xref: /openbmc/linux/net/wireless/nl80211.c (revision 7c1e51a34afb110a010a73141a2b5f000f798875) 
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  */
6 
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include "core.h"
23 #include "nl80211.h"
24 #include "reg.h"
25 
26 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type);
27 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
28 				   struct genl_info *info,
29 				   struct cfg80211_crypto_settings *settings,
30 				   int cipher_limit);
31 
32 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
33 			    struct genl_info *info);
34 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
35 			      struct genl_info *info);
36 
37 /* the netlink family */
38 static struct genl_family nl80211_fam = {
39 	.id = GENL_ID_GENERATE,	/* don't bother with a hardcoded ID */
40 	.name = "nl80211",	/* have users key off the name instead */
41 	.hdrsize = 0,		/* no private header */
42 	.version = 1,		/* no particular meaning now */
43 	.maxattr = NL80211_ATTR_MAX,
44 	.netnsok = true,
45 	.pre_doit = nl80211_pre_doit,
46 	.post_doit = nl80211_post_doit,
47 };
48 
49 /* internal helper: get rdev and dev */
50 static int get_rdev_dev_by_ifindex(struct net *netns, struct nlattr **attrs,
51 				   struct cfg80211_registered_device **rdev,
52 				   struct net_device **dev)
53 {
54 	int ifindex;
55 
56 	if (!attrs[NL80211_ATTR_IFINDEX])
57 		return -EINVAL;
58 
59 	ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
60 	*dev = dev_get_by_index(netns, ifindex);
61 	if (!*dev)
62 		return -ENODEV;
63 
64 	*rdev = cfg80211_get_dev_from_ifindex(netns, ifindex);
65 	if (IS_ERR(*rdev)) {
66 		dev_put(*dev);
67 		return PTR_ERR(*rdev);
68 	}
69 
70 	return 0;
71 }
72 
73 /* policy for the attributes */
74 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
75 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
76 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
77 				      .len = 20-1 },
78 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
79 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
80 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
81 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
82 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
83 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
84 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
85 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
86 
87 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
88 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
89 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
90 
91 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
92 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
93 
94 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
95 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
96 				    .len = WLAN_MAX_KEY_LEN },
97 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
98 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
99 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
100 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
101 	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
102 
103 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
104 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
105 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
106 				       .len = IEEE80211_MAX_DATA_LEN },
107 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
108 				       .len = IEEE80211_MAX_DATA_LEN },
109 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
110 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
111 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
112 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
113 					       .len = NL80211_MAX_SUPP_RATES },
114 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
115 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
116 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
117 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
118 				.len = IEEE80211_MAX_MESH_ID_LEN },
119 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
120 
121 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
122 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
123 
124 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
125 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
126 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
127 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
128 					   .len = NL80211_MAX_SUPP_RATES },
129 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
130 
131 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
132 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
133 
134 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
135 
136 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
137 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
138 			      .len = IEEE80211_MAX_DATA_LEN },
139 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
140 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
141 
142 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
143 				.len = IEEE80211_MAX_SSID_LEN },
144 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
145 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
146 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
147 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
148 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
149 	[NL80211_ATTR_STA_FLAGS2] = {
150 		.len = sizeof(struct nl80211_sta_flag_update),
151 	},
152 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
153 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
154 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
155 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
156 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
157 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
158 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
159 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
160 	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
161 				 .len = WLAN_PMKID_LEN },
162 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
163 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
164 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
165 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
166 				 .len = IEEE80211_MAX_DATA_LEN },
167 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
168 	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
169 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
170 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
171 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
172 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
173 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
174 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
175 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
176 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
177 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
178 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
179 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
180 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
181 	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
182 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
183 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
184 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
185 	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
186 	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
187 					 .len = IEEE80211_MAX_DATA_LEN },
188 	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
189 					 .len = IEEE80211_MAX_DATA_LEN },
190 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
191 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
192 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
193 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
194 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
195 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
196 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
197 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
198 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
199 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
200 				      .len = IEEE80211_MAX_DATA_LEN },
201 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
202 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
203 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
204 		.len = NL80211_HT_CAPABILITY_LEN
205 	},
206 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
207 };
208 
209 /* policy for the key attributes */
210 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
211 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
212 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
213 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
214 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
215 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
216 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
217 	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
218 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
219 };
220 
221 /* policy for the key default flags */
222 static const struct nla_policy
223 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
224 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
225 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
226 };
227 
228 /* policy for WoWLAN attributes */
229 static const struct nla_policy
230 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
231 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
232 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
233 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
234 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
235 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
236 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
237 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
238 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
239 };
240 
241 /* policy for GTK rekey offload attributes */
242 static const struct nla_policy
243 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
244 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
245 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
246 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
247 };
248 
249 static const struct nla_policy
250 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
251 	[NL80211_ATTR_SCHED_SCAN_MATCH_SSID] = { .type = NLA_BINARY,
252 						 .len = IEEE80211_MAX_SSID_LEN },
253 };
254 
255 /* ifidx get helper */
256 static int nl80211_get_ifidx(struct netlink_callback *cb)
257 {
258 	int res;
259 
260 	res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
261 			  nl80211_fam.attrbuf, nl80211_fam.maxattr,
262 			  nl80211_policy);
263 	if (res)
264 		return res;
265 
266 	if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
267 		return -EINVAL;
268 
269 	res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
270 	if (!res)
271 		return -EINVAL;
272 	return res;
273 }
274 
275 static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
276 				       struct netlink_callback *cb,
277 				       struct cfg80211_registered_device **rdev,
278 				       struct net_device **dev)
279 {
280 	int ifidx = cb->args[0];
281 	int err;
282 
283 	if (!ifidx)
284 		ifidx = nl80211_get_ifidx(cb);
285 	if (ifidx < 0)
286 		return ifidx;
287 
288 	cb->args[0] = ifidx;
289 
290 	rtnl_lock();
291 
292 	*dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
293 	if (!*dev) {
294 		err = -ENODEV;
295 		goto out_rtnl;
296 	}
297 
298 	*rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
299 	if (IS_ERR(*rdev)) {
300 		err = PTR_ERR(*rdev);
301 		goto out_rtnl;
302 	}
303 
304 	return 0;
305  out_rtnl:
306 	rtnl_unlock();
307 	return err;
308 }
309 
310 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
311 {
312 	cfg80211_unlock_rdev(rdev);
313 	rtnl_unlock();
314 }
315 
316 /* IE validation */
317 static bool is_valid_ie_attr(const struct nlattr *attr)
318 {
319 	const u8 *pos;
320 	int len;
321 
322 	if (!attr)
323 		return true;
324 
325 	pos = nla_data(attr);
326 	len = nla_len(attr);
327 
328 	while (len) {
329 		u8 elemlen;
330 
331 		if (len < 2)
332 			return false;
333 		len -= 2;
334 
335 		elemlen = pos[1];
336 		if (elemlen > len)
337 			return false;
338 
339 		len -= elemlen;
340 		pos += 2 + elemlen;
341 	}
342 
343 	return true;
344 }
345 
346 /* message building helper */
347 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
348 				   int flags, u8 cmd)
349 {
350 	/* since there is no private header just add the generic one */
351 	return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
352 }
353 
354 static int nl80211_msg_put_channel(struct sk_buff *msg,
355 				   struct ieee80211_channel *chan)
356 {
357 	NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
358 		    chan->center_freq);
359 
360 	if (chan->flags & IEEE80211_CHAN_DISABLED)
361 		NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
362 	if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
363 		NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
364 	if (chan->flags & IEEE80211_CHAN_NO_IBSS)
365 		NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
366 	if (chan->flags & IEEE80211_CHAN_RADAR)
367 		NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
368 
369 	NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
370 		    DBM_TO_MBM(chan->max_power));
371 
372 	return 0;
373 
374  nla_put_failure:
375 	return -ENOBUFS;
376 }
377 
378 /* netlink command implementations */
379 
380 struct key_parse {
381 	struct key_params p;
382 	int idx;
383 	int type;
384 	bool def, defmgmt;
385 	bool def_uni, def_multi;
386 };
387 
388 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
389 {
390 	struct nlattr *tb[NL80211_KEY_MAX + 1];
391 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
392 				   nl80211_key_policy);
393 	if (err)
394 		return err;
395 
396 	k->def = !!tb[NL80211_KEY_DEFAULT];
397 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
398 
399 	if (k->def) {
400 		k->def_uni = true;
401 		k->def_multi = true;
402 	}
403 	if (k->defmgmt)
404 		k->def_multi = true;
405 
406 	if (tb[NL80211_KEY_IDX])
407 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
408 
409 	if (tb[NL80211_KEY_DATA]) {
410 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
411 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
412 	}
413 
414 	if (tb[NL80211_KEY_SEQ]) {
415 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
416 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
417 	}
418 
419 	if (tb[NL80211_KEY_CIPHER])
420 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
421 
422 	if (tb[NL80211_KEY_TYPE]) {
423 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
424 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
425 			return -EINVAL;
426 	}
427 
428 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
429 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
430 		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
431 				       tb[NL80211_KEY_DEFAULT_TYPES],
432 				       nl80211_key_default_policy);
433 		if (err)
434 			return err;
435 
436 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
437 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
438 	}
439 
440 	return 0;
441 }
442 
443 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
444 {
445 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
446 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
447 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
448 	}
449 
450 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
451 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
452 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
453 	}
454 
455 	if (info->attrs[NL80211_ATTR_KEY_IDX])
456 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
457 
458 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
459 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
460 
461 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
462 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
463 
464 	if (k->def) {
465 		k->def_uni = true;
466 		k->def_multi = true;
467 	}
468 	if (k->defmgmt)
469 		k->def_multi = true;
470 
471 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
472 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
473 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
474 			return -EINVAL;
475 	}
476 
477 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
478 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
479 		int err = nla_parse_nested(
480 				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
481 				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
482 				nl80211_key_default_policy);
483 		if (err)
484 			return err;
485 
486 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
487 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
488 	}
489 
490 	return 0;
491 }
492 
493 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
494 {
495 	int err;
496 
497 	memset(k, 0, sizeof(*k));
498 	k->idx = -1;
499 	k->type = -1;
500 
501 	if (info->attrs[NL80211_ATTR_KEY])
502 		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
503 	else
504 		err = nl80211_parse_key_old(info, k);
505 
506 	if (err)
507 		return err;
508 
509 	if (k->def && k->defmgmt)
510 		return -EINVAL;
511 
512 	if (k->defmgmt) {
513 		if (k->def_uni || !k->def_multi)
514 			return -EINVAL;
515 	}
516 
517 	if (k->idx != -1) {
518 		if (k->defmgmt) {
519 			if (k->idx < 4 || k->idx > 5)
520 				return -EINVAL;
521 		} else if (k->def) {
522 			if (k->idx < 0 || k->idx > 3)
523 				return -EINVAL;
524 		} else {
525 			if (k->idx < 0 || k->idx > 5)
526 				return -EINVAL;
527 		}
528 	}
529 
530 	return 0;
531 }
532 
533 static struct cfg80211_cached_keys *
534 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
535 		       struct nlattr *keys)
536 {
537 	struct key_parse parse;
538 	struct nlattr *key;
539 	struct cfg80211_cached_keys *result;
540 	int rem, err, def = 0;
541 
542 	result = kzalloc(sizeof(*result), GFP_KERNEL);
543 	if (!result)
544 		return ERR_PTR(-ENOMEM);
545 
546 	result->def = -1;
547 	result->defmgmt = -1;
548 
549 	nla_for_each_nested(key, keys, rem) {
550 		memset(&parse, 0, sizeof(parse));
551 		parse.idx = -1;
552 
553 		err = nl80211_parse_key_new(key, &parse);
554 		if (err)
555 			goto error;
556 		err = -EINVAL;
557 		if (!parse.p.key)
558 			goto error;
559 		if (parse.idx < 0 || parse.idx > 4)
560 			goto error;
561 		if (parse.def) {
562 			if (def)
563 				goto error;
564 			def = 1;
565 			result->def = parse.idx;
566 			if (!parse.def_uni || !parse.def_multi)
567 				goto error;
568 		} else if (parse.defmgmt)
569 			goto error;
570 		err = cfg80211_validate_key_settings(rdev, &parse.p,
571 						     parse.idx, false, NULL);
572 		if (err)
573 			goto error;
574 		result->params[parse.idx].cipher = parse.p.cipher;
575 		result->params[parse.idx].key_len = parse.p.key_len;
576 		result->params[parse.idx].key = result->data[parse.idx];
577 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
578 	}
579 
580 	return result;
581  error:
582 	kfree(result);
583 	return ERR_PTR(err);
584 }
585 
586 static int nl80211_key_allowed(struct wireless_dev *wdev)
587 {
588 	ASSERT_WDEV_LOCK(wdev);
589 
590 	switch (wdev->iftype) {
591 	case NL80211_IFTYPE_AP:
592 	case NL80211_IFTYPE_AP_VLAN:
593 	case NL80211_IFTYPE_P2P_GO:
594 	case NL80211_IFTYPE_MESH_POINT:
595 		break;
596 	case NL80211_IFTYPE_ADHOC:
597 		if (!wdev->current_bss)
598 			return -ENOLINK;
599 		break;
600 	case NL80211_IFTYPE_STATION:
601 	case NL80211_IFTYPE_P2P_CLIENT:
602 		if (wdev->sme_state != CFG80211_SME_CONNECTED)
603 			return -ENOLINK;
604 		break;
605 	default:
606 		return -EINVAL;
607 	}
608 
609 	return 0;
610 }
611 
612 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
613 {
614 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
615 	int i;
616 
617 	if (!nl_modes)
618 		goto nla_put_failure;
619 
620 	i = 0;
621 	while (ifmodes) {
622 		if (ifmodes & 1)
623 			NLA_PUT_FLAG(msg, i);
624 		ifmodes >>= 1;
625 		i++;
626 	}
627 
628 	nla_nest_end(msg, nl_modes);
629 	return 0;
630 
631 nla_put_failure:
632 	return -ENOBUFS;
633 }
634 
635 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
636 					  struct sk_buff *msg)
637 {
638 	struct nlattr *nl_combis;
639 	int i, j;
640 
641 	nl_combis = nla_nest_start(msg,
642 				NL80211_ATTR_INTERFACE_COMBINATIONS);
643 	if (!nl_combis)
644 		goto nla_put_failure;
645 
646 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
647 		const struct ieee80211_iface_combination *c;
648 		struct nlattr *nl_combi, *nl_limits;
649 
650 		c = &wiphy->iface_combinations[i];
651 
652 		nl_combi = nla_nest_start(msg, i + 1);
653 		if (!nl_combi)
654 			goto nla_put_failure;
655 
656 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
657 		if (!nl_limits)
658 			goto nla_put_failure;
659 
660 		for (j = 0; j < c->n_limits; j++) {
661 			struct nlattr *nl_limit;
662 
663 			nl_limit = nla_nest_start(msg, j + 1);
664 			if (!nl_limit)
665 				goto nla_put_failure;
666 			NLA_PUT_U32(msg, NL80211_IFACE_LIMIT_MAX,
667 				    c->limits[j].max);
668 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
669 						c->limits[j].types))
670 				goto nla_put_failure;
671 			nla_nest_end(msg, nl_limit);
672 		}
673 
674 		nla_nest_end(msg, nl_limits);
675 
676 		if (c->beacon_int_infra_match)
677 			NLA_PUT_FLAG(msg,
678 				NL80211_IFACE_COMB_STA_AP_BI_MATCH);
679 		NLA_PUT_U32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
680 			    c->num_different_channels);
681 		NLA_PUT_U32(msg, NL80211_IFACE_COMB_MAXNUM,
682 			    c->max_interfaces);
683 
684 		nla_nest_end(msg, nl_combi);
685 	}
686 
687 	nla_nest_end(msg, nl_combis);
688 
689 	return 0;
690 nla_put_failure:
691 	return -ENOBUFS;
692 }
693 
694 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
695 			      struct cfg80211_registered_device *dev)
696 {
697 	void *hdr;
698 	struct nlattr *nl_bands, *nl_band;
699 	struct nlattr *nl_freqs, *nl_freq;
700 	struct nlattr *nl_rates, *nl_rate;
701 	struct nlattr *nl_cmds;
702 	enum ieee80211_band band;
703 	struct ieee80211_channel *chan;
704 	struct ieee80211_rate *rate;
705 	int i;
706 	const struct ieee80211_txrx_stypes *mgmt_stypes =
707 				dev->wiphy.mgmt_stypes;
708 
709 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
710 	if (!hdr)
711 		return -1;
712 
713 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
714 	NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
715 
716 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
717 		    cfg80211_rdev_list_generation);
718 
719 	NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
720 		   dev->wiphy.retry_short);
721 	NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
722 		   dev->wiphy.retry_long);
723 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
724 		    dev->wiphy.frag_threshold);
725 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
726 		    dev->wiphy.rts_threshold);
727 	NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
728 		    dev->wiphy.coverage_class);
729 	NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
730 		   dev->wiphy.max_scan_ssids);
731 	NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
732 		   dev->wiphy.max_sched_scan_ssids);
733 	NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
734 		    dev->wiphy.max_scan_ie_len);
735 	NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
736 		    dev->wiphy.max_sched_scan_ie_len);
737 	NLA_PUT_U8(msg, NL80211_ATTR_MAX_MATCH_SETS,
738 		   dev->wiphy.max_match_sets);
739 
740 	if (dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)
741 		NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_IBSS_RSN);
742 	if (dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH)
743 		NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH);
744 	if (dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD)
745 		NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_AP_UAPSD);
746 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)
747 		NLA_PUT_FLAG(msg, NL80211_ATTR_ROAM_SUPPORT);
748 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)
749 		NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_SUPPORT);
750 	if (dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)
751 		NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP);
752 
753 	NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
754 		sizeof(u32) * dev->wiphy.n_cipher_suites,
755 		dev->wiphy.cipher_suites);
756 
757 	NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
758 		   dev->wiphy.max_num_pmkids);
759 
760 	if (dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL)
761 		NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE);
762 
763 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
764 		    dev->wiphy.available_antennas_tx);
765 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
766 		    dev->wiphy.available_antennas_rx);
767 
768 	if (dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD)
769 		NLA_PUT_U32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
770 			    dev->wiphy.probe_resp_offload);
771 
772 	if ((dev->wiphy.available_antennas_tx ||
773 	     dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
774 		u32 tx_ant = 0, rx_ant = 0;
775 		int res;
776 		res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant);
777 		if (!res) {
778 			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, tx_ant);
779 			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, rx_ant);
780 		}
781 	}
782 
783 	if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
784 				dev->wiphy.interface_modes))
785 		goto nla_put_failure;
786 
787 	nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
788 	if (!nl_bands)
789 		goto nla_put_failure;
790 
791 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
792 		if (!dev->wiphy.bands[band])
793 			continue;
794 
795 		nl_band = nla_nest_start(msg, band);
796 		if (!nl_band)
797 			goto nla_put_failure;
798 
799 		/* add HT info */
800 		if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
801 			NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
802 				sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
803 				&dev->wiphy.bands[band]->ht_cap.mcs);
804 			NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
805 				dev->wiphy.bands[band]->ht_cap.cap);
806 			NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
807 				dev->wiphy.bands[band]->ht_cap.ampdu_factor);
808 			NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
809 				dev->wiphy.bands[band]->ht_cap.ampdu_density);
810 		}
811 
812 		/* add frequencies */
813 		nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
814 		if (!nl_freqs)
815 			goto nla_put_failure;
816 
817 		for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
818 			nl_freq = nla_nest_start(msg, i);
819 			if (!nl_freq)
820 				goto nla_put_failure;
821 
822 			chan = &dev->wiphy.bands[band]->channels[i];
823 
824 			if (nl80211_msg_put_channel(msg, chan))
825 				goto nla_put_failure;
826 
827 			nla_nest_end(msg, nl_freq);
828 		}
829 
830 		nla_nest_end(msg, nl_freqs);
831 
832 		/* add bitrates */
833 		nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
834 		if (!nl_rates)
835 			goto nla_put_failure;
836 
837 		for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
838 			nl_rate = nla_nest_start(msg, i);
839 			if (!nl_rate)
840 				goto nla_put_failure;
841 
842 			rate = &dev->wiphy.bands[band]->bitrates[i];
843 			NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
844 				    rate->bitrate);
845 			if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
846 				NLA_PUT_FLAG(msg,
847 					NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
848 
849 			nla_nest_end(msg, nl_rate);
850 		}
851 
852 		nla_nest_end(msg, nl_rates);
853 
854 		nla_nest_end(msg, nl_band);
855 	}
856 	nla_nest_end(msg, nl_bands);
857 
858 	nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
859 	if (!nl_cmds)
860 		goto nla_put_failure;
861 
862 	i = 0;
863 #define CMD(op, n)						\
864 	 do {							\
865 		if (dev->ops->op) {				\
866 			i++;					\
867 			NLA_PUT_U32(msg, i, NL80211_CMD_ ## n);	\
868 		}						\
869 	} while (0)
870 
871 	CMD(add_virtual_intf, NEW_INTERFACE);
872 	CMD(change_virtual_intf, SET_INTERFACE);
873 	CMD(add_key, NEW_KEY);
874 	CMD(start_ap, START_AP);
875 	CMD(add_station, NEW_STATION);
876 	CMD(add_mpath, NEW_MPATH);
877 	CMD(update_mesh_config, SET_MESH_CONFIG);
878 	CMD(change_bss, SET_BSS);
879 	CMD(auth, AUTHENTICATE);
880 	CMD(assoc, ASSOCIATE);
881 	CMD(deauth, DEAUTHENTICATE);
882 	CMD(disassoc, DISASSOCIATE);
883 	CMD(join_ibss, JOIN_IBSS);
884 	CMD(join_mesh, JOIN_MESH);
885 	CMD(set_pmksa, SET_PMKSA);
886 	CMD(del_pmksa, DEL_PMKSA);
887 	CMD(flush_pmksa, FLUSH_PMKSA);
888 	if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
889 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
890 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
891 	CMD(mgmt_tx, FRAME);
892 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
893 	if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
894 		i++;
895 		NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
896 	}
897 	CMD(set_channel, SET_CHANNEL);
898 	CMD(set_wds_peer, SET_WDS_PEER);
899 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
900 		CMD(tdls_mgmt, TDLS_MGMT);
901 		CMD(tdls_oper, TDLS_OPER);
902 	}
903 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
904 		CMD(sched_scan_start, START_SCHED_SCAN);
905 	CMD(probe_client, PROBE_CLIENT);
906 	CMD(set_noack_map, SET_NOACK_MAP);
907 	if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
908 		i++;
909 		NLA_PUT_U32(msg, i, NL80211_CMD_REGISTER_BEACONS);
910 	}
911 
912 #ifdef CONFIG_NL80211_TESTMODE
913 	CMD(testmode_cmd, TESTMODE);
914 #endif
915 
916 #undef CMD
917 
918 	if (dev->ops->connect || dev->ops->auth) {
919 		i++;
920 		NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
921 	}
922 
923 	if (dev->ops->disconnect || dev->ops->deauth) {
924 		i++;
925 		NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
926 	}
927 
928 	nla_nest_end(msg, nl_cmds);
929 
930 	if (dev->ops->remain_on_channel &&
931 	    dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
932 		NLA_PUT_U32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
933 			    dev->wiphy.max_remain_on_channel_duration);
934 
935 	if (dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)
936 		NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
937 
938 	if (mgmt_stypes) {
939 		u16 stypes;
940 		struct nlattr *nl_ftypes, *nl_ifs;
941 		enum nl80211_iftype ift;
942 
943 		nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
944 		if (!nl_ifs)
945 			goto nla_put_failure;
946 
947 		for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
948 			nl_ftypes = nla_nest_start(msg, ift);
949 			if (!nl_ftypes)
950 				goto nla_put_failure;
951 			i = 0;
952 			stypes = mgmt_stypes[ift].tx;
953 			while (stypes) {
954 				if (stypes & 1)
955 					NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
956 						    (i << 4) | IEEE80211_FTYPE_MGMT);
957 				stypes >>= 1;
958 				i++;
959 			}
960 			nla_nest_end(msg, nl_ftypes);
961 		}
962 
963 		nla_nest_end(msg, nl_ifs);
964 
965 		nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
966 		if (!nl_ifs)
967 			goto nla_put_failure;
968 
969 		for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
970 			nl_ftypes = nla_nest_start(msg, ift);
971 			if (!nl_ftypes)
972 				goto nla_put_failure;
973 			i = 0;
974 			stypes = mgmt_stypes[ift].rx;
975 			while (stypes) {
976 				if (stypes & 1)
977 					NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
978 						    (i << 4) | IEEE80211_FTYPE_MGMT);
979 				stypes >>= 1;
980 				i++;
981 			}
982 			nla_nest_end(msg, nl_ftypes);
983 		}
984 		nla_nest_end(msg, nl_ifs);
985 	}
986 
987 	if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
988 		struct nlattr *nl_wowlan;
989 
990 		nl_wowlan = nla_nest_start(msg,
991 				NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
992 		if (!nl_wowlan)
993 			goto nla_put_failure;
994 
995 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY)
996 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
997 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT)
998 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
999 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT)
1000 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
1001 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY)
1002 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED);
1003 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)
1004 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE);
1005 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)
1006 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST);
1007 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)
1008 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE);
1009 		if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE)
1010 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE);
1011 		if (dev->wiphy.wowlan.n_patterns) {
1012 			struct nl80211_wowlan_pattern_support pat = {
1013 				.max_patterns = dev->wiphy.wowlan.n_patterns,
1014 				.min_pattern_len =
1015 					dev->wiphy.wowlan.pattern_min_len,
1016 				.max_pattern_len =
1017 					dev->wiphy.wowlan.pattern_max_len,
1018 			};
1019 			NLA_PUT(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1020 				sizeof(pat), &pat);
1021 		}
1022 
1023 		nla_nest_end(msg, nl_wowlan);
1024 	}
1025 
1026 	if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1027 				dev->wiphy.software_iftypes))
1028 		goto nla_put_failure;
1029 
1030 	if (nl80211_put_iface_combinations(&dev->wiphy, msg))
1031 		goto nla_put_failure;
1032 
1033 	if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME)
1034 		NLA_PUT_U32(msg, NL80211_ATTR_DEVICE_AP_SME,
1035 			    dev->wiphy.ap_sme_capa);
1036 
1037 	NLA_PUT_U32(msg, NL80211_ATTR_FEATURE_FLAGS, dev->wiphy.features);
1038 
1039 	if (dev->wiphy.ht_capa_mod_mask)
1040 		NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1041 			sizeof(*dev->wiphy.ht_capa_mod_mask),
1042 			dev->wiphy.ht_capa_mod_mask);
1043 
1044 	return genlmsg_end(msg, hdr);
1045 
1046  nla_put_failure:
1047 	genlmsg_cancel(msg, hdr);
1048 	return -EMSGSIZE;
1049 }
1050 
1051 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1052 {
1053 	int idx = 0;
1054 	int start = cb->args[0];
1055 	struct cfg80211_registered_device *dev;
1056 
1057 	mutex_lock(&cfg80211_mutex);
1058 	list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1059 		if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1060 			continue;
1061 		if (++idx <= start)
1062 			continue;
1063 		if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
1064 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
1065 				       dev) < 0) {
1066 			idx--;
1067 			break;
1068 		}
1069 	}
1070 	mutex_unlock(&cfg80211_mutex);
1071 
1072 	cb->args[0] = idx;
1073 
1074 	return skb->len;
1075 }
1076 
1077 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1078 {
1079 	struct sk_buff *msg;
1080 	struct cfg80211_registered_device *dev = info->user_ptr[0];
1081 
1082 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1083 	if (!msg)
1084 		return -ENOMEM;
1085 
1086 	if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) {
1087 		nlmsg_free(msg);
1088 		return -ENOBUFS;
1089 	}
1090 
1091 	return genlmsg_reply(msg, info);
1092 }
1093 
1094 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1095 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1096 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1097 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1098 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1099 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1100 };
1101 
1102 static int parse_txq_params(struct nlattr *tb[],
1103 			    struct ieee80211_txq_params *txq_params)
1104 {
1105 	if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1106 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1107 	    !tb[NL80211_TXQ_ATTR_AIFS])
1108 		return -EINVAL;
1109 
1110 	txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]);
1111 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1112 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1113 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1114 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1115 
1116 	return 0;
1117 }
1118 
1119 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1120 {
1121 	/*
1122 	 * You can only set the channel explicitly for AP, mesh
1123 	 * and WDS type interfaces; all others have their channel
1124 	 * managed via their respective "establish a connection"
1125 	 * command (connect, join, ...)
