root/net/wireless/nl80211.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. __cfg80211_wdev_from_attrs
  2. __cfg80211_rdev_from_attrs
  3. cfg80211_get_dev_from_info
  4. validate_beacon_head
  5. validate_ie_attr
  6. nl80211_prepare_wdev_dump
  7. nl80211hdr_put
  8. nl80211_msg_put_wmm_rules
  9. nl80211_msg_put_channel
  10. nl80211_put_txq_stats
  11. nl80211_parse_key_new
  12. nl80211_parse_key_old
  13. nl80211_parse_key
  14. nl80211_parse_connkeys
  15. nl80211_key_allowed
  16. nl80211_get_valid_chan
  17. nl80211_put_iftypes
  18. nl80211_put_iface_combinations
  19. nl80211_send_wowlan_tcp_caps
  20. nl80211_send_wowlan
  21. nl80211_send_coalesce
  22. nl80211_send_iftype_data
  23. nl80211_send_band_rateinfo
  24. nl80211_send_mgmt_stypes
  25. nl80211_add_commands_unsplit
  26. nl80211_send_pmsr_ftm_capa
  27. nl80211_send_pmsr_capa
  28. nl80211_send_wiphy
  29. nl80211_dump_wiphy_parse
  30. nl80211_dump_wiphy
  31. nl80211_dump_wiphy_done
  32. nl80211_get_wiphy
  33. parse_txq_params
  34. nl80211_can_set_dev_channel
  35. nl80211_parse_chandef
  36. __nl80211_set_channel
  37. nl80211_set_channel
  38. nl80211_set_wds_peer
  39. nl80211_set_wiphy
  40. nl80211_send_chandef
  41. nl80211_send_iface
  42. nl80211_dump_interface
  43. nl80211_get_interface
  44. parse_monitor_flags
  45. nl80211_parse_mon_options
  46. nl80211_valid_4addr
  47. nl80211_set_interface
  48. nl80211_new_interface
  49. nl80211_del_interface
  50. nl80211_set_noack_map
  51. get_key_callback
  52. nl80211_get_key
  53. nl80211_set_key
  54. nl80211_new_key
  55. nl80211_del_key
  56. validate_acl_mac_addrs
  57. parse_acl_data
  58. nl80211_set_mac_acl
  59. rateset_to_mask
  60. ht_rateset_to_mask
  61. vht_mcs_map_to_mcs_mask
  62. vht_build_mcs_mask
  63. vht_set_mcs_mask
  64. nl80211_parse_tx_bitrate_mask
  65. validate_beacon_tx_rate
  66. nl80211_parse_beacon
  67. nl80211_parse_he_obss_pd
  68. nl80211_check_ap_rate_selectors
  69. nl80211_calculate_ap_params
  70. nl80211_get_ap_channel
  71. nl80211_valid_auth_type
  72. nl80211_start_ap
  73. nl80211_set_beacon
  74. nl80211_stop_ap
  75. parse_station_flags
  76. nl80211_put_sta_rate
  77. nl80211_put_signal
  78. nl80211_send_station
  79. nl80211_dump_station
  80. nl80211_get_station
  81. cfg80211_check_station_change
  82. get_vlan
  83. nl80211_parse_sta_wme
  84. nl80211_parse_sta_channel_info
  85. nl80211_set_station_tdls
  86. nl80211_parse_sta_txpower_setting
  87. nl80211_set_station
  88. nl80211_new_station
  89. nl80211_del_station
  90. nl80211_send_mpath
  91. nl80211_dump_mpath
  92. nl80211_get_mpath
  93. nl80211_set_mpath
  94. nl80211_new_mpath
  95. nl80211_del_mpath
  96. nl80211_get_mpp
  97. nl80211_dump_mpp
  98. nl80211_set_bss
  99. nl80211_req_set_reg
  100. nl80211_reload_regdb
  101. nl80211_get_mesh_config
  102. nl80211_parse_mesh_config
  103. nl80211_parse_mesh_setup
  104. nl80211_update_mesh_config
  105. nl80211_put_regdom
  106. nl80211_get_reg_do
  107. nl80211_send_regdom
  108. nl80211_get_reg_dump
  109. parse_reg_rule
  110. nl80211_set_reg
  111. validate_scan_freqs
  112. is_band_valid
  113. parse_bss_select
  114. nl80211_parse_random_mac
  115. cfg80211_off_channel_oper_allowed
  116. nl80211_check_scan_feat
  117. nl80211_check_scan_flags
  118. nl80211_trigger_scan
  119. nl80211_abort_scan
  120. nl80211_parse_sched_scan_plans
  121. nl80211_parse_sched_scan_per_band_rssi
  122. nl80211_parse_sched_scan
  123. nl80211_start_sched_scan
  124. nl80211_stop_sched_scan
  125. nl80211_start_radar_detection
  126. nl80211_notify_radar_detection
  127. nl80211_channel_switch
  128. nl80211_send_bss
  129. nl80211_dump_scan
  130. nl80211_send_survey
  131. nl80211_dump_survey
  132. nl80211_valid_wpa_versions
  133. nl80211_authenticate
  134. validate_pae_over_nl80211
  135. nl80211_crypto_settings
  136. nl80211_associate
  137. nl80211_deauthenticate
  138. nl80211_disassociate
  139. nl80211_parse_mcast_rate
  140. nl80211_join_ibss
  141. nl80211_leave_ibss
  142. nl80211_set_mcast_rate
  143. __cfg80211_alloc_vendor_skb
  144. __cfg80211_alloc_event_skb
  145. __cfg80211_send_event_skb
  146. nl80211_testmode_do
  147. nl80211_testmode_dump
  148. nl80211_connect
  149. nl80211_update_connect_params
  150. nl80211_disconnect
  151. nl80211_wiphy_netns
  152. nl80211_setdel_pmksa
  153. nl80211_flush_pmksa
  154. nl80211_tdls_mgmt
  155. nl80211_tdls_oper
  156. nl80211_remain_on_channel
  157. nl80211_cancel_remain_on_channel
  158. nl80211_set_tx_bitrate_mask
  159. nl80211_register_mgmt
  160. nl80211_tx_mgmt
  161. nl80211_tx_mgmt_cancel_wait
  162. nl80211_set_power_save
  163. nl80211_get_power_save
  164. nl80211_set_cqm_txe
  165. cfg80211_cqm_rssi_update
  166. nl80211_set_cqm_rssi
  167. nl80211_set_cqm
  168. nl80211_join_ocb
  169. nl80211_leave_ocb
  170. nl80211_join_mesh
  171. nl80211_leave_mesh
  172. nl80211_send_wowlan_patterns
  173. nl80211_send_wowlan_tcp
  174. nl80211_send_wowlan_nd
  175. nl80211_get_wowlan
  176. nl80211_parse_wowlan_tcp
  177. nl80211_parse_wowlan_nd
  178. nl80211_set_wowlan
  179. nl80211_send_coalesce_rules
  180. nl80211_get_coalesce
  181. cfg80211_rdev_free_coalesce
  182. nl80211_parse_coalesce_rule
  183. nl80211_set_coalesce
  184. nl80211_set_rekey_data
  185. nl80211_register_unexpected_frame
  186. nl80211_probe_client
  187. nl80211_register_beacons
  188. nl80211_start_p2p_device
  189. nl80211_stop_p2p_device
  190. nl80211_start_nan
  191. nl80211_stop_nan
  192. validate_nan_filter
  193. handle_nan_filter
  194. nl80211_nan_add_func
  195. nl80211_nan_del_func
  196. nl80211_nan_change_config
  197. cfg80211_nan_match
  198. cfg80211_nan_func_terminated
  199. nl80211_get_protocol_features
  200. nl80211_update_ft_ies
  201. nl80211_crit_protocol_start
  202. nl80211_crit_protocol_stop
  203. nl80211_vendor_check_policy
  204. nl80211_vendor_cmd
  205. nl80211_prepare_vendor_dump
  206. nl80211_vendor_cmd_dump
  207. __cfg80211_alloc_reply_skb
  208. cfg80211_vendor_cmd_reply
  209. cfg80211_vendor_cmd_get_sender
  210. nl80211_set_qos_map
  211. nl80211_add_tx_ts
  212. nl80211_del_tx_ts
  213. nl80211_tdls_channel_switch
  214. nl80211_tdls_cancel_channel_switch
  215. nl80211_set_multicast_to_unicast
  216. nl80211_set_pmk
  217. nl80211_del_pmk
  218. nl80211_external_auth
  219. nl80211_tx_control_port
  220. nl80211_get_ftm_responder_stats
  221. nl80211_update_owe_info
  222. nl80211_probe_mesh_link
  223. nl80211_pre_doit
  224. nl80211_post_doit
  225. nl80211_notify_wiphy
  226. nl80211_notify_iface
  227. nl80211_add_scan_req
  228. nl80211_prep_scan_msg
  229. nl80211_prep_sched_scan_msg
  230. nl80211_send_scan_start
  231. nl80211_build_scan_msg
  232. nl80211_send_scan_msg
  233. nl80211_send_sched_scan
  234. nl80211_reg_change_event_fill
  235. nl80211_common_reg_change_event
  236. nl80211_send_mlme_event
  237. nl80211_send_rx_auth
  238. nl80211_send_rx_assoc
  239. nl80211_send_deauth
  240. nl80211_send_disassoc
  241. cfg80211_rx_unprot_mlme_mgmt
  242. nl80211_send_mlme_timeout
  243. nl80211_send_auth_timeout
  244. nl80211_send_assoc_timeout
  245. nl80211_send_connect_result
  246. nl80211_send_roamed
  247. nl80211_send_port_authorized
  248. nl80211_send_disconnected
  249. nl80211_send_ibss_bssid
  250. cfg80211_notify_new_peer_candidate
  251. nl80211_michael_mic_failure
  252. nl80211_send_beacon_hint_event
  253. nl80211_send_remain_on_chan_event
  254. cfg80211_ready_on_channel
  255. cfg80211_remain_on_channel_expired
  256. cfg80211_tx_mgmt_expired
  257. cfg80211_new_sta
  258. cfg80211_del_sta_sinfo
  259. cfg80211_conn_failed
  260. __nl80211_unexpected_frame
  261. cfg80211_rx_spurious_frame
  262. cfg80211_rx_unexpected_4addr_frame
  263. nl80211_send_mgmt
  264. cfg80211_mgmt_tx_status
  265. __nl80211_rx_control_port
  266. cfg80211_rx_control_port
  267. cfg80211_prepare_cqm
  268. cfg80211_send_cqm
  269. cfg80211_cqm_rssi_notify
  270. cfg80211_cqm_txe_notify
  271. cfg80211_cqm_pktloss_notify
  272. cfg80211_cqm_beacon_loss_notify
  273. nl80211_gtk_rekey_notify
  274. cfg80211_gtk_rekey_notify
  275. nl80211_pmksa_candidate_notify
  276. cfg80211_pmksa_candidate_notify
  277. nl80211_ch_switch_notify
  278. cfg80211_ch_switch_notify
  279. cfg80211_ch_switch_started_notify
  280. nl80211_radar_notify
  281. cfg80211_sta_opmode_change_notify
  282. cfg80211_probe_status
  283. cfg80211_report_obss_beacon
  284. cfg80211_net_detect_results
  285. cfg80211_report_wowlan_wakeup
  286. cfg80211_tdls_oper_request
  287. nl80211_netlink_notify
  288. cfg80211_ft_event
  289. cfg80211_crit_proto_stopped
  290. nl80211_send_ap_stopped
  291. cfg80211_external_auth_request
  292. cfg80211_update_owe_info_event
  293. nl80211_init
  294. nl80211_exit

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * This is the new netlink-based wireless configuration interface.
   4  *
   5  * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
   6  * Copyright 2013-2014  Intel Mobile Communications GmbH
   7  * Copyright 2015-2017  Intel Deutschland GmbH
   8  * Copyright (C) 2018-2019 Intel Corporation
   9  */
  10 
  11 #include <linux/if.h>
  12 #include <linux/module.h>
  13 #include <linux/err.h>
  14 #include <linux/slab.h>
  15 #include <linux/list.h>
  16 #include <linux/if_ether.h>
  17 #include <linux/ieee80211.h>
  18 #include <linux/nl80211.h>
  19 #include <linux/rtnetlink.h>
  20 #include <linux/netlink.h>
  21 #include <linux/nospec.h>
  22 #include <linux/etherdevice.h>
  23 #include <net/net_namespace.h>
  24 #include <net/genetlink.h>
  25 #include <net/cfg80211.h>
  26 #include <net/sock.h>
  27 #include <net/inet_connection_sock.h>
  28 #include "core.h"
  29 #include "nl80211.h"
  30 #include "reg.h"
  31 #include "rdev-ops.h"
  32 
  33 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
  34                                    struct genl_info *info,
  35                                    struct cfg80211_crypto_settings *settings,
  36                                    int cipher_limit);
  37 
  38 /* the netlink family */
  39 static struct genl_family nl80211_fam;
  40 
  41 /* multicast groups */
  42 enum nl80211_multicast_groups {
  43         NL80211_MCGRP_CONFIG,
  44         NL80211_MCGRP_SCAN,
  45         NL80211_MCGRP_REGULATORY,
  46         NL80211_MCGRP_MLME,
  47         NL80211_MCGRP_VENDOR,
  48         NL80211_MCGRP_NAN,
  49         NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
  50 };
  51 
  52 static const struct genl_multicast_group nl80211_mcgrps[] = {
  53         [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
  54         [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
  55         [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
  56         [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
  57         [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
  58         [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
  59 #ifdef CONFIG_NL80211_TESTMODE
  60         [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
  61 #endif
  62 };
  63 
  64 /* returns ERR_PTR values */
  65 static struct wireless_dev *
  66 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
  67 {
  68         struct cfg80211_registered_device *rdev;
  69         struct wireless_dev *result = NULL;
  70         bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
  71         bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
  72         u64 wdev_id;
  73         int wiphy_idx = -1;
  74         int ifidx = -1;
  75 
  76         ASSERT_RTNL();
  77 
  78         if (!have_ifidx && !have_wdev_id)
  79                 return ERR_PTR(-EINVAL);
  80 
  81         if (have_ifidx)
  82                 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
  83         if (have_wdev_id) {
  84                 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
  85                 wiphy_idx = wdev_id >> 32;
  86         }
  87 
  88         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
  89                 struct wireless_dev *wdev;
  90 
  91                 if (wiphy_net(&rdev->wiphy) != netns)
  92                         continue;
  93 
  94                 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
  95                         continue;
  96 
  97                 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
  98                         if (have_ifidx && wdev->netdev &&
  99                             wdev->netdev->ifindex == ifidx) {
 100                                 result = wdev;
 101                                 break;
 102                         }
 103                         if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
 104                                 result = wdev;
 105                                 break;
 106                         }
 107                 }
 108 
 109                 if (result)
 110                         break;
 111         }
 112 
 113         if (result)
 114                 return result;
 115         return ERR_PTR(-ENODEV);
 116 }
 117 
 118 static struct cfg80211_registered_device *
 119 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
 120 {
 121         struct cfg80211_registered_device *rdev = NULL, *tmp;
 122         struct net_device *netdev;
 123 
 124         ASSERT_RTNL();
 125 
 126         if (!attrs[NL80211_ATTR_WIPHY] &&
 127             !attrs[NL80211_ATTR_IFINDEX] &&
 128             !attrs[NL80211_ATTR_WDEV])
 129                 return ERR_PTR(-EINVAL);
 130 
 131         if (attrs[NL80211_ATTR_WIPHY])
 132                 rdev = cfg80211_rdev_by_wiphy_idx(
 133                                 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
 134 
 135         if (attrs[NL80211_ATTR_WDEV]) {
 136                 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
 137                 struct wireless_dev *wdev;
 138                 bool found = false;
 139 
 140                 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
 141                 if (tmp) {
 142                         /* make sure wdev exists */
 143                         list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
 144                                 if (wdev->identifier != (u32)wdev_id)
 145                                         continue;
 146                                 found = true;
 147                                 break;
 148                         }
 149 
 150                         if (!found)
 151                                 tmp = NULL;
 152 
 153                         if (rdev && tmp != rdev)
 154                                 return ERR_PTR(-EINVAL);
 155                         rdev = tmp;
 156                 }
 157         }
 158 
 159         if (attrs[NL80211_ATTR_IFINDEX]) {
 160                 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
 161 
 162                 netdev = __dev_get_by_index(netns, ifindex);
 163                 if (netdev) {
 164                         if (netdev->ieee80211_ptr)
 165                                 tmp = wiphy_to_rdev(
 166                                         netdev->ieee80211_ptr->wiphy);
 167                         else
 168                                 tmp = NULL;
 169 
 170                         /* not wireless device -- return error */
 171                         if (!tmp)
 172                                 return ERR_PTR(-EINVAL);
 173 
 174                         /* mismatch -- return error */
 175                         if (rdev && tmp != rdev)
 176                                 return ERR_PTR(-EINVAL);
 177 
 178                         rdev = tmp;
 179                 }
 180         }
 181 
 182         if (!rdev)
 183                 return ERR_PTR(-ENODEV);
 184 
 185         if (netns != wiphy_net(&rdev->wiphy))
 186                 return ERR_PTR(-ENODEV);
 187 
 188         return rdev;
 189 }
 190 
 191 /*
 192  * This function returns a pointer to the driver
 193  * that the genl_info item that is passed refers to.
 194  *
 195  * The result of this can be a PTR_ERR and hence must
 196  * be checked with IS_ERR() for errors.
 197  */
 198 static struct cfg80211_registered_device *
 199 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
 200 {
 201         return __cfg80211_rdev_from_attrs(netns, info->attrs);
 202 }
 203 
 204 static int validate_beacon_head(const struct nlattr *attr,
 205                                 struct netlink_ext_ack *extack)
 206 {
 207         const u8 *data = nla_data(attr);
 208         unsigned int len = nla_len(attr);
 209         const struct element *elem;
 210         const struct ieee80211_mgmt *mgmt = (void *)data;
 211         unsigned int fixedlen = offsetof(struct ieee80211_mgmt,
 212                                          u.beacon.variable);
 213 
 214         if (len < fixedlen)
 215                 goto err;
 216 
 217         if (ieee80211_hdrlen(mgmt->frame_control) !=
 218             offsetof(struct ieee80211_mgmt, u.beacon))
 219                 goto err;
 220 
 221         data += fixedlen;
 222         len -= fixedlen;
 223 
 224         for_each_element(elem, data, len) {
 225                 /* nothing */
 226         }
 227 
 228         if (for_each_element_completed(elem, data, len))
 229                 return 0;
 230 
 231 err:
 232         NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
 233         return -EINVAL;
 234 }
 235 
 236 static int validate_ie_attr(const struct nlattr *attr,
 237                             struct netlink_ext_ack *extack)
 238 {
 239         const u8 *data = nla_data(attr);
 240         unsigned int len = nla_len(attr);
 241         const struct element *elem;
 242 
 243         for_each_element(elem, data, len) {
 244                 /* nothing */
 245         }
 246 
 247         if (for_each_element_completed(elem, data, len))
 248                 return 0;
 249 
 250         NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
 251         return -EINVAL;
 252 }
 253 
 254 /* policy for the attributes */
 255 static const struct nla_policy
 256 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
 257         [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
 258         [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
 259                                         .len = U8_MAX },
 260         [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
 261                                              .len = U8_MAX },
 262 };
 263 
 264 static const struct nla_policy
 265 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
 266         [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
 267         [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
 268         [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
 269                 NLA_POLICY_MAX(NLA_U8, 15),
 270         [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
 271         [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
 272                 NLA_POLICY_MAX(NLA_U8, 15),
 273         [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
 274                 NLA_POLICY_MAX(NLA_U8, 31),
 275         [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
 276         [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
 277         [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
 278 };
 279 
 280 static const struct nla_policy
 281 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
 282         [NL80211_PMSR_TYPE_FTM] =
 283                 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
 284 };
 285 
 286 static const struct nla_policy
 287 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
 288         [NL80211_PMSR_REQ_ATTR_DATA] =
 289                 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
 290         [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
 291 };
 292 
 293 static const struct nla_policy
 294 nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
 295         [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
 296         /*
 297          * we could specify this again to be the top-level policy,
 298          * but that would open us up to recursion problems ...
 299          */
 300         [NL80211_PMSR_PEER_ATTR_CHAN] = { .type = NLA_NESTED },
 301         [NL80211_PMSR_PEER_ATTR_REQ] =
 302                 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
 303         [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
 304 };
 305 
 306 static const struct nla_policy
 307 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
 308         [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
 309         [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
 310         [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
 311         [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
 312         [NL80211_PMSR_ATTR_PEERS] =
 313                 NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
 314 };
 315 
 316 static const struct nla_policy
 317 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
 318         [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
 319                 NLA_POLICY_RANGE(NLA_U8, 1, 20),
 320         [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
 321                 NLA_POLICY_RANGE(NLA_U8, 1, 20),
 322 };
 323 
 324 const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
 325         [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
 326         [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
 327         [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
 328                                       .len = 20-1 },
 329         [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
 330 
 331         [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
 332         [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
 333         [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
 334                                                 NL80211_EDMG_CHANNELS_MIN,
 335                                                 NL80211_EDMG_CHANNELS_MAX),
 336         [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
 337                                                 NL80211_EDMG_BW_CONFIG_MIN,
 338                                                 NL80211_EDMG_BW_CONFIG_MAX),
 339 
 340         [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
 341         [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
 342         [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
 343 
 344         [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
 345         [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
 346         [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
 347         [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
 348         [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
 349         [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
 350 
 351         [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
 352         [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
 353         [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
 354 
 355         [NL80211_ATTR_MAC] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
 356         [NL80211_ATTR_PREV_BSSID] = {
 357                 .type = NLA_EXACT_LEN_WARN,
 358                 .len = ETH_ALEN
 359         },
 360 
 361         [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
 362         [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
 363                                     .len = WLAN_MAX_KEY_LEN },
 364         [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 5),
 365         [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
 366         [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
 367         [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
 368         [NL80211_ATTR_KEY_TYPE] =
 369                 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
 370 
 371         [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
 372         [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
 373         [NL80211_ATTR_BEACON_HEAD] =
 374                 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
 375                                        IEEE80211_MAX_DATA_LEN),
 376         [NL80211_ATTR_BEACON_TAIL] =
 377                 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
 378                                        IEEE80211_MAX_DATA_LEN),
 379         [NL80211_ATTR_STA_AID] =
 380                 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
 381         [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
 382         [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
 383         [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
 384                                                .len = NL80211_MAX_SUPP_RATES },
 385         [NL80211_ATTR_STA_PLINK_ACTION] =
 386                 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
 387         [NL80211_ATTR_STA_TX_POWER_SETTING] =
 388                 NLA_POLICY_RANGE(NLA_U8,
 389                                  NL80211_TX_POWER_AUTOMATIC,
 390                                  NL80211_TX_POWER_FIXED),
 391         [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
 392         [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
 393         [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
 394         [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
 395                                    .len = IEEE80211_MAX_MESH_ID_LEN },
 396         [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
 397 
 398         [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
 399         [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
 400 
 401         [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
 402         [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
 403         [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
 404         [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
 405                                            .len = NL80211_MAX_SUPP_RATES },
 406         [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
 407 
 408         [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
 409         [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
 410 
 411         [NL80211_ATTR_HT_CAPABILITY] = {
 412                 .type = NLA_EXACT_LEN_WARN,
 413                 .len = NL80211_HT_CAPABILITY_LEN
 414         },
 415 
 416         [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
 417         [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
 418                                                    validate_ie_attr,
 419                                                    IEEE80211_MAX_DATA_LEN),
 420         [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
 421         [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
 422 
 423         [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
 424                                 .len = IEEE80211_MAX_SSID_LEN },
 425         [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
 426         [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
 427         [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
 428         [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
 429         [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
 430                                                   NL80211_MFP_NO,
 431                                                   NL80211_MFP_OPTIONAL),
 432         [NL80211_ATTR_STA_FLAGS2] = {
 433                 .len = sizeof(struct nl80211_sta_flag_update),
 434         },
 435         [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
 436         [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
 437         [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
 438         [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
 439         [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
 440         [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
 441         [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
 442         [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
 443         [NL80211_ATTR_PID] = { .type = NLA_U32 },
 444         [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
 445         [NL80211_ATTR_PMKID] = {
 446                 .type = NLA_EXACT_LEN_WARN,
 447                 .len = WLAN_PMKID_LEN
 448         },
 449         [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
 450         [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
 451         [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
 452         [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
 453                                  .len = IEEE80211_MAX_DATA_LEN },
 454         [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
 455         [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
 456                                                    NL80211_PS_DISABLED,
 457                                                    NL80211_PS_ENABLED),
 458         [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
 459         [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
 460         [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
 461         [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
 462         [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
 463         [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
 464         [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
 465         [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
 466         [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
 467         [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
 468         [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
 469         [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
 470         [NL80211_ATTR_STA_PLINK_STATE] =
 471                 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
 472         [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
 473         [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
 474         [NL80211_ATTR_MESH_PEER_AID] =
 475                 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
 476         [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
 477         [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
 478         [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
 479         [NL80211_ATTR_HIDDEN_SSID] =
 480                 NLA_POLICY_RANGE(NLA_U32,
 481                                  NL80211_HIDDEN_SSID_NOT_IN_USE,
 482                                  NL80211_HIDDEN_SSID_ZERO_CONTENTS),
 483         [NL80211_ATTR_IE_PROBE_RESP] =
 484                 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
 485                                        IEEE80211_MAX_DATA_LEN),
 486         [NL80211_ATTR_IE_ASSOC_RESP] =
 487                 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
 488                                        IEEE80211_MAX_DATA_LEN),
 489         [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
 490         [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
 491         [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
 492         [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
 493         [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
 494         [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
 495         [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
 496         [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
 497         [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
 498         [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
 499         [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
 500                                       .len = IEEE80211_MAX_DATA_LEN },
 501         [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
 502         [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
 503         [NL80211_ATTR_HT_CAPABILITY_MASK] = {
 504                 .len = NL80211_HT_CAPABILITY_LEN
 505         },
 506         [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
 507         [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
 508         [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
 509         [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
 510         [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
 511         [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
 512         [NL80211_ATTR_VHT_CAPABILITY] = {
 513                 .type = NLA_EXACT_LEN_WARN,
 514                 .len = NL80211_VHT_CAPABILITY_LEN
 515         },
 516         [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
 517         [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
 518         [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
 519         [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
 520                 NLA_POLICY_RANGE(NLA_U32,
 521                                  NL80211_MESH_POWER_UNKNOWN + 1,
 522                                  NL80211_MESH_POWER_MAX),
 523         [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
 524         [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
 525         [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
 526         [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
 527         [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
 528         [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
 529         [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
 530                 .len = NL80211_VHT_CAPABILITY_LEN,
 531         },
 532         [NL80211_ATTR_MDID] = { .type = NLA_U16 },
 533         [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
 534                                   .len = IEEE80211_MAX_DATA_LEN },
 535         [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
 536         [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = { .type = NLA_U16 },
 537         [NL80211_ATTR_PEER_AID] =
 538                 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
 539         [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
 540         [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
 541         [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
 542         [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
 543         [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
 544         [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
 545         [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
 546         [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
 547         [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
 548         [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
 549         [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
 550         [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
 551         [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
 552                                    .len = IEEE80211_QOS_MAP_LEN_MAX },
 553         [NL80211_ATTR_MAC_HINT] = {
 554                 .type = NLA_EXACT_LEN_WARN,
 555                 .len = ETH_ALEN
 556         },
 557         [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
 558         [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
 559         [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
 560         [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
 561         [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
 562         [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
 563         [NL80211_ATTR_USER_PRIO] =
 564                 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
 565         [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
 566         [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
 567         [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
 568         [NL80211_ATTR_MAC_MASK] = {
 569                 .type = NLA_EXACT_LEN_WARN,
 570                 .len = ETH_ALEN
 571         },
 572         [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
 573         [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
 574         [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
 575         [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
 576         [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
 577         [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
 578         [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
 579                 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
 580         [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
 581                 .len = VHT_MUMIMO_GROUPS_DATA_LEN
 582         },
 583         [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = {
 584                 .type = NLA_EXACT_LEN_WARN,
 585                 .len = ETH_ALEN
 586         },
 587         [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
 588         [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
 589         [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
 590         [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
 591                                     .len = FILS_MAX_KEK_LEN },
 592         [NL80211_ATTR_FILS_NONCES] = {
 593                 .type = NLA_EXACT_LEN_WARN,
 594                 .len = 2 * FILS_NONCE_LEN
 595         },
 596         [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
 597         [NL80211_ATTR_BSSID] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
 598         [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
 599         [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
 600                 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
 601         },
 602         [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
 603         [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
 604                                              .len = FILS_ERP_MAX_USERNAME_LEN },
 605         [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
 606                                           .len = FILS_ERP_MAX_REALM_LEN },
 607         [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
 608         [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
 609                                         .len = FILS_ERP_MAX_RRK_LEN },
 610         [NL80211_ATTR_FILS_CACHE_ID] = { .type = NLA_EXACT_LEN_WARN, .len = 2 },
 611         [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
 612         [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
 613         [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
 614 
 615         [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
 616         [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
 617         [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
 618         [NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
 619                                          .len = NL80211_HE_MAX_CAPABILITY_LEN },
 620 
 621         [NL80211_ATTR_FTM_RESPONDER] =
 622                 NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
 623         [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
 624         [NL80211_ATTR_PEER_MEASUREMENTS] =
 625                 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
 626         [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
 627         [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
 628                                         .len = SAE_PASSWORD_MAX_LEN },
 629         [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
 630         [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
 631 };
 632 
 633 /* policy for the key attributes */
 634 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
 635         [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
 636         [NL80211_KEY_IDX] = { .type = NLA_U8 },
 637         [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
 638         [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
 639         [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
 640         [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
 641         [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
 642         [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
 643         [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
 644 };
 645 
 646 /* policy for the key default flags */
 647 static const struct nla_policy
 648 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
 649         [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
 650         [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
 651 };
 652 
 653 #ifdef CONFIG_PM
 654 /* policy for WoWLAN attributes */
 655 static const struct nla_policy
 656 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
 657         [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
 658         [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
 659         [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
 660         [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
 661         [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
 662         [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
 663         [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
 664         [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
 665         [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
 666         [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
 667 };
 668 
 669 static const struct nla_policy
 670 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
 671         [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
 672         [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
 673         [NL80211_WOWLAN_TCP_DST_MAC] = {
 674                 .type = NLA_EXACT_LEN_WARN,
 675                 .len = ETH_ALEN
 676         },
 677         [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
 678         [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
 679         [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
 680         [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
 681                 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
 682         },
 683         [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
 684                 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
 685         },
 686         [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
 687         [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
 688         [NL80211_WOWLAN_TCP_WAKE_MASK] = { .type = NLA_MIN_LEN, .len = 1 },
 689 };
 690 #endif /* CONFIG_PM */
 691 
 692 /* policy for coalesce rule attributes */
 693 static const struct nla_policy
 694 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
 695         [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
 696         [NL80211_ATTR_COALESCE_RULE_CONDITION] =
 697                 NLA_POLICY_RANGE(NLA_U32,
 698                                  NL80211_COALESCE_CONDITION_MATCH,
 699                                  NL80211_COALESCE_CONDITION_NO_MATCH),
 700         [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
 701 };
 702 
 703 /* policy for GTK rekey offload attributes */
 704 static const struct nla_policy
 705 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
 706         [NL80211_REKEY_DATA_KEK] = {
 707                 .type = NLA_EXACT_LEN_WARN,
 708                 .len = NL80211_KEK_LEN,
 709         },
 710         [NL80211_REKEY_DATA_KCK] = {
 711                 .type = NLA_EXACT_LEN_WARN,
 712                 .len = NL80211_KCK_LEN,
 713         },
 714         [NL80211_REKEY_DATA_REPLAY_CTR] = {
 715                 .type = NLA_EXACT_LEN_WARN,
 716                 .len = NL80211_REPLAY_CTR_LEN
 717         },
 718 };
 719 
 720 static const struct nla_policy
 721 nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
 722         [NL80211_BAND_2GHZ] = { .type = NLA_S32 },
 723         [NL80211_BAND_5GHZ] = { .type = NLA_S32 },
 724         [NL80211_BAND_6GHZ] = { .type = NLA_S32 },
 725         [NL80211_BAND_60GHZ] = { .type = NLA_S32 },
 726 };
 727 
 728 static const struct nla_policy
 729 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
 730         [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
 731                                                  .len = IEEE80211_MAX_SSID_LEN },
 732         [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = {
 733                 .type = NLA_EXACT_LEN_WARN,
 734                 .len = ETH_ALEN
 735         },
 736         [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
 737         [NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
 738                 NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
 739 };
 740 
 741 static const struct nla_policy
 742 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
 743         [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
 744         [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
 745 };
 746 
 747 static const struct nla_policy
 748 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
 749         [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
 750         [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
 751         [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
 752                 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
 753         },
 754 };
 755 
 756 /* policy for NAN function attributes */
 757 static const struct nla_policy
 758 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
 759         [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
 760         [NL80211_NAN_FUNC_SERVICE_ID] = {
 761                                     .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
 762         [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
 763         [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
 764         [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
 765         [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
 766         [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
 767         [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = {
 768                 .type = NLA_EXACT_LEN_WARN,
 769                 .len = ETH_ALEN
 770         },
 771         [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
 772         [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
 773         [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
 774                         .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
 775         [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
 776         [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
 777         [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
 778         [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
 779         [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
 780 };
 781 
 782 /* policy for Service Response Filter attributes */
 783 static const struct nla_policy
 784 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
 785         [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
 786         [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
 787                                  .len =  NL80211_NAN_FUNC_SRF_MAX_LEN },
 788         [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
 789         [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
 790 };
 791 
 792 /* policy for packet pattern attributes */
 793 static const struct nla_policy
 794 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
 795         [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
 796         [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
 797         [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
 798 };
 799 
 800 int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
 801                               struct cfg80211_registered_device **rdev,
 802                               struct wireless_dev **wdev)
 803 {
 804         int err;
 805 
 806         if (!cb->args[0]) {
 807                 struct nlattr **attrbuf;
 808 
 809                 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
 810                                   GFP_KERNEL);
 811                 if (!attrbuf)
 812                         return -ENOMEM;
 813 
 814                 err = nlmsg_parse_deprecated(cb->nlh,
 815                                              GENL_HDRLEN + nl80211_fam.hdrsize,
 816                                              attrbuf, nl80211_fam.maxattr,
 817                                              nl80211_policy, NULL);
 818                 if (err) {
 819                         kfree(attrbuf);
 820                         return err;
 821                 }
 822 
 823                 *wdev = __cfg80211_wdev_from_attrs(sock_net(cb->skb->sk),
 824                                                    attrbuf);
 825                 kfree(attrbuf);
 826                 if (IS_ERR(*wdev))
 827                         return PTR_ERR(*wdev);
 828                 *rdev = wiphy_to_rdev((*wdev)->wiphy);
 829                 /* 0 is the first index - add 1 to parse only once */
 830                 cb->args[0] = (*rdev)->wiphy_idx + 1;
 831                 cb->args[1] = (*wdev)->identifier;
 832         } else {
 833                 /* subtract the 1 again here */
 834                 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
 835                 struct wireless_dev *tmp;
 836 
 837                 if (!wiphy)
 838                         return -ENODEV;
 839                 *rdev = wiphy_to_rdev(wiphy);
 840                 *wdev = NULL;
 841 
 842                 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
 843                         if (tmp->identifier == cb->args[1]) {
 844                                 *wdev = tmp;
 845                                 break;
 846                         }
 847                 }
 848 
 849                 if (!*wdev)
 850                         return -ENODEV;
 851         }
 852 
 853         return 0;
 854 }
 855 
 856 /* message building helper */
 857 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
 858                      int flags, u8 cmd)
 859 {
 860         /* since there is no private header just add the generic one */
 861         return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
 862 }
 863 
 864 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
 865                                      const struct ieee80211_reg_rule *rule)
 866 {
 867         int j;
 868         struct nlattr *nl_wmm_rules =
 869                 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
 870 
 871         if (!nl_wmm_rules)
 872                 goto nla_put_failure;
 873 
 874         for (j = 0; j < IEEE80211_NUM_ACS; j++) {
 875                 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
 876 
 877                 if (!nl_wmm_rule)
 878                         goto nla_put_failure;
 879 
 880                 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
 881                                 rule->wmm_rule.client[j].cw_min) ||
 882                     nla_put_u16(msg, NL80211_WMMR_CW_MAX,
 883                                 rule->wmm_rule.client[j].cw_max) ||
 884                     nla_put_u8(msg, NL80211_WMMR_AIFSN,
 885                                rule->wmm_rule.client[j].aifsn) ||
 886                     nla_put_u16(msg, NL80211_WMMR_TXOP,
 887                                 rule->wmm_rule.client[j].cot))
 888                         goto nla_put_failure;
 889 
 890                 nla_nest_end(msg, nl_wmm_rule);
 891         }
 892         nla_nest_end(msg, nl_wmm_rules);
 893 
 894         return 0;
 895 
 896 nla_put_failure:
 897         return -ENOBUFS;
 898 }
 899 
 900 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
 901                                    struct ieee80211_channel *chan,
 902                                    bool large)
 903 {
 904         /* Some channels must be completely excluded from the
 905          * list to protect old user-space tools from breaking
 906          */
 907         if (!large && chan->flags &
 908             (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
 909                 return 0;
 910 
 911         if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
 912                         chan->center_freq))
 913                 goto nla_put_failure;
 914 
 915         if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
 916             nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
 917                 goto nla_put_failure;
 918         if (chan->flags & IEEE80211_CHAN_NO_IR) {
 919                 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
 920                         goto nla_put_failure;
 921                 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
 922                         goto nla_put_failure;
 923         }
 924         if (chan->flags & IEEE80211_CHAN_RADAR) {
 925                 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
 926                         goto nla_put_failure;
 927                 if (large) {
 928                         u32 time;
 929 
 930                         time = elapsed_jiffies_msecs(chan->dfs_state_entered);
 931 
 932                         if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
 933                                         chan->dfs_state))
 934                                 goto nla_put_failure;
 935                         if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
 936                                         time))
 937                                 goto nla_put_failure;
 938                         if (nla_put_u32(msg,
 939                                         NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
 940                                         chan->dfs_cac_ms))
 941                                 goto nla_put_failure;
 942                 }
 943         }
 944 
 945         if (large) {
 946                 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
 947                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
 948                         goto nla_put_failure;
 949                 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
 950                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
 951                         goto nla_put_failure;
 952                 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
 953                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
 954                         goto nla_put_failure;
 955                 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
 956                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
 957                         goto nla_put_failure;
 958                 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
 959                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
 960                         goto nla_put_failure;
 961                 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
 962                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
 963                         goto nla_put_failure;
 964                 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
 965                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
 966                         goto nla_put_failure;
 967                 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
 968                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
 969                         goto nla_put_failure;
 970         }
 971 
 972         if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
 973                         DBM_TO_MBM(chan->max_power)))
 974                 goto nla_put_failure;
 975 
 976         if (large) {
 977                 const struct ieee80211_reg_rule *rule =
 978                         freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
 979 
 980                 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
 981                         if (nl80211_msg_put_wmm_rules(msg, rule))
 982                                 goto nla_put_failure;
 983                 }
 984         }
 985 
 986         return 0;
 987 
 988  nla_put_failure:
 989         return -ENOBUFS;
 990 }
 991 
 992 static bool nl80211_put_txq_stats(struct sk_buff *msg,
 993                                   struct cfg80211_txq_stats *txqstats,
 994                                   int attrtype)
 995 {
 996         struct nlattr *txqattr;
 997 
 998 #define PUT_TXQVAL_U32(attr, memb) do {                                   \
 999         if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) &&         \
1000             nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1001                 return false;                                             \
1002         } while (0)
1003 
1004         txqattr = nla_nest_start_noflag(msg, attrtype);
1005         if (!txqattr)
1006                 return false;
1007 
1008         PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1009         PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1010         PUT_TXQVAL_U32(FLOWS, flows);
1011         PUT_TXQVAL_U32(DROPS, drops);
1012         PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1013         PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1014         PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1015         PUT_TXQVAL_U32(COLLISIONS, collisions);
1016         PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1017         PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1018         PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1019         nla_nest_end(msg, txqattr);
1020 
1021 #undef PUT_TXQVAL_U32
1022         return true;
1023 }
1024 
1025 /* netlink command implementations */
1026 
1027 struct key_parse {
1028         struct key_params p;
1029         int idx;
1030         int type;
1031         bool def, defmgmt;
1032         bool def_uni, def_multi;
1033 };
1034 
1035 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1036                                  struct key_parse *k)
1037 {
1038         struct nlattr *tb[NL80211_KEY_MAX + 1];
1039         int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1040                                               nl80211_key_policy,
1041                                               info->extack);
1042         if (err)
1043                 return err;
1044 
1045         k->def = !!tb[NL80211_KEY_DEFAULT];
1046         k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1047 
1048         if (k->def) {
1049                 k->def_uni = true;
1050                 k->def_multi = true;
1051         }
1052         if (k->defmgmt)
1053                 k->def_multi = true;
1054 
1055         if (tb[NL80211_KEY_IDX])
1056                 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1057 
1058         if (tb[NL80211_KEY_DATA]) {
1059                 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1060                 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1061         }
1062 
1063         if (tb[NL80211_KEY_SEQ]) {
1064                 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1065                 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1066         }
1067 
1068         if (tb[NL80211_KEY_CIPHER])
1069                 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1070 
1071         if (tb[NL80211_KEY_TYPE])
1072                 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1073 
1074         if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1075                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1076 
1077                 err = nla_parse_nested_deprecated(kdt,
1078                                                   NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1079                                                   tb[NL80211_KEY_DEFAULT_TYPES],
1080                                                   nl80211_key_default_policy,
1081                                                   info->extack);
1082                 if (err)
1083                         return err;
1084 
1085                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1086                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1087         }
1088 
1089         if (tb[NL80211_KEY_MODE])
1090                 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1091 
1092         return 0;
1093 }
1094 
1095 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1096 {
1097         if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1098                 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1099                 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1100         }
1101 
1102         if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1103                 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1104                 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1105         }
1106 
1107         if (info->attrs[NL80211_ATTR_KEY_IDX])
1108                 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1109 
1110         if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1111                 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1112 
1113         k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1114         k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1115 
1116         if (k->def) {
1117                 k->def_uni = true;
1118                 k->def_multi = true;
1119         }
1120         if (k->defmgmt)
1121                 k->def_multi = true;
1122 
1123         if (info->attrs[NL80211_ATTR_KEY_TYPE])
1124                 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1125 
1126         if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1127                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1128                 int err = nla_parse_nested_deprecated(kdt,
1129                                                       NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1130                                                       info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1131                                                       nl80211_key_default_policy,
1132                                                       info->extack);
1133                 if (err)
1134                         return err;
1135 
1136                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1137                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1138         }
1139 
1140         return 0;
1141 }
1142 
1143 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1144 {
1145         int err;
1146 
1147         memset(k, 0, sizeof(*k));
1148         k->idx = -1;
1149         k->type = -1;
1150 
1151         if (info->attrs[NL80211_ATTR_KEY])
1152                 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1153         else
1154                 err = nl80211_parse_key_old(info, k);
1155 
1156         if (err)
1157                 return err;
1158 
1159         if (k->def && k->defmgmt) {
1160                 GENL_SET_ERR_MSG(info, "key with def && defmgmt is invalid");
1161                 return -EINVAL;
1162         }
1163 
1164         if (k->defmgmt) {
1165                 if (k->def_uni || !k->def_multi) {
1166                         GENL_SET_ERR_MSG(info, "defmgmt key must be mcast");
1167                         return -EINVAL;
1168                 }
1169         }
1170 
1171         if (k->idx != -1) {
1172                 if (k->defmgmt) {
1173                         if (k->idx < 4 || k->idx > 5) {
1174                                 GENL_SET_ERR_MSG(info,
1175                                                  "defmgmt key idx not 4 or 5");
1176                                 return -EINVAL;
1177                         }
1178                 } else if (k->def) {
1179                         if (k->idx < 0 || k->idx > 3) {
1180                                 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1181                                 return -EINVAL;
1182                         }
1183                 } else {
1184                         if (k->idx < 0 || k->idx > 5) {
1185                                 GENL_SET_ERR_MSG(info, "key idx not 0-5");
1186                                 return -EINVAL;
1187                         }
1188                 }
1189         }
1190 
1191         return 0;
1192 }
1193 
1194 static struct cfg80211_cached_keys *
1195 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1196                        struct genl_info *info, bool *no_ht)
1197 {
1198         struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1199         struct key_parse parse;
1200         struct nlattr *key;
1201         struct cfg80211_cached_keys *result;
1202         int rem, err, def = 0;
1203         bool have_key = false;
1204 
1205         nla_for_each_nested(key, keys, rem) {
1206                 have_key = true;
1207                 break;
1208         }
1209 
1210         if (!have_key)
1211                 return NULL;
1212 
1213         result = kzalloc(sizeof(*result), GFP_KERNEL);
1214         if (!result)
1215                 return ERR_PTR(-ENOMEM);
1216 
1217         result->def = -1;
1218 
1219         nla_for_each_nested(key, keys, rem) {
1220                 memset(&parse, 0, sizeof(parse));
1221                 parse.idx = -1;
1222 
1223                 err = nl80211_parse_key_new(info, key, &parse);
1224                 if (err)
1225                         goto error;
1226                 err = -EINVAL;
1227                 if (!parse.p.key)
1228                         goto error;
1229                 if (parse.idx < 0 || parse.idx > 3) {
1230                         GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1231                         goto error;
1232                 }
1233                 if (parse.def) {
1234                         if (def) {
1235                                 GENL_SET_ERR_MSG(info,
1236                                                  "only one key can be default");
1237                                 goto error;
1238                         }
1239                         def = 1;
1240                         result->def = parse.idx;
1241                         if (!parse.def_uni || !parse.def_multi)
1242                                 goto error;
1243                 } else if (parse.defmgmt)
1244                         goto error;
1245                 err = cfg80211_validate_key_settings(rdev, &parse.p,
1246                                                      parse.idx, false, NULL);
1247                 if (err)
1248                         goto error;
1249                 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1250                     parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1251                         GENL_SET_ERR_MSG(info, "connect key must be WEP");
1252                         err = -EINVAL;
1253                         goto error;
1254                 }
1255                 result->params[parse.idx].cipher = parse.p.cipher;
1256                 result->params[parse.idx].key_len = parse.p.key_len;
1257                 result->params[parse.idx].key = result->data[parse.idx];
1258                 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1259 
1260                 /* must be WEP key if we got here */
1261                 if (no_ht)
1262                         *no_ht = true;
1263         }
1264 
1265         if (result->def < 0) {
1266                 err = -EINVAL;
1267                 GENL_SET_ERR_MSG(info, "need a default/TX key");
1268                 goto error;
1269         }
1270 
1271         return result;
1272  error:
1273         kfree(result);
1274         return ERR_PTR(err);
1275 }
1276 
1277 static int nl80211_key_allowed(struct wireless_dev *wdev)
1278 {
1279         ASSERT_WDEV_LOCK(wdev);
1280 
1281         switch (wdev->iftype) {
1282         case NL80211_IFTYPE_AP:
1283         case NL80211_IFTYPE_AP_VLAN:
1284         case NL80211_IFTYPE_P2P_GO:
1285         case NL80211_IFTYPE_MESH_POINT:
1286                 break;
1287         case NL80211_IFTYPE_ADHOC:
1288         case NL80211_IFTYPE_STATION:
1289         case NL80211_IFTYPE_P2P_CLIENT:
1290                 if (!wdev->current_bss)
1291                         return -ENOLINK;
1292                 break;
1293         case NL80211_IFTYPE_UNSPECIFIED:
1294         case NL80211_IFTYPE_OCB:
1295         case NL80211_IFTYPE_MONITOR:
1296         case NL80211_IFTYPE_NAN:
1297         case NL80211_IFTYPE_P2P_DEVICE:
1298         case NL80211_IFTYPE_WDS:
1299         case NUM_NL80211_IFTYPES:
1300                 return -EINVAL;
1301         }
1302 
1303         return 0;
1304 }
1305 
1306 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1307                                                         struct nlattr *tb)
1308 {
1309         struct ieee80211_channel *chan;
1310 
1311         if (tb == NULL)
1312                 return NULL;
1313         chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1314         if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1315                 return NULL;
1316         return chan;
1317 }
1318 
1319 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1320 {
1321         struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1322         int i;
1323 
1324         if (!nl_modes)
1325                 goto nla_put_failure;
1326 
1327         i = 0;
1328         while (ifmodes) {
1329                 if ((ifmodes & 1) && nla_put_flag(msg, i))
1330                         goto nla_put_failure;
1331                 ifmodes >>= 1;
1332                 i++;
1333         }
1334 
1335         nla_nest_end(msg, nl_modes);
1336         return 0;
1337 
1338 nla_put_failure:
1339         return -ENOBUFS;
1340 }
1341 
1342 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1343                                           struct sk_buff *msg,
1344                                           bool large)
1345 {
1346         struct nlattr *nl_combis;
1347         int i, j;
1348 
1349         nl_combis = nla_nest_start_noflag(msg,
1350                                           NL80211_ATTR_INTERFACE_COMBINATIONS);
1351         if (!nl_combis)
1352                 goto nla_put_failure;
1353 
1354         for (i = 0; i < wiphy->n_iface_combinations; i++) {
1355                 const struct ieee80211_iface_combination *c;
1356                 struct nlattr *nl_combi, *nl_limits;
1357 
1358                 c = &wiphy->iface_combinations[i];
1359 
1360                 nl_combi = nla_nest_start_noflag(msg, i + 1);
1361                 if (!nl_combi)
1362                         goto nla_put_failure;
1363 
1364                 nl_limits = nla_nest_start_noflag(msg,
1365                                                   NL80211_IFACE_COMB_LIMITS);
1366                 if (!nl_limits)
1367                         goto nla_put_failure;
1368 
1369                 for (j = 0; j < c->n_limits; j++) {
1370                         struct nlattr *nl_limit;
1371 
1372                         nl_limit = nla_nest_start_noflag(msg, j + 1);
1373                         if (!nl_limit)
1374                                 goto nla_put_failure;
1375                         if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1376                                         c->limits[j].max))
1377                                 goto nla_put_failure;
1378                         if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1379                                                 c->limits[j].types))
1380                                 goto nla_put_failure;
1381                         nla_nest_end(msg, nl_limit);
1382                 }
1383 
1384                 nla_nest_end(msg, nl_limits);
1385 
1386                 if (c->beacon_int_infra_match &&
1387                     nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1388                         goto nla_put_failure;
1389                 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1390                                 c->num_different_channels) ||
1391                     nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1392                                 c->max_interfaces))
1393                         goto nla_put_failure;
1394                 if (large &&
1395                     (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1396                                 c->radar_detect_widths) ||
1397                      nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1398                                 c->radar_detect_regions)))
1399                         goto nla_put_failure;
1400                 if (c->beacon_int_min_gcd &&
1401                     nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1402                                 c->beacon_int_min_gcd))
1403                         goto nla_put_failure;
1404 
1405                 nla_nest_end(msg, nl_combi);
1406         }
1407 
1408         nla_nest_end(msg, nl_combis);
1409 
1410         return 0;
1411 nla_put_failure:
1412         return -ENOBUFS;
1413 }
1414 
1415 #ifdef CONFIG_PM
1416 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1417                                         struct sk_buff *msg)
1418 {
1419         const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1420         struct nlattr *nl_tcp;
1421 
1422         if (!tcp)
1423                 return 0;
1424 
1425         nl_tcp = nla_nest_start_noflag(msg,
1426                                        NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1427         if (!nl_tcp)
1428                 return -ENOBUFS;
1429 
1430         if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1431                         tcp->data_payload_max))
1432                 return -ENOBUFS;
1433 
1434         if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1435                         tcp->data_payload_max))
1436                 return -ENOBUFS;
1437 
1438         if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1439                 return -ENOBUFS;
1440 
1441         if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1442                                 sizeof(*tcp->tok), tcp->tok))
1443                 return -ENOBUFS;
1444 
1445         if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1446                         tcp->data_interval_max))
1447                 return -ENOBUFS;
1448 
1449         if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1450                         tcp->wake_payload_max))
1451                 return -ENOBUFS;
1452 
1453         nla_nest_end(msg, nl_tcp);
1454         return 0;
1455 }
1456 
1457 static int nl80211_send_wowlan(struct sk_buff *msg,
1458                                struct cfg80211_registered_device *rdev,
1459                                bool large)
1460 {
1461         struct nlattr *nl_wowlan;
1462 
1463         if (!rdev->wiphy.wowlan)
1464                 return 0;
1465 
1466         nl_wowlan = nla_nest_start_noflag(msg,
1467                                           NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1468         if (!nl_wowlan)
1469                 return -ENOBUFS;
1470 
1471         if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1472              nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1473             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1474              nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1475             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1476              nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1477             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1478              nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1479             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1480              nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1481             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1482              nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1483             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1484              nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1485             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1486              nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1487                 return -ENOBUFS;
1488 
1489         if (rdev->wiphy.wowlan->n_patterns) {
1490                 struct nl80211_pattern_support pat = {
1491                         .max_patterns = rdev->wiphy.wowlan->n_patterns,
1492                         .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1493                         .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1494                         .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1495                 };
1496 
1497                 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1498                             sizeof(pat), &pat))
1499                         return -ENOBUFS;
1500         }
1501 
1502         if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1503             nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1504                         rdev->wiphy.wowlan->max_nd_match_sets))
1505                 return -ENOBUFS;
1506 
1507         if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1508                 return -ENOBUFS;
1509 
1510         nla_nest_end(msg, nl_wowlan);
1511 
1512         return 0;
1513 }
1514 #endif
1515 
1516 static int nl80211_send_coalesce(struct sk_buff *msg,
1517                                  struct cfg80211_registered_device *rdev)
1518 {
1519         struct nl80211_coalesce_rule_support rule;
1520 
1521         if (!rdev->wiphy.coalesce)
1522                 return 0;
1523 
1524         rule.max_rules = rdev->wiphy.coalesce->n_rules;
1525         rule.max_delay = rdev->wiphy.coalesce->max_delay;
1526         rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1527         rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1528         rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1529         rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1530 
1531         if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1532                 return -ENOBUFS;
1533 
1534         return 0;
1535 }
1536 
1537 static int
1538 nl80211_send_iftype_data(struct sk_buff *msg,
1539                          const struct ieee80211_sband_iftype_data *iftdata)
1540 {
1541         const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1542 
1543         if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1544                                 iftdata->types_mask))
1545                 return -ENOBUFS;
1546 
1547         if (he_cap->has_he) {
1548                 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1549                             sizeof(he_cap->he_cap_elem.mac_cap_info),
1550                             he_cap->he_cap_elem.mac_cap_info) ||
1551                     nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1552                             sizeof(he_cap->he_cap_elem.phy_cap_info),
1553                             he_cap->he_cap_elem.phy_cap_info) ||
1554                     nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1555                             sizeof(he_cap->he_mcs_nss_supp),
1556                             &he_cap->he_mcs_nss_supp) ||
1557                     nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1558                             sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1559                         return -ENOBUFS;
1560         }
1561 
1562         return 0;
1563 }
1564 
1565 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1566                                       struct ieee80211_supported_band *sband)
1567 {
1568         struct nlattr *nl_rates, *nl_rate;
1569         struct ieee80211_rate *rate;
1570         int i;
1571 
1572         /* add HT info */
1573         if (sband->ht_cap.ht_supported &&
1574             (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1575                      sizeof(sband->ht_cap.mcs),
1576                      &sband->ht_cap.mcs) ||
1577              nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1578                          sband->ht_cap.cap) ||
1579              nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1580                         sband->ht_cap.ampdu_factor) ||
1581              nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1582                         sband->ht_cap.ampdu_density)))
1583                 return -ENOBUFS;
1584 
1585         /* add VHT info */
1586         if (sband->vht_cap.vht_supported &&
1587             (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1588                      sizeof(sband->vht_cap.vht_mcs),
1589                      &sband->vht_cap.vht_mcs) ||
1590              nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1591                          sband->vht_cap.cap)))
1592                 return -ENOBUFS;
1593 
1594         if (sband->n_iftype_data) {
1595                 struct nlattr *nl_iftype_data =
1596                         nla_nest_start_noflag(msg,
1597                                               NL80211_BAND_ATTR_IFTYPE_DATA);
1598                 int err;
1599 
1600                 if (!nl_iftype_data)
1601                         return -ENOBUFS;
1602 
1603                 for (i = 0; i < sband->n_iftype_data; i++) {
1604                         struct nlattr *iftdata;
1605 
1606                         iftdata = nla_nest_start_noflag(msg, i + 1);
1607                         if (!iftdata)
1608                                 return -ENOBUFS;
1609 
1610                         err = nl80211_send_iftype_data(msg,
1611                                                        &sband->iftype_data[i]);
1612                         if (err)
1613                                 return err;
1614 
1615                         nla_nest_end(msg, iftdata);
1616                 }
1617 
1618                 nla_nest_end(msg, nl_iftype_data);
1619         }
1620 
1621         /* add EDMG info */
1622         if (sband->edmg_cap.channels &&
1623             (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1624                        sband->edmg_cap.channels) ||
1625             nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1626                        sband->edmg_cap.bw_config)))
1627 
1628                 return -ENOBUFS;
1629 
1630         /* add bitrates */
1631         nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1632         if (!nl_rates)
1633                 return -ENOBUFS;
1634 
1635         for (i = 0; i < sband->n_bitrates; i++) {
1636                 nl_rate = nla_nest_start_noflag(msg, i);
1637                 if (!nl_rate)
1638                         return -ENOBUFS;
1639 
1640                 rate = &sband->bitrates[i];
1641                 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1642                                 rate->bitrate))
1643                         return -ENOBUFS;
1644                 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1645                     nla_put_flag(msg,
1646                                  NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1647                         return -ENOBUFS;
1648 
1649                 nla_nest_end(msg, nl_rate);
1650         }
1651 
1652         nla_nest_end(msg, nl_rates);
1653 
1654         return 0;
1655 }
1656 
1657 static int
1658 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1659                          const struct ieee80211_txrx_stypes *mgmt_stypes)
1660 {
1661         u16 stypes;
1662         struct nlattr *nl_ftypes, *nl_ifs;
1663         enum nl80211_iftype ift;
1664         int i;
1665 
1666         if (!mgmt_stypes)
1667                 return 0;
1668 
1669         nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1670         if (!nl_ifs)
1671                 return -ENOBUFS;
1672 
1673         for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1674                 nl_ftypes = nla_nest_start_noflag(msg, ift);
1675                 if (!nl_ftypes)
1676                         return -ENOBUFS;
1677                 i = 0;
1678                 stypes = mgmt_stypes[ift].tx;
1679                 while (stypes) {
1680                         if ((stypes & 1) &&
1681                             nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1682                                         (i << 4) | IEEE80211_FTYPE_MGMT))
1683                                 return -ENOBUFS;
1684                         stypes >>= 1;
1685                         i++;
1686                 }
1687                 nla_nest_end(msg, nl_ftypes);
1688         }
1689 
1690         nla_nest_end(msg, nl_ifs);
1691 
1692         nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1693         if (!nl_ifs)
1694                 return -ENOBUFS;
1695 
1696         for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1697                 nl_ftypes = nla_nest_start_noflag(msg, ift);
1698                 if (!nl_ftypes)
1699                         return -ENOBUFS;
1700                 i = 0;
1701                 stypes = mgmt_stypes[ift].rx;
1702                 while (stypes) {
1703                         if ((stypes & 1) &&
1704                             nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1705                                         (i << 4) | IEEE80211_FTYPE_MGMT))
1706                                 return -ENOBUFS;
1707                         stypes >>= 1;
1708                         i++;
1709                 }
1710                 nla_nest_end(msg, nl_ftypes);
1711         }
1712         nla_nest_end(msg, nl_ifs);
1713 
1714         return 0;
1715 }
1716 
1717 #define CMD(op, n)                                                      \
1718          do {                                                           \
1719                 if (rdev->ops->op) {                                    \
1720                         i++;                                            \
1721                         if (nla_put_u32(msg, i, NL80211_CMD_ ## n))     \
1722                                 goto nla_put_failure;                   \
1723                 }                                                       \
1724         } while (0)
1725 
1726 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1727                                         struct sk_buff *msg)
1728 {
1729         int i = 0;
1730 
1731         /*
1732          * do *NOT* add anything into this function, new things need to be
1733          * advertised only to new versions of userspace that can deal with
1734          * the split (and they can't possibly care about new features...
