	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
5609		return -EINVAL;
5610	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
5611		return -EINVAL;
5612	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
5613		return -EINVAL;
5614
5615	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
5616
5617	freq_range->start_freq_khz =
5618		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
5619	freq_range->end_freq_khz =
5620		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
5621	freq_range->max_bandwidth_khz =
5622		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
5623
5624	power_rule->max_eirp =
5625		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
5626
5627	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
5628		power_rule->max_antenna_gain =
5629			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
5630
5631	if (tb[NL80211_ATTR_DFS_CAC_TIME])
5632		reg_rule->dfs_cac_ms =
5633			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
5634
5635	return 0;
5636}
5637
5638static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5639{
5640	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5641	struct nlattr *nl_reg_rule;
5642	char *alpha2;
5643	int rem_reg_rules, r;
5644	u32 num_rules = 0, rule_idx = 0, size_of_regd;
5645	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5646	struct ieee80211_regdomain *rd;
5647
5648	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5649		return -EINVAL;
5650
5651	if (!info->attrs[NL80211_ATTR_REG_RULES])
5652		return -EINVAL;
5653
5654	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5655
5656	if (info->attrs[NL80211_ATTR_DFS_REGION])
5657		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5658
5659	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5660			    rem_reg_rules) {
5661		num_rules++;
5662		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5663			return -EINVAL;
5664	}
5665
5666	if (!reg_is_valid_request(alpha2))
5667		return -EINVAL;
5668
5669	size_of_regd = sizeof(struct ieee80211_regdomain) +
5670		       num_rules * sizeof(struct ieee80211_reg_rule);
5671
5672	rd = kzalloc(size_of_regd, GFP_KERNEL);
5673	if (!rd)
5674		return -ENOMEM;
5675
5676	rd->n_reg_rules = num_rules;
5677	rd->alpha2[0] = alpha2[0];
5678	rd->alpha2[1] = alpha2[1];
5679
5680	/*
5681	 * Disable DFS master mode if the DFS region was
5682	 * not supported or known on this kernel.
5683	 */
5684	if (reg_supported_dfs_region(dfs_region))
5685		rd->dfs_region = dfs_region;
5686
5687	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5688			    rem_reg_rules) {
5689		r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5690			      nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5691			      reg_rule_policy);
5692		if (r)
5693			goto bad_reg;
5694		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5695		if (r)
5696			goto bad_reg;
5697
5698		rule_idx++;
5699
5700		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5701			r = -EINVAL;
5702			goto bad_reg;
5703		}
5704	}
5705
5706	r = set_regdom(rd, REGD_SOURCE_CRDA);
5707	/* set_regdom took ownership */
5708	rd = NULL;
5709
5710 bad_reg:
5711	kfree(rd);
5712	return r;
5713}
5714#endif /* CONFIG_CFG80211_CRDA_SUPPORT */
5715
5716static int validate_scan_freqs(struct nlattr *freqs)
5717{
5718	struct nlattr *attr1, *attr2;
5719	int n_channels = 0, tmp1, tmp2;
5720
5721	nla_for_each_nested(attr1, freqs, tmp1) {
5722		n_channels++;
5723		/*
5724		 * Some hardware has a limited channel list for
5725		 * scanning, and it is pretty much nonsensical
5726		 * to scan for a channel twice, so disallow that
5727		 * and don't require drivers to check that the
5728		 * channel list they get isn't longer than what
5729		 * they can scan, as long as they can scan all
5730		 * the channels they registered at once.
5731		 */
5732		nla_for_each_nested(attr2, freqs, tmp2)
5733			if (attr1 != attr2 &&
5734			    nla_get_u32(attr1) == nla_get_u32(attr2))
5735				return 0;
5736	}
5737
5738	return n_channels;
5739}
5740
5741static int nl80211_parse_random_mac(struct nlattr **attrs,
5742				    u8 *mac_addr, u8 *mac_addr_mask)
5743{
5744	int i;
5745
5746	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
5747		eth_zero_addr(mac_addr);
5748		eth_zero_addr(mac_addr_mask);
5749		mac_addr[0] = 0x2;
5750		mac_addr_mask[0] = 0x3;
5751
5752		return 0;
5753	}
5754
5755	/* need both or none */
5756	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
5757		return -EINVAL;
5758
5759	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
5760	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
5761
5762	/* don't allow or configure an mcast address */
5763	if (!is_multicast_ether_addr(mac_addr_mask) ||
5764	    is_multicast_ether_addr(mac_addr))
5765		return -EINVAL;
5766
5767	/*
5768	 * allow users to pass a MAC address that has bits set outside
5769	 * of the mask, but don't bother drivers with having to deal
5770	 * with such bits
5771	 */
5772	for (i = 0; i < ETH_ALEN; i++)
5773		mac_addr[i] &= mac_addr_mask[i];
5774
5775	return 0;
5776}
5777
5778static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5779{
5780	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5781	struct wireless_dev *wdev = info->user_ptr[1];
5782	struct cfg80211_scan_request *request;
5783	struct nlattr *attr;
5784	struct wiphy *wiphy;
5785	int err, tmp, n_ssids = 0, n_channels, i;
5786	size_t ie_len;
5787
5788	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5789		return -EINVAL;
5790
5791	wiphy = &rdev->wiphy;
5792
5793	if (!rdev->ops->scan)
5794		return -EOPNOTSUPP;
5795
5796	if (rdev->scan_req || rdev->scan_msg) {
5797		err = -EBUSY;
5798		goto unlock;
5799	}
5800
5801	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5802		n_channels = validate_scan_freqs(
5803				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5804		if (!n_channels) {
5805			err = -EINVAL;
5806			goto unlock;
5807		}
5808	} else {
5809		n_channels = ieee80211_get_num_supported_channels(wiphy);
5810	}
5811
5812	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5813		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5814			n_ssids++;
5815
5816	if (n_ssids > wiphy->max_scan_ssids) {
5817		err = -EINVAL;
5818		goto unlock;
5819	}
5820
5821	if (info->attrs[NL80211_ATTR_IE])
5822		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5823	else
5824		ie_len = 0;
5825
5826	if (ie_len > wiphy->max_scan_ie_len) {
5827		err = -EINVAL;
5828		goto unlock;
5829	}
5830
5831	request = kzalloc(sizeof(*request)
5832			+ sizeof(*request->ssids) * n_ssids
5833			+ sizeof(*request->channels) * n_channels
5834			+ ie_len, GFP_KERNEL);
5835	if (!request) {
5836		err = -ENOMEM;
5837		goto unlock;
5838	}
5839
5840	if (n_ssids)
5841		request->ssids = (void *)&request->channels[n_channels];
5842	request->n_ssids = n_ssids;
5843	if (ie_len) {
5844		if (n_ssids)
5845			request->ie = (void *)(request->ssids + n_ssids);
5846		else
5847			request->ie = (void *)(request->channels + n_channels);
5848	}
5849
5850	i = 0;
5851	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5852		/* user specified, bail out if channel not found */
5853		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5854			struct ieee80211_channel *chan;
5855
5856			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5857
5858			if (!chan) {
5859				err = -EINVAL;
5860				goto out_free;
5861			}
5862
5863			/* ignore disabled channels */
5864			if (chan->flags & IEEE80211_CHAN_DISABLED)
5865				continue;
5866
5867			request->channels[i] = chan;
5868			i++;
5869		}
5870	} else {
5871		enum ieee80211_band band;
5872
5873		/* all channels */
5874		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5875			int j;
5876			if (!wiphy->bands[band])
5877				continue;
5878			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5879				struct ieee80211_channel *chan;
5880
5881				chan = &wiphy->bands[band]->channels[j];
5882
5883				if (chan->flags & IEEE80211_CHAN_DISABLED)
5884					continue;
5885
5886				request->channels[i] = chan;
5887				i++;
5888			}
5889		}
5890	}
5891
5892	if (!i) {
5893		err = -EINVAL;
5894		goto out_free;
5895	}
5896
5897	request->n_channels = i;
5898
5899	i = 0;
5900	if (n_ssids) {
5901		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5902			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5903				err = -EINVAL;
5904				goto out_free;
5905			}
5906			request->ssids[i].ssid_len = nla_len(attr);
5907			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5908			i++;
5909		}
5910	}
5911
5912	if (info->attrs[NL80211_ATTR_IE]) {
5913		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5914		memcpy((void *)request->ie,
5915		       nla_data(info->attrs[NL80211_ATTR_IE]),
5916		       request->ie_len);
5917	}
5918
5919	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5920		if (wiphy->bands[i])
5921			request->rates[i] =
5922				(1 << wiphy->bands[i]->n_bitrates) - 1;
5923
5924	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5925		nla_for_each_nested(attr,
5926				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5927				    tmp) {
5928			enum ieee80211_band band = nla_type(attr);
5929
5930			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5931				err = -EINVAL;
5932				goto out_free;
5933			}
5934
5935			if (!wiphy->bands[band])
5936				continue;
5937
5938			err = ieee80211_get_ratemask(wiphy->bands[band],
5939						     nla_data(attr),
5940						     nla_len(attr),
5941						     &request->rates[band]);
5942			if (err)
5943				goto out_free;
5944		}
5945	}
5946
5947	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5948		request->flags = nla_get_u32(
5949			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5950		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5951		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5952			err = -EOPNOTSUPP;
5953			goto out_free;
5954		}
5955
5956		if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
5957			if (!(wiphy->features &
5958					NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR)) {
5959				err = -EOPNOTSUPP;
5960				goto out_free;
5961			}
5962
5963			if (wdev->current_bss) {
5964				err = -EOPNOTSUPP;
5965				goto out_free;
5966			}
5967
5968			err = nl80211_parse_random_mac(info->attrs,
5969						       request->mac_addr,
5970						       request->mac_addr_mask);
5971			if (err)
5972				goto out_free;
5973		}
5974	}
5975
5976	request->no_cck =
5977		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5978
5979	request->wdev = wdev;
5980	request->wiphy = &rdev->wiphy;
5981	request->scan_start = jiffies;
5982
5983	rdev->scan_req = request;
5984	err = rdev_scan(rdev, request);
5985
5986	if (!err) {
5987		nl80211_send_scan_start(rdev, wdev);
5988		if (wdev->netdev)
5989			dev_hold(wdev->netdev);
5990	} else {
5991 out_free:
5992		rdev->scan_req = NULL;
5993		kfree(request);
5994	}
5995
5996 unlock:
5997	return err;
5998}
5999
6000static int
6001nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
6002			       struct cfg80211_sched_scan_request *request,
6003			       struct nlattr **attrs)
6004{
6005	int tmp, err, i = 0;
6006	struct nlattr *attr;
6007
6008	if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6009		u32 interval;
6010
6011		/*
6012		 * If scan plans are not specified,
6013		 * %NL80211_ATTR_SCHED_SCAN_INTERVAL must be specified. In this
6014		 * case one scan plan will be set with the specified scan
6015		 * interval and infinite number of iterations.
6016		 */
6017		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6018			return -EINVAL;
6019
6020		interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
6021		if (!interval)
6022			return -EINVAL;
6023
6024		request->scan_plans[0].interval =
6025			DIV_ROUND_UP(interval, MSEC_PER_SEC);
6026		if (!request->scan_plans[0].interval)
6027			return -EINVAL;
6028
6029		if (request->scan_plans[0].interval >
6030		    wiphy->max_sched_scan_plan_interval)
6031			request->scan_plans[0].interval =
6032				wiphy->max_sched_scan_plan_interval;
6033
6034		return 0;
6035	}
6036
6037	nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
6038		struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
6039
6040		if (WARN_ON(i >= n_plans))
6041			return -EINVAL;
6042
6043		err = nla_parse(plan, NL80211_SCHED_SCAN_PLAN_MAX,
6044				nla_data(attr), nla_len(attr),
6045				nl80211_plan_policy);
6046		if (err)
6047			return err;
6048
6049		if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
6050			return -EINVAL;
6051
6052		request->scan_plans[i].interval =
6053			nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
6054		if (!request->scan_plans[i].interval ||
6055		    request->scan_plans[i].interval >
6056		    wiphy->max_sched_scan_plan_interval)
6057			return -EINVAL;
6058
6059		if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
6060			request->scan_plans[i].iterations =
6061				nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
6062			if (!request->scan_plans[i].iterations ||
6063			    (request->scan_plans[i].iterations >
6064			     wiphy->max_sched_scan_plan_iterations))
6065				return -EINVAL;
6066		} else if (i < n_plans - 1) {
6067			/*
6068			 * All scan plans but the last one must specify
6069			 * a finite number of iterations
6070			 */
6071			return -EINVAL;
6072		}
6073
6074		i++;
6075	}
6076
6077	/*
6078	 * The last scan plan must not specify the number of
6079	 * iterations, it is supposed to run infinitely
6080	 */
6081	if (request->scan_plans[n_plans - 1].iterations)
6082		return  -EINVAL;
6083
6084	return 0;
6085}
6086
6087static struct cfg80211_sched_scan_request *
6088nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
6089			 struct nlattr **attrs)
6090{
6091	struct cfg80211_sched_scan_request *request;
6092	struct nlattr *attr;
6093	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
6094	enum ieee80211_band band;
6095	size_t ie_len;
6096	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
6097	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
6098
6099	if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
6100		return ERR_PTR(-EINVAL);
6101
6102	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6103		n_channels = validate_scan_freqs(
6104				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
6105		if (!n_channels)
6106			return ERR_PTR(-EINVAL);
6107	} else {
6108		n_channels = ieee80211_get_num_supported_channels(wiphy);
6109	}
6110
6111	if (attrs[NL80211_ATTR_SCAN_SSIDS])
6112		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
6113				    tmp)
6114			n_ssids++;
6115
6116	if (n_ssids > wiphy->max_sched_scan_ssids)
6117		return ERR_PTR(-EINVAL);
6118
6119	/*
6120	 * First, count the number of 'real' matchsets. Due to an issue with
6121	 * the old implementation, matchsets containing only the RSSI attribute
6122	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
6123	 * RSSI for all matchsets, rather than their own matchset for reporting
6124	 * all APs with a strong RSSI. This is needed to be compatible with
6125	 * older userspace that treated a matchset with only the RSSI as the
6126	 * global RSSI for all other matchsets - if there are other matchsets.
6127	 */
6128	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
6129		nla_for_each_nested(attr,
6130				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
6131				    tmp) {
6132			struct nlattr *rssi;
6133
6134			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
6135					nla_data(attr), nla_len(attr),
6136					nl80211_match_policy);
6137			if (err)
6138				return ERR_PTR(err);
6139			/* add other standalone attributes here */
6140			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
6141				n_match_sets++;
6142				continue;
6143			}
6144			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
6145			if (rssi)
6146				default_match_rssi = nla_get_s32(rssi);
6147		}
6148	}
6149
6150	/* However, if there's no other matchset, add the RSSI one */
6151	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
6152		n_match_sets = 1;
6153
6154	if (n_match_sets > wiphy->max_match_sets)
6155		return ERR_PTR(-EINVAL);
6156
6157	if (attrs[NL80211_ATTR_IE])
6158		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
6159	else
6160		ie_len = 0;
6161
6162	if (ie_len > wiphy->max_sched_scan_ie_len)
6163		return ERR_PTR(-EINVAL);
6164
6165	if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6166		/*
6167		 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
6168		 * each scan plan already specifies its own interval
6169		 */
6170		if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6171			return ERR_PTR(-EINVAL);
6172
6173		nla_for_each_nested(attr,
6174				    attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
6175			n_plans++;
6176	} else {
6177		/*
6178		 * The scan interval attribute is kept for backward
6179		 * compatibility. If no scan plans are specified and sched scan
6180		 * interval is specified, one scan plan will be set with this
6181		 * scan interval and infinite number of iterations.
6182		 */
6183		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6184			return ERR_PTR(-EINVAL);
6185
6186		n_plans = 1;
6187	}
6188
6189	if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
6190		return ERR_PTR(-EINVAL);
6191
6192	request = kzalloc(sizeof(*request)
6193			+ sizeof(*request->ssids) * n_ssids
6194			+ sizeof(*request->match_sets) * n_match_sets
6195			+ sizeof(*request->scan_plans) * n_plans
6196			+ sizeof(*request->channels) * n_channels
6197			+ ie_len, GFP_KERNEL);
6198	if (!request)
6199		return ERR_PTR(-ENOMEM);
6200
6201	if (n_ssids)
6202		request->ssids = (void *)&request->channels[n_channels];
6203	request->n_ssids = n_ssids;
6204	if (ie_len) {
6205		if (n_ssids)
6206			request->ie = (void *)(request->ssids + n_ssids);
6207		else
6208			request->ie = (void *)(request->channels + n_channels);
6209	}
6210
6211	if (n_match_sets) {
6212		if (request->ie)
6213			request->match_sets = (void *)(request->ie + ie_len);
6214		else if (n_ssids)
6215			request->match_sets =
6216				(void *)(request->ssids + n_ssids);
6217		else
6218			request->match_sets =
6219				(void *)(request->channels + n_channels);
6220	}
6221	request->n_match_sets = n_match_sets;
6222
6223	if (n_match_sets)
6224		request->scan_plans = (void *)(request->match_sets +
6225					       n_match_sets);
6226	else if (request->ie)
6227		request->scan_plans = (void *)(request->ie + ie_len);
6228	else if (n_ssids)
6229		request->scan_plans = (void *)(request->ssids + n_ssids);
6230	else
6231		request->scan_plans = (void *)(request->channels + n_channels);
6232
6233	request->n_scan_plans = n_plans;
6234
6235	i = 0;
6236	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6237		/* user specified, bail out if channel not found */
6238		nla_for_each_nested(attr,
6239				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
6240				    tmp) {
6241			struct ieee80211_channel *chan;
6242
6243			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
6244
6245			if (!chan) {
6246				err = -EINVAL;
6247				goto out_free;
6248			}
6249
6250			/* ignore disabled channels */
6251			if (chan->flags & IEEE80211_CHAN_DISABLED)
6252				continue;
6253
6254			request->channels[i] = chan;
6255			i++;
6256		}
6257	} else {
6258		/* all channels */
6259		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6260			int j;
6261			if (!wiphy->bands[band])
6262				continue;
6263			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
6264				struct ieee80211_channel *chan;
6265
6266				chan = &wiphy->bands[band]->channels[j];
6267
6268				if (chan->flags & IEEE80211_CHAN_DISABLED)
6269					continue;
6270
6271				request->channels[i] = chan;
6272				i++;
6273			}
6274		}
6275	}
6276
6277	if (!i) {
6278		err = -EINVAL;
6279		goto out_free;
6280	}
6281
6282	request->n_channels = i;
6283
6284	i = 0;
6285	if (n_ssids) {
6286		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
6287				    tmp) {
6288			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
6289				err = -EINVAL;
6290				goto out_free;
6291			}
6292			request->ssids[i].ssid_len = nla_len(attr);
6293			memcpy(request->ssids[i].ssid, nla_data(attr),
6294			       nla_len(attr));
6295			i++;
6296		}
6297	}
6298
6299	i = 0;
6300	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
6301		nla_for_each_nested(attr,
6302				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
6303				    tmp) {
6304			struct nlattr *ssid, *rssi;
6305
6306			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
6307					nla_data(attr), nla_len(attr),
6308					nl80211_match_policy);
6309			if (err)
6310				goto out_free;
6311			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
6312			if (ssid) {
6313				if (WARN_ON(i >= n_match_sets)) {
6314					/* this indicates a programming error,
6315					 * the loop above should have verified
6316					 * things properly
6317					 */
6318					err = -EINVAL;
6319					goto out_free;
6320				}
6321
6322				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
6323					err = -EINVAL;
6324					goto out_free;
6325				}
6326				memcpy(request->match_sets[i].ssid.ssid,
6327				       nla_data(ssid), nla_len(ssid));
6328				request->match_sets[i].ssid.ssid_len =
6329					nla_len(ssid);
6330				/* special attribute - old implemenation w/a */
6331				request->match_sets[i].rssi_thold =
6332					default_match_rssi;
6333				rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
6334				if (rssi)
6335					request->match_sets[i].rssi_thold =
6336						nla_get_s32(rssi);
6337			}
6338			i++;
6339		}
6340
6341		/* there was no other matchset, so the RSSI one is alone */
6342		if (i == 0 && n_match_sets)
6343			request->match_sets[0].rssi_thold = default_match_rssi;
6344
6345		request->min_rssi_thold = INT_MAX;
6346		for (i = 0; i < n_match_sets; i++)
6347			request->min_rssi_thold =
6348				min(request->match_sets[i].rssi_thold,
6349				    request->min_rssi_thold);
6350	} else {
6351		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
6352	}
6353
6354	if (ie_len) {
6355		request->ie_len = ie_len;
6356		memcpy((void *)request->ie,
6357		       nla_data(attrs[NL80211_ATTR_IE]),
6358		       request->ie_len);
6359	}
6360
6361	if (attrs[NL80211_ATTR_SCAN_FLAGS]) {
6362		request->flags = nla_get_u32(
6363			attrs[NL80211_ATTR_SCAN_FLAGS]);
6364		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
6365		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
6366			err = -EOPNOTSUPP;
6367			goto out_free;
6368		}
6369
6370		if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6371			u32 flg = NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
6372
6373			if (!wdev) /* must be net-detect */
6374				flg = NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
6375
6376			if (!(wiphy->features & flg)) {
6377				err = -EOPNOTSUPP;
6378				goto out_free;
6379			}
6380
6381			if (wdev && wdev->current_bss) {
6382				err = -EOPNOTSUPP;
6383				goto out_free;
6384			}
6385
6386			err = nl80211_parse_random_mac(attrs, request->mac_addr,
6387						       request->mac_addr_mask);
6388			if (err)
6389				goto out_free;
6390		}
6391	}
6392
6393	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
6394		request->delay =
6395			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
6396
6397	err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
6398	if (err)
6399		goto out_free;
6400
6401	request->scan_start = jiffies;
6402
6403	return request;
6404
6405out_free:
6406	kfree(request);
6407	return ERR_PTR(err);
6408}
6409
6410static int nl80211_start_sched_scan(struct sk_buff *skb,
6411				    struct genl_info *info)
6412{
6413	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6414	struct net_device *dev = info->user_ptr[1];
6415	struct wireless_dev *wdev = dev->ieee80211_ptr;
6416	struct cfg80211_sched_scan_request *sched_scan_req;
6417	int err;
6418
6419	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
6420	    !rdev->ops->sched_scan_start)
6421		return -EOPNOTSUPP;
6422
6423	if (rdev->sched_scan_req)
6424		return -EINPROGRESS;
6425
6426	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
6427						  info->attrs);
6428
6429	err = PTR_ERR_OR_ZERO(sched_scan_req);
6430	if (err)
6431		goto out_err;
6432
6433	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
6434	if (err)
6435		goto out_free;
6436
6437	sched_scan_req->dev = dev;
6438	sched_scan_req->wiphy = &rdev->wiphy;
6439
6440	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
6441		sched_scan_req->owner_nlportid = info->snd_portid;
6442
6443	rcu_assign_pointer(rdev->sched_scan_req, sched_scan_req);
6444
6445	nl80211_send_sched_scan(rdev, dev,
6446				NL80211_CMD_START_SCHED_SCAN);
6447	return 0;
6448
6449out_free:
6450	kfree(sched_scan_req);
6451out_err:
6452	return err;
6453}
6454
6455static int nl80211_stop_sched_scan(struct sk_buff *skb,
6456				   struct genl_info *info)
6457{
6458	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6459
6460	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
6461	    !rdev->ops->sched_scan_stop)
6462		return -EOPNOTSUPP;
6463
6464	return __cfg80211_stop_sched_scan(rdev, false);
6465}
6466
6467static int nl80211_start_radar_detection(struct sk_buff *skb,
6468					 struct genl_info *info)
6469{
6470	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6471	struct net_device *dev = info->user_ptr[1];
6472	struct wireless_dev *wdev = dev->ieee80211_ptr;
6473	struct cfg80211_chan_def chandef;
6474	enum nl80211_dfs_regions dfs_region;
6475	unsigned int cac_time_ms;
6476	int err;
6477
6478	dfs_region = reg_get_dfs_region(wdev->wiphy);
6479	if (dfs_region == NL80211_DFS_UNSET)
6480		return -EINVAL;
6481
6482	err = nl80211_parse_chandef(rdev, info, &chandef);
6483	if (err)
6484		return err;
6485
6486	if (netif_carrier_ok(dev))
6487		return -EBUSY;
6488
6489	if (wdev->cac_started)
6490		return -EBUSY;
6491
6492	err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
6493					    wdev->iftype);
6494	if (err < 0)
6495		return err;
6496
6497	if (err == 0)
6498		return -EINVAL;
6499
6500	if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
6501		return -EINVAL;
6502
6503	if (!rdev->ops->start_radar_detection)
6504		return -EOPNOTSUPP;
6505
6506	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
6507	if (WARN_ON(!cac_time_ms))
6508		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
6509
6510	err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef,
6511					       cac_time_ms);
6512	if (!err) {
6513		wdev->chandef = chandef;
6514		wdev->cac_started = true;
6515		wdev->cac_start_time = jiffies;
6516		wdev->cac_time_ms = cac_time_ms;
6517	}
6518	return err;
6519}
6520
6521static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
6522{
6523	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6524	struct net_device *dev = info->user_ptr[1];
6525	struct wireless_dev *wdev = dev->ieee80211_ptr;
6526	struct cfg80211_csa_settings params;
6527	/* csa_attrs is defined static to avoid waste of stack size - this
6528	 * function is called under RTNL lock, so this should not be a problem.
6529	 */
6530	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
6531	int err;
6532	bool need_new_beacon = false;
6533	int len, i;
6534	u32 cs_count;
6535
6536	if (!rdev->ops->channel_switch ||
6537	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
6538		return -EOPNOTSUPP;
6539
6540	switch (dev->ieee80211_ptr->iftype) {
6541	case NL80211_IFTYPE_AP:
6542	case NL80211_IFTYPE_P2P_GO:
6543		need_new_beacon = true;
6544
6545		/* useless if AP is not running */
6546		if (!wdev->beacon_interval)
6547			return -ENOTCONN;
6548		break;
6549	case NL80211_IFTYPE_ADHOC:
6550		if (!wdev->ssid_len)
6551			return -ENOTCONN;
6552		break;
6553	case NL80211_IFTYPE_MESH_POINT:
6554		if (!wdev->mesh_id_len)
6555			return -ENOTCONN;
6556		break;
6557	default:
6558		return -EOPNOTSUPP;
6559	}
6560
6561	memset(&params, 0, sizeof(params));
6562
6563	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
6564	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
6565		return -EINVAL;
6566
6567	/* only important for AP, IBSS and mesh create IEs internally */
6568	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
6569		return -EINVAL;
6570
6571	/* Even though the attribute is u32, the specification says
6572	 * u8, so let's make sure we don't overflow.