1126 	 *
1127 	 * Monitors are special as they are normally slaved to
1128 	 * whatever else is going on, so they behave as though
1129 	 * you tried setting the wiphy channel itself.
1130 	 */
1131 	return !wdev ||
1132 		wdev->iftype == NL80211_IFTYPE_AP ||
1133 		wdev->iftype == NL80211_IFTYPE_WDS ||
1134 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1135 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
1136 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1137 }
1138 
1139 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1140 				 struct wireless_dev *wdev,
1141 				 struct genl_info *info)
1142 {
1143 	enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
1144 	u32 freq;
1145 	int result;
1146 
1147 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1148 		return -EINVAL;
1149 
1150 	if (!nl80211_can_set_dev_channel(wdev))
1151 		return -EOPNOTSUPP;
1152 
1153 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1154 		channel_type = nla_get_u32(info->attrs[
1155 				   NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1156 		if (channel_type != NL80211_CHAN_NO_HT &&
1157 		    channel_type != NL80211_CHAN_HT20 &&
1158 		    channel_type != NL80211_CHAN_HT40PLUS &&
1159 		    channel_type != NL80211_CHAN_HT40MINUS)
1160 			return -EINVAL;
1161 	}
1162 
1163 	freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1164 
1165 	mutex_lock(&rdev->devlist_mtx);
1166 	if (wdev) {
1167 		wdev_lock(wdev);
1168 		result = cfg80211_set_freq(rdev, wdev, freq, channel_type);
1169 		wdev_unlock(wdev);
1170 	} else {
1171 		result = cfg80211_set_freq(rdev, NULL, freq, channel_type);
1172 	}
1173 	mutex_unlock(&rdev->devlist_mtx);
1174 
1175 	return result;
1176 }
1177 
1178 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1179 {
1180 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1181 	struct net_device *netdev = info->user_ptr[1];
1182 
1183 	return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1184 }
1185 
1186 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1187 {
1188 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1189 	struct net_device *dev = info->user_ptr[1];
1190 	struct wireless_dev *wdev = dev->ieee80211_ptr;
1191 	const u8 *bssid;
1192 
1193 	if (!info->attrs[NL80211_ATTR_MAC])
1194 		return -EINVAL;
1195 
1196 	if (netif_running(dev))
1197 		return -EBUSY;
1198 
1199 	if (!rdev->ops->set_wds_peer)
1200 		return -EOPNOTSUPP;
1201 
1202 	if (wdev->iftype != NL80211_IFTYPE_WDS)
1203 		return -EOPNOTSUPP;
1204 
1205 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1206 	return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid);
1207 }
1208 
1209 
1210 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1211 {
1212 	struct cfg80211_registered_device *rdev;
1213 	struct net_device *netdev = NULL;
1214 	struct wireless_dev *wdev;
1215 	int result = 0, rem_txq_params = 0;
1216 	struct nlattr *nl_txq_params;
1217 	u32 changed;
1218 	u8 retry_short = 0, retry_long = 0;
1219 	u32 frag_threshold = 0, rts_threshold = 0;
1220 	u8 coverage_class = 0;
1221 
1222 	/*
1223 	 * Try to find the wiphy and netdev. Normally this
1224 	 * function shouldn't need the netdev, but this is
1225 	 * done for backward compatibility -- previously
1226 	 * setting the channel was done per wiphy, but now
1227 	 * it is per netdev. Previous userland like hostapd
1228 	 * also passed a netdev to set_wiphy, so that it is
1229 	 * possible to let that go to the right netdev!
1230 	 */
1231 	mutex_lock(&cfg80211_mutex);
1232 
1233 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
1234 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1235 
1236 		netdev = dev_get_by_index(genl_info_net(info), ifindex);
1237 		if (netdev && netdev->ieee80211_ptr) {
1238 			rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1239 			mutex_lock(&rdev->mtx);
1240 		} else
1241 			netdev = NULL;
1242 	}
1243 
1244 	if (!netdev) {
1245 		rdev = __cfg80211_rdev_from_info(info);
1246 		if (IS_ERR(rdev)) {
1247 			mutex_unlock(&cfg80211_mutex);
1248 			return PTR_ERR(rdev);
1249 		}
1250 		wdev = NULL;
1251 		netdev = NULL;
1252 		result = 0;
1253 
1254 		mutex_lock(&rdev->mtx);
1255 	} else if (netif_running(netdev) &&
1256 		   nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
1257 		wdev = netdev->ieee80211_ptr;
1258 	else
1259 		wdev = NULL;
1260 
1261 	/*
1262 	 * end workaround code, by now the rdev is available
1263 	 * and locked, and wdev may or may not be NULL.
1264 	 */
1265 
1266 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1267 		result = cfg80211_dev_rename(
1268 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1269 
1270 	mutex_unlock(&cfg80211_mutex);
1271 
1272 	if (result)
1273 		goto bad_res;
1274 
1275 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1276 		struct ieee80211_txq_params txq_params;
1277 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1278 
1279 		if (!rdev->ops->set_txq_params) {
1280 			result = -EOPNOTSUPP;
1281 			goto bad_res;
1282 		}
1283 
1284 		if (!netdev) {
1285 			result = -EINVAL;
1286 			goto bad_res;
1287 		}
1288 
1289 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1290 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1291 			result = -EINVAL;
1292 			goto bad_res;
1293 		}
1294 
1295 		nla_for_each_nested(nl_txq_params,
1296 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1297 				    rem_txq_params) {
1298 			nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1299 				  nla_data(nl_txq_params),
1300 				  nla_len(nl_txq_params),
1301 				  txq_params_policy);
1302 			result = parse_txq_params(tb, &txq_params);
1303 			if (result)
1304 				goto bad_res;
1305 
1306 			result = rdev->ops->set_txq_params(&rdev->wiphy,
1307 							   netdev,
1308 							   &txq_params);
1309 			if (result)
1310 				goto bad_res;
1311 		}
1312 	}
1313 
1314 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1315 		result = __nl80211_set_channel(rdev, wdev, info);
1316 		if (result)
1317 			goto bad_res;
1318 	}
1319 
1320 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1321 		enum nl80211_tx_power_setting type;
1322 		int idx, mbm = 0;
1323 
1324 		if (!rdev->ops->set_tx_power) {
1325 			result = -EOPNOTSUPP;
1326 			goto bad_res;
1327 		}
1328 
1329 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1330 		type = nla_get_u32(info->attrs[idx]);
1331 
1332 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1333 		    (type != NL80211_TX_POWER_AUTOMATIC)) {
1334 			result = -EINVAL;
1335 			goto bad_res;
1336 		}
1337 
1338 		if (type != NL80211_TX_POWER_AUTOMATIC) {
1339 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1340 			mbm = nla_get_u32(info->attrs[idx]);
1341 		}
1342 
1343 		result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
1344 		if (result)
1345 			goto bad_res;
1346 	}
1347 
1348 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1349 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1350 		u32 tx_ant, rx_ant;
1351 		if ((!rdev->wiphy.available_antennas_tx &&
1352 		     !rdev->wiphy.available_antennas_rx) ||
1353 		    !rdev->ops->set_antenna) {
1354 			result = -EOPNOTSUPP;
1355 			goto bad_res;
1356 		}
1357 
1358 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
1359 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
1360 
1361 		/* reject antenna configurations which don't match the
1362 		 * available antenna masks, except for the "all" mask */
1363 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
1364 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
1365 			result = -EINVAL;
1366 			goto bad_res;
1367 		}
1368 
1369 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
1370 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
1371 
1372 		result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant);
1373 		if (result)
1374 			goto bad_res;
1375 	}
1376 
1377 	changed = 0;
1378 
1379 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
1380 		retry_short = nla_get_u8(
1381 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
1382 		if (retry_short == 0) {
1383 			result = -EINVAL;
1384 			goto bad_res;
1385 		}
1386 		changed |= WIPHY_PARAM_RETRY_SHORT;
1387 	}
1388 
1389 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
1390 		retry_long = nla_get_u8(
1391 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
1392 		if (retry_long == 0) {
1393 			result = -EINVAL;
1394 			goto bad_res;
1395 		}
1396 		changed |= WIPHY_PARAM_RETRY_LONG;
1397 	}
1398 
1399 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
1400 		frag_threshold = nla_get_u32(
1401 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
1402 		if (frag_threshold < 256) {
1403 			result = -EINVAL;
1404 			goto bad_res;
1405 		}
1406 		if (frag_threshold != (u32) -1) {
1407 			/*
1408 			 * Fragments (apart from the last one) are required to
1409 			 * have even length. Make the fragmentation code
1410 			 * simpler by stripping LSB should someone try to use
1411 			 * odd threshold value.
1412 			 */
1413 			frag_threshold &= ~0x1;
1414 		}
1415 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1416 	}
1417 
1418 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1419 		rts_threshold = nla_get_u32(
1420 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1421 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
1422 	}
1423 
1424 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1425 		coverage_class = nla_get_u8(
1426 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1427 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
1428 	}
1429 
1430 	if (changed) {
1431 		u8 old_retry_short, old_retry_long;
1432 		u32 old_frag_threshold, old_rts_threshold;
1433 		u8 old_coverage_class;
1434 
1435 		if (!rdev->ops->set_wiphy_params) {
1436 			result = -EOPNOTSUPP;
1437 			goto bad_res;
1438 		}
1439 
1440 		old_retry_short = rdev->wiphy.retry_short;
1441 		old_retry_long = rdev->wiphy.retry_long;
1442 		old_frag_threshold = rdev->wiphy.frag_threshold;
1443 		old_rts_threshold = rdev->wiphy.rts_threshold;
1444 		old_coverage_class = rdev->wiphy.coverage_class;
1445 
1446 		if (changed & WIPHY_PARAM_RETRY_SHORT)
1447 			rdev->wiphy.retry_short = retry_short;
1448 		if (changed & WIPHY_PARAM_RETRY_LONG)
1449 			rdev->wiphy.retry_long = retry_long;
1450 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1451 			rdev->wiphy.frag_threshold = frag_threshold;
1452 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1453 			rdev->wiphy.rts_threshold = rts_threshold;
1454 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1455 			rdev->wiphy.coverage_class = coverage_class;
1456 
1457 		result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
1458 		if (result) {
1459 			rdev->wiphy.retry_short = old_retry_short;
1460 			rdev->wiphy.retry_long = old_retry_long;
1461 			rdev->wiphy.frag_threshold = old_frag_threshold;
1462 			rdev->wiphy.rts_threshold = old_rts_threshold;
1463 			rdev->wiphy.coverage_class = old_coverage_class;
1464 		}
1465 	}
1466 
1467  bad_res:
1468 	mutex_unlock(&rdev->mtx);
1469 	if (netdev)
1470 		dev_put(netdev);
1471 	return result;
1472 }
1473 
1474 
1475 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1476 			      struct cfg80211_registered_device *rdev,
1477 			      struct net_device *dev)
1478 {
1479 	void *hdr;
1480 
1481 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1482 	if (!hdr)
1483 		return -1;
1484 
1485 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1486 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
1487 	NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
1488 	NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
1489 
1490 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
1491 		    rdev->devlist_generation ^
1492 			(cfg80211_rdev_list_generation << 2));
1493 
1494 	return genlmsg_end(msg, hdr);
1495 
1496  nla_put_failure:
1497 	genlmsg_cancel(msg, hdr);
1498 	return -EMSGSIZE;
1499 }
1500 
1501 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1502 {
1503 	int wp_idx = 0;
1504 	int if_idx = 0;
1505 	int wp_start = cb->args[0];
1506 	int if_start = cb->args[1];
1507 	struct cfg80211_registered_device *rdev;
1508 	struct wireless_dev *wdev;
1509 
1510 	mutex_lock(&cfg80211_mutex);
1511 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1512 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1513 			continue;
1514 		if (wp_idx < wp_start) {
1515 			wp_idx++;
1516 			continue;
1517 		}
1518 		if_idx = 0;
1519 
1520 		mutex_lock(&rdev->devlist_mtx);
1521 		list_for_each_entry(wdev, &rdev->netdev_list, list) {
1522 			if (if_idx < if_start) {
1523 				if_idx++;
1524 				continue;
1525 			}
1526 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
1527 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
1528 					       rdev, wdev->netdev) < 0) {
1529 				mutex_unlock(&rdev->devlist_mtx);
1530 				goto out;
1531 			}
1532 			if_idx++;
1533 		}
1534 		mutex_unlock(&rdev->devlist_mtx);
1535 
1536 		wp_idx++;
1537 	}
1538  out:
1539 	mutex_unlock(&cfg80211_mutex);
1540 
1541 	cb->args[0] = wp_idx;
1542 	cb->args[1] = if_idx;
1543 
1544 	return skb->len;
1545 }
1546 
1547 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1548 {
1549 	struct sk_buff *msg;
1550 	struct cfg80211_registered_device *dev = info->user_ptr[0];
1551 	struct net_device *netdev = info->user_ptr[1];
1552 
1553 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1554 	if (!msg)
1555 		return -ENOMEM;
1556 
1557 	if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
1558 			       dev, netdev) < 0) {
1559 		nlmsg_free(msg);
1560 		return -ENOBUFS;
1561 	}
1562 
1563 	return genlmsg_reply(msg, info);
1564 }
1565 
1566 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1567 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1568 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1569 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1570 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1571 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1572 };
1573 
1574 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1575 {
1576 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1577 	int flag;
1578 
1579 	*mntrflags = 0;
1580 
1581 	if (!nla)
1582 		return -EINVAL;
1583 
1584 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1585 			     nla, mntr_flags_policy))
1586 		return -EINVAL;
1587 
1588 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1589 		if (flags[flag])
1590 			*mntrflags |= (1<<flag);
1591 
1592 	return 0;
1593 }
1594 
1595 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1596 			       struct net_device *netdev, u8 use_4addr,
1597 			       enum nl80211_iftype iftype)
1598 {
1599 	if (!use_4addr) {
1600 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1601 			return -EBUSY;
1602 		return 0;
1603 	}
1604 
1605 	switch (iftype) {
1606 	case NL80211_IFTYPE_AP_VLAN:
1607 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1608 			return 0;
1609 		break;
1610 	case NL80211_IFTYPE_STATION:
1611 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1612 			return 0;
1613 		break;
1614 	default:
1615 		break;
1616 	}
1617 
1618 	return -EOPNOTSUPP;
1619 }
1620 
1621 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1622 {
1623 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1624 	struct vif_params params;
1625 	int err;
1626 	enum nl80211_iftype otype, ntype;
1627 	struct net_device *dev = info->user_ptr[1];
1628 	u32 _flags, *flags = NULL;
1629 	bool change = false;
1630 
1631 	memset(&params, 0, sizeof(params));
1632 
1633 	otype = ntype = dev->ieee80211_ptr->iftype;
1634 
1635 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
1636 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1637 		if (otype != ntype)
1638 			change = true;
1639 		if (ntype > NL80211_IFTYPE_MAX)
1640 			return -EINVAL;
1641 	}
1642 
1643 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
1644 		struct wireless_dev *wdev = dev->ieee80211_ptr;
1645 
1646 		if (ntype != NL80211_IFTYPE_MESH_POINT)
1647 			return -EINVAL;
1648 		if (netif_running(dev))
1649 			return -EBUSY;
1650 
1651 		wdev_lock(wdev);
1652 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1653 			     IEEE80211_MAX_MESH_ID_LEN);
1654 		wdev->mesh_id_up_len =
1655 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1656 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1657 		       wdev->mesh_id_up_len);
1658 		wdev_unlock(wdev);
1659 	}
1660 
1661 	if (info->attrs[NL80211_ATTR_4ADDR]) {
1662 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1663 		change = true;
1664 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1665 		if (err)
1666 			return err;
1667 	} else {
1668 		params.use_4addr = -1;
1669 	}
1670 
1671 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1672 		if (ntype != NL80211_IFTYPE_MONITOR)
1673 			return -EINVAL;
1674 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1675 					  &_flags);
1676 		if (err)
1677 			return err;
1678 
1679 		flags = &_flags;
1680 		change = true;
1681 	}
1682 
1683 	if (change)
1684 		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1685 	else
1686 		err = 0;
1687 
1688 	if (!err && params.use_4addr != -1)
1689 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
1690 
1691 	return err;
1692 }
1693 
1694 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1695 {
1696 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1697 	struct vif_params params;
1698 	struct net_device *dev;
1699 	int err;
1700 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1701 	u32 flags;
1702 
1703 	memset(&params, 0, sizeof(params));
1704 
1705 	if (!info->attrs[NL80211_ATTR_IFNAME])
1706 		return -EINVAL;
1707 
1708 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
1709 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1710 		if (type > NL80211_IFTYPE_MAX)
1711 			return -EINVAL;
1712 	}
1713 
1714 	if (!rdev->ops->add_virtual_intf ||
1715 	    !(rdev->wiphy.interface_modes & (1 << type)))
1716 		return -EOPNOTSUPP;
1717 
1718 	if (info->attrs[NL80211_ATTR_4ADDR]) {
1719 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1720 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1721 		if (err)
1722 			return err;
1723 	}
1724 
1725 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1726 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1727 				  &flags);
1728 	dev = rdev->ops->add_virtual_intf(&rdev->wiphy,
1729 		nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1730 		type, err ? NULL : &flags, &params);
1731 	if (IS_ERR(dev))
1732 		return PTR_ERR(dev);
1733 
1734 	if (type == NL80211_IFTYPE_MESH_POINT &&
1735 	    info->attrs[NL80211_ATTR_MESH_ID]) {
1736 		struct wireless_dev *wdev = dev->ieee80211_ptr;
1737 
1738 		wdev_lock(wdev);
1739 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1740 			     IEEE80211_MAX_MESH_ID_LEN);
1741 		wdev->mesh_id_up_len =
1742 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1743 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1744 		       wdev->mesh_id_up_len);
1745 		wdev_unlock(wdev);
1746 	}
1747 
1748 	return 0;
1749 }
1750 
1751 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1752 {
1753 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1754 	struct net_device *dev = info->user_ptr[1];
1755 
1756 	if (!rdev->ops->del_virtual_intf)
1757 		return -EOPNOTSUPP;
1758 
1759 	return rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1760 }
1761 
1762 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
1763 {
1764 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1765 	struct net_device *dev = info->user_ptr[1];
1766 	u16 noack_map;
1767 
1768 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
1769 		return -EINVAL;
1770 
1771 	if (!rdev->ops->set_noack_map)
1772 		return -EOPNOTSUPP;
1773 
1774 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
1775 
1776 	return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map);
1777 }
1778 
1779 struct get_key_cookie {
1780 	struct sk_buff *msg;
1781 	int error;
1782 	int idx;
1783 };
1784 
1785 static void get_key_callback(void *c, struct key_params *params)
1786 {
1787 	struct nlattr *key;
1788 	struct get_key_cookie *cookie = c;
1789 
1790 	if (params->key)
1791 		NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
1792 			params->key_len, params->key);
1793 
1794 	if (params->seq)
1795 		NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
1796 			params->seq_len, params->seq);
1797 
1798 	if (params->cipher)
1799 		NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1800 			    params->cipher);
1801 
1802 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1803 	if (!key)
1804 		goto nla_put_failure;
1805 
1806 	if (params->key)
1807 		NLA_PUT(cookie->msg, NL80211_KEY_DATA,
1808 			params->key_len, params->key);
1809 
1810 	if (params->seq)
1811 		NLA_PUT(cookie->msg, NL80211_KEY_SEQ,
1812 			params->seq_len, params->seq);
1813 
1814 	if (params->cipher)
1815 		NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER,
1816 			    params->cipher);
1817 
1818 	NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx);
1819 
1820 	nla_nest_end(cookie->msg, key);
1821 
1822 	return;
1823  nla_put_failure:
1824 	cookie->error = 1;
1825 }
1826 
1827 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1828 {
1829 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1830 	int err;
1831 	struct net_device *dev = info->user_ptr[1];
1832 	u8 key_idx = 0;
1833 	const u8 *mac_addr = NULL;
1834 	bool pairwise;
1835 	struct get_key_cookie cookie = {
1836 		.error = 0,
1837 	};
1838 	void *hdr;
1839 	struct sk_buff *msg;
1840 
1841 	if (info->attrs[NL80211_ATTR_KEY_IDX])
1842 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1843 
1844 	if (key_idx > 5)
1845 		return -EINVAL;
1846 
1847 	if (info->attrs[NL80211_ATTR_MAC])
1848 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1849 
1850 	pairwise = !!mac_addr;
1851 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
1852 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1853 		if (kt >= NUM_NL80211_KEYTYPES)
1854 			return -EINVAL;
1855 		if (kt != NL80211_KEYTYPE_GROUP &&
1856 		    kt != NL80211_KEYTYPE_PAIRWISE)
1857 			return -EINVAL;
1858 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
1859 	}
1860 
1861 	if (!rdev->ops->get_key)
1862 		return -EOPNOTSUPP;
1863 
1864 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1865 	if (!msg)
1866 		return -ENOMEM;
1867 
1868 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1869 			     NL80211_CMD_NEW_KEY);
1870 	if (IS_ERR(hdr))
1871 		return PTR_ERR(hdr);
1872 
1873 	cookie.msg = msg;
1874 	cookie.idx = key_idx;
1875 
1876 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1877 	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1878 	if (mac_addr)
1879 		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1880 
1881 	if (pairwise && mac_addr &&
1882 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
1883 		return -ENOENT;
1884 
1885 	err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise,
1886 				 mac_addr, &cookie, get_key_callback);
1887 
1888 	if (err)
1889 		goto free_msg;
1890 
1891 	if (cookie.error)
1892 		goto nla_put_failure;
1893 
1894 	genlmsg_end(msg, hdr);
1895 	return genlmsg_reply(msg, info);
1896 
1897  nla_put_failure:
1898 	err = -ENOBUFS;
1899  free_msg:
1900 	nlmsg_free(msg);
1901 	return err;
1902 }
1903 
1904 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1905 {
1906 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1907 	struct key_parse key;
1908 	int err;
1909 	struct net_device *dev = info->user_ptr[1];
1910 
1911 	err = nl80211_parse_key(info, &key);
1912 	if (err)
1913 		return err;
1914 
1915 	if (key.idx < 0)
1916 		return -EINVAL;
1917 
1918 	/* only support setting default key */
1919 	if (!key.def && !key.defmgmt)
1920 		return -EINVAL;
1921 
1922 	wdev_lock(dev->ieee80211_ptr);
1923 
1924 	if (key.def) {
1925 		if (!rdev->ops->set_default_key) {
1926 			err = -EOPNOTSUPP;
1927 			goto out;
1928 		}
1929 
1930 		err = nl80211_key_allowed(dev->ieee80211_ptr);
1931 		if (err)
1932 			goto out;
1933 
1934 		err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx,
1935 						 key.def_uni, key.def_multi);
1936 
1937 		if (err)
1938 			goto out;
1939 
1940 #ifdef CONFIG_CFG80211_WEXT
1941 		dev->ieee80211_ptr->wext.default_key = key.idx;
1942 #endif
1943 	} else {
1944 		if (key.def_uni || !key.def_multi) {
1945 			err = -EINVAL;
1946 			goto out;
1947 		}
1948 
1949 		if (!rdev->ops->set_default_mgmt_key) {
1950 			err = -EOPNOTSUPP;
1951 			goto out;
1952 		}
1953 
1954 		err = nl80211_key_allowed(dev->ieee80211_ptr);
1955 		if (err)
1956 			goto out;
1957 
1958 		err = rdev->ops->set_default_mgmt_key(&rdev->wiphy,
1959 						      dev, key.idx);
1960 		if (err)
1961 			goto out;
1962 
1963 #ifdef CONFIG_CFG80211_WEXT
1964 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
1965 #endif
1966 	}
1967 
1968  out:
1969 	wdev_unlock(dev->ieee80211_ptr);
1970 
1971 	return err;
1972 }
1973 
1974 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
1975 {
1976 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1977 	int err;
1978 	struct net_device *dev = info->user_ptr[1];
1979 	struct key_parse key;
1980 	const u8 *mac_addr = NULL;
1981 
1982 	err = nl80211_parse_key(info, &key);
1983 	if (err)
1984 		return err;
1985 
1986 	if (!key.p.key)
1987 		return -EINVAL;
1988 
1989 	if (info->attrs[NL80211_ATTR_MAC])
1990 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1991 
1992 	if (key.type == -1) {
1993 		if (mac_addr)
1994 			key.type = NL80211_KEYTYPE_PAIRWISE;
1995 		else
1996 			key.type = NL80211_KEYTYPE_GROUP;
1997 	}
1998 
1999 	/* for now */
2000 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2001 	    key.type != NL80211_KEYTYPE_GROUP)
2002 		return -EINVAL;
2003 
2004 	if (!rdev->ops->add_key)
2005 		return -EOPNOTSUPP;
2006 
2007 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2008 					   key.type == NL80211_KEYTYPE_PAIRWISE,
2009 					   mac_addr))
2010 		return -EINVAL;
2011 
2012 	wdev_lock(dev->ieee80211_ptr);
2013 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2014 	if (!err)
2015 		err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
2016 					 key.type == NL80211_KEYTYPE_PAIRWISE,
2017 					 mac_addr, &key.p);
2018 	wdev_unlock(dev->ieee80211_ptr);
2019 
2020 	return err;
2021 }
2022 
2023 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2024 {
2025 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2026 	int err;
2027 	struct net_device *dev = info->user_ptr[1];
2028 	u8 *mac_addr = NULL;
2029 	struct key_parse key;
2030 
2031 	err = nl80211_parse_key(info, &key);
2032 	if (err)
2033 		return err;
2034 
2035 	if (info->attrs[NL80211_ATTR_MAC])
2036 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2037 
2038 	if (key.type == -1) {
2039 		if (mac_addr)
2040 			key.type = NL80211_KEYTYPE_PAIRWISE;
2041 		else
2042 			key.type = NL80211_KEYTYPE_GROUP;
2043 	}
2044 
2045 	/* for now */
2046 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2047 	    key.type != NL80211_KEYTYPE_GROUP)
2048 		return -EINVAL;
2049 
2050 	if (!rdev->ops->del_key)
2051 		return -EOPNOTSUPP;
2052 
2053 	wdev_lock(dev->ieee80211_ptr);
2054 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2055 
2056 	if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2057 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2058 		err = -ENOENT;
2059 
2060 	if (!err)
2061 		err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx,
2062 					 key.type == NL80211_KEYTYPE_PAIRWISE,
2063 					 mac_addr);
2064 
2065 #ifdef CONFIG_CFG80211_WEXT
2066 	if (!err) {
2067 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
2068 			dev->ieee80211_ptr->wext.default_key = -1;
2069 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2070 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2071 	}
2072 #endif
2073 	wdev_unlock(dev->ieee80211_ptr);
2074 
2075 	return err;
2076 }
2077 
2078 static int nl80211_parse_beacon(struct genl_info *info,
2079 				struct cfg80211_beacon_data *bcn)
2080 {
2081 	bool haveinfo = false;
2082 
2083 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) ||
2084 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) ||
2085 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
2086 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]))
2087 		return -EINVAL;
2088 
2089 	memset(bcn, 0, sizeof(*bcn));
2090 
2091 	if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
2092 		bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2093 		bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2094 		if (!bcn->head_len)
2095 			return -EINVAL;
2096 		haveinfo = true;
2097 	}
2098 
2099 	if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
2100 		bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2101 		bcn->tail_len =
2102 		    nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2103 		haveinfo = true;
2104 	}
2105 
2106 	if (!haveinfo)
2107 		return -EINVAL;
2108 
2109 	if (info->attrs[NL80211_ATTR_IE]) {
2110 		bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]);
2111 		bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2112 	}
2113 
2114 	if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) {
2115 		bcn->proberesp_ies =
2116 			nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2117 		bcn->proberesp_ies_len =
2118 			nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2119 	}
2120 
2121 	if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
2122 		bcn->assocresp_ies =
2123 			nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2124 		bcn->assocresp_ies_len =
2125 			nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2126 	}
2127 
2128 	if (info->attrs[NL80211_ATTR_PROBE_RESP]) {
2129 		bcn->probe_resp =
2130 			nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]);
2131 		bcn->probe_resp_len =
2132 			nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]);
2133 	}
2134 
2135 	return 0;
2136 }
2137 
2138 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
2139 {
2140 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2141 	struct net_device *dev = info->user_ptr[1];
2142 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2143 	struct cfg80211_ap_settings params;
2144 	int err;
2145 
2146 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2147 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2148 		return -EOPNOTSUPP;
2149 
2150 	if (!rdev->ops->start_ap)
2151 		return -EOPNOTSUPP;
2152 
2153 	if (wdev->beacon_interval)
2154 		return -EALREADY;
2155 
2156 	memset(&params, 0, sizeof(params));
2157 
2158 	/* these are required for START_AP */
2159 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
2160 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
2161 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
2162 		return -EINVAL;
2163 
2164 	err = nl80211_parse_beacon(info, &params.beacon);
2165 	if (err)
2166 		return err;
2167 
2168 	params.beacon_interval =
2169 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
2170 	params.dtim_period =
2171 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
2172 
2173 	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
2174 	if (err)
2175 		return err;
2176 
2177 	/*
2178 	 * In theory, some of these attributes should be required here
2179 	 * but since they were not used when the command was originally
2180 	 * added, keep them optional for old user space programs to let
2181 	 * them continue to work with drivers that do not need the
2182 	 * additional information -- drivers must check!