1735          */
1736         CMD(add_virtual_intf, NEW_INTERFACE);
1737         CMD(change_virtual_intf, SET_INTERFACE);
1738         CMD(add_key, NEW_KEY);
1739         CMD(start_ap, START_AP);
1740         CMD(add_station, NEW_STATION);
1741         CMD(add_mpath, NEW_MPATH);
1742         CMD(update_mesh_config, SET_MESH_CONFIG);
1743         CMD(change_bss, SET_BSS);
1744         CMD(auth, AUTHENTICATE);
1745         CMD(assoc, ASSOCIATE);
1746         CMD(deauth, DEAUTHENTICATE);
1747         CMD(disassoc, DISASSOCIATE);
1748         CMD(join_ibss, JOIN_IBSS);
1749         CMD(join_mesh, JOIN_MESH);
1750         CMD(set_pmksa, SET_PMKSA);
1751         CMD(del_pmksa, DEL_PMKSA);
1752         CMD(flush_pmksa, FLUSH_PMKSA);
1753         if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1754                 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1755         CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1756         CMD(mgmt_tx, FRAME);
1757         CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1758         if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1759                 i++;
1760                 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1761                         goto nla_put_failure;
1762         }
1763         if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1764             rdev->ops->join_mesh) {
1765                 i++;
1766                 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1767                         goto nla_put_failure;
1768         }
1769         CMD(set_wds_peer, SET_WDS_PEER);
1770         if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1771                 CMD(tdls_mgmt, TDLS_MGMT);
1772                 CMD(tdls_oper, TDLS_OPER);
1773         }
1774         if (rdev->wiphy.max_sched_scan_reqs)
1775                 CMD(sched_scan_start, START_SCHED_SCAN);
1776         CMD(probe_client, PROBE_CLIENT);
1777         CMD(set_noack_map, SET_NOACK_MAP);
1778         if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1779                 i++;
1780                 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1781                         goto nla_put_failure;
1782         }
1783         CMD(start_p2p_device, START_P2P_DEVICE);
1784         CMD(set_mcast_rate, SET_MCAST_RATE);
1785 #ifdef CONFIG_NL80211_TESTMODE
1786         CMD(testmode_cmd, TESTMODE);
1787 #endif
1788 
1789         if (rdev->ops->connect || rdev->ops->auth) {
1790                 i++;
1791                 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1792                         goto nla_put_failure;
1793         }
1794 
1795         if (rdev->ops->disconnect || rdev->ops->deauth) {
1796                 i++;
1797                 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1798                         goto nla_put_failure;
1799         }
1800 
1801         return i;
1802  nla_put_failure:
1803         return -ENOBUFS;
1804 }
1805 
1806 static int
1807 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1808                            struct sk_buff *msg)
1809 {
1810         struct nlattr *ftm;
1811 
1812         if (!cap->ftm.supported)
1813                 return 0;
1814 
1815         ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1816         if (!ftm)
1817                 return -ENOBUFS;
1818 
1819         if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1820                 return -ENOBUFS;
1821         if (cap->ftm.non_asap &&
1822             nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
1823                 return -ENOBUFS;
1824         if (cap->ftm.request_lci &&
1825             nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
1826                 return -ENOBUFS;
1827         if (cap->ftm.request_civicloc &&
1828             nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
1829                 return -ENOBUFS;
1830         if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
1831                         cap->ftm.preambles))
1832                 return -ENOBUFS;
1833         if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
1834                         cap->ftm.bandwidths))
1835                 return -ENOBUFS;
1836         if (cap->ftm.max_bursts_exponent >= 0 &&
1837             nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
1838                         cap->ftm.max_bursts_exponent))
1839                 return -ENOBUFS;
1840         if (cap->ftm.max_ftms_per_burst &&
1841             nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
1842                         cap->ftm.max_ftms_per_burst))
1843                 return -ENOBUFS;
1844 
1845         nla_nest_end(msg, ftm);
1846         return 0;
1847 }
1848 
1849 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
1850                                   struct sk_buff *msg)
1851 {
1852         const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
1853         struct nlattr *pmsr, *caps;
1854 
1855         if (!cap)
1856                 return 0;
1857 
1858         /*
1859          * we don't need to clean up anything here since the caller
1860          * will genlmsg_cancel() if we fail
1861          */
1862 
1863         pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
1864         if (!pmsr)
1865                 return -ENOBUFS;
1866 
1867         if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
1868                 return -ENOBUFS;
1869 
1870         if (cap->report_ap_tsf &&
1871             nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
1872                 return -ENOBUFS;
1873 
1874         if (cap->randomize_mac_addr &&
1875             nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
1876                 return -ENOBUFS;
1877 
1878         caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
1879         if (!caps)
1880                 return -ENOBUFS;
1881 
1882         if (nl80211_send_pmsr_ftm_capa(cap, msg))
1883                 return -ENOBUFS;
1884 
1885         nla_nest_end(msg, caps);
1886         nla_nest_end(msg, pmsr);
1887 
1888         return 0;
1889 }
1890 
1891 struct nl80211_dump_wiphy_state {
1892         s64 filter_wiphy;
1893         long start;
1894         long split_start, band_start, chan_start, capa_start;
1895         bool split;
1896 };
1897 
1898 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1899                               enum nl80211_commands cmd,
1900                               struct sk_buff *msg, u32 portid, u32 seq,
1901                               int flags, struct nl80211_dump_wiphy_state *state)
1902 {
1903         void *hdr;
1904         struct nlattr *nl_bands, *nl_band;
1905         struct nlattr *nl_freqs, *nl_freq;
1906         struct nlattr *nl_cmds;
1907         enum nl80211_band band;
1908         struct ieee80211_channel *chan;
1909         int i;
1910         const struct ieee80211_txrx_stypes *mgmt_stypes =
1911                                 rdev->wiphy.mgmt_stypes;
1912         u32 features;
1913 
1914         hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1915         if (!hdr)
1916                 return -ENOBUFS;
1917 
1918         if (WARN_ON(!state))
1919                 return -EINVAL;
1920 
1921         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1922             nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1923                            wiphy_name(&rdev->wiphy)) ||
1924             nla_put_u32(msg, NL80211_ATTR_GENERATION,
1925                         cfg80211_rdev_list_generation))
1926                 goto nla_put_failure;
1927 
1928         if (cmd != NL80211_CMD_NEW_WIPHY)
1929                 goto finish;
1930 
1931         switch (state->split_start) {
1932         case 0:
1933                 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1934                                rdev->wiphy.retry_short) ||
1935                     nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1936                                rdev->wiphy.retry_long) ||
1937                     nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1938                                 rdev->wiphy.frag_threshold) ||
1939                     nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1940                                 rdev->wiphy.rts_threshold) ||
1941                     nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1942                                rdev->wiphy.coverage_class) ||
1943                     nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1944                                rdev->wiphy.max_scan_ssids) ||
1945                     nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1946                                rdev->wiphy.max_sched_scan_ssids) ||
1947                     nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1948                                 rdev->wiphy.max_scan_ie_len) ||
1949                     nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1950                                 rdev->wiphy.max_sched_scan_ie_len) ||
1951                     nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1952                                rdev->wiphy.max_match_sets) ||
1953                     nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1954                                 rdev->wiphy.max_sched_scan_plans) ||
1955                     nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1956                                 rdev->wiphy.max_sched_scan_plan_interval) ||
1957                     nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1958                                 rdev->wiphy.max_sched_scan_plan_iterations))
1959                         goto nla_put_failure;
1960 
1961                 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1962                     nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1963                         goto nla_put_failure;
1964                 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1965                     nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1966                         goto nla_put_failure;
1967                 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1968                     nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1969                         goto nla_put_failure;
1970                 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1971                     nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1972                         goto nla_put_failure;
1973                 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1974                     nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1975                         goto nla_put_failure;
1976                 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1977                     nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1978                         goto nla_put_failure;
1979                 state->split_start++;
1980                 if (state->split)
1981                         break;
1982                 /* fall through */
1983         case 1:
1984                 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1985                             sizeof(u32) * rdev->wiphy.n_cipher_suites,
1986                             rdev->wiphy.cipher_suites))
1987                         goto nla_put_failure;
1988 
1989                 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1990                                rdev->wiphy.max_num_pmkids))
1991                         goto nla_put_failure;
1992 
1993                 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1994                     nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1995                         goto nla_put_failure;
1996 
1997                 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1998                                 rdev->wiphy.available_antennas_tx) ||
1999                     nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2000                                 rdev->wiphy.available_antennas_rx))
2001                         goto nla_put_failure;
2002 
2003                 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2004                     nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2005                                 rdev->wiphy.probe_resp_offload))
2006                         goto nla_put_failure;
2007 
2008                 if ((rdev->wiphy.available_antennas_tx ||
2009                      rdev->wiphy.available_antennas_rx) &&
2010                     rdev->ops->get_antenna) {
2011                         u32 tx_ant = 0, rx_ant = 0;
2012                         int res;
2013 
2014                         res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2015                         if (!res) {
2016                                 if (nla_put_u32(msg,
2017                                                 NL80211_ATTR_WIPHY_ANTENNA_TX,
2018                                                 tx_ant) ||
2019                                     nla_put_u32(msg,
2020                                                 NL80211_ATTR_WIPHY_ANTENNA_RX,
2021                                                 rx_ant))
2022                                         goto nla_put_failure;
2023                         }
2024                 }
2025 
2026                 state->split_start++;
2027                 if (state->split)
2028                         break;
2029                 /* fall through */
2030         case 2:
2031                 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2032                                         rdev->wiphy.interface_modes))
2033                                 goto nla_put_failure;
2034                 state->split_start++;
2035                 if (state->split)
2036                         break;
2037                 /* fall through */
2038         case 3:
2039                 nl_bands = nla_nest_start_noflag(msg,
2040                                                  NL80211_ATTR_WIPHY_BANDS);
2041                 if (!nl_bands)
2042                         goto nla_put_failure;
2043 
2044                 for (band = state->band_start;
2045                      band < NUM_NL80211_BANDS; band++) {
2046                         struct ieee80211_supported_band *sband;
2047 
2048                         sband = rdev->wiphy.bands[band];
2049 
2050                         if (!sband)
2051                                 continue;
2052 
2053                         nl_band = nla_nest_start_noflag(msg, band);
2054                         if (!nl_band)
2055                                 goto nla_put_failure;
2056 
2057                         switch (state->chan_start) {
2058                         case 0:
2059                                 if (nl80211_send_band_rateinfo(msg, sband))
2060                                         goto nla_put_failure;
2061                                 state->chan_start++;
2062                                 if (state->split)
2063                                         break;
2064                                 /* fall through */
2065                         default:
2066                                 /* add frequencies */
2067                                 nl_freqs = nla_nest_start_noflag(msg,
2068                                                                  NL80211_BAND_ATTR_FREQS);
2069                                 if (!nl_freqs)
2070                                         goto nla_put_failure;
2071 
2072                                 for (i = state->chan_start - 1;
2073                                      i < sband->n_channels;
2074                                      i++) {
2075                                         nl_freq = nla_nest_start_noflag(msg,
2076                                                                         i);
2077                                         if (!nl_freq)
2078                                                 goto nla_put_failure;
2079 
2080                                         chan = &sband->channels[i];
2081 
2082                                         if (nl80211_msg_put_channel(
2083                                                         msg, &rdev->wiphy, chan,
2084                                                         state->split))
2085                                                 goto nla_put_failure;
2086 
2087                                         nla_nest_end(msg, nl_freq);
2088                                         if (state->split)
2089                                                 break;
2090                                 }
2091                                 if (i < sband->n_channels)
2092                                         state->chan_start = i + 2;
2093                                 else
2094                                         state->chan_start = 0;
2095                                 nla_nest_end(msg, nl_freqs);
2096                         }
2097 
2098                         nla_nest_end(msg, nl_band);
2099 
2100                         if (state->split) {
2101                                 /* start again here */
2102                                 if (state->chan_start)
2103                                         band--;
2104                                 break;
2105                         }
2106                 }
2107                 nla_nest_end(msg, nl_bands);
2108 
2109                 if (band < NUM_NL80211_BANDS)
2110                         state->band_start = band + 1;
2111                 else
2112                         state->band_start = 0;
2113 
2114                 /* if bands & channels are done, continue outside */
2115                 if (state->band_start == 0 && state->chan_start == 0)
2116                         state->split_start++;
2117                 if (state->split)
2118                         break;
2119                 /* fall through */
2120         case 4:
2121                 nl_cmds = nla_nest_start_noflag(msg,
2122                                                 NL80211_ATTR_SUPPORTED_COMMANDS);
2123                 if (!nl_cmds)
2124                         goto nla_put_failure;
2125 
2126                 i = nl80211_add_commands_unsplit(rdev, msg);
2127                 if (i < 0)
2128                         goto nla_put_failure;
2129                 if (state->split) {
2130                         CMD(crit_proto_start, CRIT_PROTOCOL_START);
2131                         CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2132                         if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2133                                 CMD(channel_switch, CHANNEL_SWITCH);
2134                         CMD(set_qos_map, SET_QOS_MAP);
2135                         if (rdev->wiphy.features &
2136                                         NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2137                                 CMD(add_tx_ts, ADD_TX_TS);
2138                         CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2139                         CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2140                         CMD(update_ft_ies, UPDATE_FT_IES);
2141                 }
2142 #undef CMD
2143 
2144                 nla_nest_end(msg, nl_cmds);
2145                 state->split_start++;
2146                 if (state->split)
2147                         break;
2148                 /* fall through */
2149         case 5:
2150                 if (rdev->ops->remain_on_channel &&
2151                     (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2152                     nla_put_u32(msg,
2153                                 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2154                                 rdev->wiphy.max_remain_on_channel_duration))
2155                         goto nla_put_failure;
2156 
2157                 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2158                     nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2159                         goto nla_put_failure;
2160 
2161                 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2162                         goto nla_put_failure;
2163                 state->split_start++;
2164                 if (state->split)
2165                         break;
2166                 /* fall through */
2167         case 6:
2168 #ifdef CONFIG_PM
2169                 if (nl80211_send_wowlan(msg, rdev, state->split))
2170                         goto nla_put_failure;
2171                 state->split_start++;
2172                 if (state->split)
2173                         break;
2174 #else
2175                 state->split_start++;
2176 #endif
2177                 /* fall through */
2178         case 7:
2179                 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2180                                         rdev->wiphy.software_iftypes))
2181                         goto nla_put_failure;
2182 
2183                 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2184                                                    state->split))
2185                         goto nla_put_failure;
2186 
2187                 state->split_start++;
2188                 if (state->split)
2189                         break;
2190                 /* fall through */
2191         case 8:
2192                 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2193                     nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2194                                 rdev->wiphy.ap_sme_capa))
2195                         goto nla_put_failure;
2196 
2197                 features = rdev->wiphy.features;
2198                 /*
2199                  * We can only add the per-channel limit information if the
2200                  * dump is split, otherwise it makes it too big. Therefore
2201                  * only advertise it in that case.
2202                  */
2203                 if (state->split)
2204                         features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2205                 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2206                         goto nla_put_failure;
2207 
2208                 if (rdev->wiphy.ht_capa_mod_mask &&
2209                     nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2210                             sizeof(*rdev->wiphy.ht_capa_mod_mask),
2211                             rdev->wiphy.ht_capa_mod_mask))
2212                         goto nla_put_failure;
2213 
2214                 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2215                     rdev->wiphy.max_acl_mac_addrs &&
2216                     nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2217                                 rdev->wiphy.max_acl_mac_addrs))
2218                         goto nla_put_failure;
2219 
2220                 /*
2221                  * Any information below this point is only available to
2222                  * applications that can deal with it being split. This
2223                  * helps ensure that newly added capabilities don't break
2224                  * older tools by overrunning their buffers.
2225                  *
2226                  * We still increment split_start so that in the split
2227                  * case we'll continue with more data in the next round,
2228                  * but break unconditionally so unsplit data stops here.
2229                  */
2230                 state->split_start++;
2231                 break;
2232         case 9:
2233                 if (rdev->wiphy.extended_capabilities &&
2234                     (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2235                              rdev->wiphy.extended_capabilities_len,
2236                              rdev->wiphy.extended_capabilities) ||
2237                      nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2238                              rdev->wiphy.extended_capabilities_len,
2239                              rdev->wiphy.extended_capabilities_mask)))
2240                         goto nla_put_failure;
2241 
2242                 if (rdev->wiphy.vht_capa_mod_mask &&
2243                     nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2244                             sizeof(*rdev->wiphy.vht_capa_mod_mask),
2245                             rdev->wiphy.vht_capa_mod_mask))
2246                         goto nla_put_failure;
2247 
2248                 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2249                             rdev->wiphy.perm_addr))
2250                         goto nla_put_failure;
2251 
2252                 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2253                     nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2254                             rdev->wiphy.addr_mask))
2255                         goto nla_put_failure;
2256 
2257                 if (rdev->wiphy.n_addresses > 1) {
2258                         void *attr;
2259 
2260                         attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2261                         if (!attr)
2262                                 goto nla_put_failure;
2263 
2264                         for (i = 0; i < rdev->wiphy.n_addresses; i++)
2265                                 if (nla_put(msg, i + 1, ETH_ALEN,
2266                                             rdev->wiphy.addresses[i].addr))
2267                                         goto nla_put_failure;
2268 
2269                         nla_nest_end(msg, attr);
2270                 }
2271 
2272                 state->split_start++;
2273                 break;
2274         case 10:
2275                 if (nl80211_send_coalesce(msg, rdev))
2276                         goto nla_put_failure;
2277 
2278                 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2279                     (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2280                      nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2281                         goto nla_put_failure;
2282 
2283                 if (rdev->wiphy.max_ap_assoc_sta &&
2284                     nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2285                                 rdev->wiphy.max_ap_assoc_sta))
2286                         goto nla_put_failure;
2287 
2288                 state->split_start++;
2289                 break;
2290         case 11:
2291                 if (rdev->wiphy.n_vendor_commands) {
2292                         const struct nl80211_vendor_cmd_info *info;
2293                         struct nlattr *nested;
2294 
2295                         nested = nla_nest_start_noflag(msg,
2296                                                        NL80211_ATTR_VENDOR_DATA);
2297                         if (!nested)
2298                                 goto nla_put_failure;
2299 
2300                         for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2301                                 info = &rdev->wiphy.vendor_commands[i].info;
2302                                 if (nla_put(msg, i + 1, sizeof(*info), info))
2303                                         goto nla_put_failure;
2304                         }
2305                         nla_nest_end(msg, nested);
2306                 }
2307 
2308                 if (rdev->wiphy.n_vendor_events) {
2309                         const struct nl80211_vendor_cmd_info *info;
2310                         struct nlattr *nested;
2311 
2312                         nested = nla_nest_start_noflag(msg,
2313                                                        NL80211_ATTR_VENDOR_EVENTS);
2314                         if (!nested)
2315                                 goto nla_put_failure;
2316 
2317                         for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2318                                 info = &rdev->wiphy.vendor_events[i];
2319                                 if (nla_put(msg, i + 1, sizeof(*info), info))
2320                                         goto nla_put_failure;
2321                         }
2322                         nla_nest_end(msg, nested);
2323                 }
2324                 state->split_start++;
2325                 break;
2326         case 12:
2327                 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2328                     nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2329                                rdev->wiphy.max_num_csa_counters))
2330                         goto nla_put_failure;
2331 
2332                 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2333                     nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2334                         goto nla_put_failure;
2335 
2336                 if (rdev->wiphy.max_sched_scan_reqs &&
2337                     nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2338                                 rdev->wiphy.max_sched_scan_reqs))
2339                         goto nla_put_failure;
2340 
2341                 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2342                             sizeof(rdev->wiphy.ext_features),
2343                             rdev->wiphy.ext_features))
2344                         goto nla_put_failure;
2345 
2346                 if (rdev->wiphy.bss_select_support) {
2347                         struct nlattr *nested;
2348                         u32 bss_select_support = rdev->wiphy.bss_select_support;
2349 
2350                         nested = nla_nest_start_noflag(msg,
2351                                                        NL80211_ATTR_BSS_SELECT);
2352                         if (!nested)
2353                                 goto nla_put_failure;
2354 
2355                         i = 0;
2356                         while (bss_select_support) {
2357                                 if ((bss_select_support & 1) &&
2358                                     nla_put_flag(msg, i))
2359                                         goto nla_put_failure;
2360                                 i++;
2361                                 bss_select_support >>= 1;
2362                         }
2363                         nla_nest_end(msg, nested);
2364                 }
2365 
2366                 state->split_start++;
2367                 break;
2368         case 13:
2369                 if (rdev->wiphy.num_iftype_ext_capab &&
2370                     rdev->wiphy.iftype_ext_capab) {
2371                         struct nlattr *nested_ext_capab, *nested;
2372 
2373                         nested = nla_nest_start_noflag(msg,
2374                                                        NL80211_ATTR_IFTYPE_EXT_CAPA);
2375                         if (!nested)
2376                                 goto nla_put_failure;
2377 
2378                         for (i = state->capa_start;
2379                              i < rdev->wiphy.num_iftype_ext_capab; i++) {
2380                                 const struct wiphy_iftype_ext_capab *capab;
2381 
2382                                 capab = &rdev->wiphy.iftype_ext_capab[i];
2383 
2384                                 nested_ext_capab = nla_nest_start_noflag(msg,
2385                                                                          i);
2386                                 if (!nested_ext_capab ||
2387                                     nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2388                                                 capab->iftype) ||
2389                                     nla_put(msg, NL80211_ATTR_EXT_CAPA,
2390                                             capab->extended_capabilities_len,
2391                                             capab->extended_capabilities) ||
2392                                     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2393                                             capab->extended_capabilities_len,
2394                                             capab->extended_capabilities_mask))
2395                                         goto nla_put_failure;
2396 
2397                                 nla_nest_end(msg, nested_ext_capab);
2398                                 if (state->split)
2399                                         break;
2400                         }
2401                         nla_nest_end(msg, nested);
2402                         if (i < rdev->wiphy.num_iftype_ext_capab) {
2403                                 state->capa_start = i + 1;
2404                                 break;
2405                         }
2406                 }
2407 
2408                 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2409                                 rdev->wiphy.nan_supported_bands))
2410                         goto nla_put_failure;
2411 
2412                 if (wiphy_ext_feature_isset(&rdev->wiphy,
2413                                             NL80211_EXT_FEATURE_TXQS)) {
2414                         struct cfg80211_txq_stats txqstats = {};
2415                         int res;
2416 
2417                         res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2418                         if (!res &&
2419                             !nl80211_put_txq_stats(msg, &txqstats,
2420                                                    NL80211_ATTR_TXQ_STATS))
2421                                 goto nla_put_failure;
2422 
2423                         if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2424                                         rdev->wiphy.txq_limit))
2425                                 goto nla_put_failure;
2426                         if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2427                                         rdev->wiphy.txq_memory_limit))
2428                                 goto nla_put_failure;
2429                         if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2430                                         rdev->wiphy.txq_quantum))
2431                                 goto nla_put_failure;
2432                 }
2433 
2434                 state->split_start++;
2435                 break;
2436         case 14:
2437                 if (nl80211_send_pmsr_capa(rdev, msg))
2438                         goto nla_put_failure;
2439 
2440                 state->split_start++;
2441                 break;
2442         case 15:
2443                 if (rdev->wiphy.akm_suites &&
2444                     nla_put(msg, NL80211_ATTR_AKM_SUITES,
2445                             sizeof(u32) * rdev->wiphy.n_akm_suites,
2446                             rdev->wiphy.akm_suites))
2447                         goto nla_put_failure;
2448 
2449                 /* done */
2450                 state->split_start = 0;
2451                 break;
2452         }
2453  finish:
2454         genlmsg_end(msg, hdr);
2455         return 0;
2456 
2457  nla_put_failure:
2458         genlmsg_cancel(msg, hdr);
2459         return -EMSGSIZE;
2460 }
2461 
2462 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2463                                     struct netlink_callback *cb,
2464                                     struct nl80211_dump_wiphy_state *state)
2465 {
2466         struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
2467         int ret;
2468 
2469         if (!tb)
2470                 return -ENOMEM;
2471 
2472         ret = nlmsg_parse_deprecated(cb->nlh,
2473                                      GENL_HDRLEN + nl80211_fam.hdrsize,
2474                                      tb, nl80211_fam.maxattr,
2475                                      nl80211_policy, NULL);
2476         /* ignore parse errors for backward compatibility */
2477         if (ret) {
2478                 ret = 0;
2479                 goto out;
2480         }
2481 
2482         state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2483         if (tb[NL80211_ATTR_WIPHY])
2484                 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2485         if (tb[NL80211_ATTR_WDEV])
2486                 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2487         if (tb[NL80211_ATTR_IFINDEX]) {
2488                 struct net_device *netdev;
2489                 struct cfg80211_registered_device *rdev;
2490                 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2491 
2492                 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2493                 if (!netdev) {
2494                         ret = -ENODEV;
2495                         goto out;
2496                 }
2497                 if (netdev->ieee80211_ptr) {
2498                         rdev = wiphy_to_rdev(
2499                                 netdev->ieee80211_ptr->wiphy);
2500                         state->filter_wiphy = rdev->wiphy_idx;
2501                 }
2502         }
2503 
2504         ret = 0;
2505 out:
2506         kfree(tb);
2507         return ret;
2508 }
2509 
2510 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2511 {
2512         int idx = 0, ret;
2513         struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2514         struct cfg80211_registered_device *rdev;
2515 
2516         rtnl_lock();
2517         if (!state) {
2518                 state = kzalloc(sizeof(*state), GFP_KERNEL);
2519                 if (!state) {
2520                         rtnl_unlock();
2521                         return -ENOMEM;
2522                 }
2523                 state->filter_wiphy = -1;
2524                 ret = nl80211_dump_wiphy_parse(skb, cb, state);
2525                 if (ret) {
2526                         kfree(state);
2527                         rtnl_unlock();
2528                         return ret;
2529                 }
2530                 cb->args[0] = (long)state;
2531         }
2532 
2533         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2534                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2535                         continue;
2536                 if (++idx <= state->start)
2537                         continue;
2538                 if (state->filter_wiphy != -1 &&
2539                     state->filter_wiphy != rdev->wiphy_idx)
2540                         continue;
2541                 /* attempt to fit multiple wiphy data chunks into the skb */
2542                 do {
2543                         ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2544                                                  skb,
2545                                                  NETLINK_CB(cb->skb).portid,
2546                                                  cb->nlh->nlmsg_seq,
2547                                                  NLM_F_MULTI, state);
2548                         if (ret < 0) {
2549                                 /*
2550                                  * If sending the wiphy data didn't fit (ENOBUFS
2551                                  * or EMSGSIZE returned), this SKB is still
2552                                  * empty (so it's not too big because another
2553                                  * wiphy dataset is already in the skb) and
2554                                  * we've not tried to adjust the dump allocation
2555                                  * yet ... then adjust the alloc size to be
2556                                  * bigger, and return 1 but with the empty skb.
2557                                  * This results in an empty message being RX'ed
2558                                  * in userspace, but that is ignored.
2559                                  *
2560                                  * We can then retry with the larger buffer.
2561                                  */
2562                                 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2563                                     !skb->len && !state->split &&
2564                                     cb->min_dump_alloc < 4096) {
2565                                         cb->min_dump_alloc = 4096;
2566                                         state->split_start = 0;
2567                                         rtnl_unlock();
2568                                         return 1;
2569                                 }
2570                                 idx--;
2571                                 break;
2572                         }
2573                 } while (state->split_start > 0);
2574                 break;
2575         }
2576         rtnl_unlock();
2577 
2578         state->start = idx;
2579 
2580         return skb->len;
2581 }
2582 
2583 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2584 {
2585         kfree((void *)cb->args[0]);
2586         return 0;
2587 }
2588 
2589 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2590 {
2591         struct sk_buff *msg;
2592         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2593         struct nl80211_dump_wiphy_state state = {};
2594 
2595         msg = nlmsg_new(4096, GFP_KERNEL);
2596         if (!msg)
2597                 return -ENOMEM;
2598 
2599         if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2600                                info->snd_portid, info->snd_seq, 0,
2601                                &state) < 0) {
2602                 nlmsg_free(msg);
2603                 return -ENOBUFS;
2604         }
2605 
2606         return genlmsg_reply(msg, info);
2607 }
2608 
2609 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2610         [NL80211_TXQ_ATTR_QUEUE]                = { .type = NLA_U8 },
2611         [NL80211_TXQ_ATTR_TXOP]                 = { .type = NLA_U16 },
2612         [NL80211_TXQ_ATTR_CWMIN]                = { .type = NLA_U16 },
2613         [NL80211_TXQ_ATTR_CWMAX]                = { .type = NLA_U16 },
2614         [NL80211_TXQ_ATTR_AIFS]                 = { .type = NLA_U8 },
2615 };
2616 
2617 static int parse_txq_params(struct nlattr *tb[],
2618                             struct ieee80211_txq_params *txq_params)
2619 {
2620         u8 ac;
2621 
2622         if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2623             !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2624             !tb[NL80211_TXQ_ATTR_AIFS])
2625                 return -EINVAL;
2626 
2627         ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2628         txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2629         txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2630         txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2631         txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2632 
2633         if (ac >= NL80211_NUM_ACS)
2634                 return -EINVAL;
2635         txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2636         return 0;
2637 }
2638 
2639 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2640 {
2641         /*
2642          * You can only set the channel explicitly for WDS interfaces,
2643          * all others have their channel managed via their respective
2644          * "establish a connection" command (connect, join, ...)
2645          *
2646          * For AP/GO and mesh mode, the channel can be set with the
2647          * channel userspace API, but is only stored and passed to the
2648          * low-level driver when the AP starts or the mesh is joined.
2649          * This is for backward compatibility, userspace can also give
2650          * the channel in the start-ap or join-mesh commands instead.
2651          *
2652          * Monitors are special as they are normally slaved to
2653          * whatever else is going on, so they have their own special
2654          * operation to set the monitor channel if possible.
2655          */
2656         return !wdev ||
2657                 wdev->iftype == NL80211_IFTYPE_AP ||
2658                 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2659                 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2660                 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2661 }
2662 
2663 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2664                           struct genl_info *info,
2665                           struct cfg80211_chan_def *chandef)
2666 {
2667         struct netlink_ext_ack *extack = info->extack;
2668         struct nlattr **attrs = info->attrs;
2669         u32 control_freq;
2670 
2671         if (!attrs[NL80211_ATTR_WIPHY_FREQ])
2672                 return -EINVAL;
2673 
2674         control_freq = nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]);
2675 
2676         memset(chandef, 0, sizeof(*chandef));
2677 
2678         chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2679         chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2680         chandef->center_freq1 = control_freq;
2681         chandef->center_freq2 = 0;
2682 
2683         /* Primary channel not allowed */
2684         if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
2685                 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
2686                                     "Channel is disabled");
2687                 return -EINVAL;
2688         }
2689 
2690         if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2691                 enum nl80211_channel_type chantype;
2692 
2693                 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2694 
2695                 switch (chantype) {
2696                 case NL80211_CHAN_NO_HT:
2697                 case NL80211_CHAN_HT20:
2698                 case NL80211_CHAN_HT40PLUS:
2699                 case NL80211_CHAN_HT40MINUS:
2700                         cfg80211_chandef_create(chandef, chandef->chan,
2701                                                 chantype);
2702                         /* user input for center_freq is incorrect */
2703                         if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
2704                             chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
2705                                 NL_SET_ERR_MSG_ATTR(extack,
2706                                                     attrs[NL80211_ATTR_CENTER_FREQ1],
2707                                                     "bad center frequency 1");
2708                                 return -EINVAL;
2709                         }
2710                         /* center_freq2 must be zero */
2711                         if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
2712                             nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
2713                                 NL_SET_ERR_MSG_ATTR(extack,
2714                                                     attrs[NL80211_ATTR_CENTER_FREQ2],
2715                                                     "center frequency 2 can't be used");
2716                                 return -EINVAL;
2717                         }
2718                         break;
2719                 default:
2720                         NL_SET_ERR_MSG_ATTR(extack,
2721                                             attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
2722                                             "invalid channel type");
2723                         return -EINVAL;
2724                 }
2725         } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2726                 chandef->width =
2727                         nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2728                 if (attrs[NL80211_ATTR_CENTER_FREQ1])
2729                         chandef->center_freq1 =
2730                                 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
2731                 if (attrs[NL80211_ATTR_CENTER_FREQ2])
2732                         chandef->center_freq2 =
2733                                 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
2734         }
2735 
2736         if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
2737                 chandef->edmg.channels =
2738                       nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
2739 
2740                 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
2741                         chandef->edmg.bw_config =
2742                      nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
2743         } else {
2744                 chandef->edmg.bw_config = 0;
2745                 chandef->edmg.channels = 0;
2746         }
2747 
2748         if (!cfg80211_chandef_valid(chandef)) {
2749                 NL_SET_ERR_MSG(extack, "invalid channel definition");
2750                 return -EINVAL;
2751         }
2752 
2753         if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2754                                      IEEE80211_CHAN_DISABLED)) {
2755                 NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
2756                 return -EINVAL;
2757         }
2758 
2759         if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2760              chandef->width == NL80211_CHAN_WIDTH_10) &&
2761             !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
2762                 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
2763                 return -EINVAL;
2764         }
2765 
2766         return 0;
2767 }
2768 
2769 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2770                                  struct net_device *dev,
2771                                  struct genl_info *info)
2772 {
2773         struct cfg80211_chan_def chandef;
2774         int result;
2775         enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2776         struct wireless_dev *wdev = NULL;
2777 
2778         if (dev)
2779                 wdev = dev->ieee80211_ptr;
2780         if (!nl80211_can_set_dev_channel(wdev))
2781                 return -EOPNOTSUPP;
2782         if (wdev)
2783                 iftype = wdev->iftype;
2784 
2785         result = nl80211_parse_chandef(rdev, info, &chandef);
2786         if (result)
2787                 return result;
2788 
2789         switch (iftype) {
2790         case NL80211_IFTYPE_AP:
2791         case NL80211_IFTYPE_P2P_GO:
2792                 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2793                                                    iftype)) {
2794                         result = -EINVAL;
2795                         break;
2796                 }
2797                 if (wdev->beacon_interval) {
2798                         if (!dev || !rdev->ops->set_ap_chanwidth ||
2799                             !(rdev->wiphy.features &
2800                               NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2801                                 result = -EBUSY;
2802                                 break;
2803                         }
2804 
2805                         /* Only allow dynamic channel width changes */
2806                         if (chandef.chan != wdev->preset_chandef.chan) {
2807                                 result = -EBUSY;
2808                                 break;
2809                         }
2810                         result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2811                         if (result)
2812                                 break;
2813                 }
2814                 wdev->preset_chandef = chandef;
2815                 result = 0;
2816                 break;
2817         case NL80211_IFTYPE_MESH_POINT:
2818                 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2819                 break;
2820         case NL80211_IFTYPE_MONITOR:
2821                 result = cfg80211_set_monitor_channel(rdev, &chandef);
2822                 break;
2823         default:
2824                 result = -EINVAL;
2825         }
2826 
2827         return result;
2828 }
2829 
2830 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2831 {
2832         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2833         struct net_device *netdev = info->user_ptr[1];
2834 
2835         return __nl80211_set_channel(rdev, netdev, info);
2836 }
2837 
2838 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2839 {
2840         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2841         struct net_device *dev = info->user_ptr[1];
2842         struct wireless_dev *wdev = dev->ieee80211_ptr;
2843         const u8 *bssid;
2844 
2845         if (!info->attrs[NL80211_ATTR_MAC])
2846                 return -EINVAL;
2847 
2848         if (netif_running(dev))
2849                 return -EBUSY;
2850 
2851         if (!rdev->ops->set_wds_peer)
2852                 return -EOPNOTSUPP;
2853 
2854         if (wdev->iftype != NL80211_IFTYPE_WDS)
2855                 return -EOPNOTSUPP;
2856 
2857         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2858         return rdev_set_wds_peer(rdev, dev, bssid);
2859 }
2860 
2861 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2862 {
2863         struct cfg80211_registered_device *rdev;
2864         struct net_device *netdev = NULL;
2865         struct wireless_dev *wdev;
2866         int result = 0, rem_txq_params = 0;
2867         struct nlattr *nl_txq_params;
2868         u32 changed;
2869         u8 retry_short = 0, retry_long = 0;
2870         u32 frag_threshold = 0, rts_threshold = 0;
2871         u8 coverage_class = 0;
2872         u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
2873 
2874         ASSERT_RTNL();
2875 
2876         /*
2877          * Try to find the wiphy and netdev. Normally this
2878          * function shouldn't need the netdev, but this is
2879          * done for backward compatibility -- previously
2880          * setting the channel was done per wiphy, but now
2881          * it is per netdev. Previous userland like hostapd
2882          * also passed a netdev to set_wiphy, so that it is
2883          * possible to let that go to the right netdev!
2884          */
2885 
2886         if (info->attrs[NL80211_ATTR_IFINDEX]) {
2887                 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2888 
2889                 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2890                 if (netdev && netdev->ieee80211_ptr)
2891                         rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2892                 else
2893                         netdev = NULL;
2894         }
2895 
2896         if (!netdev) {
2897                 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2898                                                   info->attrs);
2899                 if (IS_ERR(rdev))
2900                         return PTR_ERR(rdev);
2901                 wdev = NULL;
2902                 netdev = NULL;
2903                 result = 0;
2904         } else
2905                 wdev = netdev->ieee80211_ptr;
2906 
2907         /*
2908          * end workaround code, by now the rdev is available
2909          * and locked, and wdev may or may not be NULL.
2910          */
2911 
2912         if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2913                 result = cfg80211_dev_rename(
2914                         rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2915 
2916         if (result)
2917                 return result;
2918 
2919         if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2920                 struct ieee80211_txq_params txq_params;
2921                 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2922 
2923                 if (!rdev->ops->set_txq_params)
2924                         return -EOPNOTSUPP;
2925 
2926                 if (!netdev)
2927                         return -EINVAL;
2928 
2929                 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2930                     netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2931                         return -EINVAL;
2932 
2933                 if (!netif_running(netdev))
2934                         return -ENETDOWN;
2935 
2936                 nla_for_each_nested(nl_txq_params,
2937                                     info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2938                                     rem_txq_params) {
2939                         result = nla_parse_nested_deprecated(tb,
2940                                                              NL80211_TXQ_ATTR_MAX,
2941                                                              nl_txq_params,
2942                                                              txq_params_policy,
2943                                                              info->extack);
2944                         if (result)
2945                                 return result;
2946                         result = parse_txq_params(tb, &txq_params);
2947                         if (result)
2948                                 return result;
2949 
2950                         result = rdev_set_txq_params(rdev, netdev,
2951                                                      &txq_params);
2952                         if (result)
2953                                 return result;
2954                 }
2955         }
2956 
2957         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2958                 result = __nl80211_set_channel(
2959                         rdev,
2960                         nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2961                         info);
2962                 if (result)
2963                         return result;
2964         }
2965 
2966         if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2967                 struct wireless_dev *txp_wdev = wdev;
2968                 enum nl80211_tx_power_setting type;
2969                 int idx, mbm = 0;
2970 
2971                 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2972                         txp_wdev = NULL;
2973 
2974                 if (!rdev->ops->set_tx_power)
2975                         return -EOPNOTSUPP;
2976 
2977                 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2978                 type = nla_get_u32(info->attrs[idx]);
2979 
2980                 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2981                     (type != NL80211_TX_POWER_AUTOMATIC))
2982                         return -EINVAL;
2983 
2984                 if (type != NL80211_TX_POWER_AUTOMATIC) {
2985                         idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2986                         mbm = nla_get_u32(info->attrs[idx]);
2987                 }
2988 
2989                 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2990                 if (result)
2991                         return result;
2992         }
2993 
2994         if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2995             info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2996                 u32 tx_ant, rx_ant;
2997 
2998                 if ((!rdev->wiphy.available_antennas_tx &&
2999                      !rdev->wiphy.available_antennas_rx) ||
3000                     !rdev->ops->set_antenna)
3001                         return -EOPNOTSUPP;
3002 
3003                 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3004                 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3005 
3006                 /* reject antenna configurations which don't match the
3007                  * available antenna masks, except for the "all" mask */
3008                 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3009                     (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
3010                         return -EINVAL;
3011 
3012                 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3013                 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3014 
3015                 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3016                 if (result)
3017                         return result;
3018         }
3019 
3020         changed = 0;
3021 
3022         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3023                 retry_short = nla_get_u8(
3024                         info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3025 
3026                 changed |= WIPHY_PARAM_RETRY_SHORT;
3027         }
3028 
3029         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3030                 retry_long = nla_get_u8(
3031                         info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3032 
3033                 changed |= WIPHY_PARAM_RETRY_LONG;
3034         }
3035 
3036         if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3037                 frag_threshold = nla_get_u32(
3038                         info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3039                 if (frag_threshold < 256)
3040                         return -EINVAL;
3041 
3042                 if (frag_threshold != (u32) -1) {
3043                         /*
3044                          * Fragments (apart from the last one) are required to
3045                          * have even length. Make the fragmentation code
3046                          * simpler by stripping LSB should someone try to use
3047                          * odd threshold value.
3048                          */
3049                         frag_threshold &= ~0x1;
3050                 }
3051                 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3052         }
3053 
3054         if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3055                 rts_threshold = nla_get_u32(
3056                         info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3057                 changed |= WIPHY_PARAM_RTS_THRESHOLD;
3058         }
3059 
3060         if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3061                 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
3062                         return -EINVAL;
3063 
3064                 coverage_class = nla_get_u8(
3065                         info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3066                 changed |= WIPHY_PARAM_COVERAGE_CLASS;
3067         }
3068 
3069         if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3070                 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
3071                         return -EOPNOTSUPP;
3072 
3073                 changed |= WIPHY_PARAM_DYN_ACK;
3074         }
3075 
3076         if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3077                 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3078                                              NL80211_EXT_FEATURE_TXQS))
3079                         return -EOPNOTSUPP;
3080                 txq_limit = nla_get_u32(
3081                         info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3082                 changed |= WIPHY_PARAM_TXQ_LIMIT;
3083         }
3084 
3085         if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3086                 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3087                                              NL80211_EXT_FEATURE_TXQS))
3088                         return -EOPNOTSUPP;
3089                 txq_memory_limit = nla_get_u32(
3090                         info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3091                 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3092         }
3093 
3094         if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3095                 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3096                                              NL80211_EXT_FEATURE_TXQS))
3097                         return -EOPNOTSUPP;
3098                 txq_quantum = nla_get_u32(
3099                         info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3100                 changed |= WIPHY_PARAM_TXQ_QUANTUM;
3101         }
3102 
3103         if (changed) {
3104                 u8 old_retry_short, old_retry_long;
3105                 u32 old_frag_threshold, old_rts_threshold;
3106                 u8 old_coverage_class;
3107                 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3108 
3109                 if (!rdev->ops->set_wiphy_params)
3110                         return -EOPNOTSUPP;
3111 
3112                 old_retry_short = rdev->wiphy.retry_short;
3113                 old_retry_long = rdev->wiphy.retry_long;
3114                 old_frag_threshold = rdev->wiphy.frag_threshold;
3115                 old_rts_threshold = rdev->wiphy.rts_threshold;
3116                 old_coverage_class = rdev->wiphy.coverage_class;
3117                 old_txq_limit = rdev->wiphy.txq_limit;
3118                 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3119                 old_txq_quantum = rdev->wiphy.txq_quantum;
3120 
3121                 if (changed & WIPHY_PARAM_RETRY_SHORT)
3122                         rdev->wiphy.retry_short = retry_short;
3123                 if (changed & WIPHY_PARAM_RETRY_LONG)
3124                         rdev->wiphy.retry_long = retry_long;
3125                 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3126                         rdev->wiphy.frag_threshold = frag_threshold;
3127                 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3128                         rdev->wiphy.rts_threshold = rts_threshold;
3129                 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3130                         rdev->wiphy.coverage_class = coverage_class;
3131                 if (changed & WIPHY_PARAM_TXQ_LIMIT)
3132                         rdev->wiphy.txq_limit = txq_limit;
3133                 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3134                         rdev->wiphy.txq_memory_limit = txq_memory_limit;
3135                 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3136                         rdev->wiphy.txq_quantum = txq_quantum;
3137 
3138                 result = rdev_set_wiphy_params(rdev, changed);
3139                 if (result) {
3140                         rdev->wiphy.retry_short = old_retry_short;
3141                         rdev->wiphy.retry_long = old_retry_long;
3142                         rdev->wiphy.frag_threshold = old_frag_threshold;
3143                         rdev->wiphy.rts_threshold = old_rts_threshold;
3144                         rdev->wiphy.coverage_class = old_coverage_class;
3145                         rdev->wiphy.txq_limit = old_txq_limit;
3146                         rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3147                         rdev->wiphy.txq_quantum = old_txq_quantum;
3148                         return result;
3149                 }
3150         }
3151         return 0;
3152 }
3153 
3154 static int nl80211_send_chandef(struct sk_buff *msg,
3155                                 const struct cfg80211_chan_def *chandef)
3156 {
3157         if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3158                 return -EINVAL;
3159 
3160         if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3161                         chandef->chan->center_freq))
3162                 return -ENOBUFS;
3163         switch (chandef->width) {
3164         case NL80211_CHAN_WIDTH_20_NOHT:
3165         case NL80211_CHAN_WIDTH_20:
3166         case NL80211_CHAN_WIDTH_40:
3167                 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3168                                 cfg80211_get_chandef_type(chandef)))
3169                         return -ENOBUFS;
3170                 break;
3171         default:
3172                 break;
3173         }
3174         if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3175                 return -ENOBUFS;
3176         if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3177                 return -ENOBUFS;
3178         if (chandef->center_freq2 &&
3179             nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3180                 return -ENOBUFS;
3181         return 0;
3182 }
3183 
3184 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3185                               struct cfg80211_registered_device *rdev,
3186                               struct wireless_dev *wdev,
3187                               enum nl80211_commands cmd)
3188 {
3189         struct net_device *dev = wdev->netdev;
3190         void *hdr;
3191 
3192         WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3193                 cmd != NL80211_CMD_DEL_INTERFACE &&
3194                 cmd != NL80211_CMD_SET_INTERFACE);
3195 
3196         hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3197         if (!hdr)
3198                 return -1;
3199 
3200         if (dev &&
3201             (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3202              nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3203                 goto nla_put_failure;
3204 
3205         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3206             nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3207             nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3208                               NL80211_ATTR_PAD) ||
3209             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3210             nla_put_u32(msg, NL80211_ATTR_GENERATION,
3211                         rdev->devlist_generation ^
3212                         (cfg80211_rdev_list_generation << 2)) ||
3213             nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3214                 goto nla_put_failure;
3215 
3216         if (rdev->ops->get_channel) {
3217                 int ret;
3218                 struct cfg80211_chan_def chandef = {};
3219 
3220                 ret = rdev_get_channel(rdev, wdev, &chandef);
3221                 if (ret == 0) {
3222                         if (nl80211_send_chandef(msg, &chandef))
3223                                 goto nla_put_failure;
3224                 }
3225         }
3226 
3227         if (rdev->ops->get_tx_power) {
3228                 int dbm, ret;
3229 
3230                 ret = rdev_get_tx_power(rdev, wdev, &dbm);
3231                 if (ret == 0 &&
3232                     nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3233                                 DBM_TO_MBM(dbm)))
3234                         goto nla_put_failure;
3235         }
3236 
3237         wdev_lock(wdev);
3238         switch (wdev->iftype) {
3239         case NL80211_IFTYPE_AP:
3240                 if (wdev->ssid_len &&
3241                     nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3242                         goto nla_put_failure_locked;
3243                 break;
3244         case NL80211_IFTYPE_STATION:
3245         case NL80211_IFTYPE_P2P_CLIENT:
3246         case NL80211_IFTYPE_ADHOC: {
3247                 const u8 *ssid_ie;
3248                 if (!wdev->current_bss)
3249                         break;
3250                 rcu_read_lock();
3251                 ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3252                                                WLAN_EID_SSID);
3253                 if (ssid_ie &&
3254                     nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3255                         goto nla_put_failure_rcu_locked;
3256                 rcu_read_unlock();
3257                 break;
3258                 }
3259         default:
3260                 /* nothing */
3261                 break;
3262         }
3263         wdev_unlock(wdev);
3264 
3265         if (rdev->ops->get_txq_stats) {
3266                 struct cfg80211_txq_stats txqstats = {};
3267                 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3268 
3269                 if (ret == 0 &&
3270                     !nl80211_put_txq_stats(msg, &txqstats,
3271                                            NL80211_ATTR_TXQ_STATS))
3272                         goto nla_put_failure;
3273         }
3274 
3275         genlmsg_end(msg, hdr);
3276         return 0;
3277 
3278  nla_put_failure_rcu_locked:
3279         rcu_read_unlock();
3280  nla_put_failure_locked:
3281         wdev_unlock(wdev);
3282  nla_put_failure:
3283         genlmsg_cancel(msg, hdr);
3284         return -EMSGSIZE;
3285 }
3286 
3287 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3288 {
3289         int wp_idx = 0;
3290         int if_idx = 0;
3291         int wp_start = cb->args[0];
3292         int if_start = cb->args[1];
3293         int filter_wiphy = -1;
3294         struct cfg80211_registered_device *rdev;
3295         struct wireless_dev *wdev;
3296         int ret;
3297 
3298         rtnl_lock();
3299         if (!cb->args[2]) {
3300                 struct nl80211_dump_wiphy_state state = {
3301                         .filter_wiphy = -1,
3302                 };
3303 
3304                 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3305                 if (ret)
3306                         goto out_unlock;
3307 
3308                 filter_wiphy = state.filter_wiphy;
3309 
3310                 /*
3311                  * if filtering, set cb->args[2] to +1 since 0 is the default
3312                  * value needed to determine that parsing is necessary.
3313                  */
3314                 if (filter_wiphy >= 0)
3315                         cb->args[2] = filter_wiphy + 1;
3316                 else
3317                         cb->args[2] = -1;
3318         } else if (cb->args[2] > 0) {
3319                 filter_wiphy = cb->args[2] - 1;
3320         }
3321 
3322         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3323                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3324                         continue;
3325                 if (wp_idx < wp_start) {
3326                         wp_idx++;
3327                         continue;
3328                 }
3329 
3330                 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3331                         continue;
3332 
3333                 if_idx = 0;
3334 
3335                 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3336                         if (if_idx < if_start) {
3337                                 if_idx++;
3338                                 continue;
3339                         }
3340                         if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3341                                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
3342                                                rdev, wdev,
3343                                                NL80211_CMD_NEW_INTERFACE) < 0) {
3344                                 goto out;
3345                         }
3346                         if_idx++;
3347                 }
3348 
3349                 wp_idx++;
3350         }
3351  out:
3352         cb->args[0] = wp_idx;
3353         cb->args[1] = if_idx;
3354 
3355         ret = skb->len;
3356  out_unlock:
3357         rtnl_unlock();
3358 
3359         return ret;
3360 }
3361 
3362 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3363 {
3364         struct sk_buff *msg;
3365         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3366         struct wireless_dev *wdev = info->user_ptr[1];
3367 
3368         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3369         if (!msg)
3370                 return -ENOMEM;
3371 
3372         if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3373                                rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3374                 nlmsg_free(msg);
3375                 return -ENOBUFS;
3376         }
3377 
3378         return genlmsg_reply(msg, info);
3379 }
3380 
3381 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3382         [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3383         [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3384         [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3385         [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3386         [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3387         [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3388 };
3389 
3390 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3391 {
3392         struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3393         int flag;
3394 
3395         *mntrflags = 0;
3396 
3397         if (!nla)
3398                 return -EINVAL;
3399 
3400         if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3401                 return -EINVAL;
3402 
3403         for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3404                 if (flags[flag])
3405                         *mntrflags |= (1<<flag);
3406 
3407         *mntrflags |= MONITOR_FLAG_CHANGED;
3408 
3409         return 0;
3410 }
3411 
3412 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3413                                      enum nl80211_iftype type,
3414                                      struct genl_info *info,
3415                                      struct vif_params *params)
3416 {
3417         bool change = false;
3418         int err;
3419 
3420         if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3421                 if (type != NL80211_IFTYPE_MONITOR)
3422                         return -EINVAL;
3423 
3424                 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3425                                           &params->flags);
3426                 if (err)
3427                         return err;
3428 
3429                 change = true;
3430         }
3431 
3432         if (params->flags & MONITOR_FLAG_ACTIVE &&
3433             !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3434                 return -EOPNOTSUPP;
3435 
3436         if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3437                 const u8 *mumimo_groups;
3438                 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3439 
3440                 if (type != NL80211_IFTYPE_MONITOR)
3441                         return -EINVAL;
3442 
3443                 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3444                         return -EOPNOTSUPP;
3445 
3446                 mumimo_groups =
3447                         nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3448 
3449                 /* bits 0 and 63 are reserved and must be zero */
3450                 if ((mumimo_groups[0] & BIT(0)) ||
3451                     (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3452                         return -EINVAL;
3453 
3454                 params->vht_mumimo_groups = mumimo_groups;
3455                 change = true;
3456         }
3457 
3458         if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3459                 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3460 
3461                 if (type != NL80211_IFTYPE_MONITOR)
3462                         return -EINVAL;
3463 
3464                 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3465                         return -EOPNOTSUPP;
3466 
3467                 params->vht_mumimo_follow_addr =
3468                         nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3469                 change = true;
3470         }
3471 
3472         return change ? 1 : 0;
3473 }
3474 
3475 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3476                                struct net_device *netdev, u8 use_4addr,
3477                                enum nl80211_iftype iftype)
3478 {
3479         if (!use_4addr) {
3480                 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
3481                         return -EBUSY;
3482                 return 0;
3483         }
3484 
3485         switch (iftype) {
3486         case NL80211_IFTYPE_AP_VLAN:
3487                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3488                         return 0;
3489                 break;
3490         case NL80211_IFTYPE_STATION:
3491                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3492                         return 0;
3493                 break;
3494         default:
3495                 break;
3496         }
3497 
3498         return -EOPNOTSUPP;
3499 }
3500 
3501 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3502 {
3503         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3504         struct vif_params params;
3505         int err;
3506         enum nl80211_iftype otype, ntype;
3507         struct net_device *dev = info->user_ptr[1];
3508         bool change = false;
3509 
3510         memset(&params, 0, sizeof(params));
3511 
3512         otype = ntype = dev->ieee80211_ptr->iftype;
3513 
3514         if (info->attrs[NL80211_ATTR_IFTYPE]) {
3515                 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3516                 if (otype != ntype)
3517                         change = true;
3518         }
3519 
3520         if (info->attrs[NL80211_ATTR_MESH_ID]) {
3521                 struct wireless_dev *wdev = dev->ieee80211_ptr;
3522 
3523                 if (ntype != NL80211_IFTYPE_MESH_POINT)
3524                         return -EINVAL;
3525                 if (netif_running(dev))
3526                         return -EBUSY;
3527 
3528                 wdev_lock(wdev);
3529                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3530                              IEEE80211_MAX_MESH_ID_LEN);
3531                 wdev->mesh_id_up_len =
3532                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3533                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3534                        wdev->mesh_id_up_len);
3535                 wdev_unlock(wdev);
3536         }
3537 
3538         if (info->attrs[NL80211_ATTR_4ADDR]) {
3539                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3540                 change = true;
3541                 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3542                 if (err)
3543                         return err;
3544         } else {
3545                 params.use_4addr = -1;
3546         }
3547 
3548         err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3549         if (err < 0)
3550                 return err;
3551         if (err > 0)
3552                 change = true;
3553 
3554         if (change)
3555                 err = cfg80211_change_iface(rdev, dev, ntype, &params);
3556         else
3557                 err = 0;
3558 
3559         if (!err && params.use_4addr != -1)
3560                 dev->ieee80211_ptr->use_4addr = params.use_4addr;
3561 
3562         if (change && !err) {
3563                 struct wireless_dev *wdev = dev->ieee80211_ptr;
3564 
3565                 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3566         }
3567 
3568         return err;
3569 }
3570 
3571 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3572 {
3573         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3574         struct vif_params params;
3575         struct wireless_dev *wdev;
3576         struct sk_buff *msg;
3577         int err;
3578         enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3579 
3580         /* to avoid failing a new interface creation due to pending removal */
3581         cfg80211_destroy_ifaces(rdev);
3582 
3583         memset(&params, 0, sizeof(params));
3584 
3585         if (!info->attrs[NL80211_ATTR_IFNAME])
3586                 return -EINVAL;
3587 
3588         if (info->attrs[NL80211_ATTR_IFTYPE])
3589                 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3590 
3591         if (!rdev->ops->add_virtual_intf)
3592                 return -EOPNOTSUPP;
3593 
3594         if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3595              rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3596             info->attrs[NL80211_ATTR_MAC]) {
3597                 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3598                            ETH_ALEN);
3599                 if (!is_valid_ether_addr(params.macaddr))
3600                         return -EADDRNOTAVAIL;
3601         }
3602 
3603         if (info->attrs[NL80211_ATTR_4ADDR]) {
3604                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3605                 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3606                 if (err)
3607                         return err;
3608         }
3609 
3610         if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3611                 return -EOPNOTSUPP;
3612 
3613         err = nl80211_parse_mon_options(rdev, type, info, &params);
3614         if (err < 0)
3615                 return err;
3616 
3617         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3618         if (!msg)
3619                 return -ENOMEM;
3620 
3621         wdev = rdev_add_virtual_intf(rdev,
3622                                 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3623                                 NET_NAME_USER, type, &params);
3624         if (WARN_ON(!wdev)) {
3625                 nlmsg_free(msg);
3626                 return -EPROTO;
3627         } else if (IS_ERR(wdev)) {
3628                 nlmsg_free(msg);
3629                 return PTR_ERR(wdev);
3630         }
3631 
3632         if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3633                 wdev->owner_nlportid = info->snd_portid;
3634 
3635         switch (type) {
3636         case NL80211_IFTYPE_MESH_POINT:
3637                 if (!info->attrs[NL80211_ATTR_MESH_ID])
3638                         break;
3639                 wdev_lock(wdev);
3640                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3641                              IEEE80211_MAX_MESH_ID_LEN);
3642                 wdev->mesh_id_up_len =
3643                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3644                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3645                        wdev->mesh_id_up_len);
3646                 wdev_unlock(wdev);
3647                 break;
3648         case NL80211_IFTYPE_NAN:
3649         case NL80211_IFTYPE_P2P_DEVICE:
3650                 /*
3651                  * P2P Device and NAN do not have a netdev, so don't go
3652                  * through the netdev notifier and must be added here
3653                  */
3654                 cfg80211_init_wdev(rdev, wdev);
3655                 break;
3656         default:
3657                 break;
3658         }
3659 
3660         if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3661                                rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3662                 nlmsg_free(msg);
3663                 return -ENOBUFS;
3664         }
3665 
3666         return genlmsg_reply(msg, info);
3667 }
3668 
3669 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3670 {
3671         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3672         struct wireless_dev *wdev = info->user_ptr[1];
3673 
3674         if (!rdev->ops->del_virtual_intf)
3675                 return -EOPNOTSUPP;
3676 
3677         /*
3678          * If we remove a wireless device without a netdev then clear
3679          * user_ptr[1] so that nl80211_post_doit won't dereference it
3680          * to check if it needs to do dev_put(). Otherwise it crashes
3681          * since the wdev has been freed, unlike with a netdev where
3682          * we need the dev_put() for the netdev to really be freed.
3683          */
3684         if (!wdev->netdev)
3685                 info->user_ptr[1] = NULL;
3686 
3687         return rdev_del_virtual_intf(rdev, wdev);
3688 }
3689 
3690 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3691 {
3692         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3693         struct net_device *dev = info->user_ptr[1];
3694         u16 noack_map;
3695 
3696         if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3697                 return -EINVAL;
3698 
3699         if (!rdev->ops->set_noack_map)
3700                 return -EOPNOTSUPP;
3701 
3702         noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3703 
3704         return rdev_set_noack_map(rdev, dev, noack_map);
3705 }
3706 
3707 struct get_key_cookie {
3708         struct sk_buff *msg;
3709         int error;
3710         int idx;
3711 };
3712 
3713 static void get_key_callback(void *c, struct key_params *params)
3714 {
3715         struct nlattr *key;
3716         struct get_key_cookie *cookie = c;
3717 
3718         if ((params->key &&
3719              nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3720                      params->key_len, params->key)) ||
3721             (params->seq &&
3722              nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3723                      params->seq_len, params->seq)) ||
3724             (params->cipher &&
3725              nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3726                          params->cipher)))
3727                 goto nla_put_failure;
3728 
3729         key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
3730         if (!key)
3731                 goto nla_put_failure;
3732 
3733         if ((params->key &&
3734              nla_put(cookie->msg, NL80211_KEY_DATA,
3735                      params->key_len, params->key)) ||
3736             (params->seq &&
3737              nla_put(cookie->msg, NL80211_KEY_SEQ,
3738                      params->seq_len, params->seq)) ||
3739             (params->cipher &&
3740              nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3741                          params->cipher)))
3742                 goto nla_put_failure;
3743 
3744         if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
3745                 goto nla_put_failure;
3746 
3747         nla_nest_end(cookie->msg, key);
3748 
3749         return;
3750  nla_put_failure:
3751         cookie->error = 1;
3752 }
3753 
3754 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3755 {
3756         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3757         int err;
3758         struct net_device *dev = info->user_ptr[1];
3759         u8 key_idx = 0;
3760         const u8 *mac_addr = NULL;
3761         bool pairwise;
3762         struct get_key_cookie cookie = {
3763                 .error = 0,
3764         };
3765         void *hdr;
3766         struct sk_buff *msg;
3767 
3768         if (info->attrs[NL80211_ATTR_KEY_IDX])
3769                 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3770 
3771         if (info->attrs[NL80211_ATTR_MAC])
3772                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3773 
3774         pairwise = !!mac_addr;
3775         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3776                 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3777 
3778                 if (kt != NL80211_KEYTYPE_GROUP &&
3779                     kt != NL80211_KEYTYPE_PAIRWISE)
3780                         return -EINVAL;
3781                 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3782         }
3783 
3784         if (!rdev->ops->get_key)
3785                 return -EOPNOTSUPP;
3786 
3787         if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3788                 return -ENOENT;
3789 
3790         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3791         if (!msg)
3792                 return -ENOMEM;
3793 
3794         hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3795                              NL80211_CMD_NEW_KEY);
3796         if (!hdr)
3797                 goto nla_put_failure;
3798 
3799         cookie.msg = msg;
3800         cookie.idx = key_idx;
3801 
3802         if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3803             nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3804                 goto nla_put_failure;
3805         if (mac_addr &&
3806             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3807                 goto nla_put_failure;
3808 
3809         err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3810                            get_key_callback);
3811 
3812         if (err)
3813                 goto free_msg;
3814 
3815         if (cookie.error)
3816                 goto nla_put_failure;
3817 
3818         genlmsg_end(msg, hdr);
3819         return genlmsg_reply(msg, info);
3820 
3821  nla_put_failure:
3822         err = -ENOBUFS;
3823  free_msg:
3824         nlmsg_free(msg);
3825         return err;
3826 }
3827 
3828 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3829 {
3830         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3831         struct key_parse key;
3832         int err;
3833         struct net_device *dev = info->user_ptr[1];
3834 
3835         err = nl80211_parse_key(info, &key);
3836         if (err)
3837                 return err;
3838 
3839         if (key.idx < 0)
3840                 return -EINVAL;
3841 
3842         /* Only support setting default key and
3843          * Extended Key ID action NL80211_KEY_SET_TX.