6573	 */
6574	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
6575	if (cs_count > 255)
6576		return -EINVAL;
6577
6578	params.count = cs_count;
6579
6580	if (!need_new_beacon)
6581		goto skip_beacons;
6582
6583	err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
6584	if (err)
6585		return err;
6586
6587	err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
6588			       info->attrs[NL80211_ATTR_CSA_IES],
6589			       nl80211_policy);
6590	if (err)
6591		return err;
6592
6593	err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
6594	if (err)
6595		return err;
6596
6597	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
6598		return -EINVAL;
6599
6600	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
6601	if (!len || (len % sizeof(u16)))
6602		return -EINVAL;
6603
6604	params.n_counter_offsets_beacon = len / sizeof(u16);
6605	if (rdev->wiphy.max_num_csa_counters &&
6606	    (params.n_counter_offsets_beacon >
6607	     rdev->wiphy.max_num_csa_counters))
6608		return -EINVAL;
6609
6610	params.counter_offsets_beacon =
6611		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
6612
6613	/* sanity checks - counters should fit and be the same */
6614	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
6615		u16 offset = params.counter_offsets_beacon[i];
6616
6617		if (offset >= params.beacon_csa.tail_len)
6618			return -EINVAL;
6619
6620		if (params.beacon_csa.tail[offset] != params.count)
6621			return -EINVAL;
6622	}
6623
6624	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
6625		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
6626		if (!len || (len % sizeof(u16)))
6627			return -EINVAL;
6628
6629		params.n_counter_offsets_presp = len / sizeof(u16);
6630		if (rdev->wiphy.max_num_csa_counters &&
6631		    (params.n_counter_offsets_beacon >
6632		     rdev->wiphy.max_num_csa_counters))
6633			return -EINVAL;
6634
6635		params.counter_offsets_presp =
6636			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
6637
6638		/* sanity checks - counters should fit and be the same */
6639		for (i = 0; i < params.n_counter_offsets_presp; i++) {
6640			u16 offset = params.counter_offsets_presp[i];
6641
6642			if (offset >= params.beacon_csa.probe_resp_len)
6643				return -EINVAL;
6644
6645			if (params.beacon_csa.probe_resp[offset] !=
6646			    params.count)
6647				return -EINVAL;
6648		}
6649	}
6650
6651skip_beacons:
6652	err = nl80211_parse_chandef(rdev, info, &params.chandef);
6653	if (err)
6654		return err;
6655
6656	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
6657					   wdev->iftype))
6658		return -EINVAL;
6659
6660	err = cfg80211_chandef_dfs_required(wdev->wiphy,
6661					    &params.chandef,
6662					    wdev->iftype);
6663	if (err < 0)
6664		return err;
6665
6666	if (err > 0)
6667		params.radar_required = true;
6668
6669	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
6670		params.block_tx = true;
6671
6672	wdev_lock(wdev);
6673	err = rdev_channel_switch(rdev, dev, &params);
6674	wdev_unlock(wdev);
6675
6676	return err;
6677}
6678
6679static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
6680			    u32 seq, int flags,
6681			    struct cfg80211_registered_device *rdev,
6682			    struct wireless_dev *wdev,
6683			    struct cfg80211_internal_bss *intbss)
6684{
6685	struct cfg80211_bss *res = &intbss->pub;
6686	const struct cfg80211_bss_ies *ies;
6687	void *hdr;
6688	struct nlattr *bss;
6689
6690	ASSERT_WDEV_LOCK(wdev);
6691
6692	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6693			     NL80211_CMD_NEW_SCAN_RESULTS);
6694	if (!hdr)
6695		return -1;
6696
6697	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
6698
6699	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
6700		goto nla_put_failure;
6701	if (wdev->netdev &&
6702	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
6703		goto nla_put_failure;
6704	if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
6705		goto nla_put_failure;
6706
6707	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
6708	if (!bss)
6709		goto nla_put_failure;
6710	if ((!is_zero_ether_addr(res->bssid) &&
6711	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
6712		goto nla_put_failure;
6713
6714	rcu_read_lock();
6715	/* indicate whether we have probe response data or not */
6716	if (rcu_access_pointer(res->proberesp_ies) &&
6717	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
6718		goto fail_unlock_rcu;
6719
6720	/* this pointer prefers to be pointed to probe response data
6721	 * but is always valid
6722	 */
6723	ies = rcu_dereference(res->ies);
6724	if (ies) {
6725		if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
6726			goto fail_unlock_rcu;
6727		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
6728					ies->len, ies->data))
6729			goto fail_unlock_rcu;
6730	}
6731
6732	/* and this pointer is always (unless driver didn't know) beacon data */
6733	ies = rcu_dereference(res->beacon_ies);
6734	if (ies && ies->from_beacon) {
6735		if (nla_put_u64(msg, NL80211_BSS_BEACON_TSF, ies->tsf))
6736			goto fail_unlock_rcu;
6737		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
6738					ies->len, ies->data))
6739			goto fail_unlock_rcu;
6740	}
6741	rcu_read_unlock();
6742
6743	if (res->beacon_interval &&
6744	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
6745		goto nla_put_failure;
6746	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
6747	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
6748	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
6749	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
6750			jiffies_to_msecs(jiffies - intbss->ts)))
6751		goto nla_put_failure;
6752
6753	if (intbss->ts_boottime &&
6754	    nla_put_u64(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
6755			intbss->ts_boottime))
6756		goto nla_put_failure;
6757
6758	switch (rdev->wiphy.signal_type) {
6759	case CFG80211_SIGNAL_TYPE_MBM:
6760		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
6761			goto nla_put_failure;
6762		break;
6763	case CFG80211_SIGNAL_TYPE_UNSPEC:
6764		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
6765			goto nla_put_failure;
6766		break;
6767	default:
6768		break;
6769	}
6770
6771	switch (wdev->iftype) {
6772	case NL80211_IFTYPE_P2P_CLIENT:
6773	case NL80211_IFTYPE_STATION:
6774		if (intbss == wdev->current_bss &&
6775		    nla_put_u32(msg, NL80211_BSS_STATUS,
6776				NL80211_BSS_STATUS_ASSOCIATED))
6777			goto nla_put_failure;
6778		break;
6779	case NL80211_IFTYPE_ADHOC:
6780		if (intbss == wdev->current_bss &&
6781		    nla_put_u32(msg, NL80211_BSS_STATUS,
6782				NL80211_BSS_STATUS_IBSS_JOINED))
6783			goto nla_put_failure;
6784		break;
6785	default:
6786		break;
6787	}
6788
6789	nla_nest_end(msg, bss);
6790
6791	genlmsg_end(msg, hdr);
6792	return 0;
6793
6794 fail_unlock_rcu:
6795	rcu_read_unlock();
6796 nla_put_failure:
6797	genlmsg_cancel(msg, hdr);
6798	return -EMSGSIZE;
6799}
6800
6801static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
6802{
6803	struct cfg80211_registered_device *rdev;
6804	struct cfg80211_internal_bss *scan;
6805	struct wireless_dev *wdev;
6806	int start = cb->args[2], idx = 0;
6807	int err;
6808
6809	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6810	if (err)
6811		return err;
6812
6813	wdev_lock(wdev);
6814	spin_lock_bh(&rdev->bss_lock);
6815	cfg80211_bss_expire(rdev);
6816
6817	cb->seq = rdev->bss_generation;
6818
6819	list_for_each_entry(scan, &rdev->bss_list, list) {
6820		if (++idx <= start)
6821			continue;
6822		if (nl80211_send_bss(skb, cb,
6823				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6824				rdev, wdev, scan) < 0) {
6825			idx--;
6826			break;
6827		}
6828	}
6829
6830	spin_unlock_bh(&rdev->bss_lock);
6831	wdev_unlock(wdev);
6832
6833	cb->args[2] = idx;
6834	nl80211_finish_wdev_dump(rdev);
6835
6836	return skb->len;
6837}
6838
6839static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
6840			       int flags, struct net_device *dev,
6841			       bool allow_radio_stats,
6842			       struct survey_info *survey)
6843{
6844	void *hdr;
6845	struct nlattr *infoattr;
6846
6847	/* skip radio stats if userspace didn't request them */
6848	if (!survey->channel && !allow_radio_stats)
6849		return 0;
6850
6851	hdr = nl80211hdr_put(msg, portid, seq, flags,
6852			     NL80211_CMD_NEW_SURVEY_RESULTS);
6853	if (!hdr)
6854		return -ENOMEM;
6855
6856	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
6857		goto nla_put_failure;
6858
6859	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
6860	if (!infoattr)
6861		goto nla_put_failure;
6862
6863	if (survey->channel &&
6864	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
6865			survey->channel->center_freq))
6866		goto nla_put_failure;
6867
6868	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
6869	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
6870		goto nla_put_failure;
6871	if ((survey->filled & SURVEY_INFO_IN_USE) &&
6872	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
6873		goto nla_put_failure;
6874	if ((survey->filled & SURVEY_INFO_TIME) &&
6875	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME,
6876			survey->time))
6877		goto nla_put_failure;
6878	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
6879	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_BUSY,
6880			survey->time_busy))
6881		goto nla_put_failure;
6882	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
6883	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
6884			survey->time_ext_busy))
6885		goto nla_put_failure;
6886	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
6887	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_RX,
6888			survey->time_rx))
6889		goto nla_put_failure;
6890	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
6891	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_TX,
6892			survey->time_tx))
6893		goto nla_put_failure;
6894	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
6895	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_SCAN,
6896			survey->time_scan))
6897		goto nla_put_failure;
6898
6899	nla_nest_end(msg, infoattr);
6900
6901	genlmsg_end(msg, hdr);
6902	return 0;
6903
6904 nla_put_failure:
6905	genlmsg_cancel(msg, hdr);
6906	return -EMSGSIZE;
6907}
6908
6909static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
6910{
6911	struct survey_info survey;
6912	struct cfg80211_registered_device *rdev;
6913	struct wireless_dev *wdev;
6914	int survey_idx = cb->args[2];
6915	int res;
6916	bool radio_stats;
6917
6918	res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6919	if (res)
6920		return res;
6921
6922	/* prepare_wdev_dump parsed the attributes */
6923	radio_stats = nl80211_fam.attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
6924
6925	if (!wdev->netdev) {
6926		res = -EINVAL;
6927		goto out_err;
6928	}
6929
6930	if (!rdev->ops->dump_survey) {
6931		res = -EOPNOTSUPP;
6932		goto out_err;
6933	}
6934
6935	while (1) {
6936		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
6937		if (res == -ENOENT)
6938			break;
6939		if (res)
6940			goto out_err;
6941
6942		/* don't send disabled channels, but do send non-channel data */
6943		if (survey.channel &&
6944		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
6945			survey_idx++;
6946			continue;
6947		}
6948
6949		if (nl80211_send_survey(skb,
6950				NETLINK_CB(cb->skb).portid,
6951				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6952				wdev->netdev, radio_stats, &survey) < 0)
6953			goto out;
6954		survey_idx++;
6955	}
6956
6957 out:
6958	cb->args[2] = survey_idx;
6959	res = skb->len;
6960 out_err:
6961	nl80211_finish_wdev_dump(rdev);
6962	return res;
6963}
6964
6965static bool nl80211_valid_wpa_versions(u32 wpa_versions)
6966{
6967	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
6968				  NL80211_WPA_VERSION_2));
6969}
6970
6971static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
6972{
6973	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6974	struct net_device *dev = info->user_ptr[1];
6975	struct ieee80211_channel *chan;
6976	const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
6977	int err, ssid_len, ie_len = 0, sae_data_len = 0;
6978	enum nl80211_auth_type auth_type;
6979	struct key_parse key;
6980	bool local_state_change;
6981
6982	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6983		return -EINVAL;
6984
6985	if (!info->attrs[NL80211_ATTR_MAC])
6986		return -EINVAL;
6987
6988	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
6989		return -EINVAL;
6990
6991	if (!info->attrs[NL80211_ATTR_SSID])
6992		return -EINVAL;
6993
6994	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
6995		return -EINVAL;
6996
6997	err = nl80211_parse_key(info, &key);
6998	if (err)
6999		return err;
7000
7001	if (key.idx >= 0) {
7002		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
7003			return -EINVAL;
7004		if (!key.p.key || !key.p.key_len)
7005			return -EINVAL;
7006		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
7007		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
7008		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
7009		     key.p.key_len != WLAN_KEY_LEN_WEP104))
7010			return -EINVAL;
7011		if (key.idx > 4)
7012			return -EINVAL;
7013	} else {
7014		key.p.key_len = 0;
7015		key.p.key = NULL;
7016	}
7017
7018	if (key.idx >= 0) {
7019		int i;
7020		bool ok = false;
7021		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
7022			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
7023				ok = true;
7024				break;
7025			}
7026		}
7027		if (!ok)
7028			return -EINVAL;
7029	}
7030
7031	if (!rdev->ops->auth)
7032		return -EOPNOTSUPP;
7033
7034	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7035	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7036		return -EOPNOTSUPP;
7037
7038	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7039	chan = nl80211_get_valid_chan(&rdev->wiphy,
7040				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7041	if (!chan)
7042		return -EINVAL;
7043
7044	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7045	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7046
7047	if (info->attrs[NL80211_ATTR_IE]) {
7048		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7049		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7050	}
7051
7052	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7053	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
7054		return -EINVAL;
7055
7056	if (auth_type == NL80211_AUTHTYPE_SAE &&
7057	    !info->attrs[NL80211_ATTR_SAE_DATA])
7058		return -EINVAL;
7059
7060	if (info->attrs[NL80211_ATTR_SAE_DATA]) {
7061		if (auth_type != NL80211_AUTHTYPE_SAE)
7062			return -EINVAL;
7063		sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
7064		sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
7065		/* need to include at least Auth Transaction and Status Code */
7066		if (sae_data_len < 4)
7067			return -EINVAL;
7068	}
7069
7070	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7071
7072	/*
7073	 * Since we no longer track auth state, ignore
7074	 * requests to only change local state.
7075	 */
7076	if (local_state_change)
7077		return 0;
7078
7079	wdev_lock(dev->ieee80211_ptr);
7080	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
7081				 ssid, ssid_len, ie, ie_len,
7082				 key.p.key, key.p.key_len, key.idx,
7083				 sae_data, sae_data_len);
7084	wdev_unlock(dev->ieee80211_ptr);
7085	return err;
7086}
7087
7088static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
7089				   struct genl_info *info,
7090				   struct cfg80211_crypto_settings *settings,
7091				   int cipher_limit)
7092{
7093	memset(settings, 0, sizeof(*settings));
7094
7095	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
7096
7097	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
7098		u16 proto;
7099		proto = nla_get_u16(
7100			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
7101		settings->control_port_ethertype = cpu_to_be16(proto);
7102		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
7103		    proto != ETH_P_PAE)
7104			return -EINVAL;
7105		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
7106			settings->control_port_no_encrypt = true;
7107	} else
7108		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
7109
7110	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
7111		void *data;
7112		int len, i;
7113
7114		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
7115		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
7116		settings->n_ciphers_pairwise = len / sizeof(u32);
7117
7118		if (len % sizeof(u32))
7119			return -EINVAL;
7120
7121		if (settings->n_ciphers_pairwise > cipher_limit)
7122			return -EINVAL;
7123
7124		memcpy(settings->ciphers_pairwise, data, len);
7125
7126		for (i = 0; i < settings->n_ciphers_pairwise; i++)
7127			if (!cfg80211_supported_cipher_suite(
7128					&rdev->wiphy,
7129					settings->ciphers_pairwise[i]))
7130				return -EINVAL;
7131	}
7132
7133	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
7134		settings->cipher_group =
7135			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
7136		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
7137						     settings->cipher_group))
7138			return -EINVAL;
7139	}
7140
7141	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
7142		settings->wpa_versions =
7143			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
7144		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
7145			return -EINVAL;
7146	}
7147
7148	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
7149		void *data;
7150		int len;
7151
7152		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
7153		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
7154		settings->n_akm_suites = len / sizeof(u32);
7155
7156		if (len % sizeof(u32))
7157			return -EINVAL;
7158
7159		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
7160			return -EINVAL;
7161
7162		memcpy(settings->akm_suites, data, len);
7163	}
7164
7165	return 0;
7166}
7167
7168static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
7169{
7170	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7171	struct net_device *dev = info->user_ptr[1];
7172	struct ieee80211_channel *chan;
7173	struct cfg80211_assoc_request req = {};
7174	const u8 *bssid, *ssid;
7175	int err, ssid_len = 0;
7176
7177	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7178		return -EINVAL;
7179
7180	if (!info->attrs[NL80211_ATTR_MAC] ||
7181	    !info->attrs[NL80211_ATTR_SSID] ||
7182	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
7183		return -EINVAL;
7184
7185	if (!rdev->ops->assoc)
7186		return -EOPNOTSUPP;
7187
7188	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7189	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7190		return -EOPNOTSUPP;
7191
7192	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7193
7194	chan = nl80211_get_valid_chan(&rdev->wiphy,
7195				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7196	if (!chan)
7197		return -EINVAL;
7198
7199	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7200	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7201
7202	if (info->attrs[NL80211_ATTR_IE]) {
7203		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7204		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7205	}
7206
7207	if (info->attrs[NL80211_ATTR_USE_MFP]) {
7208		enum nl80211_mfp mfp =
7209			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7210		if (mfp == NL80211_MFP_REQUIRED)
7211			req.use_mfp = true;
7212		else if (mfp != NL80211_MFP_NO)
7213			return -EINVAL;
7214	}
7215
7216	if (info->attrs[NL80211_ATTR_PREV_BSSID])
7217		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
7218
7219	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7220		req.flags |= ASSOC_REQ_DISABLE_HT;
7221
7222	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7223		memcpy(&req.ht_capa_mask,
7224		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7225		       sizeof(req.ht_capa_mask));
7226
7227	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7228		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7229			return -EINVAL;
7230		memcpy(&req.ht_capa,
7231		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7232		       sizeof(req.ht_capa));
7233	}
7234
7235	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7236		req.flags |= ASSOC_REQ_DISABLE_VHT;
7237
7238	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7239		memcpy(&req.vht_capa_mask,
7240		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7241		       sizeof(req.vht_capa_mask));
7242
7243	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7244		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7245			return -EINVAL;
7246		memcpy(&req.vht_capa,
7247		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7248		       sizeof(req.vht_capa));
7249	}
7250
7251	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
7252		if (!(rdev->wiphy.features &
7253		      NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) ||
7254		    !(rdev->wiphy.features & NL80211_FEATURE_QUIET))
7255			return -EINVAL;
7256		req.flags |= ASSOC_REQ_USE_RRM;
7257	}
7258
7259	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
7260	if (!err) {
7261		wdev_lock(dev->ieee80211_ptr);
7262		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
7263					  ssid, ssid_len, &req);
7264		wdev_unlock(dev->ieee80211_ptr);
7265	}
7266
7267	return err;
7268}
7269
7270static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
7271{
7272	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7273	struct net_device *dev = info->user_ptr[1];
7274	const u8 *ie = NULL, *bssid;
7275	int ie_len = 0, err;
7276	u16 reason_code;
7277	bool local_state_change;
7278
7279	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7280		return -EINVAL;
7281
7282	if (!info->attrs[NL80211_ATTR_MAC])
7283		return -EINVAL;
7284
7285	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7286		return -EINVAL;
7287
7288	if (!rdev->ops->deauth)
7289		return -EOPNOTSUPP;
7290
7291	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7292	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7293		return -EOPNOTSUPP;
7294
7295	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7296
7297	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7298	if (reason_code == 0) {
7299		/* Reason Code 0 is reserved */
7300		return -EINVAL;
7301	}
7302
7303	if (info->attrs[NL80211_ATTR_IE]) {
7304		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7305		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7306	}
7307
7308	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7309
7310	wdev_lock(dev->ieee80211_ptr);
7311	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
7312				   local_state_change);
7313	wdev_unlock(dev->ieee80211_ptr);
7314	return err;
7315}
7316
7317static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
7318{
7319	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7320	struct net_device *dev = info->user_ptr[1];
7321	const u8 *ie = NULL, *bssid;
7322	int ie_len = 0, err;
7323	u16 reason_code;
7324	bool local_state_change;
7325
7326	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7327		return -EINVAL;
7328
7329	if (!info->attrs[NL80211_ATTR_MAC])
7330		return -EINVAL;
7331
7332	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7333		return -EINVAL;
7334
7335	if (!rdev->ops->disassoc)
7336		return -EOPNOTSUPP;
7337
7338	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7339	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7340		return -EOPNOTSUPP;
7341
7342	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7343
7344	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7345	if (reason_code == 0) {
7346		/* Reason Code 0 is reserved */
7347		return -EINVAL;
7348	}
7349
7350	if (info->attrs[NL80211_ATTR_IE]) {
7351		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7352		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7353	}
7354
7355	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7356
7357	wdev_lock(dev->ieee80211_ptr);
7358	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
7359				     local_state_change);
7360	wdev_unlock(dev->ieee80211_ptr);
7361	return err;
7362}
7363
7364static bool
7365nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
7366			 int mcast_rate[IEEE80211_NUM_BANDS],
7367			 int rateval)
7368{
7369	struct wiphy *wiphy = &rdev->wiphy;
7370	bool found = false;
7371	int band, i;
7372
7373	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
7374		struct ieee80211_supported_band *sband;
7375
7376		sband = wiphy->bands[band];
7377		if (!sband)
7378			continue;
7379
7380		for (i = 0; i < sband->n_bitrates; i++) {
7381			if (sband->bitrates[i].bitrate == rateval) {
7382				mcast_rate[band] = i + 1;
7383				found = true;
7384				break;
7385			}
7386		}
7387	}
7388
7389	return found;
7390}
7391
7392static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
7393{
7394	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7395	struct net_device *dev = info->user_ptr[1];
7396	struct cfg80211_ibss_params ibss;
7397	struct wiphy *wiphy;
7398	struct cfg80211_cached_keys *connkeys = NULL;
7399	int err;
7400
7401	memset(&ibss, 0, sizeof(ibss));
7402
7403	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7404		return -EINVAL;
7405
7406	if (!info->attrs[NL80211_ATTR_SSID] ||
7407	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
7408		return -EINVAL;
7409
7410	ibss.beacon_interval = 100;
7411
7412	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
7413		ibss.beacon_interval =
7414			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
7415		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
7416			return -EINVAL;
7417	}
7418
7419	if (!rdev->ops->join_ibss)
7420		return -EOPNOTSUPP;
7421
7422	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
7423		return -EOPNOTSUPP;
7424
7425	wiphy = &rdev->wiphy;
7426
7427	if (info->attrs[NL80211_ATTR_MAC]) {
7428		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7429
7430		if (!is_valid_ether_addr(ibss.bssid))
7431			return -EINVAL;
7432	}
7433	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7434	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7435
7436	if (info->attrs[NL80211_ATTR_IE]) {
7437		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7438		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7439	}
7440
7441	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
7442	if (err)
7443		return err;
7444
7445	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
7446				     NL80211_IFTYPE_ADHOC))
7447		return -EINVAL;
7448
7449	switch (ibss.chandef.width) {
7450	case NL80211_CHAN_WIDTH_5:
7451	case NL80211_CHAN_WIDTH_10:
7452	case NL80211_CHAN_WIDTH_20_NOHT:
7453		break;
7454	case NL80211_CHAN_WIDTH_20:
7455	case NL80211_CHAN_WIDTH_40:
7456		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
7457			return -EINVAL;
7458		break;
7459	case NL80211_CHAN_WIDTH_80:
7460	case NL80211_CHAN_WIDTH_80P80:
7461	case NL80211_CHAN_WIDTH_160:
7462		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
7463			return -EINVAL;
7464		if (!wiphy_ext_feature_isset(&rdev->wiphy,
7465					     NL80211_EXT_FEATURE_VHT_IBSS))
7466			return -EINVAL;
7467		break;
7468	default:
7469		return -EINVAL;
7470	}
7471
7472	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
7473	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
7474
7475	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
7476		u8 *rates =
7477			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7478		int n_rates =
7479			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7480		struct ieee80211_supported_band *sband =
7481			wiphy->bands[ibss.chandef.chan->band];
7482
7483		err = ieee80211_get_ratemask(sband, rates, n_rates,
7484					     &ibss.basic_rates);
7485		if (err)
7486			return err;
7487	}
7488
7489	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7490		memcpy(&ibss.ht_capa_mask,
7491		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7492		       sizeof(ibss.ht_capa_mask));
7493
7494	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7495		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7496			return -EINVAL;
7497		memcpy(&ibss.ht_capa,
7498		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7499		       sizeof(ibss.ht_capa));
7500	}
7501
7502	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
7503	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
7504			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
7505		return -EINVAL;
7506
7507	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7508		bool no_ht = false;
7509
7510		connkeys = nl80211_parse_connkeys(rdev,
7511					  info->attrs[NL80211_ATTR_KEYS],
7512					  &no_ht);
7513		if (IS_ERR(connkeys))
7514			return PTR_ERR(connkeys);
7515
7516		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
7517		    no_ht) {
7518			kfree(connkeys);
7519			return -EINVAL;
7520		}
7521	}
7522
7523	ibss.control_port =
7524		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
7525
7526	ibss.userspace_handles_dfs =
7527		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
7528
7529	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
7530	if (err)
7531		kzfree(connkeys);
7532	return err;
7533}
7534
7535static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
7536{
7537	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7538	struct net_device *dev = info->user_ptr[1];
7539
7540	if (!rdev->ops->leave_ibss)
7541		return -EOPNOTSUPP;
7542
7543	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
7544		return -EOPNOTSUPP;
7545
7546	return cfg80211_leave_ibss(rdev, dev, false);
7547}
7548
7549static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
7550{
7551	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7552	struct net_device *dev = info->user_ptr[1];
7553	int mcast_rate[IEEE80211_NUM_BANDS];
7554	u32 nla_rate;
7555	int err;
7556
7557	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
7558	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
7559	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
7560		return -EOPNOTSUPP;
7561
7562	if (!rdev->ops->set_mcast_rate)
7563		return -EOPNOTSUPP;
7564
7565	memset(mcast_rate, 0, sizeof(mcast_rate));
7566
7567	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
7568		return -EINVAL;
7569
7570	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
7571	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
7572		return -EINVAL;
7573
7574	err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
7575
7576	return err;
7577}
7578
7579static struct sk_buff *
7580__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
7581			    struct wireless_dev *wdev, int approxlen,
7582			    u32 portid, u32 seq, enum nl80211_commands cmd,
7583			    enum nl80211_attrs attr,
7584			    const struct nl80211_vendor_cmd_info *info,
7585			    gfp_t gfp)
7586{
7587	struct sk_buff *skb;
7588	void *hdr;
7589	struct nlattr *data;
7590
7591	skb = nlmsg_new(approxlen + 100, gfp);
7592	if (!skb)
7593		return NULL;
7594
7595	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
7596	if (!hdr) {
7597		kfree_skb(skb);
7598		return NULL;
7599	}
7600
7601	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
7602		goto nla_put_failure;
7603
7604	if (info) {
7605		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
7606				info->vendor_id))
7607			goto nla_put_failure;
7608		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
7609				info->subcmd))
7610			goto nla_put_failure;
7611	}
7612
7613	if (wdev) {
7614		if (nla_put_u64(skb, NL80211_ATTR_WDEV,
7615				wdev_id(wdev)))
7616			goto nla_put_failure;
7617		if (wdev->netdev &&
7618		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
7619				wdev->netdev->ifindex))
7620			goto nla_put_failure;
7621	}
7622
7623	data = nla_nest_start(skb, attr);
7624
7625	((void **)skb->cb)[0] = rdev;
7626	((void **)skb->cb)[1] = hdr;
7627	((void **)skb->cb)[2] = data;
7628
7629	return skb;
7630
7631 nla_put_failure:
7632	kfree_skb(skb);
7633	return NULL;
7634}
7635
7636struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
7637					   struct wireless_dev *wdev,
7638					   enum nl80211_commands cmd,
7639					   enum nl80211_attrs attr,
7640					   int vendor_event_idx,
7641					   int approxlen, gfp_t gfp)
7642{
7643	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
7644	const struct nl80211_vendor_cmd_info *info;
7645
7646	switch (cmd) {
7647	case NL80211_CMD_TESTMODE:
7648		if (WARN_ON(vendor_event_idx != -1))
7649			return NULL;
7650		info = NULL;
7651		break;
7652	case NL80211_CMD_VENDOR:
7653		if (WARN_ON(vendor_event_idx < 0 ||
7654			    vendor_event_idx >= wiphy->n_vendor_events))
7655			return NULL;
7656		info = &wiphy->vendor_events[vendor_event_idx];
7657		break;
7658	default:
7659		WARN_ON(1);
7660		return NULL;
7661	}
7662
7663	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
7664					   cmd, attr, info, gfp);
7665}
7666EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
7667
7668void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
7669{
7670	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
7671	void *hdr = ((void **)skb->cb)[1];
7672	struct nlattr *data = ((void **)skb->cb)[2];
7673	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
7674
7675	/* clear CB data for netlink core to own from now on */
7676	memset(skb->cb, 0, sizeof(skb->cb));
7677
7678	nla_nest_end(skb, data);
7679	genlmsg_end(skb, hdr);
7680
7681	if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
7682		mcgrp = NL80211_MCGRP_VENDOR;
7683
7684	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
7685				mcgrp, gfp);
7686}
7687EXPORT_SYMBOL(__cfg80211_send_event_skb);
7688
7689#ifdef CONFIG_NL80211_TESTMODE
7690static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
7691{
7692	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7693	struct wireless_dev *wdev =
7694		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
7695	int err;
7696
7697	if (!rdev->ops->testmode_cmd)
7698		return -EOPNOTSUPP;
7699
7700	if (IS_ERR(wdev)) {
7701		err = PTR_ERR(wdev);
7702		if (err != -EINVAL)
7703			return err;
7704		wdev = NULL;
7705	} else if (wdev->wiphy != &rdev->wiphy) {
7706		return -EINVAL;
7707	}
7708
7709	if (!info->attrs[NL80211_ATTR_TESTDATA])
7710		return -EINVAL;
7711
7712	rdev->cur_cmd_info = info;
7713	err = rdev_testmode_cmd(rdev, wdev,
7714				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
7715				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
7716	rdev->cur_cmd_info = NULL;
7717
7718	return err;
7719}
7720
7721static int nl80211_testmode_dump(struct sk_buff *skb,
7722				 struct netlink_callback *cb)
7723{
7724	struct cfg80211_registered_device *rdev;
7725	int err;
7726	long phy_idx;
7727	void *data = NULL;
7728	int data_len = 0;
7729
7730	rtnl_lock();
7731
7732	if (cb->args[0]) {
7733		/*
7734		 * 0 is a valid index, but not valid for args[0],
7735		 * so we need to offset by 1.