2183 	 */
2184 	if (info->attrs[NL80211_ATTR_SSID]) {
2185 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
2186 		params.ssid_len =
2187 			nla_len(info->attrs[NL80211_ATTR_SSID]);
2188 		if (params.ssid_len == 0 ||
2189 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
2190 			return -EINVAL;
2191 	}
2192 
2193 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
2194 		params.hidden_ssid = nla_get_u32(
2195 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
2196 		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
2197 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
2198 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
2199 			return -EINVAL;
2200 	}
2201 
2202 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
2203 
2204 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
2205 		params.auth_type = nla_get_u32(
2206 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
2207 		if (!nl80211_valid_auth_type(params.auth_type))
2208 			return -EINVAL;
2209 	} else
2210 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
2211 
2212 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
2213 				      NL80211_MAX_NR_CIPHER_SUITES);
2214 	if (err)
2215 		return err;
2216 
2217 	err = rdev->ops->start_ap(&rdev->wiphy, dev, &params);
2218 	if (!err)
2219 		wdev->beacon_interval = params.beacon_interval;
2220 	return err;
2221 }
2222 
2223 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
2224 {
2225 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2226 	struct net_device *dev = info->user_ptr[1];
2227 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2228 	struct cfg80211_beacon_data params;
2229 	int err;
2230 
2231 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2232 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2233 		return -EOPNOTSUPP;
2234 
2235 	if (!rdev->ops->change_beacon)
2236 		return -EOPNOTSUPP;
2237 
2238 	if (!wdev->beacon_interval)
2239 		return -EINVAL;
2240 
2241 	err = nl80211_parse_beacon(info, &params);
2242 	if (err)
2243 		return err;
2244 
2245 	return rdev->ops->change_beacon(&rdev->wiphy, dev, &params);
2246 }
2247 
2248 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
2249 {
2250 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2251 	struct net_device *dev = info->user_ptr[1];
2252 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2253 	int err;
2254 
2255 	if (!rdev->ops->stop_ap)
2256 		return -EOPNOTSUPP;
2257 
2258 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2259 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2260 		return -EOPNOTSUPP;
2261 
2262 	if (!wdev->beacon_interval)
2263 		return -ENOENT;
2264 
2265 	err = rdev->ops->stop_ap(&rdev->wiphy, dev);
2266 	if (!err)
2267 		wdev->beacon_interval = 0;
2268 	return err;
2269 }
2270 
2271 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
2272 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
2273 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
2274 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
2275 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
2276 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
2277 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
2278 };
2279 
2280 static int parse_station_flags(struct genl_info *info,
2281 			       enum nl80211_iftype iftype,
2282 			       struct station_parameters *params)
2283 {
2284 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
2285 	struct nlattr *nla;
2286 	int flag;
2287 
2288 	/*
2289 	 * Try parsing the new attribute first so userspace
2290 	 * can specify both for older kernels.
2291 	 */
2292 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
2293 	if (nla) {
2294 		struct nl80211_sta_flag_update *sta_flags;
2295 
2296 		sta_flags = nla_data(nla);
2297 		params->sta_flags_mask = sta_flags->mask;
2298 		params->sta_flags_set = sta_flags->set;
2299 		if ((params->sta_flags_mask |
2300 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
2301 			return -EINVAL;
2302 		return 0;
2303 	}
2304 
2305 	/* if present, parse the old attribute */
2306 
2307 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
2308 	if (!nla)
2309 		return 0;
2310 
2311 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
2312 			     nla, sta_flags_policy))
2313 		return -EINVAL;
2314 
2315 	/*
2316 	 * Only allow certain flags for interface types so that
2317 	 * other attributes are silently ignored. Remember that
2318 	 * this is backward compatibility code with old userspace
2319 	 * and shouldn't be hit in other cases anyway.
2320 	 */
2321 	switch (iftype) {
2322 	case NL80211_IFTYPE_AP:
2323 	case NL80211_IFTYPE_AP_VLAN:
2324 	case NL80211_IFTYPE_P2P_GO:
2325 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2326 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2327 					 BIT(NL80211_STA_FLAG_WME) |
2328 					 BIT(NL80211_STA_FLAG_MFP);
2329 		break;
2330 	case NL80211_IFTYPE_P2P_CLIENT:
2331 	case NL80211_IFTYPE_STATION:
2332 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2333 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
2334 		break;
2335 	case NL80211_IFTYPE_MESH_POINT:
2336 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2337 					 BIT(NL80211_STA_FLAG_MFP) |
2338 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
2339 	default:
2340 		return -EINVAL;
2341 	}
2342 
2343 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
2344 		if (flags[flag])
2345 			params->sta_flags_set |= (1<<flag);
2346 
2347 	return 0;
2348 }
2349 
2350 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
2351 				 int attr)
2352 {
2353 	struct nlattr *rate;
2354 	u16 bitrate;
2355 
2356 	rate = nla_nest_start(msg, attr);
2357 	if (!rate)
2358 		goto nla_put_failure;
2359 
2360 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
2361 	bitrate = cfg80211_calculate_bitrate(info);
2362 	if (bitrate > 0)
2363 		NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
2364 
2365 	if (info->flags & RATE_INFO_FLAGS_MCS)
2366 		NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, info->mcs);
2367 	if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
2368 		NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
2369 	if (info->flags & RATE_INFO_FLAGS_SHORT_GI)
2370 		NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
2371 
2372 	nla_nest_end(msg, rate);
2373 	return true;
2374 
2375 nla_put_failure:
2376 	return false;
2377 }
2378 
2379 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2380 				int flags, struct net_device *dev,
2381 				const u8 *mac_addr, struct station_info *sinfo)
2382 {
2383 	void *hdr;
2384 	struct nlattr *sinfoattr, *bss_param;
2385 
2386 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2387 	if (!hdr)
2388 		return -1;
2389 
2390 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2391 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
2392 
2393 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation);
2394 
2395 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2396 	if (!sinfoattr)
2397 		goto nla_put_failure;
2398 	if (sinfo->filled & STATION_INFO_CONNECTED_TIME)
2399 		NLA_PUT_U32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2400 			    sinfo->connected_time);
2401 	if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
2402 		NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2403 			    sinfo->inactive_time);
2404 	if (sinfo->filled & STATION_INFO_RX_BYTES)
2405 		NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
2406 			    sinfo->rx_bytes);
2407 	if (sinfo->filled & STATION_INFO_TX_BYTES)
2408 		NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
2409 			    sinfo->tx_bytes);
2410 	if (sinfo->filled & STATION_INFO_LLID)
2411 		NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
2412 			    sinfo->llid);
2413 	if (sinfo->filled & STATION_INFO_PLID)
2414 		NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
2415 			    sinfo->plid);
2416 	if (sinfo->filled & STATION_INFO_PLINK_STATE)
2417 		NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
2418 			    sinfo->plink_state);
2419 	if (sinfo->filled & STATION_INFO_SIGNAL)
2420 		NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
2421 			   sinfo->signal);
2422 	if (sinfo->filled & STATION_INFO_SIGNAL_AVG)
2423 		NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL_AVG,
2424 			   sinfo->signal_avg);
2425 	if (sinfo->filled & STATION_INFO_TX_BITRATE) {
2426 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
2427 					  NL80211_STA_INFO_TX_BITRATE))
2428 			goto nla_put_failure;
2429 	}
2430 	if (sinfo->filled & STATION_INFO_RX_BITRATE) {
2431 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
2432 					  NL80211_STA_INFO_RX_BITRATE))
2433 			goto nla_put_failure;
2434 	}
2435 	if (sinfo->filled & STATION_INFO_RX_PACKETS)
2436 		NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
2437 			    sinfo->rx_packets);
2438 	if (sinfo->filled & STATION_INFO_TX_PACKETS)
2439 		NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
2440 			    sinfo->tx_packets);
2441 	if (sinfo->filled & STATION_INFO_TX_RETRIES)
2442 		NLA_PUT_U32(msg, NL80211_STA_INFO_TX_RETRIES,
2443 			    sinfo->tx_retries);
2444 	if (sinfo->filled & STATION_INFO_TX_FAILED)
2445 		NLA_PUT_U32(msg, NL80211_STA_INFO_TX_FAILED,
2446 			    sinfo->tx_failed);
2447 	if (sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT)
2448 		NLA_PUT_U32(msg, NL80211_STA_INFO_BEACON_LOSS,
2449 			    sinfo->beacon_loss_count);
2450 	if (sinfo->filled & STATION_INFO_BSS_PARAM) {
2451 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
2452 		if (!bss_param)
2453 			goto nla_put_failure;
2454 
2455 		if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT)
2456 			NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_CTS_PROT);
2457 		if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE)
2458 			NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE);
2459 		if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME)
2460 			NLA_PUT_FLAG(msg,
2461 				     NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME);
2462 		NLA_PUT_U8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
2463 			   sinfo->bss_param.dtim_period);
2464 		NLA_PUT_U16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
2465 			    sinfo->bss_param.beacon_interval);
2466 
2467 		nla_nest_end(msg, bss_param);
2468 	}
2469 	if (sinfo->filled & STATION_INFO_STA_FLAGS)
2470 		NLA_PUT(msg, NL80211_STA_INFO_STA_FLAGS,
2471 			sizeof(struct nl80211_sta_flag_update),
2472 			&sinfo->sta_flags);
2473 	nla_nest_end(msg, sinfoattr);
2474 
2475 	if (sinfo->filled & STATION_INFO_ASSOC_REQ_IES)
2476 		NLA_PUT(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
2477 			sinfo->assoc_req_ies);
2478 
2479 	return genlmsg_end(msg, hdr);
2480 
2481  nla_put_failure:
2482 	genlmsg_cancel(msg, hdr);
2483 	return -EMSGSIZE;
2484 }
2485 
2486 static int nl80211_dump_station(struct sk_buff *skb,
2487 				struct netlink_callback *cb)
2488 {
2489 	struct station_info sinfo;
2490 	struct cfg80211_registered_device *dev;
2491 	struct net_device *netdev;
2492 	u8 mac_addr[ETH_ALEN];
2493 	int sta_idx = cb->args[1];
2494 	int err;
2495 
2496 	err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2497 	if (err)
2498 		return err;
2499 
2500 	if (!dev->ops->dump_station) {
2501 		err = -EOPNOTSUPP;
2502 		goto out_err;
2503 	}
2504 
2505 	while (1) {
2506 		memset(&sinfo, 0, sizeof(sinfo));
2507 		err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
2508 					     mac_addr, &sinfo);
2509 		if (err == -ENOENT)
2510 			break;
2511 		if (err)
2512 			goto out_err;
2513 
2514 		if (nl80211_send_station(skb,
2515 				NETLINK_CB(cb->skb).pid,
2516 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
2517 				netdev, mac_addr,
2518 				&sinfo) < 0)
2519 			goto out;
2520 
2521 		sta_idx++;
2522 	}
2523 
2524 
2525  out:
2526 	cb->args[1] = sta_idx;
2527 	err = skb->len;
2528  out_err:
2529 	nl80211_finish_netdev_dump(dev);
2530 
2531 	return err;
2532 }
2533 
2534 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
2535 {
2536 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2537 	struct net_device *dev = info->user_ptr[1];
2538 	struct station_info sinfo;
2539 	struct sk_buff *msg;
2540 	u8 *mac_addr = NULL;
2541 	int err;
2542 
2543 	memset(&sinfo, 0, sizeof(sinfo));
2544 
2545 	if (!info->attrs[NL80211_ATTR_MAC])
2546 		return -EINVAL;
2547 
2548 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2549 
2550 	if (!rdev->ops->get_station)
2551 		return -EOPNOTSUPP;
2552 
2553 	err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
2554 	if (err)
2555 		return err;
2556 
2557 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2558 	if (!msg)
2559 		return -ENOMEM;
2560 
2561 	if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
2562 				 dev, mac_addr, &sinfo) < 0) {
2563 		nlmsg_free(msg);
2564 		return -ENOBUFS;
2565 	}
2566 
2567 	return genlmsg_reply(msg, info);
2568 }
2569 
2570 /*
2571  * Get vlan interface making sure it is running and on the right wiphy.
2572  */
2573 static struct net_device *get_vlan(struct genl_info *info,
2574 				   struct cfg80211_registered_device *rdev)
2575 {
2576 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
2577 	struct net_device *v;
2578 	int ret;
2579 
2580 	if (!vlanattr)
2581 		return NULL;
2582 
2583 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
2584 	if (!v)
2585 		return ERR_PTR(-ENODEV);
2586 
2587 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
2588 		ret = -EINVAL;
2589 		goto error;
2590 	}
2591 
2592 	if (!netif_running(v)) {
2593 		ret = -ENETDOWN;
2594 		goto error;
2595 	}
2596 
2597 	return v;
2598  error:
2599 	dev_put(v);
2600 	return ERR_PTR(ret);
2601 }
2602 
2603 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
2604 {
2605 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2606 	int err;
2607 	struct net_device *dev = info->user_ptr[1];
2608 	struct station_parameters params;
2609 	u8 *mac_addr = NULL;
2610 
2611 	memset(&params, 0, sizeof(params));
2612 
2613 	params.listen_interval = -1;
2614 	params.plink_state = -1;
2615 
2616 	if (info->attrs[NL80211_ATTR_STA_AID])
2617 		return -EINVAL;
2618 
2619 	if (!info->attrs[NL80211_ATTR_MAC])
2620 		return -EINVAL;
2621 
2622 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2623 
2624 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
2625 		params.supported_rates =
2626 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2627 		params.supported_rates_len =
2628 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2629 	}
2630 
2631 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2632 		params.listen_interval =
2633 		    nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2634 
2635 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2636 		params.ht_capa =
2637 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2638 
2639 	if (!rdev->ops->change_station)
2640 		return -EOPNOTSUPP;
2641 
2642 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
2643 		return -EINVAL;
2644 
2645 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2646 		params.plink_action =
2647 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2648 
2649 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE])
2650 		params.plink_state =
2651 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
2652 
2653 	switch (dev->ieee80211_ptr->iftype) {
2654 	case NL80211_IFTYPE_AP:
2655 	case NL80211_IFTYPE_AP_VLAN:
2656 	case NL80211_IFTYPE_P2P_GO:
2657 		/* disallow mesh-specific things */
2658 		if (params.plink_action)
2659 			return -EINVAL;
2660 
2661 		/* TDLS can't be set, ... */
2662 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2663 			return -EINVAL;
2664 		/*
2665 		 * ... but don't bother the driver with it. This works around
2666 		 * a hostapd/wpa_supplicant issue -- it always includes the
2667 		 * TLDS_PEER flag in the mask even for AP mode.
2668 		 */
2669 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2670 
2671 		/* accept only the listed bits */
2672 		if (params.sta_flags_mask &
2673 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
2674 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2675 				  BIT(NL80211_STA_FLAG_WME) |
2676 				  BIT(NL80211_STA_FLAG_MFP)))
2677 			return -EINVAL;
2678 
2679 		/* must be last in here for error handling */
2680 		params.vlan = get_vlan(info, rdev);
2681 		if (IS_ERR(params.vlan))
2682 			return PTR_ERR(params.vlan);
2683 		break;
2684 	case NL80211_IFTYPE_P2P_CLIENT:
2685 	case NL80211_IFTYPE_STATION:
2686 		/*
2687 		 * Don't allow userspace to change the TDLS_PEER flag,
2688 		 * but silently ignore attempts to change it since we
2689 		 * don't have state here to verify that it doesn't try
2690 		 * to change the flag.
2691 		 */
2692 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2693 		/* fall through */
2694 	case NL80211_IFTYPE_ADHOC:
2695 		/* disallow things sta doesn't support */
2696 		if (params.plink_action)
2697 			return -EINVAL;
2698 		if (params.ht_capa)
2699 			return -EINVAL;
2700 		if (params.listen_interval >= 0)
2701 			return -EINVAL;
2702 		/* reject any changes other than AUTHORIZED */
2703 		if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
2704 			return -EINVAL;
2705 		break;
2706 	case NL80211_IFTYPE_MESH_POINT:
2707 		/* disallow things mesh doesn't support */
2708 		if (params.vlan)
2709 			return -EINVAL;
2710 		if (params.ht_capa)
2711 			return -EINVAL;
2712 		if (params.listen_interval >= 0)
2713 			return -EINVAL;
2714 		/*
2715 		 * No special handling for TDLS here -- the userspace
2716 		 * mesh code doesn't have this bug.
2717 		 */
2718 		if (params.sta_flags_mask &
2719 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2720 				  BIT(NL80211_STA_FLAG_MFP) |
2721 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
2722 			return -EINVAL;
2723 		break;
2724 	default:
2725 		return -EOPNOTSUPP;
2726 	}
2727 
2728 	/* be aware of params.vlan when changing code here */
2729 
2730 	err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
2731 
2732 	if (params.vlan)
2733 		dev_put(params.vlan);
2734 
2735 	return err;
2736 }
2737 
2738 static struct nla_policy
2739 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
2740 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
2741 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
2742 };
2743 
2744 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2745 {
2746 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2747 	int err;
2748 	struct net_device *dev = info->user_ptr[1];
2749 	struct station_parameters params;
2750 	u8 *mac_addr = NULL;
2751 
2752 	memset(&params, 0, sizeof(params));
2753 
2754 	if (!info->attrs[NL80211_ATTR_MAC])
2755 		return -EINVAL;
2756 
2757 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2758 		return -EINVAL;
2759 
2760 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
2761 		return -EINVAL;
2762 
2763 	if (!info->attrs[NL80211_ATTR_STA_AID])
2764 		return -EINVAL;
2765 
2766 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2767 	params.supported_rates =
2768 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2769 	params.supported_rates_len =
2770 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2771 	params.listen_interval =
2772 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2773 
2774 	params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
2775 	if (!params.aid || params.aid > IEEE80211_MAX_AID)
2776 		return -EINVAL;
2777 
2778 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2779 		params.ht_capa =
2780 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2781 
2782 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2783 		params.plink_action =
2784 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2785 
2786 	if (!rdev->ops->add_station)
2787 		return -EOPNOTSUPP;
2788 
2789 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
2790 		return -EINVAL;
2791 
2792 	switch (dev->ieee80211_ptr->iftype) {
2793 	case NL80211_IFTYPE_AP:
2794 	case NL80211_IFTYPE_AP_VLAN:
2795 	case NL80211_IFTYPE_P2P_GO:
2796 		/* parse WME attributes if sta is WME capable */
2797 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2798 		    (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) &&
2799 		    info->attrs[NL80211_ATTR_STA_WME]) {
2800 			struct nlattr *tb[NL80211_STA_WME_MAX + 1];
2801 			struct nlattr *nla;
2802 
2803 			nla = info->attrs[NL80211_ATTR_STA_WME];
2804 			err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
2805 					       nl80211_sta_wme_policy);
2806 			if (err)
2807 				return err;
2808 
2809 			if (tb[NL80211_STA_WME_UAPSD_QUEUES])
2810 				params.uapsd_queues =
2811 				     nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]);
2812 			if (params.uapsd_queues &
2813 					~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
2814 				return -EINVAL;
2815 
2816 			if (tb[NL80211_STA_WME_MAX_SP])
2817 				params.max_sp =
2818 				     nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
2819 
2820 			if (params.max_sp &
2821 					~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
2822 				return -EINVAL;
2823 
2824 			params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
2825 		}
2826 		/* TDLS peers cannot be added */
2827 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2828 			return -EINVAL;
2829 		/* but don't bother the driver with it */
2830 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2831 
2832 		/* must be last in here for error handling */
2833 		params.vlan = get_vlan(info, rdev);
2834 		if (IS_ERR(params.vlan))
2835 			return PTR_ERR(params.vlan);
2836 		break;
2837 	case NL80211_IFTYPE_MESH_POINT:
2838 		/* TDLS peers cannot be added */
2839 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2840 			return -EINVAL;
2841 		break;
2842 	case NL80211_IFTYPE_STATION:
2843 		/* Only TDLS peers can be added */
2844 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
2845 			return -EINVAL;
2846 		/* Can only add if TDLS ... */
2847 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
2848 			return -EOPNOTSUPP;
2849 		/* ... with external setup is supported */
2850 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
2851 			return -EOPNOTSUPP;
2852 		break;
2853 	default:
2854 		return -EOPNOTSUPP;
2855 	}
2856 
2857 	/* be aware of params.vlan when changing code here */
2858 
2859 	err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
2860 
2861 	if (params.vlan)
2862 		dev_put(params.vlan);
2863 	return err;
2864 }
2865 
2866 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2867 {
2868 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2869 	struct net_device *dev = info->user_ptr[1];
2870 	u8 *mac_addr = NULL;
2871 
2872 	if (info->attrs[NL80211_ATTR_MAC])
2873 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2874 
2875 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2876 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2877 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2878 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2879 		return -EINVAL;
2880 
2881 	if (!rdev->ops->del_station)
2882 		return -EOPNOTSUPP;
2883 
2884 	return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
2885 }
2886 
2887 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2888 				int flags, struct net_device *dev,
2889 				u8 *dst, u8 *next_hop,
2890 				struct mpath_info *pinfo)
2891 {
2892 	void *hdr;
2893 	struct nlattr *pinfoattr;
2894 
2895 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2896 	if (!hdr)
2897 		return -1;
2898 
2899 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2900 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
2901 	NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
2902 
2903 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation);
2904 
2905 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2906 	if (!pinfoattr)
2907 		goto nla_put_failure;
2908 	if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2909 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2910 			    pinfo->frame_qlen);
2911 	if (pinfo->filled & MPATH_INFO_SN)
2912 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN,
2913 			    pinfo->sn);
2914 	if (pinfo->filled & MPATH_INFO_METRIC)
2915 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2916 			    pinfo->metric);
2917 	if (pinfo->filled & MPATH_INFO_EXPTIME)
2918 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
2919 			    pinfo->exptime);
2920 	if (pinfo->filled & MPATH_INFO_FLAGS)
2921 		NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
2922 			    pinfo->flags);
2923 	if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
2924 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2925 			    pinfo->discovery_timeout);
2926 	if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
2927 		NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2928 			    pinfo->discovery_retries);
2929 
2930 	nla_nest_end(msg, pinfoattr);
2931 
2932 	return genlmsg_end(msg, hdr);
2933 
2934  nla_put_failure:
2935 	genlmsg_cancel(msg, hdr);
2936 	return -EMSGSIZE;
2937 }
2938 
2939 static int nl80211_dump_mpath(struct sk_buff *skb,
2940 			      struct netlink_callback *cb)
2941 {
2942 	struct mpath_info pinfo;
2943 	struct cfg80211_registered_device *dev;
2944 	struct net_device *netdev;
2945 	u8 dst[ETH_ALEN];
2946 	u8 next_hop[ETH_ALEN];
2947 	int path_idx = cb->args[1];
2948 	int err;
2949 
2950 	err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2951 	if (err)
2952 		return err;
2953 
2954 	if (!dev->ops->dump_mpath) {
2955 		err = -EOPNOTSUPP;
2956 		goto out_err;
2957 	}
2958 
2959 	if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2960 		err = -EOPNOTSUPP;
2961 		goto out_err;
2962 	}
2963 
2964 	while (1) {
2965 		err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
2966 					   dst, next_hop, &pinfo);
2967 		if (err == -ENOENT)
2968 			break;
2969 		if (err)
2970 			goto out_err;
2971 
2972 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
2973 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2974 				       netdev, dst, next_hop,
2975 				       &pinfo) < 0)
2976 			goto out;
2977 
2978 		path_idx++;
2979 	}
2980 
2981 
2982  out:
2983 	cb->args[1] = path_idx;
2984 	err = skb->len;
2985  out_err:
2986 	nl80211_finish_netdev_dump(dev);
2987 	return err;
2988 }
2989 
2990 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
2991 {
2992 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2993 	int err;
2994 	struct net_device *dev = info->user_ptr[1];
2995 	struct mpath_info pinfo;
2996 	struct sk_buff *msg;
2997 	u8 *dst = NULL;
2998 	u8 next_hop[ETH_ALEN];
2999 
3000 	memset(&pinfo, 0, sizeof(pinfo));
3001 
3002 	if (!info->attrs[NL80211_ATTR_MAC])
3003 		return -EINVAL;
3004 
3005 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3006 
3007 	if (!rdev->ops->get_mpath)
3008 		return -EOPNOTSUPP;
3009 
3010 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3011 		return -EOPNOTSUPP;
3012 
3013 	err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
3014 	if (err)
3015 		return err;
3016 
3017 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3018 	if (!msg)
3019 		return -ENOMEM;
3020 
3021 	if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
3022 				 dev, dst, next_hop, &pinfo) < 0) {
3023 		nlmsg_free(msg);
3024 		return -ENOBUFS;
3025 	}
3026 
3027 	return genlmsg_reply(msg, info);
3028 }
3029 
3030 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
3031 {
3032 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3033 	struct net_device *dev = info->user_ptr[1];
3034 	u8 *dst = NULL;
3035 	u8 *next_hop = NULL;
3036 
3037 	if (!info->attrs[NL80211_ATTR_MAC])
3038 		return -EINVAL;
3039 
3040 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3041 		return -EINVAL;
3042 
3043 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3044 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3045 
3046 	if (!rdev->ops->change_mpath)
3047 		return -EOPNOTSUPP;
3048 
3049 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3050 		return -EOPNOTSUPP;
3051 
3052 	return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
3053 }
3054 
3055 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
3056 {
3057 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3058 	struct net_device *dev = info->user_ptr[1];
3059 	u8 *dst = NULL;
3060 	u8 *next_hop = NULL;
3061 
3062 	if (!info->attrs[NL80211_ATTR_MAC])
3063 		return -EINVAL;
3064 
3065 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3066 		return -EINVAL;
3067 
3068 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3069 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3070 
3071 	if (!rdev->ops->add_mpath)
3072 		return -EOPNOTSUPP;
3073 
3074 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3075 		return -EOPNOTSUPP;
3076 
3077 	return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
3078 }
3079 
3080 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
3081 {
3082 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3083 	struct net_device *dev = info->user_ptr[1];
3084 	u8 *dst = NULL;
3085 
3086 	if (info->attrs[NL80211_ATTR_MAC])
3087 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3088 
3089 	if (!rdev->ops->del_mpath)
3090 		return -EOPNOTSUPP;
3091 
3092 	return rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
3093 }
3094 
3095 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
3096 {
3097 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3098 	struct net_device *dev = info->user_ptr[1];
3099 	struct bss_parameters params;
3100 
3101 	memset(&params, 0, sizeof(params));
3102 	/* default to not changing parameters */
3103 	params.use_cts_prot = -1;
3104 	params.use_short_preamble = -1;
3105 	params.use_short_slot_time = -1;
3106 	params.ap_isolate = -1;
3107 	params.ht_opmode = -1;
3108 
3109 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
3110 		params.use_cts_prot =
3111 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
3112 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
3113 		params.use_short_preamble =
3114 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
3115 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
3116 		params.use_short_slot_time =
3117 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
3118 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
3119 		params.basic_rates =
3120 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3121 		params.basic_rates_len =
3122 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3123 	}
3124 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
3125 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
3126 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
3127 		params.ht_opmode =
3128 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
3129 
3130 	if (!rdev->ops->change_bss)
3131 		return -EOPNOTSUPP;
3132 
3133 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3134 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3135 		return -EOPNOTSUPP;
3136 
3137 	return rdev->ops->change_bss(&rdev->wiphy, dev, &params);
3138 }
3139 
3140 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
3141 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
3142 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
3143 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
3144 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
3145 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
3146 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
3147 };
3148 
3149 static int parse_reg_rule(struct nlattr *tb[],
3150 	struct ieee80211_reg_rule *reg_rule)
3151 {
3152 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
3153 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
3154 
3155 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
3156 		return -EINVAL;
3157 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
3158 		return -EINVAL;
3159 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
3160 		return -EINVAL;
3161 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
3162 		return -EINVAL;
3163 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
3164 		return -EINVAL;
3165 
3166 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
3167 
3168 	freq_range->start_freq_khz =
3169 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
3170 	freq_range->end_freq_khz =
3171 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
3172 	freq_range->max_bandwidth_khz =
3173 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
3174 
3175 	power_rule->max_eirp =
3176 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
3177 
3178 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
3179 		power_rule->max_antenna_gain =
3180 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
3181 
3182 	return 0;
3183 }
3184 
3185 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
3186 {
3187 	int r;
3188 	char *data = NULL;
3189 
3190 	/*
3191 	 * You should only get this when cfg80211 hasn't yet initialized
3192 	 * completely when built-in to the kernel right between the time
3193 	 * window between nl80211_init() and regulatory_init(), if that is
3194 	 * even possible.