3844          */
3845         if (!key.def && !key.defmgmt &&
3846             !(key.p.mode == NL80211_KEY_SET_TX))
3847                 return -EINVAL;
3848 
3849         wdev_lock(dev->ieee80211_ptr);
3850 
3851         if (key.def) {
3852                 if (!rdev->ops->set_default_key) {
3853                         err = -EOPNOTSUPP;
3854                         goto out;
3855                 }
3856 
3857                 err = nl80211_key_allowed(dev->ieee80211_ptr);
3858                 if (err)
3859                         goto out;
3860 
3861                 err = rdev_set_default_key(rdev, dev, key.idx,
3862                                                  key.def_uni, key.def_multi);
3863 
3864                 if (err)
3865                         goto out;
3866 
3867 #ifdef CONFIG_CFG80211_WEXT
3868                 dev->ieee80211_ptr->wext.default_key = key.idx;
3869 #endif
3870         } else if (key.defmgmt) {
3871                 if (key.def_uni || !key.def_multi) {
3872                         err = -EINVAL;
3873                         goto out;
3874                 }
3875 
3876                 if (!rdev->ops->set_default_mgmt_key) {
3877                         err = -EOPNOTSUPP;
3878                         goto out;
3879                 }
3880 
3881                 err = nl80211_key_allowed(dev->ieee80211_ptr);
3882                 if (err)
3883                         goto out;
3884 
3885                 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3886                 if (err)
3887                         goto out;
3888 
3889 #ifdef CONFIG_CFG80211_WEXT
3890                 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3891 #endif
3892         } else if (key.p.mode == NL80211_KEY_SET_TX &&
3893                    wiphy_ext_feature_isset(&rdev->wiphy,
3894                                            NL80211_EXT_FEATURE_EXT_KEY_ID)) {
3895                 u8 *mac_addr = NULL;
3896 
3897                 if (info->attrs[NL80211_ATTR_MAC])
3898                         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3899 
3900                 if (!mac_addr || key.idx < 0 || key.idx > 1) {
3901                         err = -EINVAL;
3902                         goto out;
3903                 }
3904 
3905                 err = rdev_add_key(rdev, dev, key.idx,
3906                                    NL80211_KEYTYPE_PAIRWISE,
3907                                    mac_addr, &key.p);
3908         } else {
3909                 err = -EINVAL;
3910         }
3911  out:
3912         wdev_unlock(dev->ieee80211_ptr);
3913 
3914         return err;
3915 }
3916 
3917 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3918 {
3919         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3920         int err;
3921         struct net_device *dev = info->user_ptr[1];
3922         struct key_parse key;
3923         const u8 *mac_addr = NULL;
3924 
3925         err = nl80211_parse_key(info, &key);
3926         if (err)
3927                 return err;
3928 
3929         if (!key.p.key)
3930                 return -EINVAL;
3931 
3932         if (info->attrs[NL80211_ATTR_MAC])
3933                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3934 
3935         if (key.type == -1) {
3936                 if (mac_addr)
3937                         key.type = NL80211_KEYTYPE_PAIRWISE;
3938                 else
3939                         key.type = NL80211_KEYTYPE_GROUP;
3940         }
3941 
3942         /* for now */
3943         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3944             key.type != NL80211_KEYTYPE_GROUP)
3945                 return -EINVAL;
3946 
3947         if (!rdev->ops->add_key)
3948                 return -EOPNOTSUPP;
3949 
3950         if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3951                                            key.type == NL80211_KEYTYPE_PAIRWISE,
3952                                            mac_addr))
3953                 return -EINVAL;
3954 
3955         wdev_lock(dev->ieee80211_ptr);
3956         err = nl80211_key_allowed(dev->ieee80211_ptr);
3957         if (!err)
3958                 err = rdev_add_key(rdev, dev, key.idx,
3959                                    key.type == NL80211_KEYTYPE_PAIRWISE,
3960                                     mac_addr, &key.p);
3961         wdev_unlock(dev->ieee80211_ptr);
3962 
3963         return err;
3964 }
3965 
3966 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3967 {
3968         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3969         int err;
3970         struct net_device *dev = info->user_ptr[1];
3971         u8 *mac_addr = NULL;
3972         struct key_parse key;
3973 
3974         err = nl80211_parse_key(info, &key);
3975         if (err)
3976                 return err;
3977 
3978         if (info->attrs[NL80211_ATTR_MAC])
3979                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3980 
3981         if (key.type == -1) {
3982                 if (mac_addr)
3983                         key.type = NL80211_KEYTYPE_PAIRWISE;
3984                 else
3985                         key.type = NL80211_KEYTYPE_GROUP;
3986         }
3987 
3988         /* for now */
3989         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3990             key.type != NL80211_KEYTYPE_GROUP)
3991                 return -EINVAL;
3992 
3993         if (!rdev->ops->del_key)
3994                 return -EOPNOTSUPP;
3995 
3996         wdev_lock(dev->ieee80211_ptr);
3997         err = nl80211_key_allowed(dev->ieee80211_ptr);
3998 
3999         if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4000             !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4001                 err = -ENOENT;
4002 
4003         if (!err)
4004                 err = rdev_del_key(rdev, dev, key.idx,
4005                                    key.type == NL80211_KEYTYPE_PAIRWISE,
4006                                    mac_addr);
4007 
4008 #ifdef CONFIG_CFG80211_WEXT
4009         if (!err) {
4010                 if (key.idx == dev->ieee80211_ptr->wext.default_key)
4011                         dev->ieee80211_ptr->wext.default_key = -1;
4012                 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
4013                         dev->ieee80211_ptr->wext.default_mgmt_key = -1;
4014         }
4015 #endif
4016         wdev_unlock(dev->ieee80211_ptr);
4017 
4018         return err;
4019 }
4020 
4021 /* This function returns an error or the number of nested attributes */
4022 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4023 {
4024         struct nlattr *attr;
4025         int n_entries = 0, tmp;
4026 
4027         nla_for_each_nested(attr, nl_attr, tmp) {
4028                 if (nla_len(attr) != ETH_ALEN)
4029                         return -EINVAL;
4030 
4031                 n_entries++;
4032         }
4033 
4034         return n_entries;
4035 }
4036 
4037 /*
4038  * This function parses ACL information and allocates memory for ACL data.
4039  * On successful return, the calling function is responsible to free the
4040  * ACL buffer returned by this function.
4041  */
4042 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
4043                                                 struct genl_info *info)
4044 {
4045         enum nl80211_acl_policy acl_policy;
4046         struct nlattr *attr;
4047         struct cfg80211_acl_data *acl;
4048         int i = 0, n_entries, tmp;
4049 
4050         if (!wiphy->max_acl_mac_addrs)
4051                 return ERR_PTR(-EOPNOTSUPP);
4052 
4053         if (!info->attrs[NL80211_ATTR_ACL_POLICY])
4054                 return ERR_PTR(-EINVAL);
4055 
4056         acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
4057         if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
4058             acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
4059                 return ERR_PTR(-EINVAL);
4060 
4061         if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
4062                 return ERR_PTR(-EINVAL);
4063 
4064         n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
4065         if (n_entries < 0)
4066                 return ERR_PTR(n_entries);
4067 
4068         if (n_entries > wiphy->max_acl_mac_addrs)
4069                 return ERR_PTR(-ENOTSUPP);
4070 
4071         acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
4072         if (!acl)
4073                 return ERR_PTR(-ENOMEM);
4074 
4075         nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
4076                 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
4077                 i++;
4078         }
4079 
4080         acl->n_acl_entries = n_entries;
4081         acl->acl_policy = acl_policy;
4082 
4083         return acl;
4084 }
4085 
4086 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
4087 {
4088         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4089         struct net_device *dev = info->user_ptr[1];
4090         struct cfg80211_acl_data *acl;
4091         int err;
4092 
4093         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4094             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4095                 return -EOPNOTSUPP;
4096 
4097         if (!dev->ieee80211_ptr->beacon_interval)
4098                 return -EINVAL;
4099 
4100         acl = parse_acl_data(&rdev->wiphy, info);
4101         if (IS_ERR(acl))
4102                 return PTR_ERR(acl);
4103 
4104         err = rdev_set_mac_acl(rdev, dev, acl);
4105 
4106         kfree(acl);
4107 
4108         return err;
4109 }
4110 
4111 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4112                            u8 *rates, u8 rates_len)
4113 {
4114         u8 i;
4115         u32 mask = 0;
4116 
4117         for (i = 0; i < rates_len; i++) {
4118                 int rate = (rates[i] & 0x7f) * 5;
4119                 int ridx;
4120 
4121                 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4122                         struct ieee80211_rate *srate =
4123                                 &sband->bitrates[ridx];
4124                         if (rate == srate->bitrate) {
4125                                 mask |= 1 << ridx;
4126                                 break;
4127                         }
4128                 }
4129                 if (ridx == sband->n_bitrates)
4130                         return 0; /* rate not found */
4131         }
4132 
4133         return mask;
4134 }
4135 
4136 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4137                                u8 *rates, u8 rates_len,
4138                                u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4139 {
4140         u8 i;
4141 
4142         memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4143 
4144         for (i = 0; i < rates_len; i++) {
4145                 int ridx, rbit;
4146 
4147                 ridx = rates[i] / 8;
4148                 rbit = BIT(rates[i] % 8);
4149 
4150                 /* check validity */
4151                 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4152                         return false;
4153 
4154                 /* check availability */
4155                 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4156                 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4157                         mcs[ridx] |= rbit;
4158                 else
4159                         return false;
4160         }
4161 
4162         return true;
4163 }
4164 
4165 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4166 {
4167         u16 mcs_mask = 0;
4168 
4169         switch (vht_mcs_map) {
4170         case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4171                 break;
4172         case IEEE80211_VHT_MCS_SUPPORT_0_7:
4173                 mcs_mask = 0x00FF;
4174                 break;
4175         case IEEE80211_VHT_MCS_SUPPORT_0_8:
4176                 mcs_mask = 0x01FF;
4177                 break;
4178         case IEEE80211_VHT_MCS_SUPPORT_0_9:
4179                 mcs_mask = 0x03FF;
4180                 break;
4181         default:
4182                 break;
4183         }
4184 
4185         return mcs_mask;
4186 }
4187 
4188 static void vht_build_mcs_mask(u16 vht_mcs_map,
4189                                u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4190 {
4191         u8 nss;
4192 
4193         for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4194                 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4195                 vht_mcs_map >>= 2;
4196         }
4197 }
4198 
4199 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4200                              struct nl80211_txrate_vht *txrate,
4201                              u16 mcs[NL80211_VHT_NSS_MAX])
4202 {
4203         u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4204         u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4205         u8 i;
4206 
4207         if (!sband->vht_cap.vht_supported)
4208                 return false;
4209 
4210         memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4211 
4212         /* Build vht_mcs_mask from VHT capabilities */
4213         vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4214 
4215         for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4216                 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4217                         mcs[i] = txrate->mcs[i];
4218                 else
4219                         return false;
4220         }
4221 
4222         return true;
4223 }
4224 
4225 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4226         [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4227                                     .len = NL80211_MAX_SUPP_RATES },
4228         [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
4229                                 .len = NL80211_MAX_SUPP_HT_RATES },
4230         [NL80211_TXRATE_VHT] = {
4231                 .type = NLA_EXACT_LEN_WARN,
4232                 .len = sizeof(struct nl80211_txrate_vht),
4233         },
4234         [NL80211_TXRATE_GI] = { .type = NLA_U8 },
4235 };
4236 
4237 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4238                                          struct cfg80211_bitrate_mask *mask)
4239 {
4240         struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4241         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4242         int rem, i;
4243         struct nlattr *tx_rates;
4244         struct ieee80211_supported_band *sband;
4245         u16 vht_tx_mcs_map;
4246 
4247         memset(mask, 0, sizeof(*mask));
4248         /* Default to all rates enabled */
4249         for (i = 0; i < NUM_NL80211_BANDS; i++) {
4250                 sband = rdev->wiphy.bands[i];
4251 
4252                 if (!sband)
4253                         continue;
4254 
4255                 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4256                 memcpy(mask->control[i].ht_mcs,
4257                        sband->ht_cap.mcs.rx_mask,
4258                        sizeof(mask->control[i].ht_mcs));
4259 
4260                 if (!sband->vht_cap.vht_supported)
4261                         continue;
4262 
4263                 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4264                 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4265         }
4266 
4267         /* if no rates are given set it back to the defaults */
4268         if (!info->attrs[NL80211_ATTR_TX_RATES])
4269                 goto out;
4270 
4271         /* The nested attribute uses enum nl80211_band as the index. This maps
4272          * directly to the enum nl80211_band values used in cfg80211.
4273          */
4274         BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4275         nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
4276                 enum nl80211_band band = nla_type(tx_rates);
4277                 int err;
4278 
4279                 if (band < 0 || band >= NUM_NL80211_BANDS)
4280                         return -EINVAL;
4281                 sband = rdev->wiphy.bands[band];
4282                 if (sband == NULL)
4283                         return -EINVAL;
4284                 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4285                                                   tx_rates,
4286                                                   nl80211_txattr_policy,
4287                                                   info->extack);
4288                 if (err)
4289                         return err;
4290                 if (tb[NL80211_TXRATE_LEGACY]) {
4291                         mask->control[band].legacy = rateset_to_mask(
4292                                 sband,
4293                                 nla_data(tb[NL80211_TXRATE_LEGACY]),
4294                                 nla_len(tb[NL80211_TXRATE_LEGACY]));
4295                         if ((mask->control[band].legacy == 0) &&
4296                             nla_len(tb[NL80211_TXRATE_LEGACY]))
4297                                 return -EINVAL;
4298                 }
4299                 if (tb[NL80211_TXRATE_HT]) {
4300                         if (!ht_rateset_to_mask(
4301                                         sband,
4302                                         nla_data(tb[NL80211_TXRATE_HT]),
4303                                         nla_len(tb[NL80211_TXRATE_HT]),
4304                                         mask->control[band].ht_mcs))
4305                                 return -EINVAL;
4306                 }
4307                 if (tb[NL80211_TXRATE_VHT]) {
4308                         if (!vht_set_mcs_mask(
4309                                         sband,
4310                                         nla_data(tb[NL80211_TXRATE_VHT]),
4311                                         mask->control[band].vht_mcs))
4312                                 return -EINVAL;
4313                 }
4314                 if (tb[NL80211_TXRATE_GI]) {
4315                         mask->control[band].gi =
4316                                 nla_get_u8(tb[NL80211_TXRATE_GI]);
4317                         if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4318                                 return -EINVAL;
4319                 }
4320 
4321                 if (mask->control[band].legacy == 0) {
4322                         /* don't allow empty legacy rates if HT or VHT
4323                          * are not even supported.
4324                          */
4325                         if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4326                               rdev->wiphy.bands[band]->vht_cap.vht_supported))
4327                                 return -EINVAL;
4328 
4329                         for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4330                                 if (mask->control[band].ht_mcs[i])
4331                                         goto out;
4332 
4333                         for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4334                                 if (mask->control[band].vht_mcs[i])
4335                                         goto out;
4336 
4337                         /* legacy and mcs rates may not be both empty */
4338                         return -EINVAL;
4339                 }
4340         }
4341 
4342 out:
4343         return 0;
4344 }
4345 
4346 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4347                                    enum nl80211_band band,
4348                                    struct cfg80211_bitrate_mask *beacon_rate)
4349 {
4350         u32 count_ht, count_vht, i;
4351         u32 rate = beacon_rate->control[band].legacy;
4352 
4353         /* Allow only one rate */
4354         if (hweight32(rate) > 1)
4355                 return -EINVAL;
4356 
4357         count_ht = 0;
4358         for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4359                 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4360                         return -EINVAL;
4361                 } else if (beacon_rate->control[band].ht_mcs[i]) {
4362                         count_ht++;
4363                         if (count_ht > 1)
4364                                 return -EINVAL;
4365                 }
4366                 if (count_ht && rate)
4367                         return -EINVAL;
4368         }
4369 
4370         count_vht = 0;
4371         for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4372                 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4373                         return -EINVAL;
4374                 } else if (beacon_rate->control[band].vht_mcs[i]) {
4375                         count_vht++;
4376                         if (count_vht > 1)
4377                                 return -EINVAL;
4378                 }
4379                 if (count_vht && rate)
4380                         return -EINVAL;
4381         }
4382 
4383         if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
4384                 return -EINVAL;
4385 
4386         if (rate &&
4387             !wiphy_ext_feature_isset(&rdev->wiphy,
4388                                      NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4389                 return -EINVAL;
4390         if (count_ht &&
4391             !wiphy_ext_feature_isset(&rdev->wiphy,
4392                                      NL80211_EXT_FEATURE_BEACON_RATE_HT))
4393                 return -EINVAL;
4394         if (count_vht &&
4395             !wiphy_ext_feature_isset(&rdev->wiphy,
4396                                      NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4397                 return -EINVAL;
4398 
4399         return 0;
4400 }
4401 
4402 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4403                                 struct nlattr *attrs[],
4404                                 struct cfg80211_beacon_data *bcn)
4405 {
4406         bool haveinfo = false;
4407         int err;
4408 
4409         memset(bcn, 0, sizeof(*bcn));
4410 
4411         if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4412                 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4413                 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4414                 if (!bcn->head_len)
4415                         return -EINVAL;
4416                 haveinfo = true;
4417         }
4418 
4419         if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4420                 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4421                 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4422                 haveinfo = true;
4423         }
4424 
4425         if (!haveinfo)
4426                 return -EINVAL;
4427 
4428         if (attrs[NL80211_ATTR_IE]) {
4429                 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
4430                 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
4431         }
4432 
4433         if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
4434                 bcn->proberesp_ies =
4435                         nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4436                 bcn->proberesp_ies_len =
4437                         nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4438         }
4439 
4440         if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
4441                 bcn->assocresp_ies =
4442                         nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4443                 bcn->assocresp_ies_len =
4444                         nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4445         }
4446 
4447         if (attrs[NL80211_ATTR_PROBE_RESP]) {
4448                 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
4449                 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
4450         }
4451 
4452         if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
4453                 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
4454 
4455                 err = nla_parse_nested_deprecated(tb,
4456                                                   NL80211_FTM_RESP_ATTR_MAX,
4457                                                   attrs[NL80211_ATTR_FTM_RESPONDER],
4458                                                   NULL, NULL);
4459                 if (err)
4460                         return err;
4461 
4462                 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
4463                     wiphy_ext_feature_isset(&rdev->wiphy,
4464                                             NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
4465                         bcn->ftm_responder = 1;
4466                 else
4467                         return -EOPNOTSUPP;
4468 
4469                 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
4470                         bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
4471                         bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
4472                 }
4473 
4474                 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
4475                         bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4476                         bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4477                 }
4478         } else {
4479                 bcn->ftm_responder = -1;
4480         }
4481 
4482         return 0;
4483 }
4484 
4485 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
4486                                     struct ieee80211_he_obss_pd *he_obss_pd)
4487 {
4488         struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
4489         int err;
4490 
4491         err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
4492                                he_obss_pd_policy, NULL);
4493         if (err)
4494                 return err;
4495 
4496         if (!tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] ||
4497             !tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
4498                 return -EINVAL;
4499 
4500         he_obss_pd->min_offset =
4501                 nla_get_u32(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
4502         he_obss_pd->max_offset =
4503                 nla_get_u32(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
4504 
4505         if (he_obss_pd->min_offset >= he_obss_pd->max_offset)
4506                 return -EINVAL;
4507 
4508         he_obss_pd->enable = true;
4509 
4510         return 0;
4511 }
4512 
4513 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
4514                                             const u8 *rates)
4515 {
4516         int i;
4517 
4518         if (!rates)
4519                 return;
4520 
4521         for (i = 0; i < rates[1]; i++) {
4522                 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
4523                         params->ht_required = true;
4524                 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
4525                         params->vht_required = true;
4526         }
4527 }
4528 
4529 /*
4530  * Since the nl80211 API didn't include, from the beginning, attributes about
4531  * HT/VHT requirements/capabilities, we parse them out of the IEs for the
4532  * benefit of drivers that rebuild IEs in the firmware.
4533  */
4534 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
4535 {
4536         const struct cfg80211_beacon_data *bcn = &params->beacon;
4537         size_t ies_len = bcn->tail_len;
4538         const u8 *ies = bcn->tail;
4539         const u8 *rates;
4540         const u8 *cap;
4541 
4542         rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
4543         nl80211_check_ap_rate_selectors(params, rates);
4544 
4545         rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
4546         nl80211_check_ap_rate_selectors(params, rates);
4547 
4548         cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
4549         if (cap && cap[1] >= sizeof(*params->ht_cap))
4550                 params->ht_cap = (void *)(cap + 2);
4551         cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
4552         if (cap && cap[1] >= sizeof(*params->vht_cap))
4553                 params->vht_cap = (void *)(cap + 2);
4554         cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
4555         if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
4556                 params->he_cap = (void *)(cap + 3);
4557 }
4558 
4559 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
4560                                    struct cfg80211_ap_settings *params)
4561 {
4562         struct wireless_dev *wdev;
4563         bool ret = false;
4564 
4565         list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4566                 if (wdev->iftype != NL80211_IFTYPE_AP &&
4567                     wdev->iftype != NL80211_IFTYPE_P2P_GO)
4568                         continue;
4569 
4570                 if (!wdev->preset_chandef.chan)
4571                         continue;
4572 
4573                 params->chandef = wdev->preset_chandef;
4574                 ret = true;
4575                 break;
4576         }
4577 
4578         return ret;
4579 }
4580 
4581 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
4582                                     enum nl80211_auth_type auth_type,
4583                                     enum nl80211_commands cmd)
4584 {
4585         if (auth_type > NL80211_AUTHTYPE_MAX)
4586                 return false;
4587 
4588         switch (cmd) {
4589         case NL80211_CMD_AUTHENTICATE:
4590                 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4591                     auth_type == NL80211_AUTHTYPE_SAE)
4592                         return false;
4593                 if (!wiphy_ext_feature_isset(&rdev->wiphy,
4594                                              NL80211_EXT_FEATURE_FILS_STA) &&
4595                     (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4596                      auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4597                      auth_type == NL80211_AUTHTYPE_FILS_PK))
4598                         return false;
4599                 return true;
4600         case NL80211_CMD_CONNECT:
4601                 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4602                     !wiphy_ext_feature_isset(&rdev->wiphy,
4603                                              NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
4604                     auth_type == NL80211_AUTHTYPE_SAE)
4605                         return false;
4606 
4607                 /* FILS with SK PFS or PK not supported yet */
4608                 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4609                     auth_type == NL80211_AUTHTYPE_FILS_PK)
4610                         return false;
4611                 if (!wiphy_ext_feature_isset(
4612                             &rdev->wiphy,
4613                             NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
4614                     auth_type == NL80211_AUTHTYPE_FILS_SK)
4615                         return false;
4616                 return true;
4617         case NL80211_CMD_START_AP:
4618                 /* SAE not supported yet */
4619                 if (auth_type == NL80211_AUTHTYPE_SAE)
4620                         return false;
4621                 /* FILS not supported yet */
4622                 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4623                     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4624                     auth_type == NL80211_AUTHTYPE_FILS_PK)
4625                         return false;
4626                 return true;
4627         default:
4628                 return false;
4629         }
4630 }
4631 
4632 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
4633 {
4634         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4635         struct net_device *dev = info->user_ptr[1];
4636         struct wireless_dev *wdev = dev->ieee80211_ptr;
4637         struct cfg80211_ap_settings params;
4638         int err;
4639 
4640         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4641             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4642                 return -EOPNOTSUPP;
4643 
4644         if (!rdev->ops->start_ap)
4645                 return -EOPNOTSUPP;
4646 
4647         if (wdev->beacon_interval)
4648                 return -EALREADY;
4649 
4650         memset(&params, 0, sizeof(params));
4651 
4652         /* these are required for START_AP */
4653         if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
4654             !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
4655             !info->attrs[NL80211_ATTR_BEACON_HEAD])
4656                 return -EINVAL;
4657 
4658         err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon);
4659         if (err)
4660                 return err;
4661 
4662         params.beacon_interval =
4663                 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4664         params.dtim_period =
4665                 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
4666 
4667         err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
4668                                            params.beacon_interval);
4669         if (err)
4670                 return err;
4671 
4672         /*
4673          * In theory, some of these attributes should be required here
4674          * but since they were not used when the command was originally
4675          * added, keep them optional for old user space programs to let
4676          * them continue to work with drivers that do not need the
4677          * additional information -- drivers must check!
4678          */
4679         if (info->attrs[NL80211_ATTR_SSID]) {
4680                 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4681                 params.ssid_len =
4682                         nla_len(info->attrs[NL80211_ATTR_SSID]);
4683                 if (params.ssid_len == 0 ||
4684                     params.ssid_len > IEEE80211_MAX_SSID_LEN)
4685                         return -EINVAL;
4686         }
4687 
4688         if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
4689                 params.hidden_ssid = nla_get_u32(
4690                         info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4691 
4692         params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4693 
4694         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4695                 params.auth_type = nla_get_u32(
4696                         info->attrs[NL80211_ATTR_AUTH_TYPE]);
4697                 if (!nl80211_valid_auth_type(rdev, params.auth_type,
4698                                              NL80211_CMD_START_AP))
4699                         return -EINVAL;
4700         } else
4701                 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4702 
4703         err = nl80211_crypto_settings(rdev, info, &params.crypto,
4704                                       NL80211_MAX_NR_CIPHER_SUITES);
4705         if (err)
4706                 return err;
4707 
4708         if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4709                 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4710                         return -EOPNOTSUPP;
4711                 params.inactivity_timeout = nla_get_u16(
4712                         info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4713         }
4714 
4715         if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4716                 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4717                         return -EINVAL;
4718                 params.p2p_ctwindow =
4719                         nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4720                 if (params.p2p_ctwindow != 0 &&
4721                     !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4722                         return -EINVAL;
4723         }
4724 
4725         if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4726                 u8 tmp;
4727 
4728                 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4729                         return -EINVAL;
4730                 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4731                 params.p2p_opp_ps = tmp;
4732                 if (params.p2p_opp_ps != 0 &&
4733                     !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4734                         return -EINVAL;
4735         }
4736 
4737         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4738                 err = nl80211_parse_chandef(rdev, info, &params.chandef);
4739                 if (err)
4740                         return err;
4741         } else if (wdev->preset_chandef.chan) {
4742                 params.chandef = wdev->preset_chandef;
4743         } else if (!nl80211_get_ap_channel(rdev, &params))
4744                 return -EINVAL;
4745 
4746         if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
4747                                            wdev->iftype))
4748                 return -EINVAL;
4749 
4750         if (info->attrs[NL80211_ATTR_TX_RATES]) {
4751                 err = nl80211_parse_tx_bitrate_mask(info, &params.beacon_rate);
4752                 if (err)
4753                         return err;
4754 
4755                 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4756                                               &params.beacon_rate);
4757                 if (err)
4758                         return err;
4759         }
4760 
4761         if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4762                 params.smps_mode =
4763                         nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4764                 switch (params.smps_mode) {
4765                 case NL80211_SMPS_OFF:
4766                         break;
4767                 case NL80211_SMPS_STATIC:
4768                         if (!(rdev->wiphy.features &
4769                               NL80211_FEATURE_STATIC_SMPS))
4770                                 return -EINVAL;
4771                         break;
4772                 case NL80211_SMPS_DYNAMIC:
4773                         if (!(rdev->wiphy.features &
4774                               NL80211_FEATURE_DYNAMIC_SMPS))
4775                                 return -EINVAL;
4776                         break;
4777                 default:
4778                         return -EINVAL;
4779                 }
4780         } else {
4781                 params.smps_mode = NL80211_SMPS_OFF;
4782         }
4783 
4784         params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4785         if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4786                 return -EOPNOTSUPP;
4787 
4788         if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4789                 params.acl = parse_acl_data(&rdev->wiphy, info);
4790                 if (IS_ERR(params.acl))
4791                         return PTR_ERR(params.acl);
4792         }
4793 
4794         params.twt_responder =
4795                     nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
4796 
4797         if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
4798                 err = nl80211_parse_he_obss_pd(
4799                                         info->attrs[NL80211_ATTR_HE_OBSS_PD],
4800                                         &params.he_obss_pd);
4801                 goto out;
4802         }
4803 
4804         nl80211_calculate_ap_params(&params);
4805 
4806         if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
4807                 params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
4808 
4809         wdev_lock(wdev);
4810         err = rdev_start_ap(rdev, dev, &params);
4811         if (!err) {
4812                 wdev->preset_chandef = params.chandef;
4813                 wdev->beacon_interval = params.beacon_interval;
4814                 wdev->chandef = params.chandef;
4815                 wdev->ssid_len = params.ssid_len;
4816                 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4817 
4818                 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4819                         wdev->conn_owner_nlportid = info->snd_portid;
4820         }
4821         wdev_unlock(wdev);
4822 
4823 out:
4824         kfree(params.acl);
4825 
4826         return err;
4827 }
4828 
4829 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4830 {
4831         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4832         struct net_device *dev = info->user_ptr[1];
4833         struct wireless_dev *wdev = dev->ieee80211_ptr;
4834         struct cfg80211_beacon_data params;
4835         int err;
4836 
4837         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4838             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4839                 return -EOPNOTSUPP;
4840 
4841         if (!rdev->ops->change_beacon)
4842                 return -EOPNOTSUPP;
4843 
4844         if (!wdev->beacon_interval)
4845                 return -EINVAL;
4846 
4847         err = nl80211_parse_beacon(rdev, info->attrs, &params);
4848         if (err)
4849                 return err;
4850 
4851         wdev_lock(wdev);
4852         err = rdev_change_beacon(rdev, dev, &params);
4853         wdev_unlock(wdev);
4854 
4855         return err;
4856 }
4857 
4858 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4859 {
4860         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4861         struct net_device *dev = info->user_ptr[1];
4862 
4863         return cfg80211_stop_ap(rdev, dev, false);
4864 }
4865 
4866 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4867         [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4868         [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4869         [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4870         [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4871         [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4872         [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4873 };
4874 
4875 static int parse_station_flags(struct genl_info *info,
4876                                enum nl80211_iftype iftype,
4877                                struct station_parameters *params)
4878 {
4879         struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4880         struct nlattr *nla;
4881         int flag;
4882 
4883         /*
4884          * Try parsing the new attribute first so userspace
4885          * can specify both for older kernels.
4886          */
4887         nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4888         if (nla) {
4889                 struct nl80211_sta_flag_update *sta_flags;
4890 
4891                 sta_flags = nla_data(nla);
4892                 params->sta_flags_mask = sta_flags->mask;
4893                 params->sta_flags_set = sta_flags->set;
4894                 params->sta_flags_set &= params->sta_flags_mask;
4895                 if ((params->sta_flags_mask |
4896                      params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4897                         return -EINVAL;
4898                 return 0;
4899         }
4900 
4901         /* if present, parse the old attribute */
4902 
4903         nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4904         if (!nla)
4905                 return 0;
4906 
4907         if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
4908                 return -EINVAL;
4909 
4910         /*
4911          * Only allow certain flags for interface types so that
4912          * other attributes are silently ignored. Remember that
4913          * this is backward compatibility code with old userspace
4914          * and shouldn't be hit in other cases anyway.
4915          */
4916         switch (iftype) {
4917         case NL80211_IFTYPE_AP:
4918         case NL80211_IFTYPE_AP_VLAN:
4919         case NL80211_IFTYPE_P2P_GO:
4920                 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4921                                          BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4922                                          BIT(NL80211_STA_FLAG_WME) |
4923                                          BIT(NL80211_STA_FLAG_MFP);
4924                 break;
4925         case NL80211_IFTYPE_P2P_CLIENT:
4926         case NL80211_IFTYPE_STATION:
4927                 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4928                                          BIT(NL80211_STA_FLAG_TDLS_PEER);
4929                 break;
4930         case NL80211_IFTYPE_MESH_POINT:
4931                 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4932                                          BIT(NL80211_STA_FLAG_MFP) |
4933                                          BIT(NL80211_STA_FLAG_AUTHORIZED);
4934                 break;
4935         default:
4936                 return -EINVAL;
4937         }
4938 
4939         for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4940                 if (flags[flag]) {
4941                         params->sta_flags_set |= (1<<flag);
4942 
4943                         /* no longer support new API additions in old API */
4944                         if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4945                                 return -EINVAL;
4946                 }
4947         }
4948 
4949         return 0;
4950 }
4951 
4952 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
4953 {
4954         struct nlattr *rate;
4955         u32 bitrate;
4956         u16 bitrate_compat;
4957         enum nl80211_rate_info rate_flg;
4958 
4959         rate = nla_nest_start_noflag(msg, attr);
4960         if (!rate)
4961                 return false;
4962 
4963         /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
4964         bitrate = cfg80211_calculate_bitrate(info);
4965         /* report 16-bit bitrate only if we can */
4966         bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4967         if (bitrate > 0 &&
4968             nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4969                 return false;
4970         if (bitrate_compat > 0 &&
4971             nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4972                 return false;
4973 
4974         switch (info->bw) {
4975         case RATE_INFO_BW_5:
4976                 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4977                 break;
4978         case RATE_INFO_BW_10:
4979                 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4980                 break;
4981         default:
4982                 WARN_ON(1);
4983                 /* fall through */
4984         case RATE_INFO_BW_20:
4985                 rate_flg = 0;
4986                 break;
4987         case RATE_INFO_BW_40:
4988                 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4989                 break;
4990         case RATE_INFO_BW_80:
4991                 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4992                 break;
4993         case RATE_INFO_BW_160:
4994                 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4995                 break;
4996         case RATE_INFO_BW_HE_RU:
4997                 rate_flg = 0;
4998                 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
4999         }
5000 
5001         if (rate_flg && nla_put_flag(msg, rate_flg))
5002                 return false;
5003 
5004         if (info->flags & RATE_INFO_FLAGS_MCS) {
5005                 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
5006                         return false;
5007                 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5008                     nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5009                         return false;
5010         } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
5011                 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
5012                         return false;
5013                 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
5014                         return false;
5015                 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5016                     nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5017                         return false;
5018         } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
5019                 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
5020                         return false;
5021                 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
5022                         return false;
5023                 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
5024                         return false;
5025                 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
5026                         return false;
5027                 if (info->bw == RATE_INFO_BW_HE_RU &&
5028                     nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
5029                                info->he_ru_alloc))
5030                         return false;
5031         }
5032 
5033         nla_nest_end(msg, rate);
5034         return true;
5035 }
5036 
5037 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
5038                                int id)
5039 {
5040         void *attr;
5041         int i = 0;
5042 
5043         if (!mask)
5044                 return true;
5045 
5046         attr = nla_nest_start_noflag(msg, id);
5047         if (!attr)
5048                 return false;
5049 
5050         for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
5051                 if (!(mask & BIT(i)))
5052                         continue;
5053 
5054                 if (nla_put_u8(msg, i, signal[i]))
5055                         return false;
5056         }
5057 
5058         nla_nest_end(msg, attr);
5059 
5060         return true;
5061 }
5062 
5063 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
5064                                 u32 seq, int flags,
5065                                 struct cfg80211_registered_device *rdev,
5066                                 struct net_device *dev,
5067                                 const u8 *mac_addr, struct station_info *sinfo)
5068 {
5069         void *hdr;
5070         struct nlattr *sinfoattr, *bss_param;
5071 
5072         hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
5073         if (!hdr) {
5074                 cfg80211_sinfo_release_content(sinfo);
5075                 return -1;
5076         }
5077 
5078         if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5079             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
5080             nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
5081                 goto nla_put_failure;
5082 
5083         sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
5084         if (!sinfoattr)
5085                 goto nla_put_failure;
5086 
5087 #define PUT_SINFO(attr, memb, type) do {                                \
5088         BUILD_BUG_ON(sizeof(type) == sizeof(u64));                      \
5089         if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&       \
5090             nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,            \
5091                              sinfo->memb))                              \
5092                 goto nla_put_failure;                                   \
5093         } while (0)
5094 #define PUT_SINFO_U64(attr, memb) do {                                  \
5095         if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&       \
5096             nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr,           \
5097                               sinfo->memb, NL80211_STA_INFO_PAD))       \
5098                 goto nla_put_failure;                                   \
5099         } while (0)
5100 
5101         PUT_SINFO(CONNECTED_TIME, connected_time, u32);
5102         PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
5103         PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
5104 
5105         if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
5106                              BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
5107             nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
5108                         (u32)sinfo->rx_bytes))
5109                 goto nla_put_failure;
5110 
5111         if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
5112                              BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
5113             nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
5114                         (u32)sinfo->tx_bytes))
5115                 goto nla_put_failure;
5116 
5117         PUT_SINFO_U64(RX_BYTES64, rx_bytes);
5118         PUT_SINFO_U64(TX_BYTES64, tx_bytes);
5119         PUT_SINFO(LLID, llid, u16);
5120         PUT_SINFO(PLID, plid, u16);
5121         PUT_SINFO(PLINK_STATE, plink_state, u8);
5122         PUT_SINFO_U64(RX_DURATION, rx_duration);
5123         PUT_SINFO_U64(TX_DURATION, tx_duration);
5124 
5125         if (wiphy_ext_feature_isset(&rdev->wiphy,
5126                                     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5127                 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
5128 
5129         switch (rdev->wiphy.signal_type) {
5130         case CFG80211_SIGNAL_TYPE_MBM:
5131                 PUT_SINFO(SIGNAL, signal, u8);
5132                 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
5133                 break;
5134         default:
5135                 break;
5136         }
5137         if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
5138                 if (!nl80211_put_signal(msg, sinfo->chains,
5139                                         sinfo->chain_signal,
5140                                         NL80211_STA_INFO_CHAIN_SIGNAL))
5141                         goto nla_put_failure;
5142         }
5143         if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
5144                 if (!nl80211_put_signal(msg, sinfo->chains,
5145                                         sinfo->chain_signal_avg,
5146                                         NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
5147                         goto nla_put_failure;
5148         }
5149         if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
5150                 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
5151                                           NL80211_STA_INFO_TX_BITRATE))
5152                         goto nla_put_failure;
5153         }
5154         if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
5155                 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
5156                                           NL80211_STA_INFO_RX_BITRATE))
5157                         goto nla_put_failure;
5158         }
5159 
5160         PUT_SINFO(RX_PACKETS, rx_packets, u32);
5161         PUT_SINFO(TX_PACKETS, tx_packets, u32);
5162         PUT_SINFO(TX_RETRIES, tx_retries, u32);
5163         PUT_SINFO(TX_FAILED, tx_failed, u32);
5164         PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
5165         PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
5166         PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
5167         PUT_SINFO(LOCAL_PM, local_pm, u32);
5168         PUT_SINFO(PEER_PM, peer_pm, u32);
5169         PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
5170         PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
5171 
5172         if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5173                 bss_param = nla_nest_start_noflag(msg,
5174                                                   NL80211_STA_INFO_BSS_PARAM);
5175                 if (!bss_param)
5176                         goto nla_put_failure;
5177 
5178                 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5179                      nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5180                     ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5181                      nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5182                     ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5183                      nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5184                     nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5185                                sinfo->bss_param.dtim_period) ||
5186                     nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5187                                 sinfo->bss_param.beacon_interval))
5188                         goto nla_put_failure;
5189 
5190                 nla_nest_end(msg, bss_param);
5191         }
5192         if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5193             nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5194                     sizeof(struct nl80211_sta_flag_update),
5195                     &sinfo->sta_flags))
5196                 goto nla_put_failure;
5197 
5198         PUT_SINFO_U64(T_OFFSET, t_offset);
5199         PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5200         PUT_SINFO_U64(BEACON_RX, rx_beacon);
5201         PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5202         PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5203         PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5204         if (wiphy_ext_feature_isset(&rdev->wiphy,
5205                                     NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5206                 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5207                 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5208         }
5209 
5210 #undef PUT_SINFO
5211 #undef PUT_SINFO_U64
5212 
5213         if (sinfo->pertid) {
5214                 struct nlattr *tidsattr;
5215                 int tid;
5216 
5217                 tidsattr = nla_nest_start_noflag(msg,
5218                                                  NL80211_STA_INFO_TID_STATS);
5219                 if (!tidsattr)
5220                         goto nla_put_failure;
5221 
5222                 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5223                         struct cfg80211_tid_stats *tidstats;
5224                         struct nlattr *tidattr;
5225 
5226                         tidstats = &sinfo->pertid[tid];
5227 
5228                         if (!tidstats->filled)
5229                                 continue;
5230 
5231                         tidattr = nla_nest_start_noflag(msg, tid + 1);
5232                         if (!tidattr)
5233                                 goto nla_put_failure;
5234 
5235 #define PUT_TIDVAL_U64(attr, memb) do {                                 \
5236         if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&       \
5237             nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr,          \
5238                               tidstats->memb, NL80211_TID_STATS_PAD))   \
5239                 goto nla_put_failure;                                   \
5240         } while (0)
5241 
5242                         PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5243                         PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5244                         PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5245                         PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5246 
5247 #undef PUT_TIDVAL_U64
5248                         if ((tidstats->filled &
5249                              BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5250                             !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5251                                                    NL80211_TID_STATS_TXQ_STATS))
5252                                 goto nla_put_failure;
5253 
5254                         nla_nest_end(msg, tidattr);
5255                 }
5256 
5257                 nla_nest_end(msg, tidsattr);
5258         }
5259 
5260         nla_nest_end(msg, sinfoattr);
5261 
5262         if (sinfo->assoc_req_ies_len &&
5263             nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5264                     sinfo->assoc_req_ies))
5265                 goto nla_put_failure;
5266 
5267         cfg80211_sinfo_release_content(sinfo);
5268         genlmsg_end(msg, hdr);
5269         return 0;
5270 
5271  nla_put_failure:
5272         cfg80211_sinfo_release_content(sinfo);
5273         genlmsg_cancel(msg, hdr);
5274         return -EMSGSIZE;
5275 }
5276 
5277 static int nl80211_dump_station(struct sk_buff *skb,
5278                                 struct netlink_callback *cb)
5279 {
5280         struct station_info sinfo;
5281         struct cfg80211_registered_device *rdev;
5282         struct wireless_dev *wdev;
5283         u8 mac_addr[ETH_ALEN];
5284         int sta_idx = cb->args[2];
5285         int err;
5286 
5287         rtnl_lock();
5288         err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5289         if (err)
5290                 goto out_err;
5291 
5292         if (!wdev->netdev) {
5293                 err = -EINVAL;
5294                 goto out_err;
5295         }
5296 
5297         if (!rdev->ops->dump_station) {
5298                 err = -EOPNOTSUPP;
5299                 goto out_err;
5300         }
5301 
5302         while (1) {
5303                 memset(&sinfo, 0, sizeof(sinfo));
5304                 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
5305                                         mac_addr, &sinfo);
5306                 if (err == -ENOENT)
5307                         break;
5308                 if (err)
5309                         goto out_err;
5310 
5311                 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
5312                                 NETLINK_CB(cb->skb).portid,
5313                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5314                                 rdev, wdev->netdev, mac_addr,
5315                                 &sinfo) < 0)
5316                         goto out;
5317 
5318                 sta_idx++;
5319         }
5320 
5321  out:
5322         cb->args[2] = sta_idx;
5323         err = skb->len;
5324  out_err:
5325         rtnl_unlock();
5326 
5327         return err;
5328 }
5329 
5330 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
5331 {
5332         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5333         struct net_device *dev = info->user_ptr[1];
5334         struct station_info sinfo;
5335         struct sk_buff *msg;
5336         u8 *mac_addr = NULL;
5337         int err;
5338 
5339         memset(&sinfo, 0, sizeof(sinfo));
5340 
5341         if (!info->attrs[NL80211_ATTR_MAC])
5342                 return -EINVAL;
5343 
5344         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5345 
5346         if (!rdev->ops->get_station)
5347                 return -EOPNOTSUPP;
5348 
5349         err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
5350         if (err)
5351                 return err;
5352 
5353         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5354         if (!msg) {
5355                 cfg80211_sinfo_release_content(&sinfo);
5356                 return -ENOMEM;
5357         }
5358 
5359         if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
5360                                  info->snd_portid, info->snd_seq, 0,
5361                                  rdev, dev, mac_addr, &sinfo) < 0) {
5362                 nlmsg_free(msg);
5363                 return -ENOBUFS;
5364         }
5365 
5366         return genlmsg_reply(msg, info);
5367 }
5368 
5369 int cfg80211_check_station_change(struct wiphy *wiphy,
5370                                   struct station_parameters *params,
5371                                   enum cfg80211_station_type statype)
5372 {
5373         if (params->listen_interval != -1 &&
5374             statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5375                 return -EINVAL;
5376 
5377         if (params->support_p2p_ps != -1 &&
5378             statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5379                 return -EINVAL;
5380 
5381         if (params->aid &&
5382             !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
5383             statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5384                 return -EINVAL;
5385 
5386         /* When you run into this, adjust the code below for the new flag */
5387         BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5388 
5389         switch (statype) {
5390         case CFG80211_STA_MESH_PEER_KERNEL:
5391         case CFG80211_STA_MESH_PEER_USER:
5392                 /*
5393                  * No ignoring the TDLS flag here -- the userspace mesh
5394                  * code doesn't have the bug of including TDLS in the
5395                  * mask everywhere.
5396                  */
5397                 if (params->sta_flags_mask &
5398                                 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5399                                   BIT(NL80211_STA_FLAG_MFP) |
5400                                   BIT(NL80211_STA_FLAG_AUTHORIZED)))
5401                         return -EINVAL;
5402                 break;
5403         case CFG80211_STA_TDLS_PEER_SETUP:
5404         case CFG80211_STA_TDLS_PEER_ACTIVE:
5405                 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5406                         return -EINVAL;
5407                 /* ignore since it can't change */
5408                 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5409                 break;
5410         default:
5411                 /* disallow mesh-specific things */
5412                 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
5413                         return -EINVAL;
5414                 if (params->local_pm)
5415                         return -EINVAL;
5416                 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5417                         return -EINVAL;
5418         }
5419 
5420         if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5421             statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
5422                 /* TDLS can't be set, ... */
5423                 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
5424                         return -EINVAL;
5425                 /*
5426                  * ... but don't bother the driver with it. This works around
5427                  * a hostapd/wpa_supplicant issue -- it always includes the
5428                  * TLDS_PEER flag in the mask even for AP mode.
5429                  */
5430                 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5431         }
5432 
5433         if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5434             statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5435                 /* reject other things that can't change */
5436                 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
5437                         return -EINVAL;
5438                 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
5439                         return -EINVAL;
5440                 if (params->supported_rates)
5441                         return -EINVAL;
5442                 if (params->ext_capab || params->ht_capa || params->vht_capa ||
5443                     params->he_capa)
5444                         return -EINVAL;
5445         }
5446 
5447         if (statype != CFG80211_STA_AP_CLIENT &&
5448             statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5449                 if (params->vlan)
5450                         return -EINVAL;
5451         }
5452 
5453         switch (statype) {
5454         case CFG80211_STA_AP_MLME_CLIENT:
5455                 /* Use this only for authorizing/unauthorizing a station */
5456                 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5457                         return -EOPNOTSUPP;
5458                 break;
5459         case CFG80211_STA_AP_CLIENT:
5460         case CFG80211_STA_AP_CLIENT_UNASSOC:
5461                 /* accept only the listed bits */
5462                 if (params->sta_flags_mask &
5463                                 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5464                                   BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5465                                   BIT(NL80211_STA_FLAG_ASSOCIATED) |
5466                                   BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5467                                   BIT(NL80211_STA_FLAG_WME) |
5468                                   BIT(NL80211_STA_FLAG_MFP)))
5469                         return -EINVAL;
5470 
5471                 /* but authenticated/associated only if driver handles it */
5472                 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5473                     params->sta_flags_mask &
5474                                 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5475                                  BIT(NL80211_STA_FLAG_ASSOCIATED)))
5476                         return -EINVAL;
5477                 break;
5478         case CFG80211_STA_IBSS:
5479         case CFG80211_STA_AP_STA:
5480                 /* reject any changes other than AUTHORIZED */
5481                 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
5482                         return -EINVAL;
5483                 break;
5484         case CFG80211_STA_TDLS_PEER_SETUP:
5485                 /* reject any changes other than AUTHORIZED or WME */
5486                 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5487                                                BIT(NL80211_STA_FLAG_WME)))
5488                         return -EINVAL;
5489                 /* force (at least) rates when authorizing */
5490                 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
5491                     !params->supported_rates)
5492                         return -EINVAL;
5493                 break;
5494         case CFG80211_STA_TDLS_PEER_ACTIVE:
5495                 /* reject any changes */
5496                 return -EINVAL;
5497         case CFG80211_STA_MESH_PEER_KERNEL:
5498                 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5499                         return -EINVAL;
5500                 break;
5501         case CFG80211_STA_MESH_PEER_USER:
5502                 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
5503                     params->plink_action != NL80211_PLINK_ACTION_BLOCK)
5504                         return -EINVAL;
5505                 break;
5506         }
5507 
5508         /*
5509          * Older kernel versions ignored this attribute entirely, so don't
5510          * reject attempts to update it but mark it as unused instead so the
5511          * driver won't look at the data.
5512          */
5513         if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
5514             statype != CFG80211_STA_TDLS_PEER_SETUP)
5515                 params->opmode_notif_used = false;
5516 
5517         return 0;
5518 }
5519 EXPORT_SYMBOL(cfg80211_check_station_change);
5520 
5521 /*
5522  * Get vlan interface making sure it is running and on the right wiphy.
5523  */
5524 static struct net_device *get_vlan(struct genl_info *info,
5525                                    struct cfg80211_registered_device *rdev)
5526 {
5527         struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
5528         struct net_device *v;
5529         int ret;
5530 
5531         if (!vlanattr)
5532                 return NULL;
5533 
5534         v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
5535         if (!v)
5536                 return ERR_PTR(-ENODEV);
5537 
5538         if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
5539                 ret = -EINVAL;
5540                 goto error;
5541         }
5542 
5543         if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5544             v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5545             v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
5546                 ret = -EINVAL;
5547                 goto error;
5548         }
5549 
5550         if (!netif_running(v)) {
5551                 ret = -ENETDOWN;
5552                 goto error;
5553         }
5554 
5555         return v;
5556  error:
5557         dev_put(v);
5558         return ERR_PTR(ret);
5559 }
5560 
5561 static const struct nla_policy
5562 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
5563         [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
5564         [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
5565 };
5566 
5567 static int nl80211_parse_sta_wme(struct genl_info *info,
5568                                  struct station_parameters *params)
5569 {
5570         struct nlattr *tb[NL80211_STA_WME_MAX + 1];
5571         struct nlattr *nla;
5572         int err;
5573 
5574         /* parse WME attributes if present */
5575         if (!info->attrs[NL80211_ATTR_STA_WME])
5576                 return 0;
5577 
5578         nla = info->attrs[NL80211_ATTR_STA_WME];
5579         err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
5580                                           nl80211_sta_wme_policy,
5581                                           info->extack);
5582         if (err)
5583                 return err;
5584 
5585         if (tb[NL80211_STA_WME_UAPSD_QUEUES])
5586                 params->uapsd_queues = nla_get_u8(
5587                         tb[NL80211_STA_WME_UAPSD_QUEUES]);
5588         if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
5589                 return -EINVAL;
5590 
5591         if (tb[NL80211_STA_WME_MAX_SP])
5592                 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
5593 
5594         if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
5595                 return -EINVAL;
5596 
5597         params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
5598 
5599         return 0;
5600 }
5601 
5602 static int nl80211_parse_sta_channel_info(struct genl_info *info,
5603                                       struct station_parameters *params)
5604 {
5605         if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
5606                 params->supported_channels =
5607                      nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5608                 params->supported_channels_len =
5609                      nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5610                 /*
5611                  * Need to include at least one (first channel, number of
5612                  * channels) tuple for each subband, and must have proper
5613                  * tuples for the rest of the data as well.
5614                  */
5615                 if (params->supported_channels_len < 2)
5616                         return -EINVAL;
5617                 if (params->supported_channels_len % 2)
5618                         return -EINVAL;
5619         }
5620 
5621         if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
5622                 params->supported_oper_classes =
5623                  nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5624                 params->supported_oper_classes_len =
5625                   nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5626                 /*
5627                  * The value of the Length field of the Supported Operating
5628                  * Classes element is between 2 and 253.
5629                  */
5630                 if (params->supported_oper_classes_len < 2 ||
5631                     params->supported_oper_classes_len > 253)
5632                         return -EINVAL;
5633         }
5634         return 0;
5635 }
5636 
5637 static int nl80211_set_station_tdls(struct genl_info *info,
5638                                     struct station_parameters *params)
5639 {
5640         int err;
5641         /* Dummy STA entry gets updated once the peer capabilities are known */
5642         if (info->attrs[NL80211_ATTR_PEER_AID])
5643                 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5644         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5645                 params->ht_capa =
5646                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5647         if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5648                 params->vht_capa =
5649                         nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5650         if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5651                 params->he_capa =
5652                         nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5653                 params->he_capa_len =
5654                         nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5655 
5656                 if (params->he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5657                         return -EINVAL;
5658         }
5659 
5660         err = nl80211_parse_sta_channel_info(info, params);
5661         if (err)
5662                 return err;
5663 
5664         return nl80211_parse_sta_wme(info, params);
5665 }
5666 
5667 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
5668                                              struct station_parameters *params)
5669 {
5670         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5671         int idx;
5672 
5673         if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
5674                 if (!rdev->ops->set_tx_power ||
5675                     !wiphy_ext_feature_isset(&rdev->wiphy,
5676                                          NL80211_EXT_FEATURE_STA_TX_PWR))
5677                         return -EOPNOTSUPP;
5678 
5679                 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
5680                 params->txpwr.type = nla_get_u8(info->attrs[idx]);
5681 
5682                 if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
5683                         idx = NL80211_ATTR_STA_TX_POWER;
5684 
5685                         if (info->attrs[idx])
5686                                 params->txpwr.power =
5687                                         nla_get_s16(info->attrs[idx]);
5688                         else
5689                                 return -EINVAL;
5690                 }
5691                 params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
5692         }
5693 
5694         return 0;
5695 }
5696 
5697 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
5698 {
5699         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5700         struct net_device *dev = info->user_ptr[1];
5701         struct station_parameters params;
5702         u8 *mac_addr;
5703         int err;
5704 
5705         memset(&params, 0, sizeof(params));
5706 
5707         if (!rdev->ops->change_station)
5708                 return -EOPNOTSUPP;
5709 
5710         /*
5711          * AID and listen_interval properties can be set only for unassociated
5712          * station. Include these parameters here and will check them in
5713          * cfg80211_check_station_change().
5714          */
5715         if (info->attrs[NL80211_ATTR_STA_AID])
5716                 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5717 
5718         if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5719                 params.listen_interval =
5720                      nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5721         else
5722                 params.listen_interval = -1;
5723 
5724         if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
5725                 params.support_p2p_ps =
5726                         nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5727         else
5728                 params.support_p2p_ps = -1;
5729 
5730         if (!info->attrs[NL80211_ATTR_MAC])
5731                 return -EINVAL;
5732 
5733         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5734 
5735         if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
5736                 params.supported_rates =
5737                         nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5738                 params.supported_rates_len =
5739                         nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5740         }
5741 
5742         if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5743                 params.capability =
5744                         nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5745                 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5746         }
5747 
5748         if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5749                 params.ext_capab =
5750                         nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5751                 params.ext_capab_len =
5752                         nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5753         }
5754 
5755         if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5756                 return -EINVAL;
5757 
5758         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5759                 params.plink_action =
5760                         nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5761 
5762         if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
5763                 params.plink_state =
5764                         nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
5765                 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
5766                         params.peer_aid = nla_get_u16(
5767                                 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
5768                 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
5769         }
5770 
5771         if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
5772                 params.local_pm = nla_get_u32(
5773                         info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5774 
5775         if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5776                 params.opmode_notif_used = true;
5777                 params.opmode_notif =
5778                         nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5779         }
5780 
5781         if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5782                 params.airtime_weight =
5783                         nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5784 
5785         if (params.airtime_weight &&
5786             !wiphy_ext_feature_isset(&rdev->wiphy,
5787                                      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5788                 return -EOPNOTSUPP;
5789 
5790         err = nl80211_parse_sta_txpower_setting(info, &params);
5791         if (err)
5792                 return err;
5793 
5794         /* Include parameters for TDLS peer (will check later) */
5795         err = nl80211_set_station_tdls(info, &params);
5796         if (err)
5797                 return err;
5798 
5799         params.vlan = get_vlan(info, rdev);
5800         if (IS_ERR(params.vlan))
5801                 return PTR_ERR(params.vlan);
5802 
5803         switch (dev->ieee80211_ptr->iftype) {
5804         case NL80211_IFTYPE_AP:
5805         case NL80211_IFTYPE_AP_VLAN:
5806         case NL80211_IFTYPE_P2P_GO:
5807         case NL80211_IFTYPE_P2P_CLIENT:
5808         case NL80211_IFTYPE_STATION:
5809         case NL80211_IFTYPE_ADHOC:
5810         case NL80211_IFTYPE_MESH_POINT:
5811                 break;
5812         default:
5813                 err = -EOPNOTSUPP;
5814                 goto out_put_vlan;
5815         }
5816 
5817         /* driver will call cfg80211_check_station_change() */
5818         err = rdev_change_station(rdev, dev, mac_addr, &params);
5819 
5820  out_put_vlan:
5821         if (params.vlan)
5822                 dev_put(params.vlan);
5823 
5824         return err;
5825 }
5826 
5827 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5828 {
5829         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5830         int err;
5831         struct net_device *dev = info->user_ptr[1];
5832         struct station_parameters params;
5833         u8 *mac_addr = NULL;
5834         u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5835                          BIT(NL80211_STA_FLAG_ASSOCIATED);
5836 
5837         memset(&params, 0, sizeof(params));
5838 
5839         if (!rdev->ops->add_station)
5840                 return -EOPNOTSUPP;
5841 
5842         if (!info->attrs[NL80211_ATTR_MAC])
5843                 return -EINVAL;
5844 
5845         if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5846                 return -EINVAL;
5847 
5848         if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5849                 return -EINVAL;
5850 
5851         if (!info->attrs[NL80211_ATTR_STA_AID] &&
5852             !info->attrs[NL80211_ATTR_PEER_AID])
5853                 return -EINVAL;
5854 
5855         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5856         params.supported_rates =
5857                 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5858         params.supported_rates_len =
5859                 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5860         params.listen_interval =
5861                 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5862 
5863         if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5864                 params.support_p2p_ps =
5865                         nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5866         } else {
5867                 /*
5868                  * if not specified, assume it's supported for P2P GO interface,
5869                  * and is NOT supported for AP interface
5870                  */
5871                 params.support_p2p_ps =
5872                         dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5873         }
5874 
5875         if (info->attrs[NL80211_ATTR_PEER_AID])
5876                 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5877         else
5878                 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5879 
5880         if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5881                 params.capability =
5882                         nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5883                 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5884         }
5885 
5886         if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5887                 params.ext_capab =
5888                         nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5889                 params.ext_capab_len =
5890                         nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5891         }
5892 
5893         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5894                 params.ht_capa =
5895                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5896 
5897         if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5898                 params.vht_capa =
5899                         nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5900 
5901         if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5902                 params.he_capa =
5903                         nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5904                 params.he_capa_len =
5905                         nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5906 
5907                 /* max len is validated in nla policy */
5908                 if (params.he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5909                         return -EINVAL;
5910         }
5911 
5912         if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5913                 params.opmode_notif_used = true;
5914                 params.opmode_notif =
5915                         nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5916         }
5917 
5918         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5919                 params.plink_action =
5920                         nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5921 
5922         if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5923                 params.airtime_weight =
5924                         nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5925 
5926         if (params.airtime_weight &&
5927             !wiphy_ext_feature_isset(&rdev->wiphy,
5928                                      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5929                 return -EOPNOTSUPP;
5930 
5931         err = nl80211_parse_sta_txpower_setting(info, &params);
5932         if (err)
5933                 return err;
5934 
5935         err = nl80211_parse_sta_channel_info(info, &params);
5936         if (err)
5937                 return err;
5938 
5939         err = nl80211_parse_sta_wme(info, &params);
5940         if (err)
5941                 return err;
5942 
5943         if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5944                 return -EINVAL;
5945 
5946         /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
5947          * as userspace might just pass through the capabilities from the IEs
5948          * directly, rather than enforcing this restriction and returning an
5949          * error in this case.
5950          */
5951         if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5952                 params.ht_capa = NULL;
5953                 params.vht_capa = NULL;
5954 
5955                 /* HE requires WME */
5956                 if (params.he_capa_len)
5957                         return -EINVAL;
5958         }
5959 
5960         /* When you run into this, adjust the code below for the new flag */
5961         BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5962 
5963         switch (dev->ieee80211_ptr->iftype) {
5964         case NL80211_IFTYPE_AP:
5965         case NL80211_IFTYPE_AP_VLAN:
5966         case NL80211_IFTYPE_P2P_GO:
5967                 /* ignore WME attributes if iface/sta is not capable */
5968                 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5969                     !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5970                         params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5971 
5972                 /* TDLS peers cannot be added */
5973                 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5974                     info->attrs[NL80211_ATTR_PEER_AID])
5975                         return -EINVAL;
5976                 /* but don't bother the driver with it */
5977                 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5978 
5979                 /* allow authenticated/associated only if driver handles it */
5980                 if (!(rdev->wiphy.features &
5981                                 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5982                     params.sta_flags_mask & auth_assoc)
5983                         return -EINVAL;
5984 
5985                 /* Older userspace, or userspace wanting to be compatible with
5986                  * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
5987                  * and assoc flags in the mask, but assumes the station will be
5988                  * added as associated anyway since this was the required driver
5989                  * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
5990                  * introduced.
5991                  * In order to not bother drivers with this quirk in the API
5992                  * set the flags in both the mask and set for new stations in
5993                  * this case.
5994                  */
5995                 if (!(params.sta_flags_mask & auth_assoc)) {
5996                         params.sta_flags_mask |= auth_assoc;
5997                         params.sta_flags_set |= auth_assoc;
5998                 }
5999 
6000                 /* must be last in here for error handling */
6001                 params.vlan = get_vlan(info, rdev);
6002                 if (IS_ERR(params.vlan))
6003                         return PTR_ERR(params.vlan);
6004                 break;
6005         case NL80211_IFTYPE_MESH_POINT:
6006                 /* ignore uAPSD data */
6007                 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6008 
6009                 /* associated is disallowed */
6010                 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
6011                         return -EINVAL;
6012                 /* TDLS peers cannot be added */
6013                 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6014                     info->attrs[NL80211_ATTR_PEER_AID])
6015                         return -EINVAL;
6016                 break;
6017         case NL80211_IFTYPE_STATION:
6018         case NL80211_IFTYPE_P2P_CLIENT:
6019                 /* ignore uAPSD data */
6020                 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6021 
6022                 /* these are disallowed */
6023                 if (params.sta_flags_mask &
6024                                 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
6025                                  BIT(NL80211_STA_FLAG_AUTHENTICATED)))
6026                         return -EINVAL;
6027                 /* Only TDLS peers can be added */
6028                 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6029                         return -EINVAL;
6030                 /* Can only add if TDLS ... */
6031                 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
6032                         return -EOPNOTSUPP;
6033                 /* ... with external setup is supported */
6034                 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
6035                         return -EOPNOTSUPP;
6036                 /*
6037                  * Older wpa_supplicant versions always mark the TDLS peer
6038                  * as authorized, but it shouldn't yet be.