7736		 */
7737		phy_idx = cb->args[0] - 1;
7738	} else {
7739		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
7740				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
7741				  nl80211_policy);
7742		if (err)
7743			goto out_err;
7744
7745		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
7746						  nl80211_fam.attrbuf);
7747		if (IS_ERR(rdev)) {
7748			err = PTR_ERR(rdev);
7749			goto out_err;
7750		}
7751		phy_idx = rdev->wiphy_idx;
7752		rdev = NULL;
7753
7754		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
7755			cb->args[1] =
7756				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
7757	}
7758
7759	if (cb->args[1]) {
7760		data = nla_data((void *)cb->args[1]);
7761		data_len = nla_len((void *)cb->args[1]);
7762	}
7763
7764	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
7765	if (!rdev) {
7766		err = -ENOENT;
7767		goto out_err;
7768	}
7769
7770	if (!rdev->ops->testmode_dump) {
7771		err = -EOPNOTSUPP;
7772		goto out_err;
7773	}
7774
7775	while (1) {
7776		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
7777					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
7778					   NL80211_CMD_TESTMODE);
7779		struct nlattr *tmdata;
7780
7781		if (!hdr)
7782			break;
7783
7784		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
7785			genlmsg_cancel(skb, hdr);
7786			break;
7787		}
7788
7789		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
7790		if (!tmdata) {
7791			genlmsg_cancel(skb, hdr);
7792			break;
7793		}
7794		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
7795		nla_nest_end(skb, tmdata);
7796
7797		if (err == -ENOBUFS || err == -ENOENT) {
7798			genlmsg_cancel(skb, hdr);
7799			break;
7800		} else if (err) {
7801			genlmsg_cancel(skb, hdr);
7802			goto out_err;
7803		}
7804
7805		genlmsg_end(skb, hdr);
7806	}
7807
7808	err = skb->len;
7809	/* see above */
7810	cb->args[0] = phy_idx + 1;
7811 out_err:
7812	rtnl_unlock();
7813	return err;
7814}
7815#endif
7816
7817static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
7818{
7819	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7820	struct net_device *dev = info->user_ptr[1];
7821	struct cfg80211_connect_params connect;
7822	struct wiphy *wiphy;
7823	struct cfg80211_cached_keys *connkeys = NULL;
7824	int err;
7825
7826	memset(&connect, 0, sizeof(connect));
7827
7828	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7829		return -EINVAL;
7830
7831	if (!info->attrs[NL80211_ATTR_SSID] ||
7832	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
7833		return -EINVAL;
7834
7835	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
7836		connect.auth_type =
7837			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7838		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
7839					     NL80211_CMD_CONNECT))
7840			return -EINVAL;
7841	} else
7842		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
7843
7844	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
7845
7846	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
7847				      NL80211_MAX_NR_CIPHER_SUITES);
7848	if (err)
7849		return err;
7850
7851	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7852	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7853		return -EOPNOTSUPP;
7854
7855	wiphy = &rdev->wiphy;
7856
7857	connect.bg_scan_period = -1;
7858	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
7859		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
7860		connect.bg_scan_period =
7861			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
7862	}
7863
7864	if (info->attrs[NL80211_ATTR_MAC])
7865		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7866	else if (info->attrs[NL80211_ATTR_MAC_HINT])
7867		connect.bssid_hint =
7868			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
7869	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7870	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7871
7872	if (info->attrs[NL80211_ATTR_IE]) {
7873		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7874		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7875	}
7876
7877	if (info->attrs[NL80211_ATTR_USE_MFP]) {
7878		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7879		if (connect.mfp != NL80211_MFP_REQUIRED &&
7880		    connect.mfp != NL80211_MFP_NO)
7881			return -EINVAL;
7882	} else {
7883		connect.mfp = NL80211_MFP_NO;
7884	}
7885
7886	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7887		connect.channel = nl80211_get_valid_chan(
7888			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7889		if (!connect.channel)
7890			return -EINVAL;
7891	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
7892		connect.channel_hint = nl80211_get_valid_chan(
7893			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
7894		if (!connect.channel_hint)
7895			return -EINVAL;
7896	}
7897
7898	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7899		connkeys = nl80211_parse_connkeys(rdev,
7900					  info->attrs[NL80211_ATTR_KEYS], NULL);
7901		if (IS_ERR(connkeys))
7902			return PTR_ERR(connkeys);
7903	}
7904
7905	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7906		connect.flags |= ASSOC_REQ_DISABLE_HT;
7907
7908	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7909		memcpy(&connect.ht_capa_mask,
7910		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7911		       sizeof(connect.ht_capa_mask));
7912
7913	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7914		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
7915			kzfree(connkeys);
7916			return -EINVAL;
7917		}
7918		memcpy(&connect.ht_capa,
7919		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7920		       sizeof(connect.ht_capa));
7921	}
7922
7923	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7924		connect.flags |= ASSOC_REQ_DISABLE_VHT;
7925
7926	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7927		memcpy(&connect.vht_capa_mask,
7928		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7929		       sizeof(connect.vht_capa_mask));
7930
7931	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7932		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
7933			kzfree(connkeys);
7934			return -EINVAL;
7935		}
7936		memcpy(&connect.vht_capa,
7937		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7938		       sizeof(connect.vht_capa));
7939	}
7940
7941	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
7942		if (!(rdev->wiphy.features &
7943		      NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) ||
7944		    !(rdev->wiphy.features & NL80211_FEATURE_QUIET)) {
7945			kzfree(connkeys);
7946			return -EINVAL;
7947		}
7948		connect.flags |= ASSOC_REQ_USE_RRM;
7949	}
7950
7951	wdev_lock(dev->ieee80211_ptr);
7952	err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
7953	wdev_unlock(dev->ieee80211_ptr);
7954	if (err)
7955		kzfree(connkeys);
7956	return err;
7957}
7958
7959static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
7960{
7961	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7962	struct net_device *dev = info->user_ptr[1];
7963	u16 reason;
7964	int ret;
7965
7966	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7967		reason = WLAN_REASON_DEAUTH_LEAVING;
7968	else
7969		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7970
7971	if (reason == 0)
7972		return -EINVAL;
7973
7974	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7975	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7976		return -EOPNOTSUPP;
7977
7978	wdev_lock(dev->ieee80211_ptr);
7979	ret = cfg80211_disconnect(rdev, dev, reason, true);
7980	wdev_unlock(dev->ieee80211_ptr);
7981	return ret;
7982}
7983
7984static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
7985{
7986	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7987	struct net *net;
7988	int err;
7989
7990	if (info->attrs[NL80211_ATTR_PID]) {
7991		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
7992
7993		net = get_net_ns_by_pid(pid);
7994	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
7995		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
7996
7997		net = get_net_ns_by_fd(fd);
7998	} else {
7999		return -EINVAL;
8000	}
8001
8002	if (IS_ERR(net))
8003		return PTR_ERR(net);
8004
8005	err = 0;
8006
8007	/* check if anything to do */
8008	if (!net_eq(wiphy_net(&rdev->wiphy), net))
8009		err = cfg80211_switch_netns(rdev, net);
8010
8011	put_net(net);
8012	return err;
8013}
8014
8015static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
8016{
8017	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8018	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
8019			struct cfg80211_pmksa *pmksa) = NULL;
8020	struct net_device *dev = info->user_ptr[1];
8021	struct cfg80211_pmksa pmksa;
8022
8023	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
8024
8025	if (!info->attrs[NL80211_ATTR_MAC])
8026		return -EINVAL;
8027
8028	if (!info->attrs[NL80211_ATTR_PMKID])
8029		return -EINVAL;
8030
8031	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
8032	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8033
8034	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8035	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8036		return -EOPNOTSUPP;
8037
8038	switch (info->genlhdr->cmd) {
8039	case NL80211_CMD_SET_PMKSA:
8040		rdev_ops = rdev->ops->set_pmksa;
8041		break;
8042	case NL80211_CMD_DEL_PMKSA:
8043		rdev_ops = rdev->ops->del_pmksa;
8044		break;
8045	default:
8046		WARN_ON(1);
8047		break;
8048	}
8049
8050	if (!rdev_ops)
8051		return -EOPNOTSUPP;
8052
8053	return rdev_ops(&rdev->wiphy, dev, &pmksa);
8054}
8055
8056static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
8057{
8058	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8059	struct net_device *dev = info->user_ptr[1];
8060
8061	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8062	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8063		return -EOPNOTSUPP;
8064
8065	if (!rdev->ops->flush_pmksa)
8066		return -EOPNOTSUPP;
8067
8068	return rdev_flush_pmksa(rdev, dev);
8069}
8070
8071static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
8072{
8073	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8074	struct net_device *dev = info->user_ptr[1];
8075	u8 action_code, dialog_token;
8076	u32 peer_capability = 0;
8077	u16 status_code;
8078	u8 *peer;
8079	bool initiator;
8080
8081	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
8082	    !rdev->ops->tdls_mgmt)
8083		return -EOPNOTSUPP;
8084
8085	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
8086	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
8087	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
8088	    !info->attrs[NL80211_ATTR_IE] ||
8089	    !info->attrs[NL80211_ATTR_MAC])
8090		return -EINVAL;
8091
8092	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
8093	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
8094	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
8095	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
8096	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
8097	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
8098		peer_capability =
8099			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
8100
8101	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
8102			      dialog_token, status_code, peer_capability,
8103			      initiator,
8104			      nla_data(info->attrs[NL80211_ATTR_IE]),
8105			      nla_len(info->attrs[NL80211_ATTR_IE]));
8106}
8107
8108static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
8109{
8110	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8111	struct net_device *dev = info->user_ptr[1];
8112	enum nl80211_tdls_operation operation;
8113	u8 *peer;
8114
8115	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
8116	    !rdev->ops->tdls_oper)
8117		return -EOPNOTSUPP;
8118
8119	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
8120	    !info->attrs[NL80211_ATTR_MAC])
8121		return -EINVAL;
8122
8123	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
8124	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
8125
8126	return rdev_tdls_oper(rdev, dev, peer, operation);
8127}
8128
8129static int nl80211_remain_on_channel(struct sk_buff *skb,
8130				     struct genl_info *info)
8131{
8132	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8133	struct wireless_dev *wdev = info->user_ptr[1];
8134	struct cfg80211_chan_def chandef;
8135	struct sk_buff *msg;
8136	void *hdr;
8137	u64 cookie;
8138	u32 duration;
8139	int err;
8140
8141	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8142	    !info->attrs[NL80211_ATTR_DURATION])
8143		return -EINVAL;
8144
8145	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
8146
8147	if (!rdev->ops->remain_on_channel ||
8148	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
8149		return -EOPNOTSUPP;
8150
8151	/*
8152	 * We should be on that channel for at least a minimum amount of
8153	 * time (10ms) but no longer than the driver supports.
8154	 */
8155	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
8156	    duration > rdev->wiphy.max_remain_on_channel_duration)
8157		return -EINVAL;
8158
8159	err = nl80211_parse_chandef(rdev, info, &chandef);
8160	if (err)
8161		return err;
8162
8163	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8164	if (!msg)
8165		return -ENOMEM;
8166
8167	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8168			     NL80211_CMD_REMAIN_ON_CHANNEL);
8169	if (!hdr) {
8170		err = -ENOBUFS;
8171		goto free_msg;
8172	}
8173
8174	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
8175				     duration, &cookie);
8176
8177	if (err)
8178		goto free_msg;
8179
8180	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8181		goto nla_put_failure;
8182
8183	genlmsg_end(msg, hdr);
8184
8185	return genlmsg_reply(msg, info);
8186
8187 nla_put_failure:
8188	err = -ENOBUFS;
8189 free_msg:
8190	nlmsg_free(msg);
8191	return err;
8192}
8193
8194static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
8195					    struct genl_info *info)
8196{
8197	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8198	struct wireless_dev *wdev = info->user_ptr[1];
8199	u64 cookie;
8200
8201	if (!info->attrs[NL80211_ATTR_COOKIE])
8202		return -EINVAL;
8203
8204	if (!rdev->ops->cancel_remain_on_channel)
8205		return -EOPNOTSUPP;
8206
8207	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8208
8209	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
8210}
8211
8212static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
8213			   u8 *rates, u8 rates_len)
8214{
8215	u8 i;
8216	u32 mask = 0;
8217
8218	for (i = 0; i < rates_len; i++) {
8219		int rate = (rates[i] & 0x7f) * 5;
8220		int ridx;
8221		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
8222			struct ieee80211_rate *srate =
8223				&sband->bitrates[ridx];
8224			if (rate == srate->bitrate) {
8225				mask |= 1 << ridx;
8226				break;
8227			}
8228		}
8229		if (ridx == sband->n_bitrates)
8230			return 0; /* rate not found */
8231	}
8232
8233	return mask;
8234}
8235
8236static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
8237			       u8 *rates, u8 rates_len,
8238			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
8239{
8240	u8 i;
8241
8242	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
8243
8244	for (i = 0; i < rates_len; i++) {
8245		int ridx, rbit;
8246
8247		ridx = rates[i] / 8;
8248		rbit = BIT(rates[i] % 8);
8249
8250		/* check validity */
8251		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
8252			return false;
8253
8254		/* check availability */
8255		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
8256			mcs[ridx] |= rbit;
8257		else
8258			return false;
8259	}
8260
8261	return true;
8262}
8263
8264static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
8265{
8266	u16 mcs_mask = 0;
8267
8268	switch (vht_mcs_map) {
8269	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
8270		break;
8271	case IEEE80211_VHT_MCS_SUPPORT_0_7:
8272		mcs_mask = 0x00FF;
8273		break;
8274	case IEEE80211_VHT_MCS_SUPPORT_0_8:
8275		mcs_mask = 0x01FF;
8276		break;
8277	case IEEE80211_VHT_MCS_SUPPORT_0_9:
8278		mcs_mask = 0x03FF;
8279		break;
8280	default:
8281		break;
8282	}
8283
8284	return mcs_mask;
8285}
8286
8287static void vht_build_mcs_mask(u16 vht_mcs_map,
8288			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
8289{
8290	u8 nss;
8291
8292	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
8293		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
8294		vht_mcs_map >>= 2;
8295	}
8296}
8297
8298static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
8299			     struct nl80211_txrate_vht *txrate,
8300			     u16 mcs[NL80211_VHT_NSS_MAX])
8301{
8302	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8303	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
8304	u8 i;
8305
8306	if (!sband->vht_cap.vht_supported)
8307		return false;
8308
8309	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
8310
8311	/* Build vht_mcs_mask from VHT capabilities */
8312	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
8313
8314	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8315		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
8316			mcs[i] = txrate->mcs[i];
8317		else
8318			return false;
8319	}
8320
8321	return true;
8322}
8323
8324static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
8325	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
8326				    .len = NL80211_MAX_SUPP_RATES },
8327	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
8328				.len = NL80211_MAX_SUPP_HT_RATES },
8329	[NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
8330	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
8331};
8332
8333static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
8334				       struct genl_info *info)
8335{
8336	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
8337	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8338	struct cfg80211_bitrate_mask mask;
8339	int rem, i;
8340	struct net_device *dev = info->user_ptr[1];
8341	struct nlattr *tx_rates;
8342	struct ieee80211_supported_band *sband;
8343	u16 vht_tx_mcs_map;
8344
8345	if (!rdev->ops->set_bitrate_mask)
8346		return -EOPNOTSUPP;
8347
8348	memset(&mask, 0, sizeof(mask));
8349	/* Default to all rates enabled */
8350	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
8351		sband = rdev->wiphy.bands[i];
8352
8353		if (!sband)
8354			continue;
8355
8356		mask.control[i].legacy = (1 << sband->n_bitrates) - 1;
8357		memcpy(mask.control[i].ht_mcs,
8358		       sband->ht_cap.mcs.rx_mask,
8359		       sizeof(mask.control[i].ht_mcs));
8360
8361		if (!sband->vht_cap.vht_supported)
8362			continue;
8363
8364		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8365		vht_build_mcs_mask(vht_tx_mcs_map, mask.control[i].vht_mcs);
8366	}
8367
8368	/* if no rates are given set it back to the defaults */
8369	if (!info->attrs[NL80211_ATTR_TX_RATES])
8370		goto out;
8371
8372	/*
8373	 * The nested attribute uses enum nl80211_band as the index. This maps
8374	 * directly to the enum ieee80211_band values used in cfg80211.
8375	 */
8376	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
8377	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
8378		enum ieee80211_band band = nla_type(tx_rates);
8379		int err;
8380
8381		if (band < 0 || band >= IEEE80211_NUM_BANDS)
8382			return -EINVAL;
8383		sband = rdev->wiphy.bands[band];
8384		if (sband == NULL)
8385			return -EINVAL;
8386		err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
8387				nla_len(tx_rates), nl80211_txattr_policy);
8388		if (err)
8389			return err;
8390		if (tb[NL80211_TXRATE_LEGACY]) {
8391			mask.control[band].legacy = rateset_to_mask(
8392				sband,
8393				nla_data(tb[NL80211_TXRATE_LEGACY]),
8394				nla_len(tb[NL80211_TXRATE_LEGACY]));
8395			if ((mask.control[band].legacy == 0) &&
8396			    nla_len(tb[NL80211_TXRATE_LEGACY]))
8397				return -EINVAL;
8398		}
8399		if (tb[NL80211_TXRATE_HT]) {
8400			if (!ht_rateset_to_mask(
8401					sband,
8402					nla_data(tb[NL80211_TXRATE_HT]),
8403					nla_len(tb[NL80211_TXRATE_HT]),
8404					mask.control[band].ht_mcs))
8405				return -EINVAL;
8406		}
8407		if (tb[NL80211_TXRATE_VHT]) {
8408			if (!vht_set_mcs_mask(
8409					sband,
8410					nla_data(tb[NL80211_TXRATE_VHT]),
8411					mask.control[band].vht_mcs))
8412				return -EINVAL;
8413		}
8414		if (tb[NL80211_TXRATE_GI]) {
8415			mask.control[band].gi =
8416				nla_get_u8(tb[NL80211_TXRATE_GI]);
8417			if (mask.control[band].gi > NL80211_TXRATE_FORCE_LGI)
8418				return -EINVAL;
8419		}
8420
8421		if (mask.control[band].legacy == 0) {
8422			/* don't allow empty legacy rates if HT or VHT
8423			 * are not even supported.
8424			 */
8425			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
8426			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
8427				return -EINVAL;
8428
8429			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
8430				if (mask.control[band].ht_mcs[i])
8431					goto out;
8432
8433			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
8434				if (mask.control[band].vht_mcs[i])
8435					goto out;
8436
8437			/* legacy and mcs rates may not be both empty */
8438			return -EINVAL;
8439		}
8440	}
8441
8442out:
8443	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
8444}
8445
8446static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
8447{
8448	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8449	struct wireless_dev *wdev = info->user_ptr[1];
8450	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
8451
8452	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
8453		return -EINVAL;
8454
8455	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
8456		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
8457
8458	switch (wdev->iftype) {
8459	case NL80211_IFTYPE_STATION:
8460	case NL80211_IFTYPE_ADHOC:
8461	case NL80211_IFTYPE_P2P_CLIENT:
8462	case NL80211_IFTYPE_AP:
8463	case NL80211_IFTYPE_AP_VLAN:
8464	case NL80211_IFTYPE_MESH_POINT:
8465	case NL80211_IFTYPE_P2P_GO:
8466	case NL80211_IFTYPE_P2P_DEVICE:
8467		break;
8468	default:
8469		return -EOPNOTSUPP;
8470	}
8471
8472	/* not much point in registering if we can't reply */
8473	if (!rdev->ops->mgmt_tx)
8474		return -EOPNOTSUPP;
8475
8476	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
8477			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
8478			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
8479}
8480
8481static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
8482{
8483	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8484	struct wireless_dev *wdev = info->user_ptr[1];
8485	struct cfg80211_chan_def chandef;
8486	int err;
8487	void *hdr = NULL;
8488	u64 cookie;
8489	struct sk_buff *msg = NULL;
8490	struct cfg80211_mgmt_tx_params params = {
8491		.dont_wait_for_ack =
8492			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
8493	};
8494
8495	if (!info->attrs[NL80211_ATTR_FRAME])
8496		return -EINVAL;
8497
8498	if (!rdev->ops->mgmt_tx)
8499		return -EOPNOTSUPP;
8500
8501	switch (wdev->iftype) {
8502	case NL80211_IFTYPE_P2P_DEVICE:
8503		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8504			return -EINVAL;
8505	case NL80211_IFTYPE_STATION:
8506	case NL80211_IFTYPE_ADHOC:
8507	case NL80211_IFTYPE_P2P_CLIENT:
8508	case NL80211_IFTYPE_AP:
8509	case NL80211_IFTYPE_AP_VLAN:
8510	case NL80211_IFTYPE_MESH_POINT:
8511	case NL80211_IFTYPE_P2P_GO:
8512		break;
8513	default:
8514		return -EOPNOTSUPP;
8515	}
8516
8517	if (info->attrs[NL80211_ATTR_DURATION]) {
8518		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
8519			return -EINVAL;
8520		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
8521
8522		/*
8523		 * We should wait on the channel for at least a minimum amount
8524		 * of time (10ms) but no longer than the driver supports.