3195 	 */
3196 	mutex_lock(&cfg80211_mutex);
3197 	if (unlikely(!cfg80211_regdomain)) {
3198 		mutex_unlock(&cfg80211_mutex);
3199 		return -EINPROGRESS;
3200 	}
3201 	mutex_unlock(&cfg80211_mutex);
3202 
3203 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3204 		return -EINVAL;
3205 
3206 	data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3207 
3208 	r = regulatory_hint_user(data);
3209 
3210 	return r;
3211 }
3212 
3213 static int nl80211_get_mesh_config(struct sk_buff *skb,
3214 				   struct genl_info *info)
3215 {
3216 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3217 	struct net_device *dev = info->user_ptr[1];
3218 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3219 	struct mesh_config cur_params;
3220 	int err = 0;
3221 	void *hdr;
3222 	struct nlattr *pinfoattr;
3223 	struct sk_buff *msg;
3224 
3225 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3226 		return -EOPNOTSUPP;
3227 
3228 	if (!rdev->ops->get_mesh_config)
3229 		return -EOPNOTSUPP;
3230 
3231 	wdev_lock(wdev);
3232 	/* If not connected, get default parameters */
3233 	if (!wdev->mesh_id_len)
3234 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
3235 	else
3236 		err = rdev->ops->get_mesh_config(&rdev->wiphy, dev,
3237 						 &cur_params);
3238 	wdev_unlock(wdev);
3239 
3240 	if (err)
3241 		return err;
3242 
3243 	/* Draw up a netlink message to send back */
3244 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3245 	if (!msg)
3246 		return -ENOMEM;
3247 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3248 			     NL80211_CMD_GET_MESH_CONFIG);
3249 	if (!hdr)
3250 		goto out;
3251 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
3252 	if (!pinfoattr)
3253 		goto nla_put_failure;
3254 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
3255 	NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
3256 			cur_params.dot11MeshRetryTimeout);
3257 	NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
3258 			cur_params.dot11MeshConfirmTimeout);
3259 	NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
3260 			cur_params.dot11MeshHoldingTimeout);
3261 	NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
3262 			cur_params.dot11MeshMaxPeerLinks);
3263 	NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
3264 			cur_params.dot11MeshMaxRetries);
3265 	NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
3266 			cur_params.dot11MeshTTL);
3267 	NLA_PUT_U8(msg, NL80211_MESHCONF_ELEMENT_TTL,
3268 			cur_params.element_ttl);
3269 	NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
3270 			cur_params.auto_open_plinks);
3271 	NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3272 			cur_params.dot11MeshHWMPmaxPREQretries);
3273 	NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
3274 			cur_params.path_refresh_time);
3275 	NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3276 			cur_params.min_discovery_timeout);
3277 	NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3278 			cur_params.dot11MeshHWMPactivePathTimeout);
3279 	NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3280 			cur_params.dot11MeshHWMPpreqMinInterval);
3281 	NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3282 			cur_params.dot11MeshHWMPperrMinInterval);
3283 	NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3284 			cur_params.dot11MeshHWMPnetDiameterTraversalTime);
3285 	NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
3286 			cur_params.dot11MeshHWMPRootMode);
3287 	NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3288 			cur_params.dot11MeshHWMPRannInterval);
3289 	NLA_PUT_U8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3290 			cur_params.dot11MeshGateAnnouncementProtocol);
3291 	NLA_PUT_U8(msg, NL80211_MESHCONF_FORWARDING,
3292 			cur_params.dot11MeshForwarding);
3293 	nla_nest_end(msg, pinfoattr);
3294 	genlmsg_end(msg, hdr);
3295 	return genlmsg_reply(msg, info);
3296 
3297  nla_put_failure:
3298 	genlmsg_cancel(msg, hdr);
3299  out:
3300 	nlmsg_free(msg);
3301 	return -ENOBUFS;
3302 }
3303 
3304 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
3305 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
3306 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
3307 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
3308 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
3309 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
3310 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
3311 	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
3312 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
3313 
3314 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
3315 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
3316 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
3317 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
3318 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
3319 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
3320 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
3321 	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
3322 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
3323 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
3324 	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
3325 };
3326 
3327 static const struct nla_policy
3328 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
3329 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
3330 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
3331 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
3332 	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
3333 		.len = IEEE80211_MAX_DATA_LEN },
3334 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
3335 };
3336 
3337 static int nl80211_parse_mesh_config(struct genl_info *info,
3338 				     struct mesh_config *cfg,
3339 				     u32 *mask_out)
3340 {
3341 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
3342 	u32 mask = 0;
3343 
3344 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
3345 do {\
3346 	if (table[attr_num]) {\
3347 		cfg->param = nla_fn(table[attr_num]); \
3348 		mask |= (1 << (attr_num - 1)); \
3349 	} \
3350 } while (0);\
3351 
3352 
3353 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
3354 		return -EINVAL;
3355 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
3356 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
3357 			     nl80211_meshconf_params_policy))
3358 		return -EINVAL;
3359 
3360 	/* This makes sure that there aren't more than 32 mesh config
3361 	 * parameters (otherwise our bitfield scheme would not work.) */
3362 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
3363 
3364 	/* Fill in the params struct */
3365 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
3366 			mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
3367 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
3368 			mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
3369 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
3370 			mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
3371 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
3372 			mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
3373 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
3374 			mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
3375 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
3376 			mask, NL80211_MESHCONF_TTL, nla_get_u8);
3377 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl,
3378 			mask, NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
3379 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
3380 			mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
3381 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
3382 			mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3383 			nla_get_u8);
3384 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
3385 			mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
3386 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
3387 			mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3388 			nla_get_u16);
3389 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
3390 			mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3391 			nla_get_u32);
3392 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
3393 			mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3394 			nla_get_u16);
3395 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
3396 			mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3397 			nla_get_u16);
3398 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3399 			dot11MeshHWMPnetDiameterTraversalTime,
3400 			mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3401 			nla_get_u16);
3402 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3403 			dot11MeshHWMPRootMode, mask,
3404 			NL80211_MESHCONF_HWMP_ROOTMODE,
3405 			nla_get_u8);
3406 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3407 			dot11MeshHWMPRannInterval, mask,
3408 			NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3409 			nla_get_u16);
3410 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3411 			dot11MeshGateAnnouncementProtocol, mask,
3412 			NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3413 			nla_get_u8);
3414 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding,
3415 			mask, NL80211_MESHCONF_FORWARDING, nla_get_u8);
3416 	if (mask_out)
3417 		*mask_out = mask;
3418 
3419 	return 0;
3420 
3421 #undef FILL_IN_MESH_PARAM_IF_SET
3422 }
3423 
3424 static int nl80211_parse_mesh_setup(struct genl_info *info,
3425 				     struct mesh_setup *setup)
3426 {
3427 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
3428 
3429 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
3430 		return -EINVAL;
3431 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
3432 			     info->attrs[NL80211_ATTR_MESH_SETUP],
3433 			     nl80211_mesh_setup_params_policy))
3434 		return -EINVAL;
3435 
3436 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
3437 		setup->path_sel_proto =
3438 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
3439 		 IEEE80211_PATH_PROTOCOL_VENDOR :
3440 		 IEEE80211_PATH_PROTOCOL_HWMP;
3441 
3442 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
3443 		setup->path_metric =
3444 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
3445 		 IEEE80211_PATH_METRIC_VENDOR :
3446 		 IEEE80211_PATH_METRIC_AIRTIME;
3447 
3448 
3449 	if (tb[NL80211_MESH_SETUP_IE]) {
3450 		struct nlattr *ieattr =
3451 			tb[NL80211_MESH_SETUP_IE];
3452 		if (!is_valid_ie_attr(ieattr))
3453 			return -EINVAL;
3454 		setup->ie = nla_data(ieattr);
3455 		setup->ie_len = nla_len(ieattr);
3456 	}
3457 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
3458 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
3459 
3460 	return 0;
3461 }
3462 
3463 static int nl80211_update_mesh_config(struct sk_buff *skb,
3464 				      struct genl_info *info)
3465 {
3466 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3467 	struct net_device *dev = info->user_ptr[1];
3468 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3469 	struct mesh_config cfg;
3470 	u32 mask;
3471 	int err;
3472 
3473 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3474 		return -EOPNOTSUPP;
3475 
3476 	if (!rdev->ops->update_mesh_config)
3477 		return -EOPNOTSUPP;
3478 
3479 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
3480 	if (err)
3481 		return err;
3482 
3483 	wdev_lock(wdev);
3484 	if (!wdev->mesh_id_len)
3485 		err = -ENOLINK;
3486 
3487 	if (!err)
3488 		err = rdev->ops->update_mesh_config(&rdev->wiphy, dev,
3489 						    mask, &cfg);
3490 
3491 	wdev_unlock(wdev);
3492 
3493 	return err;
3494 }
3495 
3496 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3497 {
3498 	struct sk_buff *msg;
3499 	void *hdr = NULL;
3500 	struct nlattr *nl_reg_rules;
3501 	unsigned int i;
3502 	int err = -EINVAL;
3503 
3504 	mutex_lock(&cfg80211_mutex);
3505 
3506 	if (!cfg80211_regdomain)
3507 		goto out;
3508 
3509 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3510 	if (!msg) {
3511 		err = -ENOBUFS;
3512 		goto out;
3513 	}
3514 
3515 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3516 			     NL80211_CMD_GET_REG);
3517 	if (!hdr)
3518 		goto put_failure;
3519 
3520 	NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
3521 		cfg80211_regdomain->alpha2);
3522 	if (cfg80211_regdomain->dfs_region)
3523 		NLA_PUT_U8(msg, NL80211_ATTR_DFS_REGION,
3524 			   cfg80211_regdomain->dfs_region);
3525 
3526 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
3527 	if (!nl_reg_rules)
3528 		goto nla_put_failure;
3529 
3530 	for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
3531 		struct nlattr *nl_reg_rule;
3532 		const struct ieee80211_reg_rule *reg_rule;
3533 		const struct ieee80211_freq_range *freq_range;
3534 		const struct ieee80211_power_rule *power_rule;
3535 
3536 		reg_rule = &cfg80211_regdomain->reg_rules[i];
3537 		freq_range = &reg_rule->freq_range;
3538 		power_rule = &reg_rule->power_rule;
3539 
3540 		nl_reg_rule = nla_nest_start(msg, i);
3541 		if (!nl_reg_rule)
3542 			goto nla_put_failure;
3543 
3544 		NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
3545 			reg_rule->flags);
3546 		NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
3547 			freq_range->start_freq_khz);
3548 		NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
3549 			freq_range->end_freq_khz);
3550 		NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
3551 			freq_range->max_bandwidth_khz);
3552 		NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
3553 			power_rule->max_antenna_gain);
3554 		NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
3555 			power_rule->max_eirp);
3556 
3557 		nla_nest_end(msg, nl_reg_rule);
3558 	}
3559 
3560 	nla_nest_end(msg, nl_reg_rules);
3561 
3562 	genlmsg_end(msg, hdr);
3563 	err = genlmsg_reply(msg, info);
3564 	goto out;
3565 
3566 nla_put_failure:
3567 	genlmsg_cancel(msg, hdr);
3568 put_failure:
3569 	nlmsg_free(msg);
3570 	err = -EMSGSIZE;
3571 out:
3572 	mutex_unlock(&cfg80211_mutex);
3573 	return err;
3574 }
3575 
3576 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
3577 {
3578 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
3579 	struct nlattr *nl_reg_rule;
3580 	char *alpha2 = NULL;
3581 	int rem_reg_rules = 0, r = 0;
3582 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
3583 	u8 dfs_region = 0;
3584 	struct ieee80211_regdomain *rd = NULL;
3585 
3586 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3587 		return -EINVAL;
3588 
3589 	if (!info->attrs[NL80211_ATTR_REG_RULES])
3590 		return -EINVAL;
3591 
3592 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3593 
3594 	if (info->attrs[NL80211_ATTR_DFS_REGION])
3595 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
3596 
3597 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3598 			rem_reg_rules) {
3599 		num_rules++;
3600 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
3601 			return -EINVAL;
3602 	}
3603 
3604 	mutex_lock(&cfg80211_mutex);
3605 
3606 	if (!reg_is_valid_request(alpha2)) {
3607 		r = -EINVAL;
3608 		goto bad_reg;
3609 	}
3610 
3611 	size_of_regd = sizeof(struct ieee80211_regdomain) +
3612 		(num_rules * sizeof(struct ieee80211_reg_rule));
3613 
3614 	rd = kzalloc(size_of_regd, GFP_KERNEL);
3615 	if (!rd) {
3616 		r = -ENOMEM;
3617 		goto bad_reg;
3618 	}
3619 
3620 	rd->n_reg_rules = num_rules;
3621 	rd->alpha2[0] = alpha2[0];
3622 	rd->alpha2[1] = alpha2[1];
3623 
3624 	/*
3625 	 * Disable DFS master mode if the DFS region was
3626 	 * not supported or known on this kernel.
3627 	 */
3628 	if (reg_supported_dfs_region(dfs_region))
3629 		rd->dfs_region = dfs_region;
3630 
3631 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3632 			rem_reg_rules) {
3633 		nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
3634 			nla_data(nl_reg_rule), nla_len(nl_reg_rule),
3635 			reg_rule_policy);
3636 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
3637 		if (r)
3638 			goto bad_reg;
3639 
3640 		rule_idx++;
3641 
3642 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
3643 			r = -EINVAL;
3644 			goto bad_reg;
3645 		}
3646 	}
3647 
3648 	BUG_ON(rule_idx != num_rules);
3649 
3650 	r = set_regdom(rd);
3651 
3652 	mutex_unlock(&cfg80211_mutex);
3653 
3654 	return r;
3655 
3656  bad_reg:
3657 	mutex_unlock(&cfg80211_mutex);
3658 	kfree(rd);
3659 	return r;
3660 }
3661 
3662 static int validate_scan_freqs(struct nlattr *freqs)
3663 {
3664 	struct nlattr *attr1, *attr2;
3665 	int n_channels = 0, tmp1, tmp2;
3666 
3667 	nla_for_each_nested(attr1, freqs, tmp1) {
3668 		n_channels++;
3669 		/*
3670 		 * Some hardware has a limited channel list for
3671 		 * scanning, and it is pretty much nonsensical
3672 		 * to scan for a channel twice, so disallow that
3673 		 * and don't require drivers to check that the
3674 		 * channel list they get isn't longer than what
3675 		 * they can scan, as long as they can scan all
3676 		 * the channels they registered at once.
3677 		 */
3678 		nla_for_each_nested(attr2, freqs, tmp2)
3679 			if (attr1 != attr2 &&
3680 			    nla_get_u32(attr1) == nla_get_u32(attr2))
3681 				return 0;
3682 	}
3683 
3684 	return n_channels;
3685 }
3686 
3687 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
3688 {
3689 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3690 	struct net_device *dev = info->user_ptr[1];
3691 	struct cfg80211_scan_request *request;
3692 	struct nlattr *attr;
3693 	struct wiphy *wiphy;
3694 	int err, tmp, n_ssids = 0, n_channels, i;
3695 	size_t ie_len;
3696 
3697 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3698 		return -EINVAL;
3699 
3700 	wiphy = &rdev->wiphy;
3701 
3702 	if (!rdev->ops->scan)
3703 		return -EOPNOTSUPP;
3704 
3705 	if (rdev->scan_req)
3706 		return -EBUSY;
3707 
3708 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3709 		n_channels = validate_scan_freqs(
3710 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3711 		if (!n_channels)
3712 			return -EINVAL;
3713 	} else {
3714 		enum ieee80211_band band;
3715 		n_channels = 0;
3716 
3717 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3718 			if (wiphy->bands[band])
3719 				n_channels += wiphy->bands[band]->n_channels;
3720 	}
3721 
3722 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3723 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
3724 			n_ssids++;
3725 
3726 	if (n_ssids > wiphy->max_scan_ssids)
3727 		return -EINVAL;
3728 
3729 	if (info->attrs[NL80211_ATTR_IE])
3730 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3731 	else
3732 		ie_len = 0;
3733 
3734 	if (ie_len > wiphy->max_scan_ie_len)
3735 		return -EINVAL;
3736 
3737 	request = kzalloc(sizeof(*request)
3738 			+ sizeof(*request->ssids) * n_ssids
3739 			+ sizeof(*request->channels) * n_channels
3740 			+ ie_len, GFP_KERNEL);
3741 	if (!request)
3742 		return -ENOMEM;
3743 
3744 	if (n_ssids)
3745 		request->ssids = (void *)&request->channels[n_channels];
3746 	request->n_ssids = n_ssids;
3747 	if (ie_len) {
3748 		if (request->ssids)
3749 			request->ie = (void *)(request->ssids + n_ssids);
3750 		else
3751 			request->ie = (void *)(request->channels + n_channels);
3752 	}
3753 
3754 	i = 0;
3755 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3756 		/* user specified, bail out if channel not found */
3757 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3758 			struct ieee80211_channel *chan;
3759 
3760 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3761 
3762 			if (!chan) {
3763 				err = -EINVAL;
3764 				goto out_free;
3765 			}
3766 
3767 			/* ignore disabled channels */
3768 			if (chan->flags & IEEE80211_CHAN_DISABLED)
3769 				continue;
3770 
3771 			request->channels[i] = chan;
3772 			i++;
3773 		}
3774 	} else {
3775 		enum ieee80211_band band;
3776 
3777 		/* all channels */
3778 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3779 			int j;
3780 			if (!wiphy->bands[band])
3781 				continue;
3782 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3783 				struct ieee80211_channel *chan;
3784 
3785 				chan = &wiphy->bands[band]->channels[j];
3786 
3787 				if (chan->flags & IEEE80211_CHAN_DISABLED)
3788 					continue;
3789 
3790 				request->channels[i] = chan;
3791 				i++;
3792 			}
3793 		}
3794 	}
3795 
3796 	if (!i) {
3797 		err = -EINVAL;
3798 		goto out_free;
3799 	}
3800 
3801 	request->n_channels = i;
3802 
3803 	i = 0;
3804 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3805 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3806 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
3807 				err = -EINVAL;
3808 				goto out_free;
3809 			}
3810 			request->ssids[i].ssid_len = nla_len(attr);
3811 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3812 			i++;
3813 		}
3814 	}
3815 
3816 	if (info->attrs[NL80211_ATTR_IE]) {
3817 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3818 		memcpy((void *)request->ie,
3819 		       nla_data(info->attrs[NL80211_ATTR_IE]),
3820 		       request->ie_len);
3821 	}
3822 
3823 	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
3824 		if (wiphy->bands[i])
3825 			request->rates[i] =
3826 				(1 << wiphy->bands[i]->n_bitrates) - 1;
3827 
3828 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
3829 		nla_for_each_nested(attr,
3830 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
3831 				    tmp) {
3832 			enum ieee80211_band band = nla_type(attr);
3833 
3834 			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
3835 				err = -EINVAL;
3836 				goto out_free;
3837 			}
3838 			err = ieee80211_get_ratemask(wiphy->bands[band],
3839 						     nla_data(attr),
3840 						     nla_len(attr),
3841 						     &request->rates[band]);
3842 			if (err)
3843 				goto out_free;
3844 		}
3845 	}
3846 
3847 	request->no_cck =
3848 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
3849 
3850 	request->dev = dev;
3851 	request->wiphy = &rdev->wiphy;
3852 
3853 	rdev->scan_req = request;
3854 	err = rdev->ops->scan(&rdev->wiphy, dev, request);
3855 
3856 	if (!err) {
3857 		nl80211_send_scan_start(rdev, dev);
3858 		dev_hold(dev);
3859 	} else {
3860  out_free:
3861 		rdev->scan_req = NULL;
3862 		kfree(request);
3863 	}
3864 
3865 	return err;
3866 }
3867 
3868 static int nl80211_start_sched_scan(struct sk_buff *skb,
3869 				    struct genl_info *info)
3870 {
3871 	struct cfg80211_sched_scan_request *request;
3872 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3873 	struct net_device *dev = info->user_ptr[1];
3874 	struct nlattr *attr;
3875 	struct wiphy *wiphy;
3876 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
3877 	u32 interval;
3878 	enum ieee80211_band band;
3879 	size_t ie_len;
3880 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
3881 
3882 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
3883 	    !rdev->ops->sched_scan_start)
3884 		return -EOPNOTSUPP;
3885 
3886 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3887 		return -EINVAL;
3888 
3889 	if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
3890 		return -EINVAL;
3891 
3892 	interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
3893 	if (interval == 0)
3894 		return -EINVAL;
3895 
3896 	wiphy = &rdev->wiphy;
3897 
3898 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3899 		n_channels = validate_scan_freqs(
3900 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3901 		if (!n_channels)
3902 			return -EINVAL;
3903 	} else {
3904 		n_channels = 0;
3905 
3906 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3907 			if (wiphy->bands[band])
3908 				n_channels += wiphy->bands[band]->n_channels;
3909 	}
3910 
3911 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3912 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
3913 				    tmp)
3914 			n_ssids++;
3915 
3916 	if (n_ssids > wiphy->max_sched_scan_ssids)
3917 		return -EINVAL;
3918 
3919 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
3920 		nla_for_each_nested(attr,
3921 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
3922 				    tmp)
3923 			n_match_sets++;
3924 
3925 	if (n_match_sets > wiphy->max_match_sets)
3926 		return -EINVAL;
3927 
3928 	if (info->attrs[NL80211_ATTR_IE])
3929 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3930 	else
3931 		ie_len = 0;
3932 
3933 	if (ie_len > wiphy->max_sched_scan_ie_len)
3934 		return -EINVAL;
3935 
3936 	mutex_lock(&rdev->sched_scan_mtx);
3937 
3938 	if (rdev->sched_scan_req) {
3939 		err = -EINPROGRESS;
3940 		goto out;
3941 	}
3942 
3943 	request = kzalloc(sizeof(*request)
3944 			+ sizeof(*request->ssids) * n_ssids
3945 			+ sizeof(*request->match_sets) * n_match_sets
3946 			+ sizeof(*request->channels) * n_channels
3947 			+ ie_len, GFP_KERNEL);
3948 	if (!request) {
3949 		err = -ENOMEM;
3950 		goto out;
3951 	}
3952 
3953 	if (n_ssids)
3954 		request->ssids = (void *)&request->channels[n_channels];
3955 	request->n_ssids = n_ssids;
3956 	if (ie_len) {
3957 		if (request->ssids)
3958 			request->ie = (void *)(request->ssids + n_ssids);
3959 		else
3960 			request->ie = (void *)(request->channels + n_channels);
3961 	}
3962 
3963 	if (n_match_sets) {
3964 		if (request->ie)
3965 			request->match_sets = (void *)(request->ie + ie_len);
3966 		else if (request->ssids)
3967 			request->match_sets =
3968 				(void *)(request->ssids + n_ssids);
3969 		else
3970 			request->match_sets =
3971 				(void *)(request->channels + n_channels);
3972 	}
3973 	request->n_match_sets = n_match_sets;
3974 
3975 	i = 0;
3976 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3977 		/* user specified, bail out if channel not found */
3978 		nla_for_each_nested(attr,
3979 				    info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
3980 				    tmp) {
3981 			struct ieee80211_channel *chan;
3982 
3983 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3984 
3985 			if (!chan) {
3986 				err = -EINVAL;
3987 				goto out_free;
3988 			}
3989 
3990 			/* ignore disabled channels */
3991 			if (chan->flags & IEEE80211_CHAN_DISABLED)
3992 				continue;
3993 
3994 			request->channels[i] = chan;
3995 			i++;
3996 		}
3997 	} else {
3998 		/* all channels */
3999 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4000 			int j;
4001 			if (!wiphy->bands[band])
4002 				continue;
4003 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
4004 				struct ieee80211_channel *chan;
4005 
4006 				chan = &wiphy->bands[band]->channels[j];
4007 
4008 				if (chan->flags & IEEE80211_CHAN_DISABLED)
4009 					continue;
4010 
4011 				request->channels[i] = chan;
4012 				i++;
4013 			}
4014 		}
4015 	}
4016 
4017 	if (!i) {
4018 		err = -EINVAL;
4019 		goto out_free;
4020 	}
4021 
4022 	request->n_channels = i;
4023 
4024 	i = 0;
4025 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
4026 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
4027 				    tmp) {
4028 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
4029 				err = -EINVAL;
4030 				goto out_free;
4031 			}
4032 			request->ssids[i].ssid_len = nla_len(attr);
4033 			memcpy(request->ssids[i].ssid, nla_data(attr),
4034 			       nla_len(attr));
4035 			i++;
4036 		}
4037 	}
4038 
4039 	i = 0;
4040 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
4041 		nla_for_each_nested(attr,
4042 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
4043 				    tmp) {
4044 			struct nlattr *ssid;
4045 
4046 			nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
4047 				  nla_data(attr), nla_len(attr),
4048 				  nl80211_match_policy);
4049 			ssid = tb[NL80211_ATTR_SCHED_SCAN_MATCH_SSID];
4050 			if (ssid) {
4051 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
4052 					err = -EINVAL;
4053 					goto out_free;
4054 				}
4055 				memcpy(request->match_sets[i].ssid.ssid,
4056 				       nla_data(ssid), nla_len(ssid));
4057 				request->match_sets[i].ssid.ssid_len =
4058 					nla_len(ssid);
4059 			}
4060 			i++;
4061 		}
4062 	}
4063 
4064 	if (info->attrs[NL80211_ATTR_IE]) {
4065 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4066 		memcpy((void *)request->ie,
4067 		       nla_data(info->attrs[NL80211_ATTR_IE]),
4068 		       request->ie_len);
4069 	}
4070 
4071 	request->dev = dev;
4072 	request->wiphy = &rdev->wiphy;
4073 	request->interval = interval;
4074 
4075 	err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request);
4076 	if (!err) {
4077 		rdev->sched_scan_req = request;
4078 		nl80211_send_sched_scan(rdev, dev,
4079 					NL80211_CMD_START_SCHED_SCAN);
4080 		goto out;
4081 	}
4082 
4083 out_free:
4084 	kfree(request);
4085 out:
4086 	mutex_unlock(&rdev->sched_scan_mtx);
4087 	return err;
4088 }
4089 
4090 static int nl80211_stop_sched_scan(struct sk_buff *skb,
4091 				   struct genl_info *info)
4092 {
4093 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4094 	int err;
4095 
4096 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
4097 	    !rdev->ops->sched_scan_stop)
4098 		return -EOPNOTSUPP;
4099 
4100 	mutex_lock(&rdev->sched_scan_mtx);
4101 	err = __cfg80211_stop_sched_scan(rdev, false);
4102 	mutex_unlock(&rdev->sched_scan_mtx);
4103 
4104 	return err;
4105 }
4106 
4107 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
4108 			    u32 seq, int flags,
4109 			    struct cfg80211_registered_device *rdev,
4110 			    struct wireless_dev *wdev,
4111 			    struct cfg80211_internal_bss *intbss)
4112 {
4113 	struct cfg80211_bss *res = &intbss->pub;
4114 	void *hdr;
4115 	struct nlattr *bss;
4116 
4117 	ASSERT_WDEV_LOCK(wdev);
4118 
4119 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags,
4120 			     NL80211_CMD_NEW_SCAN_RESULTS);
4121 	if (!hdr)
4122 		return -1;
4123 
4124 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
4125 
4126 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation);
4127 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex);
4128 
4129 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
4130 	if (!bss)
4131 		goto nla_put_failure;
4132 	if (!is_zero_ether_addr(res->bssid))
4133 		NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
4134 	if (res->information_elements && res->len_information_elements)
4135 		NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
4136 			res->len_information_elements,
4137 			res->information_elements);
4138 	if (res->beacon_ies && res->len_beacon_ies &&
4139 	    res->beacon_ies != res->information_elements)
4140 		NLA_PUT(msg, NL80211_BSS_BEACON_IES,
4141 			res->len_beacon_ies, res->beacon_ies);
4142 	if (res->tsf)
4143 		NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
4144 	if (res->beacon_interval)
4145 		NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
4146 	NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
4147 	NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
4148 	NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO,
4149 		jiffies_to_msecs(jiffies - intbss->ts));
4150 
4151 	switch (rdev->wiphy.signal_type) {
4152 	case CFG80211_SIGNAL_TYPE_MBM:
4153 		NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
4154 		break;
4155 	case CFG80211_SIGNAL_TYPE_UNSPEC:
4156 		NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
4157 		break;
4158 	default:
4159 		break;
4160 	}
4161 
4162 	switch (wdev->iftype) {
4163 	case NL80211_IFTYPE_P2P_CLIENT:
4164 	case NL80211_IFTYPE_STATION:
4165 		if (intbss == wdev->current_bss)
4166 			NLA_PUT_U32(msg, NL80211_BSS_STATUS,
4167 				    NL80211_BSS_STATUS_ASSOCIATED);
4168 		break;
4169 	case NL80211_IFTYPE_ADHOC:
4170 		if (intbss == wdev->current_bss)
4171 			NLA_PUT_U32(msg, NL80211_BSS_STATUS,
4172 				    NL80211_BSS_STATUS_IBSS_JOINED);
4173 		break;
4174 	default:
4175 		break;
4176 	}
4177 
4178 	nla_nest_end(msg, bss);
4179 
4180 	return genlmsg_end(msg, hdr);
4181 
4182  nla_put_failure:
4183 	genlmsg_cancel(msg, hdr);
4184 	return -EMSGSIZE;
4185 }
4186 
4187 static int nl80211_dump_scan(struct sk_buff *skb,
4188 			     struct netlink_callback *cb)
4189 {
4190 	struct cfg80211_registered_device *rdev;
4191 	struct net_device *dev;
4192 	struct cfg80211_internal_bss *scan;
4193 	struct wireless_dev *wdev;
4194 	int start = cb->args[1], idx = 0;
4195 	int err;
4196 
4197 	err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
4198 	if (err)
4199 		return err;
4200 
4201 	wdev = dev->ieee80211_ptr;
4202 
4203 	wdev_lock(wdev);
4204 	spin_lock_bh(&rdev->bss_lock);
4205 	cfg80211_bss_expire(rdev);
4206 
4207 	cb->seq = rdev->bss_generation;
4208 
4209 	list_for_each_entry(scan, &rdev->bss_list, list) {
4210 		if (++idx <= start)
4211 			continue;
4212 		if (nl80211_send_bss(skb, cb,
4213 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
4214 				rdev, wdev, scan) < 0) {
4215 			idx--;
4216 			break;
4217 		}
4218 	}
4219 
4220 	spin_unlock_bh(&rdev->bss_lock);
4221 	wdev_unlock(wdev);
4222 
4223 	cb->args[1] = idx;
4224 	nl80211_finish_netdev_dump(rdev);
4225 
4226 	return skb->len;
4227 }
4228 
4229 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
4230 				int flags, struct net_device *dev,
4231 				struct survey_info *survey)
4232 {
4233 	void *hdr;
4234 	struct nlattr *infoattr;
4235 
4236 	hdr = nl80211hdr_put(msg, pid, seq, flags,
4237 			     NL80211_CMD_NEW_SURVEY_RESULTS);
4238 	if (!hdr)
4239 		return -ENOMEM;
4240 
4241 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
4242 
4243 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
4244 	if (!infoattr)
4245 		goto nla_put_failure;
4246 
4247 	NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY,
4248 		    survey->channel->center_freq);
4249 	if (survey->filled & SURVEY_INFO_NOISE_DBM)