6039                  */
6040                 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
6041                 break;
6042         default:
6043                 return -EOPNOTSUPP;
6044         }
6045 
6046         /* be aware of params.vlan when changing code here */
6047 
6048         err = rdev_add_station(rdev, dev, mac_addr, &params);
6049 
6050         if (params.vlan)
6051                 dev_put(params.vlan);
6052         return err;
6053 }
6054 
6055 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
6056 {
6057         struct cfg80211_registered_device *rdev = info->user_ptr[0];
6058         struct net_device *dev = info->user_ptr[1];
6059         struct station_del_parameters params;
6060 
6061         memset(&params, 0, sizeof(params));
6062 
6063         if (info->attrs[NL80211_ATTR_MAC])
6064                 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
6065 
6066         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6067             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
6068             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
6069             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6070                 return -EINVAL;
6071 
6072         if (!rdev->ops->del_station)
6073                 return -EOPNOTSUPP;
6074 
6075         if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
6076                 params.subtype =
6077                         nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
6078                 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
6079                     params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
6080                         return -EINVAL;
6081         } else {
6082                 /* Default to Deauthentication frame */
6083                 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
6084         }
6085 
6086         if (info->attrs[NL80211_ATTR_REASON_CODE]) {
6087                 params.reason_code =
6088                         nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6089                 if (params.reason_code == 0)
6090                         return -EINVAL; /* 0 is reserved */
6091         } else {
6092                 /* Default to reason code 2 */
6093                 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
6094         }
6095 
6096         return rdev_del_station(rdev, dev, &params);
6097 }
6098 
6099 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
6100                                 int flags, struct net_device *dev,
6101                                 u8 *dst, u8 *next_hop,
6102                                 struct mpath_info *pinfo)
6103 {
6104         void *hdr;
6105         struct nlattr *pinfoattr;
6106 
6107         hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
6108         if (!hdr)
6109                 return -1;
6110 
6111         if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6112             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
6113             nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
6114             nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
6115                 goto nla_put_failure;
6116 
6117         pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
6118         if (!pinfoattr)
6119                 goto nla_put_failure;
6120         if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
6121             nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
6122                         pinfo->frame_qlen))
6123                 goto nla_put_failure;
6124         if (((pinfo->filled & MPATH_INFO_SN) &&
6125              nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
6126             ((pinfo->filled & MPATH_INFO_METRIC) &&
6127              nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
6128                          pinfo->metric)) ||
6129             ((pinfo->filled & MPATH_INFO_EXPTIME) &&
6130              nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
6131                          pinfo->exptime)) ||
6132             ((pinfo->filled & MPATH_INFO_FLAGS) &&
6133              nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
6134                         pinfo->flags)) ||
6135             ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
6136              nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
6137                          pinfo->discovery_timeout)) ||
6138             ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
6139              nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
6140                         pinfo->discovery_retries)) ||
6141             ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
6142              nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
6143                         pinfo->hop_count)) ||
6144             ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
6145              nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
6146                          pinfo->path_change_count)))
6147                 goto nla_put_failure;
6148 
6149         nla_nest_end(msg, pinfoattr);
6150 
6151         genlmsg_end(msg, hdr);
6152         return 0;
6153 
6154  nla_put_failure:
6155         genlmsg_cancel(msg, hdr);
6156         return -EMSGSIZE;
6157 }
6158 
6159 static int nl80211_dump_mpath(struct sk_buff *skb,
6160                               struct netlink_callback *cb)
6161 {
6162         struct mpath_info pinfo;
6163         struct cfg80211_registered_device *rdev;
6164         struct wireless_dev *wdev;
6165         u8 dst[ETH_ALEN];
6166         u8 next_hop[ETH_ALEN];
6167         int path_idx = cb->args[2];
6168         int err;
6169 
6170         rtnl_lock();
6171         err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6172         if (err)
6173                 goto out_err;
6174 
6175         if (!rdev->ops->dump_mpath) {
6176                 err = -EOPNOTSUPP;
6177                 goto out_err;
6178         }
6179 
6180         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6181                 err = -EOPNOTSUPP;
6182                 goto out_err;
6183         }
6184 
6185         while (1) {
6186                 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6187                                       next_hop, &pinfo);
6188                 if (err == -ENOENT)
6189                         break;
6190                 if (err)
6191                         goto out_err;
6192 
6193                 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6194                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
6195                                        wdev->netdev, dst, next_hop,
6196                                        &pinfo) < 0)
6197                         goto out;
6198 
6199                 path_idx++;
6200         }
6201 
6202  out:
6203         cb->args[2] = path_idx;
6204         err = skb->len;
6205  out_err:
6206         rtnl_unlock();
6207         return err;
6208 }
6209 
6210 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6211 {
6212         struct cfg80211_registered_device *rdev = info->user_ptr[0];
6213         int err;
6214         struct net_device *dev = info->user_ptr[1];
6215         struct mpath_info pinfo;
6216         struct sk_buff *msg;
6217         u8 *dst = NULL;
6218         u8 next_hop[ETH_ALEN];
6219 
6220         memset(&pinfo, 0, sizeof(pinfo));
6221 
6222         if (!info->attrs[NL80211_ATTR_MAC])
6223                 return -EINVAL;
6224 
6225         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6226 
6227         if (!rdev->ops->get_mpath)
6228                 return -EOPNOTSUPP;
6229 
6230         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6231                 return -EOPNOTSUPP;
6232 
6233         err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6234         if (err)
6235                 return err;
6236 
6237         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6238         if (!msg)
6239                 return -ENOMEM;
6240 
6241         if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6242                                  dev, dst, next_hop, &pinfo) < 0) {
6243                 nlmsg_free(msg);
6244                 return -ENOBUFS;
6245         }
6246 
6247         return genlmsg_reply(msg, info);
6248 }
6249 
6250 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6251 {
6252         struct cfg80211_registered_device *rdev = info->user_ptr[0];
6253         struct net_device *dev = info->user_ptr[1];
6254         u8 *dst = NULL;
6255         u8 *next_hop = NULL;
6256 
6257         if (!info->attrs[NL80211_ATTR_MAC])
6258                 return -EINVAL;
6259 
6260         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6261                 return -EINVAL;
6262 
6263         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6264         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6265 
6266         if (!rdev->ops->change_mpath)
6267                 return -EOPNOTSUPP;
6268 
6269         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6270                 return -EOPNOTSUPP;
6271 
6272         return rdev_change_mpath(rdev, dev, dst, next_hop);
6273 }
6274 
6275 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
6276 {
6277         struct cfg80211_registered_device *rdev = info->user_ptr[0];
6278         struct net_device *dev = info->user_ptr[1];
6279         u8 *dst = NULL;
6280         u8 *next_hop = NULL;
6281 
6282         if (!info->attrs[NL80211_ATTR_MAC])
6283                 return -EINVAL;
6284 
6285         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6286                 return -EINVAL;
6287 
6288         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6289         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6290 
6291         if (!rdev->ops->add_mpath)
6292                 return -EOPNOTSUPP;
6293 
6294         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6295                 return -EOPNOTSUPP;
6296 
6297         return rdev_add_mpath(rdev, dev, dst, next_hop);
6298 }
6299 
6300 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
6301 {
6302         struct cfg80211_registered_device *rdev = info->user_ptr[0];
6303         struct net_device *dev = info->user_ptr[1];
6304         u8 *dst = NULL;
6305 
6306         if (info->attrs[NL80211_ATTR_MAC])
6307                 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6308 
6309         if (!rdev->ops->del_mpath)
6310                 return -EOPNOTSUPP;
6311 
6312         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6313                 return -EOPNOTSUPP;
6314 
6315         return rdev_del_mpath(rdev, dev, dst);
6316 }
6317 
6318 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
6319 {
6320         struct cfg80211_registered_device *rdev = info->user_ptr[0];
6321         int err;
6322         struct net_device *dev = info->user_ptr[1];
6323         struct mpath_info pinfo;
6324         struct sk_buff *msg;
6325         u8 *dst = NULL;
6326         u8 mpp[ETH_ALEN];
6327 
6328         memset(&pinfo, 0, sizeof(pinfo));
6329 
6330         if (!info->attrs[NL80211_ATTR_MAC])
6331                 return -EINVAL;
6332 
6333         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6334 
6335         if (!rdev->ops->get_mpp)
6336                 return -EOPNOTSUPP;
6337 
6338         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6339                 return -EOPNOTSUPP;
6340 
6341         err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
6342         if (err)
6343                 return err;
6344 
6345         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6346         if (!msg)
6347                 return -ENOMEM;
6348 
6349         if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6350                                dev, dst, mpp, &pinfo) < 0) {
6351                 nlmsg_free(msg);
6352                 return -ENOBUFS;
6353         }
6354 
6355         return genlmsg_reply(msg, info);
6356 }
6357 
6358 static int nl80211_dump_mpp(struct sk_buff *skb,
6359                             struct netlink_callback *cb)
6360 {
6361         struct mpath_info pinfo;
6362         struct cfg80211_registered_device *rdev;
6363         struct wireless_dev *wdev;
6364         u8 dst[ETH_ALEN];
6365         u8 mpp[ETH_ALEN];
6366         int path_idx = cb->args[2];
6367         int err;
6368 
6369         rtnl_lock();
6370         err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6371         if (err)
6372                 goto out_err;
6373 
6374         if (!rdev->ops->dump_mpp) {
6375                 err = -EOPNOTSUPP;
6376                 goto out_err;
6377         }
6378 
6379         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6380                 err = -EOPNOTSUPP;
6381                 goto out_err;
6382         }
6383 
6384         while (1) {
6385                 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
6386                                     mpp, &pinfo);
6387                 if (err == -ENOENT)
6388                         break;
6389                 if (err)
6390                         goto out_err;
6391 
6392                 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6393                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
6394                                        wdev->netdev, dst, mpp,
6395                                        &pinfo) < 0)
6396                         goto out;
6397 
6398                 path_idx++;
6399         }
6400 
6401  out:
6402         cb->args[2] = path_idx;
6403         err = skb->len;
6404  out_err:
6405         rtnl_unlock();
6406         return err;
6407 }
6408 
6409 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
6410 {
6411         struct cfg80211_registered_device *rdev = info->user_ptr[0];
6412         struct net_device *dev = info->user_ptr[1];
6413         struct wireless_dev *wdev = dev->ieee80211_ptr;
6414         struct bss_parameters params;
6415         int err;
6416 
6417         memset(&params, 0, sizeof(params));
6418         /* default to not changing parameters */
6419         params.use_cts_prot = -1;
6420         params.use_short_preamble = -1;
6421         params.use_short_slot_time = -1;
6422         params.ap_isolate = -1;
6423         params.ht_opmode = -1;
6424         params.p2p_ctwindow = -1;
6425         params.p2p_opp_ps = -1;
6426 
6427         if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
6428                 params.use_cts_prot =
6429                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
6430         if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
6431                 params.use_short_preamble =
6432                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
6433         if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
6434                 params.use_short_slot_time =
6435                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
6436         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6437                 params.basic_rates =
6438                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6439                 params.basic_rates_len =
6440                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6441         }
6442         if (info->attrs[NL80211_ATTR_AP_ISOLATE])
6443                 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
6444         if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
6445                 params.ht_opmode =
6446                         nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
6447 
6448         if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6449                 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6450                         return -EINVAL;
6451                 params.p2p_ctwindow =
6452                         nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6453                 if (params.p2p_ctwindow != 0 &&
6454                     !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
6455                         return -EINVAL;
6456         }
6457 
6458         if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6459                 u8 tmp;
6460 
6461                 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6462                         return -EINVAL;
6463                 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6464                 params.p2p_opp_ps = tmp;
6465                 if (params.p2p_opp_ps &&
6466                     !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
6467                         return -EINVAL;
6468         }
6469 
6470         if (!rdev->ops->change_bss)
6471                 return -EOPNOTSUPP;
6472 
6473         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6474             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6475                 return -EOPNOTSUPP;
6476 
6477         wdev_lock(wdev);
6478         err = rdev_change_bss(rdev, dev, &params);
6479         wdev_unlock(wdev);
6480 
6481         return err;
6482 }
6483 
6484 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
6485 {
6486         char *data = NULL;
6487         bool is_indoor;
6488         enum nl80211_user_reg_hint_type user_reg_hint_type;
6489         u32 owner_nlportid;
6490 
6491         /*
6492          * You should only get this when cfg80211 hasn't yet initialized
6493          * completely when built-in to the kernel right between the time
6494          * window between nl80211_init() and regulatory_init(), if that is
6495          * even possible.
6496          */
6497         if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
6498                 return -EINPROGRESS;
6499 
6500         if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
6501                 user_reg_hint_type =
6502                   nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
6503         else
6504                 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
6505 
6506         switch (user_reg_hint_type) {
6507         case NL80211_USER_REG_HINT_USER:
6508         case NL80211_USER_REG_HINT_CELL_BASE:
6509                 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6510                         return -EINVAL;
6511 
6512                 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6513                 return regulatory_hint_user(data, user_reg_hint_type);
6514         case NL80211_USER_REG_HINT_INDOOR:
6515                 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
6516                         owner_nlportid = info->snd_portid;
6517                         is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
6518                 } else {
6519                         owner_nlportid = 0;
6520                         is_indoor = true;
6521                 }
6522 
6523                 return regulatory_hint_indoor(is_indoor, owner_nlportid);
6524         default:
6525                 return -EINVAL;
6526         }
6527 }
6528 
6529 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
6530 {
6531         return reg_reload_regdb();
6532 }
6533 
6534 static int nl80211_get_mesh_config(struct sk_buff *skb,
6535                                    struct genl_info *info)
6536 {
6537         struct cfg80211_registered_device *rdev = info->user_ptr[0];
6538         struct net_device *dev = info->user_ptr[1];
6539         struct wireless_dev *wdev = dev->ieee80211_ptr;
6540         struct mesh_config cur_params;
6541         int err = 0;
6542         void *hdr;
6543         struct nlattr *pinfoattr;
6544         struct sk_buff *msg;
6545 
6546         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6547                 return -EOPNOTSUPP;
6548 
6549         if (!rdev->ops->get_mesh_config)
6550                 return -EOPNOTSUPP;
6551 
6552         wdev_lock(wdev);
6553         /* If not connected, get default parameters */
6554         if (!wdev->mesh_id_len)
6555                 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
6556         else
6557                 err = rdev_get_mesh_config(rdev, dev, &cur_params);
6558         wdev_unlock(wdev);
6559 
6560         if (err)
6561                 return err;
6562 
6563         /* Draw up a netlink message to send back */
6564         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6565         if (!msg)
6566                 return -ENOMEM;
6567         hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6568                              NL80211_CMD_GET_MESH_CONFIG);
6569         if (!hdr)
6570                 goto out;
6571         pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
6572         if (!pinfoattr)
6573                 goto nla_put_failure;
6574         if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6575             nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
6576                         cur_params.dot11MeshRetryTimeout) ||
6577             nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
6578                         cur_params.dot11MeshConfirmTimeout) ||
6579             nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
6580                         cur_params.dot11MeshHoldingTimeout) ||
6581             nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
6582                         cur_params.dot11MeshMaxPeerLinks) ||
6583             nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
6584                        cur_params.dot11MeshMaxRetries) ||
6585             nla_put_u8(msg, NL80211_MESHCONF_TTL,
6586                        cur_params.dot11MeshTTL) ||
6587             nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
6588                        cur_params.element_ttl) ||
6589             nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6590                        cur_params.auto_open_plinks) ||
6591             nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6592                         cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
6593             nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6594                        cur_params.dot11MeshHWMPmaxPREQretries) ||
6595             nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
6596                         cur_params.path_refresh_time) ||
6597             nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6598                         cur_params.min_discovery_timeout) ||
6599             nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6600                         cur_params.dot11MeshHWMPactivePathTimeout) ||
6601             nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6602                         cur_params.dot11MeshHWMPpreqMinInterval) ||
6603             nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6604                         cur_params.dot11MeshHWMPperrMinInterval) ||
6605             nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6606                         cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
6607             nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
6608                        cur_params.dot11MeshHWMPRootMode) ||
6609             nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6610                         cur_params.dot11MeshHWMPRannInterval) ||
6611             nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6612                        cur_params.dot11MeshGateAnnouncementProtocol) ||
6613             nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
6614                        cur_params.dot11MeshForwarding) ||
6615             nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
6616                         cur_params.rssi_threshold) ||
6617             nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
6618                         cur_params.ht_opmode) ||
6619             nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6620                         cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
6621             nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6622                         cur_params.dot11MeshHWMProotInterval) ||
6623             nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6624                         cur_params.dot11MeshHWMPconfirmationInterval) ||
6625             nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
6626                         cur_params.power_mode) ||
6627             nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
6628                         cur_params.dot11MeshAwakeWindowDuration) ||
6629             nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
6630                         cur_params.plink_timeout) ||
6631             nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
6632                        cur_params.dot11MeshConnectedToMeshGate))
6633                 goto nla_put_failure;
6634         nla_nest_end(msg, pinfoattr);
6635         genlmsg_end(msg, hdr);
6636         return genlmsg_reply(msg, info);
6637 
6638  nla_put_failure:
6639  out:
6640         nlmsg_free(msg);
6641         return -ENOBUFS;
6642 }
6643 
6644 static const struct nla_policy
6645 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
6646         [NL80211_MESHCONF_RETRY_TIMEOUT] =
6647                 NLA_POLICY_RANGE(NLA_U16, 1, 255),
6648         [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
6649                 NLA_POLICY_RANGE(NLA_U16, 1, 255),
6650         [NL80211_MESHCONF_HOLDING_TIMEOUT] =
6651                 NLA_POLICY_RANGE(NLA_U16, 1, 255),
6652         [NL80211_MESHCONF_MAX_PEER_LINKS] =
6653                 NLA_POLICY_RANGE(NLA_U16, 0, 255),
6654         [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
6655         [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6656         [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6657         [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
6658         [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
6659                 NLA_POLICY_RANGE(NLA_U32, 1, 255),
6660         [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
6661         [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
6662         [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
6663         [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
6664         [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
6665                 NLA_POLICY_MIN(NLA_U16, 1),
6666         [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
6667                 NLA_POLICY_MIN(NLA_U16, 1),
6668         [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
6669                 NLA_POLICY_MIN(NLA_U16, 1),
6670         [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
6671         [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
6672                 NLA_POLICY_MIN(NLA_U16, 1),
6673         [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
6674         [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
6675         [NL80211_MESHCONF_RSSI_THRESHOLD] =
6676                 NLA_POLICY_RANGE(NLA_S32, -255, 0),
6677         [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
6678         [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
6679         [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
6680                 NLA_POLICY_MIN(NLA_U16, 1),
6681         [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
6682                 NLA_POLICY_MIN(NLA_U16, 1),
6683         [NL80211_MESHCONF_POWER_MODE] =
6684                 NLA_POLICY_RANGE(NLA_U32,
6685                                  NL80211_MESH_POWER_ACTIVE,
6686                                  NL80211_MESH_POWER_MAX),
6687         [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
6688         [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
6689         [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
6690 };
6691 
6692 static const struct nla_policy
6693         nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
6694         [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
6695         [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
6696         [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
6697         [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
6698         [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
6699         [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
6700         [NL80211_MESH_SETUP_IE] =
6701                 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
6702                                        IEEE80211_MAX_DATA_LEN),
6703         [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
6704 };
6705 
6706 static int nl80211_parse_mesh_config(struct genl_info *info,
6707                                      struct mesh_config *cfg,
6708                                      u32 *mask_out)
6709 {
6710         struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
6711         u32 mask = 0;
6712         u16 ht_opmode;
6713 
6714 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn)       \
6715 do {                                                                    \
6716         if (tb[attr]) {                                                 \
6717                 cfg->param = fn(tb[attr]);                              \
6718                 mask |= BIT((attr) - 1);                                \
6719         }                                                               \
6720 } while (0)
6721 
6722         if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
6723                 return -EINVAL;
6724         if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
6725                 return -EINVAL;
6726 
6727         /* This makes sure that there aren't more than 32 mesh config
6728          * parameters (otherwise our bitfield scheme would not work.) */
6729         BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
6730 
6731         /* Fill in the params struct */
6732         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
6733                                   NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
6734         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
6735                                   NL80211_MESHCONF_CONFIRM_TIMEOUT,
6736                                   nla_get_u16);
6737         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
6738                                   NL80211_MESHCONF_HOLDING_TIMEOUT,
6739                                   nla_get_u16);
6740         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
6741                                   NL80211_MESHCONF_MAX_PEER_LINKS,
6742                                   nla_get_u16);
6743         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
6744                                   NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
6745         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
6746                                   NL80211_MESHCONF_TTL, nla_get_u8);
6747         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
6748                                   NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
6749         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
6750                                   NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6751                                   nla_get_u8);
6752         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
6753                                   mask,
6754                                   NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6755                                   nla_get_u32);
6756         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
6757                                   NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6758                                   nla_get_u8);
6759         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
6760                                   NL80211_MESHCONF_PATH_REFRESH_TIME,
6761                                   nla_get_u32);
6762         if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
6763             (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
6764                 return -EINVAL;
6765         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
6766                                   NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6767                                   nla_get_u16);
6768         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6769                                   mask,
6770                                   NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6771                                   nla_get_u32);
6772         if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
6773             (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
6774              cfg->dot11MeshHWMPactivePathTimeout > 65535))
6775                 return -EINVAL;
6776         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
6777                                   NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6778                                   nla_get_u16);
6779         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
6780                                   NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6781                                   nla_get_u16);
6782         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6783                                   dot11MeshHWMPnetDiameterTraversalTime, mask,
6784                                   NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6785                                   nla_get_u16);
6786         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
6787                                   NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
6788         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
6789                                   NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6790                                   nla_get_u16);
6791         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
6792                                   mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6793                                   nla_get_u8);
6794         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
6795                                   NL80211_MESHCONF_FORWARDING, nla_get_u8);
6796         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
6797                                   NL80211_MESHCONF_RSSI_THRESHOLD,
6798                                   nla_get_s32);
6799         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
6800                                   NL80211_MESHCONF_CONNECTED_TO_GATE,
6801                                   nla_get_u8);
6802         /*
6803          * Check HT operation mode based on
6804          * IEEE 802.11-2016 9.4.2.57 HT Operation element.
6805          */
6806         if (tb[NL80211_MESHCONF_HT_OPMODE]) {
6807                 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
6808 
6809                 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
6810                                   IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
6811                                   IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6812                         return -EINVAL;
6813 
6814                 /* NON_HT_STA bit is reserved, but some programs set it */
6815                 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
6816 
6817                 cfg->ht_opmode = ht_opmode;
6818                 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6819         }
6820         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6821                                   dot11MeshHWMPactivePathToRootTimeout, mask,
6822                                   NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6823                                   nla_get_u32);
6824         if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
6825             (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
6826              cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
6827                 return -EINVAL;
6828         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
6829                                   NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6830                                   nla_get_u16);
6831         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
6832                                   mask,
6833                                   NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6834                                   nla_get_u16);
6835         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
6836                                   NL80211_MESHCONF_POWER_MODE, nla_get_u32);
6837         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
6838                                   NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
6839         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
6840                                   NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
6841         if (mask_out)
6842                 *mask_out = mask;
6843 
6844         return 0;
6845 
6846 #undef FILL_IN_MESH_PARAM_IF_SET
6847 }
6848 
6849 static int nl80211_parse_mesh_setup(struct genl_info *info,
6850                                      struct mesh_setup *setup)
6851 {
6852         struct cfg80211_registered_device *rdev = info->user_ptr[0];
6853         struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6854 
6855         if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6856                 return -EINVAL;
6857         if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
6858                 return -EINVAL;
6859 
6860         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6861                 setup->sync_method =
6862                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6863                  IEEE80211_SYNC_METHOD_VENDOR :
6864                  IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6865 
6866         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6867                 setup->path_sel_proto =
6868                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6869                  IEEE80211_PATH_PROTOCOL_VENDOR :
6870                  IEEE80211_PATH_PROTOCOL_HWMP;
6871 
6872         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6873                 setup->path_metric =
6874                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6875                  IEEE80211_PATH_METRIC_VENDOR :
6876                  IEEE80211_PATH_METRIC_AIRTIME;
6877 
6878         if (tb[NL80211_MESH_SETUP_IE]) {
6879                 struct nlattr *ieattr =
6880                         tb[NL80211_MESH_SETUP_IE];
6881                 setup->ie = nla_data(ieattr);
6882                 setup->ie_len = nla_len(ieattr);
6883         }
6884         if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6885             !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6886                 return -EINVAL;
6887         setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6888         setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6889         setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6890         if (setup->is_secure)
6891                 setup->user_mpm = true;
6892 
6893         if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6894                 if (!setup->user_mpm)
6895                         return -EINVAL;
6896                 setup->auth_id =
6897                         nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6898         }
6899 
6900         return 0;
6901 }
6902 
6903 static int nl80211_update_mesh_config(struct sk_buff *skb,
6904                                       struct genl_info *info)
6905 {
6906         struct cfg80211_registered_device *rdev = info->user_ptr[0];
6907         struct net_device *dev = info->user_ptr[1];
6908         struct wireless_dev *wdev = dev->ieee80211_ptr;
6909         struct mesh_config cfg;
6910         u32 mask;
6911         int err;
6912 
6913         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6914                 return -EOPNOTSUPP;
6915 
6916         if (!rdev->ops->update_mesh_config)
6917                 return -EOPNOTSUPP;
6918 
6919         err = nl80211_parse_mesh_config(info, &cfg, &mask);
6920         if (err)
6921                 return err;
6922 
6923         wdev_lock(wdev);
6924         if (!wdev->mesh_id_len)
6925                 err = -ENOLINK;
6926 
6927         if (!err)
6928                 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6929 
6930         wdev_unlock(wdev);
6931 
6932         return err;
6933 }
6934 
6935 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6936                               struct sk_buff *msg)
6937 {
6938         struct nlattr *nl_reg_rules;
6939         unsigned int i;
6940 
6941         if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6942             (regdom->dfs_region &&
6943              nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6944                 goto nla_put_failure;
6945 
6946         nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
6947         if (!nl_reg_rules)
6948                 goto nla_put_failure;
6949 
6950         for (i = 0; i < regdom->n_reg_rules; i++) {
6951                 struct nlattr *nl_reg_rule;
6952                 const struct ieee80211_reg_rule *reg_rule;
6953                 const struct ieee80211_freq_range *freq_range;
6954                 const struct ieee80211_power_rule *power_rule;
6955                 unsigned int max_bandwidth_khz;
6956 
6957                 reg_rule = &regdom->reg_rules[i];
6958                 freq_range = &reg_rule->freq_range;
6959                 power_rule = &reg_rule->power_rule;
6960 
6961                 nl_reg_rule = nla_nest_start_noflag(msg, i);
6962                 if (!nl_reg_rule)
6963                         goto nla_put_failure;
6964 
6965                 max_bandwidth_khz = freq_range->max_bandwidth_khz;
6966                 if (!max_bandwidth_khz)
6967                         max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6968                                                                   reg_rule);
6969 
6970                 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6971                                 reg_rule->flags) ||
6972                     nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6973                                 freq_range->start_freq_khz) ||
6974                     nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6975                                 freq_range->end_freq_khz) ||
6976                     nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6977                                 max_bandwidth_khz) ||
6978                     nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6979                                 power_rule->max_antenna_gain) ||
6980                     nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6981                                 power_rule->max_eirp) ||
6982                     nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6983                                 reg_rule->dfs_cac_ms))
6984                         goto nla_put_failure;
6985 
6986                 nla_nest_end(msg, nl_reg_rule);
6987         }
6988 
6989         nla_nest_end(msg, nl_reg_rules);
6990         return 0;
6991 
6992 nla_put_failure:
6993         return -EMSGSIZE;
6994 }
6995 
6996 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
6997 {
6998         const struct ieee80211_regdomain *regdom = NULL;
6999         struct cfg80211_registered_device *rdev;
7000         struct wiphy *wiphy = NULL;
7001         struct sk_buff *msg;
7002         void *hdr;
7003 
7004         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7005         if (!msg)
7006                 return -ENOBUFS;
7007 
7008         hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7009                              NL80211_CMD_GET_REG);
7010         if (!hdr)
7011                 goto put_failure;
7012 
7013         if (info->attrs[NL80211_ATTR_WIPHY]) {
7014                 bool self_managed;
7015 
7016                 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
7017                 if (IS_ERR(rdev)) {
7018                         nlmsg_free(msg);
7019                         return PTR_ERR(rdev);
7020                 }
7021 
7022                 wiphy = &rdev->wiphy;
7023                 self_managed = wiphy->regulatory_flags &
7024                                REGULATORY_WIPHY_SELF_MANAGED;
7025                 regdom = get_wiphy_regdom(wiphy);
7026 
7027                 /* a self-managed-reg device must have a private regdom */
7028                 if (WARN_ON(!regdom && self_managed)) {
7029                         nlmsg_free(msg);
7030                         return -EINVAL;
7031                 }
7032 
7033                 if (regdom &&
7034                     nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7035                         goto nla_put_failure;
7036         }
7037 
7038         if (!wiphy && reg_last_request_cell_base() &&
7039             nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7040                         NL80211_USER_REG_HINT_CELL_BASE))
7041                 goto nla_put_failure;
7042 
7043         rcu_read_lock();
7044 
7045         if (!regdom)
7046                 regdom = rcu_dereference(cfg80211_regdomain);
7047 
7048         if (nl80211_put_regdom(regdom, msg))
7049                 goto nla_put_failure_rcu;
7050 
7051         rcu_read_unlock();
7052 
7053         genlmsg_end(msg, hdr);
7054         return genlmsg_reply(msg, info);
7055 
7056 nla_put_failure_rcu:
7057         rcu_read_unlock();
7058 nla_put_failure:
7059 put_failure:
7060         nlmsg_free(msg);
7061         return -EMSGSIZE;
7062 }
7063 
7064 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
7065                                u32 seq, int flags, struct wiphy *wiphy,
7066                                const struct ieee80211_regdomain *regdom)
7067 {
7068         void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7069                                    NL80211_CMD_GET_REG);
7070 
7071         if (!hdr)
7072                 return -1;
7073 
7074         genl_dump_check_consistent(cb, hdr);
7075 
7076         if (nl80211_put_regdom(regdom, msg))
7077                 goto nla_put_failure;
7078 
7079         if (!wiphy && reg_last_request_cell_base() &&
7080             nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7081                         NL80211_USER_REG_HINT_CELL_BASE))
7082                 goto nla_put_failure;
7083 
7084         if (wiphy &&
7085             nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7086                 goto nla_put_failure;
7087 
7088         if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
7089             nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
7090                 goto nla_put_failure;
7091 
7092         genlmsg_end(msg, hdr);
7093         return 0;
7094 
7095 nla_put_failure:
7096         genlmsg_cancel(msg, hdr);
7097         return -EMSGSIZE;
7098 }
7099 
7100 static int nl80211_get_reg_dump(struct sk_buff *skb,
7101                                 struct netlink_callback *cb)
7102 {
7103         const struct ieee80211_regdomain *regdom = NULL;
7104         struct cfg80211_registered_device *rdev;
7105         int err, reg_idx, start = cb->args[2];
7106 
7107         rtnl_lock();
7108 
7109         if (cfg80211_regdomain && start == 0) {
7110                 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7111                                           NLM_F_MULTI, NULL,
7112                                           rtnl_dereference(cfg80211_regdomain));
7113                 if (err < 0)
7114                         goto out_err;
7115         }
7116 
7117         /* the global regdom is idx 0 */
7118         reg_idx = 1;
7119         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
7120                 regdom = get_wiphy_regdom(&rdev->wiphy);
7121                 if (!regdom)
7122                         continue;
7123 
7124                 if (++reg_idx <= start)
7125                         continue;
7126 
7127                 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7128                                           NLM_F_MULTI, &rdev->wiphy, regdom);
7129                 if (err < 0) {
7130                         reg_idx--;
7131                         break;
7132                 }
7133         }
7134 
7135         cb->args[2] = reg_idx;
7136         err = skb->len;
7137 out_err:
7138         rtnl_unlock();
7139         return err;
7140 }
7141 
7142 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
7143 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
7144         [NL80211_ATTR_REG_RULE_FLAGS]           = { .type = NLA_U32 },
7145         [NL80211_ATTR_FREQ_RANGE_START]         = { .type = NLA_U32 },
7146         [NL80211_ATTR_FREQ_RANGE_END]           = { .type = NLA_U32 },
7147         [NL80211_ATTR_FREQ_RANGE_MAX_BW]        = { .type = NLA_U32 },
7148         [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]  = { .type = NLA_U32 },
7149         [NL80211_ATTR_POWER_RULE_MAX_EIRP]      = { .type = NLA_U32 },
7150         [NL80211_ATTR_DFS_CAC_TIME]             = { .type = NLA_U32 },
7151 };
7152 
7153 static int parse_reg_rule(struct nlattr *tb[],
7154         struct ieee80211_reg_rule *reg_rule)
7155 {
7156         struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
7157         struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
7158 
7159         if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
7160                 return -EINVAL;
7161         if (!tb[NL80211_ATTR_FREQ_RANGE_START])
7162                 return -EINVAL;
7163         if (!tb[NL80211_ATTR_FREQ_RANGE_END])
7164                 return -EINVAL;
7165         if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
7166                 return -EINVAL;
7167         if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
7168                 return -EINVAL;
7169 
7170         reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
7171 
7172         freq_range->start_freq_khz =
7173                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
7174         freq_range->end_freq_khz =
7175                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7176         freq_range->max_bandwidth_khz =
7177                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7178 
7179         power_rule->max_eirp =
7180                 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7181 
7182         if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7183                 power_rule->max_antenna_gain =
7184                         nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7185 
7186         if (tb[NL80211_ATTR_DFS_CAC_TIME])
7187                 reg_rule->dfs_cac_ms =
7188                         nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7189 
7190         return 0;
7191 }
7192 
7193 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7194 {
7195         struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7196         struct nlattr *nl_reg_rule;
7197         char *alpha2;
7198         int rem_reg_rules, r;
7199         u32 num_rules = 0, rule_idx = 0;
7200         enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7201         struct ieee80211_regdomain *rd;
7202 
7203         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7204                 return -EINVAL;
7205 
7206         if (!info->attrs[NL80211_ATTR_REG_RULES])
7207                 return -EINVAL;
7208 
7209         alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7210 
7211         if (info->attrs[NL80211_ATTR_DFS_REGION])
7212                 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7213 
7214         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7215                             rem_reg_rules) {
7216                 num_rules++;
7217                 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7218                         return -EINVAL;
7219         }
7220 
7221         if (!reg_is_valid_request(alpha2))
7222                 return -EINVAL;
7223 
7224         rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7225         if (!rd)
7226                 return -ENOMEM;
7227 
7228         rd->n_reg_rules = num_rules;
7229         rd->alpha2[0] = alpha2[0];
7230         rd->alpha2[1] = alpha2[1];
7231 
7232         /*
7233          * Disable DFS master mode if the DFS region was
7234          * not supported or known on this kernel.
7235          */
7236         if (reg_supported_dfs_region(dfs_region))
7237                 rd->dfs_region = dfs_region;
7238 
7239         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7240                             rem_reg_rules) {
7241                 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7242                                                 nl_reg_rule, reg_rule_policy,
7243                                                 info->extack);
7244                 if (r)
7245                         goto bad_reg;
7246                 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
7247                 if (r)
7248                         goto bad_reg;
7249 
7250                 rule_idx++;
7251 
7252                 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
7253                         r = -EINVAL;
7254                         goto bad_reg;
7255                 }
7256         }
7257 
7258         /* set_regdom takes ownership of rd */
7259         return set_regdom(rd, REGD_SOURCE_CRDA);
7260  bad_reg:
7261         kfree(rd);
7262         return r;
7263 }
7264 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
7265 
7266 static int validate_scan_freqs(struct nlattr *freqs)
7267 {
7268         struct nlattr *attr1, *attr2;
7269         int n_channels = 0, tmp1, tmp2;
7270 
7271         nla_for_each_nested(attr1, freqs, tmp1)
7272                 if (nla_len(attr1) != sizeof(u32))
7273                         return 0;
7274 
7275         nla_for_each_nested(attr1, freqs, tmp1) {
7276                 n_channels++;
7277                 /*
7278                  * Some hardware has a limited channel list for
7279                  * scanning, and it is pretty much nonsensical
7280                  * to scan for a channel twice, so disallow that
7281                  * and don't require drivers to check that the
7282                  * channel list they get isn't longer than what
7283                  * they can scan, as long as they can scan all
7284                  * the channels they registered at once.
7285                  */
7286                 nla_for_each_nested(attr2, freqs, tmp2)
7287                         if (attr1 != attr2 &&
7288                             nla_get_u32(attr1) == nla_get_u32(attr2))
7289                                 return 0;
7290         }
7291 
7292         return n_channels;
7293 }
7294 
7295 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
7296 {
7297         return b < NUM_NL80211_BANDS && wiphy->bands[b];
7298 }
7299 
7300 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
7301                             struct cfg80211_bss_selection *bss_select)
7302 {
7303         struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
7304         struct nlattr *nest;
7305         int err;
7306         bool found = false;
7307         int i;
7308 
7309         /* only process one nested attribute */
7310         nest = nla_data(nla);
7311         if (!nla_ok(nest, nla_len(nest)))
7312                 return -EINVAL;
7313 
7314         err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
7315                                           nest, nl80211_bss_select_policy,
7316                                           NULL);
7317         if (err)
7318                 return err;
7319 
7320         /* only one attribute may be given */
7321         for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
7322                 if (attr[i]) {
7323                         if (found)
7324                                 return -EINVAL;
7325                         found = true;
7326                 }
7327         }
7328 
7329         bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
7330 
7331         if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
7332                 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
7333 
7334         if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
7335                 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
7336                 bss_select->param.band_pref =
7337                         nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
7338                 if (!is_band_valid(wiphy, bss_select->param.band_pref))
7339                         return -EINVAL;
7340         }
7341 
7342         if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
7343                 struct nl80211_bss_select_rssi_adjust *adj_param;
7344 
7345                 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
7346                 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
7347                 bss_select->param.adjust.band = adj_param->band;
7348                 bss_select->param.adjust.delta = adj_param->delta;
7349                 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
7350                         return -EINVAL;
7351         }
7352 
7353         /* user-space did not provide behaviour attribute */
7354         if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
7355                 return -EINVAL;
7356 
7357         if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
7358                 return -EINVAL;
7359 
7360         return 0;
7361 }
7362 
7363 int nl80211_parse_random_mac(struct nlattr **attrs,
7364                              u8 *mac_addr, u8 *mac_addr_mask)
7365 {
7366         int i;
7367 
7368         if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
7369                 eth_zero_addr(mac_addr);
7370                 eth_zero_addr(mac_addr_mask);
7371                 mac_addr[0] = 0x2;
7372                 mac_addr_mask[0] = 0x3;
7373 
7374                 return 0;
7375         }
7376 
7377         /* need both or none */
7378         if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
7379                 return -EINVAL;
7380 
7381         memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
7382         memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
7383 
7384         /* don't allow or configure an mcast address */
7385         if (!is_multicast_ether_addr(mac_addr_mask) ||
7386             is_multicast_ether_addr(mac_addr))
7387                 return -EINVAL;
7388 
7389         /*
7390          * allow users to pass a MAC address that has bits set outside
7391          * of the mask, but don't bother drivers with having to deal
7392          * with such bits
7393          */
7394         for (i = 0; i < ETH_ALEN; i++)
7395                 mac_addr[i] &= mac_addr_mask[i];
7396 
7397         return 0;
7398 }
7399 
7400 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
7401 {
7402         ASSERT_WDEV_LOCK(wdev);
7403 
7404         if (!cfg80211_beaconing_iface_active(wdev))
7405                 return true;
7406 
7407         if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
7408                 return true;
7409 
7410         return regulatory_pre_cac_allowed(wdev->wiphy);
7411 }
7412 
7413 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
7414                                     enum nl80211_ext_feature_index feat)
7415 {
7416         if (!(flags & flag))
7417                 return true;
7418         if (wiphy_ext_feature_isset(wiphy, feat))
7419                 return true;
7420         return false;
7421 }
7422 
7423 static int
7424 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
7425                          void *request, struct nlattr **attrs,
7426                          bool is_sched_scan)
7427 {
7428         u8 *mac_addr, *mac_addr_mask;
7429         u32 *flags;
7430         enum nl80211_feature_flags randomness_flag;
7431 
7432         if (!attrs[NL80211_ATTR_SCAN_FLAGS])
7433                 return 0;
7434 
7435         if (is_sched_scan) {
7436                 struct cfg80211_sched_scan_request *req = request;
7437 
7438                 randomness_flag = wdev ?
7439                                   NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
7440                                   NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7441                 flags = &req->flags;
7442                 mac_addr = req->mac_addr;
7443                 mac_addr_mask = req->mac_addr_mask;
7444         } else {
7445                 struct cfg80211_scan_request *req = request;
7446 
7447                 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
7448                 flags = &req->flags;
7449                 mac_addr = req->mac_addr;
7450                 mac_addr_mask = req->mac_addr_mask;
7451         }
7452 
7453         *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
7454 
7455         if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7456              !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
7457             !nl80211_check_scan_feat(wiphy, *flags,
7458                                      NL80211_SCAN_FLAG_LOW_SPAN,
7459                                      NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
7460             !nl80211_check_scan_feat(wiphy, *flags,
7461                                      NL80211_SCAN_FLAG_LOW_POWER,
7462                                      NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
7463             !nl80211_check_scan_feat(wiphy, *flags,
7464                                      NL80211_SCAN_FLAG_HIGH_ACCURACY,
7465                                      NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
7466             !nl80211_check_scan_feat(wiphy, *flags,
7467                                      NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
7468                                      NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
7469             !nl80211_check_scan_feat(wiphy, *flags,
7470                                      NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
7471                                      NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
7472             !nl80211_check_scan_feat(wiphy, *flags,
7473                                      NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
7474                                      NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
7475             !nl80211_check_scan_feat(wiphy, *flags,
7476                                      NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
7477                                      NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
7478             !nl80211_check_scan_feat(wiphy, *flags,
7479                                      NL80211_SCAN_FLAG_RANDOM_SN,
7480                                      NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
7481             !nl80211_check_scan_feat(wiphy, *flags,
7482                                      NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
7483                                      NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
7484                 return -EOPNOTSUPP;
7485 
7486         if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7487                 int err;
7488 
7489                 if (!(wiphy->features & randomness_flag) ||
7490                     (wdev && wdev->current_bss))
7491                         return -EOPNOTSUPP;
7492 
7493                 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
7494                 if (err)
7495                         return err;
7496         }
7497 
7498         return 0;
7499 }
7500 
7501 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
7502 {
7503         struct cfg80211_registered_device *rdev = info->user_ptr[0];
7504         struct wireless_dev *wdev = info->user_ptr[1];
7505         struct cfg80211_scan_request *request;
7506         struct nlattr *attr;
7507         struct wiphy *wiphy;
7508         int err, tmp, n_ssids = 0, n_channels, i;
7509         size_t ie_len;
7510 
7511         wiphy = &rdev->wiphy;
7512 
7513         if (wdev->iftype == NL80211_IFTYPE_NAN)
7514                 return -EOPNOTSUPP;
7515 
7516         if (!rdev->ops->scan)
7517                 return -EOPNOTSUPP;
7518 
7519         if (rdev->scan_req || rdev->scan_msg) {
7520                 err = -EBUSY;
7521                 goto unlock;
7522         }
7523 
7524         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7525                 n_channels = validate_scan_freqs(
7526                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7527                 if (!n_channels) {
7528                         err = -EINVAL;
7529                         goto unlock;
7530                 }
7531         } else {
7532                 n_channels = ieee80211_get_num_supported_channels(wiphy);
7533         }
7534 
7535         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
7536                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
7537                         n_ssids++;
7538 
7539         if (n_ssids > wiphy->max_scan_ssids) {
7540                 err = -EINVAL;
7541                 goto unlock;
7542         }
7543 
7544         if (info->attrs[NL80211_ATTR_IE])
7545                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7546         else
7547                 ie_len = 0;
7548 
7549         if (ie_len > wiphy->max_scan_ie_len) {
7550                 err = -EINVAL;
7551                 goto unlock;
7552         }
7553 
7554         request = kzalloc(sizeof(*request)
7555                         + sizeof(*request->ssids) * n_ssids
7556                         + sizeof(*request->channels) * n_channels
7557                         + ie_len, GFP_KERNEL);
7558         if (!request) {
7559                 err = -ENOMEM;
7560                 goto unlock;
7561         }
7562 
7563         if (n_ssids)
7564                 request->ssids = (void *)&request->channels[n_channels];
7565         request->n_ssids = n_ssids;
7566         if (ie_len) {
7567                 if (n_ssids)
7568                         request->ie = (void *)(request->ssids + n_ssids);
7569                 else
7570                         request->ie = (void *)(request->channels + n_channels);
7571         }
7572 
7573         i = 0;
7574         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7575                 /* user specified, bail out if channel not found */
7576                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
7577                         struct ieee80211_channel *chan;
7578 
7579                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7580 
7581                         if (!chan) {
7582                                 err = -EINVAL;
7583                                 goto out_free;
7584                         }
7585 
7586                         /* ignore disabled channels */
7587                         if (chan->flags & IEEE80211_CHAN_DISABLED)
7588                                 continue;
7589 
7590                         request->channels[i] = chan;
7591                         i++;
7592                 }
7593         } else {
7594                 enum nl80211_band band;
7595 
7596                 /* all channels */
7597                 for (band = 0; band < NUM_NL80211_BANDS; band++) {
7598                         int j;
7599 
7600                         if (!wiphy->bands[band])
7601                                 continue;
7602                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7603                                 struct ieee80211_channel *chan;
7604 
7605                                 chan = &wiphy->bands[band]->channels[j];
7606 
7607                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
7608                                         continue;
7609 
7610                                 request->channels[i] = chan;
7611                                 i++;
7612                         }
7613                 }
7614         }
7615 
7616         if (!i) {
7617                 err = -EINVAL;
7618                 goto out_free;
7619         }
7620 
7621         request->n_channels = i;
7622 
7623         wdev_lock(wdev);
7624         if (!cfg80211_off_channel_oper_allowed(wdev)) {
7625                 struct ieee80211_channel *chan;
7626 
7627                 if (request->n_channels != 1) {
7628                         wdev_unlock(wdev);
7629                         err = -EBUSY;
7630                         goto out_free;
7631                 }
7632 
7633                 chan = request->channels[0];
7634                 if (chan->center_freq != wdev->chandef.chan->center_freq) {
7635                         wdev_unlock(wdev);
7636                         err = -EBUSY;
7637                         goto out_free;
7638                 }
7639         }
7640         wdev_unlock(wdev);
7641 
7642         i = 0;
7643         if (n_ssids) {
7644                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
7645                         if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7646                                 err = -EINVAL;
7647                                 goto out_free;
7648                         }
7649                         request->ssids[i].ssid_len = nla_len(attr);
7650                         memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
7651                         i++;
7652                 }
7653         }
7654 
7655         if (info->attrs[NL80211_ATTR_IE]) {
7656                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7657                 memcpy((void *)request->ie,
7658                        nla_data(info->attrs[NL80211_ATTR_IE]),
7659                        request->ie_len);
7660         }
7661 
7662         for (i = 0; i < NUM_NL80211_BANDS; i++)
7663                 if (wiphy->bands[i])
7664                         request->rates[i] =
7665                                 (1 << wiphy->bands[i]->n_bitrates) - 1;
7666 
7667         if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
7668                 nla_for_each_nested(attr,
7669                                     info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
7670                                     tmp) {
7671                         enum nl80211_band band = nla_type(attr);
7672 
7673                         if (band < 0 || band >= NUM_NL80211_BANDS) {
7674                                 err = -EINVAL;
7675                                 goto out_free;
7676                         }
7677 
7678                         if (!wiphy->bands[band])
7679                                 continue;
7680 
7681                         err = ieee80211_get_ratemask(wiphy->bands[band],
7682                                                      nla_data(attr),
7683                                                      nla_len(attr),
7684                                                      &request->rates[band]);
7685                         if (err)
7686                                 goto out_free;
7687                 }
7688         }
7689 
7690         if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
7691                 if (!wiphy_ext_feature_isset(wiphy,
7692                                         NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
7693                         err = -EOPNOTSUPP;
7694                         goto out_free;
7695                 }
7696 
7697                 request->duration =
7698                         nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
7699                 request->duration_mandatory =
7700                         nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
7701         }
7702 
7703         err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
7704                                        false);
7705         if (err)
7706                 goto out_free;
7707 
7708         request->no_cck =
7709                 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7710 
7711         /* Initial implementation used NL80211_ATTR_MAC to set the specific
7712          * BSSID to scan for. This was problematic because that same attribute
7713          * was already used for another purpose (local random MAC address). The
7714          * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
7715          * compatibility with older userspace components, also use the
7716          * NL80211_ATTR_MAC value here if it can be determined to be used for
7717          * the specific BSSID use case instead of the random MAC address
7718          * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
7719          */
7720         if (info->attrs[NL80211_ATTR_BSSID])
7721                 memcpy(request->bssid,
7722                        nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
7723         else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
7724                  info->attrs[NL80211_ATTR_MAC])
7725                 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
7726                        ETH_ALEN);
7727         else
7728                 eth_broadcast_addr(request->bssid);
7729 
7730         request->wdev = wdev;
7731         request->wiphy = &rdev->wiphy;
7732         request->scan_start = jiffies;
7733 
7734         rdev->scan_req = request;
7735         err = rdev_scan(rdev, request);
7736 
7737         if (!err) {
7738                 nl80211_send_scan_start(rdev, wdev);
7739                 if (wdev->netdev)
7740                         dev_hold(wdev->netdev);
7741         } else {
7742  out_free:
7743                 rdev->scan_req = NULL;
7744                 kfree(request);
7745         }
7746 
7747  unlock:
7748         return err;
7749 }
7750 
7751 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
7752 {
7753         struct cfg80211_registered_device *rdev = info->user_ptr[0];
7754         struct wireless_dev *wdev = info->user_ptr[1];
7755 
7756         if (!rdev->ops->abort_scan)
7757                 return -EOPNOTSUPP;
7758 
7759         if (rdev->scan_msg)
7760                 return 0;
7761 
7762         if (!rdev->scan_req)
7763                 return -ENOENT;
7764 
7765         rdev_abort_scan(rdev, wdev);
7766         return 0;
7767 }
7768 
7769 static int
7770 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
7771                                struct cfg80211_sched_scan_request *request,
7772                                struct nlattr **attrs)
7773 {
7774         int tmp, err, i = 0;
7775         struct nlattr *attr;
7776 
7777         if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7778                 u32 interval;
7779 
7780                 /*
7781                  * If scan plans are not specified,
7782                  * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
7783                  * case one scan plan will be set with the specified scan
7784                  * interval and infinite number of iterations.
7785                  */
7786                 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
7787                 if (!interval)
7788                         return -EINVAL;
7789 
7790                 request->scan_plans[0].interval =
7791                         DIV_ROUND_UP(interval, MSEC_PER_SEC);
7792                 if (!request->scan_plans[0].interval)
7793                         return -EINVAL;
7794 
7795                 if (request->scan_plans[0].interval >
7796                     wiphy->max_sched_scan_plan_interval)
7797                         request->scan_plans[0].interval =
7798                                 wiphy->max_sched_scan_plan_interval;
7799 
7800                 return 0;
7801         }
7802 
7803         nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
7804                 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
7805 
7806                 if (WARN_ON(i >= n_plans))
7807                         return -EINVAL;
7808 
7809                 err = nla_parse_nested_deprecated(plan,
7810                                                   NL80211_SCHED_SCAN_PLAN_MAX,
7811                                                   attr, nl80211_plan_policy,
7812                                                   NULL);
7813                 if (err)
7814                         return err;
7815 
7816                 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
7817                         return -EINVAL;
7818 
7819                 request->scan_plans[i].interval =
7820                         nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
7821                 if (!request->scan_plans[i].interval ||
7822                     request->scan_plans[i].interval >
7823                     wiphy->max_sched_scan_plan_interval)
7824                         return -EINVAL;
7825 
7826                 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
7827                         request->scan_plans[i].iterations =
7828                                 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
7829                         if (!request->scan_plans[i].iterations ||
7830                             (request->scan_plans[i].iterations >
7831                              wiphy->max_sched_scan_plan_iterations))
7832                                 return -EINVAL;
7833                 } else if (i < n_plans - 1) {
7834                         /*
7835                          * All scan plans but the last one must specify
7836                          * a finite number of iterations
7837                          */
7838                         return -EINVAL;
7839                 }
7840 
7841                 i++;
7842         }
7843 
7844         /*
7845          * The last scan plan must not specify the number of
7846          * iterations, it is supposed to run infinitely
7847          */
7848         if (request->scan_plans[n_plans - 1].iterations)
7849                 return  -EINVAL;
7850 
7851         return 0;
7852 }
7853 
7854 static int
7855 nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
7856                                        struct cfg80211_match_set *match_sets,
7857                                        struct nlattr *tb_band_rssi,
7858                                        s32 rssi_thold)
7859 {
7860         struct nlattr *attr;
7861         int i, tmp, ret = 0;
7862 
7863         if (!wiphy_ext_feature_isset(wiphy,
7864                     NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
7865                 if (tb_band_rssi)
7866                         ret = -EOPNOTSUPP;
7867                 else
7868                         for (i = 0; i < NUM_NL80211_BANDS; i++)
7869                                 match_sets->per_band_rssi_thold[i] =
7870                                         NL80211_SCAN_RSSI_THOLD_OFF;
7871                 return ret;
7872         }
7873 
7874         for (i = 0; i < NUM_NL80211_BANDS; i++)
7875                 match_sets->per_band_rssi_thold[i] = rssi_thold;
7876 
7877         nla_for_each_nested(attr, tb_band_rssi, tmp) {
7878                 enum nl80211_band band = nla_type(attr);
7879 
7880                 if (band < 0 || band >= NUM_NL80211_BANDS)
7881                         return -EINVAL;
7882 
7883                 match_sets->per_band_rssi_thold[band] = nla_get_s32(attr);
7884         }
7885 
7886         return 0;
7887 }
7888 
7889 static struct cfg80211_sched_scan_request *
7890 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
7891                          struct nlattr **attrs, int max_match_sets)
7892 {
7893         struct cfg80211_sched_scan_request *request;
7894         struct nlattr *attr;
7895         int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7896         enum nl80211_band band;
7897         size_t ie_len;
7898         struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7899         s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7900 
7901         if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7902                 n_channels = validate_scan_freqs(
7903                                 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7904                 if (!n_channels)
7905                         return ERR_PTR(-EINVAL);
7906         } else {
7907                 n_channels = ieee80211_get_num_supported_channels(wiphy);
7908         }
7909 
7910         if (attrs[NL80211_ATTR_SCAN_SSIDS])
7911                 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7912                                     tmp)
7913                         n_ssids++;
7914 
7915         if (n_ssids > wiphy->max_sched_scan_ssids)
7916                 return ERR_PTR(-EINVAL);
7917 
7918         /*
7919          * First, count the number of 'real' matchsets. Due to an issue with
7920          * the old implementation, matchsets containing only the RSSI attribute
7921          * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
7922          * RSSI for all matchsets, rather than their own matchset for reporting
7923          * all APs with a strong RSSI. This is needed to be compatible with
7924          * older userspace that treated a matchset with only the RSSI as the
7925          * global RSSI for all other matchsets - if there are other matchsets.
7926          */
7927         if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7928                 nla_for_each_nested(attr,
7929                                     attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7930                                     tmp) {
7931                         struct nlattr *rssi;
7932 
7933                         err = nla_parse_nested_deprecated(tb,
7934                                                           NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7935                                                           attr,
7936                                                           nl80211_match_policy,
7937                                                           NULL);
7938                         if (err)
7939                                 return ERR_PTR(err);
7940 
7941                         /* SSID and BSSID are mutually exclusive */
7942                         if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7943                             tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7944                                 return ERR_PTR(-EINVAL);
7945 
7946                         /* add other standalone attributes here */
7947                         if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7948                             tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7949                                 n_match_sets++;
7950                                 continue;
7951                         }
7952                         rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7953                         if (rssi)
7954                                 default_match_rssi = nla_get_s32(rssi);
7955                 }
7956         }
7957 
7958         /* However, if there's no other matchset, add the RSSI one */
7959         if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7960                 n_match_sets = 1;
7961 
7962         if (n_match_sets > max_match_sets)
7963                 return ERR_PTR(-EINVAL);
7964 
7965         if (attrs[NL80211_ATTR_IE])
7966                 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7967         else
7968                 ie_len = 0;
7969 
7970         if (ie_len > wiphy->max_sched_scan_ie_len)
7971                 return ERR_PTR(-EINVAL);
7972 
7973         if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7974                 /*
7975                  * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
7976                  * each scan plan already specifies its own interval
7977                  */
7978                 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7979                         return ERR_PTR(-EINVAL);
7980 
7981                 nla_for_each_nested(attr,
7982                                     attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7983                         n_plans++;
7984         } else {
7985                 /*
7986                  * The scan interval attribute is kept for backward
7987                  * compatibility. If no scan plans are specified and sched scan
7988                  * interval is specified, one scan plan will be set with this
7989                  * scan interval and infinite number of iterations.
7990                  */
7991                 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7992                         return ERR_PTR(-EINVAL);
7993 
7994                 n_plans = 1;
7995         }
7996 
7997         if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
7998                 return ERR_PTR(-EINVAL);
7999 
8000         if (!wiphy_ext_feature_isset(
8001                     wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
8002             (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
8003              attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
8004                 return ERR_PTR(-EINVAL);
8005 
8006         request = kzalloc(sizeof(*request)
8007                         + sizeof(*request->ssids) * n_ssids
8008                         + sizeof(*request->match_sets) * n_match_sets
8009                         + sizeof(*request->scan_plans) * n_plans
8010                         + sizeof(*request->channels) * n_channels
8011                         + ie_len, GFP_KERNEL);
8012         if (!request)
8013                 return ERR_PTR(-ENOMEM);
8014 
8015         if (n_ssids)
8016                 request->ssids = (void *)&request->channels[n_channels];
8017         request->n_ssids = n_ssids;
8018         if (ie_len) {
8019                 if (n_ssids)
8020                         request->ie = (void *)(request->ssids + n_ssids);
8021                 else
8022                         request->ie = (void *)(request->channels + n_channels);
8023         }
8024 
8025         if (n_match_sets) {
8026                 if (request->ie)
8027                         request->match_sets = (void *)(request->ie + ie_len);
8028                 else if (n_ssids)
8029                         request->match_sets =
8030                                 (void *)(request->ssids + n_ssids);
8031                 else
8032                         request->match_sets =
8033                                 (void *)(request->channels + n_channels);
8034         }
8035         request->n_match_sets = n_match_sets;
8036 
8037         if (n_match_sets)
8038                 request->scan_plans = (void *)(request->match_sets +
8039                                                n_match_sets);
8040         else if (request->ie)
8041                 request->scan_plans = (void *)(request->ie + ie_len);
8042         else if (n_ssids)
8043                 request->scan_plans = (void *)(request->ssids + n_ssids);
8044         else
8045                 request->scan_plans = (void *)(request->channels + n_channels);
8046 
8047         request->n_scan_plans = n_plans;
8048 
8049         i = 0;
8050         if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8051                 /* user specified, bail out if channel not found */
8052                 nla_for_each_nested(attr,
8053                                     attrs[NL80211_ATTR_SCAN_FREQUENCIES],
8054                                     tmp) {
8055                         struct ieee80211_channel *chan;
8056 
8057                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
8058 
8059                         if (!chan) {
8060                                 err = -EINVAL;
8061                                 goto out_free;
8062                         }
8063 
8064                         /* ignore disabled channels */
8065                         if (chan->flags & IEEE80211_CHAN_DISABLED)
8066                                 continue;
8067 
8068                         request->channels[i] = chan;
8069                         i++;
8070                 }
8071         } else {
8072                 /* all channels */
8073                 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8074                         int j;
8075 
8076                         if (!wiphy->bands[band])
8077                                 continue;
8078                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8079                                 struct ieee80211_channel *chan;
8080 
8081                                 chan = &wiphy->bands[band]->channels[j];
8082 
8083                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
8084                                         continue;
8085 
8086                                 request->channels[i] = chan;
8087                                 i++;
8088                         }
8089                 }
8090         }
8091 
8092         if (!i) {
8093                 err = -EINVAL;
8094                 goto out_free;
8095         }
8096 
8097         request->n_channels = i;
8098 
8099         i = 0;
8100         if (n_ssids) {
8101                 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8102                                     tmp) {
8103                         if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8104                                 err = -EINVAL;
8105                                 goto out_free;
8106                         }
8107                         request->ssids[i].ssid_len = nla_len(attr);
8108                         memcpy(request->ssids[i].ssid, nla_data(attr),
8109                                nla_len(attr));
8110                         i++;
8111                 }
8112         }
8113 
8114         i = 0;
8115         if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8116                 nla_for_each_nested(attr,
8117                                     attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8118                                     tmp) {
8119                         struct nlattr *ssid, *bssid, *rssi;
8120 
8121                         err = nla_parse_nested_deprecated(tb,
8122                                                           NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8123                                                           attr,
8124                                                           nl80211_match_policy,
8125                                                           NULL);
8126                         if (err)
8127                                 goto out_free;
8128                         ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
8129                         bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
8130 
8131                         if (!ssid && !bssid) {
8132                                 i++;
8133                                 continue;
8134                         }
8135 
8136                         if (WARN_ON(i >= n_match_sets)) {
8137                                 /* this indicates a programming error,
8138                                  * the loop above should have verified
8139                                  * things properly
8140                                  */
8141                                 err = -EINVAL;
8142                                 goto out_free;
8143                         }
8144 
8145                         if (ssid) {
8146                                 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
8147                                         err = -EINVAL;
8148                                         goto out_free;
8149                                 }
8150                                 memcpy(request->match_sets[i].ssid.ssid,
8151                                        nla_data(ssid), nla_len(ssid));
8152                                 request->match_sets[i].ssid.ssid_len =
8153                                         nla_len(ssid);
8154                         }
8155                         if (bssid) {
8156                                 if (nla_len(bssid) != ETH_ALEN) {
8157                                         err = -EINVAL;
8158                                         goto out_free;
8159                                 }
8160                                 memcpy(request->match_sets[i].bssid,
8161                                        nla_data(bssid), ETH_ALEN);
8162                         }
8163 
8164                         /* special attribute - old implementation w/a */
8165                         request->match_sets[i].rssi_thold = default_match_rssi;
8166                         rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8167                         if (rssi)
8168                                 request->match_sets[i].rssi_thold =
8169                                         nla_get_s32(rssi);
8170 
8171                         /* Parse per band RSSI attribute */
8172                         err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
8173                                 &request->match_sets[i],
8174                                 tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
8175                                 request->match_sets[i].rssi_thold);
8176                         if (err)
8177                                 goto out_free;
8178 
8179                         i++;
8180                 }
8181 
8182                 /* there was no other matchset, so the RSSI one is alone */
8183                 if (i == 0 && n_match_sets)
8184                         request->match_sets[0].rssi_thold = default_match_rssi;
8185 
8186                 request->min_rssi_thold = INT_MAX;
8187                 for (i = 0; i < n_match_sets; i++)
8188                         request->min_rssi_thold =
8189                                 min(request->match_sets[i].rssi_thold,
8190                                     request->min_rssi_thold);
8191         } else {
8192                 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8193         }
8194 
8195         if (ie_len) {
8196                 request->ie_len = ie_len;
8197                 memcpy((void *)request->ie,
8198                        nla_data(attrs[NL80211_ATTR_IE]),
8199                        request->ie_len);
8200         }
8201 
8202         err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8203         if (err)
8204                 goto out_free;
8205 
8206         if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8207                 request->delay =
8208                         nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8209 
8210         if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8211                 request->relative_rssi = nla_get_s8(
8212                         attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8213                 request->relative_rssi_set = true;
8214         }
8215 
8216         if (request->relative_rssi_set &&
8217             attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8218                 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8219 
8220                 rssi_adjust = nla_data(
8221                         attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8222                 request->rssi_adjust.band = rssi_adjust->band;
8223                 request->rssi_adjust.delta = rssi_adjust->delta;
8224                 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8225                         err = -EINVAL;
8226                         goto out_free;
8227                 }
8228         }
8229 
8230         err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8231         if (err)
8232                 goto out_free;
8233 
8234         request->scan_start = jiffies;
8235 
8236         return request;
8237 
8238 out_free:
8239         kfree(request);
8240         return ERR_PTR(err);
8241 }
8242 
8243 static int nl80211_start_sched_scan(struct sk_buff *skb,
8244                                     struct genl_info *info)
8245 {
8246         struct cfg80211_registered_device *rdev = info->user_ptr[0];
8247         struct net_device *dev = info->user_ptr[1];
8248         struct wireless_dev *wdev = dev->ieee80211_ptr;
8249         struct cfg80211_sched_scan_request *sched_scan_req;
8250         bool want_multi;
8251         int err;
8252 
8253         if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8254                 return -EOPNOTSUPP;
8255 
8256         want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
8257         err = cfg80211_sched_scan_req_possible(rdev, want_multi);
8258         if (err)
8259                 return err;
8260 
8261         sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
8262                                                   info->attrs,
8263                                                   rdev->wiphy.max_match_sets);
8264 
8265         err = PTR_ERR_OR_ZERO(sched_scan_req);
8266         if (err)
8267                 goto out_err;
8268 
8269         /* leave request id zero for legacy request
8270          * or if driver does not support multi-scheduled scan
8271          */
8272         if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
8273                 while (!sched_scan_req->reqid)
8274                         sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
8275         }
8276 
8277         err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
8278         if (err)
8279                 goto out_free;
8280 
8281         sched_scan_req->dev = dev;
8282         sched_scan_req->wiphy = &rdev->wiphy;
8283 
8284         if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
8285                 sched_scan_req->owner_nlportid = info->snd_portid;
8286 
8287         cfg80211_add_sched_scan_req(rdev, sched_scan_req);
8288 
8289         nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
8290         return 0;
8291 
8292 out_free:
8293         kfree(sched_scan_req);
8294 out_err:
8295         return err;
8296 }
8297 
8298 static int nl80211_stop_sched_scan(struct sk_buff *skb,
8299                                    struct genl_info *info)
8300 {
8301         struct cfg80211_sched_scan_request *req;
8302         struct cfg80211_registered_device *rdev = info->user_ptr[0];
8303         u64 cookie;
8304 
8305         if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
8306                 return -EOPNOTSUPP;
8307 
8308         if (info->attrs[NL80211_ATTR_COOKIE]) {
8309                 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8310                 return __cfg80211_stop_sched_scan(rdev, cookie, false);
8311         }
8312 
8313         req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
8314                                      struct cfg80211_sched_scan_request,
8315                                      list);
8316         if (!req || req->reqid ||
8317             (req->owner_nlportid &&
8318              req->owner_nlportid != info->snd_portid))
8319                 return -ENOENT;
8320 
8321         return cfg80211_stop_sched_scan_req(rdev, req, false);
8322 }
8323 
8324 static int nl80211_start_radar_detection(struct sk_buff *skb,
8325                                          struct genl_info *info)
8326 {
8327         struct cfg80211_registered_device *rdev = info->user_ptr[0];
8328         struct net_device *dev = info->user_ptr[1];
8329         struct wireless_dev *wdev = dev->ieee80211_ptr;
8330         struct wiphy *wiphy = wdev->wiphy;
8331         struct cfg80211_chan_def chandef;
8332         enum nl80211_dfs_regions dfs_region;
8333         unsigned int cac_time_ms;
8334         int err;
8335 
8336         dfs_region = reg_get_dfs_region(wiphy);
8337         if (dfs_region == NL80211_DFS_UNSET)
8338                 return -EINVAL;
8339 
8340         err = nl80211_parse_chandef(rdev, info, &chandef);
8341         if (err)
8342                 return err;
8343 
8344         if (netif_carrier_ok(dev))
8345                 return -EBUSY;
8346 
8347         if (wdev->cac_started)
8348                 return -EBUSY;
8349 
8350         err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8351         if (err < 0)
8352                 return err;
8353 
8354         if (err == 0)
8355                 return -EINVAL;
8356 
8357         if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
8358                 return -EINVAL;
8359 
8360         /* CAC start is offloaded to HW and can't be started manually */
8361         if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
8362                 return -EOPNOTSUPP;
8363 
8364         if (!rdev->ops->start_radar_detection)
8365                 return -EOPNOTSUPP;
8366 
8367         cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
8368         if (WARN_ON(!cac_time_ms))
8369                 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
8370 
8371         err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
8372         if (!err) {
8373                 wdev->chandef = chandef;
8374                 wdev->cac_started = true;
8375                 wdev->cac_start_time = jiffies;
8376                 wdev->cac_time_ms = cac_time_ms;
8377         }
8378         return err;
8379 }
8380 
8381 static int nl80211_notify_radar_detection(struct sk_buff *skb,
8382                                           struct genl_info *info)
8383 {
8384         struct cfg80211_registered_device *rdev = info->user_ptr[0];
8385         struct net_device *dev = info->user_ptr[1];
8386         struct wireless_dev *wdev = dev->ieee80211_ptr;
8387         struct wiphy *wiphy = wdev->wiphy;
8388         struct cfg80211_chan_def chandef;
8389         enum nl80211_dfs_regions dfs_region;
8390         int err;
8391 
8392         dfs_region = reg_get_dfs_region(wiphy);
8393         if (dfs_region == NL80211_DFS_UNSET) {
8394                 GENL_SET_ERR_MSG(info,
8395                                  "DFS Region is not set. Unexpected Radar indication");
8396                 return -EINVAL;
8397         }
8398 
8399         err = nl80211_parse_chandef(rdev, info, &chandef);
8400         if (err) {
8401                 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
8402                 return err;
8403         }
8404 
8405         err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8406         if (err < 0) {
8407                 GENL_SET_ERR_MSG(info, "chandef is invalid");
8408                 return err;
8409         }
8410 
8411         if (err == 0) {
8412                 GENL_SET_ERR_MSG(info,
8413                                  "Unexpected Radar indication for chandef/iftype");
8414                 return -EINVAL;
8415         }
8416 
8417         /* Do not process this notification if radar is already detected
8418          * by kernel on this channel, and return success.