8525		 */
8526		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
8527		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
8528			return -EINVAL;
8529
8530	}
8531
8532	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
8533
8534	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
8535		return -EINVAL;
8536
8537	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
8538
8539	/* get the channel if any has been specified, otherwise pass NULL to
8540	 * the driver. The latter will use the current one
8541	 */
8542	chandef.chan = NULL;
8543	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8544		err = nl80211_parse_chandef(rdev, info, &chandef);
8545		if (err)
8546			return err;
8547	}
8548
8549	if (!chandef.chan && params.offchan)
8550		return -EINVAL;
8551
8552	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
8553	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
8554
8555	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
8556		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
8557		int i;
8558
8559		if (len % sizeof(u16))
8560			return -EINVAL;
8561
8562		params.n_csa_offsets = len / sizeof(u16);
8563		params.csa_offsets =
8564			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
8565
8566		/* check that all the offsets fit the frame */
8567		for (i = 0; i < params.n_csa_offsets; i++) {
8568			if (params.csa_offsets[i] >= params.len)
8569				return -EINVAL;
8570		}
8571	}
8572
8573	if (!params.dont_wait_for_ack) {
8574		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8575		if (!msg)
8576			return -ENOMEM;
8577
8578		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8579				     NL80211_CMD_FRAME);
8580		if (!hdr) {
8581			err = -ENOBUFS;
8582			goto free_msg;
8583		}
8584	}
8585
8586	params.chan = chandef.chan;
8587	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
8588	if (err)
8589		goto free_msg;
8590
8591	if (msg) {
8592		if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8593			goto nla_put_failure;
8594
8595		genlmsg_end(msg, hdr);
8596		return genlmsg_reply(msg, info);
8597	}
8598
8599	return 0;
8600
8601 nla_put_failure:
8602	err = -ENOBUFS;
8603 free_msg:
8604	nlmsg_free(msg);
8605	return err;
8606}
8607
8608static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
8609{
8610	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8611	struct wireless_dev *wdev = info->user_ptr[1];
8612	u64 cookie;
8613
8614	if (!info->attrs[NL80211_ATTR_COOKIE])
8615		return -EINVAL;
8616
8617	if (!rdev->ops->mgmt_tx_cancel_wait)
8618		return -EOPNOTSUPP;
8619
8620	switch (wdev->iftype) {
8621	case NL80211_IFTYPE_STATION:
8622	case NL80211_IFTYPE_ADHOC:
8623	case NL80211_IFTYPE_P2P_CLIENT:
8624	case NL80211_IFTYPE_AP:
8625	case NL80211_IFTYPE_AP_VLAN:
8626	case NL80211_IFTYPE_P2P_GO:
8627	case NL80211_IFTYPE_P2P_DEVICE:
8628		break;
8629	default:
8630		return -EOPNOTSUPP;
8631	}
8632
8633	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8634
8635	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
8636}
8637
8638static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
8639{
8640	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8641	struct wireless_dev *wdev;
8642	struct net_device *dev = info->user_ptr[1];
8643	u8 ps_state;
8644	bool state;
8645	int err;
8646
8647	if (!info->attrs[NL80211_ATTR_PS_STATE])
8648		return -EINVAL;
8649
8650	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
8651
8652	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
8653		return -EINVAL;
8654
8655	wdev = dev->ieee80211_ptr;
8656
8657	if (!rdev->ops->set_power_mgmt)
8658		return -EOPNOTSUPP;
8659
8660	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
8661
8662	if (state == wdev->ps)
8663		return 0;
8664
8665	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
8666	if (!err)
8667		wdev->ps = state;
8668	return err;
8669}
8670
8671static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
8672{
8673	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8674	enum nl80211_ps_state ps_state;
8675	struct wireless_dev *wdev;
8676	struct net_device *dev = info->user_ptr[1];
8677	struct sk_buff *msg;
8678	void *hdr;
8679	int err;
8680
8681	wdev = dev->ieee80211_ptr;
8682
8683	if (!rdev->ops->set_power_mgmt)
8684		return -EOPNOTSUPP;
8685
8686	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8687	if (!msg)
8688		return -ENOMEM;
8689
8690	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8691			     NL80211_CMD_GET_POWER_SAVE);
8692	if (!hdr) {
8693		err = -ENOBUFS;
8694		goto free_msg;
8695	}
8696
8697	if (wdev->ps)
8698		ps_state = NL80211_PS_ENABLED;
8699	else
8700		ps_state = NL80211_PS_DISABLED;
8701
8702	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
8703		goto nla_put_failure;
8704
8705	genlmsg_end(msg, hdr);
8706	return genlmsg_reply(msg, info);
8707
8708 nla_put_failure:
8709	err = -ENOBUFS;
8710 free_msg:
8711	nlmsg_free(msg);
8712	return err;
8713}
8714
8715static const struct nla_policy
8716nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
8717	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
8718	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
8719	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
8720	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
8721	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
8722	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
8723};
8724
8725static int nl80211_set_cqm_txe(struct genl_info *info,
8726			       u32 rate, u32 pkts, u32 intvl)
8727{
8728	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8729	struct net_device *dev = info->user_ptr[1];
8730	struct wireless_dev *wdev = dev->ieee80211_ptr;
8731
8732	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
8733		return -EINVAL;
8734
8735	if (!rdev->ops->set_cqm_txe_config)
8736		return -EOPNOTSUPP;
8737
8738	if (wdev->iftype != NL80211_IFTYPE_STATION &&
8739	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8740		return -EOPNOTSUPP;
8741
8742	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
8743}
8744
8745static int nl80211_set_cqm_rssi(struct genl_info *info,
8746				s32 threshold, u32 hysteresis)
8747{
8748	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8749	struct net_device *dev = info->user_ptr[1];
8750	struct wireless_dev *wdev = dev->ieee80211_ptr;
8751
8752	if (threshold > 0)
8753		return -EINVAL;
8754
8755	/* disabling - hysteresis should also be zero then */
8756	if (threshold == 0)
8757		hysteresis = 0;
8758
8759	if (!rdev->ops->set_cqm_rssi_config)
8760		return -EOPNOTSUPP;
8761
8762	if (wdev->iftype != NL80211_IFTYPE_STATION &&
8763	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8764		return -EOPNOTSUPP;
8765
8766	return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
8767}
8768
8769static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
8770{
8771	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
8772	struct nlattr *cqm;
8773	int err;
8774
8775	cqm = info->attrs[NL80211_ATTR_CQM];
8776	if (!cqm)
8777		return -EINVAL;
8778
8779	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
8780			       nl80211_attr_cqm_policy);
8781	if (err)
8782		return err;
8783
8784	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
8785	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
8786		s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
8787		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
8788
8789		return nl80211_set_cqm_rssi(info, threshold, hysteresis);
8790	}
8791
8792	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
8793	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
8794	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
8795		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
8796		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
8797		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
8798
8799		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
8800	}
8801
8802	return -EINVAL;
8803}
8804
8805static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
8806{
8807	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8808	struct net_device *dev = info->user_ptr[1];
8809	struct ocb_setup setup = {};
8810	int err;
8811
8812	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8813	if (err)
8814		return err;
8815
8816	return cfg80211_join_ocb(rdev, dev, &setup);
8817}
8818
8819static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
8820{
8821	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8822	struct net_device *dev = info->user_ptr[1];
8823
8824	return cfg80211_leave_ocb(rdev, dev);
8825}
8826
8827static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
8828{
8829	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8830	struct net_device *dev = info->user_ptr[1];
8831	struct mesh_config cfg;
8832	struct mesh_setup setup;
8833	int err;
8834
8835	/* start with default */
8836	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
8837	memcpy(&setup, &default_mesh_setup, sizeof(setup));
8838
8839	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
8840		/* and parse parameters if given */
8841		err = nl80211_parse_mesh_config(info, &cfg, NULL);
8842		if (err)
8843			return err;
8844	}
8845
8846	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
8847	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
8848		return -EINVAL;
8849
8850	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
8851	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
8852
8853	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8854	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
8855			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8856			return -EINVAL;
8857
8858	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
8859		setup.beacon_interval =
8860			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8861		if (setup.beacon_interval < 10 ||
8862		    setup.beacon_interval > 10000)
8863			return -EINVAL;
8864	}
8865
8866	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
8867		setup.dtim_period =
8868			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
8869		if (setup.dtim_period < 1 || setup.dtim_period > 100)
8870			return -EINVAL;
8871	}
8872
8873	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
8874		/* parse additional setup parameters if given */
8875		err = nl80211_parse_mesh_setup(info, &setup);
8876		if (err)
8877			return err;
8878	}
8879
8880	if (setup.user_mpm)
8881		cfg.auto_open_plinks = false;
8882
8883	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8884		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8885		if (err)
8886			return err;
8887	} else {
8888		/* cfg80211_join_mesh() will sort it out */
8889		setup.chandef.chan = NULL;
8890	}
8891
8892	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8893		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8894		int n_rates =
8895			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8896		struct ieee80211_supported_band *sband;
8897
8898		if (!setup.chandef.chan)
8899			return -EINVAL;
8900
8901		sband = rdev->wiphy.bands[setup.chandef.chan->band];
8902
8903		err = ieee80211_get_ratemask(sband, rates, n_rates,
8904					     &setup.basic_rates);
8905		if (err)
8906			return err;
8907	}
8908
8909	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
8910}
8911
8912static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
8913{
8914	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8915	struct net_device *dev = info->user_ptr[1];
8916
8917	return cfg80211_leave_mesh(rdev, dev);
8918}
8919
8920#ifdef CONFIG_PM
8921static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
8922					struct cfg80211_registered_device *rdev)
8923{
8924	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
8925	struct nlattr *nl_pats, *nl_pat;
8926	int i, pat_len;
8927
8928	if (!wowlan->n_patterns)
8929		return 0;
8930
8931	nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
8932	if (!nl_pats)
8933		return -ENOBUFS;
8934
8935	for (i = 0; i < wowlan->n_patterns; i++) {
8936		nl_pat = nla_nest_start(msg, i + 1);
8937		if (!nl_pat)
8938			return -ENOBUFS;
8939		pat_len = wowlan->patterns[i].pattern_len;
8940		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
8941			    wowlan->patterns[i].mask) ||
8942		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8943			    wowlan->patterns[i].pattern) ||
8944		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8945				wowlan->patterns[i].pkt_offset))
8946			return -ENOBUFS;
8947		nla_nest_end(msg, nl_pat);
8948	}
8949	nla_nest_end(msg, nl_pats);
8950
8951	return 0;
8952}
8953
8954static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
8955				   struct cfg80211_wowlan_tcp *tcp)
8956{
8957	struct nlattr *nl_tcp;
8958
8959	if (!tcp)
8960		return 0;
8961
8962	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
8963	if (!nl_tcp)
8964		return -ENOBUFS;
8965
8966	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
8967	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
8968	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
8969	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
8970	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
8971	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
8972		    tcp->payload_len, tcp->payload) ||
8973	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
8974			tcp->data_interval) ||
8975	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
8976		    tcp->wake_len, tcp->wake_data) ||
8977	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
8978		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
8979		return -ENOBUFS;
8980
8981	if (tcp->payload_seq.len &&
8982	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
8983		    sizeof(tcp->payload_seq), &tcp->payload_seq))
8984		return -ENOBUFS;
8985
8986	if (tcp->payload_tok.len &&
8987	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
8988		    sizeof(tcp->payload_tok) + tcp->tokens_size,
8989		    &tcp->payload_tok))
8990		return -ENOBUFS;
8991
8992	nla_nest_end(msg, nl_tcp);
8993
8994	return 0;
8995}
8996
8997static int nl80211_send_wowlan_nd(struct sk_buff *msg,
8998				  struct cfg80211_sched_scan_request *req)
8999{
9000	struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
9001	int i;
9002
9003	if (!req)
9004		return 0;
9005
9006	nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
9007	if (!nd)
9008		return -ENOBUFS;
9009
9010	if (req->n_scan_plans == 1 &&
9011	    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
9012			req->scan_plans[0].interval * 1000))
9013		return -ENOBUFS;
9014
9015	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
9016		return -ENOBUFS;
9017
9018	freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
9019	if (!freqs)
9020		return -ENOBUFS;
9021
9022	for (i = 0; i < req->n_channels; i++)
9023		nla_put_u32(msg, i, req->channels[i]->center_freq);
9024
9025	nla_nest_end(msg, freqs);
9026
9027	if (req->n_match_sets) {
9028		matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
9029		for (i = 0; i < req->n_match_sets; i++) {
9030			match = nla_nest_start(msg, i);
9031			nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
9032				req->match_sets[i].ssid.ssid_len,
9033				req->match_sets[i].ssid.ssid);
9034			nla_nest_end(msg, match);
9035		}
9036		nla_nest_end(msg, matches);
9037	}
9038
9039	scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
9040	if (!scan_plans)
9041		return -ENOBUFS;
9042
9043	for (i = 0; i < req->n_scan_plans; i++) {
9044		scan_plan = nla_nest_start(msg, i + 1);
9045		if (!scan_plan ||
9046		    nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
9047				req->scan_plans[i].interval) ||
9048		    (req->scan_plans[i].iterations &&
9049		     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
9050				 req->scan_plans[i].iterations)))
9051			return -ENOBUFS;
9052		nla_nest_end(msg, scan_plan);
9053	}
9054	nla_nest_end(msg, scan_plans);
9055
9056	nla_nest_end(msg, nd);
9057
9058	return 0;
9059}
9060
9061static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
9062{
9063	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9064	struct sk_buff *msg;
9065	void *hdr;
9066	u32 size = NLMSG_DEFAULT_SIZE;
9067
9068	if (!rdev->wiphy.wowlan)
9069		return -EOPNOTSUPP;
9070
9071	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
9072		/* adjust size to have room for all the data */
9073		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
9074			rdev->wiphy.wowlan_config->tcp->payload_len +
9075			rdev->wiphy.wowlan_config->tcp->wake_len +
9076			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
9077	}
9078
9079	msg = nlmsg_new(size, GFP_KERNEL);
9080	if (!msg)
9081		return -ENOMEM;
9082
9083	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9084			     NL80211_CMD_GET_WOWLAN);
9085	if (!hdr)
9086		goto nla_put_failure;
9087
9088	if (rdev->wiphy.wowlan_config) {
9089		struct nlattr *nl_wowlan;
9090
9091		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
9092		if (!nl_wowlan)
9093			goto nla_put_failure;
9094
9095		if ((rdev->wiphy.wowlan_config->any &&
9096		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
9097		    (rdev->wiphy.wowlan_config->disconnect &&
9098		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
9099		    (rdev->wiphy.wowlan_config->magic_pkt &&
9100		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
9101		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
9102		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
9103		    (rdev->wiphy.wowlan_config->eap_identity_req &&
9104		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
9105		    (rdev->wiphy.wowlan_config->four_way_handshake &&
9106		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
9107		    (rdev->wiphy.wowlan_config->rfkill_release &&
9108		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
9109			goto nla_put_failure;
9110
9111		if (nl80211_send_wowlan_patterns(msg, rdev))
9112			goto nla_put_failure;
9113
9114		if (nl80211_send_wowlan_tcp(msg,
9115					    rdev->wiphy.wowlan_config->tcp))
9116			goto nla_put_failure;
9117
9118		if (nl80211_send_wowlan_nd(
9119			    msg,
9120			    rdev->wiphy.wowlan_config->nd_config))
9121			goto nla_put_failure;
9122
9123		nla_nest_end(msg, nl_wowlan);
9124	}
9125
9126	genlmsg_end(msg, hdr);
9127	return genlmsg_reply(msg, info);
9128
9129nla_put_failure:
9130	nlmsg_free(msg);
9131	return -ENOBUFS;
9132}
9133
9134static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
9135				    struct nlattr *attr,
9136				    struct cfg80211_wowlan *trig)
9137{
9138	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
9139	struct cfg80211_wowlan_tcp *cfg;
9140	struct nl80211_wowlan_tcp_data_token *tok = NULL;
9141	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
9142	u32 size;
9143	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
9144	int err, port;
9145
9146	if (!rdev->wiphy.wowlan->tcp)
9147		return -EINVAL;
9148
9149	err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
9150			nla_data(attr), nla_len(attr),
9151			nl80211_wowlan_tcp_policy);
9152	if (err)
9153		return err;
9154
9155	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
9156	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
9157	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
9158	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
9159	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
9160	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
9161	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
9162	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
9163		return -EINVAL;
9164
9165	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
9166	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
9167		return -EINVAL;
9168
9169	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
9170			rdev->wiphy.wowlan->tcp->data_interval_max ||
9171	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
9172		return -EINVAL;
9173
9174	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
9175	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
9176		return -EINVAL;
9177
9178	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
9179	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
9180		return -EINVAL;
9181
9182	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
9183		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
9184
9185		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
9186		tokens_size = tokln - sizeof(*tok);
9187
9188		if (!tok->len || tokens_size % tok->len)
9189			return -EINVAL;
9190		if (!rdev->wiphy.wowlan->tcp->tok)
9191			return -EINVAL;
9192		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
9193			return -EINVAL;
9194		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
9195			return -EINVAL;
9196		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
9197			return -EINVAL;
9198		if (tok->offset + tok->len > data_size)
9199			return -EINVAL;
9200	}
9201
9202	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
9203		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
9204		if (!rdev->wiphy.wowlan->tcp->seq)
9205			return -EINVAL;
9206		if (seq->len == 0 || seq->len > 4)
9207			return -EINVAL;
9208		if (seq->len + seq->offset > data_size)
9209			return -EINVAL;
9210	}
9211
9212	size = sizeof(*cfg);
9213	size += data_size;
9214	size += wake_size + wake_mask_size;
9215	size += tokens_size;
9216
9217	cfg = kzalloc(size, GFP_KERNEL);
9218	if (!cfg)
9219		return -ENOMEM;
9220	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
9221	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
9222	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
9223	       ETH_ALEN);
9224	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
9225		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
9226	else
9227		port = 0;
9228#ifdef CONFIG_INET
9229	/* allocate a socket and port for it and use it */
9230	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
9231			    IPPROTO_TCP, &cfg->sock, 1);
9232	if (err) {
9233		kfree(cfg);
9234		return err;
9235	}
9236	if (inet_csk_get_port(cfg->sock->sk, port)) {
9237		sock_release(cfg->sock);
9238		kfree(cfg);
9239		return -EADDRINUSE;
9240	}
9241	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
9242#else
9243	if (!port) {
9244		kfree(cfg);
9245		return -EINVAL;
9246	}
9247	cfg->src_port = port;
9248#endif
9249
9250	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
9251	cfg->payload_len = data_size;
9252	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
9253	memcpy((void *)cfg->payload,
9254	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
9255	       data_size);
9256	if (seq)
9257		cfg->payload_seq = *seq;
9258	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
9259	cfg->wake_len = wake_size;
9260	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
9261	memcpy((void *)cfg->wake_data,
9262	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
9263	       wake_size);
9264	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
9265			 data_size + wake_size;
9266	memcpy((void *)cfg->wake_mask,
9267	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
9268	       wake_mask_size);
9269	if (tok) {
9270		cfg->tokens_size = tokens_size;
9271		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
9272	}
9273
9274	trig->tcp = cfg;
9275
9276	return 0;
9277}
9278
9279static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
9280				   const struct wiphy_wowlan_support *wowlan,
9281				   struct nlattr *attr,
9282				   struct cfg80211_wowlan *trig)
9283{
9284	struct nlattr **tb;
9285	int err;
9286
9287	tb = kzalloc(NUM_NL80211_ATTR * sizeof(*tb), GFP_KERNEL);
9288	if (!tb)
9289		return -ENOMEM;
9290
9291	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
9292		err = -EOPNOTSUPP;
9293		goto out;
9294	}
9295
9296	err = nla_parse(tb, NL80211_ATTR_MAX,
9297			nla_data(attr), nla_len(attr),
9298			nl80211_policy);
9299	if (err)
9300		goto out;
9301
9302	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb);
9303	err = PTR_ERR_OR_ZERO(trig->nd_config);
9304	if (err)
9305		trig->nd_config = NULL;
9306
9307out:
9308	kfree(tb);
9309	return err;
9310}
9311
9312static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
9313{
9314	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9315	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
9316	struct cfg80211_wowlan new_triggers = {};
9317	struct cfg80211_wowlan *ntrig;
9318	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
9319	int err, i;
9320	bool prev_enabled = rdev->wiphy.wowlan_config;
9321	bool regular = false;
9322
9323	if (!wowlan)
9324		return -EOPNOTSUPP;
9325
9326	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
9327		cfg80211_rdev_free_wowlan(rdev);
9328		rdev->wiphy.wowlan_config = NULL;
9329		goto set_wakeup;
9330	}
9331
9332	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
9333			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
9334			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
9335			nl80211_wowlan_policy);
9336	if (err)
9337		return err;
9338
9339	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
9340		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
9341			return -EINVAL;
9342		new_triggers.any = true;
9343	}
9344
9345	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
9346		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
9347			return -EINVAL;
9348		new_triggers.disconnect = true;
9349		regular = true;
9350	}
9351
9352	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
9353		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
9354			return -EINVAL;
9355		new_triggers.magic_pkt = true;
9356		regular = true;
9357	}
9358
9359	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
9360		return -EINVAL;
9361
9362	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
9363		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
9364			return -EINVAL;
9365		new_triggers.gtk_rekey_failure = true;
9366		regular = true;
9367	}
9368
9369	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
9370		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
9371			return -EINVAL;
9372		new_triggers.eap_identity_req = true;
9373		regular = true;
9374	}
9375
9376	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
9377		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
9378			return -EINVAL;
9379		new_triggers.four_way_handshake = true;
9380		regular = true;
9381	}
9382
9383	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
9384		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
9385			return -EINVAL;
9386		new_triggers.rfkill_release = true;
9387		regular = true;
9388	}
9389
9390	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
9391		struct nlattr *pat;
9392		int n_patterns = 0;
9393		int rem, pat_len, mask_len, pkt_offset;
9394		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
9395
9396		regular = true;
9397
9398		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
9399				    rem)
9400			n_patterns++;
9401		if (n_patterns > wowlan->n_patterns)
9402			return -EINVAL;
9403
9404		new_triggers.patterns = kcalloc(n_patterns,
9405						sizeof(new_triggers.patterns[0]),
9406						GFP_KERNEL);
9407		if (!new_triggers.patterns)
9408			return -ENOMEM;
9409
9410		new_triggers.n_patterns = n_patterns;
9411		i = 0;
9412
9413		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
9414				    rem) {
9415			u8 *mask_pat;
9416
9417			nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
9418				  nla_len(pat), NULL);
9419			err = -EINVAL;
9420			if (!pat_tb[NL80211_PKTPAT_MASK] ||
9421			    !pat_tb[NL80211_PKTPAT_PATTERN])
9422				goto error;
9423			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
9424			mask_len = DIV_ROUND_UP(pat_len, 8);
9425			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
9426				goto error;
9427			if (pat_len > wowlan->pattern_max_len ||
9428			    pat_len < wowlan->pattern_min_len)
9429				goto error;
9430
9431			if (!pat_tb[NL80211_PKTPAT_OFFSET])
9432				pkt_offset = 0;
9433			else
9434				pkt_offset = nla_get_u32(
9435					pat_tb[NL80211_PKTPAT_OFFSET]);
9436			if (pkt_offset > wowlan->max_pkt_offset)
9437				goto error;
9438			new_triggers.patterns[i].pkt_offset = pkt_offset;
9439
9440			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
9441			if (!mask_pat) {
9442				err = -ENOMEM;
9443				goto error;
9444			}
9445			new_triggers.patterns[i].mask = mask_pat;
9446			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
9447			       mask_len);
9448			mask_pat += mask_len;
9449			new_triggers.patterns[i].pattern = mask_pat;
9450			new_triggers.patterns[i].pattern_len = pat_len;
9451			memcpy(mask_pat,
9452			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
9453			       pat_len);
9454			i++;
9455		}
9456	}
9457
9458	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
9459		regular = true;
9460		err = nl80211_parse_wowlan_tcp(
9461			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
9462			&new_triggers);
9463		if (err)
9464			goto error;
9465	}
9466
9467	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
9468		regular = true;
9469		err = nl80211_parse_wowlan_nd(
9470			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
9471			&new_triggers);
9472		if (err)
9473			goto error;
9474	}
9475
9476	/* The 'any' trigger means the device continues operating more or less
9477	 * as in its normal operation mode and wakes up the host on most of the
9478	 * normal interrupts (like packet RX, ...)
9479	 * It therefore makes little sense to combine with the more constrained
9480	 * wakeup trigger modes.