4250 		NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE,
4251 			    survey->noise);
4252 	if (survey->filled & SURVEY_INFO_IN_USE)
4253 		NLA_PUT_FLAG(msg, NL80211_SURVEY_INFO_IN_USE);
4254 	if (survey->filled & SURVEY_INFO_CHANNEL_TIME)
4255 		NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
4256 			    survey->channel_time);
4257 	if (survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY)
4258 		NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
4259 			    survey->channel_time_busy);
4260 	if (survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY)
4261 		NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
4262 			    survey->channel_time_ext_busy);
4263 	if (survey->filled & SURVEY_INFO_CHANNEL_TIME_RX)
4264 		NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
4265 			    survey->channel_time_rx);
4266 	if (survey->filled & SURVEY_INFO_CHANNEL_TIME_TX)
4267 		NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
4268 			    survey->channel_time_tx);
4269 
4270 	nla_nest_end(msg, infoattr);
4271 
4272 	return genlmsg_end(msg, hdr);
4273 
4274  nla_put_failure:
4275 	genlmsg_cancel(msg, hdr);
4276 	return -EMSGSIZE;
4277 }
4278 
4279 static int nl80211_dump_survey(struct sk_buff *skb,
4280 			struct netlink_callback *cb)
4281 {
4282 	struct survey_info survey;
4283 	struct cfg80211_registered_device *dev;
4284 	struct net_device *netdev;
4285 	int survey_idx = cb->args[1];
4286 	int res;
4287 
4288 	res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
4289 	if (res)
4290 		return res;
4291 
4292 	if (!dev->ops->dump_survey) {
4293 		res = -EOPNOTSUPP;
4294 		goto out_err;
4295 	}
4296 
4297 	while (1) {
4298 		struct ieee80211_channel *chan;
4299 
4300 		res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
4301 					    &survey);
4302 		if (res == -ENOENT)
4303 			break;
4304 		if (res)
4305 			goto out_err;
4306 
4307 		/* Survey without a channel doesn't make sense */
4308 		if (!survey.channel) {
4309 			res = -EINVAL;
4310 			goto out;
4311 		}
4312 
4313 		chan = ieee80211_get_channel(&dev->wiphy,
4314 					     survey.channel->center_freq);
4315 		if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
4316 			survey_idx++;
4317 			continue;
4318 		}
4319 
4320 		if (nl80211_send_survey(skb,
4321 				NETLINK_CB(cb->skb).pid,
4322 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
4323 				netdev,
4324 				&survey) < 0)
4325 			goto out;
4326 		survey_idx++;
4327 	}
4328 
4329  out:
4330 	cb->args[1] = survey_idx;
4331 	res = skb->len;
4332  out_err:
4333 	nl80211_finish_netdev_dump(dev);
4334 	return res;
4335 }
4336 
4337 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
4338 {
4339 	return auth_type <= NL80211_AUTHTYPE_MAX;
4340 }
4341 
4342 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
4343 {
4344 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
4345 				  NL80211_WPA_VERSION_2));
4346 }
4347 
4348 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
4349 {
4350 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4351 	struct net_device *dev = info->user_ptr[1];
4352 	struct ieee80211_channel *chan;
4353 	const u8 *bssid, *ssid, *ie = NULL;
4354 	int err, ssid_len, ie_len = 0;
4355 	enum nl80211_auth_type auth_type;
4356 	struct key_parse key;
4357 	bool local_state_change;
4358 
4359 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4360 		return -EINVAL;
4361 
4362 	if (!info->attrs[NL80211_ATTR_MAC])
4363 		return -EINVAL;
4364 
4365 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
4366 		return -EINVAL;
4367 
4368 	if (!info->attrs[NL80211_ATTR_SSID])
4369 		return -EINVAL;
4370 
4371 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
4372 		return -EINVAL;
4373 
4374 	err = nl80211_parse_key(info, &key);
4375 	if (err)
4376 		return err;
4377 
4378 	if (key.idx >= 0) {
4379 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
4380 			return -EINVAL;
4381 		if (!key.p.key || !key.p.key_len)
4382 			return -EINVAL;
4383 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
4384 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
4385 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
4386 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
4387 			return -EINVAL;
4388 		if (key.idx > 4)
4389 			return -EINVAL;
4390 	} else {
4391 		key.p.key_len = 0;
4392 		key.p.key = NULL;
4393 	}
4394 
4395 	if (key.idx >= 0) {
4396 		int i;
4397 		bool ok = false;
4398 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
4399 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
4400 				ok = true;
4401 				break;
4402 			}
4403 		}
4404 		if (!ok)
4405 			return -EINVAL;
4406 	}
4407 
4408 	if (!rdev->ops->auth)
4409 		return -EOPNOTSUPP;
4410 
4411 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4412 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4413 		return -EOPNOTSUPP;
4414 
4415 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4416 	chan = ieee80211_get_channel(&rdev->wiphy,
4417 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4418 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4419 		return -EINVAL;
4420 
4421 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4422 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4423 
4424 	if (info->attrs[NL80211_ATTR_IE]) {
4425 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4426 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4427 	}
4428 
4429 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4430 	if (!nl80211_valid_auth_type(auth_type))
4431 		return -EINVAL;
4432 
4433 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4434 
4435 	/*
4436 	 * Since we no longer track auth state, ignore
4437 	 * requests to only change local state.
4438 	 */
4439 	if (local_state_change)
4440 		return 0;
4441 
4442 	return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
4443 				  ssid, ssid_len, ie, ie_len,
4444 				  key.p.key, key.p.key_len, key.idx);
4445 }
4446 
4447 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
4448 				   struct genl_info *info,
4449 				   struct cfg80211_crypto_settings *settings,
4450 				   int cipher_limit)
4451 {
4452 	memset(settings, 0, sizeof(*settings));
4453 
4454 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
4455 
4456 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
4457 		u16 proto;
4458 		proto = nla_get_u16(
4459 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
4460 		settings->control_port_ethertype = cpu_to_be16(proto);
4461 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
4462 		    proto != ETH_P_PAE)
4463 			return -EINVAL;
4464 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
4465 			settings->control_port_no_encrypt = true;
4466 	} else
4467 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
4468 
4469 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
4470 		void *data;
4471 		int len, i;
4472 
4473 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4474 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4475 		settings->n_ciphers_pairwise = len / sizeof(u32);
4476 
4477 		if (len % sizeof(u32))
4478 			return -EINVAL;
4479 
4480 		if (settings->n_ciphers_pairwise > cipher_limit)
4481 			return -EINVAL;
4482 
4483 		memcpy(settings->ciphers_pairwise, data, len);
4484 
4485 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
4486 			if (!cfg80211_supported_cipher_suite(
4487 					&rdev->wiphy,
4488 					settings->ciphers_pairwise[i]))
4489 				return -EINVAL;
4490 	}
4491 
4492 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
4493 		settings->cipher_group =
4494 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
4495 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
4496 						     settings->cipher_group))
4497 			return -EINVAL;
4498 	}
4499 
4500 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
4501 		settings->wpa_versions =
4502 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
4503 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
4504 			return -EINVAL;
4505 	}
4506 
4507 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
4508 		void *data;
4509 		int len;
4510 
4511 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
4512 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
4513 		settings->n_akm_suites = len / sizeof(u32);
4514 
4515 		if (len % sizeof(u32))
4516 			return -EINVAL;
4517 
4518 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
4519 			return -EINVAL;
4520 
4521 		memcpy(settings->akm_suites, data, len);
4522 	}
4523 
4524 	return 0;
4525 }
4526 
4527 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
4528 {
4529 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4530 	struct net_device *dev = info->user_ptr[1];
4531 	struct cfg80211_crypto_settings crypto;
4532 	struct ieee80211_channel *chan;
4533 	const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
4534 	int err, ssid_len, ie_len = 0;
4535 	bool use_mfp = false;
4536 	u32 flags = 0;
4537 	struct ieee80211_ht_cap *ht_capa = NULL;
4538 	struct ieee80211_ht_cap *ht_capa_mask = NULL;
4539 
4540 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4541 		return -EINVAL;
4542 
4543 	if (!info->attrs[NL80211_ATTR_MAC] ||
4544 	    !info->attrs[NL80211_ATTR_SSID] ||
4545 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4546 		return -EINVAL;
4547 
4548 	if (!rdev->ops->assoc)
4549 		return -EOPNOTSUPP;
4550 
4551 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4552 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4553 		return -EOPNOTSUPP;
4554 
4555 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4556 
4557 	chan = ieee80211_get_channel(&rdev->wiphy,
4558 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4559 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4560 		return -EINVAL;
4561 
4562 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4563 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4564 
4565 	if (info->attrs[NL80211_ATTR_IE]) {
4566 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4567 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4568 	}
4569 
4570 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
4571 		enum nl80211_mfp mfp =
4572 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
4573 		if (mfp == NL80211_MFP_REQUIRED)
4574 			use_mfp = true;
4575 		else if (mfp != NL80211_MFP_NO)
4576 			return -EINVAL;
4577 	}
4578 
4579 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
4580 		prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
4581 
4582 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
4583 		flags |= ASSOC_REQ_DISABLE_HT;
4584 
4585 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
4586 		ht_capa_mask =
4587 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]);
4588 
4589 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
4590 		if (!ht_capa_mask)
4591 			return -EINVAL;
4592 		ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4593 	}
4594 
4595 	err = nl80211_crypto_settings(rdev, info, &crypto, 1);
4596 	if (!err)
4597 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
4598 					  ssid, ssid_len, ie, ie_len, use_mfp,
4599 					  &crypto, flags, ht_capa,
4600 					  ht_capa_mask);
4601 
4602 	return err;
4603 }
4604 
4605 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
4606 {
4607 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4608 	struct net_device *dev = info->user_ptr[1];
4609 	const u8 *ie = NULL, *bssid;
4610 	int ie_len = 0;
4611 	u16 reason_code;
4612 	bool local_state_change;
4613 
4614 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4615 		return -EINVAL;
4616 
4617 	if (!info->attrs[NL80211_ATTR_MAC])
4618 		return -EINVAL;
4619 
4620 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
4621 		return -EINVAL;
4622 
4623 	if (!rdev->ops->deauth)
4624 		return -EOPNOTSUPP;
4625 
4626 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4627 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4628 		return -EOPNOTSUPP;
4629 
4630 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4631 
4632 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4633 	if (reason_code == 0) {
4634 		/* Reason Code 0 is reserved */
4635 		return -EINVAL;
4636 	}
4637 
4638 	if (info->attrs[NL80211_ATTR_IE]) {
4639 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4640 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4641 	}
4642 
4643 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4644 
4645 	return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
4646 				    local_state_change);
4647 }
4648 
4649 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
4650 {
4651 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4652 	struct net_device *dev = info->user_ptr[1];
4653 	const u8 *ie = NULL, *bssid;
4654 	int ie_len = 0;
4655 	u16 reason_code;
4656 	bool local_state_change;
4657 
4658 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4659 		return -EINVAL;
4660 
4661 	if (!info->attrs[NL80211_ATTR_MAC])
4662 		return -EINVAL;
4663 
4664 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
4665 		return -EINVAL;
4666 
4667 	if (!rdev->ops->disassoc)
4668 		return -EOPNOTSUPP;
4669 
4670 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4671 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4672 		return -EOPNOTSUPP;
4673 
4674 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4675 
4676 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4677 	if (reason_code == 0) {
4678 		/* Reason Code 0 is reserved */
4679 		return -EINVAL;
4680 	}
4681 
4682 	if (info->attrs[NL80211_ATTR_IE]) {
4683 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4684 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4685 	}
4686 
4687 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4688 
4689 	return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
4690 				      local_state_change);
4691 }
4692 
4693 static bool
4694 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
4695 			 int mcast_rate[IEEE80211_NUM_BANDS],
4696 			 int rateval)
4697 {
4698 	struct wiphy *wiphy = &rdev->wiphy;
4699 	bool found = false;
4700 	int band, i;
4701 
4702 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4703 		struct ieee80211_supported_band *sband;
4704 
4705 		sband = wiphy->bands[band];
4706 		if (!sband)
4707 			continue;
4708 
4709 		for (i = 0; i < sband->n_bitrates; i++) {
4710 			if (sband->bitrates[i].bitrate == rateval) {
4711 				mcast_rate[band] = i + 1;
4712 				found = true;
4713 				break;
4714 			}
4715 		}
4716 	}
4717 
4718 	return found;
4719 }
4720 
4721 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
4722 {
4723 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4724 	struct net_device *dev = info->user_ptr[1];
4725 	struct cfg80211_ibss_params ibss;
4726 	struct wiphy *wiphy;
4727 	struct cfg80211_cached_keys *connkeys = NULL;
4728 	int err;
4729 
4730 	memset(&ibss, 0, sizeof(ibss));
4731 
4732 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4733 		return -EINVAL;
4734 
4735 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4736 	    !info->attrs[NL80211_ATTR_SSID] ||
4737 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
4738 		return -EINVAL;
4739 
4740 	ibss.beacon_interval = 100;
4741 
4742 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
4743 		ibss.beacon_interval =
4744 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4745 		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
4746 			return -EINVAL;
4747 	}
4748 
4749 	if (!rdev->ops->join_ibss)
4750 		return -EOPNOTSUPP;
4751 
4752 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4753 		return -EOPNOTSUPP;
4754 
4755 	wiphy = &rdev->wiphy;
4756 
4757 	if (info->attrs[NL80211_ATTR_MAC]) {
4758 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4759 
4760 		if (!is_valid_ether_addr(ibss.bssid))
4761 			return -EINVAL;
4762 	}
4763 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4764 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4765 
4766 	if (info->attrs[NL80211_ATTR_IE]) {
4767 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4768 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4769 	}
4770 
4771 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4772 		enum nl80211_channel_type channel_type;
4773 
4774 		channel_type = nla_get_u32(
4775 				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4776 		if (channel_type != NL80211_CHAN_NO_HT &&
4777 		    channel_type != NL80211_CHAN_HT20 &&
4778 		    channel_type != NL80211_CHAN_HT40MINUS &&
4779 		    channel_type != NL80211_CHAN_HT40PLUS)
4780 			return -EINVAL;
4781 
4782 		if (channel_type != NL80211_CHAN_NO_HT &&
4783 		    !(wiphy->features & NL80211_FEATURE_HT_IBSS))
4784 			return -EINVAL;
4785 
4786 		ibss.channel_type = channel_type;
4787 	} else {
4788 		ibss.channel_type = NL80211_CHAN_NO_HT;
4789 	}
4790 
4791 	ibss.channel = rdev_freq_to_chan(rdev,
4792 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]),
4793 		ibss.channel_type);
4794 	if (!ibss.channel ||
4795 	    ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
4796 	    ibss.channel->flags & IEEE80211_CHAN_DISABLED)
4797 		return -EINVAL;
4798 
4799 	/* Both channels should be able to initiate communication */
4800 	if ((ibss.channel_type == NL80211_CHAN_HT40PLUS ||
4801 	     ibss.channel_type == NL80211_CHAN_HT40MINUS) &&
4802 	    !cfg80211_can_beacon_sec_chan(&rdev->wiphy, ibss.channel,
4803 					  ibss.channel_type))
4804 		return -EINVAL;
4805 
4806 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
4807 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4808 
4809 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4810 		u8 *rates =
4811 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4812 		int n_rates =
4813 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4814 		struct ieee80211_supported_band *sband =
4815 			wiphy->bands[ibss.channel->band];
4816 
4817 		err = ieee80211_get_ratemask(sband, rates, n_rates,
4818 					     &ibss.basic_rates);
4819 		if (err)
4820 			return err;
4821 	}
4822 
4823 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
4824 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
4825 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
4826 		return -EINVAL;
4827 
4828 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4829 		connkeys = nl80211_parse_connkeys(rdev,
4830 					info->attrs[NL80211_ATTR_KEYS]);
4831 		if (IS_ERR(connkeys))
4832 			return PTR_ERR(connkeys);
4833 	}
4834 
4835 	ibss.control_port =
4836 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
4837 
4838 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
4839 	if (err)
4840 		kfree(connkeys);
4841 	return err;
4842 }
4843 
4844 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
4845 {
4846 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4847 	struct net_device *dev = info->user_ptr[1];
4848 
4849 	if (!rdev->ops->leave_ibss)
4850 		return -EOPNOTSUPP;
4851 
4852 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4853 		return -EOPNOTSUPP;
4854 
4855 	return cfg80211_leave_ibss(rdev, dev, false);
4856 }
4857 
4858 #ifdef CONFIG_NL80211_TESTMODE
4859 static struct genl_multicast_group nl80211_testmode_mcgrp = {
4860 	.name = "testmode",
4861 };
4862 
4863 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
4864 {
4865 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4866 	int err;
4867 
4868 	if (!info->attrs[NL80211_ATTR_TESTDATA])
4869 		return -EINVAL;
4870 
4871 	err = -EOPNOTSUPP;
4872 	if (rdev->ops->testmode_cmd) {
4873 		rdev->testmode_info = info;
4874 		err = rdev->ops->testmode_cmd(&rdev->wiphy,
4875 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
4876 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
4877 		rdev->testmode_info = NULL;
4878 	}
4879 
4880 	return err;
4881 }
4882 
4883 static int nl80211_testmode_dump(struct sk_buff *skb,
4884 				 struct netlink_callback *cb)
4885 {
4886 	struct cfg80211_registered_device *rdev;
4887 	int err;
4888 	long phy_idx;
4889 	void *data = NULL;
4890 	int data_len = 0;
4891 
4892 	if (cb->args[0]) {
4893 		/*
4894 		 * 0 is a valid index, but not valid for args[0],
4895 		 * so we need to offset by 1.
4896 		 */
4897 		phy_idx = cb->args[0] - 1;
4898 	} else {
4899 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
4900 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
4901 				  nl80211_policy);
4902 		if (err)
4903 			return err;
4904 		if (nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]) {
4905 			phy_idx = nla_get_u32(
4906 				nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]);
4907 		} else {
4908 			struct net_device *netdev;
4909 
4910 			err = get_rdev_dev_by_ifindex(sock_net(skb->sk),
4911 						      nl80211_fam.attrbuf,
4912 						      &rdev, &netdev);
4913 			if (err)
4914 				return err;
4915 			dev_put(netdev);
4916 			phy_idx = rdev->wiphy_idx;
4917 			cfg80211_unlock_rdev(rdev);
4918 		}
4919 		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
4920 			cb->args[1] =
4921 				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
4922 	}
4923 
4924 	if (cb->args[1]) {
4925 		data = nla_data((void *)cb->args[1]);
4926 		data_len = nla_len((void *)cb->args[1]);
4927 	}
4928 
4929 	mutex_lock(&cfg80211_mutex);
4930 	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
4931 	if (!rdev) {
4932 		mutex_unlock(&cfg80211_mutex);
4933 		return -ENOENT;
4934 	}
4935 	cfg80211_lock_rdev(rdev);
4936 	mutex_unlock(&cfg80211_mutex);
4937 
4938 	if (!rdev->ops->testmode_dump) {
4939 		err = -EOPNOTSUPP;
4940 		goto out_err;
4941 	}
4942 
4943 	while (1) {
4944 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid,
4945 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
4946 					   NL80211_CMD_TESTMODE);
4947 		struct nlattr *tmdata;
4948 
4949 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx) < 0) {
4950 			genlmsg_cancel(skb, hdr);
4951 			break;
4952 		}
4953 
4954 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4955 		if (!tmdata) {
4956 			genlmsg_cancel(skb, hdr);
4957 			break;
4958 		}
4959 		err = rdev->ops->testmode_dump(&rdev->wiphy, skb, cb,
4960 					       data, data_len);
4961 		nla_nest_end(skb, tmdata);
4962 
4963 		if (err == -ENOBUFS || err == -ENOENT) {
4964 			genlmsg_cancel(skb, hdr);
4965 			break;
4966 		} else if (err) {
4967 			genlmsg_cancel(skb, hdr);
4968 			goto out_err;
4969 		}
4970 
4971 		genlmsg_end(skb, hdr);
4972 	}
4973 
4974 	err = skb->len;
4975 	/* see above */
4976 	cb->args[0] = phy_idx + 1;
4977  out_err:
4978 	cfg80211_unlock_rdev(rdev);
4979 	return err;
4980 }
4981 
4982 static struct sk_buff *
4983 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
4984 			      int approxlen, u32 pid, u32 seq, gfp_t gfp)
4985 {
4986 	struct sk_buff *skb;
4987 	void *hdr;
4988 	struct nlattr *data;
4989 
4990 	skb = nlmsg_new(approxlen + 100, gfp);
4991 	if (!skb)
4992 		return NULL;
4993 
4994 	hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
4995 	if (!hdr) {
4996 		kfree_skb(skb);
4997 		return NULL;
4998 	}
4999 
5000 	NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5001 	data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
5002 
5003 	((void **)skb->cb)[0] = rdev;
5004 	((void **)skb->cb)[1] = hdr;
5005 	((void **)skb->cb)[2] = data;
5006 
5007 	return skb;
5008 
5009  nla_put_failure:
5010 	kfree_skb(skb);
5011 	return NULL;
5012 }
5013 
5014 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
5015 						  int approxlen)
5016 {
5017 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
5018 
5019 	if (WARN_ON(!rdev->testmode_info))
5020 		return NULL;
5021 
5022 	return __cfg80211_testmode_alloc_skb(rdev, approxlen,
5023 				rdev->testmode_info->snd_pid,
5024 				rdev->testmode_info->snd_seq,
5025 				GFP_KERNEL);
5026 }
5027 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
5028 
5029 int cfg80211_testmode_reply(struct sk_buff *skb)
5030 {
5031 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
5032 	void *hdr = ((void **)skb->cb)[1];
5033 	struct nlattr *data = ((void **)skb->cb)[2];
5034 
5035 	if (WARN_ON(!rdev->testmode_info)) {
5036 		kfree_skb(skb);
5037 		return -EINVAL;
5038 	}
5039 
5040 	nla_nest_end(skb, data);
5041 	genlmsg_end(skb, hdr);
5042 	return genlmsg_reply(skb, rdev->testmode_info);
5043 }
5044 EXPORT_SYMBOL(cfg80211_testmode_reply);
5045 
5046 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
5047 						  int approxlen, gfp_t gfp)
5048 {
5049 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
5050 
5051 	return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
5052 }
5053 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
5054 
5055 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
5056 {
5057 	void *hdr = ((void **)skb->cb)[1];
5058 	struct nlattr *data = ((void **)skb->cb)[2];
5059 
5060 	nla_nest_end(skb, data);
5061 	genlmsg_end(skb, hdr);
5062 	genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
5063 }
5064 EXPORT_SYMBOL(cfg80211_testmode_event);
5065 #endif
5066 
5067 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
5068 {
5069 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5070 	struct net_device *dev = info->user_ptr[1];
5071 	struct cfg80211_connect_params connect;
5072 	struct wiphy *wiphy;
5073 	struct cfg80211_cached_keys *connkeys = NULL;
5074 	int err;
5075 
5076 	memset(&connect, 0, sizeof(connect));
5077 
5078 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5079 		return -EINVAL;
5080 
5081 	if (!info->attrs[NL80211_ATTR_SSID] ||
5082 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
5083 		return -EINVAL;
5084 
5085 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
5086 		connect.auth_type =
5087 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
5088 		if (!nl80211_valid_auth_type(connect.auth_type))
5089 			return -EINVAL;
5090 	} else
5091 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
5092 
5093 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
5094 
5095 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
5096 				      NL80211_MAX_NR_CIPHER_SUITES);
5097 	if (err)
5098 		return err;
5099 
5100 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5101 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5102 		return -EOPNOTSUPP;
5103 
5104 	wiphy = &rdev->wiphy;
5105 
5106 	if (info->attrs[NL80211_ATTR_MAC])
5107 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5108 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5109 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
5110 
5111 	if (info->attrs[NL80211_ATTR_IE]) {
5112 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5113 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5114 	}
5115 
5116 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
5117 		connect.channel =
5118 			ieee80211_get_channel(wiphy,
5119 			    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
5120 		if (!connect.channel ||
5121 		    connect.channel->flags & IEEE80211_CHAN_DISABLED)
5122 			return -EINVAL;
5123 	}
5124 
5125 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
5126 		connkeys = nl80211_parse_connkeys(rdev,
5127 					info->attrs[NL80211_ATTR_KEYS]);
5128 		if (IS_ERR(connkeys))
5129 			return PTR_ERR(connkeys);
5130 	}
5131 
5132 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
5133 		connect.flags |= ASSOC_REQ_DISABLE_HT;
5134 
5135 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
5136 		memcpy(&connect.ht_capa_mask,
5137 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
5138 		       sizeof(connect.ht_capa_mask));
5139 
5140 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
5141 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
5142 			return -EINVAL;
5143 		memcpy(&connect.ht_capa,
5144 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
5145 		       sizeof(connect.ht_capa));
5146 	}
5147 
5148 	err = cfg80211_connect(rdev, dev, &connect, connkeys);
5149 	if (err)
5150 		kfree(connkeys);
5151 	return err;
5152 }
5153 
5154 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
5155 {
5156 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5157 	struct net_device *dev = info->user_ptr[1];
5158 	u16 reason;
5159 
5160 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
5161 		reason = WLAN_REASON_DEAUTH_LEAVING;
5162 	else
5163 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5164 
5165 	if (reason == 0)
5166 		return -EINVAL;
5167 
5168 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5169 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5170 		return -EOPNOTSUPP;
5171 
5172 	return cfg80211_disconnect(rdev, dev, reason, true);
5173 }
5174 
5175 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
5176 {
5177 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5178 	struct net *net;
5179 	int err;
5180 	u32 pid;
5181 
5182 	if (!info->attrs[NL80211_ATTR_PID])
5183 		return -EINVAL;
5184 
5185 	pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
5186 
5187 	net = get_net_ns_by_pid(pid);
5188 	if (IS_ERR(net))
5189 		return PTR_ERR(net);
5190 
5191 	err = 0;
5192 
5193 	/* check if anything to do */
5194 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
5195 		err = cfg80211_switch_netns(rdev, net);
5196 
5197 	put_net(net);
5198 	return err;
5199 }
5200 
5201 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
5202 {
5203 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5204 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
5205 			struct cfg80211_pmksa *pmksa) = NULL;
5206 	struct net_device *dev = info->user_ptr[1];
5207 	struct cfg80211_pmksa pmksa;
5208 
5209 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
5210 
5211 	if (!info->attrs[NL80211_ATTR_MAC])
5212 		return -EINVAL;
5213 
5214 	if (!info->attrs[NL80211_ATTR_PMKID])
5215 		return -EINVAL;
5216 
5217 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
5218 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5219 
5220 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5221 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5222 		return -EOPNOTSUPP;
5223 
5224 	switch (info->genlhdr->cmd) {
5225 	case NL80211_CMD_SET_PMKSA:
5226 		rdev_ops = rdev->ops->set_pmksa;
5227 		break;
5228 	case NL80211_CMD_DEL_PMKSA:
5229 		rdev_ops = rdev->ops->del_pmksa;
5230 		break;
5231 	default:
5232 		WARN_ON(1);
5233 		break;
5234 	}
5235 
5236 	if (!rdev_ops)
5237 		return -EOPNOTSUPP;
5238 
5239 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
5240 }
5241 
5242 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
5243 {
5244 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5245 	struct net_device *dev = info->user_ptr[1];
5246 
5247 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5248 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5249 		return -EOPNOTSUPP;
5250 
5251 	if (!rdev->ops->flush_pmksa)
5252 		return -EOPNOTSUPP;
5253 
5254 	return rdev->ops->flush_pmksa(&rdev->wiphy, dev);
5255 }
5256 
5257 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
5258 {
5259 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5260 	struct net_device *dev = info->user_ptr[1];
5261 	u8 action_code, dialog_token;
5262 	u16 status_code;
5263 	u8 *peer;
5264 
5265 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
5266 	    !rdev->ops->tdls_mgmt)
5267 		return -EOPNOTSUPP;
5268 
5269 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
5270 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
5271 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
5272 	    !info->attrs[NL80211_ATTR_IE] ||
5273 	    !info->attrs[NL80211_ATTR_MAC])
5274 		return -EINVAL;
5275 
5276 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
5277 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
5278 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
5279 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
5280 
5281 	return rdev->ops->tdls_mgmt(&rdev->wiphy, dev, peer, action_code,
5282 				    dialog_token, status_code,
5283 				    nla_data(info->attrs[NL80211_ATTR_IE]),
5284 				    nla_len(info->attrs[NL80211_ATTR_IE]));
5285 }
5286 
5287 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
5288 {
5289 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5290 	struct net_device *dev = info->user_ptr[1];
5291 	enum nl80211_tdls_operation operation;
5292 	u8 *peer;
5293 
5294 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
5295 	    !rdev->ops->tdls_oper)
5296 		return -EOPNOTSUPP;
5297 
5298 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
5299 	    !info->attrs[NL80211_ATTR_MAC])
5300 		return -EINVAL;
5301 
5302 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
5303 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
5304 
5305 	return rdev->ops->tdls_oper(&rdev->wiphy, dev, peer, operation);
5306 }
5307 
5308 static int nl80211_remain_on_channel(struct sk_buff *skb,
5309 				     struct genl_info *info)
5310 {
5311 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5312 	struct net_device *dev = info->user_ptr[1];
5313 	struct ieee80211_channel *chan;
5314 	struct sk_buff *msg;
5315 	void *hdr;
5316 	u64 cookie;
5317 	enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
5318 	u32 freq, duration;
5319 	int err;
5320 
5321 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
5322 	    !info->attrs[NL80211_ATTR_DURATION])
5323 		return -EINVAL;
5324 
5325 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
5326 
5327 	/*
5328 	 * We should be on that channel for at least one jiffie,
5329 	 * and more than 5 seconds seems excessive.