8419          */
8420         if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
8421                 return 0;
8422 
8423         cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
8424 
8425         cfg80211_sched_dfs_chan_update(rdev);
8426 
8427         rdev->radar_chandef = chandef;
8428 
8429         /* Propagate this notification to other radios as well */
8430         queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
8431 
8432         return 0;
8433 }
8434 
8435 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
8436 {
8437         struct cfg80211_registered_device *rdev = info->user_ptr[0];
8438         struct net_device *dev = info->user_ptr[1];
8439         struct wireless_dev *wdev = dev->ieee80211_ptr;
8440         struct cfg80211_csa_settings params;
8441         /* csa_attrs is defined static to avoid waste of stack size - this
8442          * function is called under RTNL lock, so this should not be a problem.
8443          */
8444         static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
8445         int err;
8446         bool need_new_beacon = false;
8447         bool need_handle_dfs_flag = true;
8448         int len, i;
8449         u32 cs_count;
8450 
8451         if (!rdev->ops->channel_switch ||
8452             !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
8453                 return -EOPNOTSUPP;
8454 
8455         switch (dev->ieee80211_ptr->iftype) {
8456         case NL80211_IFTYPE_AP:
8457         case NL80211_IFTYPE_P2P_GO:
8458                 need_new_beacon = true;
8459                 /* For all modes except AP the handle_dfs flag needs to be
8460                  * supplied to tell the kernel that userspace will handle radar
8461                  * events when they happen. Otherwise a switch to a channel
8462                  * requiring DFS will be rejected.
8463                  */
8464                 need_handle_dfs_flag = false;
8465 
8466                 /* useless if AP is not running */
8467                 if (!wdev->beacon_interval)
8468                         return -ENOTCONN;
8469                 break;
8470         case NL80211_IFTYPE_ADHOC:
8471                 if (!wdev->ssid_len)
8472                         return -ENOTCONN;
8473                 break;
8474         case NL80211_IFTYPE_MESH_POINT:
8475                 if (!wdev->mesh_id_len)
8476                         return -ENOTCONN;
8477                 break;
8478         default:
8479                 return -EOPNOTSUPP;
8480         }
8481 
8482         memset(&params, 0, sizeof(params));
8483         params.beacon_csa.ftm_responder = -1;
8484 
8485         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8486             !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
8487                 return -EINVAL;
8488 
8489         /* only important for AP, IBSS and mesh create IEs internally */
8490         if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
8491                 return -EINVAL;
8492 
8493         /* Even though the attribute is u32, the specification says
8494          * u8, so let's make sure we don't overflow.
8495          */
8496         cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
8497         if (cs_count > 255)
8498                 return -EINVAL;
8499 
8500         params.count = cs_count;
8501 
8502         if (!need_new_beacon)
8503                 goto skip_beacons;
8504 
8505         err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after);
8506         if (err)
8507                 return err;
8508 
8509         err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
8510                                           info->attrs[NL80211_ATTR_CSA_IES],
8511                                           nl80211_policy, info->extack);
8512         if (err)
8513                 return err;
8514 
8515         err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa);
8516         if (err)
8517                 return err;
8518 
8519         if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
8520                 return -EINVAL;
8521 
8522         len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8523         if (!len || (len % sizeof(u16)))
8524                 return -EINVAL;
8525 
8526         params.n_counter_offsets_beacon = len / sizeof(u16);
8527         if (rdev->wiphy.max_num_csa_counters &&
8528             (params.n_counter_offsets_beacon >
8529              rdev->wiphy.max_num_csa_counters))
8530                 return -EINVAL;
8531 
8532         params.counter_offsets_beacon =
8533                 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8534 
8535         /* sanity checks - counters should fit and be the same */
8536         for (i = 0; i < params.n_counter_offsets_beacon; i++) {
8537                 u16 offset = params.counter_offsets_beacon[i];
8538 
8539                 if (offset >= params.beacon_csa.tail_len)
8540                         return -EINVAL;
8541 
8542                 if (params.beacon_csa.tail[offset] != params.count)
8543                         return -EINVAL;
8544         }
8545 
8546         if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
8547                 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8548                 if (!len || (len % sizeof(u16)))
8549                         return -EINVAL;
8550 
8551                 params.n_counter_offsets_presp = len / sizeof(u16);
8552                 if (rdev->wiphy.max_num_csa_counters &&
8553                     (params.n_counter_offsets_presp >
8554                      rdev->wiphy.max_num_csa_counters))
8555                         return -EINVAL;
8556 
8557                 params.counter_offsets_presp =
8558                         nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8559 
8560                 /* sanity checks - counters should fit and be the same */
8561                 for (i = 0; i < params.n_counter_offsets_presp; i++) {
8562                         u16 offset = params.counter_offsets_presp[i];
8563 
8564                         if (offset >= params.beacon_csa.probe_resp_len)
8565                                 return -EINVAL;
8566 
8567                         if (params.beacon_csa.probe_resp[offset] !=
8568                             params.count)
8569                                 return -EINVAL;
8570                 }
8571         }
8572 
8573 skip_beacons:
8574         err = nl80211_parse_chandef(rdev, info, &params.chandef);
8575         if (err)
8576                 return err;
8577 
8578         if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
8579                                            wdev->iftype))
8580                 return -EINVAL;
8581 
8582         err = cfg80211_chandef_dfs_required(wdev->wiphy,
8583                                             &params.chandef,
8584                                             wdev->iftype);
8585         if (err < 0)
8586                 return err;
8587 
8588         if (err > 0) {
8589                 params.radar_required = true;
8590                 if (need_handle_dfs_flag &&
8591                     !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
8592                         return -EINVAL;
8593                 }
8594         }
8595 
8596         if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
8597                 params.block_tx = true;
8598 
8599         wdev_lock(wdev);
8600         err = rdev_channel_switch(rdev, dev, &params);
8601         wdev_unlock(wdev);
8602 
8603         return err;
8604 }
8605 
8606 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
8607                             u32 seq, int flags,
8608                             struct cfg80211_registered_device *rdev,
8609                             struct wireless_dev *wdev,
8610                             struct cfg80211_internal_bss *intbss)
8611 {
8612         struct cfg80211_bss *res = &intbss->pub;
8613         const struct cfg80211_bss_ies *ies;
8614         void *hdr;
8615         struct nlattr *bss;
8616 
8617         ASSERT_WDEV_LOCK(wdev);
8618 
8619         hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8620                              NL80211_CMD_NEW_SCAN_RESULTS);
8621         if (!hdr)
8622                 return -1;
8623 
8624         genl_dump_check_consistent(cb, hdr);
8625 
8626         if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
8627                 goto nla_put_failure;
8628         if (wdev->netdev &&
8629             nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
8630                 goto nla_put_failure;
8631         if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
8632                               NL80211_ATTR_PAD))
8633                 goto nla_put_failure;
8634 
8635         bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
8636         if (!bss)
8637                 goto nla_put_failure;
8638         if ((!is_zero_ether_addr(res->bssid) &&
8639              nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
8640                 goto nla_put_failure;
8641 
8642         rcu_read_lock();
8643         /* indicate whether we have probe response data or not */
8644         if (rcu_access_pointer(res->proberesp_ies) &&
8645             nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
8646                 goto fail_unlock_rcu;
8647 
8648         /* this pointer prefers to be pointed to probe response data
8649          * but is always valid
8650          */
8651         ies = rcu_dereference(res->ies);
8652         if (ies) {
8653                 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
8654                                       NL80211_BSS_PAD))
8655                         goto fail_unlock_rcu;
8656                 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
8657                                         ies->len, ies->data))
8658                         goto fail_unlock_rcu;
8659         }
8660 
8661         /* and this pointer is always (unless driver didn't know) beacon data */
8662         ies = rcu_dereference(res->beacon_ies);
8663         if (ies && ies->from_beacon) {
8664                 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
8665                                       NL80211_BSS_PAD))
8666                         goto fail_unlock_rcu;
8667                 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
8668                                         ies->len, ies->data))
8669                         goto fail_unlock_rcu;
8670         }
8671         rcu_read_unlock();
8672 
8673         if (res->beacon_interval &&
8674             nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
8675                 goto nla_put_failure;
8676         if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
8677             nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
8678             nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
8679             nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
8680                         jiffies_to_msecs(jiffies - intbss->ts)))
8681                 goto nla_put_failure;
8682 
8683         if (intbss->parent_tsf &&
8684             (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
8685                                intbss->parent_tsf, NL80211_BSS_PAD) ||
8686              nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
8687                      intbss->parent_bssid)))
8688                 goto nla_put_failure;
8689 
8690         if (intbss->ts_boottime &&
8691             nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
8692                               intbss->ts_boottime, NL80211_BSS_PAD))
8693                 goto nla_put_failure;
8694 
8695         if (!nl80211_put_signal(msg, intbss->pub.chains,
8696                                 intbss->pub.chain_signal,
8697                                 NL80211_BSS_CHAIN_SIGNAL))
8698                 goto nla_put_failure;
8699 
8700         switch (rdev->wiphy.signal_type) {
8701         case CFG80211_SIGNAL_TYPE_MBM:
8702                 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
8703                         goto nla_put_failure;
8704                 break;
8705         case CFG80211_SIGNAL_TYPE_UNSPEC:
8706                 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
8707                         goto nla_put_failure;
8708                 break;
8709         default:
8710                 break;
8711         }
8712 
8713         switch (wdev->iftype) {
8714         case NL80211_IFTYPE_P2P_CLIENT:
8715         case NL80211_IFTYPE_STATION:
8716                 if (intbss == wdev->current_bss &&
8717                     nla_put_u32(msg, NL80211_BSS_STATUS,
8718                                 NL80211_BSS_STATUS_ASSOCIATED))
8719                         goto nla_put_failure;
8720                 break;
8721         case NL80211_IFTYPE_ADHOC:
8722                 if (intbss == wdev->current_bss &&
8723                     nla_put_u32(msg, NL80211_BSS_STATUS,
8724                                 NL80211_BSS_STATUS_IBSS_JOINED))
8725                         goto nla_put_failure;
8726                 break;
8727         default:
8728                 break;
8729         }
8730 
8731         nla_nest_end(msg, bss);
8732 
8733         genlmsg_end(msg, hdr);
8734         return 0;
8735 
8736  fail_unlock_rcu:
8737         rcu_read_unlock();
8738  nla_put_failure:
8739         genlmsg_cancel(msg, hdr);
8740         return -EMSGSIZE;
8741 }
8742 
8743 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
8744 {
8745         struct cfg80211_registered_device *rdev;
8746         struct cfg80211_internal_bss *scan;
8747         struct wireless_dev *wdev;
8748         int start = cb->args[2], idx = 0;
8749         int err;
8750 
8751         rtnl_lock();
8752         err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8753         if (err) {
8754                 rtnl_unlock();
8755                 return err;
8756         }
8757 
8758         wdev_lock(wdev);
8759         spin_lock_bh(&rdev->bss_lock);
8760 
8761         /*
8762          * dump_scan will be called multiple times to break up the scan results
8763          * into multiple messages.  It is unlikely that any more bss-es will be
8764          * expired after the first call, so only call only call this on the
8765          * first dump_scan invocation.
8766          */
8767         if (start == 0)
8768                 cfg80211_bss_expire(rdev);
8769 
8770         cb->seq = rdev->bss_generation;
8771 
8772         list_for_each_entry(scan, &rdev->bss_list, list) {
8773                 if (++idx <= start)
8774                         continue;
8775                 if (nl80211_send_bss(skb, cb,
8776                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8777                                 rdev, wdev, scan) < 0) {
8778                         idx--;
8779                         break;
8780                 }
8781         }
8782 
8783         spin_unlock_bh(&rdev->bss_lock);
8784         wdev_unlock(wdev);
8785 
8786         cb->args[2] = idx;
8787         rtnl_unlock();
8788 
8789         return skb->len;
8790 }
8791 
8792 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
8793                                int flags, struct net_device *dev,
8794                                bool allow_radio_stats,
8795                                struct survey_info *survey)
8796 {
8797         void *hdr;
8798         struct nlattr *infoattr;
8799 
8800         /* skip radio stats if userspace didn't request them */
8801         if (!survey->channel && !allow_radio_stats)
8802                 return 0;
8803 
8804         hdr = nl80211hdr_put(msg, portid, seq, flags,
8805                              NL80211_CMD_NEW_SURVEY_RESULTS);
8806         if (!hdr)
8807                 return -ENOMEM;
8808 
8809         if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
8810                 goto nla_put_failure;
8811 
8812         infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
8813         if (!infoattr)
8814                 goto nla_put_failure;
8815 
8816         if (survey->channel &&
8817             nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
8818                         survey->channel->center_freq))
8819                 goto nla_put_failure;
8820 
8821         if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
8822             nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
8823                 goto nla_put_failure;
8824         if ((survey->filled & SURVEY_INFO_IN_USE) &&
8825             nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
8826                 goto nla_put_failure;
8827         if ((survey->filled & SURVEY_INFO_TIME) &&
8828             nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
8829                         survey->time, NL80211_SURVEY_INFO_PAD))
8830                 goto nla_put_failure;
8831         if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
8832             nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
8833                               survey->time_busy, NL80211_SURVEY_INFO_PAD))
8834                 goto nla_put_failure;
8835         if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
8836             nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
8837                               survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
8838                 goto nla_put_failure;
8839         if ((survey->filled & SURVEY_INFO_TIME_RX) &&
8840             nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
8841                               survey->time_rx, NL80211_SURVEY_INFO_PAD))
8842                 goto nla_put_failure;
8843         if ((survey->filled & SURVEY_INFO_TIME_TX) &&
8844             nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
8845                               survey->time_tx, NL80211_SURVEY_INFO_PAD))
8846                 goto nla_put_failure;
8847         if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
8848             nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
8849                               survey->time_scan, NL80211_SURVEY_INFO_PAD))
8850                 goto nla_put_failure;
8851         if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
8852             nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
8853                               survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
8854                 goto nla_put_failure;
8855 
8856         nla_nest_end(msg, infoattr);
8857 
8858         genlmsg_end(msg, hdr);
8859         return 0;
8860 
8861  nla_put_failure:
8862         genlmsg_cancel(msg, hdr);
8863         return -EMSGSIZE;
8864 }
8865 
8866 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
8867 {
8868         struct nlattr **attrbuf;
8869         struct survey_info survey;
8870         struct cfg80211_registered_device *rdev;
8871         struct wireless_dev *wdev;
8872         int survey_idx = cb->args[2];
8873         int res;
8874         bool radio_stats;
8875 
8876         attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
8877         if (!attrbuf)
8878                 return -ENOMEM;
8879 
8880         rtnl_lock();
8881         res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8882         if (res)
8883                 goto out_err;
8884 
8885         /* prepare_wdev_dump parsed the attributes */
8886         radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
8887 
8888         if (!wdev->netdev) {
8889                 res = -EINVAL;
8890                 goto out_err;
8891         }
8892 
8893         if (!rdev->ops->dump_survey) {
8894                 res = -EOPNOTSUPP;
8895                 goto out_err;
8896         }
8897 
8898         while (1) {
8899                 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
8900                 if (res == -ENOENT)
8901                         break;
8902                 if (res)
8903                         goto out_err;
8904 
8905                 /* don't send disabled channels, but do send non-channel data */
8906                 if (survey.channel &&
8907                     survey.channel->flags & IEEE80211_CHAN_DISABLED) {
8908                         survey_idx++;
8909                         continue;
8910                 }
8911 
8912                 if (nl80211_send_survey(skb,
8913                                 NETLINK_CB(cb->skb).portid,
8914                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8915                                 wdev->netdev, radio_stats, &survey) < 0)
8916                         goto out;
8917                 survey_idx++;
8918         }
8919 
8920  out:
8921         cb->args[2] = survey_idx;
8922         res = skb->len;
8923  out_err:
8924         kfree(attrbuf);
8925         rtnl_unlock();
8926         return res;
8927 }
8928 
8929 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
8930 {
8931         return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
8932                                   NL80211_WPA_VERSION_2 |
8933                                   NL80211_WPA_VERSION_3));
8934 }
8935 
8936 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
8937 {
8938         struct cfg80211_registered_device *rdev = info->user_ptr[0];
8939         struct net_device *dev = info->user_ptr[1];
8940         struct ieee80211_channel *chan;
8941         const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
8942         int err, ssid_len, ie_len = 0, auth_data_len = 0;
8943         enum nl80211_auth_type auth_type;
8944         struct key_parse key;
8945         bool local_state_change;
8946 
8947         if (!info->attrs[NL80211_ATTR_MAC])
8948                 return -EINVAL;
8949 
8950         if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
8951                 return -EINVAL;
8952 
8953         if (!info->attrs[NL80211_ATTR_SSID])
8954                 return -EINVAL;
8955 
8956         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8957                 return -EINVAL;
8958 
8959         err = nl80211_parse_key(info, &key);
8960         if (err)
8961                 return err;
8962 
8963         if (key.idx >= 0) {
8964                 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8965                         return -EINVAL;
8966                 if (!key.p.key || !key.p.key_len)
8967                         return -EINVAL;
8968                 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8969                      key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8970                     (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8971                      key.p.key_len != WLAN_KEY_LEN_WEP104))
8972                         return -EINVAL;
8973                 if (key.idx > 3)
8974                         return -EINVAL;
8975         } else {
8976                 key.p.key_len = 0;
8977                 key.p.key = NULL;
8978         }
8979 
8980         if (key.idx >= 0) {
8981                 int i;
8982                 bool ok = false;
8983 
8984                 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8985                         if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8986                                 ok = true;
8987                                 break;
8988                         }
8989                 }
8990                 if (!ok)
8991                         return -EINVAL;
8992         }
8993 
8994         if (!rdev->ops->auth)
8995                 return -EOPNOTSUPP;
8996 
8997         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8998             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8999                 return -EOPNOTSUPP;
9000 
9001         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9002         chan = nl80211_get_valid_chan(&rdev->wiphy,
9003                                       info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9004         if (!chan)
9005                 return -EINVAL;
9006 
9007         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9008         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9009 
9010         if (info->attrs[NL80211_ATTR_IE]) {
9011                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9012                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9013         }
9014 
9015         auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9016         if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
9017                 return -EINVAL;
9018 
9019         if ((auth_type == NL80211_AUTHTYPE_SAE ||
9020              auth_type == NL80211_AUTHTYPE_FILS_SK ||
9021              auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
9022              auth_type == NL80211_AUTHTYPE_FILS_PK) &&
9023             !info->attrs[NL80211_ATTR_AUTH_DATA])
9024                 return -EINVAL;
9025 
9026         if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
9027                 if (auth_type != NL80211_AUTHTYPE_SAE &&
9028                     auth_type != NL80211_AUTHTYPE_FILS_SK &&
9029                     auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
9030                     auth_type != NL80211_AUTHTYPE_FILS_PK)
9031                         return -EINVAL;
9032                 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
9033                 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
9034                 /* need to include at least Auth Transaction and Status Code */
9035                 if (auth_data_len < 4)
9036                         return -EINVAL;
9037         }
9038 
9039         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9040 
9041         /*
9042          * Since we no longer track auth state, ignore
9043          * requests to only change local state.
9044          */
9045         if (local_state_change)
9046                 return 0;
9047 
9048         wdev_lock(dev->ieee80211_ptr);
9049         err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
9050                                  ssid, ssid_len, ie, ie_len,
9051                                  key.p.key, key.p.key_len, key.idx,
9052                                  auth_data, auth_data_len);
9053         wdev_unlock(dev->ieee80211_ptr);
9054         return err;
9055 }
9056 
9057 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
9058                                      struct genl_info *info)
9059 {
9060         if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9061                 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
9062                 return -EINVAL;
9063         }
9064 
9065         if (!rdev->ops->tx_control_port ||
9066             !wiphy_ext_feature_isset(&rdev->wiphy,
9067                                      NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
9068                 return -EOPNOTSUPP;
9069 
9070         return 0;
9071 }
9072 
9073 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
9074                                    struct genl_info *info,
9075                                    struct cfg80211_crypto_settings *settings,
9076                                    int cipher_limit)
9077 {
9078         memset(settings, 0, sizeof(*settings));
9079 
9080         settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
9081 
9082         if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
9083                 u16 proto;
9084 
9085                 proto = nla_get_u16(
9086                         info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
9087                 settings->control_port_ethertype = cpu_to_be16(proto);
9088                 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
9089                     proto != ETH_P_PAE)
9090                         return -EINVAL;
9091                 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
9092                         settings->control_port_no_encrypt = true;
9093         } else
9094                 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
9095 
9096         if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9097                 int r = validate_pae_over_nl80211(rdev, info);
9098 
9099                 if (r < 0)
9100                         return r;
9101 
9102                 settings->control_port_over_nl80211 = true;
9103         }
9104 
9105         if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
9106                 void *data;
9107                 int len, i;
9108 
9109                 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9110                 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9111                 settings->n_ciphers_pairwise = len / sizeof(u32);
9112 
9113                 if (len % sizeof(u32))
9114                         return -EINVAL;
9115 
9116                 if (settings->n_ciphers_pairwise > cipher_limit)
9117                         return -EINVAL;
9118 
9119                 memcpy(settings->ciphers_pairwise, data, len);
9120 
9121                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
9122                         if (!cfg80211_supported_cipher_suite(
9123                                         &rdev->wiphy,
9124                                         settings->ciphers_pairwise[i]))
9125                                 return -EINVAL;
9126         }
9127 
9128         if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
9129                 settings->cipher_group =
9130                         nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
9131                 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
9132                                                      settings->cipher_group))
9133                         return -EINVAL;
9134         }
9135 
9136         if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
9137                 settings->wpa_versions =
9138                         nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
9139                 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
9140                         return -EINVAL;
9141         }
9142 
9143         if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
9144                 void *data;
9145                 int len;
9146 
9147                 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
9148                 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
9149                 settings->n_akm_suites = len / sizeof(u32);
9150 
9151                 if (len % sizeof(u32))
9152                         return -EINVAL;
9153 
9154                 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
9155                         return -EINVAL;
9156 
9157                 memcpy(settings->akm_suites, data, len);
9158         }
9159 
9160         if (info->attrs[NL80211_ATTR_PMK]) {
9161                 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
9162                         return -EINVAL;
9163                 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9164                                              NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
9165                         return -EINVAL;
9166                 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9167         }
9168 
9169         if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
9170                 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9171                                              NL80211_EXT_FEATURE_SAE_OFFLOAD))
9172                         return -EINVAL;
9173                 settings->sae_pwd =
9174                         nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9175                 settings->sae_pwd_len =
9176                         nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9177         }
9178 
9179         return 0;
9180 }
9181 
9182 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
9183 {
9184         struct cfg80211_registered_device *rdev = info->user_ptr[0];
9185         struct net_device *dev = info->user_ptr[1];
9186         struct ieee80211_channel *chan;
9187         struct cfg80211_assoc_request req = {};
9188         const u8 *bssid, *ssid;
9189         int err, ssid_len = 0;
9190 
9191         if (dev->ieee80211_ptr->conn_owner_nlportid &&
9192             dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9193                 return -EPERM;
9194 
9195         if (!info->attrs[NL80211_ATTR_MAC] ||
9196             !info->attrs[NL80211_ATTR_SSID] ||
9197             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9198                 return -EINVAL;
9199 
9200         if (!rdev->ops->assoc)
9201                 return -EOPNOTSUPP;
9202 
9203         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9204             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9205                 return -EOPNOTSUPP;
9206 
9207         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9208 
9209         chan = nl80211_get_valid_chan(&rdev->wiphy,
9210                                       info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9211         if (!chan)
9212                 return -EINVAL;
9213 
9214         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9215         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9216 
9217         if (info->attrs[NL80211_ATTR_IE]) {
9218                 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9219                 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9220         }
9221 
9222         if (info->attrs[NL80211_ATTR_USE_MFP]) {
9223                 enum nl80211_mfp mfp =
9224                         nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9225                 if (mfp == NL80211_MFP_REQUIRED)
9226                         req.use_mfp = true;
9227                 else if (mfp != NL80211_MFP_NO)
9228                         return -EINVAL;
9229         }
9230 
9231         if (info->attrs[NL80211_ATTR_PREV_BSSID])
9232                 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9233 
9234         if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9235                 req.flags |= ASSOC_REQ_DISABLE_HT;
9236 
9237         if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9238                 memcpy(&req.ht_capa_mask,
9239                        nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9240                        sizeof(req.ht_capa_mask));
9241 
9242         if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9243                 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9244                         return -EINVAL;
9245                 memcpy(&req.ht_capa,
9246                        nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9247                        sizeof(req.ht_capa));
9248         }
9249 
9250         if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9251                 req.flags |= ASSOC_REQ_DISABLE_VHT;
9252 
9253         if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9254                 memcpy(&req.vht_capa_mask,
9255                        nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9256                        sizeof(req.vht_capa_mask));
9257 
9258         if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9259                 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9260                         return -EINVAL;
9261                 memcpy(&req.vht_capa,
9262                        nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9263                        sizeof(req.vht_capa));
9264         }
9265 
9266         if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9267                 if (!((rdev->wiphy.features &
9268                         NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9269                        (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9270                     !wiphy_ext_feature_isset(&rdev->wiphy,
9271                                              NL80211_EXT_FEATURE_RRM))
9272                         return -EINVAL;
9273                 req.flags |= ASSOC_REQ_USE_RRM;
9274         }
9275 
9276         if (info->attrs[NL80211_ATTR_FILS_KEK]) {
9277                 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
9278                 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
9279                 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
9280                         return -EINVAL;
9281                 req.fils_nonces =
9282                         nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
9283         }
9284 
9285         err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
9286         if (!err) {
9287                 wdev_lock(dev->ieee80211_ptr);
9288 
9289                 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
9290                                           ssid, ssid_len, &req);
9291 
9292                 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9293                         dev->ieee80211_ptr->conn_owner_nlportid =
9294                                 info->snd_portid;
9295                         memcpy(dev->ieee80211_ptr->disconnect_bssid,
9296                                bssid, ETH_ALEN);
9297                 }
9298 
9299                 wdev_unlock(dev->ieee80211_ptr);
9300         }
9301 
9302         return err;
9303 }
9304 
9305 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
9306 {
9307         struct cfg80211_registered_device *rdev = info->user_ptr[0];
9308         struct net_device *dev = info->user_ptr[1];
9309         const u8 *ie = NULL, *bssid;
9310         int ie_len = 0, err;
9311         u16 reason_code;
9312         bool local_state_change;
9313 
9314         if (dev->ieee80211_ptr->conn_owner_nlportid &&
9315             dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9316                 return -EPERM;
9317 
9318         if (!info->attrs[NL80211_ATTR_MAC])
9319                 return -EINVAL;
9320 
9321         if (!info->attrs[NL80211_ATTR_REASON_CODE])
9322                 return -EINVAL;
9323 
9324         if (!rdev->ops->deauth)
9325                 return -EOPNOTSUPP;
9326 
9327         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9328             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9329                 return -EOPNOTSUPP;
9330 
9331         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9332 
9333         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9334         if (reason_code == 0) {
9335                 /* Reason Code 0 is reserved */
9336                 return -EINVAL;
9337         }
9338 
9339         if (info->attrs[NL80211_ATTR_IE]) {
9340                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9341                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9342         }
9343 
9344         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9345 
9346         wdev_lock(dev->ieee80211_ptr);
9347         err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
9348                                    local_state_change);
9349         wdev_unlock(dev->ieee80211_ptr);
9350         return err;
9351 }
9352 
9353 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
9354 {
9355         struct cfg80211_registered_device *rdev = info->user_ptr[0];
9356         struct net_device *dev = info->user_ptr[1];
9357         const u8 *ie = NULL, *bssid;
9358         int ie_len = 0, err;
9359         u16 reason_code;
9360         bool local_state_change;
9361 
9362         if (dev->ieee80211_ptr->conn_owner_nlportid &&
9363             dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9364                 return -EPERM;
9365 
9366         if (!info->attrs[NL80211_ATTR_MAC])
9367                 return -EINVAL;
9368 
9369         if (!info->attrs[NL80211_ATTR_REASON_CODE])
9370                 return -EINVAL;
9371 
9372         if (!rdev->ops->disassoc)
9373                 return -EOPNOTSUPP;
9374 
9375         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9376             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9377                 return -EOPNOTSUPP;
9378 
9379         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9380 
9381         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9382         if (reason_code == 0) {
9383                 /* Reason Code 0 is reserved */
9384                 return -EINVAL;
9385         }
9386 
9387         if (info->attrs[NL80211_ATTR_IE]) {
9388                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9389                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9390         }
9391 
9392         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9393 
9394         wdev_lock(dev->ieee80211_ptr);
9395         err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
9396                                      local_state_change);
9397         wdev_unlock(dev->ieee80211_ptr);
9398         return err;
9399 }
9400 
9401 static bool
9402 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
9403                          int mcast_rate[NUM_NL80211_BANDS],
9404                          int rateval)
9405 {
9406         struct wiphy *wiphy = &rdev->wiphy;
9407         bool found = false;
9408         int band, i;
9409 
9410         for (band = 0; band < NUM_NL80211_BANDS; band++) {
9411                 struct ieee80211_supported_band *sband;
9412 
9413                 sband = wiphy->bands[band];
9414                 if (!sband)
9415                         continue;
9416 
9417                 for (i = 0; i < sband->n_bitrates; i++) {
9418                         if (sband->bitrates[i].bitrate == rateval) {
9419                                 mcast_rate[band] = i + 1;
9420                                 found = true;
9421                                 break;
9422                         }
9423                 }
9424         }
9425 
9426         return found;
9427 }
9428 
9429 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
9430 {
9431         struct cfg80211_registered_device *rdev = info->user_ptr[0];
9432         struct net_device *dev = info->user_ptr[1];
9433         struct cfg80211_ibss_params ibss;
9434         struct wiphy *wiphy;
9435         struct cfg80211_cached_keys *connkeys = NULL;
9436         int err;
9437 
9438         memset(&ibss, 0, sizeof(ibss));
9439 
9440         if (!info->attrs[NL80211_ATTR_SSID] ||
9441             !nla_len(info->attrs[NL80211_ATTR_SSID]))
9442                 return -EINVAL;
9443 
9444         ibss.beacon_interval = 100;
9445 
9446         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
9447                 ibss.beacon_interval =
9448                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9449 
9450         err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
9451                                            ibss.beacon_interval);
9452         if (err)
9453                 return err;
9454 
9455         if (!rdev->ops->join_ibss)
9456                 return -EOPNOTSUPP;
9457 
9458         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9459                 return -EOPNOTSUPP;
9460 
9461         wiphy = &rdev->wiphy;
9462 
9463         if (info->attrs[NL80211_ATTR_MAC]) {
9464                 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9465 
9466                 if (!is_valid_ether_addr(ibss.bssid))
9467                         return -EINVAL;
9468         }
9469         ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9470         ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9471 
9472         if (info->attrs[NL80211_ATTR_IE]) {
9473                 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9474                 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9475         }
9476 
9477         err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
9478         if (err)
9479                 return err;
9480 
9481         if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
9482                                      NL80211_IFTYPE_ADHOC))
9483                 return -EINVAL;
9484 
9485         switch (ibss.chandef.width) {
9486         case NL80211_CHAN_WIDTH_5:
9487         case NL80211_CHAN_WIDTH_10:
9488         case NL80211_CHAN_WIDTH_20_NOHT:
9489                 break;
9490         case NL80211_CHAN_WIDTH_20:
9491         case NL80211_CHAN_WIDTH_40:
9492                 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9493                         return -EINVAL;
9494                 break;
9495         case NL80211_CHAN_WIDTH_80:
9496         case NL80211_CHAN_WIDTH_80P80:
9497         case NL80211_CHAN_WIDTH_160:
9498                 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9499                         return -EINVAL;
9500                 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9501                                              NL80211_EXT_FEATURE_VHT_IBSS))
9502                         return -EINVAL;
9503                 break;
9504         default:
9505                 return -EINVAL;
9506         }
9507 
9508         ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
9509         ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
9510 
9511         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9512                 u8 *rates =
9513                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9514                 int n_rates =
9515                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9516                 struct ieee80211_supported_band *sband =
9517                         wiphy->bands[ibss.chandef.chan->band];
9518 
9519                 err = ieee80211_get_ratemask(sband, rates, n_rates,
9520                                              &ibss.basic_rates);
9521                 if (err)
9522                         return err;
9523         }
9524 
9525         if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9526                 memcpy(&ibss.ht_capa_mask,
9527                        nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9528                        sizeof(ibss.ht_capa_mask));
9529 
9530         if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9531                 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9532                         return -EINVAL;
9533                 memcpy(&ibss.ht_capa,
9534                        nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9535                        sizeof(ibss.ht_capa));
9536         }
9537 
9538         if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9539             !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
9540                         nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9541                 return -EINVAL;
9542 
9543         if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9544                 bool no_ht = false;
9545 
9546                 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
9547                 if (IS_ERR(connkeys))
9548                         return PTR_ERR(connkeys);
9549 
9550                 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
9551                     no_ht) {
9552                         kzfree(connkeys);
9553                         return -EINVAL;
9554                 }
9555         }
9556 
9557         ibss.control_port =
9558                 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
9559 
9560         if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9561                 int r = validate_pae_over_nl80211(rdev, info);
9562 
9563                 if (r < 0) {
9564                         kzfree(connkeys);
9565                         return r;
9566                 }
9567 
9568                 ibss.control_port_over_nl80211 = true;
9569         }
9570 
9571         ibss.userspace_handles_dfs =
9572                 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
9573 
9574         wdev_lock(dev->ieee80211_ptr);
9575         err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
9576         if (err)
9577                 kzfree(connkeys);
9578         else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9579                 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9580         wdev_unlock(dev->ieee80211_ptr);
9581 
9582         return err;
9583 }
9584 
9585 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
9586 {
9587         struct cfg80211_registered_device *rdev = info->user_ptr[0];
9588         struct net_device *dev = info->user_ptr[1];
9589 
9590         if (!rdev->ops->leave_ibss)
9591                 return -EOPNOTSUPP;
9592 
9593         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9594                 return -EOPNOTSUPP;
9595 
9596         return cfg80211_leave_ibss(rdev, dev, false);
9597 }
9598 
9599 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
9600 {
9601         struct cfg80211_registered_device *rdev = info->user_ptr[0];
9602         struct net_device *dev = info->user_ptr[1];
9603         int mcast_rate[NUM_NL80211_BANDS];
9604         u32 nla_rate;
9605         int err;
9606 
9607         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
9608             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
9609             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
9610                 return -EOPNOTSUPP;
9611 
9612         if (!rdev->ops->set_mcast_rate)
9613                 return -EOPNOTSUPP;
9614 
9615         memset(mcast_rate, 0, sizeof(mcast_rate));
9616 
9617         if (!info->attrs[NL80211_ATTR_MCAST_RATE])
9618                 return -EINVAL;
9619 
9620         nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
9621         if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
9622                 return -EINVAL;
9623 
9624         err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
9625 
9626         return err;
9627 }
9628 
9629 static struct sk_buff *
9630 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
9631                             struct wireless_dev *wdev, int approxlen,
9632                             u32 portid, u32 seq, enum nl80211_commands cmd,
9633                             enum nl80211_attrs attr,
9634                             const struct nl80211_vendor_cmd_info *info,
9635                             gfp_t gfp)
9636 {
9637         struct sk_buff *skb;
9638         void *hdr;
9639         struct nlattr *data;
9640 
9641         skb = nlmsg_new(approxlen + 100, gfp);
9642         if (!skb)
9643                 return NULL;
9644 
9645         hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
9646         if (!hdr) {
9647                 kfree_skb(skb);
9648                 return NULL;
9649         }
9650 
9651         if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
9652                 goto nla_put_failure;
9653 
9654         if (info) {
9655                 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
9656                                 info->vendor_id))
9657                         goto nla_put_failure;
9658                 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
9659                                 info->subcmd))
9660                         goto nla_put_failure;
9661         }
9662 
9663         if (wdev) {
9664                 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
9665                                       wdev_id(wdev), NL80211_ATTR_PAD))
9666                         goto nla_put_failure;
9667                 if (wdev->netdev &&
9668                     nla_put_u32(skb, NL80211_ATTR_IFINDEX,
9669                                 wdev->netdev->ifindex))
9670                         goto nla_put_failure;
9671         }
9672 
9673         data = nla_nest_start_noflag(skb, attr);
9674         if (!data)
9675                 goto nla_put_failure;
9676 
9677         ((void **)skb->cb)[0] = rdev;
9678         ((void **)skb->cb)[1] = hdr;
9679         ((void **)skb->cb)[2] = data;
9680 
9681         return skb;
9682 
9683  nla_put_failure:
9684         kfree_skb(skb);
9685         return NULL;
9686 }
9687 
9688 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
9689                                            struct wireless_dev *wdev,
9690                                            enum nl80211_commands cmd,
9691                                            enum nl80211_attrs attr,
9692                                            unsigned int portid,
9693                                            int vendor_event_idx,
9694                                            int approxlen, gfp_t gfp)
9695 {
9696         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9697         const struct nl80211_vendor_cmd_info *info;
9698 
9699         switch (cmd) {
9700         case NL80211_CMD_TESTMODE:
9701                 if (WARN_ON(vendor_event_idx != -1))
9702                         return NULL;
9703                 info = NULL;
9704                 break;
9705         case NL80211_CMD_VENDOR:
9706                 if (WARN_ON(vendor_event_idx < 0 ||
9707                             vendor_event_idx >= wiphy->n_vendor_events))
9708                         return NULL;
9709                 info = &wiphy->vendor_events[vendor_event_idx];
9710                 break;
9711         default:
9712                 WARN_ON(1);
9713                 return NULL;
9714         }
9715 
9716         return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
9717                                            cmd, attr, info, gfp);
9718 }
9719 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
9720 
9721 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
9722 {
9723         struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9724         void *hdr = ((void **)skb->cb)[1];
9725         struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
9726         struct nlattr *data = ((void **)skb->cb)[2];
9727         enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
9728 
9729         /* clear CB data for netlink core to own from now on */
9730         memset(skb->cb, 0, sizeof(skb->cb));
9731 
9732         nla_nest_end(skb, data);
9733         genlmsg_end(skb, hdr);
9734 
9735         if (nlhdr->nlmsg_pid) {
9736                 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
9737                                 nlhdr->nlmsg_pid);
9738         } else {
9739                 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
9740                         mcgrp = NL80211_MCGRP_VENDOR;
9741 
9742                 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
9743                                         skb, 0, mcgrp, gfp);
9744         }
9745 }
9746 EXPORT_SYMBOL(__cfg80211_send_event_skb);
9747 
9748 #ifdef CONFIG_NL80211_TESTMODE
9749 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
9750 {
9751         struct cfg80211_registered_device *rdev = info->user_ptr[0];
9752         struct wireless_dev *wdev =
9753                 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9754         int err;
9755 
9756         if (!rdev->ops->testmode_cmd)
9757                 return -EOPNOTSUPP;
9758 
9759         if (IS_ERR(wdev)) {
9760                 err = PTR_ERR(wdev);
9761                 if (err != -EINVAL)
9762                         return err;
9763                 wdev = NULL;
9764         } else if (wdev->wiphy != &rdev->wiphy) {
9765                 return -EINVAL;
9766         }
9767 
9768         if (!info->attrs[NL80211_ATTR_TESTDATA])
9769                 return -EINVAL;
9770 
9771         rdev->cur_cmd_info = info;
9772         err = rdev_testmode_cmd(rdev, wdev,
9773                                 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
9774                                 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
9775         rdev->cur_cmd_info = NULL;
9776 
9777         return err;
9778 }
9779 
9780 static int nl80211_testmode_dump(struct sk_buff *skb,
9781                                  struct netlink_callback *cb)
9782 {
9783         struct cfg80211_registered_device *rdev;
9784         struct nlattr **attrbuf = NULL;
9785         int err;
9786         long phy_idx;
9787         void *data = NULL;
9788         int data_len = 0;
9789 
9790         rtnl_lock();
9791 
9792         if (cb->args[0]) {
9793                 /*
9794                  * 0 is a valid index, but not valid for args[0],
9795                  * so we need to offset by 1.
9796                  */
9797                 phy_idx = cb->args[0] - 1;
9798 
9799                 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
9800                 if (!rdev) {
9801                         err = -ENOENT;
9802                         goto out_err;
9803                 }
9804         } else {
9805                 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
9806                                   GFP_KERNEL);
9807                 if (!attrbuf) {
9808                         err = -ENOMEM;
9809                         goto out_err;
9810                 }
9811 
9812                 err = nlmsg_parse_deprecated(cb->nlh,
9813                                              GENL_HDRLEN + nl80211_fam.hdrsize,
9814                                              attrbuf, nl80211_fam.maxattr,
9815                                              nl80211_policy, NULL);
9816                 if (err)
9817                         goto out_err;
9818 
9819                 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
9820                 if (IS_ERR(rdev)) {
9821                         err = PTR_ERR(rdev);
9822                         goto out_err;
9823                 }
9824                 phy_idx = rdev->wiphy_idx;
9825 
9826                 if (attrbuf[NL80211_ATTR_TESTDATA])
9827                         cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
9828         }
9829 
9830         if (cb->args[1]) {
9831                 data = nla_data((void *)cb->args[1]);
9832                 data_len = nla_len((void *)cb->args[1]);
9833         }
9834 
9835         if (!rdev->ops->testmode_dump) {
9836                 err = -EOPNOTSUPP;
9837                 goto out_err;
9838         }
9839 
9840         while (1) {
9841                 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
9842                                            cb->nlh->nlmsg_seq, NLM_F_MULTI,
9843                                            NL80211_CMD_TESTMODE);
9844                 struct nlattr *tmdata;
9845 
9846                 if (!hdr)
9847                         break;
9848 
9849                 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
9850                         genlmsg_cancel(skb, hdr);
9851                         break;
9852                 }
9853 
9854                 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
9855                 if (!tmdata) {
9856                         genlmsg_cancel(skb, hdr);
9857                         break;
9858                 }
9859                 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
9860                 nla_nest_end(skb, tmdata);
9861 
9862                 if (err == -ENOBUFS || err == -ENOENT) {
9863                         genlmsg_cancel(skb, hdr);
9864                         break;
9865                 } else if (err) {
9866                         genlmsg_cancel(skb, hdr);
9867                         goto out_err;
9868                 }
9869 
9870                 genlmsg_end(skb, hdr);
9871         }
9872 
9873         err = skb->len;
9874         /* see above */
9875         cb->args[0] = phy_idx + 1;
9876  out_err:
9877         kfree(attrbuf);
9878         rtnl_unlock();
9879         return err;
9880 }
9881 #endif
9882 
9883 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
9884 {
9885         struct cfg80211_registered_device *rdev = info->user_ptr[0];
9886         struct net_device *dev = info->user_ptr[1];
9887         struct cfg80211_connect_params connect;
9888         struct wiphy *wiphy;
9889         struct cfg80211_cached_keys *connkeys = NULL;
9890         int err;
9891 
9892         memset(&connect, 0, sizeof(connect));
9893 
9894         if (!info->attrs[NL80211_ATTR_SSID] ||
9895             !nla_len(info->attrs[NL80211_ATTR_SSID]))
9896                 return -EINVAL;
9897 
9898         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
9899                 connect.auth_type =
9900                         nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9901                 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
9902                                              NL80211_CMD_CONNECT))
9903                         return -EINVAL;
9904         } else
9905                 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
9906 
9907         connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
9908 
9909         if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
9910             !wiphy_ext_feature_isset(&rdev->wiphy,
9911                                      NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
9912                 return -EINVAL;
9913         connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
9914 
9915         err = nl80211_crypto_settings(rdev, info, &connect.crypto,
9916                                       NL80211_MAX_NR_CIPHER_SUITES);
9917         if (err)
9918                 return err;
9919 
9920         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9921             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9922                 return -EOPNOTSUPP;
9923 
9924         wiphy = &rdev->wiphy;
9925 
9926         connect.bg_scan_period = -1;
9927         if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
9928                 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
9929                 connect.bg_scan_period =
9930                         nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
9931         }
9932 
9933         if (info->attrs[NL80211_ATTR_MAC])
9934                 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9935         else if (info->attrs[NL80211_ATTR_MAC_HINT])
9936                 connect.bssid_hint =
9937                         nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
9938         connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9939         connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9940 
9941         if (info->attrs[NL80211_ATTR_IE]) {
9942                 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9943                 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9944         }
9945 
9946         if (info->attrs[NL80211_ATTR_USE_MFP]) {
9947                 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9948                 if (connect.mfp == NL80211_MFP_OPTIONAL &&
9949                     !wiphy_ext_feature_isset(&rdev->wiphy,
9950                                              NL80211_EXT_FEATURE_MFP_OPTIONAL))
9951                         return -EOPNOTSUPP;
9952         } else {
9953                 connect.mfp = NL80211_MFP_NO;
9954         }
9955 
9956         if (info->attrs[NL80211_ATTR_PREV_BSSID])
9957                 connect.prev_bssid =
9958                         nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9959 
9960         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9961                 connect.channel = nl80211_get_valid_chan(
9962                         wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9963                 if (!connect.channel)
9964                         return -EINVAL;
9965         } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
9966                 connect.channel_hint = nl80211_get_valid_chan(
9967                         wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
9968                 if (!connect.channel_hint)
9969                         return -EINVAL;
9970         }
9971 
9972         if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
9973                 connect.edmg.channels =
9974                       nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
9975 
9976                 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
9977                         connect.edmg.bw_config =
9978                                 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
9979         }
9980 
9981         if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9982                 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
9983                 if (IS_ERR(connkeys))
9984                         return PTR_ERR(connkeys);
9985         }
9986 
9987         if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9988                 connect.flags |= ASSOC_REQ_DISABLE_HT;
9989 
9990         if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9991                 memcpy(&connect.ht_capa_mask,
9992                        nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9993                        sizeof(connect.ht_capa_mask));
9994 
9995         if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9996                 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
9997                         kzfree(connkeys);
9998                         return -EINVAL;
9999                 }
10000                 memcpy(&connect.ht_capa,
10001                        nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10002                        sizeof(connect.ht_capa));
10003         }
10004 
10005         if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10006                 connect.flags |= ASSOC_REQ_DISABLE_VHT;
10007 
10008         if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10009                 memcpy(&connect.vht_capa_mask,
10010                        nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10011                        sizeof(connect.vht_capa_mask));
10012 
10013         if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10014                 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
10015                         kzfree(connkeys);
10016                         return -EINVAL;
10017                 }
10018                 memcpy(&connect.vht_capa,
10019                        nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10020                        sizeof(connect.vht_capa));
10021         }
10022 
10023         if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10024                 if (!((rdev->wiphy.features &
10025                         NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10026                        (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10027                     !wiphy_ext_feature_isset(&rdev->wiphy,
10028                                              NL80211_EXT_FEATURE_RRM)) {
10029                         kzfree(connkeys);
10030                         return -EINVAL;
10031                 }
10032                 connect.flags |= ASSOC_REQ_USE_RRM;
10033         }
10034 
10035         connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
10036         if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
10037                 kzfree(connkeys);
10038                 return -EOPNOTSUPP;
10039         }
10040 
10041         if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
10042                 /* bss selection makes no sense if bssid is set */
10043                 if (connect.bssid) {
10044                         kzfree(connkeys);
10045                         return -EINVAL;
10046                 }
10047 
10048                 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
10049                                        wiphy, &connect.bss_select);
10050                 if (err) {
10051                         kzfree(connkeys);
10052                         return err;
10053                 }
10054         }
10055 
10056         if (wiphy_ext_feature_isset(&rdev->wiphy,
10057                                     NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
10058             info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10059             info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10060             info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10061             info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10062                 connect.fils_erp_username =
10063                         nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10064                 connect.fils_erp_username_len =
10065                         nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10066                 connect.fils_erp_realm =
10067                         nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10068                 connect.fils_erp_realm_len =
10069                         nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10070                 connect.fils_erp_next_seq_num =
10071                         nla_get_u16(
10072                            info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10073                 connect.fils_erp_rrk =
10074                         nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10075                 connect.fils_erp_rrk_len =
10076                         nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10077         } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10078                    info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10079                    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10080                    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10081                 kzfree(connkeys);
10082                 return -EINVAL;
10083         }
10084 
10085         if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
10086                 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10087                         kzfree(connkeys);
10088                         GENL_SET_ERR_MSG(info,
10089                                          "external auth requires connection ownership");
10090                         return -EINVAL;
10091                 }
10092                 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
10093         }
10094 
10095         wdev_lock(dev->ieee80211_ptr);
10096 
10097         err = cfg80211_connect(rdev, dev, &connect, connkeys,
10098                                connect.prev_bssid);
10099         if (err)
10100                 kzfree(connkeys);
10101 
10102         if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10103                 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10104                 if (connect.bssid)
10105                         memcpy(dev->ieee80211_ptr->disconnect_bssid,
10106                                connect.bssid, ETH_ALEN);
10107                 else
10108                         memset(dev->ieee80211_ptr->disconnect_bssid,
10109                                0, ETH_ALEN);
10110         }
10111 
10112         wdev_unlock(dev->ieee80211_ptr);
10113 
10114         return err;
10115 }
10116 
10117 static int nl80211_update_connect_params(struct sk_buff *skb,
10118                                          struct genl_info *info)
10119 {
10120         struct cfg80211_connect_params connect = {};
10121         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10122         struct net_device *dev = info->user_ptr[1];
10123         struct wireless_dev *wdev = dev->ieee80211_ptr;
10124         bool fils_sk_offload;
10125         u32 auth_type;
10126         u32 changed = 0;
10127         int ret;
10128 
10129         if (!rdev->ops->update_connect_params)
10130                 return -EOPNOTSUPP;
10131 
10132         if (info->attrs[NL80211_ATTR_IE]) {
10133                 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10134                 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10135                 changed |= UPDATE_ASSOC_IES;
10136         }
10137 
10138         fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
10139                                                   NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
10140 
10141         /*
10142          * when driver supports fils-sk offload all attributes must be
10143          * provided. So the else covers "fils-sk-not-all" and
10144          * "no-fils-sk-any".
10145          */
10146         if (fils_sk_offload &&
10147             info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10148             info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10149             info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10150             info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10151                 connect.fils_erp_username =
10152                         nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10153                 connect.fils_erp_username_len =
10154                         nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10155                 connect.fils_erp_realm =
10156                         nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10157                 connect.fils_erp_realm_len =
10158                         nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10159                 connect.fils_erp_next_seq_num =
10160                         nla_get_u16(
10161                            info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10162                 connect.fils_erp_rrk =
10163                         nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10164                 connect.fils_erp_rrk_len =
10165                         nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10166                 changed |= UPDATE_FILS_ERP_INFO;
10167         } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10168                    info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10169                    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10170                    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10171                 return -EINVAL;
10172         }
10173 
10174         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10175                 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10176                 if (!nl80211_valid_auth_type(rdev, auth_type,
10177                                              NL80211_CMD_CONNECT))
10178                         return -EINVAL;
10179 
10180                 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
10181                     fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
10182                         return -EINVAL;
10183 
10184                 connect.auth_type = auth_type;
10185                 changed |= UPDATE_AUTH_TYPE;
10186         }
10187 
10188         wdev_lock(dev->ieee80211_ptr);
10189         if (!wdev->current_bss)
10190                 ret = -ENOLINK;
10191         else
10192                 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
10193         wdev_unlock(dev->ieee80211_ptr);
10194 
10195         return ret;
10196 }
10197 
10198 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
10199 {
10200         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10201         struct net_device *dev = info->user_ptr[1];
10202         u16 reason;
10203         int ret;
10204 
10205         if (dev->ieee80211_ptr->conn_owner_nlportid &&
10206             dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10207                 return -EPERM;
10208 
10209         if (!info->attrs[NL80211_ATTR_REASON_CODE])
10210                 reason = WLAN_REASON_DEAUTH_LEAVING;
10211         else
10212                 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10213 
10214         if (reason == 0)
10215                 return -EINVAL;
10216 
10217         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10218             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10219                 return -EOPNOTSUPP;
10220 
10221         wdev_lock(dev->ieee80211_ptr);
10222         ret = cfg80211_disconnect(rdev, dev, reason, true);
10223         wdev_unlock(dev->ieee80211_ptr);
10224         return ret;
10225 }
10226 
10227 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
10228 {
10229         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10230         struct net *net;
10231         int err;
10232 
10233         if (info->attrs[NL80211_ATTR_PID]) {
10234                 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
10235 
10236                 net = get_net_ns_by_pid(pid);
10237         } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
10238                 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
10239 
10240                 net = get_net_ns_by_fd(fd);
10241         } else {
10242                 return -EINVAL;
10243         }
10244 
10245         if (IS_ERR(net))
10246                 return PTR_ERR(net);
10247 
10248         err = 0;
10249 
10250         /* check if anything to do */
10251         if (!net_eq(wiphy_net(&rdev->wiphy), net))
10252                 err = cfg80211_switch_netns(rdev, net);
10253 
10254         put_net(net);
10255         return err;
10256 }
10257 
10258 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
10259 {
10260         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10261         int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
10262                         struct cfg80211_pmksa *pmksa) = NULL;
10263         struct net_device *dev = info->user_ptr[1];
10264         struct cfg80211_pmksa pmksa;
10265 
10266         memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
10267 
10268         if (!info->attrs[NL80211_ATTR_PMKID])
10269                 return -EINVAL;
10270 
10271         pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
10272 
10273         if (info->attrs[NL80211_ATTR_MAC]) {
10274                 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10275         } else if (info->attrs[NL80211_ATTR_SSID] &&
10276                    info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
10277                    (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
10278                     info->attrs[NL80211_ATTR_PMK])) {
10279                 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10280                 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10281                 pmksa.cache_id =
10282                         nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
10283         } else {
10284                 return -EINVAL;
10285         }
10286         if (info->attrs[NL80211_ATTR_PMK]) {
10287                 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
10288                 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
10289         }
10290 
10291         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10292             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
10293             !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
10294               wiphy_ext_feature_isset(&rdev->wiphy,
10295                                       NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
10296                 return -EOPNOTSUPP;
10297 
10298         switch (info->genlhdr->cmd) {
10299         case NL80211_CMD_SET_PMKSA:
10300                 rdev_ops = rdev->ops->set_pmksa;
10301                 break;
10302         case NL80211_CMD_DEL_PMKSA:
10303                 rdev_ops = rdev->ops->del_pmksa;
10304                 break;
10305         default:
10306                 WARN_ON(1);
10307                 break;
10308         }
10309 
10310         if (!rdev_ops)
10311                 return -EOPNOTSUPP;
10312 
10313         return rdev_ops(&rdev->wiphy, dev, &pmksa);
10314 }
10315 
10316 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
10317 {
10318         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10319         struct net_device *dev = info->user_ptr[1];
10320 
10321         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10322             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10323                 return -EOPNOTSUPP;
10324 
10325         if (!rdev->ops->flush_pmksa)
10326                 return -EOPNOTSUPP;
10327 
10328         return rdev_flush_pmksa(rdev, dev);
10329 }
10330 
10331 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
10332 {
10333         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10334         struct net_device *dev = info->user_ptr[1];
10335         u8 action_code, dialog_token;
10336         u32 peer_capability = 0;
10337         u16 status_code;
10338         u8 *peer;
10339         bool initiator;
10340 
10341         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10342             !rdev->ops->tdls_mgmt)
10343                 return -EOPNOTSUPP;
10344 
10345         if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
10346             !info->attrs[NL80211_ATTR_STATUS_CODE] ||
10347             !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
10348             !info->attrs[NL80211_ATTR_IE] ||
10349             !info->attrs[NL80211_ATTR_MAC])
10350                 return -EINVAL;
10351 
10352         peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10353         action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
10354         status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
10355         dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
10356         initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
10357         if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
10358                 peer_capability =
10359                         nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
10360 
10361         return rdev_tdls_mgmt(rdev, dev, peer, action_code,
10362                               dialog_token, status_code, peer_capability,
10363                               initiator,
10364                               nla_data(info->attrs[NL80211_ATTR_IE]),
10365                               nla_len(info->attrs[NL80211_ATTR_IE]));
10366 }
10367 
10368 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
10369 {
10370         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10371         struct net_device *dev = info->user_ptr[1];
10372         enum nl80211_tdls_operation operation;
10373         u8 *peer;
10374 
10375         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10376             !rdev->ops->tdls_oper)
10377                 return -EOPNOTSUPP;
10378 
10379         if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
10380             !info->attrs[NL80211_ATTR_MAC])
10381                 return -EINVAL;
10382 
10383         operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
10384         peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10385 
10386         return rdev_tdls_oper(rdev, dev, peer, operation);
10387 }
10388 
10389 static int nl80211_remain_on_channel(struct sk_buff *skb,
10390                                      struct genl_info *info)
10391 {
10392         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10393         struct wireless_dev *wdev = info->user_ptr[1];
10394         struct cfg80211_chan_def chandef;
10395         const struct cfg80211_chan_def *compat_chandef;
10396         struct sk_buff *msg;
10397         void *hdr;
10398         u64 cookie;
10399         u32 duration;
10400         int err;
10401 
10402         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10403             !info->attrs[NL80211_ATTR_DURATION])
10404                 return -EINVAL;
10405 
10406         duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10407 
10408         if (!rdev->ops->remain_on_channel ||
10409             !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
10410                 return -EOPNOTSUPP;
10411 
10412         /*
10413          * We should be on that channel for at least a minimum amount of
10414          * time (10ms) but no longer than the driver supports.