9481	 */
9482	if (new_triggers.any && regular) {
9483		err = -EINVAL;
9484		goto error;
9485	}
9486
9487	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
9488	if (!ntrig) {
9489		err = -ENOMEM;
9490		goto error;
9491	}
9492	cfg80211_rdev_free_wowlan(rdev);
9493	rdev->wiphy.wowlan_config = ntrig;
9494
9495 set_wakeup:
9496	if (rdev->ops->set_wakeup &&
9497	    prev_enabled != !!rdev->wiphy.wowlan_config)
9498		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
9499
9500	return 0;
9501 error:
9502	for (i = 0; i < new_triggers.n_patterns; i++)
9503		kfree(new_triggers.patterns[i].mask);
9504	kfree(new_triggers.patterns);
9505	if (new_triggers.tcp && new_triggers.tcp->sock)
9506		sock_release(new_triggers.tcp->sock);
9507	kfree(new_triggers.tcp);
9508	kfree(new_triggers.nd_config);
9509	return err;
9510}
9511#endif
9512
9513static int nl80211_send_coalesce_rules(struct sk_buff *msg,
9514				       struct cfg80211_registered_device *rdev)
9515{
9516	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
9517	int i, j, pat_len;
9518	struct cfg80211_coalesce_rules *rule;
9519
9520	if (!rdev->coalesce->n_rules)
9521		return 0;
9522
9523	nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
9524	if (!nl_rules)
9525		return -ENOBUFS;
9526
9527	for (i = 0; i < rdev->coalesce->n_rules; i++) {
9528		nl_rule = nla_nest_start(msg, i + 1);
9529		if (!nl_rule)
9530			return -ENOBUFS;
9531
9532		rule = &rdev->coalesce->rules[i];
9533		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
9534				rule->delay))
9535			return -ENOBUFS;
9536
9537		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
9538				rule->condition))
9539			return -ENOBUFS;
9540
9541		nl_pats = nla_nest_start(msg,
9542				NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
9543		if (!nl_pats)
9544			return -ENOBUFS;
9545
9546		for (j = 0; j < rule->n_patterns; j++) {
9547			nl_pat = nla_nest_start(msg, j + 1);
9548			if (!nl_pat)
9549				return -ENOBUFS;
9550			pat_len = rule->patterns[j].pattern_len;
9551			if (nla_put(msg, NL80211_PKTPAT_MASK,
9552				    DIV_ROUND_UP(pat_len, 8),
9553				    rule->patterns[j].mask) ||
9554			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
9555				    rule->patterns[j].pattern) ||
9556			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
9557					rule->patterns[j].pkt_offset))
9558				return -ENOBUFS;
9559			nla_nest_end(msg, nl_pat);
9560		}
9561		nla_nest_end(msg, nl_pats);
9562		nla_nest_end(msg, nl_rule);
9563	}
9564	nla_nest_end(msg, nl_rules);
9565
9566	return 0;
9567}
9568
9569static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
9570{
9571	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9572	struct sk_buff *msg;
9573	void *hdr;
9574
9575	if (!rdev->wiphy.coalesce)
9576		return -EOPNOTSUPP;
9577
9578	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9579	if (!msg)
9580		return -ENOMEM;
9581
9582	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9583			     NL80211_CMD_GET_COALESCE);
9584	if (!hdr)
9585		goto nla_put_failure;
9586
9587	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
9588		goto nla_put_failure;
9589
9590	genlmsg_end(msg, hdr);
9591	return genlmsg_reply(msg, info);
9592
9593nla_put_failure:
9594	nlmsg_free(msg);
9595	return -ENOBUFS;
9596}
9597
9598void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
9599{
9600	struct cfg80211_coalesce *coalesce = rdev->coalesce;
9601	int i, j;
9602	struct cfg80211_coalesce_rules *rule;
9603
9604	if (!coalesce)
9605		return;
9606
9607	for (i = 0; i < coalesce->n_rules; i++) {
9608		rule = &coalesce->rules[i];
9609		for (j = 0; j < rule->n_patterns; j++)
9610			kfree(rule->patterns[j].mask);
9611		kfree(rule->patterns);
9612	}
9613	kfree(coalesce->rules);
9614	kfree(coalesce);
9615	rdev->coalesce = NULL;
9616}
9617
9618static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
9619				       struct nlattr *rule,
9620				       struct cfg80211_coalesce_rules *new_rule)
9621{
9622	int err, i;
9623	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
9624	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
9625	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
9626	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
9627
9628	err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
9629			nla_len(rule), nl80211_coalesce_policy);
9630	if (err)
9631		return err;
9632
9633	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
9634		new_rule->delay =
9635			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
9636	if (new_rule->delay > coalesce->max_delay)
9637		return -EINVAL;
9638
9639	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
9640		new_rule->condition =
9641			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
9642	if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
9643	    new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
9644		return -EINVAL;
9645
9646	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
9647		return -EINVAL;
9648
9649	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
9650			    rem)
9651		n_patterns++;
9652	if (n_patterns > coalesce->n_patterns)
9653		return -EINVAL;
9654
9655	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
9656				     GFP_KERNEL);
9657	if (!new_rule->patterns)
9658		return -ENOMEM;
9659
9660	new_rule->n_patterns = n_patterns;
9661	i = 0;
9662
9663	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
9664			    rem) {
9665		u8 *mask_pat;
9666
9667		nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
9668			  nla_len(pat), NULL);
9669		if (!pat_tb[NL80211_PKTPAT_MASK] ||
9670		    !pat_tb[NL80211_PKTPAT_PATTERN])
9671			return -EINVAL;
9672		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
9673		mask_len = DIV_ROUND_UP(pat_len, 8);
9674		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
9675			return -EINVAL;
9676		if (pat_len > coalesce->pattern_max_len ||
9677		    pat_len < coalesce->pattern_min_len)
9678			return -EINVAL;
9679
9680		if (!pat_tb[NL80211_PKTPAT_OFFSET])
9681			pkt_offset = 0;
9682		else
9683			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
9684		if (pkt_offset > coalesce->max_pkt_offset)
9685			return -EINVAL;
9686		new_rule->patterns[i].pkt_offset = pkt_offset;
9687
9688		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
9689		if (!mask_pat)
9690			return -ENOMEM;
9691
9692		new_rule->patterns[i].mask = mask_pat;
9693		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
9694		       mask_len);
9695
9696		mask_pat += mask_len;
9697		new_rule->patterns[i].pattern = mask_pat;
9698		new_rule->patterns[i].pattern_len = pat_len;
9699		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
9700		       pat_len);
9701		i++;
9702	}
9703
9704	return 0;
9705}
9706
9707static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
9708{
9709	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9710	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
9711	struct cfg80211_coalesce new_coalesce = {};
9712	struct cfg80211_coalesce *n_coalesce;
9713	int err, rem_rule, n_rules = 0, i, j;
9714	struct nlattr *rule;
9715	struct cfg80211_coalesce_rules *tmp_rule;
9716
9717	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
9718		return -EOPNOTSUPP;
9719
9720	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
9721		cfg80211_rdev_free_coalesce(rdev);
9722		rdev->ops->set_coalesce(&rdev->wiphy, NULL);
9723		return 0;
9724	}
9725
9726	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
9727			    rem_rule)
9728		n_rules++;
9729	if (n_rules > coalesce->n_rules)
9730		return -EINVAL;
9731
9732	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
9733				     GFP_KERNEL);
9734	if (!new_coalesce.rules)
9735		return -ENOMEM;
9736
9737	new_coalesce.n_rules = n_rules;
9738	i = 0;
9739
9740	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
9741			    rem_rule) {
9742		err = nl80211_parse_coalesce_rule(rdev, rule,
9743						  &new_coalesce.rules[i]);
9744		if (err)
9745			goto error;
9746
9747		i++;
9748	}
9749
9750	err = rdev->ops->set_coalesce(&rdev->wiphy, &new_coalesce);
9751	if (err)
9752		goto error;
9753
9754	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
9755	if (!n_coalesce) {
9756		err = -ENOMEM;
9757		goto error;
9758	}
9759	cfg80211_rdev_free_coalesce(rdev);
9760	rdev->coalesce = n_coalesce;
9761
9762	return 0;
9763error:
9764	for (i = 0; i < new_coalesce.n_rules; i++) {
9765		tmp_rule = &new_coalesce.rules[i];
9766		for (j = 0; j < tmp_rule->n_patterns; j++)
9767			kfree(tmp_rule->patterns[j].mask);
9768		kfree(tmp_rule->patterns);
9769	}
9770	kfree(new_coalesce.rules);
9771
9772	return err;
9773}
9774
9775static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
9776{
9777	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9778	struct net_device *dev = info->user_ptr[1];
9779	struct wireless_dev *wdev = dev->ieee80211_ptr;
9780	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
9781	struct cfg80211_gtk_rekey_data rekey_data;
9782	int err;
9783
9784	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
9785		return -EINVAL;
9786
9787	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
9788			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
9789			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
9790			nl80211_rekey_policy);
9791	if (err)
9792		return err;
9793
9794	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
9795		return -ERANGE;
9796	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
9797		return -ERANGE;
9798	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
9799		return -ERANGE;
9800
9801	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
9802	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
9803	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
9804
9805	wdev_lock(wdev);
9806	if (!wdev->current_bss) {
9807		err = -ENOTCONN;
9808		goto out;
9809	}
9810
9811	if (!rdev->ops->set_rekey_data) {
9812		err = -EOPNOTSUPP;
9813		goto out;
9814	}
9815
9816	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
9817 out:
9818	wdev_unlock(wdev);
9819	return err;
9820}
9821
9822static int nl80211_register_unexpected_frame(struct sk_buff *skb,
9823					     struct genl_info *info)
9824{
9825	struct net_device *dev = info->user_ptr[1];
9826	struct wireless_dev *wdev = dev->ieee80211_ptr;
9827
9828	if (wdev->iftype != NL80211_IFTYPE_AP &&
9829	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
9830		return -EINVAL;
9831
9832	if (wdev->ap_unexpected_nlportid)
9833		return -EBUSY;
9834
9835	wdev->ap_unexpected_nlportid = info->snd_portid;
9836	return 0;
9837}
9838
9839static int nl80211_probe_client(struct sk_buff *skb,
9840				struct genl_info *info)
9841{
9842	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9843	struct net_device *dev = info->user_ptr[1];
9844	struct wireless_dev *wdev = dev->ieee80211_ptr;
9845	struct sk_buff *msg;
9846	void *hdr;
9847	const u8 *addr;
9848	u64 cookie;
9849	int err;
9850
9851	if (wdev->iftype != NL80211_IFTYPE_AP &&
9852	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
9853		return -EOPNOTSUPP;
9854
9855	if (!info->attrs[NL80211_ATTR_MAC])
9856		return -EINVAL;
9857
9858	if (!rdev->ops->probe_client)
9859		return -EOPNOTSUPP;
9860
9861	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9862	if (!msg)
9863		return -ENOMEM;
9864
9865	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9866			     NL80211_CMD_PROBE_CLIENT);
9867	if (!hdr) {
9868		err = -ENOBUFS;
9869		goto free_msg;
9870	}
9871
9872	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
9873
9874	err = rdev_probe_client(rdev, dev, addr, &cookie);
9875	if (err)
9876		goto free_msg;
9877
9878	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
9879		goto nla_put_failure;
9880
9881	genlmsg_end(msg, hdr);
9882
9883	return genlmsg_reply(msg, info);
9884
9885 nla_put_failure:
9886	err = -ENOBUFS;
9887 free_msg:
9888	nlmsg_free(msg);
9889	return err;
9890}
9891
9892static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
9893{
9894	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9895	struct cfg80211_beacon_registration *reg, *nreg;
9896	int rv;
9897
9898	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
9899		return -EOPNOTSUPP;
9900
9901	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
9902	if (!nreg)
9903		return -ENOMEM;
9904
9905	/* First, check if already registered. */
9906	spin_lock_bh(&rdev->beacon_registrations_lock);
9907	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
9908		if (reg->nlportid == info->snd_portid) {
9909			rv = -EALREADY;
9910			goto out_err;
9911		}
9912	}
9913	/* Add it to the list */
9914	nreg->nlportid = info->snd_portid;
9915	list_add(&nreg->list, &rdev->beacon_registrations);
9916
9917	spin_unlock_bh(&rdev->beacon_registrations_lock);
9918
9919	return 0;
9920out_err:
9921	spin_unlock_bh(&rdev->beacon_registrations_lock);
9922	kfree(nreg);
9923	return rv;
9924}
9925
9926static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
9927{
9928	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9929	struct wireless_dev *wdev = info->user_ptr[1];
9930	int err;
9931
9932	if (!rdev->ops->start_p2p_device)
9933		return -EOPNOTSUPP;
9934
9935	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9936		return -EOPNOTSUPP;
9937
9938	if (wdev->p2p_started)
9939		return 0;
9940
9941	if (rfkill_blocked(rdev->rfkill))
9942		return -ERFKILL;
9943
9944	err = rdev_start_p2p_device(rdev, wdev);
9945	if (err)
9946		return err;
9947
9948	wdev->p2p_started = true;
9949	rdev->opencount++;
9950
9951	return 0;
9952}
9953
9954static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
9955{
9956	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9957	struct wireless_dev *wdev = info->user_ptr[1];
9958
9959	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9960		return -EOPNOTSUPP;
9961
9962	if (!rdev->ops->stop_p2p_device)
9963		return -EOPNOTSUPP;
9964
9965	cfg80211_stop_p2p_device(rdev, wdev);
9966
9967	return 0;
9968}
9969
9970static int nl80211_get_protocol_features(struct sk_buff *skb,
9971					 struct genl_info *info)
9972{
9973	void *hdr;
9974	struct sk_buff *msg;
9975
9976	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9977	if (!msg)
9978		return -ENOMEM;
9979
9980	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9981			     NL80211_CMD_GET_PROTOCOL_FEATURES);
9982	if (!hdr)
9983		goto nla_put_failure;
9984
9985	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
9986			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
9987		goto nla_put_failure;
9988
9989	genlmsg_end(msg, hdr);
9990	return genlmsg_reply(msg, info);
9991
9992 nla_put_failure:
9993	kfree_skb(msg);
9994	return -ENOBUFS;
9995}
9996
9997static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
9998{
9999	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10000	struct cfg80211_update_ft_ies_params ft_params;
10001	struct net_device *dev = info->user_ptr[1];
10002
10003	if (!rdev->ops->update_ft_ies)
10004		return -EOPNOTSUPP;
10005
10006	if (!info->attrs[NL80211_ATTR_MDID] ||
10007	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
10008		return -EINVAL;
10009
10010	memset(&ft_params, 0, sizeof(ft_params));
10011	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
10012	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10013	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10014
10015	return rdev_update_ft_ies(rdev, dev, &ft_params);
10016}
10017
10018static int nl80211_crit_protocol_start(struct sk_buff *skb,
10019				       struct genl_info *info)
10020{
10021	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10022	struct wireless_dev *wdev = info->user_ptr[1];
10023	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
10024	u16 duration;
10025	int ret;
10026
10027	if (!rdev->ops->crit_proto_start)
10028		return -EOPNOTSUPP;
10029
10030	if (WARN_ON(!rdev->ops->crit_proto_stop))
10031		return -EINVAL;
10032
10033	if (rdev->crit_proto_nlportid)
10034		return -EBUSY;
10035
10036	/* determine protocol if provided */
10037	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
10038		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
10039
10040	if (proto >= NUM_NL80211_CRIT_PROTO)
10041		return -EINVAL;
10042
10043	/* timeout must be provided */
10044	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
10045		return -EINVAL;
10046
10047	duration =
10048		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
10049
10050	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
10051		return -ERANGE;
10052
10053	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
10054	if (!ret)
10055		rdev->crit_proto_nlportid = info->snd_portid;
10056
10057	return ret;
10058}
10059
10060static int nl80211_crit_protocol_stop(struct sk_buff *skb,
10061				      struct genl_info *info)
10062{
10063	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10064	struct wireless_dev *wdev = info->user_ptr[1];
10065
10066	if (!rdev->ops->crit_proto_stop)
10067		return -EOPNOTSUPP;
10068
10069	if (rdev->crit_proto_nlportid) {
10070		rdev->crit_proto_nlportid = 0;
10071		rdev_crit_proto_stop(rdev, wdev);
10072	}
10073	return 0;
10074}
10075
10076static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
10077{
10078	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10079	struct wireless_dev *wdev =
10080		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
10081	int i, err;
10082	u32 vid, subcmd;
10083
10084	if (!rdev->wiphy.vendor_commands)
10085		return -EOPNOTSUPP;
10086
10087	if (IS_ERR(wdev)) {
10088		err = PTR_ERR(wdev);
10089		if (err != -EINVAL)
10090			return err;
10091		wdev = NULL;
10092	} else if (wdev->wiphy != &rdev->wiphy) {
10093		return -EINVAL;
10094	}
10095
10096	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
10097	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
10098		return -EINVAL;
10099
10100	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
10101	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
10102	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
10103		const struct wiphy_vendor_command *vcmd;
10104		void *data = NULL;
10105		int len = 0;
10106
10107		vcmd = &rdev->wiphy.vendor_commands[i];
10108
10109		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
10110			continue;
10111
10112		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
10113				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
10114			if (!wdev)
10115				return -EINVAL;
10116			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
10117			    !wdev->netdev)
10118				return -EINVAL;
10119
10120			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
10121				if (wdev->netdev &&
10122				    !netif_running(wdev->netdev))
10123					return -ENETDOWN;
10124				if (!wdev->netdev && !wdev->p2p_started)
10125					return -ENETDOWN;
10126			}
10127
10128			if (!vcmd->doit)
10129				return -EOPNOTSUPP;
10130		} else {
10131			wdev = NULL;
10132		}
10133
10134		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
10135			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
10136			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
10137		}
10138
10139		rdev->cur_cmd_info = info;
10140		err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
10141							  data, len);
10142		rdev->cur_cmd_info = NULL;
10143		return err;
10144	}
10145
10146	return -EOPNOTSUPP;
10147}
10148
10149static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
10150				       struct netlink_callback *cb,
10151				       struct cfg80211_registered_device **rdev,
10152				       struct wireless_dev **wdev)
10153{
10154	u32 vid, subcmd;
10155	unsigned int i;
10156	int vcmd_idx = -1;
10157	int err;
10158	void *data = NULL;
10159	unsigned int data_len = 0;
10160
10161	rtnl_lock();
10162
10163	if (cb->args[0]) {
10164		/* subtract the 1 again here */
10165		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
10166		struct wireless_dev *tmp;
10167
10168		if (!wiphy) {
10169			err = -ENODEV;
10170			goto out_unlock;
10171		}
10172		*rdev = wiphy_to_rdev(wiphy);
10173		*wdev = NULL;
10174
10175		if (cb->args[1]) {
10176			list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
10177				if (tmp->identifier == cb->args[1] - 1) {
10178					*wdev = tmp;
10179					break;
10180				}
10181			}
10182		}
10183
10184		/* keep rtnl locked in successful case */
10185		return 0;
10186	}
10187
10188	err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
10189			  nl80211_fam.attrbuf, nl80211_fam.maxattr,
10190			  nl80211_policy);
10191	if (err)
10192		goto out_unlock;
10193
10194	if (!nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_ID] ||
10195	    !nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
10196		err = -EINVAL;
10197		goto out_unlock;
10198	}
10199
10200	*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
10201					   nl80211_fam.attrbuf);
10202	if (IS_ERR(*wdev))
10203		*wdev = NULL;
10204
10205	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
10206					   nl80211_fam.attrbuf);
10207	if (IS_ERR(*rdev)) {
10208		err = PTR_ERR(*rdev);
10209		goto out_unlock;
10210	}
10211
10212	vid = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_ID]);
10213	subcmd = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
10214
10215	for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
10216		const struct wiphy_vendor_command *vcmd;
10217
10218		vcmd = &(*rdev)->wiphy.vendor_commands[i];
10219
10220		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
10221			continue;
10222
10223		if (!vcmd->dumpit) {
10224			err = -EOPNOTSUPP;
10225			goto out_unlock;
10226		}
10227
10228		vcmd_idx = i;
10229		break;
10230	}
10231
10232	if (vcmd_idx < 0) {
10233		err = -EOPNOTSUPP;
10234		goto out_unlock;
10235	}
10236
10237	if (nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]) {
10238		data = nla_data(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]);
10239		data_len = nla_len(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]);
10240	}
10241
10242	/* 0 is the first index - add 1 to parse only once */
10243	cb->args[0] = (*rdev)->wiphy_idx + 1;
10244	/* add 1 to know if it was NULL */
10245	cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
10246	cb->args[2] = vcmd_idx;
10247	cb->args[3] = (unsigned long)data;
10248	cb->args[4] = data_len;
10249
10250	/* keep rtnl locked in successful case */
10251	return 0;
10252 out_unlock:
10253	rtnl_unlock();
10254	return err;
10255}
10256
10257static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
10258				   struct netlink_callback *cb)
10259{
10260	struct cfg80211_registered_device *rdev;
10261	struct wireless_dev *wdev;
10262	unsigned int vcmd_idx;
10263	const struct wiphy_vendor_command *vcmd;
10264	void *data;
10265	int data_len;
10266	int err;
10267	struct nlattr *vendor_data;
10268
10269	err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
10270	if (err)
10271		return err;
10272
10273	vcmd_idx = cb->args[2];
10274	data = (void *)cb->args[3];
10275	data_len = cb->args[4];
10276	vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
10277
10278	if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
10279			   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
10280		if (!wdev)
10281			return -EINVAL;
10282		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
10283		    !wdev->netdev)
10284			return -EINVAL;
10285
10286		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
10287			if (wdev->netdev &&
10288			    !netif_running(wdev->netdev))
10289				return -ENETDOWN;
10290			if (!wdev->netdev && !wdev->p2p_started)
10291				return -ENETDOWN;
10292		}
10293	}
10294
10295	while (1) {
10296		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
10297					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
10298					   NL80211_CMD_VENDOR);
10299		if (!hdr)
10300			break;
10301
10302		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10303		    (wdev && nla_put_u64(skb, NL80211_ATTR_WDEV,
10304					 wdev_id(wdev)))) {
10305			genlmsg_cancel(skb, hdr);
10306			break;
10307		}
10308
10309		vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
10310		if (!vendor_data) {
10311			genlmsg_cancel(skb, hdr);
10312			break;
10313		}
10314
10315		err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
10316				   (unsigned long *)&cb->args[5]);
10317		nla_nest_end(skb, vendor_data);
10318
10319		if (err == -ENOBUFS || err == -ENOENT) {
10320			genlmsg_cancel(skb, hdr);
10321			break;
10322		} else if (err) {
10323			genlmsg_cancel(skb, hdr);
10324			goto out;
10325		}
10326
10327		genlmsg_end(skb, hdr);
10328	}
10329
10330	err = skb->len;
10331 out:
10332	rtnl_unlock();
10333	return err;
10334}
10335
10336struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
10337					   enum nl80211_commands cmd,
10338					   enum nl80211_attrs attr,
10339					   int approxlen)
10340{
10341	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10342
10343	if (WARN_ON(!rdev->cur_cmd_info))
10344		return NULL;
10345
10346	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
10347					   rdev->cur_cmd_info->snd_portid,
10348					   rdev->cur_cmd_info->snd_seq,
10349					   cmd, attr, NULL, GFP_KERNEL);
10350}
10351EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
10352
10353int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
10354{
10355	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
10356	void *hdr = ((void **)skb->cb)[1];
10357	struct nlattr *data = ((void **)skb->cb)[2];
10358
10359	/* clear CB data for netlink core to own from now on */
10360	memset(skb->cb, 0, sizeof(skb->cb));
10361
10362	if (WARN_ON(!rdev->cur_cmd_info)) {
10363		kfree_skb(skb);
10364		return -EINVAL;
10365	}
10366
10367	nla_nest_end(skb, data);
10368	genlmsg_end(skb, hdr);
10369	return genlmsg_reply(skb, rdev->cur_cmd_info);
10370}
10371EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
10372
10373
10374static int nl80211_set_qos_map(struct sk_buff *skb,
10375			       struct genl_info *info)
10376{
10377	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10378	struct cfg80211_qos_map *qos_map = NULL;
10379	struct net_device *dev = info->user_ptr[1];
10380	u8 *pos, len, num_des, des_len, des;
10381	int ret;
10382
10383	if (!rdev->ops->set_qos_map)
10384		return -EOPNOTSUPP;
10385
10386	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
10387		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
10388		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
10389
10390		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
10391		    len > IEEE80211_QOS_MAP_LEN_MAX)
10392			return -EINVAL;
10393
10394		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
10395		if (!qos_map)
10396			return -ENOMEM;
10397
10398		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
10399		if (num_des) {
10400			des_len = num_des *
10401				sizeof(struct cfg80211_dscp_exception);
10402			memcpy(qos_map->dscp_exception, pos, des_len);
10403			qos_map->num_des = num_des;
10404			for (des = 0; des < num_des; des++) {
10405				if (qos_map->dscp_exception[des].up > 7) {
10406					kfree(qos_map);
10407					return -EINVAL;
10408				}
10409			}
10410			pos += des_len;
10411		}
10412		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
10413	}
10414
10415	wdev_lock(dev->ieee80211_ptr);
10416	ret = nl80211_key_allowed(dev->ieee80211_ptr);
10417	if (!ret)
10418		ret = rdev_set_qos_map(rdev, dev, qos_map);
10419	wdev_unlock(dev->ieee80211_ptr);
10420
10421	kfree(qos_map);
10422	return ret;
10423}
10424
10425static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
10426{
10427	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10428	struct net_device *dev = info->user_ptr[1];
10429	struct wireless_dev *wdev = dev->ieee80211_ptr;
10430	const u8 *peer;
10431	u8 tsid, up;
10432	u16 admitted_time = 0;
10433	int err;
10434
10435	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
10436		return -EOPNOTSUPP;
10437
10438	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
10439	    !info->attrs[NL80211_ATTR_USER_PRIO])
10440		return -EINVAL;
10441
10442	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
10443	if (tsid >= IEEE80211_NUM_TIDS)
10444		return -EINVAL;
10445
10446	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
10447	if (up >= IEEE80211_NUM_UPS)
10448		return -EINVAL;
10449
10450	/* WMM uses TIDs 0-7 even for TSPEC */
10451	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
10452		/* TODO: handle 802.11 TSPEC/admission control
10453		 * need more attributes for that (e.g. BA session requirement);
10454		 * change the WMM adminssion test above to allow both then
10455		 */
10456		return -EINVAL;
10457	}
10458
10459	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10460
10461	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
10462		admitted_time =
10463			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
10464		if (!admitted_time)
10465			return -EINVAL;
10466	}
10467
10468	wdev_lock(wdev);
10469	switch (wdev->iftype) {
10470	case NL80211_IFTYPE_STATION:
10471	case NL80211_IFTYPE_P2P_CLIENT:
10472		if (wdev->current_bss)
10473			break;
10474		err = -ENOTCONN;
10475		goto out;
10476	default:
10477		err = -EOPNOTSUPP;
10478		goto out;
10479	}
10480
10481	err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
10482
10483 out:
10484	wdev_unlock(wdev);
10485	return err;
10486}
10487
10488static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
10489{
10490	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10491	struct net_device *dev = info->user_ptr[1];
10492	struct wireless_dev *wdev = dev->ieee80211_ptr;
10493	const u8 *peer;
10494	u8 tsid;
10495	int err;
10496
10497	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
10498		return -EINVAL;
10499
10500	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
10501	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10502
10503	wdev_lock(wdev);
10504	err = rdev_del_tx_ts(rdev, dev, tsid, peer);
10505	wdev_unlock(wdev);
10506
10507	return err;
10508}
10509
10510static int nl80211_tdls_channel_switch(struct sk_buff *skb,
10511				       struct genl_info *info)
10512{
10513	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10514	struct net_device *dev = info->user_ptr[1];
10515	struct wireless_dev *wdev = dev->ieee80211_ptr;
10516	struct cfg80211_chan_def chandef = {};
10517	const u8 *addr;
10518	u8 oper_class;
10519	int err;
10520
10521	if (!rdev->ops->tdls_channel_switch ||
10522	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
10523		return -EOPNOTSUPP;
10524
10525	switch (dev->ieee80211_ptr->iftype) {
10526	case NL80211_IFTYPE_STATION:
10527	case NL80211_IFTYPE_P2P_CLIENT:
10528		break;
10529	default:
10530		return -EOPNOTSUPP;
10531	}
10532
10533	if (!info->attrs[NL80211_ATTR_MAC] ||
10534	    !info->attrs[NL80211_ATTR_OPER_CLASS])
10535		return -EINVAL;
10536
10537	err = nl80211_parse_chandef(rdev, info, &chandef);
10538	if (err)
10539		return err;
10540
10541	/*
10542	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
10543	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
10544	 * specification is not defined for them.