5330 	 */
5331 	if (!duration || !msecs_to_jiffies(duration) ||
5332 	    duration > rdev->wiphy.max_remain_on_channel_duration)
5333 		return -EINVAL;
5334 
5335 	if (!rdev->ops->remain_on_channel ||
5336 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
5337 		return -EOPNOTSUPP;
5338 
5339 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
5340 		channel_type = nla_get_u32(
5341 			info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
5342 		if (channel_type != NL80211_CHAN_NO_HT &&
5343 		    channel_type != NL80211_CHAN_HT20 &&
5344 		    channel_type != NL80211_CHAN_HT40PLUS &&
5345 		    channel_type != NL80211_CHAN_HT40MINUS)
5346 			return -EINVAL;
5347 	}
5348 
5349 	freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
5350 	chan = rdev_freq_to_chan(rdev, freq, channel_type);
5351 	if (chan == NULL)
5352 		return -EINVAL;
5353 
5354 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5355 	if (!msg)
5356 		return -ENOMEM;
5357 
5358 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5359 			     NL80211_CMD_REMAIN_ON_CHANNEL);
5360 
5361 	if (IS_ERR(hdr)) {
5362 		err = PTR_ERR(hdr);
5363 		goto free_msg;
5364 	}
5365 
5366 	err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan,
5367 					   channel_type, duration, &cookie);
5368 
5369 	if (err)
5370 		goto free_msg;
5371 
5372 	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5373 
5374 	genlmsg_end(msg, hdr);
5375 
5376 	return genlmsg_reply(msg, info);
5377 
5378  nla_put_failure:
5379 	err = -ENOBUFS;
5380  free_msg:
5381 	nlmsg_free(msg);
5382 	return err;
5383 }
5384 
5385 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
5386 					    struct genl_info *info)
5387 {
5388 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5389 	struct net_device *dev = info->user_ptr[1];
5390 	u64 cookie;
5391 
5392 	if (!info->attrs[NL80211_ATTR_COOKIE])
5393 		return -EINVAL;
5394 
5395 	if (!rdev->ops->cancel_remain_on_channel)
5396 		return -EOPNOTSUPP;
5397 
5398 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5399 
5400 	return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie);
5401 }
5402 
5403 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
5404 			   u8 *rates, u8 rates_len)
5405 {
5406 	u8 i;
5407 	u32 mask = 0;
5408 
5409 	for (i = 0; i < rates_len; i++) {
5410 		int rate = (rates[i] & 0x7f) * 5;
5411 		int ridx;
5412 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
5413 			struct ieee80211_rate *srate =
5414 				&sband->bitrates[ridx];
5415 			if (rate == srate->bitrate) {
5416 				mask |= 1 << ridx;
5417 				break;
5418 			}
5419 		}
5420 		if (ridx == sband->n_bitrates)
5421 			return 0; /* rate not found */
5422 	}
5423 
5424 	return mask;
5425 }
5426 
5427 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
5428 			       u8 *rates, u8 rates_len,
5429 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
5430 {
5431 	u8 i;
5432 
5433 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
5434 
5435 	for (i = 0; i < rates_len; i++) {
5436 		int ridx, rbit;
5437 
5438 		ridx = rates[i] / 8;
5439 		rbit = BIT(rates[i] % 8);
5440 
5441 		/* check validity */
5442 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
5443 			return false;
5444 
5445 		/* check availability */
5446 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
5447 			mcs[ridx] |= rbit;
5448 		else
5449 			return false;
5450 	}
5451 
5452 	return true;
5453 }
5454 
5455 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
5456 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
5457 				    .len = NL80211_MAX_SUPP_RATES },
5458 	[NL80211_TXRATE_MCS] = { .type = NLA_BINARY,
5459 				 .len = NL80211_MAX_SUPP_HT_RATES },
5460 };
5461 
5462 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
5463 				       struct genl_info *info)
5464 {
5465 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
5466 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5467 	struct cfg80211_bitrate_mask mask;
5468 	int rem, i;
5469 	struct net_device *dev = info->user_ptr[1];
5470 	struct nlattr *tx_rates;
5471 	struct ieee80211_supported_band *sband;
5472 
5473 	if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
5474 		return -EINVAL;
5475 
5476 	if (!rdev->ops->set_bitrate_mask)
5477 		return -EOPNOTSUPP;
5478 
5479 	memset(&mask, 0, sizeof(mask));
5480 	/* Default to all rates enabled */
5481 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
5482 		sband = rdev->wiphy.bands[i];
5483 		mask.control[i].legacy =
5484 			sband ? (1 << sband->n_bitrates) - 1 : 0;
5485 		if (sband)
5486 			memcpy(mask.control[i].mcs,
5487 			       sband->ht_cap.mcs.rx_mask,
5488 			       sizeof(mask.control[i].mcs));
5489 		else
5490 			memset(mask.control[i].mcs, 0,
5491 			       sizeof(mask.control[i].mcs));
5492 	}
5493 
5494 	/*
5495 	 * The nested attribute uses enum nl80211_band as the index. This maps
5496 	 * directly to the enum ieee80211_band values used in cfg80211.
5497 	 */
5498 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
5499 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
5500 	{
5501 		enum ieee80211_band band = nla_type(tx_rates);
5502 		if (band < 0 || band >= IEEE80211_NUM_BANDS)
5503 			return -EINVAL;
5504 		sband = rdev->wiphy.bands[band];
5505 		if (sband == NULL)
5506 			return -EINVAL;
5507 		nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
5508 			  nla_len(tx_rates), nl80211_txattr_policy);
5509 		if (tb[NL80211_TXRATE_LEGACY]) {
5510 			mask.control[band].legacy = rateset_to_mask(
5511 				sband,
5512 				nla_data(tb[NL80211_TXRATE_LEGACY]),
5513 				nla_len(tb[NL80211_TXRATE_LEGACY]));
5514 		}
5515 		if (tb[NL80211_TXRATE_MCS]) {
5516 			if (!ht_rateset_to_mask(
5517 					sband,
5518 					nla_data(tb[NL80211_TXRATE_MCS]),
5519 					nla_len(tb[NL80211_TXRATE_MCS]),
5520 					mask.control[band].mcs))
5521 				return -EINVAL;
5522 		}
5523 
5524 		if (mask.control[band].legacy == 0) {
5525 			/* don't allow empty legacy rates if HT
5526 			 * is not even supported. */
5527 			if (!rdev->wiphy.bands[band]->ht_cap.ht_supported)
5528 				return -EINVAL;
5529 
5530 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
5531 				if (mask.control[band].mcs[i])
5532 					break;
5533 
5534 			/* legacy and mcs rates may not be both empty */
5535 			if (i == IEEE80211_HT_MCS_MASK_LEN)
5536 				return -EINVAL;
5537 		}
5538 	}
5539 
5540 	return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask);
5541 }
5542 
5543 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
5544 {
5545 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5546 	struct net_device *dev = info->user_ptr[1];
5547 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
5548 
5549 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
5550 		return -EINVAL;
5551 
5552 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
5553 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
5554 
5555 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5556 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5557 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5558 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5559 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5560 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5561 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5562 		return -EOPNOTSUPP;
5563 
5564 	/* not much point in registering if we can't reply */
5565 	if (!rdev->ops->mgmt_tx)
5566 		return -EOPNOTSUPP;
5567 
5568 	return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid,
5569 			frame_type,
5570 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
5571 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
5572 }
5573 
5574 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
5575 {
5576 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5577 	struct net_device *dev = info->user_ptr[1];
5578 	struct ieee80211_channel *chan;
5579 	enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
5580 	bool channel_type_valid = false;
5581 	u32 freq;
5582 	int err;
5583 	void *hdr = NULL;
5584 	u64 cookie;
5585 	struct sk_buff *msg = NULL;
5586 	unsigned int wait = 0;
5587 	bool offchan, no_cck, dont_wait_for_ack;
5588 
5589 	dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
5590 
5591 	if (!info->attrs[NL80211_ATTR_FRAME] ||
5592 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
5593 		return -EINVAL;
5594 
5595 	if (!rdev->ops->mgmt_tx)
5596 		return -EOPNOTSUPP;
5597 
5598 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5599 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5600 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5601 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5602 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5603 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5604 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5605 		return -EOPNOTSUPP;
5606 
5607 	if (info->attrs[NL80211_ATTR_DURATION]) {
5608 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
5609 			return -EINVAL;
5610 		wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
5611 	}
5612 
5613 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
5614 		channel_type = nla_get_u32(
5615 			info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
5616 		if (channel_type != NL80211_CHAN_NO_HT &&
5617 		    channel_type != NL80211_CHAN_HT20 &&
5618 		    channel_type != NL80211_CHAN_HT40PLUS &&
5619 		    channel_type != NL80211_CHAN_HT40MINUS)
5620 			return -EINVAL;
5621 		channel_type_valid = true;
5622 	}
5623 
5624 	offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
5625 
5626 	if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
5627 		return -EINVAL;
5628 
5629 	no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5630 
5631 	freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
5632 	chan = rdev_freq_to_chan(rdev, freq, channel_type);
5633 	if (chan == NULL)
5634 		return -EINVAL;
5635 
5636 	if (!dont_wait_for_ack) {
5637 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5638 		if (!msg)
5639 			return -ENOMEM;
5640 
5641 		hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5642 				     NL80211_CMD_FRAME);
5643 
5644 		if (IS_ERR(hdr)) {
5645 			err = PTR_ERR(hdr);
5646 			goto free_msg;
5647 		}
5648 	}
5649 
5650 	err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type,
5651 				    channel_type_valid, wait,
5652 				    nla_data(info->attrs[NL80211_ATTR_FRAME]),
5653 				    nla_len(info->attrs[NL80211_ATTR_FRAME]),
5654 				    no_cck, dont_wait_for_ack, &cookie);
5655 	if (err)
5656 		goto free_msg;
5657 
5658 	if (msg) {
5659 		NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5660 
5661 		genlmsg_end(msg, hdr);
5662 		return genlmsg_reply(msg, info);
5663 	}
5664 
5665 	return 0;
5666 
5667  nla_put_failure:
5668 	err = -ENOBUFS;
5669  free_msg:
5670 	nlmsg_free(msg);
5671 	return err;
5672 }
5673 
5674 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
5675 {
5676 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5677 	struct net_device *dev = info->user_ptr[1];
5678 	u64 cookie;
5679 
5680 	if (!info->attrs[NL80211_ATTR_COOKIE])
5681 		return -EINVAL;
5682 
5683 	if (!rdev->ops->mgmt_tx_cancel_wait)
5684 		return -EOPNOTSUPP;
5685 
5686 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5687 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5688 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5689 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5690 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5691 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5692 		return -EOPNOTSUPP;
5693 
5694 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5695 
5696 	return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie);
5697 }
5698 
5699 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
5700 {
5701 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5702 	struct wireless_dev *wdev;
5703 	struct net_device *dev = info->user_ptr[1];
5704 	u8 ps_state;
5705 	bool state;
5706 	int err;
5707 
5708 	if (!info->attrs[NL80211_ATTR_PS_STATE])
5709 		return -EINVAL;
5710 
5711 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
5712 
5713 	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
5714 		return -EINVAL;
5715 
5716 	wdev = dev->ieee80211_ptr;
5717 
5718 	if (!rdev->ops->set_power_mgmt)
5719 		return -EOPNOTSUPP;
5720 
5721 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
5722 
5723 	if (state == wdev->ps)
5724 		return 0;
5725 
5726 	err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state,
5727 					wdev->ps_timeout);
5728 	if (!err)
5729 		wdev->ps = state;
5730 	return err;
5731 }
5732 
5733 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
5734 {
5735 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5736 	enum nl80211_ps_state ps_state;
5737 	struct wireless_dev *wdev;
5738 	struct net_device *dev = info->user_ptr[1];
5739 	struct sk_buff *msg;
5740 	void *hdr;
5741 	int err;
5742 
5743 	wdev = dev->ieee80211_ptr;
5744 
5745 	if (!rdev->ops->set_power_mgmt)
5746 		return -EOPNOTSUPP;
5747 
5748 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5749 	if (!msg)
5750 		return -ENOMEM;
5751 
5752 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5753 			     NL80211_CMD_GET_POWER_SAVE);
5754 	if (!hdr) {
5755 		err = -ENOBUFS;
5756 		goto free_msg;
5757 	}
5758 
5759 	if (wdev->ps)
5760 		ps_state = NL80211_PS_ENABLED;
5761 	else
5762 		ps_state = NL80211_PS_DISABLED;
5763 
5764 	NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state);
5765 
5766 	genlmsg_end(msg, hdr);
5767 	return genlmsg_reply(msg, info);
5768 
5769  nla_put_failure:
5770 	err = -ENOBUFS;
5771  free_msg:
5772 	nlmsg_free(msg);
5773 	return err;
5774 }
5775 
5776 static struct nla_policy
5777 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
5778 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
5779 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
5780 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
5781 };
5782 
5783 static int nl80211_set_cqm_rssi(struct genl_info *info,
5784 				s32 threshold, u32 hysteresis)
5785 {
5786 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5787 	struct wireless_dev *wdev;
5788 	struct net_device *dev = info->user_ptr[1];
5789 
5790 	if (threshold > 0)
5791 		return -EINVAL;
5792 
5793 	wdev = dev->ieee80211_ptr;
5794 
5795 	if (!rdev->ops->set_cqm_rssi_config)
5796 		return -EOPNOTSUPP;
5797 
5798 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
5799 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
5800 		return -EOPNOTSUPP;
5801 
5802 	return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev,
5803 					      threshold, hysteresis);
5804 }
5805 
5806 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
5807 {
5808 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
5809 	struct nlattr *cqm;
5810 	int err;
5811 
5812 	cqm = info->attrs[NL80211_ATTR_CQM];
5813 	if (!cqm) {
5814 		err = -EINVAL;
5815 		goto out;
5816 	}
5817 
5818 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
5819 			       nl80211_attr_cqm_policy);
5820 	if (err)
5821 		goto out;
5822 
5823 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
5824 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
5825 		s32 threshold;
5826 		u32 hysteresis;
5827 		threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
5828 		hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
5829 		err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
5830 	} else
5831 		err = -EINVAL;
5832 
5833 out:
5834 	return err;
5835 }
5836 
5837 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
5838 {
5839 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5840 	struct net_device *dev = info->user_ptr[1];
5841 	struct mesh_config cfg;
5842 	struct mesh_setup setup;
5843 	int err;
5844 
5845 	/* start with default */
5846 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
5847 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
5848 
5849 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
5850 		/* and parse parameters if given */
5851 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
5852 		if (err)
5853 			return err;
5854 	}
5855 
5856 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
5857 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
5858 		return -EINVAL;
5859 
5860 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
5861 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
5862 
5863 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
5864 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
5865 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
5866 			return -EINVAL;
5867 
5868 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
5869 		/* parse additional setup parameters if given */
5870 		err = nl80211_parse_mesh_setup(info, &setup);
5871 		if (err)
5872 			return err;
5873 	}
5874 
5875 	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
5876 }
5877 
5878 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
5879 {
5880 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5881 	struct net_device *dev = info->user_ptr[1];
5882 
5883 	return cfg80211_leave_mesh(rdev, dev);
5884 }
5885 
5886 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
5887 {
5888 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5889 	struct sk_buff *msg;
5890 	void *hdr;
5891 
5892 	if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
5893 		return -EOPNOTSUPP;
5894 
5895 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5896 	if (!msg)
5897 		return -ENOMEM;
5898 
5899 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5900 			     NL80211_CMD_GET_WOWLAN);
5901 	if (!hdr)
5902 		goto nla_put_failure;
5903 
5904 	if (rdev->wowlan) {
5905 		struct nlattr *nl_wowlan;
5906 
5907 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
5908 		if (!nl_wowlan)
5909 			goto nla_put_failure;
5910 
5911 		if (rdev->wowlan->any)
5912 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
5913 		if (rdev->wowlan->disconnect)
5914 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
5915 		if (rdev->wowlan->magic_pkt)
5916 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
5917 		if (rdev->wowlan->gtk_rekey_failure)
5918 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE);
5919 		if (rdev->wowlan->eap_identity_req)
5920 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST);
5921 		if (rdev->wowlan->four_way_handshake)
5922 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE);
5923 		if (rdev->wowlan->rfkill_release)
5924 			NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE);
5925 		if (rdev->wowlan->n_patterns) {
5926 			struct nlattr *nl_pats, *nl_pat;
5927 			int i, pat_len;
5928 
5929 			nl_pats = nla_nest_start(msg,
5930 					NL80211_WOWLAN_TRIG_PKT_PATTERN);
5931 			if (!nl_pats)
5932 				goto nla_put_failure;
5933 
5934 			for (i = 0; i < rdev->wowlan->n_patterns; i++) {
5935 				nl_pat = nla_nest_start(msg, i + 1);
5936 				if (!nl_pat)
5937 					goto nla_put_failure;
5938 				pat_len = rdev->wowlan->patterns[i].pattern_len;
5939 				NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_MASK,
5940 					DIV_ROUND_UP(pat_len, 8),
5941 					rdev->wowlan->patterns[i].mask);
5942 				NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
5943 					pat_len,
5944 					rdev->wowlan->patterns[i].pattern);
5945 				nla_nest_end(msg, nl_pat);
5946 			}
5947 			nla_nest_end(msg, nl_pats);
5948 		}
5949 
5950 		nla_nest_end(msg, nl_wowlan);
5951 	}
5952 
5953 	genlmsg_end(msg, hdr);
5954 	return genlmsg_reply(msg, info);
5955 
5956 nla_put_failure:
5957 	nlmsg_free(msg);
5958 	return -ENOBUFS;
5959 }
5960 
5961 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
5962 {
5963 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5964 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
5965 	struct cfg80211_wowlan no_triggers = {};
5966 	struct cfg80211_wowlan new_triggers = {};
5967 	struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan;
5968 	int err, i;
5969 
5970 	if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
5971 		return -EOPNOTSUPP;
5972 
5973 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS])
5974 		goto no_triggers;
5975 
5976 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
5977 			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
5978 			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
5979 			nl80211_wowlan_policy);
5980 	if (err)
5981 		return err;
5982 
5983 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
5984 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
5985 			return -EINVAL;
5986 		new_triggers.any = true;
5987 	}
5988 
5989 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
5990 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
5991 			return -EINVAL;
5992 		new_triggers.disconnect = true;
5993 	}
5994 
5995 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
5996 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
5997 			return -EINVAL;
5998 		new_triggers.magic_pkt = true;
5999 	}
6000 
6001 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
6002 		return -EINVAL;
6003 
6004 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
6005 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
6006 			return -EINVAL;
6007 		new_triggers.gtk_rekey_failure = true;
6008 	}
6009 
6010 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
6011 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
6012 			return -EINVAL;
6013 		new_triggers.eap_identity_req = true;
6014 	}
6015 
6016 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
6017 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
6018 			return -EINVAL;
6019 		new_triggers.four_way_handshake = true;
6020 	}
6021 
6022 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
6023 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
6024 			return -EINVAL;
6025 		new_triggers.rfkill_release = true;
6026 	}
6027 
6028 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
6029 		struct nlattr *pat;
6030 		int n_patterns = 0;
6031 		int rem, pat_len, mask_len;
6032 		struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
6033 
6034 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
6035 				    rem)
6036 			n_patterns++;
6037 		if (n_patterns > wowlan->n_patterns)
6038 			return -EINVAL;
6039 
6040 		new_triggers.patterns = kcalloc(n_patterns,
6041 						sizeof(new_triggers.patterns[0]),
6042 						GFP_KERNEL);
6043 		if (!new_triggers.patterns)
6044 			return -ENOMEM;
6045 
6046 		new_triggers.n_patterns = n_patterns;
6047 		i = 0;
6048 
6049 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
6050 				    rem) {
6051 			nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
6052 				  nla_data(pat), nla_len(pat), NULL);
6053 			err = -EINVAL;
6054 			if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
6055 			    !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
6056 				goto error;
6057 			pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
6058 			mask_len = DIV_ROUND_UP(pat_len, 8);
6059 			if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
6060 			    mask_len)
6061 				goto error;
6062 			if (pat_len > wowlan->pattern_max_len ||
6063 			    pat_len < wowlan->pattern_min_len)
6064 				goto error;
6065 
6066 			new_triggers.patterns[i].mask =
6067 				kmalloc(mask_len + pat_len, GFP_KERNEL);
6068 			if (!new_triggers.patterns[i].mask) {
6069 				err = -ENOMEM;
6070 				goto error;
6071 			}
6072 			new_triggers.patterns[i].pattern =
6073 				new_triggers.patterns[i].mask + mask_len;
6074 			memcpy(new_triggers.patterns[i].mask,
6075 			       nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
6076 			       mask_len);
6077 			new_triggers.patterns[i].pattern_len = pat_len;
6078 			memcpy(new_triggers.patterns[i].pattern,
6079 			       nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
6080 			       pat_len);
6081 			i++;
6082 		}
6083 	}
6084 
6085 	if (memcmp(&new_triggers, &no_triggers, sizeof(new_triggers))) {
6086 		struct cfg80211_wowlan *ntrig;
6087 		ntrig = kmemdup(&new_triggers, sizeof(new_triggers),
6088 				GFP_KERNEL);
6089 		if (!ntrig) {
6090 			err = -ENOMEM;
6091 			goto error;
6092 		}
6093 		cfg80211_rdev_free_wowlan(rdev);
6094 		rdev->wowlan = ntrig;
6095 	} else {
6096  no_triggers:
6097 		cfg80211_rdev_free_wowlan(rdev);
6098 		rdev->wowlan = NULL;
6099 	}
6100 
6101 	return 0;
6102  error:
6103 	for (i = 0; i < new_triggers.n_patterns; i++)
6104 		kfree(new_triggers.patterns[i].mask);
6105 	kfree(new_triggers.patterns);
6106 	return err;
6107 }
6108 
6109 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
6110 {
6111 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6112 	struct net_device *dev = info->user_ptr[1];
6113 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6114 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
6115 	struct cfg80211_gtk_rekey_data rekey_data;
6116 	int err;
6117 
6118 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
6119 		return -EINVAL;
6120 
6121 	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
6122 			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
6123 			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
6124 			nl80211_rekey_policy);
6125 	if (err)
6126 		return err;
6127 
6128 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
6129 		return -ERANGE;
6130 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
6131 		return -ERANGE;
6132 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
6133 		return -ERANGE;
6134 
6135 	memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
6136 	       NL80211_KEK_LEN);
6137 	memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
6138 	       NL80211_KCK_LEN);
6139 	memcpy(rekey_data.replay_ctr,
6140 	       nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
6141 	       NL80211_REPLAY_CTR_LEN);
6142 
6143 	wdev_lock(wdev);
6144 	if (!wdev->current_bss) {
6145 		err = -ENOTCONN;
6146 		goto out;
6147 	}
6148 
6149 	if (!rdev->ops->set_rekey_data) {
6150 		err = -EOPNOTSUPP;
6151 		goto out;
6152 	}
6153 
6154 	err = rdev->ops->set_rekey_data(&rdev->wiphy, dev, &rekey_data);
6155  out:
6156 	wdev_unlock(wdev);
6157 	return err;
6158 }
6159 
6160 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
6161 					     struct genl_info *info)
6162 {
6163 	struct net_device *dev = info->user_ptr[1];
6164 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6165 