10415          */
10416         if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10417             duration > rdev->wiphy.max_remain_on_channel_duration)
10418                 return -EINVAL;
10419 
10420         err = nl80211_parse_chandef(rdev, info, &chandef);
10421         if (err)
10422                 return err;
10423 
10424         wdev_lock(wdev);
10425         if (!cfg80211_off_channel_oper_allowed(wdev) &&
10426             !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
10427                 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
10428                                                              &chandef);
10429                 if (compat_chandef != &chandef) {
10430                         wdev_unlock(wdev);
10431                         return -EBUSY;
10432                 }
10433         }
10434         wdev_unlock(wdev);
10435 
10436         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10437         if (!msg)
10438                 return -ENOMEM;
10439 
10440         hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10441                              NL80211_CMD_REMAIN_ON_CHANNEL);
10442         if (!hdr) {
10443                 err = -ENOBUFS;
10444                 goto free_msg;
10445         }
10446 
10447         err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
10448                                      duration, &cookie);
10449 
10450         if (err)
10451                 goto free_msg;
10452 
10453         if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10454                               NL80211_ATTR_PAD))
10455                 goto nla_put_failure;
10456 
10457         genlmsg_end(msg, hdr);
10458 
10459         return genlmsg_reply(msg, info);
10460 
10461  nla_put_failure:
10462         err = -ENOBUFS;
10463  free_msg:
10464         nlmsg_free(msg);
10465         return err;
10466 }
10467 
10468 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
10469                                             struct genl_info *info)
10470 {
10471         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10472         struct wireless_dev *wdev = info->user_ptr[1];
10473         u64 cookie;
10474 
10475         if (!info->attrs[NL80211_ATTR_COOKIE])
10476                 return -EINVAL;
10477 
10478         if (!rdev->ops->cancel_remain_on_channel)
10479                 return -EOPNOTSUPP;
10480 
10481         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10482 
10483         return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
10484 }
10485 
10486 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
10487                                        struct genl_info *info)
10488 {
10489         struct cfg80211_bitrate_mask mask;
10490         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10491         struct net_device *dev = info->user_ptr[1];
10492         int err;
10493 
10494         if (!rdev->ops->set_bitrate_mask)
10495                 return -EOPNOTSUPP;
10496 
10497         err = nl80211_parse_tx_bitrate_mask(info, &mask);
10498         if (err)
10499                 return err;
10500 
10501         return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
10502 }
10503 
10504 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
10505 {
10506         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10507         struct wireless_dev *wdev = info->user_ptr[1];
10508         u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
10509 
10510         if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
10511                 return -EINVAL;
10512 
10513         if (info->attrs[NL80211_ATTR_FRAME_TYPE])
10514                 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
10515 
10516         switch (wdev->iftype) {
10517         case NL80211_IFTYPE_STATION:
10518         case NL80211_IFTYPE_ADHOC:
10519         case NL80211_IFTYPE_P2P_CLIENT:
10520         case NL80211_IFTYPE_AP:
10521         case NL80211_IFTYPE_AP_VLAN:
10522         case NL80211_IFTYPE_MESH_POINT:
10523         case NL80211_IFTYPE_P2P_GO:
10524         case NL80211_IFTYPE_P2P_DEVICE:
10525                 break;
10526         case NL80211_IFTYPE_NAN:
10527         default:
10528                 return -EOPNOTSUPP;
10529         }
10530 
10531         /* not much point in registering if we can't reply */
10532         if (!rdev->ops->mgmt_tx)
10533                 return -EOPNOTSUPP;
10534 
10535         return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
10536                         nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10537                         nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
10538 }
10539 
10540 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
10541 {
10542         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10543         struct wireless_dev *wdev = info->user_ptr[1];
10544         struct cfg80211_chan_def chandef;
10545         int err;
10546         void *hdr = NULL;
10547         u64 cookie;
10548         struct sk_buff *msg = NULL;
10549         struct cfg80211_mgmt_tx_params params = {
10550                 .dont_wait_for_ack =
10551                         info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
10552         };
10553 
10554         if (!info->attrs[NL80211_ATTR_FRAME])
10555                 return -EINVAL;
10556 
10557         if (!rdev->ops->mgmt_tx)
10558                 return -EOPNOTSUPP;
10559 
10560         switch (wdev->iftype) {
10561         case NL80211_IFTYPE_P2P_DEVICE:
10562                 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10563                         return -EINVAL;
10564         case NL80211_IFTYPE_STATION:
10565         case NL80211_IFTYPE_ADHOC:
10566         case NL80211_IFTYPE_P2P_CLIENT:
10567         case NL80211_IFTYPE_AP:
10568         case NL80211_IFTYPE_AP_VLAN:
10569         case NL80211_IFTYPE_MESH_POINT:
10570         case NL80211_IFTYPE_P2P_GO:
10571                 break;
10572         case NL80211_IFTYPE_NAN:
10573         default:
10574                 return -EOPNOTSUPP;
10575         }
10576 
10577         if (info->attrs[NL80211_ATTR_DURATION]) {
10578                 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10579                         return -EINVAL;
10580                 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10581 
10582                 /*
10583                  * We should wait on the channel for at least a minimum amount
10584                  * of time (10ms) but no longer than the driver supports.
10585                  */
10586                 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10587                     params.wait > rdev->wiphy.max_remain_on_channel_duration)
10588                         return -EINVAL;
10589         }
10590 
10591         params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
10592 
10593         if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10594                 return -EINVAL;
10595 
10596         params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
10597 
10598         /* get the channel if any has been specified, otherwise pass NULL to
10599          * the driver. The latter will use the current one
10600          */
10601         chandef.chan = NULL;
10602         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10603                 err = nl80211_parse_chandef(rdev, info, &chandef);
10604                 if (err)
10605                         return err;
10606         }
10607 
10608         if (!chandef.chan && params.offchan)
10609                 return -EINVAL;
10610 
10611         wdev_lock(wdev);
10612         if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
10613                 wdev_unlock(wdev);
10614                 return -EBUSY;
10615         }
10616         wdev_unlock(wdev);
10617 
10618         params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
10619         params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
10620 
10621         if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
10622                 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10623                 int i;
10624 
10625                 if (len % sizeof(u16))
10626                         return -EINVAL;
10627 
10628                 params.n_csa_offsets = len / sizeof(u16);
10629                 params.csa_offsets =
10630                         nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10631 
10632                 /* check that all the offsets fit the frame */
10633                 for (i = 0; i < params.n_csa_offsets; i++) {
10634                         if (params.csa_offsets[i] >= params.len)
10635                                 return -EINVAL;
10636                 }
10637         }
10638 
10639         if (!params.dont_wait_for_ack) {
10640                 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10641                 if (!msg)
10642                         return -ENOMEM;
10643 
10644                 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10645                                      NL80211_CMD_FRAME);
10646                 if (!hdr) {
10647                         err = -ENOBUFS;
10648                         goto free_msg;
10649                 }
10650         }
10651 
10652         params.chan = chandef.chan;
10653         err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
10654         if (err)
10655                 goto free_msg;
10656 
10657         if (msg) {
10658                 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10659                                       NL80211_ATTR_PAD))
10660                         goto nla_put_failure;
10661 
10662                 genlmsg_end(msg, hdr);
10663                 return genlmsg_reply(msg, info);
10664         }
10665 
10666         return 0;
10667 
10668  nla_put_failure:
10669         err = -ENOBUFS;
10670  free_msg:
10671         nlmsg_free(msg);
10672         return err;
10673 }
10674 
10675 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
10676 {
10677         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10678         struct wireless_dev *wdev = info->user_ptr[1];
10679         u64 cookie;
10680 
10681         if (!info->attrs[NL80211_ATTR_COOKIE])
10682                 return -EINVAL;
10683 
10684         if (!rdev->ops->mgmt_tx_cancel_wait)
10685                 return -EOPNOTSUPP;
10686 
10687         switch (wdev->iftype) {
10688         case NL80211_IFTYPE_STATION:
10689         case NL80211_IFTYPE_ADHOC:
10690         case NL80211_IFTYPE_P2P_CLIENT:
10691         case NL80211_IFTYPE_AP:
10692         case NL80211_IFTYPE_AP_VLAN:
10693         case NL80211_IFTYPE_P2P_GO:
10694         case NL80211_IFTYPE_P2P_DEVICE:
10695                 break;
10696         case NL80211_IFTYPE_NAN:
10697         default:
10698                 return -EOPNOTSUPP;
10699         }
10700 
10701         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10702 
10703         return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
10704 }
10705 
10706 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
10707 {
10708         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10709         struct wireless_dev *wdev;
10710         struct net_device *dev = info->user_ptr[1];
10711         u8 ps_state;
10712         bool state;
10713         int err;
10714 
10715         if (!info->attrs[NL80211_ATTR_PS_STATE])
10716                 return -EINVAL;
10717 
10718         ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
10719 
10720         wdev = dev->ieee80211_ptr;
10721 
10722         if (!rdev->ops->set_power_mgmt)
10723                 return -EOPNOTSUPP;
10724 
10725         state = (ps_state == NL80211_PS_ENABLED) ? true : false;
10726 
10727         if (state == wdev->ps)
10728                 return 0;
10729 
10730         err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
10731         if (!err)
10732                 wdev->ps = state;
10733         return err;
10734 }
10735 
10736 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
10737 {
10738         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10739         enum nl80211_ps_state ps_state;
10740         struct wireless_dev *wdev;
10741         struct net_device *dev = info->user_ptr[1];
10742         struct sk_buff *msg;
10743         void *hdr;
10744         int err;
10745 
10746         wdev = dev->ieee80211_ptr;
10747 
10748         if (!rdev->ops->set_power_mgmt)
10749                 return -EOPNOTSUPP;
10750 
10751         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10752         if (!msg)
10753                 return -ENOMEM;
10754 
10755         hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10756                              NL80211_CMD_GET_POWER_SAVE);
10757         if (!hdr) {
10758                 err = -ENOBUFS;
10759                 goto free_msg;
10760         }
10761 
10762         if (wdev->ps)
10763                 ps_state = NL80211_PS_ENABLED;
10764         else
10765                 ps_state = NL80211_PS_DISABLED;
10766 
10767         if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
10768                 goto nla_put_failure;
10769 
10770         genlmsg_end(msg, hdr);
10771         return genlmsg_reply(msg, info);
10772 
10773  nla_put_failure:
10774         err = -ENOBUFS;
10775  free_msg:
10776         nlmsg_free(msg);
10777         return err;
10778 }
10779 
10780 static const struct nla_policy
10781 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
10782         [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
10783         [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
10784         [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
10785         [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
10786         [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
10787         [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
10788         [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
10789 };
10790 
10791 static int nl80211_set_cqm_txe(struct genl_info *info,
10792                                u32 rate, u32 pkts, u32 intvl)
10793 {
10794         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10795         struct net_device *dev = info->user_ptr[1];
10796         struct wireless_dev *wdev = dev->ieee80211_ptr;
10797 
10798         if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
10799                 return -EINVAL;
10800 
10801         if (!rdev->ops->set_cqm_txe_config)
10802                 return -EOPNOTSUPP;
10803 
10804         if (wdev->iftype != NL80211_IFTYPE_STATION &&
10805             wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10806                 return -EOPNOTSUPP;
10807 
10808         return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
10809 }
10810 
10811 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
10812                                     struct net_device *dev)
10813 {
10814         struct wireless_dev *wdev = dev->ieee80211_ptr;
10815         s32 last, low, high;
10816         u32 hyst;
10817         int i, n, low_index;
10818         int err;
10819 
10820         /* RSSI reporting disabled? */
10821         if (!wdev->cqm_config)
10822                 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
10823 
10824         /*
10825          * Obtain current RSSI value if possible, if not and no RSSI threshold
10826          * event has been received yet, we should receive an event after a
10827          * connection is established and enough beacons received to calculate
10828          * the average.
10829          */
10830         if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
10831             rdev->ops->get_station) {
10832                 struct station_info sinfo = {};
10833                 u8 *mac_addr;
10834 
10835                 mac_addr = wdev->current_bss->pub.bssid;
10836 
10837                 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
10838                 if (err)
10839                         return err;
10840 
10841                 cfg80211_sinfo_release_content(&sinfo);
10842                 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
10843                         wdev->cqm_config->last_rssi_event_value =
10844                                 (s8) sinfo.rx_beacon_signal_avg;
10845         }
10846 
10847         last = wdev->cqm_config->last_rssi_event_value;
10848         hyst = wdev->cqm_config->rssi_hyst;
10849         n = wdev->cqm_config->n_rssi_thresholds;
10850 
10851         for (i = 0; i < n; i++) {
10852                 i = array_index_nospec(i, n);
10853                 if (last < wdev->cqm_config->rssi_thresholds[i])
10854                         break;
10855         }
10856 
10857         low_index = i - 1;
10858         if (low_index >= 0) {
10859                 low_index = array_index_nospec(low_index, n);
10860                 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
10861         } else {
10862                 low = S32_MIN;
10863         }
10864         if (i < n) {
10865                 i = array_index_nospec(i, n);
10866                 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
10867         } else {
10868                 high = S32_MAX;
10869         }
10870 
10871         return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
10872 }
10873 
10874 static int nl80211_set_cqm_rssi(struct genl_info *info,
10875                                 const s32 *thresholds, int n_thresholds,
10876                                 u32 hysteresis)
10877 {
10878         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10879         struct net_device *dev = info->user_ptr[1];
10880         struct wireless_dev *wdev = dev->ieee80211_ptr;
10881         int i, err;
10882         s32 prev = S32_MIN;
10883 
10884         /* Check all values negative and sorted */
10885         for (i = 0; i < n_thresholds; i++) {
10886                 if (thresholds[i] > 0 || thresholds[i] <= prev)
10887                         return -EINVAL;
10888 
10889                 prev = thresholds[i];
10890         }
10891 
10892         if (wdev->iftype != NL80211_IFTYPE_STATION &&
10893             wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10894                 return -EOPNOTSUPP;
10895 
10896         wdev_lock(wdev);
10897         cfg80211_cqm_config_free(wdev);
10898         wdev_unlock(wdev);
10899 
10900         if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
10901                 if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
10902                         return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
10903 
10904                 return rdev_set_cqm_rssi_config(rdev, dev,
10905                                                 thresholds[0], hysteresis);
10906         }
10907 
10908         if (!wiphy_ext_feature_isset(&rdev->wiphy,
10909                                      NL80211_EXT_FEATURE_CQM_RSSI_LIST))
10910                 return -EOPNOTSUPP;
10911 
10912         if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
10913                 n_thresholds = 0;
10914 
10915         wdev_lock(wdev);
10916         if (n_thresholds) {
10917                 struct cfg80211_cqm_config *cqm_config;
10918 
10919                 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
10920                                      n_thresholds * sizeof(s32), GFP_KERNEL);
10921                 if (!cqm_config) {
10922                         err = -ENOMEM;
10923                         goto unlock;
10924                 }
10925 
10926                 cqm_config->rssi_hyst = hysteresis;
10927                 cqm_config->n_rssi_thresholds = n_thresholds;
10928                 memcpy(cqm_config->rssi_thresholds, thresholds,
10929                        n_thresholds * sizeof(s32));
10930 
10931                 wdev->cqm_config = cqm_config;
10932         }
10933 
10934         err = cfg80211_cqm_rssi_update(rdev, dev);
10935 
10936 unlock:
10937         wdev_unlock(wdev);
10938 
10939         return err;
10940 }
10941 
10942 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
10943 {
10944         struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
10945         struct nlattr *cqm;
10946         int err;
10947 
10948         cqm = info->attrs[NL80211_ATTR_CQM];
10949         if (!cqm)
10950                 return -EINVAL;
10951 
10952         err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
10953                                           nl80211_attr_cqm_policy,
10954                                           info->extack);
10955         if (err)
10956                 return err;
10957 
10958         if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
10959             attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
10960                 const s32 *thresholds =
10961                         nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10962                 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10963                 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
10964 
10965                 if (len % 4)
10966                         return -EINVAL;
10967 
10968                 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
10969                                             hysteresis);
10970         }
10971 
10972         if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
10973             attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
10974             attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
10975                 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
10976                 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
10977                 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
10978 
10979                 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
10980         }
10981 
10982         return -EINVAL;
10983 }
10984 
10985 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
10986 {
10987         struct cfg80211_registered_device *rdev = info->user_ptr[0];
10988         struct net_device *dev = info->user_ptr[1];
10989         struct ocb_setup setup = {};
10990         int err;
10991 
10992         err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10993         if (err)
10994                 return err;
10995 
10996         return cfg80211_join_ocb(rdev, dev, &setup);
10997 }
10998 
10999 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
11000 {
11001         struct cfg80211_registered_device *rdev = info->user_ptr[0];
11002         struct net_device *dev = info->user_ptr[1];
11003 
11004         return cfg80211_leave_ocb(rdev, dev);
11005 }
11006 
11007 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
11008 {
11009         struct cfg80211_registered_device *rdev = info->user_ptr[0];
11010         struct net_device *dev = info->user_ptr[1];
11011         struct mesh_config cfg;
11012         struct mesh_setup setup;
11013         int err;
11014 
11015         /* start with default */
11016         memcpy(&cfg, &default_mesh_config, sizeof(cfg));
11017         memcpy(&setup, &default_mesh_setup, sizeof(setup));
11018 
11019         if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
11020                 /* and parse parameters if given */
11021                 err = nl80211_parse_mesh_config(info, &cfg, NULL);
11022                 if (err)
11023                         return err;
11024         }
11025 
11026         if (!info->attrs[NL80211_ATTR_MESH_ID] ||
11027             !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
11028                 return -EINVAL;
11029 
11030         setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
11031         setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
11032 
11033         if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11034             !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
11035                             nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11036                         return -EINVAL;
11037 
11038         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
11039                 setup.beacon_interval =
11040                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11041 
11042                 err = cfg80211_validate_beacon_int(rdev,
11043                                                    NL80211_IFTYPE_MESH_POINT,
11044                                                    setup.beacon_interval);
11045                 if (err)
11046                         return err;
11047         }
11048 
11049         if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
11050                 setup.dtim_period =
11051                         nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
11052                 if (setup.dtim_period < 1 || setup.dtim_period > 100)
11053                         return -EINVAL;
11054         }
11055 
11056         if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
11057                 /* parse additional setup parameters if given */
11058                 err = nl80211_parse_mesh_setup(info, &setup);
11059                 if (err)
11060                         return err;
11061         }
11062 
11063         if (setup.user_mpm)
11064                 cfg.auto_open_plinks = false;
11065 
11066         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11067                 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11068                 if (err)
11069                         return err;
11070         } else {
11071                 /* __cfg80211_join_mesh() will sort it out */
11072                 setup.chandef.chan = NULL;
11073         }
11074 
11075         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11076                 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11077                 int n_rates =
11078                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11079                 struct ieee80211_supported_band *sband;
11080 
11081                 if (!setup.chandef.chan)
11082                         return -EINVAL;
11083 
11084                 sband = rdev->wiphy.bands[setup.chandef.chan->band];
11085 
11086                 err = ieee80211_get_ratemask(sband, rates, n_rates,
11087                                              &setup.basic_rates);
11088                 if (err)
11089                         return err;
11090         }
11091 
11092         if (info->attrs[NL80211_ATTR_TX_RATES]) {
11093                 err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
11094                 if (err)
11095                         return err;
11096 
11097                 if (!setup.chandef.chan)
11098                         return -EINVAL;
11099 
11100                 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
11101                                               &setup.beacon_rate);
11102                 if (err)
11103                         return err;
11104         }
11105 
11106         setup.userspace_handles_dfs =
11107                 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11108 
11109         if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11110                 int r = validate_pae_over_nl80211(rdev, info);
11111 
11112                 if (r < 0)
11113                         return r;
11114 
11115                 setup.control_port_over_nl80211 = true;
11116         }
11117 
11118         wdev_lock(dev->ieee80211_ptr);
11119         err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
11120         if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
11121                 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11122         wdev_unlock(dev->ieee80211_ptr);
11123 
11124         return err;
11125 }
11126 
11127 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
11128 {
11129         struct cfg80211_registered_device *rdev = info->user_ptr[0];
11130         struct net_device *dev = info->user_ptr[1];
11131 
11132         return cfg80211_leave_mesh(rdev, dev);
11133 }
11134 
11135 #ifdef CONFIG_PM
11136 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
11137                                         struct cfg80211_registered_device *rdev)
11138 {
11139         struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
11140         struct nlattr *nl_pats, *nl_pat;
11141         int i, pat_len;
11142 
11143         if (!wowlan->n_patterns)
11144                 return 0;
11145 
11146         nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
11147         if (!nl_pats)
11148                 return -ENOBUFS;
11149 
11150         for (i = 0; i < wowlan->n_patterns; i++) {
11151                 nl_pat = nla_nest_start_noflag(msg, i + 1);
11152                 if (!nl_pat)
11153                         return -ENOBUFS;
11154                 pat_len = wowlan->patterns[i].pattern_len;
11155                 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
11156                             wowlan->patterns[i].mask) ||
11157                     nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11158                             wowlan->patterns[i].pattern) ||
11159                     nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11160                                 wowlan->patterns[i].pkt_offset))
11161                         return -ENOBUFS;
11162                 nla_nest_end(msg, nl_pat);
11163         }
11164         nla_nest_end(msg, nl_pats);
11165 
11166         return 0;
11167 }
11168 
11169 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
11170                                    struct cfg80211_wowlan_tcp *tcp)
11171 {
11172         struct nlattr *nl_tcp;
11173 
11174         if (!tcp)
11175                 return 0;
11176 
11177         nl_tcp = nla_nest_start_noflag(msg,
11178                                        NL80211_WOWLAN_TRIG_TCP_CONNECTION);
11179         if (!nl_tcp)
11180                 return -ENOBUFS;
11181 
11182         if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
11183             nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
11184             nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
11185             nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
11186             nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
11187             nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
11188                     tcp->payload_len, tcp->payload) ||
11189             nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
11190                         tcp->data_interval) ||
11191             nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
11192                     tcp->wake_len, tcp->wake_data) ||
11193             nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
11194                     DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
11195                 return -ENOBUFS;
11196 
11197         if (tcp->payload_seq.len &&
11198             nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
11199                     sizeof(tcp->payload_seq), &tcp->payload_seq))
11200                 return -ENOBUFS;
11201 
11202         if (tcp->payload_tok.len &&
11203             nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
11204                     sizeof(tcp->payload_tok) + tcp->tokens_size,
11205                     &tcp->payload_tok))
11206                 return -ENOBUFS;
11207 
11208         nla_nest_end(msg, nl_tcp);
11209 
11210         return 0;
11211 }
11212 
11213 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
11214                                   struct cfg80211_sched_scan_request *req)
11215 {
11216         struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
11217         int i;
11218 
11219         if (!req)
11220                 return 0;
11221 
11222         nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
11223         if (!nd)
11224                 return -ENOBUFS;
11225 
11226         if (req->n_scan_plans == 1 &&
11227             nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
11228                         req->scan_plans[0].interval * 1000))
11229                 return -ENOBUFS;
11230 
11231         if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
11232                 return -ENOBUFS;
11233 
11234         if (req->relative_rssi_set) {
11235                 struct nl80211_bss_select_rssi_adjust rssi_adjust;
11236 
11237                 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
11238                                req->relative_rssi))
11239                         return -ENOBUFS;
11240 
11241                 rssi_adjust.band = req->rssi_adjust.band;
11242                 rssi_adjust.delta = req->rssi_adjust.delta;
11243                 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
11244                             sizeof(rssi_adjust), &rssi_adjust))
11245                         return -ENOBUFS;
11246         }
11247 
11248         freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11249         if (!freqs)
11250                 return -ENOBUFS;
11251 
11252         for (i = 0; i < req->n_channels; i++) {
11253                 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11254                         return -ENOBUFS;
11255         }
11256 
11257         nla_nest_end(msg, freqs);
11258 
11259         if (req->n_match_sets) {
11260                 matches = nla_nest_start_noflag(msg,
11261                                                 NL80211_ATTR_SCHED_SCAN_MATCH);
11262                 if (!matches)
11263                         return -ENOBUFS;
11264 
11265                 for (i = 0; i < req->n_match_sets; i++) {
11266                         match = nla_nest_start_noflag(msg, i);
11267                         if (!match)
11268                                 return -ENOBUFS;
11269 
11270                         if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
11271                                     req->match_sets[i].ssid.ssid_len,
11272                                     req->match_sets[i].ssid.ssid))
11273                                 return -ENOBUFS;
11274                         nla_nest_end(msg, match);
11275                 }
11276                 nla_nest_end(msg, matches);
11277         }
11278 
11279         scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
11280         if (!scan_plans)
11281                 return -ENOBUFS;
11282 
11283         for (i = 0; i < req->n_scan_plans; i++) {
11284                 scan_plan = nla_nest_start_noflag(msg, i + 1);
11285                 if (!scan_plan)
11286                         return -ENOBUFS;
11287 
11288                 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
11289                                 req->scan_plans[i].interval) ||
11290                     (req->scan_plans[i].iterations &&
11291                      nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
11292                                  req->scan_plans[i].iterations)))
11293                         return -ENOBUFS;
11294                 nla_nest_end(msg, scan_plan);
11295         }
11296         nla_nest_end(msg, scan_plans);
11297 
11298         nla_nest_end(msg, nd);
11299 
11300         return 0;
11301 }
11302 
11303 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
11304 {
11305         struct cfg80211_registered_device *rdev = info->user_ptr[0];
11306         struct sk_buff *msg;
11307         void *hdr;
11308         u32 size = NLMSG_DEFAULT_SIZE;
11309 
11310         if (!rdev->wiphy.wowlan)
11311                 return -EOPNOTSUPP;
11312 
11313         if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
11314                 /* adjust size to have room for all the data */
11315                 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
11316                         rdev->wiphy.wowlan_config->tcp->payload_len +
11317                         rdev->wiphy.wowlan_config->tcp->wake_len +
11318                         rdev->wiphy.wowlan_config->tcp->wake_len / 8;
11319         }
11320 
11321         msg = nlmsg_new(size, GFP_KERNEL);
11322         if (!msg)
11323                 return -ENOMEM;
11324 
11325         hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11326                              NL80211_CMD_GET_WOWLAN);
11327         if (!hdr)
11328                 goto nla_put_failure;
11329 
11330         if (rdev->wiphy.wowlan_config) {
11331                 struct nlattr *nl_wowlan;
11332 
11333                 nl_wowlan = nla_nest_start_noflag(msg,
11334                                                   NL80211_ATTR_WOWLAN_TRIGGERS);
11335                 if (!nl_wowlan)
11336                         goto nla_put_failure;
11337 
11338                 if ((rdev->wiphy.wowlan_config->any &&
11339                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
11340                     (rdev->wiphy.wowlan_config->disconnect &&
11341                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
11342                     (rdev->wiphy.wowlan_config->magic_pkt &&
11343                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
11344                     (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
11345                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
11346                     (rdev->wiphy.wowlan_config->eap_identity_req &&
11347                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
11348                     (rdev->wiphy.wowlan_config->four_way_handshake &&
11349                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
11350                     (rdev->wiphy.wowlan_config->rfkill_release &&
11351                      nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
11352                         goto nla_put_failure;
11353 
11354                 if (nl80211_send_wowlan_patterns(msg, rdev))
11355                         goto nla_put_failure;
11356 
11357                 if (nl80211_send_wowlan_tcp(msg,
11358                                             rdev->wiphy.wowlan_config->tcp))
11359                         goto nla_put_failure;
11360 
11361                 if (nl80211_send_wowlan_nd(
11362                             msg,
11363                             rdev->wiphy.wowlan_config->nd_config))
11364                         goto nla_put_failure;
11365 
11366                 nla_nest_end(msg, nl_wowlan);
11367         }
11368 
11369         genlmsg_end(msg, hdr);
11370         return genlmsg_reply(msg, info);
11371 
11372 nla_put_failure:
11373         nlmsg_free(msg);
11374         return -ENOBUFS;
11375 }
11376 
11377 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
11378                                     struct nlattr *attr,
11379                                     struct cfg80211_wowlan *trig)
11380 {
11381         struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
11382         struct cfg80211_wowlan_tcp *cfg;
11383         struct nl80211_wowlan_tcp_data_token *tok = NULL;
11384         struct nl80211_wowlan_tcp_data_seq *seq = NULL;
11385         u32 size;
11386         u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
11387         int err, port;
11388 
11389         if (!rdev->wiphy.wowlan->tcp)
11390                 return -EINVAL;
11391 
11392         err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
11393                                           nl80211_wowlan_tcp_policy, NULL);
11394         if (err)
11395                 return err;
11396 
11397         if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
11398             !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
11399             !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
11400             !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
11401             !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
11402             !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
11403             !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
11404             !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
11405                 return -EINVAL;
11406 
11407         data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
11408         if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
11409                 return -EINVAL;
11410 
11411         if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
11412                         rdev->wiphy.wowlan->tcp->data_interval_max ||
11413             nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
11414                 return -EINVAL;
11415 
11416         wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
11417         if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
11418                 return -EINVAL;
11419 
11420         wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
11421         if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
11422                 return -EINVAL;
11423 
11424         if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
11425                 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11426 
11427                 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11428                 tokens_size = tokln - sizeof(*tok);
11429 
11430                 if (!tok->len || tokens_size % tok->len)
11431                         return -EINVAL;
11432                 if (!rdev->wiphy.wowlan->tcp->tok)
11433                         return -EINVAL;
11434                 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
11435                         return -EINVAL;
11436                 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
11437                         return -EINVAL;
11438                 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
11439                         return -EINVAL;
11440                 if (tok->offset + tok->len > data_size)
11441                         return -EINVAL;
11442         }
11443 
11444         if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
11445                 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
11446                 if (!rdev->wiphy.wowlan->tcp->seq)
11447                         return -EINVAL;
11448                 if (seq->len == 0 || seq->len > 4)
11449                         return -EINVAL;
11450                 if (seq->len + seq->offset > data_size)
11451                         return -EINVAL;
11452         }
11453 
11454         size = sizeof(*cfg);
11455         size += data_size;
11456         size += wake_size + wake_mask_size;
11457         size += tokens_size;
11458 
11459         cfg = kzalloc(size, GFP_KERNEL);
11460         if (!cfg)
11461                 return -ENOMEM;
11462         cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
11463         cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
11464         memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
11465                ETH_ALEN);
11466         if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
11467                 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
11468         else
11469                 port = 0;
11470 #ifdef CONFIG_INET
11471         /* allocate a socket and port for it and use it */
11472         err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
11473                             IPPROTO_TCP, &cfg->sock, 1);
11474         if (err) {
11475                 kfree(cfg);
11476                 return err;
11477         }
11478         if (inet_csk_get_port(cfg->sock->sk, port)) {
11479                 sock_release(cfg->sock);
11480                 kfree(cfg);
11481                 return -EADDRINUSE;
11482         }
11483         cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
11484 #else
11485         if (!port) {
11486                 kfree(cfg);
11487                 return -EINVAL;
11488         }
11489         cfg->src_port = port;
11490 #endif
11491 
11492         cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
11493         cfg->payload_len = data_size;
11494         cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
11495         memcpy((void *)cfg->payload,
11496                nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
11497                data_size);
11498         if (seq)
11499                 cfg->payload_seq = *seq;
11500         cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
11501         cfg->wake_len = wake_size;
11502         cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
11503         memcpy((void *)cfg->wake_data,
11504                nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
11505                wake_size);
11506         cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
11507                          data_size + wake_size;
11508         memcpy((void *)cfg->wake_mask,
11509                nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
11510                wake_mask_size);
11511         if (tok) {
11512                 cfg->tokens_size = tokens_size;
11513                 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
11514         }
11515 
11516         trig->tcp = cfg;
11517 
11518         return 0;
11519 }
11520 
11521 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
11522                                    const struct wiphy_wowlan_support *wowlan,
11523                                    struct nlattr *attr,
11524                                    struct cfg80211_wowlan *trig)
11525 {
11526         struct nlattr **tb;
11527         int err;
11528 
11529         tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
11530         if (!tb)
11531                 return -ENOMEM;
11532 
11533         if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
11534                 err = -EOPNOTSUPP;
11535                 goto out;
11536         }
11537 
11538         err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
11539                                           nl80211_policy, NULL);
11540         if (err)
11541                 goto out;
11542 
11543         trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
11544                                                    wowlan->max_nd_match_sets);
11545         err = PTR_ERR_OR_ZERO(trig->nd_config);
11546         if (err)
11547                 trig->nd_config = NULL;
11548 
11549 out:
11550         kfree(tb);
11551         return err;
11552 }
11553 
11554 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
11555 {
11556         struct cfg80211_registered_device *rdev = info->user_ptr[0];
11557         struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
11558         struct cfg80211_wowlan new_triggers = {};
11559         struct cfg80211_wowlan *ntrig;
11560         const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
11561         int err, i;
11562         bool prev_enabled = rdev->wiphy.wowlan_config;
11563         bool regular = false;
11564 
11565         if (!wowlan)
11566                 return -EOPNOTSUPP;
11567 
11568         if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
11569                 cfg80211_rdev_free_wowlan(rdev);
11570                 rdev->wiphy.wowlan_config = NULL;
11571                 goto set_wakeup;
11572         }
11573 
11574         err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
11575                                           info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
11576                                           nl80211_wowlan_policy, info->extack);
11577         if (err)
11578                 return err;
11579 
11580         if (tb[NL80211_WOWLAN_TRIG_ANY]) {
11581                 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
11582                         return -EINVAL;
11583                 new_triggers.any = true;
11584         }
11585 
11586         if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
11587                 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
11588                         return -EINVAL;
11589                 new_triggers.disconnect = true;
11590                 regular = true;
11591         }
11592 
11593         if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
11594                 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
11595                         return -EINVAL;
11596                 new_triggers.magic_pkt = true;
11597                 regular = true;
11598         }
11599 
11600         if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
11601                 return -EINVAL;
11602 
11603         if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
11604                 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
11605                         return -EINVAL;
11606                 new_triggers.gtk_rekey_failure = true;
11607                 regular = true;
11608         }
11609 
11610         if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
11611                 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
11612                         return -EINVAL;
11613                 new_triggers.eap_identity_req = true;
11614                 regular = true;
11615         }
11616 
11617         if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
11618                 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
11619                         return -EINVAL;
11620                 new_triggers.four_way_handshake = true;
11621                 regular = true;
11622         }
11623 
11624         if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
11625                 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
11626                         return -EINVAL;
11627                 new_triggers.rfkill_release = true;
11628                 regular = true;
11629         }
11630 
11631         if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
11632                 struct nlattr *pat;
11633                 int n_patterns = 0;
11634                 int rem, pat_len, mask_len, pkt_offset;
11635                 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11636 
11637                 regular = true;
11638 
11639                 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11640                                     rem)
11641                         n_patterns++;
11642                 if (n_patterns > wowlan->n_patterns)
11643                         return -EINVAL;
11644 
11645                 new_triggers.patterns = kcalloc(n_patterns,
11646                                                 sizeof(new_triggers.patterns[0]),
11647                                                 GFP_KERNEL);
11648                 if (!new_triggers.patterns)
11649                         return -ENOMEM;
11650 
11651                 new_triggers.n_patterns = n_patterns;
11652                 i = 0;
11653 
11654                 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11655                                     rem) {
11656                         u8 *mask_pat;
11657 
11658                         err = nla_parse_nested_deprecated(pat_tb,
11659                                                           MAX_NL80211_PKTPAT,
11660                                                           pat,
11661                                                           nl80211_packet_pattern_policy,
11662                                                           info->extack);
11663                         if (err)
11664                                 goto error;
11665 
11666                         err = -EINVAL;
11667                         if (!pat_tb[NL80211_PKTPAT_MASK] ||
11668                             !pat_tb[NL80211_PKTPAT_PATTERN])
11669                                 goto error;
11670                         pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11671                         mask_len = DIV_ROUND_UP(pat_len, 8);
11672                         if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11673                                 goto error;
11674                         if (pat_len > wowlan->pattern_max_len ||
11675                             pat_len < wowlan->pattern_min_len)
11676                                 goto error;
11677 
11678                         if (!pat_tb[NL80211_PKTPAT_OFFSET])
11679                                 pkt_offset = 0;
11680                         else
11681                                 pkt_offset = nla_get_u32(
11682                                         pat_tb[NL80211_PKTPAT_OFFSET]);
11683                         if (pkt_offset > wowlan->max_pkt_offset)
11684                                 goto error;
11685                         new_triggers.patterns[i].pkt_offset = pkt_offset;
11686 
11687                         mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11688                         if (!mask_pat) {
11689                                 err = -ENOMEM;
11690                                 goto error;
11691                         }
11692                         new_triggers.patterns[i].mask = mask_pat;
11693                         memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11694                                mask_len);
11695                         mask_pat += mask_len;
11696                         new_triggers.patterns[i].pattern = mask_pat;
11697                         new_triggers.patterns[i].pattern_len = pat_len;
11698                         memcpy(mask_pat,
11699                                nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11700                                pat_len);
11701                         i++;
11702                 }
11703         }
11704 
11705         if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
11706                 regular = true;
11707                 err = nl80211_parse_wowlan_tcp(
11708                         rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
11709                         &new_triggers);
11710                 if (err)
11711                         goto error;
11712         }
11713 
11714         if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
11715                 regular = true;
11716                 err = nl80211_parse_wowlan_nd(
11717                         rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
11718                         &new_triggers);
11719                 if (err)
11720                         goto error;
11721         }
11722 
11723         /* The 'any' trigger means the device continues operating more or less
11724          * as in its normal operation mode and wakes up the host on most of the
11725          * normal interrupts (like packet RX, ...)
11726          * It therefore makes little sense to combine with the more constrained
11727          * wakeup trigger modes.
11728          */
11729         if (new_triggers.any && regular) {
11730                 err = -EINVAL;
11731                 goto error;
11732         }
11733 
11734         ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
11735         if (!ntrig) {
11736                 err = -ENOMEM;
11737                 goto error;
11738         }
11739         cfg80211_rdev_free_wowlan(rdev);
11740         rdev->wiphy.wowlan_config = ntrig;
11741 
11742  set_wakeup:
11743         if (rdev->ops->set_wakeup &&
11744             prev_enabled != !!rdev->wiphy.wowlan_config)
11745                 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
11746 
11747         return 0;
11748  error:
11749         for (i = 0; i < new_triggers.n_patterns; i++)
11750                 kfree(new_triggers.patterns[i].mask);
11751         kfree(new_triggers.patterns);
11752         if (new_triggers.tcp && new_triggers.tcp->sock)
11753                 sock_release(new_triggers.tcp->sock);
11754         kfree(new_triggers.tcp);
11755         kfree(new_triggers.nd_config);
11756         return err;
11757 }
11758 #endif
11759 
11760 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
11761                                        struct cfg80211_registered_device *rdev)
11762 {
11763         struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
11764         int i, j, pat_len;
11765         struct cfg80211_coalesce_rules *rule;
11766 
11767         if (!rdev->coalesce->n_rules)
11768                 return 0;
11769 
11770         nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
11771         if (!nl_rules)
11772                 return -ENOBUFS;
11773 
11774         for (i = 0; i < rdev->coalesce->n_rules; i++) {
11775                 nl_rule = nla_nest_start_noflag(msg, i + 1);
11776                 if (!nl_rule)
11777                         return -ENOBUFS;
11778 
11779                 rule = &rdev->coalesce->rules[i];
11780                 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
11781                                 rule->delay))
11782                         return -ENOBUFS;
11783 
11784                 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
11785                                 rule->condition))
11786                         return -ENOBUFS;
11787 
11788                 nl_pats = nla_nest_start_noflag(msg,
11789                                                 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
11790                 if (!nl_pats)
11791                         return -ENOBUFS;
11792 
11793                 for (j = 0; j < rule->n_patterns; j++) {
11794                         nl_pat = nla_nest_start_noflag(msg, j + 1);
11795                         if (!nl_pat)
11796                                 return -ENOBUFS;
11797                         pat_len = rule->patterns[j].pattern_len;
11798                         if (nla_put(msg, NL80211_PKTPAT_MASK,
11799                                     DIV_ROUND_UP(pat_len, 8),
11800                                     rule->patterns[j].mask) ||
11801                             nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11802                                     rule->patterns[j].pattern) ||
11803                             nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11804                                         rule->patterns[j].pkt_offset))
11805                                 return -ENOBUFS;
11806                         nla_nest_end(msg, nl_pat);
11807                 }
11808                 nla_nest_end(msg, nl_pats);
11809                 nla_nest_end(msg, nl_rule);
11810         }
11811         nla_nest_end(msg, nl_rules);
11812 
11813         return 0;
11814 }
11815 
11816 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
11817 {
11818         struct cfg80211_registered_device *rdev = info->user_ptr[0];
11819         struct sk_buff *msg;
11820         void *hdr;
11821 
11822         if (!rdev->wiphy.coalesce)
11823                 return -EOPNOTSUPP;
11824 
11825         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11826         if (!msg)
11827                 return -ENOMEM;
11828 
11829         hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11830                              NL80211_CMD_GET_COALESCE);
11831         if (!hdr)
11832                 goto nla_put_failure;
11833 
11834         if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
11835                 goto nla_put_failure;
11836 
11837         genlmsg_end(msg, hdr);
11838         return genlmsg_reply(msg, info);
11839 
11840 nla_put_failure:
11841         nlmsg_free(msg);
11842         return -ENOBUFS;
11843 }
11844 
11845 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
11846 {
11847         struct cfg80211_coalesce *coalesce = rdev->coalesce;
11848         int i, j;
11849         struct cfg80211_coalesce_rules *rule;
11850 
11851         if (!coalesce)
11852                 return;
11853 
11854         for (i = 0; i < coalesce->n_rules; i++) {
11855                 rule = &coalesce->rules[i];
11856                 for (j = 0; j < rule->n_patterns; j++)
11857                         kfree(rule->patterns[j].mask);
11858                 kfree(rule->patterns);
11859         }
11860         kfree(coalesce->rules);
11861         kfree(coalesce);
11862         rdev->coalesce = NULL;
11863 }
11864 
11865 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
11866                                        struct nlattr *rule,
11867                                        struct cfg80211_coalesce_rules *new_rule)
11868 {
11869         int err, i;
11870         const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11871         struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
11872         int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
11873         struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11874 
11875         err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
11876                                           rule, nl80211_coalesce_policy, NULL);
11877         if (err)
11878                 return err;
11879 
11880         if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
11881                 new_rule->delay =
11882                         nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
11883         if (new_rule->delay > coalesce->max_delay)
11884                 return -EINVAL;
11885 
11886         if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
11887                 new_rule->condition =
11888                         nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
11889 
11890         if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
11891                 return -EINVAL;
11892 
11893         nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11894                             rem)
11895                 n_patterns++;
11896         if (n_patterns > coalesce->n_patterns)
11897                 return -EINVAL;
11898 
11899         new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
11900                                      GFP_KERNEL);
11901         if (!new_rule->patterns)
11902                 return -ENOMEM;
11903 
11904         new_rule->n_patterns = n_patterns;
11905         i = 0;
11906 
11907         nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11908                             rem) {
11909                 u8 *mask_pat;
11910 
11911                 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
11912                                                   pat,
11913                                                   nl80211_packet_pattern_policy,
11914                                                   NULL);
11915                 if (err)
11916                         return err;
11917 
11918                 if (!pat_tb[NL80211_PKTPAT_MASK] ||
11919                     !pat_tb[NL80211_PKTPAT_PATTERN])
11920                         return -EINVAL;
11921                 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11922                 mask_len = DIV_ROUND_UP(pat_len, 8);
11923                 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11924                         return -EINVAL;
11925                 if (pat_len > coalesce->pattern_max_len ||
11926                     pat_len < coalesce->pattern_min_len)
11927                         return -EINVAL;
11928 
11929                 if (!pat_tb[NL80211_PKTPAT_OFFSET])
11930                         pkt_offset = 0;
11931                 else
11932                         pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
11933                 if (pkt_offset > coalesce->max_pkt_offset)
11934                         return -EINVAL;
11935                 new_rule->patterns[i].pkt_offset = pkt_offset;
11936 
11937                 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11938                 if (!mask_pat)
11939                         return -ENOMEM;
11940 
11941                 new_rule->patterns[i].mask = mask_pat;
11942                 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11943                        mask_len);
11944 
11945                 mask_pat += mask_len;
11946                 new_rule->patterns[i].pattern = mask_pat;
11947                 new_rule->patterns[i].pattern_len = pat_len;
11948                 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11949                        pat_len);
11950                 i++;
11951         }
11952 
11953         return 0;
11954 }
11955 
11956 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
11957 {
11958         struct cfg80211_registered_device *rdev = info->user_ptr[0];
11959         const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11960         struct cfg80211_coalesce new_coalesce = {};
11961         struct cfg80211_coalesce *n_coalesce;
11962         int err, rem_rule, n_rules = 0, i, j;
11963         struct nlattr *rule;
11964         struct cfg80211_coalesce_rules *tmp_rule;
11965 
11966         if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
11967                 return -EOPNOTSUPP;
11968 
11969         if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
11970                 cfg80211_rdev_free_coalesce(rdev);
11971                 rdev_set_coalesce(rdev, NULL);
11972                 return 0;
11973         }
11974 
11975         nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11976                             rem_rule)
11977                 n_rules++;
11978         if (n_rules > coalesce->n_rules)
11979                 return -EINVAL;
11980 
11981         new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
11982                                      GFP_KERNEL);
11983         if (!new_coalesce.rules)
11984                 return -ENOMEM;
11985 
11986         new_coalesce.n_rules = n_rules;
11987         i = 0;
11988 
11989         nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11990                             rem_rule) {
11991                 err = nl80211_parse_coalesce_rule(rdev, rule,
11992                                                   &new_coalesce.rules[i]);
11993                 if (err)
11994                         goto error;
11995 
11996                 i++;
11997         }
11998 
11999         err = rdev_set_coalesce(rdev, &new_coalesce);
12000         if (err)
12001                 goto error;
12002 
12003         n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
12004         if (!n_coalesce) {
12005                 err = -ENOMEM;
12006                 goto error;
12007         }
12008         cfg80211_rdev_free_coalesce(rdev);
12009         rdev->coalesce = n_coalesce;
12010 
12011         return 0;
12012 error:
12013         for (i = 0; i < new_coalesce.n_rules; i++) {
12014                 tmp_rule = &new_coalesce.rules[i];
12015                 for (j = 0; j < tmp_rule->n_patterns; j++)
12016                         kfree(tmp_rule->patterns[j].mask);
12017                 kfree(tmp_rule->patterns);
12018         }
12019         kfree(new_coalesce.rules);
12020 
12021         return err;
12022 }
12023 
12024 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
12025 {
12026         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12027         struct net_device *dev = info->user_ptr[1];
12028         struct wireless_dev *wdev = dev->ieee80211_ptr;
12029         struct nlattr *tb[NUM_NL80211_REKEY_DATA];
12030         struct cfg80211_gtk_rekey_data rekey_data;
12031         int err;
12032 
12033         if (!info->attrs[NL80211_ATTR_REKEY_DATA])
12034                 return -EINVAL;
12035 
12036         err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
12037                                           info->attrs[NL80211_ATTR_REKEY_DATA],
12038                                           nl80211_rekey_policy, info->extack);
12039         if (err)
12040                 return err;
12041 
12042         if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
12043             !tb[NL80211_REKEY_DATA_KCK])
12044                 return -EINVAL;
12045         if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
12046                 return -ERANGE;
12047         if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
12048                 return -ERANGE;
12049         if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
12050                 return -ERANGE;
12051 
12052         rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
12053         rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
12054         rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
12055 
12056         wdev_lock(wdev);
12057         if (!wdev->current_bss) {
12058                 err = -ENOTCONN;
12059                 goto out;
12060         }
12061 
12062         if (!rdev->ops->set_rekey_data) {
12063                 err = -EOPNOTSUPP;
12064                 goto out;
12065         }
12066 
12067         err = rdev_set_rekey_data(rdev, dev, &rekey_data);
12068  out:
12069         wdev_unlock(wdev);
12070         return err;
12071 }
12072 
12073 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
12074                                              struct genl_info *info)
12075 {
12076         struct net_device *dev = info->user_ptr[1];
12077         struct wireless_dev *wdev = dev->ieee80211_ptr;
12078 
12079         if (wdev->iftype != NL80211_IFTYPE_AP &&
12080             wdev->iftype != NL80211_IFTYPE_P2P_GO)
12081                 return -EINVAL;
12082 
12083         if (wdev->ap_unexpected_nlportid)
12084                 return -EBUSY;
12085 
12086         wdev->ap_unexpected_nlportid = info->snd_portid;
12087         return 0;
12088 }
12089 
12090 static int nl80211_probe_client(struct sk_buff *skb,
12091                                 struct genl_info *info)
12092 {
12093         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12094         struct net_device *dev = info->user_ptr[1];
12095         struct wireless_dev *wdev = dev->ieee80211_ptr;
12096         struct sk_buff *msg;
12097         void *hdr;
12098         const u8 *addr;
12099         u64 cookie;
12100         int err;
12101 
12102         if (wdev->iftype != NL80211_IFTYPE_AP &&
12103             wdev->iftype != NL80211_IFTYPE_P2P_GO)
12104                 return -EOPNOTSUPP;
12105 
12106         if (!info->attrs[NL80211_ATTR_MAC])
12107                 return -EINVAL;
12108 
12109         if (!rdev->ops->probe_client)
12110                 return -EOPNOTSUPP;
12111 
12112         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12113         if (!msg)
12114                 return -ENOMEM;
12115 
12116         hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12117                              NL80211_CMD_PROBE_CLIENT);
12118         if (!hdr) {
12119                 err = -ENOBUFS;
12120                 goto free_msg;
12121         }
12122 
12123         addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12124 
12125         err = rdev_probe_client(rdev, dev, addr, &cookie);
12126         if (err)
12127                 goto free_msg;
12128 
12129         if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12130                               NL80211_ATTR_PAD))
12131                 goto nla_put_failure;
12132 
12133         genlmsg_end(msg, hdr);
12134 
12135         return genlmsg_reply(msg, info);
12136 
12137  nla_put_failure:
12138         err = -ENOBUFS;
12139  free_msg:
12140         nlmsg_free(msg);
12141         return err;
12142 }
12143 
12144 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
12145 {
12146         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12147         struct cfg80211_beacon_registration *reg, *nreg;
12148         int rv;
12149 
12150         if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
12151                 return -EOPNOTSUPP;
12152 
12153         nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
12154         if (!nreg)
12155                 return -ENOMEM;
12156 
12157         /* First, check if already registered. */
12158         spin_lock_bh(&rdev->beacon_registrations_lock);
12159         list_for_each_entry(reg, &rdev->beacon_registrations, list) {
12160                 if (reg->nlportid == info->snd_portid) {
12161                         rv = -EALREADY;
12162                         goto out_err;
12163                 }
12164         }
12165         /* Add it to the list */
12166         nreg->nlportid = info->snd_portid;
12167         list_add(&nreg->list, &rdev->beacon_registrations);
12168 
12169         spin_unlock_bh(&rdev->beacon_registrations_lock);
12170 
12171         return 0;
12172 out_err:
12173         spin_unlock_bh(&rdev->beacon_registrations_lock);
12174         kfree(nreg);
12175         return rv;
12176 }
12177 
12178 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
12179 {
12180         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12181         struct wireless_dev *wdev = info->user_ptr[1];
12182         int err;
12183 
12184         if (!rdev->ops->start_p2p_device)
12185                 return -EOPNOTSUPP;
12186 
12187         if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12188                 return -EOPNOTSUPP;
12189 
12190         if (wdev_running(wdev))
12191                 return 0;
12192 
12193         if (rfkill_blocked(rdev->rfkill))
12194                 return -ERFKILL;
12195 
12196         err = rdev_start_p2p_device(rdev, wdev);
12197         if (err)
12198                 return err;
12199 
12200         wdev->is_running = true;
12201         rdev->opencount++;
12202 
12203         return 0;
12204 }
12205 
12206 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
12207 {
12208         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12209         struct wireless_dev *wdev = info->user_ptr[1];
12210 
12211         if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12212                 return -EOPNOTSUPP;
12213 
12214         if (!rdev->ops->stop_p2p_device)
12215                 return -EOPNOTSUPP;
12216 
12217         cfg80211_stop_p2p_device(rdev, wdev);
12218 
12219         return 0;
12220 }
12221 
12222 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
12223 {
12224         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12225         struct wireless_dev *wdev = info->user_ptr[1];
12226         struct cfg80211_nan_conf conf = {};
12227         int err;
12228 
12229         if (wdev->iftype != NL80211_IFTYPE_NAN)
12230                 return -EOPNOTSUPP;
12231 
12232         if (wdev_running(wdev))
12233                 return -EEXIST;
12234 
12235         if (rfkill_blocked(rdev->rfkill))
12236                 return -ERFKILL;
12237 
12238         if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
12239                 return -EINVAL;
12240 
12241         conf.master_pref =
12242                 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12243 
12244         if (info->attrs[NL80211_ATTR_BANDS]) {
12245                 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12246 
12247                 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12248                         return -EOPNOTSUPP;
12249 
12250                 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12251                         return -EINVAL;
12252 
12253                 conf.bands = bands;
12254         }
12255 
12256         err = rdev_start_nan(rdev, wdev, &conf);
12257         if (err)
12258                 return err;
12259 
12260         wdev->is_running = true;
12261         rdev->opencount++;
12262 
12263         return 0;
12264 }
12265 
12266 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
12267 {
12268         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12269         struct wireless_dev *wdev = info->user_ptr[1];
12270 
12271         if (wdev->iftype != NL80211_IFTYPE_NAN)
12272                 return -EOPNOTSUPP;
12273 
12274         cfg80211_stop_nan(rdev, wdev);
12275 
12276         return 0;
12277 }
12278 
12279 static int validate_nan_filter(struct nlattr *filter_attr)
12280 {
12281         struct nlattr *attr;
12282         int len = 0, n_entries = 0, rem;
12283 
12284         nla_for_each_nested(attr, filter_attr, rem) {
12285                 len += nla_len(attr);
12286                 n_entries++;
12287         }
12288 
12289         if (len >= U8_MAX)
12290                 return -EINVAL;
12291 
12292         return n_entries;
12293 }
12294 
12295 static int handle_nan_filter(struct nlattr *attr_filter,
12296                              struct cfg80211_nan_func *func,
12297                              bool tx)
12298 {
12299         struct nlattr *attr;
12300         int n_entries, rem, i;
12301         struct cfg80211_nan_func_filter *filter;
12302 
12303         n_entries = validate_nan_filter(attr_filter);
12304         if (n_entries < 0)
12305                 return n_entries;
12306 
12307         BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
12308 
12309         filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
12310         if (!filter)
12311                 return -ENOMEM;
12312 
12313         i = 0;
12314         nla_for_each_nested(attr, attr_filter, rem) {
12315                 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
12316                 filter[i].len = nla_len(attr);
12317                 i++;
12318         }
12319         if (tx) {
12320                 func->num_tx_filters = n_entries;
12321                 func->tx_filters = filter;
12322         } else {
12323                 func->num_rx_filters = n_entries;
12324                 func->rx_filters = filter;
12325         }
12326 
12327         return 0;
12328 }
12329 
12330 static int nl80211_nan_add_func(struct sk_buff *skb,
12331                                 struct genl_info *info)
12332 {
12333         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12334         struct wireless_dev *wdev = info->user_ptr[1];
12335         struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
12336         struct cfg80211_nan_func *func;
12337         struct sk_buff *msg = NULL;
12338         void *hdr = NULL;
12339         int err = 0;
12340 
12341         if (wdev->iftype != NL80211_IFTYPE_NAN)
12342                 return -EOPNOTSUPP;
12343 
12344         if (!wdev_running(wdev))
12345                 return -ENOTCONN;
12346 
12347         if (!info->attrs[NL80211_ATTR_NAN_FUNC])
12348                 return -EINVAL;
12349 
12350         err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
12351                                           info->attrs[NL80211_ATTR_NAN_FUNC],
12352                                           nl80211_nan_func_policy,
12353                                           info->extack);
12354         if (err)
12355                 return err;
12356 
12357         func = kzalloc(sizeof(*func), GFP_KERNEL);
12358         if (!func)
12359                 return -ENOMEM;
12360 
12361         func->cookie = cfg80211_assign_cookie(rdev);
12362 
12363         if (!tb[NL80211_NAN_FUNC_TYPE] ||
12364             nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
12365                 err = -EINVAL;
12366                 goto out;
12367         }
12368 
12369 
12370         func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
12371 
12372         if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
12373                 err = -EINVAL;
12374                 goto out;
12375         }
12376 
12377         memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
12378                sizeof(func->service_id));
12379 
12380         func->close_range =
12381                 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
12382 
12383         if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
12384                 func->serv_spec_info_len =
12385                         nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
12386                 func->serv_spec_info =
12387                         kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
12388                                 func->serv_spec_info_len,
12389                                 GFP_KERNEL);
12390                 if (!func->serv_spec_info) {
12391                         err = -ENOMEM;
12392                         goto out;
12393                 }
12394         }
12395 
12396         if (tb[NL80211_NAN_FUNC_TTL])
12397                 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
12398 
12399         switch (func->type) {
12400         case NL80211_NAN_FUNC_PUBLISH:
12401                 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
12402                         err = -EINVAL;
12403                         goto out;
12404                 }
12405 
12406                 func->publish_type =
12407                         nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
12408                 func->publish_bcast =
12409                         nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
12410 
12411                 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
12412                         func->publish_bcast) {
12413                         err = -EINVAL;
12414                         goto out;
12415                 }
12416                 break;
12417         case NL80211_NAN_FUNC_SUBSCRIBE:
12418                 func->subscribe_active =
12419                         nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
12420                 break;
12421         case NL80211_NAN_FUNC_FOLLOW_UP:
12422                 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
12423                     !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
12424                     !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
12425                         err = -EINVAL;
12426                         goto out;
12427                 }
12428 
12429                 func->followup_id =
12430                         nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
12431                 func->followup_reqid =
12432                         nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
12433                 memcpy(func->followup_dest.addr,
12434                        nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
12435                        sizeof(func->followup_dest.addr));
12436                 if (func->ttl) {
12437                         err = -EINVAL;
12438                         goto out;
12439                 }
12440                 break;
12441         default:
12442                 err = -EINVAL;
12443                 goto out;
12444         }
12445 
12446         if (tb[NL80211_NAN_FUNC_SRF]) {
12447                 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
12448 
12449                 err = nla_parse_nested_deprecated(srf_tb,
12450                                                   NL80211_NAN_SRF_ATTR_MAX,
12451                                                   tb[NL80211_NAN_FUNC_SRF],
12452                                                   nl80211_nan_srf_policy,
12453                                                   info->extack);
12454                 if (err)
12455                         goto out;
12456 
12457                 func->srf_include =
12458                         nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
12459 
12460                 if (srf_tb[NL80211_NAN_SRF_BF]) {
12461                         if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
12462                             !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
12463                                 err = -EINVAL;
12464                                 goto out;
12465                         }
12466 
12467                         func->srf_bf_len =
12468                                 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
12469                         func->srf_bf =
12470                                 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
12471                                         func->srf_bf_len, GFP_KERNEL);
12472                         if (!func->srf_bf) {
12473                                 err = -ENOMEM;
12474                                 goto out;
12475                         }
12476 
12477                         func->srf_bf_idx =
12478                                 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
12479                 } else {
12480                         struct nlattr *attr, *mac_attr =
12481                                 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
12482                         int n_entries, rem, i = 0;
12483 
12484                         if (!mac_attr) {
12485                                 err = -EINVAL;
12486                                 goto out;
12487                         }
12488 
12489                         n_entries = validate_acl_mac_addrs(mac_attr);
12490                         if (n_entries <= 0) {
12491                                 err = -EINVAL;
12492                                 goto out;
12493                         }
12494 
12495                         func->srf_num_macs = n_entries;
12496                         func->srf_macs =
12497                                 kcalloc(n_entries, sizeof(*func->srf_macs),
12498                                         GFP_KERNEL);
12499                         if (!func->srf_macs) {
12500                                 err = -ENOMEM;
12501                                 goto out;
12502                         }
12503 
12504                         nla_for_each_nested(attr, mac_attr, rem)
12505                                 memcpy(func->srf_macs[i++].addr, nla_data(attr),
12506                                        sizeof(*func->srf_macs));
12507                 }
12508         }
12509 
12510         if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
12511                 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
12512                                         func, true);
12513                 if (err)
12514                         goto out;
12515         }
12516 
12517         if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
12518                 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
12519                                         func, false);
12520                 if (err)
12521                         goto out;
12522         }
12523 
12524         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12525         if (!msg) {
12526                 err = -ENOMEM;
12527                 goto out;
12528         }
12529 
12530         hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12531                              NL80211_CMD_ADD_NAN_FUNCTION);
12532         /* This can't really happen - we just allocated 4KB */
12533         if (WARN_ON(!hdr)) {
12534                 err = -ENOMEM;
12535                 goto out;
12536         }
12537 
12538         err = rdev_add_nan_func(rdev, wdev, func);
12539 out:
12540         if (err < 0) {
12541                 cfg80211_free_nan_func(func);
12542                 nlmsg_free(msg);
12543                 return err;
12544         }
12545 
12546         /* propagate the instance id and cookie to userspace  */
12547         if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
12548                               NL80211_ATTR_PAD))
12549                 goto nla_put_failure;
12550 
12551         func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12552         if (!func_attr)
12553                 goto nla_put_failure;
12554 
12555         if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
12556                        func->instance_id))
12557                 goto nla_put_failure;
12558 
12559         nla_nest_end(msg, func_attr);
12560 
12561         genlmsg_end(msg, hdr);
12562         return genlmsg_reply(msg, info);
12563 
12564 nla_put_failure:
12565         nlmsg_free(msg);
12566         return -ENOBUFS;
12567 }
12568 
12569 static int nl80211_nan_del_func(struct sk_buff *skb,
12570                                struct genl_info *info)
12571 {
12572         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12573         struct wireless_dev *wdev = info->user_ptr[1];
12574         u64 cookie;
12575 
12576         if (wdev->iftype != NL80211_IFTYPE_NAN)
12577                 return -EOPNOTSUPP;
12578 
12579         if (!wdev_running(wdev))
12580                 return -ENOTCONN;
12581 
12582         if (!info->attrs[NL80211_ATTR_COOKIE])
12583                 return -EINVAL;
12584 
12585         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12586 
12587         rdev_del_nan_func(rdev, wdev, cookie);
12588 
12589         return 0;
12590 }
12591 
12592 static int nl80211_nan_change_config(struct sk_buff *skb,
12593                                      struct genl_info *info)
12594 {
12595         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12596         struct wireless_dev *wdev = info->user_ptr[1];
12597         struct cfg80211_nan_conf conf = {};
12598         u32 changed = 0;
12599 
12600         if (wdev->iftype != NL80211_IFTYPE_NAN)
12601                 return -EOPNOTSUPP;
12602 
12603         if (!wdev_running(wdev))
12604                 return -ENOTCONN;
12605 
12606         if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
12607                 conf.master_pref =
12608                         nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12609                 if (conf.master_pref <= 1 || conf.master_pref == 255)
12610                         return -EINVAL;
12611 
12612                 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
12613         }
12614 
12615         if (info->attrs[NL80211_ATTR_BANDS]) {
12616                 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12617 
12618                 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12619                         return -EOPNOTSUPP;
12620 
12621                 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12622                         return -EINVAL;
12623 
12624                 conf.bands = bands;
12625                 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
12626         }
12627 
12628         if (!changed)
12629                 return -EINVAL;
12630 
12631         return rdev_nan_change_conf(rdev, wdev, &conf, changed);
12632 }
12633 
12634 void cfg80211_nan_match(struct wireless_dev *wdev,
12635                         struct cfg80211_nan_match_params *match, gfp_t gfp)
12636 {
12637         struct wiphy *wiphy = wdev->wiphy;
12638         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12639         struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
12640         struct sk_buff *msg;
12641         void *hdr;
12642 
12643         if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
12644                 return;
12645 
12646         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12647         if (!msg)
12648                 return;
12649 
12650         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
12651         if (!hdr) {
12652                 nlmsg_free(msg);
12653                 return;
12654         }
12655 
12656         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12657             (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12658                                          wdev->netdev->ifindex)) ||
12659             nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12660                               NL80211_ATTR_PAD))
12661                 goto nla_put_failure;
12662 
12663         if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
12664                               NL80211_ATTR_PAD) ||
12665             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
12666                 goto nla_put_failure;
12667 
12668         match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
12669         if (!match_attr)
12670                 goto nla_put_failure;
12671 
12672         local_func_attr = nla_nest_start_noflag(msg,
12673                                                 NL80211_NAN_MATCH_FUNC_LOCAL);
12674         if (!local_func_attr)
12675                 goto nla_put_failure;
12676 
12677         if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
12678                 goto nla_put_failure;
12679 
12680         nla_nest_end(msg, local_func_attr);
12681 
12682         peer_func_attr = nla_nest_start_noflag(msg,
12683                                                NL80211_NAN_MATCH_FUNC_PEER);
12684         if (!peer_func_attr)
12685                 goto nla_put_failure;
12686 
12687         if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
12688             nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
12689                 goto nla_put_failure;
12690 
12691         if (match->info && match->info_len &&
12692             nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
12693                     match->info))
12694                 goto nla_put_failure;
12695 
12696         nla_nest_end(msg, peer_func_attr);
12697         nla_nest_end(msg, match_attr);
12698         genlmsg_end(msg, hdr);
12699 
12700         if (!wdev->owner_nlportid)
12701                 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12702                                         msg, 0, NL80211_MCGRP_NAN, gfp);
12703         else
12704                 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12705                                 wdev->owner_nlportid);
12706 
12707         return;
12708 
12709 nla_put_failure:
12710         nlmsg_free(msg);
12711 }
12712 EXPORT_SYMBOL(cfg80211_nan_match);
12713 
12714 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
12715                                   u8 inst_id,
12716                                   enum nl80211_nan_func_term_reason reason,
12717                                   u64 cookie, gfp_t gfp)
12718 {
12719         struct wiphy *wiphy = wdev->wiphy;
12720         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12721         struct sk_buff *msg;
12722         struct nlattr *func_attr;
12723         void *hdr;
12724 
12725         if (WARN_ON(!inst_id))
12726                 return;
12727 
12728         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12729         if (!msg)
12730                 return;
12731 
12732         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
12733         if (!hdr) {
12734                 nlmsg_free(msg);
12735                 return;
12736         }
12737 
12738         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12739             (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12740                                          wdev->netdev->ifindex)) ||
12741             nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12742                               NL80211_ATTR_PAD))
12743                 goto nla_put_failure;
12744 
12745         if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12746                               NL80211_ATTR_PAD))
12747                 goto nla_put_failure;
12748 
12749         func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12750         if (!func_attr)
12751                 goto nla_put_failure;
12752 
12753         if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
12754             nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
12755                 goto nla_put_failure;
12756 
12757         nla_nest_end(msg, func_attr);
12758         genlmsg_end(msg, hdr);
12759 
12760         if (!wdev->owner_nlportid)
12761                 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12762                                         msg, 0, NL80211_MCGRP_NAN, gfp);
12763         else
12764                 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12765                                 wdev->owner_nlportid);
12766 
12767         return;
12768 
12769 nla_put_failure:
12770         nlmsg_free(msg);
12771 }
12772 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
12773 
12774 static int nl80211_get_protocol_features(struct sk_buff *skb,
12775                                          struct genl_info *info)
12776 {
12777         void *hdr;
12778         struct sk_buff *msg;
12779 
12780         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12781         if (!msg)
12782                 return -ENOMEM;
12783 
12784         hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12785                              NL80211_CMD_GET_PROTOCOL_FEATURES);
12786         if (!hdr)
12787                 goto nla_put_failure;
12788 
12789         if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
12790                         NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
12791                 goto nla_put_failure;
12792 
12793         genlmsg_end(msg, hdr);
12794         return genlmsg_reply(msg, info);
12795 
12796  nla_put_failure:
12797         kfree_skb(msg);
12798         return -ENOBUFS;
12799 }
12800 
12801 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
12802 {
12803         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12804         struct cfg80211_update_ft_ies_params ft_params;
12805         struct net_device *dev = info->user_ptr[1];
12806 
12807         if (!rdev->ops->update_ft_ies)
12808                 return -EOPNOTSUPP;
12809 
12810         if (!info->attrs[NL80211_ATTR_MDID] ||
12811             !info->attrs[NL80211_ATTR_IE])
12812                 return -EINVAL;
12813 
12814         memset(&ft_params, 0, sizeof(ft_params));
12815         ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
12816         ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12817         ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12818 