10545	 */
10546	if (chandef.chan->band == IEEE80211_BAND_2GHZ &&
10547	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
10548	    chandef.width != NL80211_CHAN_WIDTH_20)
10549		return -EINVAL;
10550
10551	/* we will be active on the TDLS link */
10552	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
10553					   wdev->iftype))
10554		return -EINVAL;
10555
10556	/* don't allow switching to DFS channels */
10557	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
10558		return -EINVAL;
10559
10560	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10561	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
10562
10563	wdev_lock(wdev);
10564	err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
10565	wdev_unlock(wdev);
10566
10567	return err;
10568}
10569
10570static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
10571					      struct genl_info *info)
10572{
10573	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10574	struct net_device *dev = info->user_ptr[1];
10575	struct wireless_dev *wdev = dev->ieee80211_ptr;
10576	const u8 *addr;
10577
10578	if (!rdev->ops->tdls_channel_switch ||
10579	    !rdev->ops->tdls_cancel_channel_switch ||
10580	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
10581		return -EOPNOTSUPP;
10582
10583	switch (dev->ieee80211_ptr->iftype) {
10584	case NL80211_IFTYPE_STATION:
10585	case NL80211_IFTYPE_P2P_CLIENT:
10586		break;
10587	default:
10588		return -EOPNOTSUPP;
10589	}
10590
10591	if (!info->attrs[NL80211_ATTR_MAC])
10592		return -EINVAL;
10593
10594	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10595
10596	wdev_lock(wdev);
10597	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
10598	wdev_unlock(wdev);
10599
10600	return 0;
10601}
10602
10603#define NL80211_FLAG_NEED_WIPHY		0x01
10604#define NL80211_FLAG_NEED_NETDEV	0x02
10605#define NL80211_FLAG_NEED_RTNL		0x04
10606#define NL80211_FLAG_CHECK_NETDEV_UP	0x08
10607#define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
10608					 NL80211_FLAG_CHECK_NETDEV_UP)
10609#define NL80211_FLAG_NEED_WDEV		0x10
10610/* If a netdev is associated, it must be UP, P2P must be started */
10611#define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
10612					 NL80211_FLAG_CHECK_NETDEV_UP)
10613#define NL80211_FLAG_CLEAR_SKB		0x20
10614
10615static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
10616			    struct genl_info *info)
10617{
10618	struct cfg80211_registered_device *rdev;
10619	struct wireless_dev *wdev;
10620	struct net_device *dev;
10621	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
10622
10623	if (rtnl)
10624		rtnl_lock();
10625
10626	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
10627		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
10628		if (IS_ERR(rdev)) {
10629			if (rtnl)
10630				rtnl_unlock();
10631			return PTR_ERR(rdev);
10632		}
10633		info->user_ptr[0] = rdev;
10634	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
10635		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
10636		ASSERT_RTNL();
10637
10638		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
10639						  info->attrs);
10640		if (IS_ERR(wdev)) {
10641			if (rtnl)
10642				rtnl_unlock();
10643			return PTR_ERR(wdev);
10644		}
10645
10646		dev = wdev->netdev;
10647		rdev = wiphy_to_rdev(wdev->wiphy);
10648
10649		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
10650			if (!dev) {
10651				if (rtnl)
10652					rtnl_unlock();
10653				return -EINVAL;
10654			}
10655
10656			info->user_ptr[1] = dev;
10657		} else {
10658			info->user_ptr[1] = wdev;
10659		}
10660
10661		if (dev) {
10662			if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
10663			    !netif_running(dev)) {
10664				if (rtnl)
10665					rtnl_unlock();
10666				return -ENETDOWN;
10667			}
10668
10669			dev_hold(dev);
10670		} else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
10671			if (!wdev->p2p_started) {
10672				if (rtnl)
10673					rtnl_unlock();
10674				return -ENETDOWN;
10675			}
10676		}
10677
10678		info->user_ptr[0] = rdev;
10679	}
10680
10681	return 0;
10682}
10683
10684static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
10685			      struct genl_info *info)
10686{
10687	if (info->user_ptr[1]) {
10688		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
10689			struct wireless_dev *wdev = info->user_ptr[1];
10690
10691			if (wdev->netdev)
10692				dev_put(wdev->netdev);
10693		} else {
10694			dev_put(info->user_ptr[1]);
10695		}
10696	}
10697
10698	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
10699		rtnl_unlock();
10700
10701	/* If needed, clear the netlink message payload from the SKB
10702	 * as it might contain key data that shouldn't stick around on
10703	 * the heap after the SKB is freed. The netlink message header
10704	 * is still needed for further processing, so leave it intact.
10705	 */
10706	if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
10707		struct nlmsghdr *nlh = nlmsg_hdr(skb);
10708
10709		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
10710	}
10711}
10712
10713static const struct genl_ops nl80211_ops[] = {
10714	{
10715		.cmd = NL80211_CMD_GET_WIPHY,
10716		.doit = nl80211_get_wiphy,
10717		.dumpit = nl80211_dump_wiphy,
10718		.done = nl80211_dump_wiphy_done,
10719		.policy = nl80211_policy,
10720		/* can be retrieved by unprivileged users */
10721		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10722				  NL80211_FLAG_NEED_RTNL,
10723	},
10724	{
10725		.cmd = NL80211_CMD_SET_WIPHY,
10726		.doit = nl80211_set_wiphy,
10727		.policy = nl80211_policy,
10728		.flags = GENL_ADMIN_PERM,
10729		.internal_flags = NL80211_FLAG_NEED_RTNL,
10730	},
10731	{
10732		.cmd = NL80211_CMD_GET_INTERFACE,
10733		.doit = nl80211_get_interface,
10734		.dumpit = nl80211_dump_interface,
10735		.policy = nl80211_policy,
10736		/* can be retrieved by unprivileged users */
10737		.internal_flags = NL80211_FLAG_NEED_WDEV |
10738				  NL80211_FLAG_NEED_RTNL,
10739	},
10740	{
10741		.cmd = NL80211_CMD_SET_INTERFACE,
10742		.doit = nl80211_set_interface,
10743		.policy = nl80211_policy,
10744		.flags = GENL_ADMIN_PERM,
10745		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10746				  NL80211_FLAG_NEED_RTNL,
10747	},
10748	{
10749		.cmd = NL80211_CMD_NEW_INTERFACE,
10750		.doit = nl80211_new_interface,
10751		.policy = nl80211_policy,
10752		.flags = GENL_ADMIN_PERM,
10753		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10754				  NL80211_FLAG_NEED_RTNL,
10755	},
10756	{
10757		.cmd = NL80211_CMD_DEL_INTERFACE,
10758		.doit = nl80211_del_interface,
10759		.policy = nl80211_policy,
10760		.flags = GENL_ADMIN_PERM,
10761		.internal_flags = NL80211_FLAG_NEED_WDEV |
10762				  NL80211_FLAG_NEED_RTNL,
10763	},
10764	{
10765		.cmd = NL80211_CMD_GET_KEY,
10766		.doit = nl80211_get_key,
10767		.policy = nl80211_policy,
10768		.flags = GENL_ADMIN_PERM,
10769		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10770				  NL80211_FLAG_NEED_RTNL,
10771	},
10772	{
10773		.cmd = NL80211_CMD_SET_KEY,
10774		.doit = nl80211_set_key,
10775		.policy = nl80211_policy,
10776		.flags = GENL_ADMIN_PERM,
10777		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10778				  NL80211_FLAG_NEED_RTNL |
10779				  NL80211_FLAG_CLEAR_SKB,
10780	},
10781	{
10782		.cmd = NL80211_CMD_NEW_KEY,
10783		.doit = nl80211_new_key,
10784		.policy = nl80211_policy,
10785		.flags = GENL_ADMIN_PERM,
10786		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10787				  NL80211_FLAG_NEED_RTNL |
10788				  NL80211_FLAG_CLEAR_SKB,
10789	},
10790	{
10791		.cmd = NL80211_CMD_DEL_KEY,
10792		.doit = nl80211_del_key,
10793		.policy = nl80211_policy,
10794		.flags = GENL_ADMIN_PERM,
10795		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10796				  NL80211_FLAG_NEED_RTNL,
10797	},
10798	{
10799		.cmd = NL80211_CMD_SET_BEACON,
10800		.policy = nl80211_policy,
10801		.flags = GENL_ADMIN_PERM,
10802		.doit = nl80211_set_beacon,
10803		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10804				  NL80211_FLAG_NEED_RTNL,
10805	},
10806	{
10807		.cmd = NL80211_CMD_START_AP,
10808		.policy = nl80211_policy,
10809		.flags = GENL_ADMIN_PERM,
10810		.doit = nl80211_start_ap,
10811		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10812				  NL80211_FLAG_NEED_RTNL,
10813	},
10814	{
10815		.cmd = NL80211_CMD_STOP_AP,
10816		.policy = nl80211_policy,
10817		.flags = GENL_ADMIN_PERM,
10818		.doit = nl80211_stop_ap,
10819		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10820				  NL80211_FLAG_NEED_RTNL,
10821	},
10822	{
10823		.cmd = NL80211_CMD_GET_STATION,
10824		.doit = nl80211_get_station,
10825		.dumpit = nl80211_dump_station,
10826		.policy = nl80211_policy,
10827		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10828				  NL80211_FLAG_NEED_RTNL,
10829	},
10830	{
10831		.cmd = NL80211_CMD_SET_STATION,
10832		.doit = nl80211_set_station,
10833		.policy = nl80211_policy,
10834		.flags = GENL_ADMIN_PERM,
10835		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10836				  NL80211_FLAG_NEED_RTNL,
10837	},
10838	{
10839		.cmd = NL80211_CMD_NEW_STATION,
10840		.doit = nl80211_new_station,
10841		.policy = nl80211_policy,
10842		.flags = GENL_ADMIN_PERM,
10843		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10844				  NL80211_FLAG_NEED_RTNL,
10845	},
10846	{
10847		.cmd = NL80211_CMD_DEL_STATION,
10848		.doit = nl80211_del_station,
10849		.policy = nl80211_policy,
10850		.flags = GENL_ADMIN_PERM,
10851		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10852				  NL80211_FLAG_NEED_RTNL,
10853	},
10854	{
10855		.cmd = NL80211_CMD_GET_MPATH,
10856		.doit = nl80211_get_mpath,
10857		.dumpit = nl80211_dump_mpath,
10858		.policy = nl80211_policy,
10859		.flags = GENL_ADMIN_PERM,
10860		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10861				  NL80211_FLAG_NEED_RTNL,
10862	},
10863	{
10864		.cmd = NL80211_CMD_GET_MPP,
10865		.doit = nl80211_get_mpp,
10866		.dumpit = nl80211_dump_mpp,
10867		.policy = nl80211_policy,
10868		.flags = GENL_ADMIN_PERM,
10869		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10870				  NL80211_FLAG_NEED_RTNL,
10871	},
10872	{
10873		.cmd = NL80211_CMD_SET_MPATH,
10874		.doit = nl80211_set_mpath,
10875		.policy = nl80211_policy,
10876		.flags = GENL_ADMIN_PERM,
10877		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10878				  NL80211_FLAG_NEED_RTNL,
10879	},
10880	{
10881		.cmd = NL80211_CMD_NEW_MPATH,
10882		.doit = nl80211_new_mpath,
10883		.policy = nl80211_policy,
10884		.flags = GENL_ADMIN_PERM,
10885		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10886				  NL80211_FLAG_NEED_RTNL,
10887	},
10888	{
10889		.cmd = NL80211_CMD_DEL_MPATH,
10890		.doit = nl80211_del_mpath,
10891		.policy = nl80211_policy,
10892		.flags = GENL_ADMIN_PERM,
10893		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10894				  NL80211_FLAG_NEED_RTNL,
10895	},
10896	{
10897		.cmd = NL80211_CMD_SET_BSS,
10898		.doit = nl80211_set_bss,
10899		.policy = nl80211_policy,
10900		.flags = GENL_ADMIN_PERM,
10901		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10902				  NL80211_FLAG_NEED_RTNL,
10903	},
10904	{
10905		.cmd = NL80211_CMD_GET_REG,
10906		.doit = nl80211_get_reg_do,
10907		.dumpit = nl80211_get_reg_dump,
10908		.policy = nl80211_policy,
10909		.internal_flags = NL80211_FLAG_NEED_RTNL,
10910		/* can be retrieved by unprivileged users */
10911	},
10912#ifdef CONFIG_CFG80211_CRDA_SUPPORT
10913	{
10914		.cmd = NL80211_CMD_SET_REG,
10915		.doit = nl80211_set_reg,
10916		.policy = nl80211_policy,
10917		.flags = GENL_ADMIN_PERM,
10918		.internal_flags = NL80211_FLAG_NEED_RTNL,
10919	},
10920#endif
10921	{
10922		.cmd = NL80211_CMD_REQ_SET_REG,
10923		.doit = nl80211_req_set_reg,
10924		.policy = nl80211_policy,
10925		.flags = GENL_ADMIN_PERM,
10926	},
10927	{
10928		.cmd = NL80211_CMD_GET_MESH_CONFIG,
10929		.doit = nl80211_get_mesh_config,
10930		.policy = nl80211_policy,
10931		/* can be retrieved by unprivileged users */
10932		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10933				  NL80211_FLAG_NEED_RTNL,
10934	},
10935	{
10936		.cmd = NL80211_CMD_SET_MESH_CONFIG,
10937		.doit = nl80211_update_mesh_config,
10938		.policy = nl80211_policy,
10939		.flags = GENL_ADMIN_PERM,
10940		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10941				  NL80211_FLAG_NEED_RTNL,
10942	},
10943	{
10944		.cmd = NL80211_CMD_TRIGGER_SCAN,
10945		.doit = nl80211_trigger_scan,
10946		.policy = nl80211_policy,
10947		.flags = GENL_ADMIN_PERM,
10948		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10949				  NL80211_FLAG_NEED_RTNL,
10950	},
10951	{
10952		.cmd = NL80211_CMD_GET_SCAN,
10953		.policy = nl80211_policy,
10954		.dumpit = nl80211_dump_scan,
10955	},
10956	{
10957		.cmd = NL80211_CMD_START_SCHED_SCAN,
10958		.doit = nl80211_start_sched_scan,
10959		.policy = nl80211_policy,
10960		.flags = GENL_ADMIN_PERM,
10961		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10962				  NL80211_FLAG_NEED_RTNL,
10963	},
10964	{
10965		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
10966		.doit = nl80211_stop_sched_scan,
10967		.policy = nl80211_policy,
10968		.flags = GENL_ADMIN_PERM,
10969		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10970				  NL80211_FLAG_NEED_RTNL,
10971	},
10972	{
10973		.cmd = NL80211_CMD_AUTHENTICATE,
10974		.doit = nl80211_authenticate,
10975		.policy = nl80211_policy,
10976		.flags = GENL_ADMIN_PERM,
10977		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10978				  NL80211_FLAG_NEED_RTNL |
10979				  NL80211_FLAG_CLEAR_SKB,
10980	},
10981	{
10982		.cmd = NL80211_CMD_ASSOCIATE,
10983		.doit = nl80211_associate,
10984		.policy = nl80211_policy,
10985		.flags = GENL_ADMIN_PERM,
10986		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10987				  NL80211_FLAG_NEED_RTNL,
10988	},
10989	{
10990		.cmd = NL80211_CMD_DEAUTHENTICATE,
10991		.doit = nl80211_deauthenticate,
10992		.policy = nl80211_policy,
10993		.flags = GENL_ADMIN_PERM,
10994		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10995				  NL80211_FLAG_NEED_RTNL,
10996	},
10997	{
10998		.cmd = NL80211_CMD_DISASSOCIATE,
10999		.doit = nl80211_disassociate,
11000		.policy = nl80211_policy,
11001		.flags = GENL_ADMIN_PERM,
11002		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11003				  NL80211_FLAG_NEED_RTNL,
11004	},
11005	{
11006		.cmd = NL80211_CMD_JOIN_IBSS,
11007		.doit = nl80211_join_ibss,
11008		.policy = nl80211_policy,
11009		.flags = GENL_ADMIN_PERM,
11010		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11011				  NL80211_FLAG_NEED_RTNL,
11012	},
11013	{
11014		.cmd = NL80211_CMD_LEAVE_IBSS,
11015		.doit = nl80211_leave_ibss,
11016		.policy = nl80211_policy,
11017		.flags = GENL_ADMIN_PERM,
11018		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11019				  NL80211_FLAG_NEED_RTNL,
11020	},
11021#ifdef CONFIG_NL80211_TESTMODE
11022	{
11023		.cmd = NL80211_CMD_TESTMODE,
11024		.doit = nl80211_testmode_do,
11025		.dumpit = nl80211_testmode_dump,
11026		.policy = nl80211_policy,
11027		.flags = GENL_ADMIN_PERM,
11028		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11029				  NL80211_FLAG_NEED_RTNL,
11030	},
11031#endif
11032	{
11033		.cmd = NL80211_CMD_CONNECT,
11034		.doit = nl80211_connect,
11035		.policy = nl80211_policy,
11036		.flags = GENL_ADMIN_PERM,
11037		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11038				  NL80211_FLAG_NEED_RTNL,
11039	},
11040	{
11041		.cmd = NL80211_CMD_DISCONNECT,
11042		.doit = nl80211_disconnect,
11043		.policy = nl80211_policy,
11044		.flags = GENL_ADMIN_PERM,
11045		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11046				  NL80211_FLAG_NEED_RTNL,
11047	},
11048	{
11049		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
11050		.doit = nl80211_wiphy_netns,
11051		.policy = nl80211_policy,
11052		.flags = GENL_ADMIN_PERM,
11053		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11054				  NL80211_FLAG_NEED_RTNL,
11055	},
11056	{
11057		.cmd = NL80211_CMD_GET_SURVEY,
11058		.policy = nl80211_policy,
11059		.dumpit = nl80211_dump_survey,
11060	},
11061	{
11062		.cmd = NL80211_CMD_SET_PMKSA,
11063		.doit = nl80211_setdel_pmksa,
11064		.policy = nl80211_policy,
11065		.flags = GENL_ADMIN_PERM,
11066		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11067				  NL80211_FLAG_NEED_RTNL,
11068	},
11069	{
11070		.cmd = NL80211_CMD_DEL_PMKSA,
11071		.doit = nl80211_setdel_pmksa,
11072		.policy = nl80211_policy,
11073		.flags = GENL_ADMIN_PERM,
11074		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11075				  NL80211_FLAG_NEED_RTNL,
11076	},
11077	{
11078		.cmd = NL80211_CMD_FLUSH_PMKSA,
11079		.doit = nl80211_flush_pmksa,
11080		.policy = nl80211_policy,
11081		.flags = GENL_ADMIN_PERM,
11082		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11083				  NL80211_FLAG_NEED_RTNL,
11084	},
11085	{
11086		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
11087		.doit = nl80211_remain_on_channel,
11088		.policy = nl80211_policy,
11089		.flags = GENL_ADMIN_PERM,
11090		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11091				  NL80211_FLAG_NEED_RTNL,
11092	},
11093	{
11094		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
11095		.doit = nl80211_cancel_remain_on_channel,
11096		.policy = nl80211_policy,
11097		.flags = GENL_ADMIN_PERM,
11098		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11099				  NL80211_FLAG_NEED_RTNL,
11100	},
11101	{
11102		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
11103		.doit = nl80211_set_tx_bitrate_mask,
11104		.policy = nl80211_policy,
11105		.flags = GENL_ADMIN_PERM,
11106		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11107				  NL80211_FLAG_NEED_RTNL,
11108	},
11109	{
11110		.cmd = NL80211_CMD_REGISTER_FRAME,
11111		.doit = nl80211_register_mgmt,
11112		.policy = nl80211_policy,
11113		.flags = GENL_ADMIN_PERM,
11114		.internal_flags = NL80211_FLAG_NEED_WDEV |
11115				  NL80211_FLAG_NEED_RTNL,
11116	},
11117	{
11118		.cmd = NL80211_CMD_FRAME,
11119		.doit = nl80211_tx_mgmt,
11120		.policy = nl80211_policy,
11121		.flags = GENL_ADMIN_PERM,
11122		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11123				  NL80211_FLAG_NEED_RTNL,
11124	},
11125	{
11126		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
11127		.doit = nl80211_tx_mgmt_cancel_wait,
11128		.policy = nl80211_policy,
11129		.flags = GENL_ADMIN_PERM,
11130		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11131				  NL80211_FLAG_NEED_RTNL,
11132	},
11133	{
11134		.cmd = NL80211_CMD_SET_POWER_SAVE,
11135		.doit = nl80211_set_power_save,
11136		.policy = nl80211_policy,
11137		.flags = GENL_ADMIN_PERM,
11138		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11139				  NL80211_FLAG_NEED_RTNL,
11140	},
11141	{
11142		.cmd = NL80211_CMD_GET_POWER_SAVE,
11143		.doit = nl80211_get_power_save,
11144		.policy = nl80211_policy,
11145		/* can be retrieved by unprivileged users */
11146		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11147				  NL80211_FLAG_NEED_RTNL,
11148	},
11149	{
11150		.cmd = NL80211_CMD_SET_CQM,
11151		.doit = nl80211_set_cqm,
11152		.policy = nl80211_policy,
11153		.flags = GENL_ADMIN_PERM,
11154		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11155				  NL80211_FLAG_NEED_RTNL,
11156	},
11157	{
11158		.cmd = NL80211_CMD_SET_CHANNEL,
11159		.doit = nl80211_set_channel,
11160		.policy = nl80211_policy,
11161		.flags = GENL_ADMIN_PERM,
11162		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11163				  NL80211_FLAG_NEED_RTNL,
11164	},
11165	{
11166		.cmd = NL80211_CMD_SET_WDS_PEER,
11167		.doit = nl80211_set_wds_peer,
11168		.policy = nl80211_policy,
11169		.flags = GENL_ADMIN_PERM,
11170		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11171				  NL80211_FLAG_NEED_RTNL,
11172	},
11173	{
11174		.cmd = NL80211_CMD_JOIN_MESH,
11175		.doit = nl80211_join_mesh,
11176		.policy = nl80211_policy,
11177		.flags = GENL_ADMIN_PERM,
11178		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11179				  NL80211_FLAG_NEED_RTNL,
11180	},
11181	{
11182		.cmd = NL80211_CMD_LEAVE_MESH,
11183		.doit = nl80211_leave_mesh,
11184		.policy = nl80211_policy,
11185		.flags = GENL_ADMIN_PERM,
11186		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11187				  NL80211_FLAG_NEED_RTNL,
11188	},
11189	{
11190		.cmd = NL80211_CMD_JOIN_OCB,
11191		.doit = nl80211_join_ocb,
11192		.policy = nl80211_policy,
11193		.flags = GENL_ADMIN_PERM,
11194		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11195				  NL80211_FLAG_NEED_RTNL,
11196	},
11197	{
11198		.cmd = NL80211_CMD_LEAVE_OCB,
11199		.doit = nl80211_leave_ocb,
11200		.policy = nl80211_policy,
11201		.flags = GENL_ADMIN_PERM,
11202		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11203				  NL80211_FLAG_NEED_RTNL,
11204	},
11205#ifdef CONFIG_PM
11206	{
11207		.cmd = NL80211_CMD_GET_WOWLAN,
11208		.doit = nl80211_get_wowlan,
11209		.policy = nl80211_policy,
11210		/* can be retrieved by unprivileged users */
11211		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11212				  NL80211_FLAG_NEED_RTNL,
11213	},
11214	{
11215		.cmd = NL80211_CMD_SET_WOWLAN,
11216		.doit = nl80211_set_wowlan,
11217		.policy = nl80211_policy,
11218		.flags = GENL_ADMIN_PERM,
11219		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11220				  NL80211_FLAG_NEED_RTNL,
11221	},
11222#endif
11223	{
11224		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
11225		.doit = nl80211_set_rekey_data,
11226		.policy = nl80211_policy,
11227		.flags = GENL_ADMIN_PERM,
11228		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11229				  NL80211_FLAG_NEED_RTNL |
11230				  NL80211_FLAG_CLEAR_SKB,
11231	},
11232	{
11233		.cmd = NL80211_CMD_TDLS_MGMT,
11234		.doit = nl80211_tdls_mgmt,
11235		.policy = nl80211_policy,
11236		.flags = GENL_ADMIN_PERM,
11237		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11238				  NL80211_FLAG_NEED_RTNL,
11239	},
11240	{
11241		.cmd = NL80211_CMD_TDLS_OPER,
11242		.doit = nl80211_tdls_oper,
11243		.policy = nl80211_policy,
11244		.flags = GENL_ADMIN_PERM,
11245		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11246				  NL80211_FLAG_NEED_RTNL,
11247	},
11248	{
11249		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
11250		.doit = nl80211_register_unexpected_frame,
11251		.policy = nl80211_policy,
11252		.flags = GENL_ADMIN_PERM,
11253		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11254				  NL80211_FLAG_NEED_RTNL,
11255	},
11256	{
11257		.cmd = NL80211_CMD_PROBE_CLIENT,
11258		.doit = nl80211_probe_client,
11259		.policy = nl80211_policy,
11260		.flags = GENL_ADMIN_PERM,
11261		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11262				  NL80211_FLAG_NEED_RTNL,
11263	},
11264	{
11265		.cmd = NL80211_CMD_REGISTER_BEACONS,
11266		.doit = nl80211_register_beacons,
11267		.policy = nl80211_policy,
11268		.flags = GENL_ADMIN_PERM,
11269		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11270				  NL80211_FLAG_NEED_RTNL,
11271	},
11272	{
11273		.cmd = NL80211_CMD_SET_NOACK_MAP,
11274		.doit = nl80211_set_noack_map,
11275		.policy = nl80211_policy,
11276		.flags = GENL_ADMIN_PERM,
11277		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11278				  NL80211_FLAG_NEED_RTNL,
11279	},
11280	{
11281		.cmd = NL80211_CMD_START_P2P_DEVICE,
11282		.doit = nl80211_start_p2p_device,
11283		.policy = nl80211_policy,
11284		.flags = GENL_ADMIN_PERM,
11285		.internal_flags = NL80211_FLAG_NEED_WDEV |
11286				  NL80211_FLAG_NEED_RTNL,
11287	},
11288	{
11289		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
11290		.doit = nl80211_stop_p2p_device,
11291		.policy = nl80211_policy,
11292		.flags = GENL_ADMIN_PERM,
11293		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11294				  NL80211_FLAG_NEED_RTNL,
11295	},
11296	{
11297		.cmd = NL80211_CMD_SET_MCAST_RATE,
11298		.doit = nl80211_set_mcast_rate,
11299		.policy = nl80211_policy,
11300		.flags = GENL_ADMIN_PERM,
11301		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11302				  NL80211_FLAG_NEED_RTNL,
11303	},
11304	{
11305		.cmd = NL80211_CMD_SET_MAC_ACL,
11306		.doit = nl80211_set_mac_acl,
11307		.policy = nl80211_policy,
11308		.flags = GENL_ADMIN_PERM,
11309		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11310				  NL80211_FLAG_NEED_RTNL,
11311	},
11312	{
11313		.cmd = NL80211_CMD_RADAR_DETECT,
11314		.doit = nl80211_start_radar_detection,
11315		.policy = nl80211_policy,
11316		.flags = GENL_ADMIN_PERM,
11317		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11318				  NL80211_FLAG_NEED_RTNL,
11319	},
11320	{
11321		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
11322		.doit = nl80211_get_protocol_features,
11323		.policy = nl80211_policy,
11324	},
11325	{
11326		.cmd = NL80211_CMD_UPDATE_FT_IES,
11327		.doit = nl80211_update_ft_ies,
11328		.policy = nl80211_policy,
11329		.flags = GENL_ADMIN_PERM,
11330		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11331				  NL80211_FLAG_NEED_RTNL,
11332	},
11333	{
11334		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
11335		.doit = nl80211_crit_protocol_start,
11336		.policy = nl80211_policy,
11337		.flags = GENL_ADMIN_PERM,
11338		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11339				  NL80211_FLAG_NEED_RTNL,
11340	},
11341	{
11342		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
11343		.doit = nl80211_crit_protocol_stop,
11344		.policy = nl80211_policy,
11345		.flags = GENL_ADMIN_PERM,
11346		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11347				  NL80211_FLAG_NEED_RTNL,
11348	},
11349	{
11350		.cmd = NL80211_CMD_GET_COALESCE,
11351		.doit = nl80211_get_coalesce,
11352		.policy = nl80211_policy,
11353		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11354				  NL80211_FLAG_NEED_RTNL,
11355	},
11356	{
11357		.cmd = NL80211_CMD_SET_COALESCE,
11358		.doit = nl80211_set_coalesce,
11359		.policy = nl80211_policy,
11360		.flags = GENL_ADMIN_PERM,
11361		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11362				  NL80211_FLAG_NEED_RTNL,
11363	},
11364	{
11365		.cmd = NL80211_CMD_CHANNEL_SWITCH,
11366		.doit = nl80211_channel_switch,
11367		.policy = nl80211_policy,
11368		.flags = GENL_ADMIN_PERM,
11369		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11370				  NL80211_FLAG_NEED_RTNL,
11371	},
11372	{
11373		.cmd = NL80211_CMD_VENDOR,
11374		.doit = nl80211_vendor_cmd,
11375		.dumpit = nl80211_vendor_cmd_dump,
11376		.policy = nl80211_policy,
11377		.flags = GENL_ADMIN_PERM,
11378		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11379				  NL80211_FLAG_NEED_RTNL,
11380	},
11381	{
11382		.cmd = NL80211_CMD_SET_QOS_MAP,
11383		.doit = nl80211_set_qos_map,
11384		.policy = nl80211_policy,
11385		.flags = GENL_ADMIN_PERM,
11386		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11387				  NL80211_FLAG_NEED_RTNL,
11388	},
11389	{
11390		.cmd = NL80211_CMD_ADD_TX_TS,
11391		.doit = nl80211_add_tx_ts,
11392		.policy = nl80211_policy,
11393		.flags = GENL_ADMIN_PERM,
11394		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11395				  NL80211_FLAG_NEED_RTNL,
11396	},
11397	{
11398		.cmd = NL80211_CMD_DEL_TX_TS,
11399		.doit = nl80211_del_tx_ts,
11400		.policy = nl80211_policy,
11401		.flags = GENL_ADMIN_PERM,
11402		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11403				  NL80211_FLAG_NEED_RTNL,
11404	},
11405	{
11406		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
11407		.doit = nl80211_tdls_channel_switch,
11408		.policy = nl80211_policy,
11409		.flags = GENL_ADMIN_PERM,
11410		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11411				  NL80211_FLAG_NEED_RTNL,
11412	},
11413	{
11414		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
11415		.doit = nl80211_tdls_cancel_channel_switch,
11416		.policy = nl80211_policy,
11417		.flags = GENL_ADMIN_PERM,
11418		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11419				  NL80211_FLAG_NEED_RTNL,
11420	},
11421};
11422
11423/* notification functions */
11424
11425void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
11426			  enum nl80211_commands cmd)
11427{
11428	struct sk_buff *msg;
11429	struct nl80211_dump_wiphy_state state = {};
11430
11431	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
11432		cmd != NL80211_CMD_DEL_WIPHY);
11433
11434	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11435	if (!msg)
11436		return;
11437
11438	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
11439		nlmsg_free(msg);
11440		return;
11441	}
11442
11443	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11444				NL80211_MCGRP_CONFIG, GFP_KERNEL);
11445}
11446
11447static int nl80211_add_scan_req(struct sk_buff *msg,