6166 	if (wdev->iftype != NL80211_IFTYPE_AP &&
6167 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
6168 		return -EINVAL;
6169 
6170 	if (wdev->ap_unexpected_nlpid)
6171 		return -EBUSY;
6172 
6173 	wdev->ap_unexpected_nlpid = info->snd_pid;
6174 	return 0;
6175 }
6176 
6177 static int nl80211_probe_client(struct sk_buff *skb,
6178 				struct genl_info *info)
6179 {
6180 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6181 	struct net_device *dev = info->user_ptr[1];
6182 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6183 	struct sk_buff *msg;
6184 	void *hdr;
6185 	const u8 *addr;
6186 	u64 cookie;
6187 	int err;
6188 
6189 	if (wdev->iftype != NL80211_IFTYPE_AP &&
6190 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
6191 		return -EOPNOTSUPP;
6192 
6193 	if (!info->attrs[NL80211_ATTR_MAC])
6194 		return -EINVAL;
6195 
6196 	if (!rdev->ops->probe_client)
6197 		return -EOPNOTSUPP;
6198 
6199 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6200 	if (!msg)
6201 		return -ENOMEM;
6202 
6203 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
6204 			     NL80211_CMD_PROBE_CLIENT);
6205 
6206 	if (IS_ERR(hdr)) {
6207 		err = PTR_ERR(hdr);
6208 		goto free_msg;
6209 	}
6210 
6211 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6212 
6213 	err = rdev->ops->probe_client(&rdev->wiphy, dev, addr, &cookie);
6214 	if (err)
6215 		goto free_msg;
6216 
6217 	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
6218 
6219 	genlmsg_end(msg, hdr);
6220 
6221 	return genlmsg_reply(msg, info);
6222 
6223  nla_put_failure:
6224 	err = -ENOBUFS;
6225  free_msg:
6226 	nlmsg_free(msg);
6227 	return err;
6228 }
6229 
6230 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
6231 {
6232 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6233 
6234 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
6235 		return -EOPNOTSUPP;
6236 
6237 	if (rdev->ap_beacons_nlpid)
6238 		return -EBUSY;
6239 
6240 	rdev->ap_beacons_nlpid = info->snd_pid;
6241 
6242 	return 0;
6243 }
6244 
6245 #define NL80211_FLAG_NEED_WIPHY		0x01
6246 #define NL80211_FLAG_NEED_NETDEV	0x02
6247 #define NL80211_FLAG_NEED_RTNL		0x04
6248 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
6249 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
6250 					 NL80211_FLAG_CHECK_NETDEV_UP)
6251 
6252 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
6253 			    struct genl_info *info)
6254 {
6255 	struct cfg80211_registered_device *rdev;
6256 	struct net_device *dev;
6257 	int err;
6258 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
6259 
6260 	if (rtnl)
6261 		rtnl_lock();
6262 
6263 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
6264 		rdev = cfg80211_get_dev_from_info(info);
6265 		if (IS_ERR(rdev)) {
6266 			if (rtnl)
6267 				rtnl_unlock();
6268 			return PTR_ERR(rdev);
6269 		}
6270 		info->user_ptr[0] = rdev;
6271 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
6272 		err = get_rdev_dev_by_ifindex(genl_info_net(info), info->attrs,
6273 					      &rdev, &dev);
6274 		if (err) {
6275 			if (rtnl)
6276 				rtnl_unlock();
6277 			return err;
6278 		}
6279 		if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
6280 		    !netif_running(dev)) {
6281 			cfg80211_unlock_rdev(rdev);
6282 			dev_put(dev);
6283 			if (rtnl)
6284 				rtnl_unlock();
6285 			return -ENETDOWN;
6286 		}
6287 		info->user_ptr[0] = rdev;
6288 		info->user_ptr[1] = dev;
6289 	}
6290 
6291 	return 0;
6292 }
6293 
6294 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
6295 			      struct genl_info *info)
6296 {
6297 	if (info->user_ptr[0])
6298 		cfg80211_unlock_rdev(info->user_ptr[0]);
6299 	if (info->user_ptr[1])
6300 		dev_put(info->user_ptr[1]);
6301 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
6302 		rtnl_unlock();
6303 }
6304 
6305 static struct genl_ops nl80211_ops[] = {
6306 	{
6307 		.cmd = NL80211_CMD_GET_WIPHY,
6308 		.doit = nl80211_get_wiphy,
6309 		.dumpit = nl80211_dump_wiphy,
6310 		.policy = nl80211_policy,
6311 		/* can be retrieved by unprivileged users */
6312 		.internal_flags = NL80211_FLAG_NEED_WIPHY,
6313 	},
6314 	{
6315 		.cmd = NL80211_CMD_SET_WIPHY,
6316 		.doit = nl80211_set_wiphy,
6317 		.policy = nl80211_policy,
6318 		.flags = GENL_ADMIN_PERM,
6319 		.internal_flags = NL80211_FLAG_NEED_RTNL,
6320 	},
6321 	{
6322 		.cmd = NL80211_CMD_GET_INTERFACE,
6323 		.doit = nl80211_get_interface,
6324 		.dumpit = nl80211_dump_interface,
6325 		.policy = nl80211_policy,
6326 		/* can be retrieved by unprivileged users */
6327 		.internal_flags = NL80211_FLAG_NEED_NETDEV,
6328 	},
6329 	{
6330 		.cmd = NL80211_CMD_SET_INTERFACE,
6331 		.doit = nl80211_set_interface,
6332 		.policy = nl80211_policy,
6333 		.flags = GENL_ADMIN_PERM,
6334 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6335 				  NL80211_FLAG_NEED_RTNL,
6336 	},
6337 	{
6338 		.cmd = NL80211_CMD_NEW_INTERFACE,
6339 		.doit = nl80211_new_interface,
6340 		.policy = nl80211_policy,
6341 		.flags = GENL_ADMIN_PERM,
6342 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6343 				  NL80211_FLAG_NEED_RTNL,
6344 	},
6345 	{
6346 		.cmd = NL80211_CMD_DEL_INTERFACE,
6347 		.doit = nl80211_del_interface,
6348 		.policy = nl80211_policy,
6349 		.flags = GENL_ADMIN_PERM,
6350 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6351 				  NL80211_FLAG_NEED_RTNL,
6352 	},
6353 	{
6354 		.cmd = NL80211_CMD_GET_KEY,
6355 		.doit = nl80211_get_key,
6356 		.policy = nl80211_policy,
6357 		.flags = GENL_ADMIN_PERM,
6358 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6359 				  NL80211_FLAG_NEED_RTNL,
6360 	},
6361 	{
6362 		.cmd = NL80211_CMD_SET_KEY,
6363 		.doit = nl80211_set_key,
6364 		.policy = nl80211_policy,
6365 		.flags = GENL_ADMIN_PERM,
6366 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6367 				  NL80211_FLAG_NEED_RTNL,
6368 	},
6369 	{
6370 		.cmd = NL80211_CMD_NEW_KEY,
6371 		.doit = nl80211_new_key,
6372 		.policy = nl80211_policy,
6373 		.flags = GENL_ADMIN_PERM,
6374 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6375 				  NL80211_FLAG_NEED_RTNL,
6376 	},
6377 	{
6378 		.cmd = NL80211_CMD_DEL_KEY,
6379 		.doit = nl80211_del_key,
6380 		.policy = nl80211_policy,
6381 		.flags = GENL_ADMIN_PERM,
6382 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6383 				  NL80211_FLAG_NEED_RTNL,
6384 	},
6385 	{
6386 		.cmd = NL80211_CMD_SET_BEACON,
6387 		.policy = nl80211_policy,
6388 		.flags = GENL_ADMIN_PERM,
6389 		.doit = nl80211_set_beacon,
6390 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6391 				  NL80211_FLAG_NEED_RTNL,
6392 	},
6393 	{
6394 		.cmd = NL80211_CMD_START_AP,
6395 		.policy = nl80211_policy,
6396 		.flags = GENL_ADMIN_PERM,
6397 		.doit = nl80211_start_ap,
6398 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6399 				  NL80211_FLAG_NEED_RTNL,
6400 	},
6401 	{
6402 		.cmd = NL80211_CMD_STOP_AP,
6403 		.policy = nl80211_policy,
6404 		.flags = GENL_ADMIN_PERM,
6405 		.doit = nl80211_stop_ap,
6406 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6407 				  NL80211_FLAG_NEED_RTNL,
6408 	},
6409 	{
6410 		.cmd = NL80211_CMD_GET_STATION,
6411 		.doit = nl80211_get_station,
6412 		.dumpit = nl80211_dump_station,
6413 		.policy = nl80211_policy,
6414 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6415 				  NL80211_FLAG_NEED_RTNL,
6416 	},
6417 	{
6418 		.cmd = NL80211_CMD_SET_STATION,
6419 		.doit = nl80211_set_station,
6420 		.policy = nl80211_policy,
6421 		.flags = GENL_ADMIN_PERM,
6422 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6423 				  NL80211_FLAG_NEED_RTNL,
6424 	},
6425 	{
6426 		.cmd = NL80211_CMD_NEW_STATION,
6427 		.doit = nl80211_new_station,
6428 		.policy = nl80211_policy,
6429 		.flags = GENL_ADMIN_PERM,
6430 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6431 				  NL80211_FLAG_NEED_RTNL,
6432 	},
6433 	{
6434 		.cmd = NL80211_CMD_DEL_STATION,
6435 		.doit = nl80211_del_station,
6436 		.policy = nl80211_policy,
6437 		.flags = GENL_ADMIN_PERM,
6438 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6439 				  NL80211_FLAG_NEED_RTNL,
6440 	},
6441 	{
6442 		.cmd = NL80211_CMD_GET_MPATH,
6443 		.doit = nl80211_get_mpath,
6444 		.dumpit = nl80211_dump_mpath,
6445 		.policy = nl80211_policy,
6446 		.flags = GENL_ADMIN_PERM,
6447 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6448 				  NL80211_FLAG_NEED_RTNL,
6449 	},
6450 	{
6451 		.cmd = NL80211_CMD_SET_MPATH,
6452 		.doit = nl80211_set_mpath,
6453 		.policy = nl80211_policy,
6454 		.flags = GENL_ADMIN_PERM,
6455 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6456 				  NL80211_FLAG_NEED_RTNL,
6457 	},
6458 	{
6459 		.cmd = NL80211_CMD_NEW_MPATH,
6460 		.doit = nl80211_new_mpath,
6461 		.policy = nl80211_policy,
6462 		.flags = GENL_ADMIN_PERM,
6463 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6464 				  NL80211_FLAG_NEED_RTNL,
6465 	},
6466 	{
6467 		.cmd = NL80211_CMD_DEL_MPATH,
6468 		.doit = nl80211_del_mpath,
6469 		.policy = nl80211_policy,
6470 		.flags = GENL_ADMIN_PERM,
6471 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6472 				  NL80211_FLAG_NEED_RTNL,
6473 	},
6474 	{
6475 		.cmd = NL80211_CMD_SET_BSS,
6476 		.doit = nl80211_set_bss,
6477 		.policy = nl80211_policy,
6478 		.flags = GENL_ADMIN_PERM,
6479 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6480 				  NL80211_FLAG_NEED_RTNL,
6481 	},
6482 	{
6483 		.cmd = NL80211_CMD_GET_REG,
6484 		.doit = nl80211_get_reg,
6485 		.policy = nl80211_policy,
6486 		/* can be retrieved by unprivileged users */
6487 	},
6488 	{
6489 		.cmd = NL80211_CMD_SET_REG,
6490 		.doit = nl80211_set_reg,
6491 		.policy = nl80211_policy,
6492 		.flags = GENL_ADMIN_PERM,
6493 	},
6494 	{
6495 		.cmd = NL80211_CMD_REQ_SET_REG,
6496 		.doit = nl80211_req_set_reg,
6497 		.policy = nl80211_policy,
6498 		.flags = GENL_ADMIN_PERM,
6499 	},
6500 	{
6501 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
6502 		.doit = nl80211_get_mesh_config,
6503 		.policy = nl80211_policy,
6504 		/* can be retrieved by unprivileged users */
6505 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6506 				  NL80211_FLAG_NEED_RTNL,
6507 	},
6508 	{
6509 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
6510 		.doit = nl80211_update_mesh_config,
6511 		.policy = nl80211_policy,
6512 		.flags = GENL_ADMIN_PERM,
6513 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6514 				  NL80211_FLAG_NEED_RTNL,
6515 	},
6516 	{
6517 		.cmd = NL80211_CMD_TRIGGER_SCAN,
6518 		.doit = nl80211_trigger_scan,
6519 		.policy = nl80211_policy,
6520 		.flags = GENL_ADMIN_PERM,
6521 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6522 				  NL80211_FLAG_NEED_RTNL,
6523 	},
6524 	{
6525 		.cmd = NL80211_CMD_GET_SCAN,
6526 		.policy = nl80211_policy,
6527 		.dumpit = nl80211_dump_scan,
6528 	},
6529 	{
6530 		.cmd = NL80211_CMD_START_SCHED_SCAN,
6531 		.doit = nl80211_start_sched_scan,
6532 		.policy = nl80211_policy,
6533 		.flags = GENL_ADMIN_PERM,
6534 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6535 				  NL80211_FLAG_NEED_RTNL,
6536 	},
6537 	{
6538 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
6539 		.doit = nl80211_stop_sched_scan,
6540 		.policy = nl80211_policy,
6541 		.flags = GENL_ADMIN_PERM,
6542 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6543 				  NL80211_FLAG_NEED_RTNL,
6544 	},
6545 	{
6546 		.cmd = NL80211_CMD_AUTHENTICATE,
6547 		.doit = nl80211_authenticate,
6548 		.policy = nl80211_policy,
6549 		.flags = GENL_ADMIN_PERM,
6550 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6551 				  NL80211_FLAG_NEED_RTNL,
6552 	},
6553 	{
6554 		.cmd = NL80211_CMD_ASSOCIATE,
6555 		.doit = nl80211_associate,
6556 		.policy = nl80211_policy,
6557 		.flags = GENL_ADMIN_PERM,
6558 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6559 				  NL80211_FLAG_NEED_RTNL,
6560 	},
6561 	{
6562 		.cmd = NL80211_CMD_DEAUTHENTICATE,
6563 		.doit = nl80211_deauthenticate,
6564 		.policy = nl80211_policy,
6565 		.flags = GENL_ADMIN_PERM,
6566 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6567 				  NL80211_FLAG_NEED_RTNL,
6568 	},
6569 	{
6570 		.cmd = NL80211_CMD_DISASSOCIATE,
6571 		.doit = nl80211_disassociate,
6572 		.policy = nl80211_policy,
6573 		.flags = GENL_ADMIN_PERM,
6574 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6575 				  NL80211_FLAG_NEED_RTNL,
6576 	},
6577 	{
6578 		.cmd = NL80211_CMD_JOIN_IBSS,
6579 		.doit = nl80211_join_ibss,
6580 		.policy = nl80211_policy,
6581 		.flags = GENL_ADMIN_PERM,
6582 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6583 				  NL80211_FLAG_NEED_RTNL,
6584 	},
6585 	{
6586 		.cmd = NL80211_CMD_LEAVE_IBSS,
6587 		.doit = nl80211_leave_ibss,
6588 		.policy = nl80211_policy,
6589 		.flags = GENL_ADMIN_PERM,
6590 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6591 				  NL80211_FLAG_NEED_RTNL,
6592 	},
6593 #ifdef CONFIG_NL80211_TESTMODE
6594 	{
6595 		.cmd = NL80211_CMD_TESTMODE,
6596 		.doit = nl80211_testmode_do,
6597 		.dumpit = nl80211_testmode_dump,
6598 		.policy = nl80211_policy,
6599 		.flags = GENL_ADMIN_PERM,
6600 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6601 				  NL80211_FLAG_NEED_RTNL,
6602 	},
6603 #endif
6604 	{
6605 		.cmd = NL80211_CMD_CONNECT,
6606 		.doit = nl80211_connect,
6607 		.policy = nl80211_policy,
6608 		.flags = GENL_ADMIN_PERM,
6609 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6610 				  NL80211_FLAG_NEED_RTNL,
6611 	},
6612 	{
6613 		.cmd = NL80211_CMD_DISCONNECT,
6614 		.doit = nl80211_disconnect,
6615 		.policy = nl80211_policy,
6616 		.flags = GENL_ADMIN_PERM,
6617 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6618 				  NL80211_FLAG_NEED_RTNL,
6619 	},
6620 	{
6621 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
6622 		.doit = nl80211_wiphy_netns,
6623 		.policy = nl80211_policy,
6624 		.flags = GENL_ADMIN_PERM,
6625 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6626 				  NL80211_FLAG_NEED_RTNL,
6627 	},
6628 	{
6629 		.cmd = NL80211_CMD_GET_SURVEY,
6630 		.policy = nl80211_policy,
6631 		.dumpit = nl80211_dump_survey,
6632 	},
6633 	{
6634 		.cmd = NL80211_CMD_SET_PMKSA,
6635 		.doit = nl80211_setdel_pmksa,
6636 		.policy = nl80211_policy,
6637 		.flags = GENL_ADMIN_PERM,
6638 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6639 				  NL80211_FLAG_NEED_RTNL,
6640 	},
6641 	{
6642 		.cmd = NL80211_CMD_DEL_PMKSA,
6643 		.doit = nl80211_setdel_pmksa,
6644 		.policy = nl80211_policy,
6645 		.flags = GENL_ADMIN_PERM,
6646 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6647 				  NL80211_FLAG_NEED_RTNL,
6648 	},
6649 	{
6650 		.cmd = NL80211_CMD_FLUSH_PMKSA,
6651 		.doit = nl80211_flush_pmksa,
6652 		.policy = nl80211_policy,
6653 		.flags = GENL_ADMIN_PERM,
6654 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6655 				  NL80211_FLAG_NEED_RTNL,
6656 	},
6657 	{
6658 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
6659 		.doit = nl80211_remain_on_channel,
6660 		.policy = nl80211_policy,
6661 		.flags = GENL_ADMIN_PERM,
6662 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6663 				  NL80211_FLAG_NEED_RTNL,
6664 	},
6665 	{
6666 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
6667 		.doit = nl80211_cancel_remain_on_channel,
6668 		.policy = nl80211_policy,
6669 		.flags = GENL_ADMIN_PERM,
6670 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6671 				  NL80211_FLAG_NEED_RTNL,
6672 	},
6673 	{
6674 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
6675 		.doit = nl80211_set_tx_bitrate_mask,
6676 		.policy = nl80211_policy,
6677 		.flags = GENL_ADMIN_PERM,
6678 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6679 				  NL80211_FLAG_NEED_RTNL,
6680 	},
6681 	{
6682 		.cmd = NL80211_CMD_REGISTER_FRAME,
6683 		.doit = nl80211_register_mgmt,
6684 		.policy = nl80211_policy,
6685 		.flags = GENL_ADMIN_PERM,
6686 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6687 				  NL80211_FLAG_NEED_RTNL,
6688 	},
6689 	{
6690 		.cmd = NL80211_CMD_FRAME,
6691 		.doit = nl80211_tx_mgmt,
6692 		.policy = nl80211_policy,
6693 		.flags = GENL_ADMIN_PERM,
6694 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6695 				  NL80211_FLAG_NEED_RTNL,
6696 	},
6697 	{
6698 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
6699 		.doit = nl80211_tx_mgmt_cancel_wait,
6700 		.policy = nl80211_policy,
6701 		.flags = GENL_ADMIN_PERM,
6702 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6703 				  NL80211_FLAG_NEED_RTNL,
6704 	},
6705 	{
6706 		.cmd = NL80211_CMD_SET_POWER_SAVE,
6707 		.doit = nl80211_set_power_save,
6708 		.policy = nl80211_policy,
6709 		.flags = GENL_ADMIN_PERM,
6710 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6711 				  NL80211_FLAG_NEED_RTNL,
6712 	},
6713 	{
6714 		.cmd = NL80211_CMD_GET_POWER_SAVE,
6715 		.doit = nl80211_get_power_save,
6716 		.policy = nl80211_policy,
6717 		/* can be retrieved by unprivileged users */
6718 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6719 				  NL80211_FLAG_NEED_RTNL,
6720 	},
6721 	{
6722 		.cmd = NL80211_CMD_SET_CQM,
6723 		.doit = nl80211_set_cqm,
6724 		.policy = nl80211_policy,
6725 		.flags = GENL_ADMIN_PERM,
6726 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6727 				  NL80211_FLAG_NEED_RTNL,
6728 	},
6729 	{
6730 		.cmd = NL80211_CMD_SET_CHANNEL,
6731 		.doit = nl80211_set_channel,
6732 		.policy = nl80211_policy,
6733 		.flags = GENL_ADMIN_PERM,
6734 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6735 				  NL80211_FLAG_NEED_RTNL,
6736 	},
6737 	{
6738 		.cmd = NL80211_CMD_SET_WDS_PEER,
6739 		.doit = nl80211_set_wds_peer,
6740 		.policy = nl80211_policy,
6741 		.flags = GENL_ADMIN_PERM,
6742 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6743 				  NL80211_FLAG_NEED_RTNL,
6744 	},
6745 	{
6746 		.cmd = NL80211_CMD_JOIN_MESH,
6747 		.doit = nl80211_join_mesh,
6748 		.policy = nl80211_policy,
6749 		.flags = GENL_ADMIN_PERM,
6750 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6751 				  NL80211_FLAG_NEED_RTNL,
6752 	},
6753 	{
6754 		.cmd = NL80211_CMD_LEAVE_MESH,
6755 		.doit = nl80211_leave_mesh,
6756 		.policy = nl80211_policy,
6757 		.flags = GENL_ADMIN_PERM,
6758 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6759 				  NL80211_FLAG_NEED_RTNL,
6760 	},
6761 	{
6762 		.cmd = NL80211_CMD_GET_WOWLAN,
6763 		.doit = nl80211_get_wowlan,
6764 		.policy = nl80211_policy,
6765 		/* can be retrieved by unprivileged users */
6766 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6767 				  NL80211_FLAG_NEED_RTNL,
6768 	},
6769 	{
6770 		.cmd = NL80211_CMD_SET_WOWLAN,
6771 		.doit = nl80211_set_wowlan,
6772 		.policy = nl80211_policy,
6773 		.flags = GENL_ADMIN_PERM,
6774 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6775 				  NL80211_FLAG_NEED_RTNL,
6776 	},
6777 	{
6778 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
6779 		.doit = nl80211_set_rekey_data,
6780 		.policy = nl80211_policy,
6781 		.flags = GENL_ADMIN_PERM,
6782 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6783 				  NL80211_FLAG_NEED_RTNL,
6784 	},
6785 	{
6786 		.cmd = NL80211_CMD_TDLS_MGMT,
6787 		.doit = nl80211_tdls_mgmt,
6788 		.policy = nl80211_policy,
6789 		.flags = GENL_ADMIN_PERM,
6790 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6791 				  NL80211_FLAG_NEED_RTNL,
6792 	},
6793 	{
6794 		.cmd = NL80211_CMD_TDLS_OPER,
6795 		.doit = nl80211_tdls_oper,
6796 		.policy = nl80211_policy,
6797 		.flags = GENL_ADMIN_PERM,
6798 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6799 				  NL80211_FLAG_NEED_RTNL,
6800 	},
6801 	{
6802 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
6803 		.doit = nl80211_register_unexpected_frame,
6804 		.policy = nl80211_policy,
6805 		.flags = GENL_ADMIN_PERM,
6806 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6807 				  NL80211_FLAG_NEED_RTNL,
6808 	},
6809 	{
6810 		.cmd = NL80211_CMD_PROBE_CLIENT,
6811 		.doit = nl80211_probe_client,
6812 		.policy = nl80211_policy,
6813 		.flags = GENL_ADMIN_PERM,
6814 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6815 				  NL80211_FLAG_NEED_RTNL,
6816 	},
6817 	{
6818 		.cmd = NL80211_CMD_REGISTER_BEACONS,
6819 		.doit = nl80211_register_beacons,
6820 		.policy = nl80211_policy,
6821 		.flags = GENL_ADMIN_PERM,
6822 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
6823 				  NL80211_FLAG_NEED_RTNL,
6824 	},
6825 	{
6826 		.cmd = NL80211_CMD_SET_NOACK_MAP,
6827 		.doit = nl80211_set_noack_map,
6828 		.policy = nl80211_policy,
6829 		.flags = GENL_ADMIN_PERM,
6830 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
6831 				  NL80211_FLAG_NEED_RTNL,
6832 	},
6833 
6834 };
6835 
6836 static struct genl_multicast_group nl80211_mlme_mcgrp = {
6837 	.name = "mlme",
6838 };
6839 
6840 /* multicast groups */
6841 static struct genl_multicast_group nl80211_config_mcgrp = {
6842 	.name = "config",
6843 };
6844 static struct genl_multicast_group nl80211_scan_mcgrp = {
6845 	.name = "scan",
6846 };
6847 static struct genl_multicast_group nl80211_regulatory_mcgrp = {
6848 	.name = "regulatory",
6849 };
6850 
6851 /* notification functions */
6852 
6853 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
6854 {
6855 	struct sk_buff *msg;
6856 
6857 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6858 	if (!msg)
6859 		return;
6860 
6861 	if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
6862 		nlmsg_free(msg);
6863 		return;
6864 	}
6865 
6866 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6867 				nl80211_config_mcgrp.id, GFP_KERNEL);
6868 }
6869 
6870 static int nl80211_add_scan_req(struct sk_buff *msg,
6871 				struct cfg80211_registered_device *rdev)
6872 {
6873 	struct cfg80211_scan_request *req = rdev->scan_req;
6874 	struct nlattr *nest;
6875 	int i;
6876 
6877 	ASSERT_RDEV_LOCK(rdev);
6878 
6879 	if (WARN_ON(!req))
6880 		return 0;
6881 
6882 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
6883 	if (!nest)
6884 		goto nla_put_failure;
6885 	for (i = 0; i < req->n_ssids; i++)
6886 		NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid);
6887 	nla_nest_end(msg, nest);
6888 
6889 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
6890 	if (!nest)
6891 		goto nla_put_failure;
6892 	for (i = 0; i < req->n_channels; i++)
6893 		NLA_PUT_U32(msg, i, req->channels[i]->center_freq);
6894 	nla_nest_end(msg, nest);
6895 
6896 	if (req->ie)
6897 		NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie);
6898 
6899 	return 0;
6900  nla_put_failure:
6901 	return -ENOBUFS;
6902 }
6903 
6904 static int nl80211_send_scan_msg(struct sk_buff *msg,
6905 				 struct cfg80211_registered_device *rdev,
6906 				 struct net_device *netdev,
6907 				 u32 pid, u32 seq, int flags,
6908 				 u32 cmd)
6909 {
6910 	void *hdr;
6911 
6912 	hdr = nl80211hdr_put(msg, pid, seq, flags, cmd);
6913 	if (!hdr)
6914 		return -1;
6915 
6916 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
6917 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6918 
6919 	/* ignore errors and send incomplete event anyway */
6920 	nl80211_add_scan_req(msg, rdev);
6921 
6922 	return genlmsg_end(msg, hdr);
6923 
6924  nla_put_failure:
6925 	genlmsg_cancel(msg, hdr);
6926 	return -EMSGSIZE;
6927 }
6928 
6929 static int
6930 nl80211_send_sched_scan_msg(struct sk_buff *msg,
6931 			    struct cfg80211_registered_device *rdev,
6932 			    struct net_device *netdev,
6933 			    u32 pid, u32 seq, int flags, u32 cmd)
6934 {
6935 	void *hdr;
6936 
6937 	hdr = nl80211hdr_put(msg, pid, seq, flags, cmd);
6938 	if (!hdr)
6939 		return -1;
6940 
6941 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
6942 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6943 
6944 	return genlmsg_end(msg, hdr);
6945 
6946  nla_put_failure:
6947 	genlmsg_cancel(msg, hdr);
6948 	return -EMSGSIZE;
6949 }
6950 
6951 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
6952 			     struct net_device *netdev)
6953 {
6954 	struct sk_buff *msg;
6955 
6956 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
6957 	if (!msg)
6958 		return;
6959 
6960 	if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
6961 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
6962 		nlmsg_free(msg);
6963 		return;
6964 	}
6965 
6966 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6967 				nl80211_scan_mcgrp.id, GFP_KERNEL);
6968 }
6969 
6970 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
6971 			    struct net_device *netdev)
6972 {
6973 	struct sk_buff *msg;
6974 
6975 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6976 	if (!msg)
6977 		return;
6978 
6979 	if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
6980 				  NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
6981 		nlmsg_free(msg);
6982 		return;
6983 	}
6984 
6985 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6986 				nl80211_scan_mcgrp.id, GFP_KERNEL);
6987 }
6988 
6989 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
6990 			       struct net_device *netdev)
6991 {
6992 	struct sk_buff *msg;
6993 
6994 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6995 	if (!msg)
6996 		return;
6997 
6998 	if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
6999 				  NL80211_CMD_SCAN_ABORTED) < 0) {
7000 		nlmsg_free(msg);
7001 		return;
7002 	}
7003 
7004 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7005 				nl80211_scan_mcgrp.id, GFP_KERNEL);
7006 }
7007 
7008 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
7009 				     struct net_device *netdev)
7010 {
7011 	struct sk_buff *msg;
7012 
7013 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7014 	if (!msg)
7015 		return;
7016 
7017 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
7018 					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
7019 		nlmsg_free(msg);
7020 		return;
7021 	}
7022 
7023 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7024 				nl80211_scan_mcgrp.id, GFP_KERNEL);
7025 }
7026 
7027 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
7028 			     struct net_device *netdev, u32 cmd)
7029 {
7030 	struct sk_buff *msg;
7031 
7032 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
7033 	if (!msg)
7034 		return;
7035 
7036 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
7037 		nlmsg_free(msg);
7038 		return;
7039 	}
7040 
7041 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7042 				nl80211_scan_mcgrp.id, GFP_KERNEL);
7043 }
7044 
7045 /*
7046  * This can happen on global regulatory changes or device specific settings
7047  * based on custom world regulatory domains.