12819         return rdev_update_ft_ies(rdev, dev, &ft_params);
12820 }
12821 
12822 static int nl80211_crit_protocol_start(struct sk_buff *skb,
12823                                        struct genl_info *info)
12824 {
12825         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12826         struct wireless_dev *wdev = info->user_ptr[1];
12827         enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
12828         u16 duration;
12829         int ret;
12830 
12831         if (!rdev->ops->crit_proto_start)
12832                 return -EOPNOTSUPP;
12833 
12834         if (WARN_ON(!rdev->ops->crit_proto_stop))
12835                 return -EINVAL;
12836 
12837         if (rdev->crit_proto_nlportid)
12838                 return -EBUSY;
12839 
12840         /* determine protocol if provided */
12841         if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
12842                 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
12843 
12844         if (proto >= NUM_NL80211_CRIT_PROTO)
12845                 return -EINVAL;
12846 
12847         /* timeout must be provided */
12848         if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
12849                 return -EINVAL;
12850 
12851         duration =
12852                 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
12853 
12854         if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
12855                 return -ERANGE;
12856 
12857         ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
12858         if (!ret)
12859                 rdev->crit_proto_nlportid = info->snd_portid;
12860 
12861         return ret;
12862 }
12863 
12864 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
12865                                       struct genl_info *info)
12866 {
12867         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12868         struct wireless_dev *wdev = info->user_ptr[1];
12869 
12870         if (!rdev->ops->crit_proto_stop)
12871                 return -EOPNOTSUPP;
12872 
12873         if (rdev->crit_proto_nlportid) {
12874                 rdev->crit_proto_nlportid = 0;
12875                 rdev_crit_proto_stop(rdev, wdev);
12876         }
12877         return 0;
12878 }
12879 
12880 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
12881                                        struct nlattr *attr,
12882                                        struct netlink_ext_ack *extack)
12883 {
12884         if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
12885                 if (attr->nla_type & NLA_F_NESTED) {
12886                         NL_SET_ERR_MSG_ATTR(extack, attr,
12887                                             "unexpected nested data");
12888                         return -EINVAL;
12889                 }
12890 
12891                 return 0;
12892         }
12893 
12894         if (!(attr->nla_type & NLA_F_NESTED)) {
12895                 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
12896                 return -EINVAL;
12897         }
12898 
12899         return nl80211_validate_nested(attr, vcmd->maxattr, vcmd->policy,
12900                                        extack);
12901 }
12902 
12903 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
12904 {
12905         struct cfg80211_registered_device *rdev = info->user_ptr[0];
12906         struct wireless_dev *wdev =
12907                 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
12908         int i, err;
12909         u32 vid, subcmd;
12910 
12911         if (!rdev->wiphy.vendor_commands)
12912                 return -EOPNOTSUPP;
12913 
12914         if (IS_ERR(wdev)) {
12915                 err = PTR_ERR(wdev);
12916                 if (err != -EINVAL)
12917                         return err;
12918                 wdev = NULL;
12919         } else if (wdev->wiphy != &rdev->wiphy) {
12920                 return -EINVAL;
12921         }
12922 
12923         if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
12924             !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
12925                 return -EINVAL;
12926 
12927         vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
12928         subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
12929         for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
12930                 const struct wiphy_vendor_command *vcmd;
12931                 void *data = NULL;
12932                 int len = 0;
12933 
12934                 vcmd = &rdev->wiphy.vendor_commands[i];
12935 
12936                 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12937                         continue;
12938 
12939                 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12940                                    WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12941                         if (!wdev)
12942                                 return -EINVAL;
12943                         if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12944                             !wdev->netdev)
12945                                 return -EINVAL;
12946 
12947                         if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12948                                 if (!wdev_running(wdev))
12949                                         return -ENETDOWN;
12950                         }
12951 
12952                         if (!vcmd->doit)
12953                                 return -EOPNOTSUPP;
12954                 } else {
12955                         wdev = NULL;
12956                 }
12957 
12958                 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
12959                         data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12960                         len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12961 
12962                         err = nl80211_vendor_check_policy(vcmd,
12963                                         info->attrs[NL80211_ATTR_VENDOR_DATA],
12964                                         info->extack);
12965                         if (err)
12966                                 return err;
12967                 }
12968 
12969                 rdev->cur_cmd_info = info;
12970                 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
12971                 rdev->cur_cmd_info = NULL;
12972                 return err;
12973         }
12974 
12975         return -EOPNOTSUPP;
12976 }
12977 
12978 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
12979                                        struct netlink_callback *cb,
12980                                        struct cfg80211_registered_device **rdev,
12981                                        struct wireless_dev **wdev)
12982 {
12983         struct nlattr **attrbuf;
12984         u32 vid, subcmd;
12985         unsigned int i;
12986         int vcmd_idx = -1;
12987         int err;
12988         void *data = NULL;
12989         unsigned int data_len = 0;
12990 
12991         if (cb->args[0]) {
12992                 /* subtract the 1 again here */
12993                 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
12994                 struct wireless_dev *tmp;
12995 
12996                 if (!wiphy)
12997                         return -ENODEV;
12998                 *rdev = wiphy_to_rdev(wiphy);
12999                 *wdev = NULL;
13000 
13001                 if (cb->args[1]) {
13002                         list_for_each_entry(tmp, &wiphy->wdev_list, list) {
13003                                 if (tmp->identifier == cb->args[1] - 1) {
13004                                         *wdev = tmp;
13005                                         break;
13006                                 }
13007                         }
13008                 }
13009 
13010                 /* keep rtnl locked in successful case */
13011                 return 0;
13012         }
13013 
13014         attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
13015         if (!attrbuf)
13016                 return -ENOMEM;
13017 
13018         err = nlmsg_parse_deprecated(cb->nlh,
13019                                      GENL_HDRLEN + nl80211_fam.hdrsize,
13020                                      attrbuf, nl80211_fam.maxattr,
13021                                      nl80211_policy, NULL);
13022         if (err)
13023                 goto out;
13024 
13025         if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
13026             !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
13027                 err = -EINVAL;
13028                 goto out;
13029         }
13030 
13031         *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
13032         if (IS_ERR(*wdev))
13033                 *wdev = NULL;
13034 
13035         *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
13036         if (IS_ERR(*rdev)) {
13037                 err = PTR_ERR(*rdev);
13038                 goto out;
13039         }
13040 
13041         vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
13042         subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
13043 
13044         for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
13045                 const struct wiphy_vendor_command *vcmd;
13046 
13047                 vcmd = &(*rdev)->wiphy.vendor_commands[i];
13048 
13049                 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13050                         continue;
13051 
13052                 if (!vcmd->dumpit) {
13053                         err = -EOPNOTSUPP;
13054                         goto out;
13055                 }
13056 
13057                 vcmd_idx = i;
13058                 break;
13059         }
13060 
13061         if (vcmd_idx < 0) {
13062                 err = -EOPNOTSUPP;
13063                 goto out;
13064         }
13065 
13066         if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
13067                 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13068                 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13069 
13070                 err = nl80211_vendor_check_policy(
13071                                 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
13072                                 attrbuf[NL80211_ATTR_VENDOR_DATA],
13073                                 cb->extack);
13074                 if (err)
13075                         goto out;
13076         }
13077 
13078         /* 0 is the first index - add 1 to parse only once */
13079         cb->args[0] = (*rdev)->wiphy_idx + 1;
13080         /* add 1 to know if it was NULL */
13081         cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
13082         cb->args[2] = vcmd_idx;
13083         cb->args[3] = (unsigned long)data;
13084         cb->args[4] = data_len;
13085 
13086         /* keep rtnl locked in successful case */
13087         err = 0;
13088 out:
13089         kfree(attrbuf);
13090         return err;
13091 }
13092 
13093 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
13094                                    struct netlink_callback *cb)
13095 {
13096         struct cfg80211_registered_device *rdev;
13097         struct wireless_dev *wdev;
13098         unsigned int vcmd_idx;
13099         const struct wiphy_vendor_command *vcmd;
13100         void *data;
13101         int data_len;
13102         int err;
13103         struct nlattr *vendor_data;
13104 
13105         rtnl_lock();
13106         err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
13107         if (err)
13108                 goto out;
13109 
13110         vcmd_idx = cb->args[2];
13111         data = (void *)cb->args[3];
13112         data_len = cb->args[4];
13113         vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
13114 
13115         if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13116                            WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13117                 if (!wdev) {
13118                         err = -EINVAL;
13119                         goto out;
13120                 }
13121                 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13122                     !wdev->netdev) {
13123                         err = -EINVAL;
13124                         goto out;
13125                 }
13126 
13127                 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13128                         if (!wdev_running(wdev)) {
13129                                 err = -ENETDOWN;
13130                                 goto out;
13131                         }
13132                 }
13133         }
13134 
13135         while (1) {
13136                 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13137                                            cb->nlh->nlmsg_seq, NLM_F_MULTI,
13138                                            NL80211_CMD_VENDOR);
13139                 if (!hdr)
13140                         break;
13141 
13142                 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13143                     (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
13144                                                wdev_id(wdev),
13145                                                NL80211_ATTR_PAD))) {
13146                         genlmsg_cancel(skb, hdr);
13147                         break;
13148                 }
13149 
13150                 vendor_data = nla_nest_start_noflag(skb,
13151                                                     NL80211_ATTR_VENDOR_DATA);
13152                 if (!vendor_data) {
13153                         genlmsg_cancel(skb, hdr);
13154                         break;
13155                 }
13156 
13157                 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
13158                                    (unsigned long *)&cb->args[5]);
13159                 nla_nest_end(skb, vendor_data);
13160 
13161                 if (err == -ENOBUFS || err == -ENOENT) {
13162                         genlmsg_cancel(skb, hdr);
13163                         break;
13164                 } else if (err) {
13165                         genlmsg_cancel(skb, hdr);
13166                         goto out;
13167                 }
13168 
13169                 genlmsg_end(skb, hdr);
13170         }
13171 
13172         err = skb->len;
13173  out:
13174         rtnl_unlock();
13175         return err;
13176 }
13177 
13178 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
13179                                            enum nl80211_commands cmd,
13180                                            enum nl80211_attrs attr,
13181                                            int approxlen)
13182 {
13183         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13184 
13185         if (WARN_ON(!rdev->cur_cmd_info))
13186                 return NULL;
13187 
13188         return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
13189                                            rdev->cur_cmd_info->snd_portid,
13190                                            rdev->cur_cmd_info->snd_seq,
13191                                            cmd, attr, NULL, GFP_KERNEL);
13192 }
13193 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
13194 
13195 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
13196 {
13197         struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
13198         void *hdr = ((void **)skb->cb)[1];
13199         struct nlattr *data = ((void **)skb->cb)[2];
13200 
13201         /* clear CB data for netlink core to own from now on */
13202         memset(skb->cb, 0, sizeof(skb->cb));
13203 
13204         if (WARN_ON(!rdev->cur_cmd_info)) {
13205                 kfree_skb(skb);
13206                 return -EINVAL;
13207         }
13208 
13209         nla_nest_end(skb, data);
13210         genlmsg_end(skb, hdr);
13211         return genlmsg_reply(skb, rdev->cur_cmd_info);
13212 }
13213 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
13214 
13215 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
13216 {
13217         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13218 
13219         if (WARN_ON(!rdev->cur_cmd_info))
13220                 return 0;
13221 
13222         return rdev->cur_cmd_info->snd_portid;
13223 }
13224 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
13225 
13226 static int nl80211_set_qos_map(struct sk_buff *skb,
13227                                struct genl_info *info)
13228 {
13229         struct cfg80211_registered_device *rdev = info->user_ptr[0];
13230         struct cfg80211_qos_map *qos_map = NULL;
13231         struct net_device *dev = info->user_ptr[1];
13232         u8 *pos, len, num_des, des_len, des;
13233         int ret;
13234 
13235         if (!rdev->ops->set_qos_map)
13236                 return -EOPNOTSUPP;
13237 
13238         if (info->attrs[NL80211_ATTR_QOS_MAP]) {
13239                 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
13240                 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
13241 
13242                 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
13243                     len > IEEE80211_QOS_MAP_LEN_MAX)
13244                         return -EINVAL;
13245 
13246                 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
13247                 if (!qos_map)
13248                         return -ENOMEM;
13249 
13250                 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
13251                 if (num_des) {
13252                         des_len = num_des *
13253                                 sizeof(struct cfg80211_dscp_exception);
13254                         memcpy(qos_map->dscp_exception, pos, des_len);
13255                         qos_map->num_des = num_des;
13256                         for (des = 0; des < num_des; des++) {
13257                                 if (qos_map->dscp_exception[des].up > 7) {
13258                                         kfree(qos_map);
13259                                         return -EINVAL;
13260                                 }
13261                         }
13262                         pos += des_len;
13263                 }
13264                 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
13265         }
13266 
13267         wdev_lock(dev->ieee80211_ptr);
13268         ret = nl80211_key_allowed(dev->ieee80211_ptr);
13269         if (!ret)
13270                 ret = rdev_set_qos_map(rdev, dev, qos_map);
13271         wdev_unlock(dev->ieee80211_ptr);
13272 
13273         kfree(qos_map);
13274         return ret;
13275 }
13276 
13277 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
13278 {
13279         struct cfg80211_registered_device *rdev = info->user_ptr[0];
13280         struct net_device *dev = info->user_ptr[1];
13281         struct wireless_dev *wdev = dev->ieee80211_ptr;
13282         const u8 *peer;
13283         u8 tsid, up;
13284         u16 admitted_time = 0;
13285         int err;
13286 
13287         if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
13288                 return -EOPNOTSUPP;
13289 
13290         if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
13291             !info->attrs[NL80211_ATTR_USER_PRIO])
13292                 return -EINVAL;
13293 
13294         tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13295         up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
13296 
13297         /* WMM uses TIDs 0-7 even for TSPEC */
13298         if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
13299                 /* TODO: handle 802.11 TSPEC/admission control
13300                  * need more attributes for that (e.g. BA session requirement);
13301                  * change the WMM adminssion test above to allow both then
13302                  */
13303                 return -EINVAL;
13304         }
13305 
13306         peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13307 
13308         if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
13309                 admitted_time =
13310                         nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
13311                 if (!admitted_time)
13312                         return -EINVAL;
13313         }
13314 
13315         wdev_lock(wdev);
13316         switch (wdev->iftype) {
13317         case NL80211_IFTYPE_STATION:
13318         case NL80211_IFTYPE_P2P_CLIENT:
13319                 if (wdev->current_bss)
13320                         break;
13321                 err = -ENOTCONN;
13322                 goto out;
13323         default:
13324                 err = -EOPNOTSUPP;
13325                 goto out;
13326         }
13327 
13328         err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
13329 
13330  out:
13331         wdev_unlock(wdev);
13332         return err;
13333 }
13334 
13335 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
13336 {
13337         struct cfg80211_registered_device *rdev = info->user_ptr[0];
13338         struct net_device *dev = info->user_ptr[1];
13339         struct wireless_dev *wdev = dev->ieee80211_ptr;
13340         const u8 *peer;
13341         u8 tsid;
13342         int err;
13343 
13344         if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
13345                 return -EINVAL;
13346 
13347         tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13348         peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13349 
13350         wdev_lock(wdev);
13351         err = rdev_del_tx_ts(rdev, dev, tsid, peer);
13352         wdev_unlock(wdev);
13353 
13354         return err;
13355 }
13356 
13357 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
13358                                        struct genl_info *info)
13359 {
13360         struct cfg80211_registered_device *rdev = info->user_ptr[0];
13361         struct net_device *dev = info->user_ptr[1];
13362         struct wireless_dev *wdev = dev->ieee80211_ptr;
13363         struct cfg80211_chan_def chandef = {};
13364         const u8 *addr;
13365         u8 oper_class;
13366         int err;
13367 
13368         if (!rdev->ops->tdls_channel_switch ||
13369             !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13370                 return -EOPNOTSUPP;
13371 
13372         switch (dev->ieee80211_ptr->iftype) {
13373         case NL80211_IFTYPE_STATION:
13374         case NL80211_IFTYPE_P2P_CLIENT:
13375                 break;
13376         default:
13377                 return -EOPNOTSUPP;
13378         }
13379 
13380         if (!info->attrs[NL80211_ATTR_MAC] ||
13381             !info->attrs[NL80211_ATTR_OPER_CLASS])
13382                 return -EINVAL;
13383 
13384         err = nl80211_parse_chandef(rdev, info, &chandef);
13385         if (err)
13386                 return err;
13387 
13388         /*
13389          * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
13390          * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
13391          * specification is not defined for them.
13392          */
13393         if (chandef.chan->band == NL80211_BAND_2GHZ &&
13394             chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
13395             chandef.width != NL80211_CHAN_WIDTH_20)
13396                 return -EINVAL;
13397 
13398         /* we will be active on the TDLS link */
13399         if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
13400                                            wdev->iftype))
13401                 return -EINVAL;
13402 
13403         /* don't allow switching to DFS channels */
13404         if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
13405                 return -EINVAL;
13406 
13407         addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13408         oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
13409 
13410         wdev_lock(wdev);
13411         err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
13412         wdev_unlock(wdev);
13413 
13414         return err;
13415 }
13416 
13417 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
13418                                               struct genl_info *info)
13419 {
13420         struct cfg80211_registered_device *rdev = info->user_ptr[0];
13421         struct net_device *dev = info->user_ptr[1];
13422         struct wireless_dev *wdev = dev->ieee80211_ptr;
13423         const u8 *addr;
13424 
13425         if (!rdev->ops->tdls_channel_switch ||
13426             !rdev->ops->tdls_cancel_channel_switch ||
13427             !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13428                 return -EOPNOTSUPP;
13429 
13430         switch (dev->ieee80211_ptr->iftype) {
13431         case NL80211_IFTYPE_STATION:
13432         case NL80211_IFTYPE_P2P_CLIENT:
13433                 break;
13434         default:
13435                 return -EOPNOTSUPP;
13436         }
13437 
13438         if (!info->attrs[NL80211_ATTR_MAC])
13439                 return -EINVAL;
13440 
13441         addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13442 
13443         wdev_lock(wdev);
13444         rdev_tdls_cancel_channel_switch(rdev, dev, addr);
13445         wdev_unlock(wdev);
13446 
13447         return 0;
13448 }
13449 
13450 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
13451                                             struct genl_info *info)
13452 {
13453         struct cfg80211_registered_device *rdev = info->user_ptr[0];
13454         struct net_device *dev = info->user_ptr[1];
13455         struct wireless_dev *wdev = dev->ieee80211_ptr;
13456         const struct nlattr *nla;
13457         bool enabled;
13458 
13459         if (!rdev->ops->set_multicast_to_unicast)
13460                 return -EOPNOTSUPP;
13461 
13462         if (wdev->iftype != NL80211_IFTYPE_AP &&
13463             wdev->iftype != NL80211_IFTYPE_P2P_GO)
13464                 return -EOPNOTSUPP;
13465 
13466         nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
13467         enabled = nla_get_flag(nla);
13468 
13469         return rdev_set_multicast_to_unicast(rdev, dev, enabled);
13470 }
13471 
13472 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
13473 {
13474         struct cfg80211_registered_device *rdev = info->user_ptr[0];
13475         struct net_device *dev = info->user_ptr[1];
13476         struct wireless_dev *wdev = dev->ieee80211_ptr;
13477         struct cfg80211_pmk_conf pmk_conf = {};
13478         int ret;
13479 
13480         if (wdev->iftype != NL80211_IFTYPE_STATION &&
13481             wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13482                 return -EOPNOTSUPP;
13483 
13484         if (!wiphy_ext_feature_isset(&rdev->wiphy,
13485                                      NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13486                 return -EOPNOTSUPP;
13487 
13488         if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
13489                 return -EINVAL;
13490 
13491         wdev_lock(wdev);
13492         if (!wdev->current_bss) {
13493                 ret = -ENOTCONN;
13494                 goto out;
13495         }
13496 
13497         pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13498         if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
13499                 ret = -EINVAL;
13500                 goto out;
13501         }
13502 
13503         pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
13504         pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
13505         if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
13506             pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
13507                 ret = -EINVAL;
13508                 goto out;
13509         }
13510 
13511         if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
13512                 int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13513 
13514                 if (r0_name_len != WLAN_PMK_NAME_LEN) {
13515                         ret = -EINVAL;
13516                         goto out;
13517                 }
13518 
13519                 pmk_conf.pmk_r0_name =
13520                         nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13521         }
13522 
13523         ret = rdev_set_pmk(rdev, dev, &pmk_conf);
13524 out:
13525         wdev_unlock(wdev);
13526         return ret;
13527 }
13528 
13529 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
13530 {
13531         struct cfg80211_registered_device *rdev = info->user_ptr[0];
13532         struct net_device *dev = info->user_ptr[1];
13533         struct wireless_dev *wdev = dev->ieee80211_ptr;
13534         const u8 *aa;
13535         int ret;
13536 
13537         if (wdev->iftype != NL80211_IFTYPE_STATION &&
13538             wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13539                 return -EOPNOTSUPP;
13540 
13541         if (!wiphy_ext_feature_isset(&rdev->wiphy,
13542                                      NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13543                 return -EOPNOTSUPP;
13544 
13545         if (!info->attrs[NL80211_ATTR_MAC])
13546                 return -EINVAL;
13547 
13548         wdev_lock(wdev);
13549         aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13550         ret = rdev_del_pmk(rdev, dev, aa);
13551         wdev_unlock(wdev);
13552 
13553         return ret;
13554 }
13555 
13556 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
13557 {
13558         struct cfg80211_registered_device *rdev = info->user_ptr[0];
13559         struct net_device *dev = info->user_ptr[1];
13560         struct cfg80211_external_auth_params params;
13561 
13562         if (!rdev->ops->external_auth)
13563                 return -EOPNOTSUPP;
13564 
13565         if (!info->attrs[NL80211_ATTR_SSID] &&
13566             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
13567             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
13568                 return -EINVAL;
13569 
13570         if (!info->attrs[NL80211_ATTR_BSSID])
13571                 return -EINVAL;
13572 
13573         if (!info->attrs[NL80211_ATTR_STATUS_CODE])
13574                 return -EINVAL;
13575 
13576         memset(&params, 0, sizeof(params));
13577 
13578         if (info->attrs[NL80211_ATTR_SSID]) {
13579                 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13580                 if (params.ssid.ssid_len == 0 ||
13581                     params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
13582                         return -EINVAL;
13583                 memcpy(params.ssid.ssid,
13584                        nla_data(info->attrs[NL80211_ATTR_SSID]),
13585                        params.ssid.ssid_len);
13586         }
13587 
13588         memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
13589                ETH_ALEN);
13590 
13591         params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13592 
13593         if (info->attrs[NL80211_ATTR_PMKID])
13594                 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13595 
13596         return rdev_external_auth(rdev, dev, &params);
13597 }
13598 
13599 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
13600 {
13601         struct cfg80211_registered_device *rdev = info->user_ptr[0];
13602         struct net_device *dev = info->user_ptr[1];
13603         struct wireless_dev *wdev = dev->ieee80211_ptr;
13604         const u8 *buf;
13605         size_t len;
13606         u8 *dest;
13607         u16 proto;
13608         bool noencrypt;
13609         int err;
13610 
13611         if (!wiphy_ext_feature_isset(&rdev->wiphy,
13612                                      NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
13613                 return -EOPNOTSUPP;
13614 
13615         if (!rdev->ops->tx_control_port)
13616                 return -EOPNOTSUPP;
13617 
13618         if (!info->attrs[NL80211_ATTR_FRAME] ||
13619             !info->attrs[NL80211_ATTR_MAC] ||
13620             !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
13621                 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
13622                 return -EINVAL;
13623         }
13624 
13625         wdev_lock(wdev);
13626 
13627         switch (wdev->iftype) {
13628         case NL80211_IFTYPE_AP:
13629         case NL80211_IFTYPE_P2P_GO:
13630         case NL80211_IFTYPE_MESH_POINT:
13631                 break;
13632         case NL80211_IFTYPE_ADHOC:
13633         case NL80211_IFTYPE_STATION:
13634         case NL80211_IFTYPE_P2P_CLIENT:
13635                 if (wdev->current_bss)
13636                         break;
13637                 err = -ENOTCONN;
13638                 goto out;
13639         default:
13640                 err = -EOPNOTSUPP;
13641                 goto out;
13642         }
13643 
13644         wdev_unlock(wdev);
13645 
13646         buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13647         len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13648         dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13649         proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
13650         noencrypt =
13651                 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
13652 
13653         return rdev_tx_control_port(rdev, dev, buf, len,
13654                                     dest, cpu_to_be16(proto), noencrypt);
13655 
13656  out:
13657         wdev_unlock(wdev);
13658         return err;
13659 }
13660 
13661 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
13662                                            struct genl_info *info)
13663 {
13664         struct cfg80211_registered_device *rdev = info->user_ptr[0];
13665         struct net_device *dev = info->user_ptr[1];
13666         struct wireless_dev *wdev = dev->ieee80211_ptr;
13667         struct cfg80211_ftm_responder_stats ftm_stats = {};
13668         struct sk_buff *msg;
13669         void *hdr;
13670         struct nlattr *ftm_stats_attr;
13671         int err;
13672 
13673         if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
13674                 return -EOPNOTSUPP;
13675 
13676         err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
13677         if (err)
13678                 return err;
13679 
13680         if (!ftm_stats.filled)
13681                 return -ENODATA;
13682 
13683         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13684         if (!msg)
13685                 return -ENOMEM;
13686 
13687         hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13688                              NL80211_CMD_GET_FTM_RESPONDER_STATS);
13689         if (!hdr)
13690                 goto nla_put_failure;
13691 
13692         if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
13693                 goto nla_put_failure;
13694 
13695         ftm_stats_attr = nla_nest_start_noflag(msg,
13696                                                NL80211_ATTR_FTM_RESPONDER_STATS);
13697         if (!ftm_stats_attr)
13698                 goto nla_put_failure;
13699 
13700 #define SET_FTM(field, name, type)                                       \
13701         do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13702             nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name,            \
13703                              ftm_stats.field))                           \
13704                 goto nla_put_failure; } while (0)
13705 #define SET_FTM_U64(field, name)                                         \
13706         do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13707             nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name,           \
13708                               ftm_stats.field, NL80211_FTM_STATS_PAD))   \
13709                 goto nla_put_failure; } while (0)
13710 
13711         SET_FTM(success_num, SUCCESS_NUM, u32);
13712         SET_FTM(partial_num, PARTIAL_NUM, u32);
13713         SET_FTM(failed_num, FAILED_NUM, u32);
13714         SET_FTM(asap_num, ASAP_NUM, u32);
13715         SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
13716         SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
13717         SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
13718         SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
13719         SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
13720 #undef SET_FTM
13721 
13722         nla_nest_end(msg, ftm_stats_attr);
13723 
13724         genlmsg_end(msg, hdr);
13725         return genlmsg_reply(msg, info);
13726 
13727 nla_put_failure:
13728         nlmsg_free(msg);
13729         return -ENOBUFS;
13730 }
13731 
13732 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
13733 {
13734         struct cfg80211_registered_device *rdev = info->user_ptr[0];
13735         struct cfg80211_update_owe_info owe_info;
13736         struct net_device *dev = info->user_ptr[1];
13737 
13738         if (!rdev->ops->update_owe_info)
13739                 return -EOPNOTSUPP;
13740 
13741         if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
13742             !info->attrs[NL80211_ATTR_MAC])
13743                 return -EINVAL;
13744 
13745         memset(&owe_info, 0, sizeof(owe_info));
13746         owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13747         nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
13748 
13749         if (info->attrs[NL80211_ATTR_IE]) {
13750                 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13751                 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13752         }
13753 
13754         return rdev_update_owe_info(rdev, dev, &owe_info);
13755 }
13756 
13757 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
13758 {
13759         struct cfg80211_registered_device *rdev = info->user_ptr[0];
13760         struct net_device *dev = info->user_ptr[1];
13761         struct wireless_dev *wdev = dev->ieee80211_ptr;
13762         struct station_info sinfo = {};
13763         const u8 *buf;
13764         size_t len;
13765         u8 *dest;
13766         int err;
13767 
13768         if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
13769                 return -EOPNOTSUPP;
13770 
13771         if (!info->attrs[NL80211_ATTR_MAC] ||
13772             !info->attrs[NL80211_ATTR_FRAME]) {
13773                 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
13774                 return -EINVAL;
13775         }
13776 
13777         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
13778                 return -EOPNOTSUPP;
13779 
13780         dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13781         buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13782         len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13783 
13784         if (len < sizeof(struct ethhdr))
13785                 return -EINVAL;
13786 
13787         if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
13788             !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
13789                 return -EINVAL;
13790 
13791         err = rdev_get_station(rdev, dev, dest, &sinfo);
13792         if (err)
13793                 return err;
13794 
13795         cfg80211_sinfo_release_content(&sinfo);
13796 
13797         return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
13798 }
13799 
13800 #define NL80211_FLAG_NEED_WIPHY         0x01
13801 #define NL80211_FLAG_NEED_NETDEV        0x02
13802 #define NL80211_FLAG_NEED_RTNL          0x04
13803 #define NL80211_FLAG_CHECK_NETDEV_UP    0x08
13804 #define NL80211_FLAG_NEED_NETDEV_UP     (NL80211_FLAG_NEED_NETDEV |\
13805                                          NL80211_FLAG_CHECK_NETDEV_UP)
13806 #define NL80211_FLAG_NEED_WDEV          0x10
13807 /* If a netdev is associated, it must be UP, P2P must be started */
13808 #define NL80211_FLAG_NEED_WDEV_UP       (NL80211_FLAG_NEED_WDEV |\
13809                                          NL80211_FLAG_CHECK_NETDEV_UP)
13810 #define NL80211_FLAG_CLEAR_SKB          0x20
13811 
13812 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
13813                             struct genl_info *info)
13814 {
13815         struct cfg80211_registered_device *rdev;
13816         struct wireless_dev *wdev;
13817         struct net_device *dev;
13818         bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
13819 
13820         if (rtnl)
13821                 rtnl_lock();
13822 
13823         if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
13824                 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
13825                 if (IS_ERR(rdev)) {
13826                         if (rtnl)
13827                                 rtnl_unlock();
13828                         return PTR_ERR(rdev);
13829                 }
13830                 info->user_ptr[0] = rdev;
13831         } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
13832                    ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13833                 ASSERT_RTNL();
13834 
13835                 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
13836                                                   info->attrs);
13837                 if (IS_ERR(wdev)) {
13838                         if (rtnl)
13839                                 rtnl_unlock();
13840                         return PTR_ERR(wdev);
13841                 }
13842 
13843                 dev = wdev->netdev;
13844                 rdev = wiphy_to_rdev(wdev->wiphy);
13845 
13846                 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
13847                         if (!dev) {
13848                                 if (rtnl)
13849                                         rtnl_unlock();
13850                                 return -EINVAL;
13851                         }
13852 
13853                         info->user_ptr[1] = dev;
13854                 } else {
13855                         info->user_ptr[1] = wdev;
13856                 }
13857 
13858                 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
13859                     !wdev_running(wdev)) {
13860                         if (rtnl)
13861                                 rtnl_unlock();
13862                         return -ENETDOWN;
13863                 }
13864 
13865                 if (dev)
13866                         dev_hold(dev);
13867 
13868                 info->user_ptr[0] = rdev;
13869         }
13870 
13871         return 0;
13872 }
13873 
13874 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
13875                               struct genl_info *info)
13876 {
13877         if (info->user_ptr[1]) {
13878                 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13879                         struct wireless_dev *wdev = info->user_ptr[1];
13880 
13881                         if (wdev->netdev)
13882                                 dev_put(wdev->netdev);
13883                 } else {
13884                         dev_put(info->user_ptr[1]);
13885                 }
13886         }
13887 
13888         if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
13889                 rtnl_unlock();
13890 
13891         /* If needed, clear the netlink message payload from the SKB
13892          * as it might contain key data that shouldn't stick around on
13893          * the heap after the SKB is freed. The netlink message header
13894          * is still needed for further processing, so leave it intact.
13895          */
13896         if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
13897                 struct nlmsghdr *nlh = nlmsg_hdr(skb);
13898 
13899                 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
13900         }
13901 }
13902 
13903 static const struct genl_ops nl80211_ops[] = {
13904         {
13905                 .cmd = NL80211_CMD_GET_WIPHY,
13906                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13907                 .doit = nl80211_get_wiphy,
13908                 .dumpit = nl80211_dump_wiphy,
13909                 .done = nl80211_dump_wiphy_done,
13910                 /* can be retrieved by unprivileged users */
13911                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13912                                   NL80211_FLAG_NEED_RTNL,
13913         },
13914         {
13915                 .cmd = NL80211_CMD_SET_WIPHY,
13916                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13917                 .doit = nl80211_set_wiphy,
13918                 .flags = GENL_UNS_ADMIN_PERM,
13919                 .internal_flags = NL80211_FLAG_NEED_RTNL,
13920         },
13921         {
13922                 .cmd = NL80211_CMD_GET_INTERFACE,
13923                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13924                 .doit = nl80211_get_interface,
13925                 .dumpit = nl80211_dump_interface,
13926                 /* can be retrieved by unprivileged users */
13927                 .internal_flags = NL80211_FLAG_NEED_WDEV |
13928                                   NL80211_FLAG_NEED_RTNL,
13929         },
13930         {
13931                 .cmd = NL80211_CMD_SET_INTERFACE,
13932                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13933                 .doit = nl80211_set_interface,
13934                 .flags = GENL_UNS_ADMIN_PERM,
13935                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13936                                   NL80211_FLAG_NEED_RTNL,
13937         },
13938         {
13939                 .cmd = NL80211_CMD_NEW_INTERFACE,
13940                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13941                 .doit = nl80211_new_interface,
13942                 .flags = GENL_UNS_ADMIN_PERM,
13943                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13944                                   NL80211_FLAG_NEED_RTNL,
13945         },
13946         {
13947                 .cmd = NL80211_CMD_DEL_INTERFACE,
13948                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13949                 .doit = nl80211_del_interface,
13950                 .flags = GENL_UNS_ADMIN_PERM,
13951                 .internal_flags = NL80211_FLAG_NEED_WDEV |
13952                                   NL80211_FLAG_NEED_RTNL,
13953         },
13954         {
13955                 .cmd = NL80211_CMD_GET_KEY,
13956                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13957                 .doit = nl80211_get_key,
13958                 .flags = GENL_UNS_ADMIN_PERM,
13959                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13960                                   NL80211_FLAG_NEED_RTNL,
13961         },
13962         {
13963                 .cmd = NL80211_CMD_SET_KEY,
13964                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13965                 .doit = nl80211_set_key,
13966                 .flags = GENL_UNS_ADMIN_PERM,
13967                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13968                                   NL80211_FLAG_NEED_RTNL |
13969                                   NL80211_FLAG_CLEAR_SKB,
13970         },
13971         {
13972                 .cmd = NL80211_CMD_NEW_KEY,
13973                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13974                 .doit = nl80211_new_key,
13975                 .flags = GENL_UNS_ADMIN_PERM,
13976                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13977                                   NL80211_FLAG_NEED_RTNL |
13978                                   NL80211_FLAG_CLEAR_SKB,
13979         },
13980         {
13981                 .cmd = NL80211_CMD_DEL_KEY,
13982                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13983                 .doit = nl80211_del_key,
13984                 .flags = GENL_UNS_ADMIN_PERM,
13985                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13986                                   NL80211_FLAG_NEED_RTNL,
13987         },
13988         {
13989                 .cmd = NL80211_CMD_SET_BEACON,
13990                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13991                 .flags = GENL_UNS_ADMIN_PERM,
13992                 .doit = nl80211_set_beacon,
13993                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13994                                   NL80211_FLAG_NEED_RTNL,
13995         },
13996         {
13997                 .cmd = NL80211_CMD_START_AP,
13998                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13999                 .flags = GENL_UNS_ADMIN_PERM,
14000                 .doit = nl80211_start_ap,
14001                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14002                                   NL80211_FLAG_NEED_RTNL,
14003         },
14004         {
14005                 .cmd = NL80211_CMD_STOP_AP,
14006                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14007                 .flags = GENL_UNS_ADMIN_PERM,
14008                 .doit = nl80211_stop_ap,
14009                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14010                                   NL80211_FLAG_NEED_RTNL,
14011         },
14012         {
14013                 .cmd = NL80211_CMD_GET_STATION,
14014                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14015                 .doit = nl80211_get_station,
14016                 .dumpit = nl80211_dump_station,
14017                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14018                                   NL80211_FLAG_NEED_RTNL,
14019         },
14020         {
14021                 .cmd = NL80211_CMD_SET_STATION,
14022                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14023                 .doit = nl80211_set_station,
14024                 .flags = GENL_UNS_ADMIN_PERM,
14025                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14026                                   NL80211_FLAG_NEED_RTNL,
14027         },
14028         {
14029                 .cmd = NL80211_CMD_NEW_STATION,
14030                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14031                 .doit = nl80211_new_station,
14032                 .flags = GENL_UNS_ADMIN_PERM,
14033                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14034                                   NL80211_FLAG_NEED_RTNL,
14035         },
14036         {
14037                 .cmd = NL80211_CMD_DEL_STATION,
14038                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14039                 .doit = nl80211_del_station,
14040                 .flags = GENL_UNS_ADMIN_PERM,
14041                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14042                                   NL80211_FLAG_NEED_RTNL,
14043         },
14044         {
14045                 .cmd = NL80211_CMD_GET_MPATH,
14046                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14047                 .doit = nl80211_get_mpath,
14048                 .dumpit = nl80211_dump_mpath,
14049                 .flags = GENL_UNS_ADMIN_PERM,
14050                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14051                                   NL80211_FLAG_NEED_RTNL,
14052         },
14053         {
14054                 .cmd = NL80211_CMD_GET_MPP,
14055                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14056                 .doit = nl80211_get_mpp,
14057                 .dumpit = nl80211_dump_mpp,
14058                 .flags = GENL_UNS_ADMIN_PERM,
14059                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14060                                   NL80211_FLAG_NEED_RTNL,
14061         },
14062         {
14063                 .cmd = NL80211_CMD_SET_MPATH,
14064                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14065                 .doit = nl80211_set_mpath,
14066                 .flags = GENL_UNS_ADMIN_PERM,
14067                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14068                                   NL80211_FLAG_NEED_RTNL,
14069         },
14070         {
14071                 .cmd = NL80211_CMD_NEW_MPATH,
14072                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14073                 .doit = nl80211_new_mpath,
14074                 .flags = GENL_UNS_ADMIN_PERM,
14075                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14076                                   NL80211_FLAG_NEED_RTNL,
14077         },
14078         {
14079                 .cmd = NL80211_CMD_DEL_MPATH,
14080                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14081                 .doit = nl80211_del_mpath,
14082                 .flags = GENL_UNS_ADMIN_PERM,
14083                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14084                                   NL80211_FLAG_NEED_RTNL,
14085         },
14086         {
14087                 .cmd = NL80211_CMD_SET_BSS,
14088                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14089                 .doit = nl80211_set_bss,
14090                 .flags = GENL_UNS_ADMIN_PERM,
14091                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14092                                   NL80211_FLAG_NEED_RTNL,
14093         },
14094         {
14095                 .cmd = NL80211_CMD_GET_REG,
14096                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14097                 .doit = nl80211_get_reg_do,
14098                 .dumpit = nl80211_get_reg_dump,
14099                 .internal_flags = NL80211_FLAG_NEED_RTNL,
14100                 /* can be retrieved by unprivileged users */
14101         },
14102 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
14103         {
14104                 .cmd = NL80211_CMD_SET_REG,
14105                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14106                 .doit = nl80211_set_reg,
14107                 .flags = GENL_ADMIN_PERM,
14108                 .internal_flags = NL80211_FLAG_NEED_RTNL,
14109         },
14110 #endif
14111         {
14112                 .cmd = NL80211_CMD_REQ_SET_REG,
14113                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14114                 .doit = nl80211_req_set_reg,
14115                 .flags = GENL_ADMIN_PERM,
14116         },
14117         {
14118                 .cmd = NL80211_CMD_RELOAD_REGDB,
14119                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14120                 .doit = nl80211_reload_regdb,
14121                 .flags = GENL_ADMIN_PERM,
14122         },
14123         {
14124                 .cmd = NL80211_CMD_GET_MESH_CONFIG,
14125                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14126                 .doit = nl80211_get_mesh_config,
14127                 /* can be retrieved by unprivileged users */
14128                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14129                                   NL80211_FLAG_NEED_RTNL,
14130         },
14131         {
14132                 .cmd = NL80211_CMD_SET_MESH_CONFIG,
14133                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14134                 .doit = nl80211_update_mesh_config,
14135                 .flags = GENL_UNS_ADMIN_PERM,
14136                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14137                                   NL80211_FLAG_NEED_RTNL,
14138         },
14139         {
14140                 .cmd = NL80211_CMD_TRIGGER_SCAN,
14141                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14142                 .doit = nl80211_trigger_scan,
14143                 .flags = GENL_UNS_ADMIN_PERM,
14144                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14145                                   NL80211_FLAG_NEED_RTNL,
14146         },
14147         {
14148                 .cmd = NL80211_CMD_ABORT_SCAN,
14149                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14150                 .doit = nl80211_abort_scan,
14151                 .flags = GENL_UNS_ADMIN_PERM,
14152                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14153                                   NL80211_FLAG_NEED_RTNL,
14154         },
14155         {
14156                 .cmd = NL80211_CMD_GET_SCAN,
14157                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14158                 .dumpit = nl80211_dump_scan,
14159         },
14160         {
14161                 .cmd = NL80211_CMD_START_SCHED_SCAN,
14162                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14163                 .doit = nl80211_start_sched_scan,
14164                 .flags = GENL_UNS_ADMIN_PERM,
14165                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14166                                   NL80211_FLAG_NEED_RTNL,
14167         },
14168         {
14169                 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
14170                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14171                 .doit = nl80211_stop_sched_scan,
14172                 .flags = GENL_UNS_ADMIN_PERM,
14173                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14174                                   NL80211_FLAG_NEED_RTNL,
14175         },
14176         {
14177                 .cmd = NL80211_CMD_AUTHENTICATE,
14178                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14179                 .doit = nl80211_authenticate,
14180                 .flags = GENL_UNS_ADMIN_PERM,
14181                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14182                                   NL80211_FLAG_NEED_RTNL |
14183                                   NL80211_FLAG_CLEAR_SKB,
14184         },
14185         {
14186                 .cmd = NL80211_CMD_ASSOCIATE,
14187                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14188                 .doit = nl80211_associate,
14189                 .flags = GENL_UNS_ADMIN_PERM,
14190                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14191                                   NL80211_FLAG_NEED_RTNL |
14192                                   NL80211_FLAG_CLEAR_SKB,
14193         },
14194         {
14195                 .cmd = NL80211_CMD_DEAUTHENTICATE,
14196                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14197                 .doit = nl80211_deauthenticate,
14198                 .flags = GENL_UNS_ADMIN_PERM,
14199                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14200                                   NL80211_FLAG_NEED_RTNL,
14201         },
14202         {
14203                 .cmd = NL80211_CMD_DISASSOCIATE,
14204                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14205                 .doit = nl80211_disassociate,
14206                 .flags = GENL_UNS_ADMIN_PERM,
14207                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14208                                   NL80211_FLAG_NEED_RTNL,
14209         },
14210         {
14211                 .cmd = NL80211_CMD_JOIN_IBSS,
14212                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14213                 .doit = nl80211_join_ibss,
14214                 .flags = GENL_UNS_ADMIN_PERM,
14215                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14216                                   NL80211_FLAG_NEED_RTNL,
14217         },
14218         {
14219                 .cmd = NL80211_CMD_LEAVE_IBSS,
14220                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14221                 .doit = nl80211_leave_ibss,
14222                 .flags = GENL_UNS_ADMIN_PERM,
14223                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14224                                   NL80211_FLAG_NEED_RTNL,
14225         },
14226 #ifdef CONFIG_NL80211_TESTMODE
14227         {
14228                 .cmd = NL80211_CMD_TESTMODE,
14229                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14230                 .doit = nl80211_testmode_do,
14231                 .dumpit = nl80211_testmode_dump,
14232                 .flags = GENL_UNS_ADMIN_PERM,
14233                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14234                                   NL80211_FLAG_NEED_RTNL,
14235         },
14236 #endif
14237         {
14238                 .cmd = NL80211_CMD_CONNECT,
14239                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14240                 .doit = nl80211_connect,
14241                 .flags = GENL_UNS_ADMIN_PERM,
14242                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14243                                   NL80211_FLAG_NEED_RTNL |
14244                                   NL80211_FLAG_CLEAR_SKB,
14245         },
14246         {
14247                 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
14248                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14249                 .doit = nl80211_update_connect_params,
14250                 .flags = GENL_ADMIN_PERM,
14251                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14252                                   NL80211_FLAG_NEED_RTNL |
14253                                   NL80211_FLAG_CLEAR_SKB,
14254         },
14255         {
14256                 .cmd = NL80211_CMD_DISCONNECT,
14257                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14258                 .doit = nl80211_disconnect,
14259                 .flags = GENL_UNS_ADMIN_PERM,
14260                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14261                                   NL80211_FLAG_NEED_RTNL,
14262         },
14263         {
14264                 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
14265                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14266                 .doit = nl80211_wiphy_netns,
14267                 .flags = GENL_UNS_ADMIN_PERM,
14268                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14269                                   NL80211_FLAG_NEED_RTNL,
14270         },
14271         {
14272                 .cmd = NL80211_CMD_GET_SURVEY,
14273                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14274                 .dumpit = nl80211_dump_survey,
14275         },
14276         {
14277                 .cmd = NL80211_CMD_SET_PMKSA,
14278                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14279                 .doit = nl80211_setdel_pmksa,
14280                 .flags = GENL_UNS_ADMIN_PERM,
14281                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14282                                   NL80211_FLAG_NEED_RTNL |
14283                                   NL80211_FLAG_CLEAR_SKB,
14284         },
14285         {
14286                 .cmd = NL80211_CMD_DEL_PMKSA,
14287                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14288                 .doit = nl80211_setdel_pmksa,
14289                 .flags = GENL_UNS_ADMIN_PERM,
14290                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14291                                   NL80211_FLAG_NEED_RTNL,
14292         },
14293         {
14294                 .cmd = NL80211_CMD_FLUSH_PMKSA,
14295                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14296                 .doit = nl80211_flush_pmksa,
14297                 .flags = GENL_UNS_ADMIN_PERM,
14298                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14299                                   NL80211_FLAG_NEED_RTNL,
14300         },
14301         {
14302                 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
14303                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14304                 .doit = nl80211_remain_on_channel,
14305                 .flags = GENL_UNS_ADMIN_PERM,
14306                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14307                                   NL80211_FLAG_NEED_RTNL,
14308         },
14309         {
14310                 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14311                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14312                 .doit = nl80211_cancel_remain_on_channel,
14313                 .flags = GENL_UNS_ADMIN_PERM,
14314                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14315                                   NL80211_FLAG_NEED_RTNL,
14316         },
14317         {
14318                 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
14319                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14320                 .doit = nl80211_set_tx_bitrate_mask,
14321                 .flags = GENL_UNS_ADMIN_PERM,
14322                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14323                                   NL80211_FLAG_NEED_RTNL,
14324         },
14325         {
14326                 .cmd = NL80211_CMD_REGISTER_FRAME,
14327                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14328                 .doit = nl80211_register_mgmt,
14329                 .flags = GENL_UNS_ADMIN_PERM,
14330                 .internal_flags = NL80211_FLAG_NEED_WDEV |
14331                                   NL80211_FLAG_NEED_RTNL,
14332         },
14333         {
14334                 .cmd = NL80211_CMD_FRAME,
14335                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14336                 .doit = nl80211_tx_mgmt,
14337                 .flags = GENL_UNS_ADMIN_PERM,
14338                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14339                                   NL80211_FLAG_NEED_RTNL,
14340         },
14341         {
14342                 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
14343                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14344                 .doit = nl80211_tx_mgmt_cancel_wait,
14345                 .flags = GENL_UNS_ADMIN_PERM,
14346                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14347                                   NL80211_FLAG_NEED_RTNL,
14348         },
14349         {
14350                 .cmd = NL80211_CMD_SET_POWER_SAVE,
14351                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14352                 .doit = nl80211_set_power_save,
14353                 .flags = GENL_UNS_ADMIN_PERM,
14354                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14355                                   NL80211_FLAG_NEED_RTNL,
14356         },
14357         {
14358                 .cmd = NL80211_CMD_GET_POWER_SAVE,
14359                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14360                 .doit = nl80211_get_power_save,
14361                 /* can be retrieved by unprivileged users */
14362                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14363                                   NL80211_FLAG_NEED_RTNL,
14364         },
14365         {
14366                 .cmd = NL80211_CMD_SET_CQM,
14367                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14368                 .doit = nl80211_set_cqm,
14369                 .flags = GENL_UNS_ADMIN_PERM,
14370                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14371                                   NL80211_FLAG_NEED_RTNL,
14372         },
14373         {
14374                 .cmd = NL80211_CMD_SET_CHANNEL,
14375                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14376                 .doit = nl80211_set_channel,
14377                 .flags = GENL_UNS_ADMIN_PERM,
14378                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14379                                   NL80211_FLAG_NEED_RTNL,
14380         },
14381         {
14382                 .cmd = NL80211_CMD_SET_WDS_PEER,
14383                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14384                 .doit = nl80211_set_wds_peer,
14385                 .flags = GENL_UNS_ADMIN_PERM,
14386                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14387                                   NL80211_FLAG_NEED_RTNL,
14388         },
14389         {
14390                 .cmd = NL80211_CMD_JOIN_MESH,
14391                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14392                 .doit = nl80211_join_mesh,
14393                 .flags = GENL_UNS_ADMIN_PERM,
14394                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14395                                   NL80211_FLAG_NEED_RTNL,
14396         },
14397         {
14398                 .cmd = NL80211_CMD_LEAVE_MESH,
14399                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14400                 .doit = nl80211_leave_mesh,
14401                 .flags = GENL_UNS_ADMIN_PERM,
14402                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14403                                   NL80211_FLAG_NEED_RTNL,
14404         },
14405         {
14406                 .cmd = NL80211_CMD_JOIN_OCB,
14407                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14408                 .doit = nl80211_join_ocb,
14409                 .flags = GENL_UNS_ADMIN_PERM,
14410                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14411                                   NL80211_FLAG_NEED_RTNL,
14412         },
14413         {
14414                 .cmd = NL80211_CMD_LEAVE_OCB,
14415                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14416                 .doit = nl80211_leave_ocb,
14417                 .flags = GENL_UNS_ADMIN_PERM,
14418                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14419                                   NL80211_FLAG_NEED_RTNL,
14420         },
14421 #ifdef CONFIG_PM
14422         {
14423                 .cmd = NL80211_CMD_GET_WOWLAN,
14424                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14425                 .doit = nl80211_get_wowlan,
14426                 /* can be retrieved by unprivileged users */
14427                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14428                                   NL80211_FLAG_NEED_RTNL,
14429         },
14430         {
14431                 .cmd = NL80211_CMD_SET_WOWLAN,
14432                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14433                 .doit = nl80211_set_wowlan,
14434                 .flags = GENL_UNS_ADMIN_PERM,
14435                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14436                                   NL80211_FLAG_NEED_RTNL,
14437         },
14438 #endif
14439         {
14440                 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
14441                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14442                 .doit = nl80211_set_rekey_data,
14443                 .flags = GENL_UNS_ADMIN_PERM,
14444                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14445                                   NL80211_FLAG_NEED_RTNL |
14446                                   NL80211_FLAG_CLEAR_SKB,
14447         },
14448         {
14449                 .cmd = NL80211_CMD_TDLS_MGMT,
14450                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14451                 .doit = nl80211_tdls_mgmt,
14452                 .flags = GENL_UNS_ADMIN_PERM,
14453                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14454                                   NL80211_FLAG_NEED_RTNL,
14455         },
14456         {
14457                 .cmd = NL80211_CMD_TDLS_OPER,
14458                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14459                 .doit = nl80211_tdls_oper,
14460                 .flags = GENL_UNS_ADMIN_PERM,
14461                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14462                                   NL80211_FLAG_NEED_RTNL,
14463         },
14464         {
14465                 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
14466                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14467                 .doit = nl80211_register_unexpected_frame,
14468                 .flags = GENL_UNS_ADMIN_PERM,
14469                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14470                                   NL80211_FLAG_NEED_RTNL,
14471         },
14472         {
14473                 .cmd = NL80211_CMD_PROBE_CLIENT,
14474                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14475                 .doit = nl80211_probe_client,
14476                 .flags = GENL_UNS_ADMIN_PERM,
14477                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14478                                   NL80211_FLAG_NEED_RTNL,
14479         },
14480         {
14481                 .cmd = NL80211_CMD_REGISTER_BEACONS,
14482                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14483                 .doit = nl80211_register_beacons,
14484                 .flags = GENL_UNS_ADMIN_PERM,
14485                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14486                                   NL80211_FLAG_NEED_RTNL,
14487         },
14488         {
14489                 .cmd = NL80211_CMD_SET_NOACK_MAP,
14490                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14491                 .doit = nl80211_set_noack_map,
14492                 .flags = GENL_UNS_ADMIN_PERM,
14493                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14494                                   NL80211_FLAG_NEED_RTNL,
14495         },
14496         {
14497                 .cmd = NL80211_CMD_START_P2P_DEVICE,
14498                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14499                 .doit = nl80211_start_p2p_device,
14500                 .flags = GENL_UNS_ADMIN_PERM,
14501                 .internal_flags = NL80211_FLAG_NEED_WDEV |
14502                                   NL80211_FLAG_NEED_RTNL,
14503         },
14504         {
14505                 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
14506                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14507                 .doit = nl80211_stop_p2p_device,
14508                 .flags = GENL_UNS_ADMIN_PERM,
14509                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14510                                   NL80211_FLAG_NEED_RTNL,
14511         },
14512         {
14513                 .cmd = NL80211_CMD_START_NAN,
14514                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14515                 .doit = nl80211_start_nan,
14516                 .flags = GENL_ADMIN_PERM,
14517                 .internal_flags = NL80211_FLAG_NEED_WDEV |
14518                                   NL80211_FLAG_NEED_RTNL,
14519         },
14520         {
14521                 .cmd = NL80211_CMD_STOP_NAN,
14522                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14523                 .doit = nl80211_stop_nan,
14524                 .flags = GENL_ADMIN_PERM,
14525                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14526                                   NL80211_FLAG_NEED_RTNL,
14527         },
14528         {
14529                 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
14530                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14531                 .doit = nl80211_nan_add_func,
14532                 .flags = GENL_ADMIN_PERM,
14533                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14534                                   NL80211_FLAG_NEED_RTNL,
14535         },
14536         {
14537                 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
14538                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14539                 .doit = nl80211_nan_del_func,
14540                 .flags = GENL_ADMIN_PERM,
14541                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14542                                   NL80211_FLAG_NEED_RTNL,
14543         },
14544         {
14545                 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
14546                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14547                 .doit = nl80211_nan_change_config,
14548                 .flags = GENL_ADMIN_PERM,
14549                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14550                                   NL80211_FLAG_NEED_RTNL,
14551         },
14552         {
14553                 .cmd = NL80211_CMD_SET_MCAST_RATE,
14554                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14555                 .doit = nl80211_set_mcast_rate,
14556                 .flags = GENL_UNS_ADMIN_PERM,
14557                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14558                                   NL80211_FLAG_NEED_RTNL,
14559         },
14560         {
14561                 .cmd = NL80211_CMD_SET_MAC_ACL,
14562                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14563                 .doit = nl80211_set_mac_acl,
14564                 .flags = GENL_UNS_ADMIN_PERM,
14565                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14566                                   NL80211_FLAG_NEED_RTNL,
14567         },
14568         {
14569                 .cmd = NL80211_CMD_RADAR_DETECT,
14570                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14571                 .doit = nl80211_start_radar_detection,
14572                 .flags = GENL_UNS_ADMIN_PERM,
14573                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14574                                   NL80211_FLAG_NEED_RTNL,
14575         },
14576         {
14577                 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
14578                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14579                 .doit = nl80211_get_protocol_features,
14580         },
14581         {
14582                 .cmd = NL80211_CMD_UPDATE_FT_IES,
14583                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14584                 .doit = nl80211_update_ft_ies,
14585                 .flags = GENL_UNS_ADMIN_PERM,
14586                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14587                                   NL80211_FLAG_NEED_RTNL,
14588         },
14589         {
14590                 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
14591                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14592                 .doit = nl80211_crit_protocol_start,
14593                 .flags = GENL_UNS_ADMIN_PERM,
14594                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14595                                   NL80211_FLAG_NEED_RTNL,
14596         },
14597         {
14598                 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
14599                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14600                 .doit = nl80211_crit_protocol_stop,
14601                 .flags = GENL_UNS_ADMIN_PERM,
14602                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14603                                   NL80211_FLAG_NEED_RTNL,
14604         },
14605         {
14606                 .cmd = NL80211_CMD_GET_COALESCE,
14607                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14608                 .doit = nl80211_get_coalesce,
14609                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14610                                   NL80211_FLAG_NEED_RTNL,
14611         },
14612         {
14613                 .cmd = NL80211_CMD_SET_COALESCE,
14614                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14615                 .doit = nl80211_set_coalesce,
14616                 .flags = GENL_UNS_ADMIN_PERM,
14617                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14618                                   NL80211_FLAG_NEED_RTNL,
14619         },
14620         {
14621                 .cmd = NL80211_CMD_CHANNEL_SWITCH,
14622                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14623                 .doit = nl80211_channel_switch,
14624                 .flags = GENL_UNS_ADMIN_PERM,
14625                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14626                                   NL80211_FLAG_NEED_RTNL,
14627         },
14628         {
14629                 .cmd = NL80211_CMD_VENDOR,
14630                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14631                 .doit = nl80211_vendor_cmd,
14632                 .dumpit = nl80211_vendor_cmd_dump,
14633                 .flags = GENL_UNS_ADMIN_PERM,
14634                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14635                                   NL80211_FLAG_NEED_RTNL |
14636                                   NL80211_FLAG_CLEAR_SKB,
14637         },
14638         {
14639                 .cmd = NL80211_CMD_SET_QOS_MAP,
14640                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14641                 .doit = nl80211_set_qos_map,
14642                 .flags = GENL_UNS_ADMIN_PERM,
14643                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14644                                   NL80211_FLAG_NEED_RTNL,
14645         },
14646         {
14647                 .cmd = NL80211_CMD_ADD_TX_TS,
14648                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14649                 .doit = nl80211_add_tx_ts,
14650                 .flags = GENL_UNS_ADMIN_PERM,
14651                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14652                                   NL80211_FLAG_NEED_RTNL,
14653         },
14654         {
14655                 .cmd = NL80211_CMD_DEL_TX_TS,
14656                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14657                 .doit = nl80211_del_tx_ts,
14658                 .flags = GENL_UNS_ADMIN_PERM,
14659                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14660                                   NL80211_FLAG_NEED_RTNL,
14661         },
14662         {
14663                 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
14664                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14665                 .doit = nl80211_tdls_channel_switch,
14666                 .flags = GENL_UNS_ADMIN_PERM,
14667                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14668                                   NL80211_FLAG_NEED_RTNL,
14669         },
14670         {
14671                 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
14672                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14673                 .doit = nl80211_tdls_cancel_channel_switch,
14674                 .flags = GENL_UNS_ADMIN_PERM,
14675                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14676                                   NL80211_FLAG_NEED_RTNL,
14677         },
14678         {
14679                 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
14680                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14681                 .doit = nl80211_set_multicast_to_unicast,
14682                 .flags = GENL_UNS_ADMIN_PERM,
14683                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14684                                   NL80211_FLAG_NEED_RTNL,
14685         },
14686         {
14687                 .cmd = NL80211_CMD_SET_PMK,
14688                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14689                 .doit = nl80211_set_pmk,
14690                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14691                                   NL80211_FLAG_NEED_RTNL |
14692                                   NL80211_FLAG_CLEAR_SKB,
14693         },
14694         {
14695                 .cmd = NL80211_CMD_DEL_PMK,
14696                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14697                 .doit = nl80211_del_pmk,
14698                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14699                                   NL80211_FLAG_NEED_RTNL,
14700         },
14701         {
14702                 .cmd = NL80211_CMD_EXTERNAL_AUTH,
14703                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14704                 .doit = nl80211_external_auth,
14705                 .flags = GENL_ADMIN_PERM,
14706                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14707                                   NL80211_FLAG_NEED_RTNL,
14708         },
14709         {
14710                 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
14711                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14712                 .doit = nl80211_tx_control_port,
14713                 .flags = GENL_UNS_ADMIN_PERM,
14714                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14715                                   NL80211_FLAG_NEED_RTNL,
14716         },
14717         {
14718                 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
14719                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14720                 .doit = nl80211_get_ftm_responder_stats,
14721                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14722                                   NL80211_FLAG_NEED_RTNL,
14723         },
14724         {
14725                 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
14726                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14727                 .doit = nl80211_pmsr_start,
14728                 .flags = GENL_UNS_ADMIN_PERM,
14729                 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14730                                   NL80211_FLAG_NEED_RTNL,
14731         },
14732         {
14733                 .cmd = NL80211_CMD_NOTIFY_RADAR,
14734                 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14735                 .doit = nl80211_notify_radar_detection,
14736                 .flags = GENL_UNS_ADMIN_PERM,
14737                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14738                                   NL80211_FLAG_NEED_RTNL,
14739         },
14740         {
14741                 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
14742                 .doit = nl80211_update_owe_info,
14743                 .flags = GENL_ADMIN_PERM,
14744                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14745                                   NL80211_FLAG_NEED_RTNL,
14746         },
14747         {
14748                 .cmd = NL80211_CMD_PROBE_MESH_LINK,
14749                 .doit = nl80211_probe_mesh_link,
14750                 .flags = GENL_UNS_ADMIN_PERM,
14751                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14752                                   NL80211_FLAG_NEED_RTNL,
14753         },
14754 };
14755 
14756 static struct genl_family nl80211_fam __ro_after_init = {
14757         .name = NL80211_GENL_NAME,      /* have users key off the name instead */
14758         .hdrsize = 0,                   /* no private header */
14759         .version = 1,                   /* no particular meaning now */
14760         .maxattr = NL80211_ATTR_MAX,
14761         .policy = nl80211_policy,
14762         .netnsok = true,
14763         .pre_doit = nl80211_pre_doit,
14764         .post_doit = nl80211_post_doit,
14765         .module = THIS_MODULE,
14766         .ops = nl80211_ops,
14767         .n_ops = ARRAY_SIZE(nl80211_ops),
14768         .mcgrps = nl80211_mcgrps,
14769         .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
14770         .parallel_ops = true,
14771 };
14772 
14773 /* notification functions */
14774 
14775 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
14776                           enum nl80211_commands cmd)
14777 {
14778         struct sk_buff *msg;
14779         struct nl80211_dump_wiphy_state state = {};
14780 
14781         WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
14782                 cmd != NL80211_CMD_DEL_WIPHY);
14783 
14784         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14785         if (!msg)
14786                 return;
14787 
14788         if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
14789                 nlmsg_free(msg);
14790                 return;
14791         }
14792 
14793         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14794                                 NL80211_MCGRP_CONFIG, GFP_KERNEL);
14795 }
14796 
14797 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
14798                                 struct wireless_dev *wdev,
14799                                 enum nl80211_commands cmd)
14800 {
14801         struct sk_buff *msg;
14802 
14803         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14804         if (!msg)
14805                 return;
14806 
14807         if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
14808                 nlmsg_free(msg);
14809                 return;
14810         }
14811 
14812         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14813                                 NL80211_MCGRP_CONFIG, GFP_KERNEL);
14814 }
14815 
14816 static int nl80211_add_scan_req(struct sk_buff *msg,
14817                                 struct cfg80211_registered_device *rdev)
14818 {
14819         struct cfg80211_scan_request *req = rdev->scan_req;
14820         struct nlattr *nest;
14821         int i;
14822 
14823         if (WARN_ON(!req))
14824                 return 0;
14825 
14826         nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
14827         if (!nest)
14828                 goto nla_put_failure;
14829         for (i = 0; i < req->n_ssids; i++) {
14830                 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
14831                         goto nla_put_failure;
14832         }
14833         nla_nest_end(msg, nest);
14834 
14835         nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
14836         if (!nest)
14837                 goto nla_put_failure;
14838         for (i = 0; i < req->n_channels; i++) {
14839                 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
14840                         goto nla_put_failure;
14841         }
14842         nla_nest_end(msg, nest);
14843 
14844         if (req->ie &&
14845             nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
14846                 goto nla_put_failure;
14847 
14848         if (req->flags &&
14849             nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
14850                 goto nla_put_failure;
14851 
14852         if (req->info.scan_start_tsf &&
14853             (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
14854                                req->info.scan_start_tsf, NL80211_BSS_PAD) ||
14855              nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
14856                      req->info.tsf_bssid)))
14857                 goto nla_put_failure;
14858 
14859         return 0;
14860  nla_put_failure:
14861         return -ENOBUFS;
14862 }
14863 
14864 static int nl80211_prep_scan_msg(struct sk_buff *msg,
14865                                  struct cfg80211_registered_device *rdev,
14866                                  struct wireless_dev *wdev,
14867                                  u32 portid, u32 seq, int flags,
14868                                  u32 cmd)
14869 {
14870         void *hdr;
14871 
14872         hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
14873         if (!hdr)
14874                 return -1;
14875 
14876         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14877             (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14878                                          wdev->netdev->ifindex)) ||
14879             nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14880                               NL80211_ATTR_PAD))
14881                 goto nla_put_failure;
14882 
14883         /* ignore errors and send incomplete event anyway */
14884         nl80211_add_scan_req(msg, rdev);
14885 
14886         genlmsg_end(msg, hdr);
14887         return 0;
14888 
14889  nla_put_failure:
14890         genlmsg_cancel(msg, hdr);
14891         return -EMSGSIZE;
14892 }
14893 
14894 static int
14895 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
14896                             struct cfg80211_sched_scan_request *req, u32 cmd)
14897 {
14898         void *hdr;
14899 
14900         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14901         if (!hdr)
14902                 return -1;
14903 
14904         if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
14905                         wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
14906             nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
14907             nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
14908                               NL80211_ATTR_PAD))
14909                 goto nla_put_failure;
14910 
14911         genlmsg_end(msg, hdr);
14912         return 0;
14913 
14914  nla_put_failure:
14915         genlmsg_cancel(msg, hdr);
14916         return -EMSGSIZE;
14917 }
14918 
14919 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
14920                              struct wireless_dev *wdev)
14921 {
14922         struct sk_buff *msg;
14923 
14924         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14925         if (!msg)
14926                 return;
14927 
14928         if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14929                                   NL80211_CMD_TRIGGER_SCAN) < 0) {
14930                 nlmsg_free(msg);
14931                 return;
14932         }
14933 
14934         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14935                                 NL80211_MCGRP_SCAN, GFP_KERNEL);
14936 }
14937 
14938 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
14939                                        struct wireless_dev *wdev, bool aborted)
14940 {
14941         struct sk_buff *msg;
14942 
14943         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14944         if (!msg)
14945                 return NULL;
14946 
14947         if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14948                                   aborted ? NL80211_CMD_SCAN_ABORTED :
14949                                             NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
14950                 nlmsg_free(msg);
14951                 return NULL;
14952         }
14953 
14954         return msg;
14955 }
14956 
14957 /* send message created by nl80211_build_scan_msg() */
14958 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
14959                            struct sk_buff *msg)
14960 {
14961         if (!msg)
14962                 return;
14963 
14964         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14965                                 NL80211_MCGRP_SCAN, GFP_KERNEL);
14966 }
14967 
14968 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
14969 {
14970         struct sk_buff *msg;
14971 
14972         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14973         if (!msg)
14974                 return;
14975 
14976         if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
14977                 nlmsg_free(msg);
14978                 return;
14979         }
14980 
14981         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
14982                                 NL80211_MCGRP_SCAN, GFP_KERNEL);
14983 }
14984 
14985 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
14986                                           struct regulatory_request *request)
14987 {
14988         /* Userspace can always count this one always being set */
14989         if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
14990                 goto nla_put_failure;
14991 
14992         if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
14993                 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14994                                NL80211_REGDOM_TYPE_WORLD))
14995                         goto nla_put_failure;
14996         } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
14997                 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14998                                NL80211_REGDOM_TYPE_CUSTOM_WORLD))
14999                         goto nla_put_failure;
15000         } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
15001                    request->intersect) {
15002                 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15003                                NL80211_REGDOM_TYPE_INTERSECTION))
15004                         goto nla_put_failure;
15005         } else {
15006                 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15007                                NL80211_REGDOM_TYPE_COUNTRY) ||
15008                     nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
15009                                    request->alpha2))
15010                         goto nla_put_failure;
15011         }
15012 
15013         if (request->wiphy_idx != WIPHY_IDX_INVALID) {
15014                 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
15015 
15016                 if (wiphy &&
15017                     nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
15018                         goto nla_put_failure;
15019 
15020                 if (wiphy &&
15021                     wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
15022                     nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
15023                         goto nla_put_failure;
15024         }
15025 
15026         return true;
15027 
15028 nla_put_failure:
15029         return false;
15030 }
15031 
15032 /*
15033  * This can happen on global regulatory changes or device specific settings
15034  * based on custom regulatory domains.