11448				struct cfg80211_registered_device *rdev)
11449{
11450	struct cfg80211_scan_request *req = rdev->scan_req;
11451	struct nlattr *nest;
11452	int i;
11453
11454	if (WARN_ON(!req))
11455		return 0;
11456
11457	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
11458	if (!nest)
11459		goto nla_put_failure;
11460	for (i = 0; i < req->n_ssids; i++) {
11461		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
11462			goto nla_put_failure;
11463	}
11464	nla_nest_end(msg, nest);
11465
11466	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11467	if (!nest)
11468		goto nla_put_failure;
11469	for (i = 0; i < req->n_channels; i++) {
11470		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11471			goto nla_put_failure;
11472	}
11473	nla_nest_end(msg, nest);
11474
11475	if (req->ie &&
11476	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
11477		goto nla_put_failure;
11478
11479	if (req->flags &&
11480	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
11481		goto nla_put_failure;
11482
11483	return 0;
11484 nla_put_failure:
11485	return -ENOBUFS;
11486}
11487
11488static int nl80211_send_scan_msg(struct sk_buff *msg,
11489				 struct cfg80211_registered_device *rdev,
11490				 struct wireless_dev *wdev,
11491				 u32 portid, u32 seq, int flags,
11492				 u32 cmd)
11493{
11494	void *hdr;
11495
11496	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
11497	if (!hdr)
11498		return -1;
11499
11500	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11501	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11502					 wdev->netdev->ifindex)) ||
11503	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11504		goto nla_put_failure;
11505
11506	/* ignore errors and send incomplete event anyway */
11507	nl80211_add_scan_req(msg, rdev);
11508
11509	genlmsg_end(msg, hdr);
11510	return 0;
11511
11512 nla_put_failure:
11513	genlmsg_cancel(msg, hdr);
11514	return -EMSGSIZE;
11515}
11516
11517static int
11518nl80211_send_sched_scan_msg(struct sk_buff *msg,
11519			    struct cfg80211_registered_device *rdev,
11520			    struct net_device *netdev,
11521			    u32 portid, u32 seq, int flags, u32 cmd)
11522{
11523	void *hdr;
11524
11525	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
11526	if (!hdr)
11527		return -1;
11528
11529	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11530	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11531		goto nla_put_failure;
11532
11533	genlmsg_end(msg, hdr);
11534	return 0;
11535
11536 nla_put_failure:
11537	genlmsg_cancel(msg, hdr);
11538	return -EMSGSIZE;
11539}
11540
11541void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
11542			     struct wireless_dev *wdev)
11543{
11544	struct sk_buff *msg;
11545
11546	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11547	if (!msg)
11548		return;
11549
11550	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
11551				  NL80211_CMD_TRIGGER_SCAN) < 0) {
11552		nlmsg_free(msg);
11553		return;
11554	}
11555
11556	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11557				NL80211_MCGRP_SCAN, GFP_KERNEL);
11558}
11559
11560struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
11561				       struct wireless_dev *wdev, bool aborted)
11562{
11563	struct sk_buff *msg;
11564
11565	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11566	if (!msg)
11567		return NULL;
11568
11569	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
11570				  aborted ? NL80211_CMD_SCAN_ABORTED :
11571					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
11572		nlmsg_free(msg);
11573		return NULL;
11574	}
11575
11576	return msg;
11577}
11578
11579void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
11580			      struct sk_buff *msg)
11581{
11582	if (!msg)
11583		return;
11584
11585	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11586				NL80211_MCGRP_SCAN, GFP_KERNEL);
11587}
11588
11589void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
11590				     struct net_device *netdev)
11591{
11592	struct sk_buff *msg;
11593
11594	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11595	if (!msg)
11596		return;
11597
11598	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
11599					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
11600		nlmsg_free(msg);
11601		return;
11602	}
11603
11604	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11605				NL80211_MCGRP_SCAN, GFP_KERNEL);
11606}
11607
11608void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
11609			     struct net_device *netdev, u32 cmd)
11610{
11611	struct sk_buff *msg;
11612
11613	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11614	if (!msg)
11615		return;
11616
11617	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
11618		nlmsg_free(msg);
11619		return;
11620	}
11621
11622	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11623				NL80211_MCGRP_SCAN, GFP_KERNEL);
11624}
11625
11626static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
11627					  struct regulatory_request *request)
11628{
11629	/* Userspace can always count this one always being set */
11630	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
11631		goto nla_put_failure;
11632
11633	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
11634		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11635			       NL80211_REGDOM_TYPE_WORLD))
11636			goto nla_put_failure;
11637	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
11638		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11639			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
11640			goto nla_put_failure;
11641	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
11642		   request->intersect) {
11643		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11644			       NL80211_REGDOM_TYPE_INTERSECTION))
11645			goto nla_put_failure;
11646	} else {
11647		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11648			       NL80211_REGDOM_TYPE_COUNTRY) ||
11649		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
11650				   request->alpha2))
11651			goto nla_put_failure;
11652	}
11653
11654	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
11655		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
11656
11657		if (wiphy &&
11658		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
11659			goto nla_put_failure;
11660
11661		if (wiphy &&
11662		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
11663		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
11664			goto nla_put_failure;
11665	}
11666
11667	return true;
11668
11669nla_put_failure:
11670	return false;
11671}
11672
11673/*
11674 * This can happen on global regulatory changes or device specific settings
11675 * based on custom regulatory domains.
11676 */
11677void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
11678				     struct regulatory_request *request)
11679{
11680	struct sk_buff *msg;
11681	void *hdr;
11682
11683	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11684	if (!msg)
11685		return;
11686
11687	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
11688	if (!hdr) {
11689		nlmsg_free(msg);
11690		return;
11691	}
11692
11693	if (nl80211_reg_change_event_fill(msg, request) == false)
11694		goto nla_put_failure;
11695
11696	genlmsg_end(msg, hdr);
11697
11698	rcu_read_lock();
11699	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
11700				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
11701	rcu_read_unlock();
11702
11703	return;
11704
11705nla_put_failure:
11706	genlmsg_cancel(msg, hdr);
11707	nlmsg_free(msg);
11708}
11709
11710static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
11711				    struct net_device *netdev,
11712				    const u8 *buf, size_t len,
11713				    enum nl80211_commands cmd, gfp_t gfp,
11714				    int uapsd_queues)
11715{
11716	struct sk_buff *msg;
11717	void *hdr;
11718
11719	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11720	if (!msg)
11721		return;
11722
11723	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11724	if (!hdr) {
11725		nlmsg_free(msg);
11726		return;
11727	}
11728
11729	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11730	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11731	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
11732		goto nla_put_failure;
11733
11734	if (uapsd_queues >= 0) {
11735		struct nlattr *nla_wmm =
11736			nla_nest_start(msg, NL80211_ATTR_STA_WME);
11737		if (!nla_wmm)
11738			goto nla_put_failure;
11739
11740		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
11741			       uapsd_queues))
11742			goto nla_put_failure;
11743
11744		nla_nest_end(msg, nla_wmm);
11745	}
11746
11747	genlmsg_end(msg, hdr);
11748
11749	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11750				NL80211_MCGRP_MLME, gfp);
11751	return;
11752
11753 nla_put_failure:
11754	genlmsg_cancel(msg, hdr);
11755	nlmsg_free(msg);
11756}
11757
11758void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
11759			  struct net_device *netdev, const u8 *buf,
11760			  size_t len, gfp_t gfp)
11761{
11762	nl80211_send_mlme_event(rdev, netdev, buf, len,
11763				NL80211_CMD_AUTHENTICATE, gfp, -1);
11764}
11765
11766void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
11767			   struct net_device *netdev, const u8 *buf,
11768			   size_t len, gfp_t gfp, int uapsd_queues)
11769{
11770	nl80211_send_mlme_event(rdev, netdev, buf, len,
11771				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
11772}
11773
11774void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
11775			 struct net_device *netdev, const u8 *buf,
11776			 size_t len, gfp_t gfp)
11777{
11778	nl80211_send_mlme_event(rdev, netdev, buf, len,
11779				NL80211_CMD_DEAUTHENTICATE, gfp, -1);
11780}
11781
11782void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
11783			   struct net_device *netdev, const u8 *buf,
11784			   size_t len, gfp_t gfp)
11785{
11786	nl80211_send_mlme_event(rdev, netdev, buf, len,
11787				NL80211_CMD_DISASSOCIATE, gfp, -1);
11788}
11789
11790void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
11791				  size_t len)
11792{
11793	struct wireless_dev *wdev = dev->ieee80211_ptr;
11794	struct wiphy *wiphy = wdev->wiphy;
11795	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11796	const struct ieee80211_mgmt *mgmt = (void *)buf;
11797	u32 cmd;
11798
11799	if (WARN_ON(len < 2))
11800		return;
11801
11802	if (ieee80211_is_deauth(mgmt->frame_control))
11803		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
11804	else
11805		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
11806
11807	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
11808	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
11809}
11810EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
11811
11812static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
11813				      struct net_device *netdev, int cmd,
11814				      const u8 *addr, gfp_t gfp)
11815{
11816	struct sk_buff *msg;
11817	void *hdr;
11818
11819	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11820	if (!msg)
11821		return;
11822
11823	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11824	if (!hdr) {
11825		nlmsg_free(msg);
11826		return;
11827	}
11828
11829	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11830	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11831	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
11832	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
11833		goto nla_put_failure;
11834
11835	genlmsg_end(msg, hdr);
11836
11837	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11838				NL80211_MCGRP_MLME, gfp);
11839	return;
11840
11841 nla_put_failure:
11842	genlmsg_cancel(msg, hdr);
11843	nlmsg_free(msg);
11844}
11845
11846void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
11847			       struct net_device *netdev, const u8 *addr,
11848			       gfp_t gfp)
11849{
11850	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
11851				  addr, gfp);
11852}
11853
11854void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
11855				struct net_device *netdev, const u8 *addr,
11856				gfp_t gfp)
11857{
11858	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
11859				  addr, gfp);
11860}
11861
11862void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
11863				 struct net_device *netdev, const u8 *bssid,
11864				 const u8 *req_ie, size_t req_ie_len,
11865				 const u8 *resp_ie, size_t resp_ie_len,
11866				 u16 status, gfp_t gfp)
11867{
11868	struct sk_buff *msg;
11869	void *hdr;
11870
11871	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11872	if (!msg)
11873		return;
11874
11875	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
11876	if (!hdr) {
11877		nlmsg_free(msg);
11878		return;
11879	}
11880
11881	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11882	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11883	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
11884	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
11885	    (req_ie &&
11886	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
11887	    (resp_ie &&
11888	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
11889		goto nla_put_failure;
11890
11891	genlmsg_end(msg, hdr);
11892
11893	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11894				NL80211_MCGRP_MLME, gfp);
11895	return;
11896
11897 nla_put_failure:
11898	genlmsg_cancel(msg, hdr);
11899	nlmsg_free(msg);
11900
11901}
11902
11903void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
11904			 struct net_device *netdev, const u8 *bssid,
11905			 const u8 *req_ie, size_t req_ie_len,
11906			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
11907{
11908	struct sk_buff *msg;
11909	void *hdr;
11910
11911	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11912	if (!msg)
11913		return;
11914
11915	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
11916	if (!hdr) {
11917		nlmsg_free(msg);
11918		return;
11919	}
11920
11921	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11922	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11923	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
11924	    (req_ie &&
11925	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
11926	    (resp_ie &&
11927	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
11928		goto nla_put_failure;
11929
11930	genlmsg_end(msg, hdr);
11931
11932	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11933				NL80211_MCGRP_MLME, gfp);
11934	return;
11935
11936 nla_put_failure:
11937	genlmsg_cancel(msg, hdr);
11938	nlmsg_free(msg);
11939
11940}
11941
11942void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
11943			       struct net_device *netdev, u16 reason,
11944			       const u8 *ie, size_t ie_len, bool from_ap)
11945{
11946	struct sk_buff *msg;
11947	void *hdr;
11948
11949	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11950	if (!msg)
11951		return;
11952
11953	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
11954	if (!hdr) {
11955		nlmsg_free(msg);
11956		return;
11957	}
11958
11959	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11960	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11961	    (from_ap && reason &&
11962	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
11963	    (from_ap &&
11964	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
11965	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
11966		goto nla_put_failure;
11967
11968	genlmsg_end(msg, hdr);
11969
11970	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11971				NL80211_MCGRP_MLME, GFP_KERNEL);
11972	return;
11973
11974 nla_put_failure:
11975	genlmsg_cancel(msg, hdr);
11976	nlmsg_free(msg);
11977
11978}
11979
11980void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
11981			     struct net_device *netdev, const u8 *bssid,
11982			     gfp_t gfp)
11983{
11984	struct sk_buff *msg;
11985	void *hdr;
11986
11987	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11988	if (!msg)
11989		return;
11990
11991	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
11992	if (!hdr) {
11993		nlmsg_free(msg);
11994		return;
11995	}
11996
11997	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11998	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11999	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
12000		goto nla_put_failure;
12001
12002	genlmsg_end(msg, hdr);
12003
12004	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12005				NL80211_MCGRP_MLME, gfp);
12006	return;
12007
12008 nla_put_failure:
12009	genlmsg_cancel(msg, hdr);
12010	nlmsg_free(msg);
12011}
12012
12013void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
12014					const u8* ie, u8 ie_len, gfp_t gfp)
12015{
12016	struct wireless_dev *wdev = dev->ieee80211_ptr;
12017	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12018	struct sk_buff *msg;
12019	void *hdr;
12020
12021	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
12022		return;
12023
12024	trace_cfg80211_notify_new_peer_candidate(dev, addr);
12025
12026	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12027	if (!msg)
12028		return;
12029
12030	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
12031	if (!hdr) {
12032		nlmsg_free(msg);
12033		return;
12034	}
12035
12036	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12037	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12038	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
12039	    (ie_len && ie &&
12040	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
12041		goto nla_put_failure;
12042
12043	genlmsg_end(msg, hdr);
12044
12045	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12046				NL80211_MCGRP_MLME, gfp);
12047	return;
12048
12049 nla_put_failure:
12050	genlmsg_cancel(msg, hdr);
12051	nlmsg_free(msg);
12052}
12053EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
12054
12055void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
12056				 struct net_device *netdev, const u8 *addr,
12057				 enum nl80211_key_type key_type, int key_id,
12058				 const u8 *tsc, gfp_t gfp)
12059{
12060	struct sk_buff *msg;
12061	void *hdr;
12062
12063	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12064	if (!msg)
12065		return;
12066
12067	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
12068	if (!hdr) {
12069		nlmsg_free(msg);
12070		return;
12071	}
12072
12073	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12074	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12075	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
12076	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
12077	    (key_id != -1 &&
12078	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
12079	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
12080		goto nla_put_failure;
12081
12082	genlmsg_end(msg, hdr);
12083
12084	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12085				NL80211_MCGRP_MLME, gfp);
12086	return;
12087
12088 nla_put_failure:
12089	genlmsg_cancel(msg, hdr);
12090	nlmsg_free(msg);
12091}
12092
12093void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
12094				    struct ieee80211_channel *channel_before,
12095				    struct ieee80211_channel *channel_after)
12096{
12097	struct sk_buff *msg;
12098	void *hdr;
12099	struct nlattr *nl_freq;
12100
12101	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
12102	if (!msg)
12103		return;
12104
12105	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
12106	if (!hdr) {
12107		nlmsg_free(msg);
12108		return;
12109	}
12110
12111	/*
12112	 * Since we are applying the beacon hint to a wiphy we know its
12113	 * wiphy_idx is valid
12114	 */
12115	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
12116		goto nla_put_failure;
12117
12118	/* Before */
12119	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
12120	if (!nl_freq)
12121		goto nla_put_failure;
12122	if (nl80211_msg_put_channel(msg, channel_before, false))
12123		goto nla_put_failure;
12124	nla_nest_end(msg, nl_freq);
12125
12126	/* After */
12127	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
12128	if (!nl_freq)
12129		goto nla_put_failure;
12130	if (nl80211_msg_put_channel(msg, channel_after, false))
12131		goto nla_put_failure;
12132	nla_nest_end(msg, nl_freq);
12133
12134	genlmsg_end(msg, hdr);
12135
12136	rcu_read_lock();
12137	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
12138				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
12139	rcu_read_unlock();
12140
12141	return;
12142
12143nla_put_failure:
12144	genlmsg_cancel(msg, hdr);
12145	nlmsg_free(msg);
12146}
12147
12148static void nl80211_send_remain_on_chan_event(
12149	int cmd, struct cfg80211_registered_device *rdev,
12150	struct wireless_dev *wdev, u64 cookie,
12151	struct ieee80211_channel *chan,
12152	unsigned int duration, gfp_t gfp)
12153{
12154	struct sk_buff *msg;
12155	void *hdr;
12156
12157	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12158	if (!msg)
12159		return;
12160
12161	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
12162	if (!hdr) {
12163		nlmsg_free(msg);
12164		return;
12165	}
12166
12167	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12168	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12169					 wdev->netdev->ifindex)) ||
12170	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12171	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
12172	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
12173			NL80211_CHAN_NO_HT) ||
12174	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
12175		goto nla_put_failure;
12176
12177	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
12178	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
12179		goto nla_put_failure;
12180
12181	genlmsg_end(msg, hdr);
12182
12183	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12184				NL80211_MCGRP_MLME, gfp);
12185	return;
12186
12187 nla_put_failure:
12188	genlmsg_cancel(msg, hdr);
12189	nlmsg_free(msg);
12190}
12191
12192void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
12193			       struct ieee80211_channel *chan,
12194			       unsigned int duration, gfp_t gfp)
12195{
12196	struct wiphy *wiphy = wdev->wiphy;
12197	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12198
12199	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
12200	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
12201					  rdev, wdev, cookie, chan,
12202					  duration, gfp);
12203}
12204EXPORT_SYMBOL(cfg80211_ready_on_channel);
12205
12206void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
12207					struct ieee80211_channel *chan,
12208					gfp_t gfp)
12209{
12210	struct wiphy *wiphy = wdev->wiphy;
12211	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12212
12213	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
12214	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
12215					  rdev, wdev, cookie, chan, 0, gfp);
12216}
12217EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
12218
12219void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
12220		      struct station_info *sinfo, gfp_t gfp)
12221{
12222	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12223	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12224	struct sk_buff *msg;
12225
12226	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
12227
12228	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12229	if (!msg)
12230		return;
12231
12232	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
12233				 rdev, dev, mac_addr, sinfo) < 0) {
12234		nlmsg_free(msg);
12235		return;
12236	}
12237
12238	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12239				NL80211_MCGRP_MLME, gfp);
12240}
12241EXPORT_SYMBOL(cfg80211_new_sta);
12242
12243void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
12244			    struct station_info *sinfo, gfp_t gfp)
12245{
12246	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12247	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12248	struct sk_buff *msg;
12249	struct station_info empty_sinfo = {};
12250
12251	if (!sinfo)
12252		sinfo = &empty_sinfo;
12253
12254	trace_cfg80211_del_sta(dev, mac_addr);
12255
12256	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12257	if (!msg)
12258		return;
12259
12260	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
12261				 rdev, dev, mac_addr, sinfo) < 0) {
12262		nlmsg_free(msg);
12263		return;
12264	}
12265
12266	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12267				NL80211_MCGRP_MLME, gfp);
12268}
12269EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
12270
12271void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
12272			  enum nl80211_connect_failed_reason reason,
12273			  gfp_t gfp)
12274{
12275	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12276	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12277	struct sk_buff *msg;
12278	void *hdr;
12279
12280	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
12281	if (!msg)
12282		return;
12283
12284	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
12285	if (!hdr) {
12286		nlmsg_free(msg);
12287		return;
12288	}
12289
12290	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12291	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
12292	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
12293		goto nla_put_failure;
12294
12295	genlmsg_end(msg, hdr);
12296
12297	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12298				NL80211_MCGRP_MLME, gfp);
12299	return;
12300
12301 nla_put_failure:
12302	genlmsg_cancel(msg, hdr);
12303	nlmsg_free(msg);
12304}
12305EXPORT_SYMBOL(cfg80211_conn_failed);
12306
12307static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
12308				       const u8 *addr, gfp_t gfp)
12309{
12310	struct wireless_dev *wdev = dev->ieee80211_ptr;
12311	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12312	struct sk_buff *msg;
12313	void *hdr;
12314	u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
12315
12316	if (!nlportid)
12317		return false;
12318
12319	msg = nlmsg_new(100, gfp);
12320	if (!msg)
12321		return true;
12322
12323	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
12324	if (!hdr) {
12325		nlmsg_free(msg);
12326		return true;
12327	}
12328
12329	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12330	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12331	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
12332		goto nla_put_failure;
12333
12334	genlmsg_end(msg, hdr);
12335	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
12336	return true;
12337
12338 nla_put_failure:
12339	genlmsg_cancel(msg, hdr);
12340	nlmsg_free(msg);
12341	return true;
12342}
12343
12344bool cfg80211_rx_spurious_frame(struct net_device *dev,
12345				const u8 *addr, gfp_t gfp)
12346{
12347	struct wireless_dev *wdev = dev->ieee80211_ptr;
12348	bool ret;
12349
12350	trace_cfg80211_rx_spurious_frame(dev, addr);
12351
12352	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
12353		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
12354		trace_cfg80211_return_bool(false);
12355		return false;
12356	}
12357	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
12358					 addr, gfp);
12359	trace_cfg80211_return_bool(ret);
12360	return ret;
12361}
12362EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
12363
12364bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
12365					const u8 *addr, gfp_t gfp)
12366{
12367	struct wireless_dev *wdev = dev->ieee80211_ptr;
12368	bool ret;
12369
12370	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
12371
12372	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
12373		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
12374		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
12375		trace_cfg80211_return_bool(false);
12376		return false;
12377	}
12378	ret = __nl80211_unexpected_frame(dev,
12379					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
12380					 addr, gfp);
12381	trace_cfg80211_return_bool(ret);
12382	return ret;
12383}
12384EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
12385
12386int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
12387		      struct wireless_dev *wdev, u32 nlportid,
12388		      int freq, int sig_dbm,
12389		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
12390{
12391	struct net_device *netdev = wdev->netdev;
12392	struct sk_buff *msg;
12393	void *hdr;
12394
12395	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12396	if (!msg)
12397		return -ENOMEM;
12398
12399	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
12400	if (!hdr) {
12401		nlmsg_free(msg);
12402		return -ENOMEM;
12403	}
12404
12405	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12406	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12407					netdev->ifindex)) ||