7048  */
7049 void nl80211_send_reg_change_event(struct regulatory_request *request)
7050 {
7051 	struct sk_buff *msg;
7052 	void *hdr;
7053 
7054 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7055 	if (!msg)
7056 		return;
7057 
7058 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
7059 	if (!hdr) {
7060 		nlmsg_free(msg);
7061 		return;
7062 	}
7063 
7064 	/* Userspace can always count this one always being set */
7065 	NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator);
7066 
7067 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0')
7068 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
7069 			   NL80211_REGDOM_TYPE_WORLD);
7070 	else if (request->alpha2[0] == '9' && request->alpha2[1] == '9')
7071 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
7072 			   NL80211_REGDOM_TYPE_CUSTOM_WORLD);
7073 	else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
7074 		 request->intersect)
7075 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
7076 			   NL80211_REGDOM_TYPE_INTERSECTION);
7077 	else {
7078 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
7079 			   NL80211_REGDOM_TYPE_COUNTRY);
7080 		NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2);
7081 	}
7082 
7083 	if (wiphy_idx_valid(request->wiphy_idx))
7084 		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx);
7085 
7086 	genlmsg_end(msg, hdr);
7087 
7088 	rcu_read_lock();
7089 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
7090 				GFP_ATOMIC);
7091 	rcu_read_unlock();
7092 
7093 	return;
7094 
7095 nla_put_failure:
7096 	genlmsg_cancel(msg, hdr);
7097 	nlmsg_free(msg);
7098 }
7099 
7100 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
7101 				    struct net_device *netdev,
7102 				    const u8 *buf, size_t len,
7103 				    enum nl80211_commands cmd, gfp_t gfp)
7104 {
7105 	struct sk_buff *msg;
7106 	void *hdr;
7107 
7108 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7109 	if (!msg)
7110 		return;
7111 
7112 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
7113 	if (!hdr) {
7114 		nlmsg_free(msg);
7115 		return;
7116 	}
7117 
7118 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7119 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7120 	NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
7121 
7122 	genlmsg_end(msg, hdr);
7123 
7124 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7125 				nl80211_mlme_mcgrp.id, gfp);
7126 	return;
7127 
7128  nla_put_failure:
7129 	genlmsg_cancel(msg, hdr);
7130 	nlmsg_free(msg);
7131 }
7132 
7133 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
7134 			  struct net_device *netdev, const u8 *buf,
7135 			  size_t len, gfp_t gfp)
7136 {
7137 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7138 				NL80211_CMD_AUTHENTICATE, gfp);
7139 }
7140 
7141 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
7142 			   struct net_device *netdev, const u8 *buf,
7143 			   size_t len, gfp_t gfp)
7144 {
7145 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7146 				NL80211_CMD_ASSOCIATE, gfp);
7147 }
7148 
7149 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
7150 			 struct net_device *netdev, const u8 *buf,
7151 			 size_t len, gfp_t gfp)
7152 {
7153 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7154 				NL80211_CMD_DEAUTHENTICATE, gfp);
7155 }
7156 
7157 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
7158 			   struct net_device *netdev, const u8 *buf,
7159 			   size_t len, gfp_t gfp)
7160 {
7161 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7162 				NL80211_CMD_DISASSOCIATE, gfp);
7163 }
7164 
7165 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev,
7166 				struct net_device *netdev, const u8 *buf,
7167 				size_t len, gfp_t gfp)
7168 {
7169 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7170 				NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp);
7171 }
7172 
7173 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev,
7174 				  struct net_device *netdev, const u8 *buf,
7175 				  size_t len, gfp_t gfp)
7176 {
7177 	nl80211_send_mlme_event(rdev, netdev, buf, len,
7178 				NL80211_CMD_UNPROT_DISASSOCIATE, gfp);
7179 }
7180 
7181 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
7182 				      struct net_device *netdev, int cmd,
7183 				      const u8 *addr, gfp_t gfp)
7184 {
7185 	struct sk_buff *msg;
7186 	void *hdr;
7187 
7188 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7189 	if (!msg)
7190 		return;
7191 
7192 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
7193 	if (!hdr) {
7194 		nlmsg_free(msg);
7195 		return;
7196 	}
7197 
7198 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7199 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7200 	NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT);
7201 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7202 
7203 	genlmsg_end(msg, hdr);
7204 
7205 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7206 				nl80211_mlme_mcgrp.id, gfp);
7207 	return;
7208 
7209  nla_put_failure:
7210 	genlmsg_cancel(msg, hdr);
7211 	nlmsg_free(msg);
7212 }
7213 
7214 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
7215 			       struct net_device *netdev, const u8 *addr,
7216 			       gfp_t gfp)
7217 {
7218 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
7219 				  addr, gfp);
7220 }
7221 
7222 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
7223 				struct net_device *netdev, const u8 *addr,
7224 				gfp_t gfp)
7225 {
7226 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
7227 				  addr, gfp);
7228 }
7229 
7230 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
7231 				 struct net_device *netdev, const u8 *bssid,
7232 				 const u8 *req_ie, size_t req_ie_len,
7233 				 const u8 *resp_ie, size_t resp_ie_len,
7234 				 u16 status, gfp_t gfp)
7235 {
7236 	struct sk_buff *msg;
7237 	void *hdr;
7238 
7239 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7240 	if (!msg)
7241 		return;
7242 
7243 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
7244 	if (!hdr) {
7245 		nlmsg_free(msg);
7246 		return;
7247 	}
7248 
7249 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7250 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7251 	if (bssid)
7252 		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
7253 	NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status);
7254 	if (req_ie)
7255 		NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
7256 	if (resp_ie)
7257 		NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
7258 
7259 	genlmsg_end(msg, hdr);
7260 
7261 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7262 				nl80211_mlme_mcgrp.id, gfp);
7263 	return;
7264 
7265  nla_put_failure:
7266 	genlmsg_cancel(msg, hdr);
7267 	nlmsg_free(msg);
7268 
7269 }
7270 
7271 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
7272 			 struct net_device *netdev, const u8 *bssid,
7273 			 const u8 *req_ie, size_t req_ie_len,
7274 			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
7275 {
7276 	struct sk_buff *msg;
7277 	void *hdr;
7278 
7279 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7280 	if (!msg)
7281 		return;
7282 
7283 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
7284 	if (!hdr) {
7285 		nlmsg_free(msg);
7286 		return;
7287 	}
7288 
7289 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7290 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7291 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
7292 	if (req_ie)
7293 		NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
7294 	if (resp_ie)
7295 		NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
7296 
7297 	genlmsg_end(msg, hdr);
7298 
7299 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7300 				nl80211_mlme_mcgrp.id, gfp);
7301 	return;
7302 
7303  nla_put_failure:
7304 	genlmsg_cancel(msg, hdr);
7305 	nlmsg_free(msg);
7306 
7307 }
7308 
7309 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
7310 			       struct net_device *netdev, u16 reason,
7311 			       const u8 *ie, size_t ie_len, bool from_ap)
7312 {
7313 	struct sk_buff *msg;
7314 	void *hdr;
7315 
7316 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
7317 	if (!msg)
7318 		return;
7319 
7320 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
7321 	if (!hdr) {
7322 		nlmsg_free(msg);
7323 		return;
7324 	}
7325 
7326 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7327 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7328 	if (from_ap && reason)
7329 		NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason);
7330 	if (from_ap)
7331 		NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP);
7332 	if (ie)
7333 		NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie);
7334 
7335 	genlmsg_end(msg, hdr);
7336 
7337 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7338 				nl80211_mlme_mcgrp.id, GFP_KERNEL);
7339 	return;
7340 
7341  nla_put_failure:
7342 	genlmsg_cancel(msg, hdr);
7343 	nlmsg_free(msg);
7344 
7345 }
7346 
7347 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
7348 			     struct net_device *netdev, const u8 *bssid,
7349 			     gfp_t gfp)
7350 {
7351 	struct sk_buff *msg;
7352 	void *hdr;
7353 
7354 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7355 	if (!msg)
7356 		return;
7357 
7358 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
7359 	if (!hdr) {
7360 		nlmsg_free(msg);
7361 		return;
7362 	}
7363 
7364 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7365 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7366 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
7367 
7368 	genlmsg_end(msg, hdr);
7369 
7370 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7371 				nl80211_mlme_mcgrp.id, gfp);
7372 	return;
7373 
7374  nla_put_failure:
7375 	genlmsg_cancel(msg, hdr);
7376 	nlmsg_free(msg);
7377 }
7378 
7379 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev,
7380 		struct net_device *netdev,
7381 		const u8 *macaddr, const u8* ie, u8 ie_len,
7382 		gfp_t gfp)
7383 {
7384 	struct sk_buff *msg;
7385 	void *hdr;
7386 
7387 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7388 	if (!msg)
7389 		return;
7390 
7391 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
7392 	if (!hdr) {
7393 		nlmsg_free(msg);
7394 		return;
7395 	}
7396 
7397 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7398 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7399 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr);
7400 	if (ie_len && ie)
7401 		NLA_PUT(msg, NL80211_ATTR_IE, ie_len , ie);
7402 
7403 	genlmsg_end(msg, hdr);
7404 
7405 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7406 				nl80211_mlme_mcgrp.id, gfp);
7407 	return;
7408 
7409  nla_put_failure:
7410 	genlmsg_cancel(msg, hdr);
7411 	nlmsg_free(msg);
7412 }
7413 
7414 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
7415 				 struct net_device *netdev, const u8 *addr,
7416 				 enum nl80211_key_type key_type, int key_id,
7417 				 const u8 *tsc, gfp_t gfp)
7418 {
7419 	struct sk_buff *msg;
7420 	void *hdr;
7421 
7422 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7423 	if (!msg)
7424 		return;
7425 
7426 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
7427 	if (!hdr) {
7428 		nlmsg_free(msg);
7429 		return;
7430 	}
7431 
7432 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7433 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7434 	if (addr)
7435 		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7436 	NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type);
7437 	if (key_id != -1)
7438 		NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id);
7439 	if (tsc)
7440 		NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc);
7441 
7442 	genlmsg_end(msg, hdr);
7443 
7444 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7445 				nl80211_mlme_mcgrp.id, gfp);
7446 	return;
7447 
7448  nla_put_failure:
7449 	genlmsg_cancel(msg, hdr);
7450 	nlmsg_free(msg);
7451 }
7452 
7453 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
7454 				    struct ieee80211_channel *channel_before,
7455 				    struct ieee80211_channel *channel_after)
7456 {
7457 	struct sk_buff *msg;
7458 	void *hdr;
7459 	struct nlattr *nl_freq;
7460 
7461 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
7462 	if (!msg)
7463 		return;
7464 
7465 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
7466 	if (!hdr) {
7467 		nlmsg_free(msg);
7468 		return;
7469 	}
7470 
7471 	/*
7472 	 * Since we are applying the beacon hint to a wiphy we know its
7473 	 * wiphy_idx is valid
7474 	 */
7475 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy));
7476 
7477 	/* Before */
7478 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
7479 	if (!nl_freq)
7480 		goto nla_put_failure;
7481 	if (nl80211_msg_put_channel(msg, channel_before))
7482 		goto nla_put_failure;
7483 	nla_nest_end(msg, nl_freq);
7484 
7485 	/* After */
7486 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
7487 	if (!nl_freq)
7488 		goto nla_put_failure;
7489 	if (nl80211_msg_put_channel(msg, channel_after))
7490 		goto nla_put_failure;
7491 	nla_nest_end(msg, nl_freq);
7492 
7493 	genlmsg_end(msg, hdr);
7494 
7495 	rcu_read_lock();
7496 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
7497 				GFP_ATOMIC);
7498 	rcu_read_unlock();
7499 
7500 	return;
7501 
7502 nla_put_failure:
7503 	genlmsg_cancel(msg, hdr);
7504 	nlmsg_free(msg);
7505 }
7506 
7507 static void nl80211_send_remain_on_chan_event(
7508 	int cmd, struct cfg80211_registered_device *rdev,
7509 	struct net_device *netdev, u64 cookie,
7510 	struct ieee80211_channel *chan,
7511 	enum nl80211_channel_type channel_type,
7512 	unsigned int duration, gfp_t gfp)
7513 {
7514 	struct sk_buff *msg;
7515 	void *hdr;
7516 
7517 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7518 	if (!msg)
7519 		return;
7520 
7521 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
7522 	if (!hdr) {
7523 		nlmsg_free(msg);
7524 		return;
7525 	}
7526 
7527 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7528 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7529 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq);
7530 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type);
7531 	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
7532 
7533 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL)
7534 		NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
7535 
7536 	genlmsg_end(msg, hdr);
7537 
7538 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7539 				nl80211_mlme_mcgrp.id, gfp);
7540 	return;
7541 
7542  nla_put_failure:
7543 	genlmsg_cancel(msg, hdr);
7544 	nlmsg_free(msg);
7545 }
7546 
7547 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev,
7548 				    struct net_device *netdev, u64 cookie,
7549 				    struct ieee80211_channel *chan,
7550 				    enum nl80211_channel_type channel_type,
7551 				    unsigned int duration, gfp_t gfp)
7552 {
7553 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
7554 					  rdev, netdev, cookie, chan,
7555 					  channel_type, duration, gfp);
7556 }
7557 
7558 void nl80211_send_remain_on_channel_cancel(
7559 	struct cfg80211_registered_device *rdev, struct net_device *netdev,
7560 	u64 cookie, struct ieee80211_channel *chan,
7561 	enum nl80211_channel_type channel_type, gfp_t gfp)
7562 {
7563 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
7564 					  rdev, netdev, cookie, chan,
7565 					  channel_type, 0, gfp);
7566 }
7567 
7568 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev,
7569 			    struct net_device *dev, const u8 *mac_addr,
7570 			    struct station_info *sinfo, gfp_t gfp)
7571 {
7572 	struct sk_buff *msg;
7573 
7574 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7575 	if (!msg)
7576 		return;
7577 
7578 	if (nl80211_send_station(msg, 0, 0, 0, dev, mac_addr, sinfo) < 0) {
7579 		nlmsg_free(msg);
7580 		return;
7581 	}
7582 
7583 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7584 				nl80211_mlme_mcgrp.id, gfp);
7585 }
7586 
7587 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev,
7588 				struct net_device *dev, const u8 *mac_addr,
7589 				gfp_t gfp)
7590 {
7591 	struct sk_buff *msg;
7592 	void *hdr;
7593 
7594 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7595 	if (!msg)
7596 		return;
7597 
7598 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
7599 	if (!hdr) {
7600 		nlmsg_free(msg);
7601 		return;
7602 	}
7603 
7604 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
7605 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
7606 
7607 	genlmsg_end(msg, hdr);
7608 
7609 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7610 				nl80211_mlme_mcgrp.id, gfp);
7611 	return;
7612 
7613  nla_put_failure:
7614 	genlmsg_cancel(msg, hdr);
7615 	nlmsg_free(msg);
7616 }
7617 
7618 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
7619 				       const u8 *addr, gfp_t gfp)
7620 {
7621 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7622 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
7623 	struct sk_buff *msg;
7624 	void *hdr;
7625 	int err;
7626 	u32 nlpid = ACCESS_ONCE(wdev->ap_unexpected_nlpid);
7627 
7628 	if (!nlpid)
7629 		return false;
7630 
7631 	msg = nlmsg_new(100, gfp);
7632 	if (!msg)
7633 		return true;
7634 
7635 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
7636 	if (!hdr) {
7637 		nlmsg_free(msg);
7638 		return true;
7639 	}
7640 
7641 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7642 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
7643 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7644 
7645 	err = genlmsg_end(msg, hdr);
7646 	if (err < 0) {
7647 		nlmsg_free(msg);
7648 		return true;
7649 	}
7650 
7651 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
7652 	return true;
7653 
7654  nla_put_failure:
7655 	genlmsg_cancel(msg, hdr);
7656 	nlmsg_free(msg);
7657 	return true;
7658 }
7659 
7660 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp)
7661 {
7662 	return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
7663 					  addr, gfp);
7664 }
7665 
7666 bool nl80211_unexpected_4addr_frame(struct net_device *dev,
7667 				    const u8 *addr, gfp_t gfp)
7668 {
7669 	return __nl80211_unexpected_frame(dev,
7670 					  NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
7671 					  addr, gfp);
7672 }
7673 
7674 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
7675 		      struct net_device *netdev, u32 nlpid,
7676 		      int freq, const u8 *buf, size_t len, gfp_t gfp)
7677 {
7678 	struct sk_buff *msg;
7679 	void *hdr;
7680 
7681 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7682 	if (!msg)
7683 		return -ENOMEM;
7684 
7685 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
7686 	if (!hdr) {
7687 		nlmsg_free(msg);
7688 		return -ENOMEM;
7689 	}
7690 
7691 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7692 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7693 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
7694 	NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
7695 
7696 	genlmsg_end(msg, hdr);
7697 
7698 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
7699 
7700  nla_put_failure:
7701 	genlmsg_cancel(msg, hdr);
7702 	nlmsg_free(msg);
7703 	return -ENOBUFS;
7704 }
7705 
7706 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev,
7707 				 struct net_device *netdev, u64 cookie,
7708 				 const u8 *buf, size_t len, bool ack,
7709 				 gfp_t gfp)
7710 {
7711 	struct sk_buff *msg;
7712 	void *hdr;
7713 
7714 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7715 	if (!msg)
7716 		return;
7717 
7718 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
7719 	if (!hdr) {
7720 		nlmsg_free(msg);
7721 		return;
7722 	}
7723 
7724 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7725 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7726 	NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
7727 	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
7728 	if (ack)
7729 		NLA_PUT_FLAG(msg, NL80211_ATTR_ACK);
7730 
7731 	genlmsg_end(msg, hdr);
7732 
7733 	genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
7734 	return;
7735 
7736  nla_put_failure:
7737 	genlmsg_cancel(msg, hdr);
7738 	nlmsg_free(msg);
7739 }
7740 
7741 void
7742 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev,
7743 			     struct net_device *netdev,
7744 			     enum nl80211_cqm_rssi_threshold_event rssi_event,
7745 			     gfp_t gfp)
7746 {
7747 	struct sk_buff *msg;
7748 	struct nlattr *pinfoattr;
7749 	void *hdr;
7750 
7751 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7752 	if (!msg)
7753 		return;
7754 
7755 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
7756 	if (!hdr) {
7757 		nlmsg_free(msg);
7758 		return;
7759 	}
7760 
7761 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7762 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7763 
7764 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
7765 	if (!pinfoattr)
7766 		goto nla_put_failure;
7767 
7768 	NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
7769 		    rssi_event);
7770 
7771 	nla_nest_end(msg, pinfoattr);
7772 
7773 	genlmsg_end(msg, hdr);
7774 
7775 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7776 				nl80211_mlme_mcgrp.id, gfp);
7777 	return;
7778 
7779  nla_put_failure:
7780 	genlmsg_cancel(msg, hdr);
7781 	nlmsg_free(msg);
7782 }
7783 
7784 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
7785 			      struct net_device *netdev, const u8 *bssid,
7786 			      const u8 *replay_ctr, gfp_t gfp)
7787 {
7788 	struct sk_buff *msg;
7789 	struct nlattr *rekey_attr;
7790 	void *hdr;
7791 
7792 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7793 	if (!msg)
7794 		return;
7795 
7796 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
7797 	if (!hdr) {
7798 		nlmsg_free(msg);
7799 		return;
7800 	}
7801 
7802 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7803 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7804 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
7805 
7806 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
7807 	if (!rekey_attr)
7808 		goto nla_put_failure;
7809 
7810 	NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR,
7811 		NL80211_REPLAY_CTR_LEN, replay_ctr);
7812 
7813 	nla_nest_end(msg, rekey_attr);
7814 
7815 	genlmsg_end(msg, hdr);
7816 
7817 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7818 				nl80211_mlme_mcgrp.id, gfp);
7819 	return;
7820 
7821  nla_put_failure:
7822 	genlmsg_cancel(msg, hdr);
7823 	nlmsg_free(msg);
7824 }
7825 
7826 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
7827 				    struct net_device *netdev, int index,
7828 				    const u8 *bssid, bool preauth, gfp_t gfp)
7829 {
7830 	struct sk_buff *msg;
7831 	struct nlattr *attr;
7832 	void *hdr;
7833 
7834 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7835 	if (!msg)
7836 		return;
7837 
7838 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
7839 	if (!hdr) {
7840 		nlmsg_free(msg);
7841 		return;
7842 	}
7843 
7844 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7845 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7846 
7847 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
7848 	if (!attr)
7849 		goto nla_put_failure;
7850 
7851 	NLA_PUT_U32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index);
7852 	NLA_PUT(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid);
7853 	if (preauth)
7854 		NLA_PUT_FLAG(msg, NL80211_PMKSA_CANDIDATE_PREAUTH);
7855 
7856 	nla_nest_end(msg, attr);
7857 
7858 	genlmsg_end(msg, hdr);
7859 
7860 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7861 				nl80211_mlme_mcgrp.id, gfp);
7862 	return;
7863 
7864  nla_put_failure:
7865 	genlmsg_cancel(msg, hdr);
7866 	nlmsg_free(msg);
7867 }
7868 
7869 void
7870 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev,
7871 				struct net_device *netdev, const u8 *peer,
7872 				u32 num_packets, gfp_t gfp)
7873 {
7874 	struct sk_buff *msg;
7875 	struct nlattr *pinfoattr;
7876 	void *hdr;
7877 
7878 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7879 	if (!msg)
7880 		return;
7881 
7882 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
7883 	if (!hdr) {
7884 		nlmsg_free(msg);
7885 		return;
7886 	}
7887 
7888 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7889 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
7890 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer);
7891 
7892 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
7893 	if (!pinfoattr)
7894 		goto nla_put_failure;
7895 
7896 	NLA_PUT_U32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets);
7897 
7898 	nla_nest_end(msg, pinfoattr);
7899 
7900 	genlmsg_end(msg, hdr);
7901 
7902 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7903 				nl80211_mlme_mcgrp.id, gfp);
7904 	return;
7905 
7906  nla_put_failure:
7907 	genlmsg_cancel(msg, hdr);
7908 	nlmsg_free(msg);
7909 }
7910 
7911 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
7912 			   u64 cookie, bool acked, gfp_t gfp)
7913 {
7914 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7915 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
7916 	struct sk_buff *msg;
7917 	void *hdr;
7918 	int err;
7919 
7920 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
7921 	if (!msg)
7922 		return;
7923 
7924 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
7925 	if (!hdr) {
7926 		nlmsg_free(msg);
7927 		return;
7928 	}
7929 
7930 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7931 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
7932 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7933 	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
7934 	if (acked)
7935 		NLA_PUT_FLAG(msg, NL80211_ATTR_ACK);
7936 
7937 	err = genlmsg_end(msg, hdr);
7938 	if (err < 0) {
7939 		nlmsg_free(msg);
7940 		return;
7941 	}
7942 
7943 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7944 				nl80211_mlme_mcgrp.id, gfp);
7945 	return;
7946 
7947  nla_put_failure:
7948 	genlmsg_cancel(msg, hdr);
7949 	nlmsg_free(msg);
7950 }
7951 EXPORT_SYMBOL(cfg80211_probe_status);
7952 
7953 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
7954 				 const u8 *frame, size_t len,
7955 				 int freq, gfp_t gfp)
7956 {
7957 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
7958 	struct sk_buff *msg;
7959 	void *hdr;
7960 	u32 nlpid = ACCESS_ONCE(rdev->ap_beacons_nlpid);
7961 
7962 	if (!nlpid)
7963 		return;
7964 
7965 	msg = nlmsg_new(len + 100, gfp);
7966 	if (!msg)
7967 		return;
7968 
7969 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
7970 	if (!hdr) {
7971 		nlmsg_free(msg);
7972 		return;
7973 	}
7974 
7975 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
7976 	if (freq)
7977 		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
7978 	NLA_PUT(msg, NL80211_ATTR_FRAME, len, frame);
7979 
7980 	genlmsg_end(msg, hdr);
7981 
7982 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
7983 	return;
7984 
7985  nla_put_failure:
7986 	genlmsg_cancel(msg, hdr);
7987 	nlmsg_free(msg);
7988 }
7989 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
7990 
7991 static int nl80211_netlink_notify(struct notifier_block * nb,
7992 				  unsigned long state,
7993 				  void *_notify)
7994 {
7995 	struct netlink_notify *notify = _notify;
7996 	struct cfg80211_registered_device *rdev;
7997 	struct wireless_dev *wdev;
7998 
7999 	if (state != NETLINK_URELEASE)
8000 		return NOTIFY_DONE;
8001 
8002 	rcu_read_lock();
8003 
8004 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
8005 		list_for_each_entry_rcu(wdev, &rdev->netdev_list, list)
8006 			cfg80211_mlme_unregister_socket(wdev, notify->pid);
8007 		if (rdev->ap_beacons_nlpid == notify->pid)
8008 			rdev->ap_beacons_nlpid = 0;
8009 	}
8010 
8011 	rcu_read_unlock();
8012 
8013 	return NOTIFY_DONE;
8014 }
8015 
8016 static struct notifier_block nl80211_netlink_notifier = {
8017 	.notifier_call = nl80211_netlink_notify,
8018 };
8019 
8020 /* initialisation/exit functions */
8021 
8022 int nl80211_init(void)
8023 {
8024 	int err;
8025 
8026 	err = genl_register_family_with_ops(&nl80211_fam,
8027 		nl80211_ops, ARRAY_SIZE(nl80211_ops));
8028 	if (err)
8029 		return err;
8030 
8031 	err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
8032 	if (err)
8033 		goto err_out;
8034 
8035 	err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp);
8036 	if (err)
8037 		goto err_out;
8038 
8039 	err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp);
8040 	if (err)
8041 		goto err_out;
8042 
8043 	err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp);
8044 	if (err)
8045 		goto err_out;
8046 
8047 #ifdef CONFIG_NL80211_TESTMODE
8048 	err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp);
8049 	if (err)
8050 		goto err_out;
8051 #endif
8052 
8053 	err = netlink_register_notifier(&nl80211_netlink_notifier);
8054 	if (err)
8055 		goto err_out;
8056 
8057 	return 0;
8058  err_out:
8059 	genl_unregister_family(&nl80211_fam);
8060 	return err;
8061 }
8062 
8063 void nl80211_exit(void)
8064 {
8065 	netlink_unregister_notifier(&nl80211_netlink_notifier);
8066 	genl_unregister_family(&nl80211_fam);
8067 }
8068