15035  */
15036 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
15037                                      struct regulatory_request *request)
15038 {
15039         struct sk_buff *msg;
15040         void *hdr;
15041 
15042         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15043         if (!msg)
15044                 return;
15045 
15046         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
15047         if (!hdr)
15048                 goto nla_put_failure;
15049 
15050         if (!nl80211_reg_change_event_fill(msg, request))
15051                 goto nla_put_failure;
15052 
15053         genlmsg_end(msg, hdr);
15054 
15055         rcu_read_lock();
15056         genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15057                                 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15058         rcu_read_unlock();
15059 
15060         return;
15061 
15062 nla_put_failure:
15063         nlmsg_free(msg);
15064 }
15065 
15066 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
15067                                     struct net_device *netdev,
15068                                     const u8 *buf, size_t len,
15069                                     enum nl80211_commands cmd, gfp_t gfp,
15070                                     int uapsd_queues, const u8 *req_ies,
15071                                     size_t req_ies_len)
15072 {
15073         struct sk_buff *msg;
15074         void *hdr;
15075 
15076         msg = nlmsg_new(100 + len + req_ies_len, gfp);
15077         if (!msg)
15078                 return;
15079 
15080         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15081         if (!hdr) {
15082                 nlmsg_free(msg);
15083                 return;
15084         }
15085 
15086         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15087             nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15088             nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15089             (req_ies &&
15090              nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
15091                 goto nla_put_failure;
15092 
15093         if (uapsd_queues >= 0) {
15094                 struct nlattr *nla_wmm =
15095                         nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
15096                 if (!nla_wmm)
15097                         goto nla_put_failure;
15098 
15099                 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
15100                                uapsd_queues))
15101                         goto nla_put_failure;
15102 
15103                 nla_nest_end(msg, nla_wmm);
15104         }
15105 
15106         genlmsg_end(msg, hdr);
15107 
15108         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15109                                 NL80211_MCGRP_MLME, gfp);
15110         return;
15111 
15112  nla_put_failure:
15113         nlmsg_free(msg);
15114 }
15115 
15116 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
15117                           struct net_device *netdev, const u8 *buf,
15118                           size_t len, gfp_t gfp)
15119 {
15120         nl80211_send_mlme_event(rdev, netdev, buf, len,
15121                                 NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0);
15122 }
15123 
15124 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
15125                            struct net_device *netdev, const u8 *buf,
15126                            size_t len, gfp_t gfp, int uapsd_queues,
15127                            const u8 *req_ies, size_t req_ies_len)
15128 {
15129         nl80211_send_mlme_event(rdev, netdev, buf, len,
15130                                 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
15131                                 req_ies, req_ies_len);
15132 }
15133 
15134 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
15135                          struct net_device *netdev, const u8 *buf,
15136                          size_t len, gfp_t gfp)
15137 {
15138         nl80211_send_mlme_event(rdev, netdev, buf, len,
15139                                 NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0);
15140 }
15141 
15142 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
15143                            struct net_device *netdev, const u8 *buf,
15144                            size_t len, gfp_t gfp)
15145 {
15146         nl80211_send_mlme_event(rdev, netdev, buf, len,
15147                                 NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0);
15148 }
15149 
15150 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
15151                                   size_t len)
15152 {
15153         struct wireless_dev *wdev = dev->ieee80211_ptr;
15154         struct wiphy *wiphy = wdev->wiphy;
15155         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15156         const struct ieee80211_mgmt *mgmt = (void *)buf;
15157         u32 cmd;
15158 
15159         if (WARN_ON(len < 2))
15160                 return;
15161 
15162         if (ieee80211_is_deauth(mgmt->frame_control))
15163                 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
15164         else
15165                 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
15166 
15167         trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
15168         nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
15169                                 NULL, 0);
15170 }
15171 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
15172 
15173 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
15174                                       struct net_device *netdev, int cmd,
15175                                       const u8 *addr, gfp_t gfp)
15176 {
15177         struct sk_buff *msg;
15178         void *hdr;
15179 
15180         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15181         if (!msg)
15182                 return;
15183 
15184         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15185         if (!hdr) {
15186                 nlmsg_free(msg);
15187                 return;
15188         }
15189 
15190         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15191             nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15192             nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15193             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
15194                 goto nla_put_failure;
15195 
15196         genlmsg_end(msg, hdr);
15197 
15198         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15199                                 NL80211_MCGRP_MLME, gfp);
15200         return;
15201 
15202  nla_put_failure:
15203         nlmsg_free(msg);
15204 }
15205 
15206 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
15207                                struct net_device *netdev, const u8 *addr,
15208                                gfp_t gfp)
15209 {
15210         nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
15211                                   addr, gfp);
15212 }
15213 
15214 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
15215                                 struct net_device *netdev, const u8 *addr,
15216                                 gfp_t gfp)
15217 {
15218         nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
15219                                   addr, gfp);
15220 }
15221 
15222 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
15223                                  struct net_device *netdev,
15224                                  struct cfg80211_connect_resp_params *cr,
15225                                  gfp_t gfp)
15226 {
15227         struct sk_buff *msg;
15228         void *hdr;
15229 
15230         msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
15231                         cr->fils.kek_len + cr->fils.pmk_len +
15232                         (cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15233         if (!msg)
15234                 return;
15235 
15236         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
15237         if (!hdr) {
15238                 nlmsg_free(msg);
15239                 return;
15240         }
15241 
15242         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15243             nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15244             (cr->bssid &&
15245              nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
15246             nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
15247                         cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
15248                         cr->status) ||
15249             (cr->status < 0 &&
15250              (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15251               nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
15252                           cr->timeout_reason))) ||
15253             (cr->req_ie &&
15254              nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
15255             (cr->resp_ie &&
15256              nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
15257                      cr->resp_ie)) ||
15258             (cr->fils.update_erp_next_seq_num &&
15259              nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15260                          cr->fils.erp_next_seq_num)) ||
15261             (cr->status == WLAN_STATUS_SUCCESS &&
15262              ((cr->fils.kek &&
15263                nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
15264                        cr->fils.kek)) ||
15265               (cr->fils.pmk &&
15266                nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
15267               (cr->fils.pmkid &&
15268                nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
15269                 goto nla_put_failure;
15270 
15271         genlmsg_end(msg, hdr);
15272 
15273         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15274                                 NL80211_MCGRP_MLME, gfp);
15275         return;
15276 
15277  nla_put_failure:
15278         nlmsg_free(msg);
15279 }
15280 
15281 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
15282                          struct net_device *netdev,
15283                          struct cfg80211_roam_info *info, gfp_t gfp)
15284 {
15285         struct sk_buff *msg;
15286         void *hdr;
15287         const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
15288 
15289         msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
15290                         info->fils.kek_len + info->fils.pmk_len +
15291                         (info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15292         if (!msg)
15293                 return;
15294 
15295         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
15296         if (!hdr) {
15297                 nlmsg_free(msg);
15298                 return;
15299         }
15300 
15301         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15302             nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15303             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
15304             (info->req_ie &&
15305              nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
15306                      info->req_ie)) ||
15307             (info->resp_ie &&
15308              nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
15309                      info->resp_ie)) ||
15310             (info->fils.update_erp_next_seq_num &&
15311              nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15312                          info->fils.erp_next_seq_num)) ||
15313             (info->fils.kek &&
15314              nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
15315                      info->fils.kek)) ||
15316             (info->fils.pmk &&
15317              nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
15318             (info->fils.pmkid &&
15319              nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
15320                 goto nla_put_failure;
15321 
15322         genlmsg_end(msg, hdr);
15323 
15324         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15325                                 NL80211_MCGRP_MLME, gfp);
15326         return;
15327 
15328  nla_put_failure:
15329         nlmsg_free(msg);
15330 }
15331 
15332 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
15333                                   struct net_device *netdev, const u8 *bssid)
15334 {
15335         struct sk_buff *msg;
15336         void *hdr;
15337 
15338         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15339         if (!msg)
15340                 return;
15341 
15342         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
15343         if (!hdr) {
15344                 nlmsg_free(msg);
15345                 return;
15346         }
15347 
15348         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15349             nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15350             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15351                 goto nla_put_failure;
15352 
15353         genlmsg_end(msg, hdr);
15354 
15355         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15356                                 NL80211_MCGRP_MLME, GFP_KERNEL);
15357         return;
15358 
15359  nla_put_failure:
15360         nlmsg_free(msg);
15361 }
15362 
15363 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
15364                                struct net_device *netdev, u16 reason,
15365                                const u8 *ie, size_t ie_len, bool from_ap)
15366 {
15367         struct sk_buff *msg;
15368         void *hdr;
15369 
15370         msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
15371         if (!msg)
15372                 return;
15373 
15374         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
15375         if (!hdr) {
15376                 nlmsg_free(msg);
15377                 return;
15378         }
15379 
15380         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15381             nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15382             (reason &&
15383              nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
15384             (from_ap &&
15385              nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
15386             (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
15387                 goto nla_put_failure;
15388 
15389         genlmsg_end(msg, hdr);
15390 
15391         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15392                                 NL80211_MCGRP_MLME, GFP_KERNEL);
15393         return;
15394 
15395  nla_put_failure:
15396         nlmsg_free(msg);
15397 }
15398 
15399 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
15400                              struct net_device *netdev, const u8 *bssid,
15401                              gfp_t gfp)
15402 {
15403         struct sk_buff *msg;
15404         void *hdr;
15405 
15406         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15407         if (!msg)
15408                 return;
15409 
15410         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
15411         if (!hdr) {
15412                 nlmsg_free(msg);
15413                 return;
15414         }
15415 
15416         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15417             nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15418             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15419                 goto nla_put_failure;
15420 
15421         genlmsg_end(msg, hdr);
15422 
15423         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15424                                 NL80211_MCGRP_MLME, gfp);
15425         return;
15426 
15427  nla_put_failure:
15428         nlmsg_free(msg);
15429 }
15430 
15431 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
15432                                         const u8 *ie, u8 ie_len,
15433                                         int sig_dbm, gfp_t gfp)
15434 {
15435         struct wireless_dev *wdev = dev->ieee80211_ptr;
15436         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15437         struct sk_buff *msg;
15438         void *hdr;
15439 
15440         if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
15441                 return;
15442 
15443         trace_cfg80211_notify_new_peer_candidate(dev, addr);
15444 
15445         msg = nlmsg_new(100 + ie_len, gfp);
15446         if (!msg)
15447                 return;
15448 
15449         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
15450         if (!hdr) {
15451                 nlmsg_free(msg);
15452                 return;
15453         }
15454 
15455         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15456             nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15457             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15458             (ie_len && ie &&
15459              nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
15460             (sig_dbm &&
15461              nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
15462                 goto nla_put_failure;
15463 
15464         genlmsg_end(msg, hdr);
15465 
15466         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15467                                 NL80211_MCGRP_MLME, gfp);
15468         return;
15469 
15470  nla_put_failure:
15471         nlmsg_free(msg);
15472 }
15473 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
15474 
15475 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
15476                                  struct net_device *netdev, const u8 *addr,
15477                                  enum nl80211_key_type key_type, int key_id,
15478                                  const u8 *tsc, gfp_t gfp)
15479 {
15480         struct sk_buff *msg;
15481         void *hdr;
15482 
15483         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15484         if (!msg)
15485                 return;
15486 
15487         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
15488         if (!hdr) {
15489                 nlmsg_free(msg);
15490                 return;
15491         }
15492 
15493         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15494             nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15495             (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
15496             nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
15497             (key_id != -1 &&
15498              nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
15499             (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
15500                 goto nla_put_failure;
15501 
15502         genlmsg_end(msg, hdr);
15503 
15504         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15505                                 NL80211_MCGRP_MLME, gfp);
15506         return;
15507 
15508  nla_put_failure:
15509         nlmsg_free(msg);
15510 }
15511 
15512 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
15513                                     struct ieee80211_channel *channel_before,
15514                                     struct ieee80211_channel *channel_after)
15515 {
15516         struct sk_buff *msg;
15517         void *hdr;
15518         struct nlattr *nl_freq;
15519 
15520         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
15521         if (!msg)
15522                 return;
15523 
15524         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
15525         if (!hdr) {
15526                 nlmsg_free(msg);
15527                 return;
15528         }
15529 
15530         /*
15531          * Since we are applying the beacon hint to a wiphy we know its
15532          * wiphy_idx is valid
15533          */
15534         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
15535                 goto nla_put_failure;
15536 
15537         /* Before */
15538         nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
15539         if (!nl_freq)
15540                 goto nla_put_failure;
15541 
15542         if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
15543                 goto nla_put_failure;
15544         nla_nest_end(msg, nl_freq);
15545 
15546         /* After */
15547         nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
15548         if (!nl_freq)
15549                 goto nla_put_failure;
15550 
15551         if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
15552                 goto nla_put_failure;
15553         nla_nest_end(msg, nl_freq);
15554 
15555         genlmsg_end(msg, hdr);
15556 
15557         rcu_read_lock();
15558         genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15559                                 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15560         rcu_read_unlock();
15561 
15562         return;
15563 
15564 nla_put_failure:
15565         nlmsg_free(msg);
15566 }
15567 
15568 static void nl80211_send_remain_on_chan_event(
15569         int cmd, struct cfg80211_registered_device *rdev,
15570         struct wireless_dev *wdev, u64 cookie,
15571         struct ieee80211_channel *chan,
15572         unsigned int duration, gfp_t gfp)
15573 {
15574         struct sk_buff *msg;
15575         void *hdr;
15576 
15577         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15578         if (!msg)
15579                 return;
15580 
15581         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15582         if (!hdr) {
15583                 nlmsg_free(msg);
15584                 return;
15585         }
15586 
15587         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15588             (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15589                                          wdev->netdev->ifindex)) ||
15590             nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15591                               NL80211_ATTR_PAD) ||
15592             nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
15593             nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
15594                         NL80211_CHAN_NO_HT) ||
15595             nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15596                               NL80211_ATTR_PAD))
15597                 goto nla_put_failure;
15598 
15599         if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
15600             nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
15601                 goto nla_put_failure;
15602 
15603         genlmsg_end(msg, hdr);
15604 
15605         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15606                                 NL80211_MCGRP_MLME, gfp);
15607         return;
15608 
15609  nla_put_failure:
15610         nlmsg_free(msg);
15611 }
15612 
15613 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
15614                                struct ieee80211_channel *chan,
15615                                unsigned int duration, gfp_t gfp)
15616 {
15617         struct wiphy *wiphy = wdev->wiphy;
15618         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15619 
15620         trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
15621         nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
15622                                           rdev, wdev, cookie, chan,
15623                                           duration, gfp);
15624 }
15625 EXPORT_SYMBOL(cfg80211_ready_on_channel);
15626 
15627 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
15628                                         struct ieee80211_channel *chan,
15629                                         gfp_t gfp)
15630 {
15631         struct wiphy *wiphy = wdev->wiphy;
15632         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15633 
15634         trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
15635         nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15636                                           rdev, wdev, cookie, chan, 0, gfp);
15637 }
15638 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
15639 
15640 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
15641                                         struct ieee80211_channel *chan,
15642                                         gfp_t gfp)
15643 {
15644         struct wiphy *wiphy = wdev->wiphy;
15645         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15646 
15647         trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
15648         nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
15649                                           rdev, wdev, cookie, chan, 0, gfp);
15650 }
15651 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
15652 
15653 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
15654                       struct station_info *sinfo, gfp_t gfp)
15655 {
15656         struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15657         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15658         struct sk_buff *msg;
15659 
15660         trace_cfg80211_new_sta(dev, mac_addr, sinfo);
15661 
15662         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15663         if (!msg)
15664                 return;
15665 
15666         if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
15667                                  rdev, dev, mac_addr, sinfo) < 0) {
15668                 nlmsg_free(msg);
15669                 return;
15670         }
15671 
15672         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15673                                 NL80211_MCGRP_MLME, gfp);
15674 }
15675 EXPORT_SYMBOL(cfg80211_new_sta);
15676 
15677 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
15678                             struct station_info *sinfo, gfp_t gfp)
15679 {
15680         struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15681         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15682         struct sk_buff *msg;
15683         struct station_info empty_sinfo = {};
15684 
15685         if (!sinfo)
15686                 sinfo = &empty_sinfo;
15687 
15688         trace_cfg80211_del_sta(dev, mac_addr);
15689 
15690         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15691         if (!msg) {
15692                 cfg80211_sinfo_release_content(sinfo);
15693                 return;
15694         }
15695 
15696         if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
15697                                  rdev, dev, mac_addr, sinfo) < 0) {
15698                 nlmsg_free(msg);
15699                 return;
15700         }
15701 
15702         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15703                                 NL80211_MCGRP_MLME, gfp);
15704 }
15705 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
15706 
15707 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
15708                           enum nl80211_connect_failed_reason reason,
15709                           gfp_t gfp)
15710 {
15711         struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15712         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15713         struct sk_buff *msg;
15714         void *hdr;
15715 
15716         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
15717         if (!msg)
15718                 return;
15719 
15720         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
15721         if (!hdr) {
15722                 nlmsg_free(msg);
15723                 return;
15724         }
15725 
15726         if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15727             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
15728             nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
15729                 goto nla_put_failure;
15730 
15731         genlmsg_end(msg, hdr);
15732 
15733         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15734                                 NL80211_MCGRP_MLME, gfp);
15735         return;
15736 
15737  nla_put_failure:
15738         nlmsg_free(msg);
15739 }
15740 EXPORT_SYMBOL(cfg80211_conn_failed);
15741 
15742 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
15743                                        const u8 *addr, gfp_t gfp)
15744 {
15745         struct wireless_dev *wdev = dev->ieee80211_ptr;
15746         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15747         struct sk_buff *msg;
15748         void *hdr;
15749         u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
15750 
15751         if (!nlportid)
15752                 return false;
15753 
15754         msg = nlmsg_new(100, gfp);
15755         if (!msg)
15756                 return true;
15757 
15758         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15759         if (!hdr) {
15760                 nlmsg_free(msg);
15761                 return true;
15762         }
15763 
15764         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15765             nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15766             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
15767                 goto nla_put_failure;
15768 
15769         genlmsg_end(msg, hdr);
15770         genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15771         return true;
15772 
15773  nla_put_failure:
15774         nlmsg_free(msg);
15775         return true;
15776 }
15777 
15778 bool cfg80211_rx_spurious_frame(struct net_device *dev,
15779                                 const u8 *addr, gfp_t gfp)
15780 {
15781         struct wireless_dev *wdev = dev->ieee80211_ptr;
15782         bool ret;
15783 
15784         trace_cfg80211_rx_spurious_frame(dev, addr);
15785 
15786         if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15787                     wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
15788                 trace_cfg80211_return_bool(false);
15789                 return false;
15790         }
15791         ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
15792                                          addr, gfp);
15793         trace_cfg80211_return_bool(ret);
15794         return ret;
15795 }
15796 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
15797 
15798 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
15799                                         const u8 *addr, gfp_t gfp)
15800 {
15801         struct wireless_dev *wdev = dev->ieee80211_ptr;
15802         bool ret;
15803 
15804         trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
15805 
15806         if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15807                     wdev->iftype != NL80211_IFTYPE_P2P_GO &&
15808                     wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
15809                 trace_cfg80211_return_bool(false);
15810                 return false;
15811         }
15812         ret = __nl80211_unexpected_frame(dev,
15813                                          NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
15814                                          addr, gfp);
15815         trace_cfg80211_return_bool(ret);
15816         return ret;
15817 }
15818 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
15819 
15820 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
15821                       struct wireless_dev *wdev, u32 nlportid,
15822                       int freq, int sig_dbm,
15823                       const u8 *buf, size_t len, u32 flags, gfp_t gfp)
15824 {
15825         struct net_device *netdev = wdev->netdev;
15826         struct sk_buff *msg;
15827         void *hdr;
15828 
15829         msg = nlmsg_new(100 + len, gfp);
15830         if (!msg)
15831                 return -ENOMEM;
15832 
15833         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
15834         if (!hdr) {
15835                 nlmsg_free(msg);
15836                 return -ENOMEM;
15837         }
15838 
15839         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15840             (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15841                                         netdev->ifindex)) ||
15842             nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15843                               NL80211_ATTR_PAD) ||
15844             nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
15845             (sig_dbm &&
15846              nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
15847             nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15848             (flags &&
15849              nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
15850                 goto nla_put_failure;
15851 
15852         genlmsg_end(msg, hdr);
15853 
15854         return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15855 
15856  nla_put_failure:
15857         nlmsg_free(msg);
15858         return -ENOBUFS;
15859 }
15860 
15861 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
15862                              const u8 *buf, size_t len, bool ack, gfp_t gfp)
15863 {
15864         struct wiphy *wiphy = wdev->wiphy;
15865         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15866         struct net_device *netdev = wdev->netdev;
15867         struct sk_buff *msg;
15868         void *hdr;
15869 
15870         trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
15871 
15872         msg = nlmsg_new(100 + len, gfp);
15873         if (!msg)
15874                 return;
15875 
15876         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
15877         if (!hdr) {
15878                 nlmsg_free(msg);
15879                 return;
15880         }
15881 
15882         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15883             (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15884                                    netdev->ifindex)) ||
15885             nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15886                               NL80211_ATTR_PAD) ||
15887             nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15888             nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15889                               NL80211_ATTR_PAD) ||
15890             (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
15891                 goto nla_put_failure;
15892 
15893         genlmsg_end(msg, hdr);
15894 
15895         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15896                                 NL80211_MCGRP_MLME, gfp);
15897         return;
15898 
15899  nla_put_failure:
15900         nlmsg_free(msg);
15901 }
15902 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
15903 
15904 static int __nl80211_rx_control_port(struct net_device *dev,
15905                                      struct sk_buff *skb,
15906                                      bool unencrypted, gfp_t gfp)
15907 {
15908         struct wireless_dev *wdev = dev->ieee80211_ptr;
15909         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15910         struct ethhdr *ehdr = eth_hdr(skb);
15911         const u8 *addr = ehdr->h_source;
15912         u16 proto = be16_to_cpu(skb->protocol);
15913         struct sk_buff *msg;
15914         void *hdr;
15915         struct nlattr *frame;
15916 
15917         u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
15918 
15919         if (!nlportid)
15920                 return -ENOENT;
15921 
15922         msg = nlmsg_new(100 + skb->len, gfp);
15923         if (!msg)
15924                 return -ENOMEM;
15925 
15926         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
15927         if (!hdr) {
15928                 nlmsg_free(msg);
15929                 return -ENOBUFS;
15930         }
15931 
15932         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15933             nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15934             nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15935                               NL80211_ATTR_PAD) ||
15936             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15937             nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
15938             (unencrypted && nla_put_flag(msg,
15939                                          NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
15940                 goto nla_put_failure;
15941 
15942         frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
15943         if (!frame)
15944                 goto nla_put_failure;
15945 
15946         skb_copy_bits(skb, 0, nla_data(frame), skb->len);
15947         genlmsg_end(msg, hdr);
15948 
15949         return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15950 
15951  nla_put_failure:
15952         nlmsg_free(msg);
15953         return -ENOBUFS;
15954 }
15955 
15956 bool cfg80211_rx_control_port(struct net_device *dev,
15957                               struct sk_buff *skb, bool unencrypted)
15958 {
15959         int ret;
15960 
15961         trace_cfg80211_rx_control_port(dev, skb, unencrypted);
15962         ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
15963         trace_cfg80211_return_bool(ret == 0);
15964         return ret == 0;
15965 }
15966 EXPORT_SYMBOL(cfg80211_rx_control_port);
15967 
15968 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
15969                                             const char *mac, gfp_t gfp)
15970 {
15971         struct wireless_dev *wdev = dev->ieee80211_ptr;
15972         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15973         struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15974         void **cb;
15975 
15976         if (!msg)
15977                 return NULL;
15978 
15979         cb = (void **)msg->cb;
15980 
15981         cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
15982         if (!cb[0]) {
15983                 nlmsg_free(msg);
15984                 return NULL;
15985         }
15986 
15987         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15988             nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15989                 goto nla_put_failure;
15990 
15991         if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
15992                 goto nla_put_failure;
15993 
15994         cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
15995         if (!cb[1])
15996                 goto nla_put_failure;
15997 
15998         cb[2] = rdev;
15999 
16000         return msg;
16001  nla_put_failure:
16002         nlmsg_free(msg);
16003         return NULL;
16004 }
16005 
16006 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
16007 {
16008         void **cb = (void **)msg->cb;
16009         struct cfg80211_registered_device *rdev = cb[2];
16010 
16011         nla_nest_end(msg, cb[1]);
16012         genlmsg_end(msg, cb[0]);
16013 
16014         memset(msg->cb, 0, sizeof(msg->cb));
16015 
16016         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16017                                 NL80211_MCGRP_MLME, gfp);
16018 }
16019 
16020 void cfg80211_cqm_rssi_notify(struct net_device *dev,
16021                               enum nl80211_cqm_rssi_threshold_event rssi_event,
16022                               s32 rssi_level, gfp_t gfp)
16023 {
16024         struct sk_buff *msg;
16025         struct wireless_dev *wdev = dev->ieee80211_ptr;
16026         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16027 
16028         trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
16029 
16030         if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
16031                     rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
16032                 return;
16033 
16034         if (wdev->cqm_config) {
16035                 wdev->cqm_config->last_rssi_event_value = rssi_level;
16036 
16037                 cfg80211_cqm_rssi_update(rdev, dev);
16038 
16039                 if (rssi_level == 0)
16040                         rssi_level = wdev->cqm_config->last_rssi_event_value;
16041         }
16042 
16043         msg = cfg80211_prepare_cqm(dev, NULL, gfp);
16044         if (!msg)
16045                 return;
16046 
16047         if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
16048                         rssi_event))
16049                 goto nla_put_failure;
16050 
16051         if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
16052                                       rssi_level))
16053                 goto nla_put_failure;
16054 
16055         cfg80211_send_cqm(msg, gfp);
16056 
16057         return;
16058 
16059  nla_put_failure:
16060         nlmsg_free(msg);
16061 }
16062 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
16063 
16064 void cfg80211_cqm_txe_notify(struct net_device *dev,
16065                              const u8 *peer, u32 num_packets,
16066                              u32 rate, u32 intvl, gfp_t gfp)
16067 {
16068         struct sk_buff *msg;
16069 
16070         msg = cfg80211_prepare_cqm(dev, peer, gfp);
16071         if (!msg)
16072                 return;
16073 
16074         if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
16075                 goto nla_put_failure;
16076 
16077         if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
16078                 goto nla_put_failure;
16079 
16080         if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
16081                 goto nla_put_failure;
16082 
16083         cfg80211_send_cqm(msg, gfp);
16084         return;
16085 
16086  nla_put_failure:
16087         nlmsg_free(msg);
16088 }
16089 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
16090 
16091 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
16092                                  const u8 *peer, u32 num_packets, gfp_t gfp)
16093 {
16094         struct sk_buff *msg;
16095 
16096         trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
16097 
16098         msg = cfg80211_prepare_cqm(dev, peer, gfp);
16099         if (!msg)
16100                 return;
16101 
16102         if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
16103                 goto nla_put_failure;
16104 
16105         cfg80211_send_cqm(msg, gfp);
16106         return;
16107 
16108  nla_put_failure:
16109         nlmsg_free(msg);
16110 }
16111 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
16112 
16113 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
16114 {
16115         struct sk_buff *msg;
16116 
16117         msg = cfg80211_prepare_cqm(dev, NULL, gfp);
16118         if (!msg)
16119                 return;
16120 
16121         if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
16122                 goto nla_put_failure;
16123 
16124         cfg80211_send_cqm(msg, gfp);
16125         return;
16126 
16127  nla_put_failure:
16128         nlmsg_free(msg);
16129 }
16130 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
16131 
16132 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
16133                                      struct net_device *netdev, const u8 *bssid,
16134                                      const u8 *replay_ctr, gfp_t gfp)
16135 {
16136         struct sk_buff *msg;
16137         struct nlattr *rekey_attr;
16138         void *hdr;
16139 
16140         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16141         if (!msg)
16142                 return;
16143 
16144         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
16145         if (!hdr) {
16146                 nlmsg_free(msg);
16147                 return;
16148         }
16149 
16150         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16151             nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16152             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16153                 goto nla_put_failure;
16154 
16155         rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
16156         if (!rekey_attr)
16157                 goto nla_put_failure;
16158 
16159         if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
16160                     NL80211_REPLAY_CTR_LEN, replay_ctr))
16161                 goto nla_put_failure;
16162 
16163         nla_nest_end(msg, rekey_attr);
16164 
16165         genlmsg_end(msg, hdr);
16166 
16167         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16168                                 NL80211_MCGRP_MLME, gfp);
16169         return;
16170 
16171  nla_put_failure:
16172         nlmsg_free(msg);
16173 }
16174 
16175 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
16176                                const u8 *replay_ctr, gfp_t gfp)
16177 {
16178         struct wireless_dev *wdev = dev->ieee80211_ptr;
16179         struct wiphy *wiphy = wdev->wiphy;
16180         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16181 
16182         trace_cfg80211_gtk_rekey_notify(dev, bssid);
16183         nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
16184 }
16185 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
16186 
16187 static void
16188 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
16189                                struct net_device *netdev, int index,
16190                                const u8 *bssid, bool preauth, gfp_t gfp)
16191 {
16192         struct sk_buff *msg;
16193         struct nlattr *attr;
16194         void *hdr;
16195 
16196         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16197         if (!msg)
16198                 return;
16199 
16200         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
16201         if (!hdr) {
16202                 nlmsg_free(msg);
16203                 return;
16204         }
16205 
16206         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16207             nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16208                 goto nla_put_failure;
16209 
16210         attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
16211         if (!attr)
16212                 goto nla_put_failure;
16213 
16214         if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
16215             nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
16216             (preauth &&
16217              nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
16218                 goto nla_put_failure;
16219 
16220         nla_nest_end(msg, attr);
16221 
16222         genlmsg_end(msg, hdr);
16223 
16224         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16225                                 NL80211_MCGRP_MLME, gfp);
16226         return;
16227 
16228  nla_put_failure:
16229         nlmsg_free(msg);
16230 }
16231 
16232 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
16233                                      const u8 *bssid, bool preauth, gfp_t gfp)
16234 {
16235         struct wireless_dev *wdev = dev->ieee80211_ptr;
16236         struct wiphy *wiphy = wdev->wiphy;
16237         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16238 
16239         trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
16240         nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
16241 }
16242 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
16243 
16244 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
16245                                      struct net_device *netdev,
16246                                      struct cfg80211_chan_def *chandef,
16247                                      gfp_t gfp,
16248                                      enum nl80211_commands notif,
16249                                      u8 count)
16250 {
16251         struct sk_buff *msg;
16252         void *hdr;
16253 
16254         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16255         if (!msg)
16256                 return;
16257 
16258         hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
16259         if (!hdr) {
16260                 nlmsg_free(msg);
16261                 return;
16262         }
16263 
16264         if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16265                 goto nla_put_failure;
16266 
16267         if (nl80211_send_chandef(msg, chandef))
16268                 goto nla_put_failure;
16269 
16270         if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
16271             (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
16272                         goto nla_put_failure;
16273 
16274         genlmsg_end(msg, hdr);
16275 
16276         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16277                                 NL80211_MCGRP_MLME, gfp);
16278         return;
16279 
16280  nla_put_failure:
16281         nlmsg_free(msg);
16282 }
16283 
16284 void cfg80211_ch_switch_notify(struct net_device *dev,
16285                                struct cfg80211_chan_def *chandef)
16286 {
16287         struct wireless_dev *wdev = dev->ieee80211_ptr;
16288         struct wiphy *wiphy = wdev->wiphy;
16289         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16290 
16291         ASSERT_WDEV_LOCK(wdev);
16292 
16293         trace_cfg80211_ch_switch_notify(dev, chandef);
16294 
16295         wdev->chandef = *chandef;
16296         wdev->preset_chandef = *chandef;
16297 
16298         if (wdev->iftype == NL80211_IFTYPE_STATION &&
16299             !WARN_ON(!wdev->current_bss))
16300                 cfg80211_update_assoc_bss_entry(wdev, chandef->chan);
16301 
16302         cfg80211_sched_dfs_chan_update(rdev);
16303 
16304         nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16305                                  NL80211_CMD_CH_SWITCH_NOTIFY, 0);
16306 }
16307 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
16308 
16309 void cfg80211_ch_switch_started_notify(struct net_device *dev,
16310                                        struct cfg80211_chan_def *chandef,
16311                                        u8 count)
16312 {
16313         struct wireless_dev *wdev = dev->ieee80211_ptr;
16314         struct wiphy *wiphy = wdev->wiphy;
16315         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16316 
16317         trace_cfg80211_ch_switch_started_notify(dev, chandef);
16318 
16319         nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16320                                  NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
16321 }
16322 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
16323 
16324 void
16325 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
16326                      const struct cfg80211_chan_def *chandef,
16327                      enum nl80211_radar_event event,
16328                      struct net_device *netdev, gfp_t gfp)
16329 {
16330         struct sk_buff *msg;
16331         void *hdr;
16332 
16333         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16334         if (!msg)
16335                 return;
16336 
16337         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
16338         if (!hdr) {
16339                 nlmsg_free(msg);
16340                 return;
16341         }
16342 
16343         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16344                 goto nla_put_failure;
16345 
16346         /* NOP and radar events don't need a netdev parameter */
16347         if (netdev) {
16348                 struct wireless_dev *wdev = netdev->ieee80211_ptr;
16349 
16350                 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16351                     nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16352                                       NL80211_ATTR_PAD))
16353                         goto nla_put_failure;
16354         }
16355 
16356         if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
16357                 goto nla_put_failure;
16358 
16359         if (nl80211_send_chandef(msg, chandef))
16360                 goto nla_put_failure;
16361 
16362         genlmsg_end(msg, hdr);
16363 
16364         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16365                                 NL80211_MCGRP_MLME, gfp);
16366         return;
16367 
16368  nla_put_failure:
16369         nlmsg_free(msg);
16370 }
16371 
16372 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
16373                                        struct sta_opmode_info *sta_opmode,
16374                                        gfp_t gfp)
16375 {
16376         struct sk_buff *msg;
16377         struct wireless_dev *wdev = dev->ieee80211_ptr;
16378         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16379         void *hdr;
16380 
16381         if (WARN_ON(!mac))
16382                 return;
16383 
16384         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16385         if (!msg)
16386                 return;
16387 
16388         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
16389         if (!hdr) {
16390                 nlmsg_free(msg);
16391                 return;
16392         }
16393 
16394         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16395                 goto nla_put_failure;
16396 
16397         if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16398                 goto nla_put_failure;
16399 
16400         if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
16401                 goto nla_put_failure;
16402 
16403         if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
16404             nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
16405                 goto nla_put_failure;
16406 
16407         if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
16408             nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
16409                 goto nla_put_failure;
16410 
16411         if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
16412             nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
16413                 goto nla_put_failure;
16414 
16415         genlmsg_end(msg, hdr);
16416 
16417         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16418                                 NL80211_MCGRP_MLME, gfp);
16419 
16420         return;
16421 
16422 nla_put_failure:
16423         nlmsg_free(msg);
16424 }
16425 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
16426 
16427 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
16428                            u64 cookie, bool acked, s32 ack_signal,
16429                            bool is_valid_ack_signal, gfp_t gfp)
16430 {
16431         struct wireless_dev *wdev = dev->ieee80211_ptr;
16432         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16433         struct sk_buff *msg;
16434         void *hdr;
16435 
16436         trace_cfg80211_probe_status(dev, addr, cookie, acked);
16437 
16438         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16439 
16440         if (!msg)
16441                 return;
16442 
16443         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
16444         if (!hdr) {
16445                 nlmsg_free(msg);
16446                 return;
16447         }
16448 
16449         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16450             nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16451             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16452             nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16453                               NL80211_ATTR_PAD) ||
16454             (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
16455             (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
16456                                                 ack_signal)))
16457                 goto nla_put_failure;
16458 
16459         genlmsg_end(msg, hdr);
16460 
16461         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16462                                 NL80211_MCGRP_MLME, gfp);
16463         return;
16464 
16465  nla_put_failure:
16466         nlmsg_free(msg);
16467 }
16468 EXPORT_SYMBOL(cfg80211_probe_status);
16469 
16470 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
16471                                  const u8 *frame, size_t len,
16472                                  int freq, int sig_dbm)
16473 {
16474         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16475         struct sk_buff *msg;
16476         void *hdr;
16477         struct cfg80211_beacon_registration *reg;
16478 
16479         trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
16480 
16481         spin_lock_bh(&rdev->beacon_registrations_lock);
16482         list_for_each_entry(reg, &rdev->beacon_registrations, list) {
16483                 msg = nlmsg_new(len + 100, GFP_ATOMIC);
16484                 if (!msg) {
16485                         spin_unlock_bh(&rdev->beacon_registrations_lock);
16486                         return;
16487                 }
16488 
16489                 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16490                 if (!hdr)
16491                         goto nla_put_failure;
16492 
16493                 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16494                     (freq &&
16495                      nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
16496                     (sig_dbm &&
16497                      nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16498                     nla_put(msg, NL80211_ATTR_FRAME, len, frame))
16499                         goto nla_put_failure;
16500 
16501                 genlmsg_end(msg, hdr);
16502 
16503                 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
16504         }
16505         spin_unlock_bh(&rdev->beacon_registrations_lock);
16506         return;
16507 
16508  nla_put_failure:
16509         spin_unlock_bh(&rdev->beacon_registrations_lock);
16510         nlmsg_free(msg);
16511 }
16512 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
16513 
16514 #ifdef CONFIG_PM
16515 static int cfg80211_net_detect_results(struct sk_buff *msg,
16516                                        struct cfg80211_wowlan_wakeup *wakeup)
16517 {
16518         struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
16519         struct nlattr *nl_results, *nl_match, *nl_freqs;
16520         int i, j;
16521 
16522         nl_results = nla_nest_start_noflag(msg,
16523                                            NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
16524         if (!nl_results)
16525                 return -EMSGSIZE;
16526 
16527         for (i = 0; i < nd->n_matches; i++) {
16528                 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
16529 
16530                 nl_match = nla_nest_start_noflag(msg, i);
16531                 if (!nl_match)
16532                         break;
16533 
16534                 /* The SSID attribute is optional in nl80211, but for
16535                  * simplicity reasons it's always present in the
16536                  * cfg80211 structure.  If a driver can't pass the
16537                  * SSID, that needs to be changed.  A zero length SSID
16538                  * is still a valid SSID (wildcard), so it cannot be
16539                  * used for this purpose.
16540                  */
16541                 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
16542                             match->ssid.ssid)) {
16543                         nla_nest_cancel(msg, nl_match);
16544                         goto out;
16545                 }
16546 
16547                 if (match->n_channels) {
16548                         nl_freqs = nla_nest_start_noflag(msg,
16549                                                          NL80211_ATTR_SCAN_FREQUENCIES);
16550                         if (!nl_freqs) {
16551                                 nla_nest_cancel(msg, nl_match);
16552                                 goto out;
16553                         }
16554 
16555                         for (j = 0; j < match->n_channels; j++) {
16556                                 if (nla_put_u32(msg, j, match->channels[j])) {
16557                                         nla_nest_cancel(msg, nl_freqs);
16558                                         nla_nest_cancel(msg, nl_match);
16559                                         goto out;
16560                                 }
16561                         }
16562 
16563                         nla_nest_end(msg, nl_freqs);
16564                 }
16565 
16566                 nla_nest_end(msg, nl_match);
16567         }
16568 
16569 out:
16570         nla_nest_end(msg, nl_results);
16571         return 0;
16572 }
16573 
16574 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
16575                                    struct cfg80211_wowlan_wakeup *wakeup,
16576                                    gfp_t gfp)
16577 {
16578         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16579         struct sk_buff *msg;
16580         void *hdr;
16581         int size = 200;
16582 
16583         trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
16584 
16585         if (wakeup)
16586                 size += wakeup->packet_present_len;
16587 
16588         msg = nlmsg_new(size, gfp);
16589         if (!msg)
16590                 return;
16591 
16592         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
16593         if (!hdr)
16594                 goto free_msg;
16595 
16596         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16597             nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16598                               NL80211_ATTR_PAD))
16599                 goto free_msg;
16600 
16601         if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16602                                         wdev->netdev->ifindex))
16603                 goto free_msg;
16604 
16605         if (wakeup) {
16606                 struct nlattr *reasons;
16607 
16608                 reasons = nla_nest_start_noflag(msg,
16609                                                 NL80211_ATTR_WOWLAN_TRIGGERS);
16610                 if (!reasons)
16611                         goto free_msg;
16612 
16613                 if (wakeup->disconnect &&
16614                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
16615                         goto free_msg;
16616                 if (wakeup->magic_pkt &&
16617                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
16618                         goto free_msg;
16619                 if (wakeup->gtk_rekey_failure &&
16620                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
16621                         goto free_msg;
16622                 if (wakeup->eap_identity_req &&
16623                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
16624                         goto free_msg;
16625                 if (wakeup->four_way_handshake &&
16626                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
16627                         goto free_msg;
16628                 if (wakeup->rfkill_release &&
16629                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
16630                         goto free_msg;
16631 
16632                 if (wakeup->pattern_idx >= 0 &&
16633                     nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
16634                                 wakeup->pattern_idx))
16635                         goto free_msg;
16636 
16637                 if (wakeup->tcp_match &&
16638                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
16639                         goto free_msg;
16640 
16641                 if (wakeup->tcp_connlost &&
16642                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
16643                         goto free_msg;
16644 
16645                 if (wakeup->tcp_nomoretokens &&
16646                     nla_put_flag(msg,
16647                                  NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
16648                         goto free_msg;
16649 
16650                 if (wakeup->packet) {
16651                         u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
16652                         u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
16653 
16654                         if (!wakeup->packet_80211) {
16655                                 pkt_attr =
16656                                         NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
16657                                 len_attr =
16658                                         NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
16659                         }
16660 
16661                         if (wakeup->packet_len &&
16662                             nla_put_u32(msg, len_attr, wakeup->packet_len))
16663                                 goto free_msg;
16664 
16665                         if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
16666                                     wakeup->packet))
16667                                 goto free_msg;
16668                 }
16669 
16670                 if (wakeup->net_detect &&
16671                     cfg80211_net_detect_results(msg, wakeup))
16672                                 goto free_msg;
16673 
16674                 nla_nest_end(msg, reasons);
16675         }
16676 
16677         genlmsg_end(msg, hdr);
16678 
16679         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16680                                 NL80211_MCGRP_MLME, gfp);
16681         return;
16682 
16683  free_msg:
16684         nlmsg_free(msg);
16685 }
16686 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
16687 #endif
16688 
16689 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
16690                                 enum nl80211_tdls_operation oper,
16691                                 u16 reason_code, gfp_t gfp)
16692 {
16693         struct wireless_dev *wdev = dev->ieee80211_ptr;
16694         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16695         struct sk_buff *msg;
16696         void *hdr;
16697 
16698         trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
16699                                          reason_code);
16700 
16701         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16702         if (!msg)
16703                 return;
16704 
16705         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
16706         if (!hdr) {
16707                 nlmsg_free(msg);
16708                 return;
16709         }
16710 
16711         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16712             nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16713             nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
16714             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
16715             (reason_code > 0 &&
16716              nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
16717                 goto nla_put_failure;
16718 
16719         genlmsg_end(msg, hdr);
16720 
16721         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16722                                 NL80211_MCGRP_MLME, gfp);
16723         return;
16724 
16725  nla_put_failure:
16726         nlmsg_free(msg);
16727 }
16728 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
16729 
16730 static int nl80211_netlink_notify(struct notifier_block * nb,
16731                                   unsigned long state,
16732                                   void *_notify)
16733 {
16734         struct netlink_notify *notify = _notify;
16735         struct cfg80211_registered_device *rdev;
16736         struct wireless_dev *wdev;
16737         struct cfg80211_beacon_registration *reg, *tmp;
16738 
16739         if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
16740                 return NOTIFY_DONE;
16741 
16742         rcu_read_lock();
16743 
16744         list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
16745                 struct cfg80211_sched_scan_request *sched_scan_req;
16746 
16747                 list_for_each_entry_rcu(sched_scan_req,
16748                                         &rdev->sched_scan_req_list,
16749                                         list) {
16750                         if (sched_scan_req->owner_nlportid == notify->portid) {
16751                                 sched_scan_req->nl_owner_dead = true;
16752                                 schedule_work(&rdev->sched_scan_stop_wk);
16753                         }
16754                 }
16755 
16756                 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
16757                         cfg80211_mlme_unregister_socket(wdev, notify->portid);
16758 
16759                         if (wdev->owner_nlportid == notify->portid) {
16760                                 wdev->nl_owner_dead = true;
16761                                 schedule_work(&rdev->destroy_work);
16762                         } else if (wdev->conn_owner_nlportid == notify->portid) {
16763                                 schedule_work(&wdev->disconnect_wk);
16764                         }
16765 
16766                         cfg80211_release_pmsr(wdev, notify->portid);
16767                 }
16768 
16769                 spin_lock_bh(&rdev->beacon_registrations_lock);
16770                 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
16771                                          list) {
16772                         if (reg->nlportid == notify->portid) {
16773                                 list_del(&reg->list);
16774                                 kfree(reg);
16775                                 break;
16776                         }
16777                 }
16778                 spin_unlock_bh(&rdev->beacon_registrations_lock);
16779         }
16780 
16781         rcu_read_unlock();
16782 
16783         /*
16784          * It is possible that the user space process that is controlling the
16785          * indoor setting disappeared, so notify the regulatory core.
16786          */
16787         regulatory_netlink_notify(notify->portid);
16788         return NOTIFY_OK;
16789 }
16790 
16791 static struct notifier_block nl80211_netlink_notifier = {
16792         .notifier_call = nl80211_netlink_notify,
16793 };
16794 
16795 void cfg80211_ft_event(struct net_device *netdev,
16796                        struct cfg80211_ft_event_params *ft_event)
16797 {
16798         struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16799         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16800         struct sk_buff *msg;
16801         void *hdr;
16802 
16803         trace_cfg80211_ft_event(wiphy, netdev, ft_event);
16804 
16805         if (!ft_event->target_ap)
16806                 return;
16807 
16808         msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
16809                         GFP_KERNEL);
16810         if (!msg)
16811                 return;
16812 
16813         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
16814         if (!hdr)
16815                 goto out;
16816 
16817         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16818             nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16819             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
16820                 goto out;
16821 
16822         if (ft_event->ies &&
16823             nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
16824                 goto out;
16825         if (ft_event->ric_ies &&
16826             nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
16827                     ft_event->ric_ies))
16828                 goto out;
16829 
16830         genlmsg_end(msg, hdr);
16831 
16832         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16833                                 NL80211_MCGRP_MLME, GFP_KERNEL);
16834         return;
16835  out:
16836         nlmsg_free(msg);
16837 }
16838 EXPORT_SYMBOL(cfg80211_ft_event);
16839 
16840 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
16841 {
16842         struct cfg80211_registered_device *rdev;
16843         struct sk_buff *msg;
16844         void *hdr;
16845         u32 nlportid;
16846 
16847         rdev = wiphy_to_rdev(wdev->wiphy);
16848         if (!rdev->crit_proto_nlportid)
16849                 return;
16850 
16851         nlportid = rdev->crit_proto_nlportid;
16852         rdev->crit_proto_nlportid = 0;
16853 
16854         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16855         if (!msg)
16856                 return;
16857 
16858         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
16859         if (!hdr)
16860                 goto nla_put_failure;
16861 
16862         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16863             nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16864                               NL80211_ATTR_PAD))
16865                 goto nla_put_failure;
16866 
16867         genlmsg_end(msg, hdr);
16868 
16869         genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16870         return;
16871 
16872  nla_put_failure:
16873         nlmsg_free(msg);
16874 }
16875 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
16876 
16877 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
16878 {
16879         struct wiphy *wiphy = wdev->wiphy;
16880         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16881         struct sk_buff *msg;
16882         void *hdr;
16883 
16884         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16885         if (!msg)
16886                 return;
16887 
16888         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
16889         if (!hdr)
16890                 goto out;
16891 
16892         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16893             nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
16894             nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16895                               NL80211_ATTR_PAD))
16896                 goto out;
16897 
16898         genlmsg_end(msg, hdr);
16899 
16900         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
16901                                 NL80211_MCGRP_MLME, GFP_KERNEL);
16902         return;
16903  out:
16904         nlmsg_free(msg);
16905 }
16906 
16907 int cfg80211_external_auth_request(struct net_device *dev,
16908                                    struct cfg80211_external_auth_params *params,
16909                                    gfp_t gfp)
16910 {
16911         struct wireless_dev *wdev = dev->ieee80211_ptr;
16912         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16913         struct sk_buff *msg;
16914         void *hdr;
16915 
16916         if (!wdev->conn_owner_nlportid)
16917                 return -EINVAL;
16918 
16919         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16920         if (!msg)
16921                 return -ENOMEM;
16922 
16923         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
16924         if (!hdr)
16925                 goto nla_put_failure;
16926 
16927         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16928             nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16929             nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
16930             nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
16931                         params->action) ||
16932             nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
16933             nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
16934                     params->ssid.ssid))
16935                 goto nla_put_failure;
16936 
16937         genlmsg_end(msg, hdr);
16938         genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
16939                         wdev->conn_owner_nlportid);
16940         return 0;
16941 
16942  nla_put_failure:
16943         nlmsg_free(msg);
16944         return -ENOBUFS;
16945 }
16946 EXPORT_SYMBOL(cfg80211_external_auth_request);
16947 
16948 void cfg80211_update_owe_info_event(struct net_device *netdev,
16949                                     struct cfg80211_update_owe_info *owe_info,
16950                                     gfp_t gfp)
16951 {
16952         struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16953         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16954         struct sk_buff *msg;
16955         void *hdr;
16956 
16957         trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
16958 
16959         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16960         if (!msg)
16961                 return;
16962 
16963         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
16964         if (!hdr)
16965                 goto nla_put_failure;
16966 
16967         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16968             nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16969             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
16970                 goto nla_put_failure;
16971 
16972         if (!owe_info->ie_len ||
16973             nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
16974                 goto nla_put_failure;
16975 
16976         genlmsg_end(msg, hdr);
16977 
16978         genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16979                                 NL80211_MCGRP_MLME, gfp);
16980         return;
16981 
16982 nla_put_failure:
16983         genlmsg_cancel(msg, hdr);
16984         nlmsg_free(msg);
16985 }
16986 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
16987 
16988 /* initialisation/exit functions */
16989 
16990 int __init nl80211_init(void)
16991 {
16992         int err;
16993 
16994         err = genl_register_family(&nl80211_fam);
16995         if (err)
16996                 return err;
16997 
16998         err = netlink_register_notifier(&nl80211_netlink_notifier);
16999         if (err)
17000                 goto err_out;
17001 
17002         return 0;
17003  err_out:
17004         genl_unregister_family(&nl80211_fam);
17005         return err;
17006 }
17007 
17008 void nl80211_exit(void)
17009 {
17010         netlink_unregister_notifier(&nl80211_netlink_notifier);
17011         genl_unregister_family(&nl80211_fam);
17012 }

/* [<][>][^][v][top][bottom][index][help] */