12408	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12409	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
12410	    (sig_dbm &&
12411	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
12412	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
12413	    (flags &&
12414	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
12415		goto nla_put_failure;
12416
12417	genlmsg_end(msg, hdr);
12418
12419	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
12420
12421 nla_put_failure:
12422	genlmsg_cancel(msg, hdr);
12423	nlmsg_free(msg);
12424	return -ENOBUFS;
12425}
12426
12427void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
12428			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
12429{
12430	struct wiphy *wiphy = wdev->wiphy;
12431	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12432	struct net_device *netdev = wdev->netdev;
12433	struct sk_buff *msg;
12434	void *hdr;
12435
12436	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
12437
12438	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12439	if (!msg)
12440		return;
12441
12442	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
12443	if (!hdr) {
12444		nlmsg_free(msg);
12445		return;
12446	}
12447
12448	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12449	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12450				   netdev->ifindex)) ||
12451	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12452	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
12453	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
12454	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
12455		goto nla_put_failure;
12456
12457	genlmsg_end(msg, hdr);
12458
12459	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12460				NL80211_MCGRP_MLME, gfp);
12461	return;
12462
12463 nla_put_failure:
12464	genlmsg_cancel(msg, hdr);
12465	nlmsg_free(msg);
12466}
12467EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
12468
12469static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
12470					    const char *mac, gfp_t gfp)
12471{
12472	struct wireless_dev *wdev = dev->ieee80211_ptr;
12473	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12474	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12475	void **cb;
12476
12477	if (!msg)
12478		return NULL;
12479
12480	cb = (void **)msg->cb;
12481
12482	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
12483	if (!cb[0]) {
12484		nlmsg_free(msg);
12485		return NULL;
12486	}
12487
12488	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12489	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
12490		goto nla_put_failure;
12491
12492	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
12493		goto nla_put_failure;
12494
12495	cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
12496	if (!cb[1])
12497		goto nla_put_failure;
12498
12499	cb[2] = rdev;
12500
12501	return msg;
12502 nla_put_failure:
12503	nlmsg_free(msg);
12504	return NULL;
12505}
12506
12507static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
12508{
12509	void **cb = (void **)msg->cb;
12510	struct cfg80211_registered_device *rdev = cb[2];
12511
12512	nla_nest_end(msg, cb[1]);
12513	genlmsg_end(msg, cb[0]);
12514
12515	memset(msg->cb, 0, sizeof(msg->cb));
12516
12517	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12518				NL80211_MCGRP_MLME, gfp);
12519}
12520
12521void cfg80211_cqm_rssi_notify(struct net_device *dev,
12522			      enum nl80211_cqm_rssi_threshold_event rssi_event,
12523			      gfp_t gfp)
12524{
12525	struct sk_buff *msg;
12526
12527	trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
12528
12529	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
12530		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
12531		return;
12532
12533	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
12534	if (!msg)
12535		return;
12536
12537	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
12538			rssi_event))
12539		goto nla_put_failure;
12540
12541	cfg80211_send_cqm(msg, gfp);
12542
12543	return;
12544
12545 nla_put_failure:
12546	nlmsg_free(msg);
12547}
12548EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
12549
12550void cfg80211_cqm_txe_notify(struct net_device *dev,
12551			     const u8 *peer, u32 num_packets,
12552			     u32 rate, u32 intvl, gfp_t gfp)
12553{
12554	struct sk_buff *msg;
12555
12556	msg = cfg80211_prepare_cqm(dev, peer, gfp);
12557	if (!msg)
12558		return;
12559
12560	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
12561		goto nla_put_failure;
12562
12563	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
12564		goto nla_put_failure;
12565
12566	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
12567		goto nla_put_failure;
12568
12569	cfg80211_send_cqm(msg, gfp);
12570	return;
12571
12572 nla_put_failure:
12573	nlmsg_free(msg);
12574}
12575EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
12576
12577void cfg80211_cqm_pktloss_notify(struct net_device *dev,
12578				 const u8 *peer, u32 num_packets, gfp_t gfp)
12579{
12580	struct sk_buff *msg;
12581
12582	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
12583
12584	msg = cfg80211_prepare_cqm(dev, peer, gfp);
12585	if (!msg)
12586		return;
12587
12588	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
12589		goto nla_put_failure;
12590
12591	cfg80211_send_cqm(msg, gfp);
12592	return;
12593
12594 nla_put_failure:
12595	nlmsg_free(msg);
12596}
12597EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
12598
12599void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
12600{
12601	struct sk_buff *msg;
12602
12603	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
12604	if (!msg)
12605		return;
12606
12607	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
12608		goto nla_put_failure;
12609
12610	cfg80211_send_cqm(msg, gfp);
12611	return;
12612
12613 nla_put_failure:
12614	nlmsg_free(msg);
12615}
12616EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
12617
12618static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
12619				     struct net_device *netdev, const u8 *bssid,
12620				     const u8 *replay_ctr, gfp_t gfp)
12621{
12622	struct sk_buff *msg;
12623	struct nlattr *rekey_attr;
12624	void *hdr;
12625
12626	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12627	if (!msg)
12628		return;
12629
12630	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
12631	if (!hdr) {
12632		nlmsg_free(msg);
12633		return;
12634	}
12635
12636	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12637	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12638	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
12639		goto nla_put_failure;
12640
12641	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
12642	if (!rekey_attr)
12643		goto nla_put_failure;
12644
12645	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
12646		    NL80211_REPLAY_CTR_LEN, replay_ctr))
12647		goto nla_put_failure;
12648
12649	nla_nest_end(msg, rekey_attr);
12650
12651	genlmsg_end(msg, hdr);
12652
12653	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12654				NL80211_MCGRP_MLME, gfp);
12655	return;
12656
12657 nla_put_failure:
12658	genlmsg_cancel(msg, hdr);
12659	nlmsg_free(msg);
12660}
12661
12662void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
12663			       const u8 *replay_ctr, gfp_t gfp)
12664{
12665	struct wireless_dev *wdev = dev->ieee80211_ptr;
12666	struct wiphy *wiphy = wdev->wiphy;
12667	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12668
12669	trace_cfg80211_gtk_rekey_notify(dev, bssid);
12670	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
12671}
12672EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
12673
12674static void
12675nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
12676			       struct net_device *netdev, int index,
12677			       const u8 *bssid, bool preauth, gfp_t gfp)
12678{
12679	struct sk_buff *msg;
12680	struct nlattr *attr;
12681	void *hdr;
12682
12683	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12684	if (!msg)
12685		return;
12686
12687	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
12688	if (!hdr) {
12689		nlmsg_free(msg);
12690		return;
12691	}
12692
12693	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12694	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
12695		goto nla_put_failure;
12696
12697	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
12698	if (!attr)
12699		goto nla_put_failure;
12700
12701	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
12702	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
12703	    (preauth &&
12704	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
12705		goto nla_put_failure;
12706
12707	nla_nest_end(msg, attr);
12708
12709	genlmsg_end(msg, hdr);
12710
12711	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12712				NL80211_MCGRP_MLME, gfp);
12713	return;
12714
12715 nla_put_failure:
12716	genlmsg_cancel(msg, hdr);
12717	nlmsg_free(msg);
12718}
12719
12720void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
12721				     const u8 *bssid, bool preauth, gfp_t gfp)
12722{
12723	struct wireless_dev *wdev = dev->ieee80211_ptr;
12724	struct wiphy *wiphy = wdev->wiphy;
12725	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12726
12727	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
12728	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
12729}
12730EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
12731
12732static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
12733				     struct net_device *netdev,
12734				     struct cfg80211_chan_def *chandef,
12735				     gfp_t gfp,
12736				     enum nl80211_commands notif,
12737				     u8 count)
12738{
12739	struct sk_buff *msg;
12740	void *hdr;
12741
12742	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12743	if (!msg)
12744		return;
12745
12746	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
12747	if (!hdr) {
12748		nlmsg_free(msg);
12749		return;
12750	}
12751
12752	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
12753		goto nla_put_failure;
12754
12755	if (nl80211_send_chandef(msg, chandef))
12756		goto nla_put_failure;
12757
12758	if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
12759	    (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
12760			goto nla_put_failure;
12761
12762	genlmsg_end(msg, hdr);
12763
12764	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12765				NL80211_MCGRP_MLME, gfp);
12766	return;
12767
12768 nla_put_failure:
12769	genlmsg_cancel(msg, hdr);
12770	nlmsg_free(msg);
12771}
12772
12773void cfg80211_ch_switch_notify(struct net_device *dev,
12774			       struct cfg80211_chan_def *chandef)
12775{
12776	struct wireless_dev *wdev = dev->ieee80211_ptr;
12777	struct wiphy *wiphy = wdev->wiphy;
12778	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12779
12780	ASSERT_WDEV_LOCK(wdev);
12781
12782	trace_cfg80211_ch_switch_notify(dev, chandef);
12783
12784	wdev->chandef = *chandef;
12785	wdev->preset_chandef = *chandef;
12786	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
12787				 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
12788}
12789EXPORT_SYMBOL(cfg80211_ch_switch_notify);
12790
12791void cfg80211_ch_switch_started_notify(struct net_device *dev,
12792				       struct cfg80211_chan_def *chandef,
12793				       u8 count)
12794{
12795	struct wireless_dev *wdev = dev->ieee80211_ptr;
12796	struct wiphy *wiphy = wdev->wiphy;
12797	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12798
12799	trace_cfg80211_ch_switch_started_notify(dev, chandef);
12800
12801	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
12802				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
12803}
12804EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
12805
12806void
12807nl80211_radar_notify(struct cfg80211_registered_device *rdev,
12808		     const struct cfg80211_chan_def *chandef,
12809		     enum nl80211_radar_event event,
12810		     struct net_device *netdev, gfp_t gfp)
12811{
12812	struct sk_buff *msg;
12813	void *hdr;
12814
12815	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12816	if (!msg)
12817		return;
12818
12819	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
12820	if (!hdr) {
12821		nlmsg_free(msg);
12822		return;
12823	}
12824
12825	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
12826		goto nla_put_failure;
12827
12828	/* NOP and radar events don't need a netdev parameter */
12829	if (netdev) {
12830		struct wireless_dev *wdev = netdev->ieee80211_ptr;
12831
12832		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12833		    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
12834			goto nla_put_failure;
12835	}
12836
12837	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
12838		goto nla_put_failure;
12839
12840	if (nl80211_send_chandef(msg, chandef))
12841		goto nla_put_failure;
12842
12843	genlmsg_end(msg, hdr);
12844
12845	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12846				NL80211_MCGRP_MLME, gfp);
12847	return;
12848
12849 nla_put_failure:
12850	genlmsg_cancel(msg, hdr);
12851	nlmsg_free(msg);
12852}
12853
12854void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
12855			   u64 cookie, bool acked, gfp_t gfp)
12856{
12857	struct wireless_dev *wdev = dev->ieee80211_ptr;
12858	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12859	struct sk_buff *msg;
12860	void *hdr;
12861
12862	trace_cfg80211_probe_status(dev, addr, cookie, acked);
12863
12864	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12865
12866	if (!msg)
12867		return;
12868
12869	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
12870	if (!hdr) {
12871		nlmsg_free(msg);
12872		return;
12873	}
12874
12875	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12876	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12877	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
12878	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
12879	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
12880		goto nla_put_failure;
12881
12882	genlmsg_end(msg, hdr);
12883
12884	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12885				NL80211_MCGRP_MLME, gfp);
12886	return;
12887
12888 nla_put_failure:
12889	genlmsg_cancel(msg, hdr);
12890	nlmsg_free(msg);
12891}
12892EXPORT_SYMBOL(cfg80211_probe_status);
12893
12894void cfg80211_report_obss_beacon(struct wiphy *wiphy,
12895				 const u8 *frame, size_t len,
12896				 int freq, int sig_dbm)
12897{
12898	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12899	struct sk_buff *msg;
12900	void *hdr;
12901	struct cfg80211_beacon_registration *reg;
12902
12903	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
12904
12905	spin_lock_bh(&rdev->beacon_registrations_lock);
12906	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
12907		msg = nlmsg_new(len + 100, GFP_ATOMIC);
12908		if (!msg) {
12909			spin_unlock_bh(&rdev->beacon_registrations_lock);
12910			return;
12911		}
12912
12913		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
12914		if (!hdr)
12915			goto nla_put_failure;
12916
12917		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12918		    (freq &&
12919		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
12920		    (sig_dbm &&
12921		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
12922		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
12923			goto nla_put_failure;
12924
12925		genlmsg_end(msg, hdr);
12926
12927		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
12928	}
12929	spin_unlock_bh(&rdev->beacon_registrations_lock);
12930	return;
12931
12932 nla_put_failure:
12933	spin_unlock_bh(&rdev->beacon_registrations_lock);
12934	if (hdr)
12935		genlmsg_cancel(msg, hdr);
12936	nlmsg_free(msg);
12937}
12938EXPORT_SYMBOL(cfg80211_report_obss_beacon);
12939
12940#ifdef CONFIG_PM
12941static int cfg80211_net_detect_results(struct sk_buff *msg,
12942				       struct cfg80211_wowlan_wakeup *wakeup)
12943{
12944	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
12945	struct nlattr *nl_results, *nl_match, *nl_freqs;
12946	int i, j;
12947
12948	nl_results = nla_nest_start(
12949		msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
12950	if (!nl_results)
12951		return -EMSGSIZE;
12952
12953	for (i = 0; i < nd->n_matches; i++) {
12954		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
12955
12956		nl_match = nla_nest_start(msg, i);
12957		if (!nl_match)
12958			break;
12959
12960		/* The SSID attribute is optional in nl80211, but for
12961		 * simplicity reasons it's always present in the
12962		 * cfg80211 structure.  If a driver can't pass the
12963		 * SSID, that needs to be changed.  A zero length SSID
12964		 * is still a valid SSID (wildcard), so it cannot be
12965		 * used for this purpose.
12966		 */
12967		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
12968			    match->ssid.ssid)) {
12969			nla_nest_cancel(msg, nl_match);
12970			goto out;
12971		}
12972
12973		if (match->n_channels) {
12974			nl_freqs = nla_nest_start(
12975				msg, NL80211_ATTR_SCAN_FREQUENCIES);
12976			if (!nl_freqs) {
12977				nla_nest_cancel(msg, nl_match);
12978				goto out;
12979			}
12980
12981			for (j = 0; j < match->n_channels; j++) {
12982				if (nla_put_u32(msg, j, match->channels[j])) {
12983					nla_nest_cancel(msg, nl_freqs);
12984					nla_nest_cancel(msg, nl_match);
12985					goto out;
12986				}
12987			}
12988
12989			nla_nest_end(msg, nl_freqs);
12990		}
12991
12992		nla_nest_end(msg, nl_match);
12993	}
12994
12995out:
12996	nla_nest_end(msg, nl_results);
12997	return 0;
12998}
12999
13000void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
13001				   struct cfg80211_wowlan_wakeup *wakeup,
13002				   gfp_t gfp)
13003{
13004	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
13005	struct sk_buff *msg;
13006	void *hdr;
13007	int size = 200;
13008
13009	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
13010
13011	if (wakeup)
13012		size += wakeup->packet_present_len;
13013
13014	msg = nlmsg_new(size, gfp);
13015	if (!msg)
13016		return;
13017
13018	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
13019	if (!hdr)
13020		goto free_msg;
13021
13022	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13023	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
13024		goto free_msg;
13025
13026	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13027					wdev->netdev->ifindex))
13028		goto free_msg;
13029
13030	if (wakeup) {
13031		struct nlattr *reasons;
13032
13033		reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
13034		if (!reasons)
13035			goto free_msg;
13036
13037		if (wakeup->disconnect &&
13038		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
13039			goto free_msg;
13040		if (wakeup->magic_pkt &&
13041		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
13042			goto free_msg;
13043		if (wakeup->gtk_rekey_failure &&
13044		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
13045			goto free_msg;
13046		if (wakeup->eap_identity_req &&
13047		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
13048			goto free_msg;
13049		if (wakeup->four_way_handshake &&
13050		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
13051			goto free_msg;
13052		if (wakeup->rfkill_release &&
13053		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
13054			goto free_msg;
13055
13056		if (wakeup->pattern_idx >= 0 &&
13057		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
13058				wakeup->pattern_idx))
13059			goto free_msg;
13060
13061		if (wakeup->tcp_match &&
13062		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
13063			goto free_msg;
13064
13065		if (wakeup->tcp_connlost &&
13066		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
13067			goto free_msg;
13068
13069		if (wakeup->tcp_nomoretokens &&
13070		    nla_put_flag(msg,
13071				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
13072			goto free_msg;
13073
13074		if (wakeup->packet) {
13075			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
13076			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
13077
13078			if (!wakeup->packet_80211) {
13079				pkt_attr =
13080					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
13081				len_attr =
13082					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
13083			}
13084
13085			if (wakeup->packet_len &&
13086			    nla_put_u32(msg, len_attr, wakeup->packet_len))
13087				goto free_msg;
13088
13089			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
13090				    wakeup->packet))
13091				goto free_msg;
13092		}
13093
13094		if (wakeup->net_detect &&
13095		    cfg80211_net_detect_results(msg, wakeup))
13096				goto free_msg;
13097
13098		nla_nest_end(msg, reasons);
13099	}
13100
13101	genlmsg_end(msg, hdr);
13102
13103	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13104				NL80211_MCGRP_MLME, gfp);
13105	return;
13106
13107 free_msg:
13108	nlmsg_free(msg);
13109}
13110EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
13111#endif
13112
13113void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
13114				enum nl80211_tdls_operation oper,
13115				u16 reason_code, gfp_t gfp)
13116{
13117	struct wireless_dev *wdev = dev->ieee80211_ptr;
13118	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
13119	struct sk_buff *msg;
13120	void *hdr;
13121
13122	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
13123					 reason_code);
13124
13125	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13126	if (!msg)
13127		return;
13128
13129	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
13130	if (!hdr) {
13131		nlmsg_free(msg);
13132		return;
13133	}
13134
13135	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13136	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
13137	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
13138	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
13139	    (reason_code > 0 &&
13140	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
13141		goto nla_put_failure;
13142
13143	genlmsg_end(msg, hdr);
13144
13145	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13146				NL80211_MCGRP_MLME, gfp);
13147	return;
13148
13149 nla_put_failure:
13150	genlmsg_cancel(msg, hdr);
13151	nlmsg_free(msg);
13152}
13153EXPORT_SYMBOL(cfg80211_tdls_oper_request);
13154
13155static int nl80211_netlink_notify(struct notifier_block * nb,
13156				  unsigned long state,
13157				  void *_notify)
13158{
13159	struct netlink_notify *notify = _notify;
13160	struct cfg80211_registered_device *rdev;
13161	struct wireless_dev *wdev;
13162	struct cfg80211_beacon_registration *reg, *tmp;
13163
13164	if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
13165		return NOTIFY_DONE;
13166
13167	rcu_read_lock();
13168
13169	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
13170		bool schedule_destroy_work = false;
13171		bool schedule_scan_stop = false;
13172		struct cfg80211_sched_scan_request *sched_scan_req =
13173			rcu_dereference(rdev->sched_scan_req);
13174
13175		if (sched_scan_req && notify->portid &&
13176		    sched_scan_req->owner_nlportid == notify->portid)
13177			schedule_scan_stop = true;
13178
13179		list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) {
13180			cfg80211_mlme_unregister_socket(wdev, notify->portid);
13181
13182			if (wdev->owner_nlportid == notify->portid)
13183				schedule_destroy_work = true;
13184		}
13185
13186		spin_lock_bh(&rdev->beacon_registrations_lock);
13187		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
13188					 list) {
13189			if (reg->nlportid == notify->portid) {
13190				list_del(&reg->list);
13191				kfree(reg);
13192				break;
13193			}
13194		}
13195		spin_unlock_bh(&rdev->beacon_registrations_lock);
13196
13197		if (schedule_destroy_work) {
13198			struct cfg80211_iface_destroy *destroy;
13199
13200			destroy = kzalloc(sizeof(*destroy), GFP_ATOMIC);
13201			if (destroy) {
13202				destroy->nlportid = notify->portid;
13203				spin_lock(&rdev->destroy_list_lock);
13204				list_add(&destroy->list, &rdev->destroy_list);
13205				spin_unlock(&rdev->destroy_list_lock);
13206				schedule_work(&rdev->destroy_work);
13207			}
13208		} else if (schedule_scan_stop) {
13209			sched_scan_req->owner_nlportid = 0;
13210
13211			if (rdev->ops->sched_scan_stop &&
13212			    rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
13213				schedule_work(&rdev->sched_scan_stop_wk);
13214		}
13215	}
13216
13217	rcu_read_unlock();
13218
13219	/*
13220	 * It is possible that the user space process that is controlling the
13221	 * indoor setting disappeared, so notify the regulatory core.
13222	 */
13223	regulatory_netlink_notify(notify->portid);
13224	return NOTIFY_OK;
13225}
13226
13227static struct notifier_block nl80211_netlink_notifier = {
13228	.notifier_call = nl80211_netlink_notify,
13229};
13230
13231void cfg80211_ft_event(struct net_device *netdev,
13232		       struct cfg80211_ft_event_params *ft_event)
13233{
13234	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
13235	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13236	struct sk_buff *msg;
13237	void *hdr;
13238
13239	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
13240
13241	if (!ft_event->target_ap)
13242		return;
13243
13244	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13245	if (!msg)
13246		return;
13247
13248	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
13249	if (!hdr)
13250		goto out;
13251
13252	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13253	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13254	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
13255		goto out;
13256
13257	if (ft_event->ies &&
13258	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
13259		goto out;
13260	if (ft_event->ric_ies &&
13261	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
13262		    ft_event->ric_ies))
13263		goto out;
13264
13265	genlmsg_end(msg, hdr);
13266
13267	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13268				NL80211_MCGRP_MLME, GFP_KERNEL);
13269	return;
13270 out:
13271	nlmsg_free(msg);
13272}
13273EXPORT_SYMBOL(cfg80211_ft_event);
13274
13275void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
13276{
13277	struct cfg80211_registered_device *rdev;
13278	struct sk_buff *msg;
13279	void *hdr;
13280	u32 nlportid;
13281
13282	rdev = wiphy_to_rdev(wdev->wiphy);
13283	if (!rdev->crit_proto_nlportid)
13284		return;
13285
13286	nlportid = rdev->crit_proto_nlportid;
13287	rdev->crit_proto_nlportid = 0;
13288
13289	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13290	if (!msg)
13291		return;
13292
13293	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
13294	if (!hdr)
13295		goto nla_put_failure;
13296
13297	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13298	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
13299		goto nla_put_failure;
13300
13301	genlmsg_end(msg, hdr);
13302
13303	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
13304	return;
13305
13306 nla_put_failure:
13307	if (hdr)
13308		genlmsg_cancel(msg, hdr);
13309	nlmsg_free(msg);
13310
13311}
13312EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
13313
13314void nl80211_send_ap_stopped(struct wireless_dev *wdev)
13315{
13316	struct wiphy *wiphy = wdev->wiphy;
13317	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13318	struct sk_buff *msg;
13319	void *hdr;
13320
13321	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13322	if (!msg)
13323		return;
13324
13325	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
13326	if (!hdr)
13327		goto out;
13328
13329	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13330	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
13331	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
13332		goto out;
13333
13334	genlmsg_end(msg, hdr);
13335
13336	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
13337				NL80211_MCGRP_MLME, GFP_KERNEL);
13338	return;
13339 out:
13340	nlmsg_free(msg);
13341}
13342
13343/* initialisation/exit functions */
13344
13345int nl80211_init(void)
13346{
13347	int err;
13348
13349	err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
13350						   nl80211_mcgrps);
13351	if (err)
13352		return err;
13353
13354	err = netlink_register_notifier(&nl80211_netlink_notifier);
13355	if (err)
13356		goto err_out;
13357
13358	return 0;
13359 err_out:
13360	genl_unregister_family(&nl80211_fam);
13361	return err;
13362}
13363
13364void nl80211_exit(void)
13365{
13366	netlink_unregister_notifier(&nl80211_netlink_notifier);
13367	genl_unregister_family(&nl80211_fam);
13368}
13369